EU IoT Expert Group – Roch Guérin

Internet-of-Things (IoT) tends to mean different things to different people in part because, as a term, it is generic and broadly refers to the shift from a human-centric to a machine-centric Internet.  While connecting machines/things to the Internet is not new (computers were arguably among the first Internet users), what is new is the sheer number of those devices and the fact that they are much more than simple data sources.  Instead and in spite of their many different form factors, they are often full-scale compute platforms, albeit of varying capabilities.  This creates a number of challenges, but there are two that are particularly significant because of their complexity and implications.

First, the sheer number of data sources coupled to the seemingly ubiquitous distribution of those sources mean that we are faced with an increased imbalance between where the data and traditional compute resources reside.  Addressing this imbalance calls for leveraging whatever computing is available wherever it is.  However, heterogeneity across both computational tasks and computational resources creates a highly complex distributed computation challenge.  What should be computed where, what is the right trade-off between communication and computations, how should computations be structured (broken-up) to best take advantage of available local resources, how do we account for both resources and timeliness constraints, etc.?  Tackling those many inter-dependent questions is both an opportunity and a major obstacle in realizing the full benefits of an IoT-powered environment.

The second and possibly much more pernicious challenge stems from the many security and privacy implications that IoT raises.  Our track record in controlling data usage from a single source is at best poor, and so how can we hope to understand and manage the use of data acquired and consumed in so many different places more often than not without anyone being fully aware of it.  Conversely, with many services depending on the continuous availability of different (IoT) data sources, the attack surface of those services dwarfs that of even today’s most complex systems.  Without a comprehensive and principled approach to those questions, we run the risk of both distrust in IoT systems and their exploitation to highly disruptive ends.  Failure on either front could severely curtail the anticipated growth of the IoT ecosystem.