Why standardisation of IoT security is mission-critical for a smarter future

4 mins read

The Internet of Things (IoT) industry is rapidly maturing, with IoT devices becoming more prevalent in our buildings, houses and cities and integrated into our daily lives.

As the number and types of internet protocol (IP) connected devices grows, so does the need for secure interoperability within the IoT. Without it, the increasing amount of sensitive data flowing across the internet between devices and clouds could easily end up in the wrong hands.

Tech-savvy, security-conscious users and consumers know both the risk of unsecure technology and the value of their personal data and, as such, expect complete confidence that their privacy is being respected. While a security breach of an IoT device can be devastating for a consumer, on a larger scale – such as in manufacturing or smart city deployments – a breach can be catastrophic.

Ensuring secure interoperability and communication over IP, regardless of form factor, operating system, service provider, transport technology or ecosystem, must therefore be a priority for the IoT ecosystem.

Standardising IoT security

Thankfully, there are now mature, secure IoT communications standards that can help the ecosystem overcome these challenges. By embracing these standards for developing new IoT products and services, manufacturers and developers can ensure consistent quality, security and interoperability.

One example of such standards is the Secure IP Device Framework developed by global, member-driven technical standards development organisation, the Open Connectivity Foundation (OCF). The OCF’s framework has been adopted as an ISO/IEC standard, which means that a group of global technical experts agreed to use it as a blueprint for the creation of secure and interoperable IoT technology.

Government adoption of IoT

Already we see the public sector increasingly deploy IoT technology, rolling it out in the likes of public housing and for the development of smart cities. As governments begin to assume responsibility for the associated IoT infrastructure, standardisation will become paramount. This is since, as a rule, governments prefer due process and de jure standards (i.e., those endorsed by formal organizations), as this helps to avoid proprietary lock-in and the perception of bias in selecting solutions.

The use of international standards like the OCF’s Secure IP Device Framework provide assurance of due process and the transparent development of IoT technologies. As such, in December 2021, a semi-government-owned corporation responsible for the development of land in cities, and the maintenance and management of land and housing, Korea Land and Housing Corporation (LH), announced that it had adopted the OCF’s Secure IP Device Framework as the foundation for its national Smart Home Platform.

A secure- and private-by-design IoT smart hub is being deployed in each home to collect and analyse IoT big data. It also features built-in fine dust and CO2 sensors and gives residents control of 15 different types of devices via an OCF-compliant Smart Home app. If successful, the project will continue to expand into public housing, with more than 223,000 connected households estimated by 2025.

The LH project aims to enhance residents’ living experiences through access to smart healthcare, intelligent safety systems, greater convenience through automation, and improved energy management and control. It will shape how people in Korea live and interact with their surroundings for years to come. The project also defines a framework for other countries seeking to securely digitize homes, buildings and cities to enrich living experiences for their citizens.

Building a smarter future

The OCF’s Secure IP Device Framework has already seen significant adoption in the smart home sector and proponents of the framework would like it to be recognised as the default standard for smart city infrastructure. In fact, the OCF recently took an important step in this regard, entering into a mutually beneficial partnership with FIWARE Foundation, an open standards non-profit organisation.

The partnership with FIWARE demonstrates the OCF’s ability to offer specifications for smart city infrastructure. Both sets of members have gained increased access to over 800 smart data models which provide the common technical ground needed for the development of secure, interoperable IoT deployments.

OCF gained access to FIWARE’s building blocks, reference architectures and smart city and industrial models – all of which will be brought into the OCF’s ISO/IEC standard over time. In return, FIWARE members gain access to OCF’s smart home and smart building data models for use cases such as air quality testing, carbon dioxide detection and blood pressure monitoring. FIWARE also now offers OCF’s Secure IP Device Framework to allow developers and manufacturers to compile their compliance to IoT security baselines around the world.

Smart city infrastructure

Another benefit of the FIWARE-OCF partnership is its ability to prevent smart city technology from developing in domain silos that inhibit them from connecting with other devices and clouds. For example, traffic management systems and pollution monitoring systems have not necessarily been designed to interoperate seamlessly.

By using IP-based technologies, such as the OCF’s Secure IP Device Framework, and well-defined and adopted smart city data models, such as those from FIWARE, the barriers of communication between domain silos can be broken. This process allows for much more efficient use of data. For example, it can allow urban planners to dynamically route traffic through a city in such a way as to minimize pollution. This allows multiple stakeholders to collaborate, enabling new business models and greater innovation in the field of smart cities.

Benefits of truly open IoT standards

This type of innovative collaboration only happens when smart technology developers use the blueprints provided by standards such as the OCF’s to develop new IoT devices and services. As the OCF standard is independent of any consumer ecosystem, the infrastructure and associated data can be controlled, managed and regulated according to local requirements.

Furthermore, standardisation just makes good business sense. It opens up access to new markets, reduces development costs, reduces integration complexity and time to market, simplifies regulatory compliance, enhances supply chains, and even inspires further IoT innovation.

For governments, there is a great value in IoT for the public sector – exploring and addressing urbanisation challenges, like the impact of pollution monitoring on public health, or solving problems, such as the depletion of resources and food and water shortages, to improve the lives of its inhabitants.

Yet, governments must keep security forefront when deploying IoT technology for the public good. As cybersecurity threats against public and critical infrastructure increase in number and sophistication, the introduction of IoT into this infrastructure must be fully secure. If done incorrectly, it will considerably increase vulnerabilities and even threaten national security.

When done properly, though (and according to formal standards), the benefits are considerable. Governments that are early adopters of open and secure standards will be at the forefront of smart city development. They will also accelerate economic growth, entice new business, build new supply chains, create new learning opportunities, and inspire the next generation of IoT entrepreneurs.  They also have the opportunity to foster inclusive growth through SME engagement and inspire new government-led accelerator programs and developer programs.

Ultimately, secure and open standards can multiply the beneficial impact of IoT technology by preventing proprietary models and technology ‘lock-in’. These standards also offer peace of mind to consumers and citizens alike, inspiring trust and confidence as IoT becomes more intertwined with every aspect of our personal and public lives.

The full benefits of open and secure standards are impossible to envision, but the true value of IoT will not be unlocked without them.

Author details: Brian Bishop is President of Open Connectivity Foundation