Podcast 14: Smart homes Matter, but will they be secure?
President Biden has signed an Executive Order on cybersecurity as the latest US step to improve IoT security by introducing cybersecurity labelling for consumer products. The Trending Tech Podcast hears from Steve Hanna of Infineon that the race to the bottom in cybersecurity is ending as governments worldwide are following new standards. Meanwhile, Gartner says 75% of enterprise data is expected to be created and processed at the Edge. But which Edge? George Malim and Jeremy Cowan wonder if telcos will profit from their Edge advantages. History suggests not. Maybe this time will be different!
Jeremy Cowan 0:04
Hi, and welcome to the latest Trending Tech podcast brought to you by VanillaPlus.com, IoT-Now.com, and The Evolving Enterprise, TheEE.io. I’m Jeremy Cowan, and it’s great to have you here for today’s Sometimes Serious, Sometimes Light-hearted look at digital transformation for enterprises.
And today’s first guest is no stranger to the podcast. He briefed us last year on chip standards for smart homes. He is Steve Hanna, a Distinguished Engineer with Infineon Technologies based in Florida. Infineon is headquartered in Germany, and is a global top 10 semiconductor solutions company, with almost 50,000 employees and revenues of more than Euros 8.5 billion in 2020. So, a major player. Well, it’s great to have you back, Steve.
Steve Hanna 0:58
Thanks, Jeremy. It’s always delightful to join you on this podcast.
Jeremy Cowan 1:03
Thank you. And our second speaker is already well known to regular listeners, and to readers of IoT Now magazine and VanillaPlus magazine, which he edits. He is, of course, George Malim. Thank you for joining us again, George.
George Malim 1:18
Hi, Jeremy. Great to be here.
Jeremy Cowan 1:20
Steve, I think you’re our first returning guest; that’s either immensely brave or possibly reckless. I’m not counting George here, who sticks around here, like a Band Aid, somehow putting up with my jokes and ensuring that our print and digital magazines come out on time, looking good and talking sense.
We’ve asked you back, Steve, because we want to hear the latest developments in the chip standard for smart homes. There was a lot of interest among our listeners in smart homes back in 2020. Seems a long time ago. And it’s still the most listened to episode we’ve ever done. And if you want to check it out, everyone, you can do that. Please have a look at it after hearing this. And just go to wherever you found the pod and look for Episode Five. We also want to see what progress has been made and ask Steve when we can expect to see products that support this new standard.
And of course, the elephant in the room is how will the new standard fit with cybersecurity labelling for IoT products. So aside from doing some serious news at the beginning, we will end with our What The Tech section where we take a sideways look at some of the stories that have made us smile or curse lately. So, Steve, tell us make us jealous. How’s life in Florida? I’m picturing palm trees and ice-cold beers. Where are you today?
Steve Hanna 2:50
Well, actually, I’m up in Boston today. Of course, Florida is just as you describe. But we had to come up here to sell our house. We’re fleeing the snow and ice and we’re going to be full time year-round in Florida. Who could resist?
Jeremy Cowan 3:13
Indeed. Well, it’s not only great to have you here, Steve. We’re very proud to say Infineon are the sponsors of today’s podcast. So, thank you very much for that, too.
Steve Hanna 3:22
Jeremy Cowan 3:24
Great. Let’s start with the headlines. Steve, I’m gonna come to you first, what’s caught your attention in the serious news lately?
Steve Hanna 3:31
You know, there’s been quite a bit on cybersecurity for IoT. It’s a topic that I follow closely, as you know, because our customers and our customers’ customers are so concerned about it. And of course, we’ve had the pipeline that was hacked, so to speak. And we’ve had innumerable similar hacks. But that’s not what I’m going to focus on today.
I’m going to focus on something positive, something that takes us in the right direction. And that’s the executive order on cybersecurity that our US President Biden signed on May 12th. This is, shall we say, the latest in a series of steps to have the US government play a positive role in promoting better security for the IoT. And it follows on a bipartisan bill that was passed and signed by President Donald Trump. This just shows you how bipartisan the issue is.
Back in December, the bill, the IoT Cybersecurity Improvement Act of 2020, required the US government to adopt IoT cybersecurity standards for its own acquisitions of any IoT devices. And now, this Executive Order follows on by introducing the concept of IoT cybersecurity labelling for consumer products. And it directs the National Institute for Standards & Technologies, a US government agency to develop pilot programmes in this area around IoT cybersecurity labelling for consumer products, perhaps something that could be built on some of the existing programmes.
