IEEE IoT Webinar: Internet of Things, Architecture and Standards Q&A
IEEE IoT Webinar: Internet of Things, Architecture and Standards
August 6, 2015
This webinar presented by IEEE IoT expert Oleg Logvinov, discussed IEEE P2413 – Standard for an Architectural Framework for the Internet of Things. Oleg is Chair, IEEE P2413 Standard for an Architectural Framework for the Internet of Things Working Group, and Director of Special Assignments in STMicroelectronics’ Industrial & Power Conversion Division.
The presentation included a panel discussion with a distinguished group of IEEE IoT experts, including:
- Chuck Adams, Distinguished Standards Strategist, Huawei Technologies
- Gary Stuebing, Chief Technology and Architecture Office, Cisco Systems
- Ludwig Winkel, Fieldbus Standards Manager, Siemens AG
- Viacheslav (Slava) Zolotnikov, R&D Industrial Control Systems Security, Kaspersky Lab
After the webinar, several questions were asked of the panel and their collective input is captured here.
Q: What do you mean by “security” for a “thing”?
A: It is a part of the Quadruple Trust framework that we are developing in the P2413 Draft Standard for an Architectural Framework for the Internet of Things. Quadruple Trust includes privacy, security, safety, and protection. Specifically at the ‘thing’ level elements of Quadruple Trust include joining a network, authentication, identity management, authorization, secure communication, privacy, denial of service protection, and also a cell concept using physical security, see IEC 62443 series.
Q: What are the challenges that need to be addressed in the immediate future to get manufacturers, particularly the big manufacturers that use different approaches, on board given the proverbial horse has led the stable?
A: P2413 was launched by a group of very large companies and today the list of members includes many leading companies from around the world representing every level of the value chain. The desire to launch this project was motivated by the need to help the market to grow and scale while embracing the environment where already established technology can work with new technologies. Providing the environment where an evolutionary migration and development is possible is the key to the success of the IoT.
Q: Are there any efforts to avoid duplication of IoT standardisation efforts, since there are so many bodies already?
A: Yes, there are many bodies focusing on the IoT today. P2413 recognizes the value of many of these efforts and is focused on leveraging it. P2413 has already established a number of liaisons and cooperation agreements. The recently announced collaboration with IIC is a great example. With Standards Development Organizations (SDOs) we are trying to find clear distinctions between the efforts. In addition, many of the standards bodies have started to push their efforts into liaison agreements (e.g. ITU, IEEE, IEC, JTC 1, ETSI, oneM2M, etc.).
Q: How will governance be addressed in IoT? Gartner has stated that IoT would require multiple mini-clouds to be setup to handle the massive amounts of data in IoT, hence how will such a massive network be monitored and managed?
A: The framework architecture is the 1st approach for governance. We don’t exclude distributed systems without a single master. A subject of the IEEE P2413 project is also “systems of a system”. Opportunity exists for FOG solutions where intelligence and storage can be decentralized.
Q: Many governments are in the process of enacting legislation to regulate privacy, security, encryption, etc. Some of these have the potential for complicating interoperability. Does the group have a strategy for influencing or accomodating these efforts?
A: This process of enacting legislation to regulate topics that should be defined by SDOs is already covered by the existing application domains. What we envision is to cooperate with existing projects of SDOs and regional projects sponsored by governments to provide the multi-application domain view that is directly associated with the non-regional approach. Additionally, recognizing the existence of the gaps between policy and technology development, IEEE launched the Internet Initiative in 2014. The IEEE Internet Initiative provides a platform to connect the voice of the technical community to global policymaking for Internet governance, cybersecurity, and privacy to inform debate and decisions and to help ensure trustworthy technology solutions and best practices.
Q: You mentioned hybrid communications paths with some sort of selection for the proper medium. As you said, these mediums would advertise their capabilities and constraints. What about actual devices, sensors in particular.
A: Some of the actual devices already support such a mechanism; see, for example, devices conforming to IEC 62769 and the approach of IEEE 802 using MIBs. Another effort is RRS and with that the approach of a Central Coordination Point concept supported by ETSI, see ERM/TG41 and IEC, see SC65C/WG17, IEEE 1905.1.
Q: How does your framework address devices/things that don't get security right or are even malicious?
A: IEEE P2413 also deals with legacy devices or devices where technologies prevent to have security on board. For example low latency requirements combined with IEEE 802.3-based communication systems have to use a cell concept to secure the real-time traffic; see IEC 62443 series.
Q: For Quadruple Trust, can you explain and give some examples of what is meant by "protection", please?
A: Quadruple Trust addresses protection, security, privacy and safety. These are essential components of an effective IoT architecture standard and are addressed in the P2413 framework. Additionally a threat assessment construct is embodied within the P2413 framework to address impacts to service levels. Other aspects include network and protocol dependability, as well as security compliance management.
Q: Are any events/Hackathons planned in India?
A: We are in exploratory stages, but have not announced any firm plans yet.