David Mudd: One of our comedians over here in the UK jokes about the smart toothbrush, which tells you how long you've been brushing your teeth. He says, "I know. I was there."
One of the more striking CEDIA Talks given at ISE 2018 in Amsterdam was delivered by David Mudd, Business Development Director for the Internet of Things with the British Standards Institution (BSI). In his work with BSI, Mudd’s uniquely qualified to talk about IoT, its promise and problems, and — most importantly for our purposes — how it relates to the home technology industry. Mudd’s talk inspired a CEDIA Tech Council podcast that dropped not long after ISE wrapped.
Mudd was careful to focus first on what the IoT is really all about: “People tend to latch onto concepts like, ‘Oh that's kind of where you can control your lights and your heating via your phone, isn't it?’
“The real value of the IoT is beyond that.”
For Mudd, the IoT carries the promise of what’s long been a CEDIA mantra: It’s not a collection of gadgets; instead it’s a means to providing an experience. “It's your home learning, understanding your habits, your preferences,” explains Mudd. “Knowing what the ambient light is. Knowing what the weather forecast is going to be. Knowing the price of electricity and gas. Delivering the absolutely perfect environment for you, without you having to even touch your phone. That's where the real value is, and that's where it starts to get exciting for anyone in the smart home automation market.”
“Ultimately the internet of things is an enabler — it doesn't actually do anything.” The caveat: “It's where the digital meets the physical, and we mustn't lose track of the fact that it's still physical products that have to deliver that service that we need.”
Why IoT Projects Fail
Now to the reality of the unrealized potential of the Internet of Things: According to an article published by medium.com, Cisco polled “1,845 business and IT decision-makers in mid-market and enterprise companies” and discovered a whopping 75% failure rate among their IoT deployments.
The reasons for failure culled from Cisco’s survey included:
- Long completion times
- Poor quality of the data collected
- Lack of internal expertise
- IoT integration
- Budget overruns
For Mudd, however, it’s something else — a root problem that could likely be the initiator of all the aforementioned issues. “The biggest single reason why IoT projects fail? It's not down to the particular technology, or to one group of people not speaking to another, or whether the technology wasn't a good enough quality, or what have you.”
“The biggest single reason why IoT projects fail? It almost always comes down to a lack of a clear strategy.”
“It almost always comes down to a lack of a clear strategy. Where someone thought either, ‘We need to jump on this bandwagon. There's a quick buck to be made here,’ or, ‘Unless we integrate this thing now, we're going to lose out,’ or, ‘We've got one shot here, or we don't get another chance for five years, so let's just stick it in anyway and see what happens.’ It's that kind of attitude, just thinking we'll just make it up as we go along, that causes the problems, rather than the technology per se.”
Mudd offers a striking example of an IoT device designed for home automation that came to his lab that did not measure up:
“We tested one of the first smart locks. It was amazingly smart. You could watch what was going on from anywhere. You could email somebody a key to get in. All very amazing technology.
“Our guys broke into that lock in 30 seconds.
“I can't give away the details of how they broke into it, but those guys are trained to look at a lock as a lock. If that lock doesn't perform as a lock, it doesn't matter how smart it is. That's the thing I'm seeing more and more with all this technology: People focusing on that connectivity — a) for the sake of it, and b) at the expense of the quality of that product in its primary function.”
The Keys to the Right Device
“There's two areas of concern here,” Mudd notes. “One is, does the product function as it should?”
Here’s where the expertise of those in the CEDIA channel comes in. “In your market, you guys are the experts. In terms of the quality, of the functionality of the products that go into smart home automation, you guys are the experts. Likewise, when it comes to the true value, it's also down to your knowledge of your customer.”
And is that customer likely to be impressed by the many modes of amazing functionality a device might have? “There is no point in that,” says Mudd. “The number one thing: The product has to be useful. Number Two: It has to be easy. Easy to use, easy to set up, easy to troubleshoot.”
“Then thirdly — and this is kind of a minor third compared to the others — it has to have the ‘wow factor.’ Normally the wow factor is tied into the first two. It's that I just click my fingers, or I do this one thing, and I have things exactly how I want them.”
But again, “wow factor” doesn’t mean a device needs “a lot of added bells and whistles — the customers can see through that. This is where you can take your knowledge of that end customer — and what they truly see as valuable — and use that to drive the development of suitable applications that are a lot more than the kind of simple ‘gadget boy’ stuff.”
But that doesn’t mean having the very latest solution for the sake of being cutting-edge. “Alternatively, if you're looking to defend your corner against the onslaught of this technology, you've got to focus on, what does that really give you?” Mudd asks. “What does that really give the customer? You know your customers the best, and that is still your key differentiator, whether it's the quality of the products, or whether it's the value of that connectivity.
“In the realm of smart home technology you really need to focus on your knowledge of the customer and those things that bring something of value to them.”
ISSUES OF RISK
The podcast also delves into the issues of security — and danger — when it comes to the notion of having billions of connected devices communicating (and potentially infecting) one another.
Mudd sees three key issues when it comes to the potential big-picture problems presented by the IoT:
1. Can connected devices be stopped from functioning or actually made dangerous? The last major one I was aware of was a nation-state level of attack against a power facility. The attackers were able to get into the alarm and the safety side of things, disable the alarms, disable the safety devices, and then target the power generation to cause that to malfunction and actually destroy the facility. In so doing, they triggered some of the alarms and caused a shutdown. One can imagine that same kind of thing potentially going on in a high-end residential home: targeting the security systems, targeting a smoke detector, then maybe a gas fire and an oven, and that kind of thing. There is material danger that's over and beyond the standard cyber security threats of just stealing data and money.
2. Can the IoT devices actually be used to attack something else? The classic example is the Mirai Botnet event back in 2016, where there was an active attack searching for vulnerable devices, and a particular manufacturer of IP-enabled security cameras was found to be particularly vulnerable. Hackers wrote a piece of software, tracked down hundreds of thousands of these devices, put some malware on them, and used them to take out Amazon, PayPal, Twitter, and Spotify at the same time. Not one of the owners of those cameras knew that device had been hijacked.
3. What data is actually being taken by these devices, what is it being used for, and how secure is it? Can it be misused and made dangerous? Can it be misused to attack something else? Then what is happening with the data? Those are the three big areas of concern. All of those risks can be mitigated, but this is not something you walk into thinking, "I'll grab this off-the-shelf product here and trust that." Or even, "I will trust my suppliers at face value." What evidence is there that those very serious risks will be mitigated against?