Of course, there in the UK, you have some of the most well-established IoT cybersecurity regulations and guidelines that have since been picked up by the ETSI and European government, Singapore and Australia. We, here in the US, are finally catching up. And I’m happy to see it, I really think it’s a step in the right direction, we can’t have a race to the bottom as it were.
Jeremy Cowan 6:04
Do you think that’s where we were headed prior to that – it was going to be sort of the lowest common denominator?
Steve Hanna 6:11
That’s where we are today, Jeremy, I would say so. That is, there are market pressures at head work. And when there are vendors that have low quality or low levels of cybersecurity, this saves them a bit of money, a few cents shall we say for each product, and ends up putting pressure on the vendors who want to do it the right way.
Of course, security doesn’t come for free. And to justify that expenditure, you have to have some way of quantifying increased revenue. If you have at least a label that says this is more secure than that, then the consumer can choose. And in some countries, that will probably be mandatory, that you meet certain requirements for IoT cybersecurity, so then we have the arm of the government involved as well.
In the US, it may be more a carrot approach than a stick approach. But if all these governments work together, I think we will see a raising of the bar, a certain set of norms for IoT cybersecurity, higher for pipelines than for smart homes. But even in smart homes, some level of minimum expectations.
Jeremy Cowan 7:41
Yeah, ‘appropriate security’ being the watchword, I suppose, between pipelines and smart homes.
Steve Hanna 7:49
Jeremy Cowan 7:50
So, then we get to the key issue of educating the public because I guess that an awful lot of the public assume that what they buy is secure – wrongly, of course. How then do you think the industry should set about this? Is that an industry initiative? Is it a government initiative? Is it both?
Steve Hanna 8:10
I think it is both. But it’s also a matter of making it simple enough that consumers can understand it. We can’t expect every consumer to get a PhD in cybersecurity, to be an expert on cryptography. What we can expect is that products be labelled in some sort of comprehensible manner, so that your average consumer can see, ‘Oh, that’s really a one-star product, not so great’. ‘Oh, this one over here is a five-star product with respect to IoT cybersecurity’, the same sort of thing that we do with automotive safety or with energy efficiency. The consumer doesn’t have to be an expert on watts and volts and amps, although for us engineers, that seems elementary, or kilowatt hours for that matter, they only have to look for a better rating to know that the product they’re buying is energy efficient, or not. And then in some countries, there will be minimum requirements for energy efficiency, the same sort of thing should apply for cyber security.
Jeremy Cowan 9:19
Makes perfect sense. And I mean, to give the consumers credit, I think these things are – when properly labelled and clearly explained – they get it very quickly. I mean, I’m thinking of energy efficiency labelling for white goods, but also for homes, which is a big thing in the EU, probably all over the world. I don’t know. Is that your expectation, Steve? Do you think that the public will get it fast?
Steve Hanna 9:50
I do. I think they will, once it’s put in the manner that they can understand that this device has gone the extra mile to protect your privacy. To protect the security of your smart home. They’ll want to have those products, they’ll select those products. But right now, there’s nothing on the box that helps you do so. So, we need to have that cybersecurity labelling on the outside of the box in a simple enough manner that it can be understood, not just a bunch of acronyms, like TLS and RSA, but something simpler than that. And that’s, I think, where we’re heading with these IoT cybersecurity labelling requirements that are emerging around the world.
Jeremy Cowan 10:40
George, what’s your thoughts on this? I mean, do you think carrot initiatives are enough? Or do we need a stick policy as well?
George Malim 10:47
It’s a really interesting thought. I mean, people always take advantage of the carrot. And I think there’s probably a stick required, in addition. It’s getting the balance right, though, because you don’t want to hold back innovation and hold back business by being too proscriptive with the stick, as it were. So, you want the freedom of technology, but at the same time, it needs to be safe. So, it’s a blend?
Jeremy Cowan 11:17
George Malim 11:18
And probably above my paygrade. (Laughter)
Jeremy Cowan 11:21
Yes, happily, I don’t have to get involved in that. Steve, that’s really interesting. Thank you.
