The Internet of Things (IoT) was seen as the next big thing for the consumer market. While the impact of IoT technology is still unfolding, there is no doubt that IoT devices have made a much bigger impact in the commercial space. IoT networks are changing how we handle major industrial processes, from healthcare to supply chain logistics and manufacturing. Accordingly, the ISO has put forth a document, ISO 30141, on best practices and characteristics of operational IoT systems.
What is the Internet of Things?
The Internet of Things (IoT) refers to a network of devices like sensors, software, mobile hardware, machinery, and network connectivity, collecting and exchanging data over the internet for a shared purpose. IoT devices are typically designed to perform specific functions, such as monitoring a person’s health or optimizing energy usage in a building.
Smart devices can take many forms, from thermostats and security cameras to industrial sensors, medical wearables, or mobile devices. These devices are often designed to be small and unobtrusive and may be powered by batteries or other energy sources. These devices collect real-time data to process and provide insights for larger data services.
IoT is a rapidly growing field, particularly within the commercial and industrial space. Consumer IoT devices are often decentralized collections of cloud-connected devices. In contrast, industrial applications will often connect different aspects of a large operation–a manufacturing line, a hospital wing, an international supply chain, or a fleet of vehicles.
ISO 30141 IoT System Characteristics
ISO/IEC 30141, “Internet of Things (IoT) – Reference architecture,” is a governing document from the International Organization for Standardization that defines standards, characteristics, and models for well-defined and functional IoT architecture.
The core of this document is the set of general characteristics that an IoT system, and its components, should have.
These characteristics include:
According to the ISO, trustworthiness is defined as the degree to which a system performs as expected while including characteristics that include “safety, security, privacy, reliability, and resilience.”
Regarding ISO 30141, security applies explicitly to the Confidentiality, Integrity, and Availability (CIA) triad of capabilities.
- Availability: This characteristic refers to the accessibility and usability, on demand, of any device, data, or service within an IoT environment.
- Confidentiality: Information contained in, processed by, or related to IoT networks and devices remains private without unauthorized disclosure. This disclosure includes any breaches of confidentiality that could come from interacting software, data flows, or other computing processes.
- Integrity: IoT networks must have characteristics to prevent loss of innocence, either from device malfunctions or the implementation of intermediate nodes that can alter data between different devices unexpectedly.
- Protection of PII: Protecting PII is a regulatory requirement in most security frameworks, and as such, it is also a requirement for the trustworthiness of an IoT network.
- Reliability: Since IoT networks consist of various devices, which often support mission-critical systems in important industries like manufacturing and healthcare, these devices must function reliably and as intended.
- Resilience: When conditions in a network or the environment in which the network operates, change rapidly, it’s essential that the network show resilience against these changes. This can mean adapting devices or device operation in real time or having fail safes in place in cases of device failure.
- Safety: In any context where the user’s or public’s safety is concerned, then the IoT system must be able to account for the proper operation of systems such that the managing organization can understand the risks to that safety. This understanding will necessarily include potential harm and the severity of that harm.
This section applies to how administrators, developers, and business operations design and implement IoT infrastructure. This includes questions of operability and integration.
- Composability: A proper IoT system can compose itself of several disparate and interoperable devices and components that create a full network. These components should have the capacity to function and roughly the same level in terms of speed, reliability, performance, etc.
- Functional Separation: An IoT system’s functional and management capabilities must remain fundamentally separated. This means having different access points, endpoints, and user privileges for operational capabilities and management capabilities
- Heterogeneity: The network should support the interoperability of a heterogeneous collection of components and entities, particularly across system, product, and domain categories.
- Distributed Systems: The components of the system must work together as a discrete unit while supporting devices that are physically separated and remote from one another.
- Legacy Support: An IoT network should be able to incorporate legacy software, hardware, or protocols still in use while incorporating newer technologies.
- Modularity: Components should be modular in their ability to be added and removed from the network without disrupting the totality of its operations.
- Network Connectivity: IoT networks are essentially many-to-many networks. As such, they must support reliable and ongoing network connectivity to maintain and of the characteristics and capabilities listed here.
- Scalability: Following all of the characteristics listed, an IoT network should be able to leverage modularity, connectivity, and heterogeneity to scale in size, complexity, and workload.
- Shareability: The resources and capabilities of a component of an IoT network should be available to other devices or administrators for allocation in different applications.
- Unique Identification: An IoT network should be able to assign and leverage unique ID numbers, names, or other symbols to identify those components and, in a larger context, itself against other components and networks.
- Well-Defined Components: Along with these identifiers, the entities on an IoT system should be well-defined, with clear descriptions of capabilities, risks, and functionality.
This section addresses IoT components’ capabilities in terms of their functionality and how they meet specific requirements.
- Accuracy: Different components must have accurate functionality related to their primary purpose. For example, sensors must provide accurate readings from their environment, software must provide accurate calculations based on their programming, etc.
- Auto-Configuration: Components should have some or complete auto-configuration systems that can adjust component operations based on rules and information from other devices on the IoT network.
- Compliance: All entities must conform to regulations and industry standards.
- Context-Awareness: Relevant components should be aware of the network’s state and the types of data flows entering and exiting the component so that it can adjust to specific functions like timeless or security.
- Data Characteristics: IoT systems must consider and meet the “5Vs” of data–volume, velocity, veracity, variability, and variety. This essentially refers to the ability of the IoT system to handle big data reliability.
- Discoverability: Endpoints in the IoT system should be able to remain discoverable for queries and other access methods by broadcasting availability for discovery services.
- Flexibility: Components and entities should provide several different levels of functionality such that several connectivity approaches are available. The idea is to avoid single-purpose devices locking an IoT system into a static configuration.
- Manageability: While many components operate autonomously, the network must have the functionality to address device, system, network, security, and interface management.
- Network Communication: The network connecting different IoT components must operate over reliable, always-on, and secure internal protocols and infrastructure (both wise-area and proximity).
- Network Management: The IoT system must have a managed network connecting all devices into a coherent strategy.
- Real-Time Capabilities: Devices should have the real-time capacity to collect and process data as a stream from the point where an event occurs.
- Self-Description: Components must be able to list their capabilities for other components in the IoT system or for components of other IoT systems (where applicable). This self-description must be included for mobile or hibernating devices that may enter or leave a given network.
- Service Subscription: Some components or services in an IoT system are offered via a managed provider. The provider must also provide clear mechanisms to establish and maintain such subscriptions in these cases.
Maintain the Security of Your IoT System with Lazarus Alliance
Suppose your organization relies on IoT devices in a way that requires ISO 30141 assessments or overall security audits for proper security and management. In that case, you must work with an experienced security firm that understands ISO inside and out. That firm is Lazarus Alliance.