IoT Standards in 2019: Semantics, Security and Social Issues

Experts share their thoughts on the state of IoT standards in 2019.

February 14, 2019

7 Min Read
Image shows Smart city and IoT (Internet of Things) concept. ICT (Information Communication Technology).
Getty Images

By Valerie Silverthorne

The sprawling IoT market has had more than 10 years to establish standards and best practices to move it forward.

But that doesn’t mean the job is done. We asked seven experts to weigh in on the state of IoT standards in 2019 and their answers reflected both the growing maturity of the market and the continuing struggles.

There’s no question that IoT adoption is growing. Today more than 25 percent of companies are involved with the Internet of Things, according to the 2018 survey from the IoT World Today Implementation Practices Survey And nearly 30 percent of those happiest with their IoT projects said they have 100 or more IoT initiatives underway. IoT’s popularity is well matched with the wide array of standards that exist today – Postscapes identifies nearly 90 different IoT standards across eight categories that have been developed by more than 26 organizations and alliances.

It’s a complicated landscape, in part, because “you don’t know which standards you need until you know what you need,” said Industrial Internet Consortium’s Executive Director Richard Soley. “And most of the standards are developed in a vacuum.” The standards also have to cover a large number of technologies, said ARM’s Vice President for Developers Zach Shelby. “IoT is not mobile,” Shelby said. “There is not a single adjustable set of devices with a small number of operating systems and app ecosystems. We don’t have that and we never will have that because there are so many different markets with heterogeneous applications that need different types of devices and different types of connectivity. It takes an ecosystem to solve that problem.”

Start With the Basics

Luckily, the IoT ecosystem has been working for years on standards. “There are plenty of existing standards, a veritable alphabet soup of acronyms,” said Paul Bevan, research director: IT infrastructure with Bloor Research, in an email. “(The existing standards) cover the four component parts of an IoT implementation … the devices that collect data and respond to commands, the hubs that concentrate and co-ordinate local groups of devices, gateways that act as the interface to the internet and the centralized data systems. All these are covered by well-defined standards.”

But for Bevan, Shelby and other experts, the time has come to look both more broadly — at the development of sweeping reference architectures — and in a more detailed way. Bevan pointed to the IIC Reference Architecture — one developed with feedback from 26 test beds around the globe — as a commendable cross-industry standards-driven project.

Meanwhile, IEEE is working on a specific standard aimed at vertical IoT implementations. Given IoT’s scope, standards organizations have to start broadly and then drill down, explained Sri Chandrasekaran, director of standards and technology with IEEE. “Typically, once we develop an architecture for the top level, we do a deep dive into the verticals to demystify specific activities in industries like transportation, health care and retail,” Chandrasekaran said. The fundamental protocols have long been established, he said, so the time is right to expand them. In fact, IEEE’s P2413, which is currently undergoing a vote, is a standard for an IoT architectural framework that will spell out the relationships among implementations in vertical markets and expand on the existing reference architecture.

The Devil’s in the Details

More specific standards sound like a great idea, but IIC’s Soley is quick to point out the difficulties. “We’ve solved the easiest problem so far — how to get the data from here to there,” he said. “It’s much harder to solve the problem of what do those bits mean. Capturing semantics is a lot harder than moving things from here to there.” Soley sees 2019 as the year when the hard work is  begin when it comes to semantic standards, though he said the issue has been talked about for a while. Germany’s Industrie 4.0 organization is working on this problem, he said, as is the National Institute of Standards in the U.S. “But what’s really going to matter here is what manufacturers are actually going to use,” he said. “It’s always true for standards – we call it a standard but it’s only really a standard if it’s what people use.”

And what people use really is the point, Shelby stressed. “Extensions to standards are needed, but there is too much focus on standards and on protocols,” he said. “Everyone wants to create their own standards and lots of people are working on it, but it’s a little distracting when new things pop up.” Too much focus on a particular protocol takes away from the bigger picture. “Specific protocols or specific device management matters less than what we can provide at scale and make sure it works well and that the security is perfect. That matters more than protocol A or B.” 

Security Is Still a Problem

If there is one area where there is universal agreement on the need for standards and the relative lack thereof, it’s security. Joe Weiss, a consultant with Applied Control Solutions and the managing director of ISA99, industrial automation and control system cyber security, summed it up best: “It’s 2019,” he said. “How can we be in this place? We haven’t made much progress with security at all. We’ve made lots of progress monitoring the networks and almost nothing about what we were supposed to do in the first place.”

There are several problems when it comes to security and ultimately the standards related to it. The first is cost, according to Bevan. “Manufacturers of fairly simple sensors have been trying to keep costs down by using cheap, low power microprocessors which are not capable of handling the load imposed by encryption,” he said. And providing adequate security simply isn’t easy, added IEEE’s Chandrasekaran. “Right now convenience is more important,” he said.

But the stakes are too high to settle for that, said James Stogdill, a technology consultant. An IoT system with poor security and no updates that is deployed everywhere is going to mean the Internet has “an unsecure substrate that is perpetually available to bad actors,” he explained.

Standards will help, of course, but Shelby believes a more sweeping attitude change toward security needs to happen. IIC’s Soley agrees, and stressed the group’s 26 test beds build security in first.

Time to Look Inward?

With such little consistency across the standards landscape, it can be hard to see the bigger picture, said Rob Van Kranenburg, founder of Council IoT. He’s concerned that a focus just on the technology standards could leave the industry vulnerable to poor choices in other areas. Specifically, Van Kranenburg would like to see a public debate on the COEL Standard specification. “The COEL Specification ‘provides a clear and robust framework for implementing a distributed system capable of capturing data relating to an individual as discrete events,’” he wrote in an email. “’It facilitates a privacy-by-design approach for personalized digital services, IoT applications where devices are collecting information about identifiable individuals and the coding of behavioral attributes in identity solutions.’ These specifications make everyday life readable to machines (voice controllers in the home) and robots. This will lead to a further commodification of our everyday existence. Are we ready for this? Do we want that?”

Van Kranenburg wants to ask harder questions as part of his work with Council_IoT, but he also made the case for government to take a larger role in IoT standards development moving forward. This is a stance Bloor’s Bevan agrees with. He points to UL2900, a standard for device security developed by Underwriters Laboratories, that the FDA has recognized for use in medical devices. He see promise in this hybrid process. “A blended approach of bottom up development of standards and ratification and compliance legislation from the government is the way forward,” he said. Time will tell how it all works.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like