George, can I turn to you? What tech story did you notice in the news recently?
George Malim 11:30
Yes, I noticed Antony Savvas on VanillaPlus.com. I’m not sure it’s necessarily a news story, because the topic was whether the edge is lucrative for telcos. But there are some new developments happening in this area. And it’s sort of chimes with a topic I’ve been banging on about it feels like for years, which is, cloud isn’t free. There’s a lot of cost to cloud, especially as things scale up in IoT.
So, that is creating that kind of interest in edge computing, because you can do more processing at the edge, save money, and take advantage of the low latency that hosting and processing data nearer to where it’s created and needed is obviously ideal. It’s clearly a trend. Tony’s article mentioned that Gartner predicts that 75% of enterprise data is expected to be created and processed at the edge. And I think we probably all agree with that direction of travel. But within Tony’s article, he’s brought together four or five distinct announcements that help to reinforce that change. Liberty, for example, is set to roll out 100 branded edge data centres across Europe, in a deal with investment firm Digital Colony.
Now, 100 edge data centres in a continent like Europe may not sound a lot. But when we’ve been dealing previously, with kind of very major business centres being the places where the bulk of data centres have been built and constructed, the idea of breaking that down and starting to get more distributed, does play into that idea that that momentum around edge is being taken up. And I think that it’s significant that it’s Liberty, which is a telecoms provider, that is doing that. Of course, they’re standing out a little bit in that way.
I would say that Vodafone is taking a different approach by partnering with AWS Wavelength for multi-axis edge data centres, and Verizon is doing a similar deal with AWS in the States. And there are others. Dell, for example, has recently done a deal with Equinix to have Storage as a Service in 220 Equinix data centres. Obviously, those are not all edge data centres, but some will be. So, that’s interesting. And that’s very similarly structured to HPE’s Green Lake offering. So, I think that we’re seeing things kind of productise, become more mainstream, and it’s less of a surprise.
For me, though, the question is, how will operators make money? And can they make money, because although they’re familiar with the networks, and they’re familiar with data centres, and have historically run large data centres, the question for the telecoms industry is how do they make money? And they often miss opportunities, and you can see that companies like Google, obviously, AWS and others are thinking of the edge in a hyperlocal way. I mean, there will be edge data centres in kind of shipping container type sized units, and these might even become smaller as time goes on. 5G, with that increased density of RAN equipment, you wonder, would it not be possible to have a very compact edge data centre next to a 5G base station? It’s possible.
I don’t think it will necessarily get that hyperlocal so soon because there will be power requirements and things like that. But this has made me think that the former PTTs may be in a strong position here, because their traditional telephone exchanges are extremely widely distributed. And they have fundamental things like network connections and power coming into them. Whether they’re still ready for use after the sort of hiatus of a decade or more is an open question. But it does seem that there is that real estate footprint that telecoms operators have that could be repurposed for multi-access edge.
So, we will see how that develops and how operators monetise because of course, you know, edge isn’t free either. So, you know, there is money to be made, and I’ll be watching that with interest.
Jeremy Cowan 15:55
Yeah, we’ll definitely come back to you on that. Because, I mean, I want to believe that the telcos will use the advantages that God gave them. (Laughter) But history has proved me wrong on more than one occasion in that regard.
Steve, do you think that we can reasonably expect the telcos will make the most of this possible advantage? Are they as well set as it seems?
Steve Hanna 16:21
Well, edge computing is definitely reality today. But I think the question we have to ask ourselves is, which edge? Is this going to be the 5G edge? Or is it going to be gateways or even nodes, as IoT nodes become more and more capable, and are able to perform their own artificial intelligence processing, then it may be that the edge gets pushed all the way out to those tiny sensors. And they themselves are doing facial recognition or other pattern detection, and only pushing back very small quantities of summary data.
Recognise that when they are battery-constrained, they can use that power either for local processing, or for transmission of data. And if they use it for local processing, and are therefore able to reduce the amount of data they have to transfer by a factor of 10 or more, that may more than make up for the power cost and the inherent cost of the local processing. So, I think there are market forces and physics which are driving the artificial intelligence closer and closer to the very edge of the IoT network.
Jeremy Cowan 17:44
If the telcos have the infrastructure and the network that George was referring to, what advantage would you see accruing to the hyper scales?
