As IoT becomes more prevalent, more CIOs are asked to take the reins of IoT projects. Gartner recently found that just under a third of responding organizations expected their CIO would lead their IoT efforts, and that by 2020, more than 10% of IoT projects in traditional industries would be headed by the CIO.
This prompted Jenny Beresford, research director, to caution: ‘The IoT will expand rapidly and extensively, continually surfacing novel and unforeseen opportunities and threats.’
Among those threats — which will definitely be CIOs’ responsibility — is the woeful security of traditional IoT and IIoT networks, as well as the privacy, connectivity and transaction speed issues that frequently plague IoT implementation.
To be maximally effective such a network must somehow be both highly connected and highly secure, and currently only one technology — blockchain — can achieve this.
However, obstacles remain, including the lack of an IoT-friendly blockchain consensus protocol.
Network Security and Data Exchange
IoT and IIoT networks typically lack physical security, host-based defences, and software updates and patches. These networks typically also use less-secure wifi protocols, web apps and APIs, combining larger-than-usual attack surface with weaker-than-usual security while retaining single points of control and failure.
In IoT, hackers see a new prize: gigantic botnets which can be used to spread malware, as with the Mirai botnet. And in IIoT, the rewards of network penetration can be industrial sabotage, espionage or large-scale blackmail, like Florida’s Riviera Beach.
Yet, companies cannot afford to hold off indefinitely on deploying IoT technology, since doing so exposes the organization to risk of being outmanoeuvred by competitors. Blockchain offers CIOs a way to deliver their IoT projects with the inherent security issues of large, distributed networks essentially solved.
Blockchain for IoT inherently eliminates single points of control and failure while simultaneously offering modular encryption and auditable transaction logs, so security issues are isolated, easy to identify and cannot spread through the network. Even if they do, they can’t gain control of it.
Machine-to-machine (M2M) communications generate gigantic amounts of data in transit — and the number of connected devices is growing rapidly:
With centralized control, much of the processing power of these devices is lost to idling, while trust issues keep transaction costs high. CIOs find themselves in the position of paying for computational capacity they can’t use, and for traditional data centers that represent a ‘honeypot’ for attackers and a bottleneck for their networks.
Peer-to-peer communication across connected devices would enable dynamic transaction load balancing, enabling spare computing power to be identified and employed and potentially eliminating centralized data storage.
To do this successfully, IoT will need to become trustless as well as peer-to-peer. Blockchain offers a trustless peer-to-peer communication and transaction medium with secure, unforgeable and auditable transaction logs; smart contracts can be used to set policies, control and monitor access rights and execute actions autonomously based on pre-defined conditions.
Privacy and Autonomy
IoT systems built on traditional networks cannot prevent access by governments, service providers or criminal actors. With weak security and single points of control, trust on these networks is impossible to guarantee.
IoT and IIoT both require connectivity and modular security. The current solution, ‘security through obscurity,’ must be replaced by a systemic shift to open-source systems that achieve ‘security through transparency’ and are far less vulnerable to sophisticated, persistent institutional attacks.
Without this shift, both consumer and industrial networks will be increasingly vulnerable, and as the number of connected devices grows, radically lower-cost privacy and autonomy will be necessary to save the IoT.
IoT Connectivity Costs
In the current iteration of the IoT, costs are prohibitively high while revenues fail to meet expectations. Many existing IoT solutions are expensive because of the high infrastructure and maintenance costs associated with centralized cloud delivery and large server farms.
IoT devices violate the traditional pricing and revenue model of the IT industry too: device costs and incomes don’t line up, and maintenance costs consume substantial amounts of revenue. Inherent technical reasons make this unavoidable using the current model, but CEOs still don’t like hearing it from their CIOs.
Blockchain technology allows reliable data to be pooled and shared without trust, directly among stakeholders. This allows for a significant cost reduction, eliminating intermediaries and allowing for automatic transactions and payments across devices using smart contracts.
Blockchain-IoT Integration Challenges: Lack of an IoT-centric consensus protocol
The current consensus protocols available for blockchains — PoW, PoS, PoET, and IOTA — are all designed for permissionless blockchains focusing on financial value transfer. PoS and PoET can also be used in permissioned blockchains, but their consensus is probabilistic and does not end in a permanently-committed block, resulting in an unacceptably high ‘hard fork’ rate.
PoET requires specialist hardware and the enclave allocating wait time is a trusted entity; it has also proven vulnerable to node compromise.
What’s needed is a consensus that can keep the benefits of the distributed, auditable, trustless environment blockchain provides, but deliver it in real time and at scale — without mining or excessing transaction costs, and without multiple hard forks.