IEEE Talks IoT: David Mountain
David J. Mountain is the Senior Technical Director at the Laboratory for Physical Sciences at Research Park, a Department of Defense research lab in Catonsville, MD. The LPS-RP mission is to collaborate with industry, academia, and the government to drive innovative research that will improve advanced computing systems for a range of mission applications including cybersecurity, cryptanalysis, and complex data analytics. His responsibilities include research activities in neuromorphic computing, advanced modeling and simulation, energy efficiency, productivity, and resilience. Mr. Mountain is the author of more than two dozen technical papers, has been awarded eight patents, and is a Senior Member of the IEEE.
Question: What technologies and trends related to IoT will impact the computer industry and society in the next decade?
Mountain: When we look at where IoT is headed, and those individuals and institutions that are driving forward new applications and services, it’s clear there is measurable and significant motivation to make improvements in a number of areas. These include measures to enhance energy efficient computing and communication, including focus on developing new technologies, architectures, and protocols. Energy harvesting, as well as microbatteries and supercapacitors, and wireless energy, too, are other areas at play in the IoT arena that will make an impact.
IoT initiatives will also drive new standards development for autonomous and asynchronous communication amongst devices. Additionally, we’ll see a need to develop explicit security and privacy requirements in electronics, with a focus of also finding simple, low cost, energy efficient implementations for security. Overall IoT will also drive a need for extremely cost efficient devices, packaging, and programming.
Question: What are some of the current most relevant threats to cybersecurity as it relates to the IoT?
Mountain: When we talk about IoT, its in the context of what’s effectively a “cyber civilization”, where information sharing and professional activities like business, banking transactions, shopping, services and advertisement are increasing tied to the Internet. Over time, time web applications have gotten more complex, with rapid increase in design faults so that it’s estimated more than 90 percent web applications have some kind of design or development fault which can be exploited by cyber criminals. Clearly, this is unacceptable for developing a secure and safe IoT.
Presently, social networks, Internet connected mobile devices, individual privacy, and the online connectivity of entities, such as banks, are the most enticing targets for cyber criminals.
Question: How is IEEE Rebooting Computing involved in IoT issues and in what areas do you foresee more involvement?
Mountain: IEEE Rebooting Computing has identified three pillars as fundamental components of rebooting computing for the future. These include: Energy Efficiency, Security and Human Computer Interface. While all three pillars are important and relevant in advancing IoT initiatives, the first two perhaps being of more importance than the third.
Question: What are some other activities within IEEE that are working towards ensuring individual privacy and a secure IoT?
Mountain: IEEE’s recently launched the IEEE Internet Initiative to connect the voice of the technical community to global policymaking for Internet governance, cybersecurity, and privacy. In doing so, IEEE works to inform debates and decisions and to help ensure trustworthy technology solutions and best practices.
In 2014, the IEEE Computer Society also launched the IEEE Cybersecurity Initiative with the aim of expanding and escalating its ongoing involvement in the field of cybersecurity. One of the first steps was to launch the IEEE Center for Secure Design (CSD) with the intention of redirecting some security focus towards identifying common design flaws in the hope that software architects can learn from others' mistakes.
Question: Cybersecurity is a big issue both for businesses and individuals. What changes need to take place in how we view security that will ensure we can achieve it across integrated IoT networks?
Mountain: Effective security will require new technologies and hardware to address changing economics and shifting cultural views that will ultimately drive a need for new regulations. In particular, mobile computing on smartphones and embedded devices presents special challenges, given that security provisions must be automated and largely invisible to end users.
For IEEE there is a definitive role to play, because what’s become clear is that there is a current and growing need to establish standards and practices for authenticating identity and privilege in platforms. Standard protocols must be devised for automatic updating of security software on both recent and legacy systems, and for removing devices from the network if they become compromised.
Trust and security can be assured only if they are incorporated as standard building blocks in all devices and networks, while hardware can and should provide a minimum level of security/trust. Of course, the software environment can easily provide flexibility to create the multiple levels of trust offered by the hardware.
Inevitably, humans will be part of the security ecosystem, as designers, developers, and users (or abusers). Security must be made easy so that it will be implemented properly, and privacy policies need to be flexible and capable of being updated if necessary.