Steve Hanna 17:58
Well, there’s always an advantage there in that they’re able to do inferences using massive amounts of data. And they are trusted by those customers to do so. Whereas in security, we always raise concerns and have issues with the man in the middle. Not that telcos aren’t trusted, but it’s a difficult position to establish and from which to draw revenue. You know, neither side is eager to pay for the overhead of an intermediary to perform processing.
Jeremy Cowan 18:39
It’s interesting, obviously, this is a sort of game in progress. And I think we’ll need to be coming back to it. Just as we are coming back to our discussions about smart homes, Steve.
I wanted really to use your experience to get under the skin of where we have got to in the smart homes revolution, because I know we’ve been talking about this for years. I’m getting the distinct feeling that it’s getting closer now. Last year, you kindly joined us on the podcast to talk about the CHIP standard for smart home. What’s the latest on that?
Steve Hanna 19:14
Oh, goodness, first, a new name. Instead of CHIP, which I will say those of us in the semiconductor industry found very confusing. The new name is Matter, M-A-T-T-E-R. That is, we looked for the one thing that all things have in common and that’s Matter. So this new name, although it can be a bit confusing, because of course matter has other meanings as well, has been rolled out and that’s what we’re using going forward instead of the name Connected Home over IP, or CHIP.
It’s not an acronym, Matter. It’s just the stuff that all things have in common. And so that’s a new nomenclature, shall we say. And at the same time, a new name for the standards group where the standards are being developed. Instead of calling itself the ZigBee Alliance, which might lead one to think that the ZigBee protocol is the only one that matters, so to speak. This standards group is now called the Connectivity Standards Alliance. And this, I think, better reflects the broader scope that the organisation has taken on.
In fact, as we discussed last year, these smart home standards – Matter, as we call them now – do not require or in fact, they initially even support the ZigBee protocol. Rather, they’re focused on IP, the Internet Protocol, and a media over which IP can be transported. To me, this is the ultimate maturation of connectivity within the smart home. Because by using a single protocol, all the way from that window sensor that we were mentioning earlier, or temperature sensor, all the way to the cloud, we now have the potential for universal interoperability. That window sensor could itself talk not only to the cloud, but to intermediate gateways, to the edge in the 5G infrastructure, it can talk to other devices within the home. So, we have the potential for peer-to-peer communications. within the home.
My wife is always saying to me, ‘Oh, no, we’ve left a window open and the air conditioning is on.’ We’ve done it again, trying to cool Florida, that wouldn’t work. (Laughter) But if the window sensor were able to talk to the air conditioning system, or the thermostat, and to tell it, ‘Hey, I’m still open’, then we can have that peer-to-peer communications, that interoperability, that level of functionality, even without a dependency upon the cloud. In Florida, you may have heard we get some hurricanes now and then. And internet connectivity can be unreliable, even an ordinary afternoon in Florida often involves a windstorm and downed lines. And this is not just specific to Florida, as global climate change continues, I think we’ll see pockets of extreme weather around the world, resulting in intermittent connectivity. And we all want our smart homes to continue to work, especially in that sort of circumstance. And if they’re all dependent on the cloud, it’s unfortunate.
So, the development of a new name for the standards, Matter being that name, the addition of some new companies who will be supporting the standards. Yes, that’s an important development. But I think one of the most important developments is having a solid grasp on the technology.
We have, over the course of the last year since I spoke with you last, we have really hammered out all of the technical details for how version 1.0 of these standards are going to work. And we have a draft specification. We’re still polishing it, yes. But we have an open source implementation, which is available to anyone in GitHub. And we also have a lot of more material that’s available regarding these technologies, and this new and upcoming standard. So, I’m excited about those developments. I’m especially excited about getting my hands on this first batch of products that will support it.
Jeremy Cowan 24:23
Yeah, that was going to be my next question. When can we expect to see that in our sticky hands?
Steve Hanna 24:29
Ah, by the end of the calendar year. That’s our goal, and we’re making good progress towards it. We have prototype products already in testing and regular test events for our members, so that they can try out their products to make sure that we fully achieve that level of interoperability that we’re aiming for, while ensuring that security and ease of use, cost effectiveness, are maintained.
I guess I should mention as well, when we’re talking about products coming so quickly, that is this calendar year 2021, that these will often be software updates, firmware updates to existing products that are in the market today. You won’t have to replace your products that you may already have installed, but should be able to upgrade them in place.
Jeremy Cowan 25:24
Looking at those new products, how does the new standard then fit with a trend towards cyber security labelling for IoT products?
Steve Hanna 25:34
Hand in glove, Jeremy. Hand in glove! (Laughter)
Jeremy Cowan 25:37
Great to hear.
Steve Hanna 25:39
We have all been watching this IoT cybersecurity labelling trend. And with gusto, I think it’s fair to say. The new standard will not itself include its own set of labels, but rather, will include the fundamental technologies that are required for those existing labels. So, it’s not our intent to supplant, but rather to support the IoT cybersecurity efforts that are taking place around the world.
Jeremy Cowan 26:15
Steve, where should we look, if we want to find out more about your work on this and Infineon’s work?
Steve Hanna 26:22
We have a website. It’s www.infineon.com/connectedhome, and you can go there to learn more about the standards and the work that’s being done to develop them, and to provide semiconductor platforms that support them. And we have links there as well to a variety of other sources of information on the topic.
Jeremy Cowan 26:51
That sounds truly encouraging. I can see my Christmas list getting bigger now.
George, where do you think this takes us and leaves us? Are you as excited as I am about the possibility that smart homes might now be, you know, a truly IoT-enabled and secure reality?
George Malim 27:09
It’s removing another barrier. That’s the main thing. There’s still a lot to be worked on in business models, and particularly with multiple vendors coming together and how the Smart Home actually interrelates. You know, will the window company interact with the air conditioning company?
However, having the confidence that this is done securely enables that interaction a lot more than we would previously have seen. Because when you’re getting into individual companies’ brands potentially being damaged by another company not having the same level of security, that’s obviously a concern. So, being able to say, ‘Look, here is cybersecurity labelling’. That means that the security from the window company is at the same level as the security from the air conditioning company, it’s a barrier removed. IoT progress is all about incremental gains, removing barriers step by step.
Jeremy Cowan 28:07
Steve, it seems that for a while, we’ve been talking about ecosystems providing that security. From the way that George interprets it, this seems like, as he says, another barrier down. Is that fair?
Steve Hanna 28:19
It is. And I think I want to highlight something that George has put his finger on. The question of, will the companies actually cooperate, given that they have the standards to do so. We’re trying to address that as well. There’s an expectation that if the company has this logo, the Matter logo on their product, that yes, then they are going to interoperate, they are going to use the same set of standards, as you would expect with say, WiFi.
If you buy something that has a WiFi logo on it, it’s a requirement that it interoperate with other WiFi-enabled devices. And the same will be true. Now, not every device will necessarily support all of the same functions and features, say, the thermostat and the window sensor might not have that feature of talking to each other. But they’ll all support the same protocols, and therefore have the same capability. One won’t be able to lock it out at that point and say, ‘Oh, my doorbell or my thermostat only works with my own sensors and not with someone else’s’. That’s the hope, at least my hope. (Laughter)
Jeremy Cowan 29:41
Excellent. Steve, that’s really helpful and very encouraging. I think we are clearly several steps further down the road towards this.
Okay, we’ve reached the lighter section of the Pod called What The Tech where we want to share something tech-based that either made us smile or just made us mad. George, what’s amused or amazed you?
George Malim 30:04
Well, I think particularly in lockdown, but before that, as well, one of the problems has been misinterpreting nonverbal communication. I find this myself, particularly if I’m on chat, that the use of sarcasm is sometimes difficult to detect. Sometimes it’s really obvious. And sometimes you think it’s obvious isn’t, that’s even worse. (Laughter)
The good news is that help is at hand. A recent article in DefenseOne.com, has explored how artificial intelligence is being harnessed by the US military to detect sarcasm. The workers focused in on word combinations or words such as ‘just again’, ‘totally’ and ‘very’, and even an exclamation mark can have a darker edge, according to researchers at the University of Central Florida. That darker edge is obviously the hint of sarcasm. And the researchers at the University of Central Florida have been utilising a method called self-attention architecture to train neural networks to give more weight to some words than others.
The military thinks this will help it by enabling it to understand what’s happening in areas it’s operating in, by analysing things like social media posts and other open source intelligence. So, that’s great that they can sort of filter, …. it’s not so much filtering out actually, it’s identifying sarcasm, because understanding when someone’s being sarcastic is probably as useful as knowing when they’re not. And frankly, the tool sounds really useful. In fact, I probably could have done with this capability last month, when Jeremy messaged me to say one of my articles had articulated a point really well. (Laughter)
Jeremy Cowan 31:57
So, is this being used just in text? Or does it extend to the emojis that I’m sometimes throwing at you?
George Malim 32:04
That’s a very good question. I have no indication from the article if that’s an emoji situation. And, of course, the issue with emojis is, you have to be confident in the emoji user’s intention as well, which obviously with my 83 year-old father he’s not an excellent use of emojis. (Laughter)
Jeremy Cowan 32:21
But I think also, as David Cameron proved a few years ago, it’s also a generational thing. I mean, LOL turned out not, as he thought, to mean Lots of Love. (Laughter)
George Malim 32:31
Exactly. But I think the serious point here is that anything that kind of, can be used to gauge context and intent, particularly as language gets abbreviated, and shortcuts are used can only be a good thing. So, I think that’s a good and serious point in what’s supposed to be a light story. So, sorry about that.
Jeremy Cowan 32:54
Well, I shall avoid any fruit emojis or piles of poo in my responses here.
Steve, what has caught your eye in the news?
Steve Hanna 33:05
Well, I saw a story recently that I thought was pretty humorous, but I’m not sure you’ll see the humour in it. (Laughter) This regards what appears to be US soldiers in Europe trying to, as we’d say, bone up on or study for their exams, have put nuclear weapon bunker secrets into online flashcard systems.
Jeremy Cowan 33:24
Steve Hanna 33:25
Yes, that’s right! So, I think it’s been taken down now. But if you, a short while ago, would search for certain terms related to these nuclear weapons bunkers, you could find on those flashcards information about where they’re located, and how they’re secured.
I just had to chuckle at that. As somebody who’s had a classified rating in the past, I had to think, ‘Goodness, just don’t do that. Don’t go there.’ If you have a secret that you need to keep, the last thing you should be doing is posting it on the internet (Laughter) where it can be found by a search engine.
Jeremy Cowan 34:22
George Malim 34:23
It just goes to show, Steve, doesn’t it the old the old adage that the weakest point of any security system is the human being that interacts with it.
Steve Hanna 34:33
Jeremy Cowan 34:34
Well, as a journalist who would never be given any kind of classification under any circumstances, I find that absolutely breathtaking. Even I would have spotted that there might be a flaw in that plan.
I mean, it’s not that long ago, I think it was last year Bellingcat, the investigative journalist site, revealed that there was I think it was a beer and pub rating app called Untappd, that enabled researchers if they put their minds to it to uncover not only the locations of military and intelligence personnel around the world, it could even identify the personnel. Which is breathtaking in its ramifications. You can’t believe that the services would allow themselves to be so exposed. But I guess what happens in the shadows that isn’t qualified as authorised behaviour is probably the most dangerous.
Steve Hanna 35:32
Yes. As we used to say, loose lips sink ships.
Jeremy Cowan 35:37
Yeah, so be careful out there everyone, even if you’re not a spy.
Gentlemen, time is up, sadly. Let me, therefore, finish by saying a big thank you. Thank you first of all, to Infineon’s Steve Hanna; first for your expertise Steve, and second for sponsoring the podcast. It’s been great to have you here!
Steve Hanna 36:00
So happy I could come back.
Jeremy Cowan 36:02
And huge thanks also, to George Malim, managing editor of IoT Now and VanillaPlus magazines. Thanks, as always, George.
George Malim 36:11
I’ve totally enjoyed it, Jeremy.
Jeremy Cowan 36:13
Great fun. Thank you too, ladies and gentlemen, for joining us around the world. Don’t forget to subscribe to this Trending Tech podcast, wherever you found us. And be a total star, give us a 5-star rating and say something that’ll bring a happy tear to our eyes. Because it’s not just about our egos. This makes a huge difference to our ranking when people are looking for a new podcast.
And until next time, keep safe. Keep checking https://IoT-Now.com https://VanillaPlus.com and https://TheEE.ai for tech news and interviews. And join us again soon for another Trending Tech podcast, looking at enterprise digital transformation. Bye for now!