Developers of consumer-level IoT devices can learn a lot from the way that the military has approached the development of the Military Internet of Things (MIoT)...
There are some things the military does well, and some that it does not. The stereotype is that military and aerospace projects are hugely expensive, glacially slow, and produce unwieldy hardware-dependent systems that have extremely limited application. But when it comes to the IoT, that stereotype is not true.
In reality, developers of consumer-level IoT devices can learn a lot from the way that the military (and particularly the US military) has approached the development of the Military Internet of Things (MIoT). Contrary to the stereotype, these projects have been designed with a number of key concepts in mind – security, adaptability, focus, and sustainability – that are still sadly lacking in consumer IoT development processes.
In this article, we’ll take a closer look at these principles, and think about how they can be applied to IoT device development outside the military context.
Security remains the biggest issue with consumer-level IoT devices, and that has been the case for years now. Yet when it comes to IoT security, we are still in the Dark Ages.
Recent articles have covered whether low-code IoT development tools yield secure systems, how the signal processing chains for voice assistants can be made more secure, and how Bluetooth 5.2 SoC enhances the security and battery life in IoT devices. Yet the truth is that some of these developments have come far too late: home IoT networks are already insecure, and spyware in the IoT is rife.
Compare that to the specifications for military projects, and we can see where we are going wrong. In a recent paper by Aniello Castiglione and Michele Nappi of the University of Salerno, Kim-Kwan Raymond Choo of the University of Texas, San Antonio, and Stefano Ricciardi of the University of Molise, these researchers explain that the terms of their military contract specified that device authentication is built in from the get-go.
Figure 1. The military has always put the security of its technology first. (Source: Army.mil)
The devices they developed are designed to be swapped between soldiers in the field and are able to collect data that “collectively can be used to perform context-adaptive authentication in-the-wild and continuous monitoring of soldier’s psychophysical condition in a dedicated edge computing architecture.”
This should come as no surprise, of course – the military has always put the security of its technology first. But taking the time to think about security at the design stage, rather than attempting to fix vulnerabilities later via product patching, would be a welcome change in the consumer IoT market.
The question of adaptability is where the stereotype of military development is widest of the mark. It might have been true that, a few decades ago, military specifications exhibited something of a “target fixation”, but anyone who has worked on these contracts more recently is going to tell you that today the opposite is true.
A quick look at recent research on the MioT is enough to indicate this. In the paper “Context-Aware Ubiquitous Biometrics in Edge of Military Things”, published in IEEE Cloud Computing last year, it is apparent that the wearables currently being developed for the military are expected to function across a wide variety of environments, both technological and physical.
Similarly, last year the United States Army Research Lab awarded$25 million to the Alliance for the Internet of Battlefield Things Research on Evolving Intelligent Goal-driven Networks (IoBT REIGN) to develop new predictive battlefield analytics. The crucial point about this particular program is that the US Army was not just looking for a discrete tool to run battle simulations: instead, they wanted developers to deliver a complete and adaptable ecosystem of devices and processing systems.
In comparison, consumer IoT development is stuck in a different paradigm, in which devices are developed, designed, and built to perform one function, and one function only. Not only is this frustrating for after-market developers, but it also makes the economics of the IoT impossible for businesses who want to calculate business loans in order to invest in agile, future-proof IoT systems.
There is another area in which military thinking excels: the concern to tightly define what IoT devices are expected to do. Often, developing specifications for MIoT devices takes more time – and can consume more resources – than the development of the devices themselves. This means that IoT devices developed by the military are designed to meet actual, real-world issues.
In this area, the contrast with the consumer IoT could not be starker. IoT devices are still, in many ways, looking for a problem to solve. Even the most popular – voice assistants and fitness wearables – are at their best when automating processes that are possible with other tools. This lack of real-world application, and the concomitant lack of widespread consumer interest, is often talked about in terms of the IoT lacking a “killer app”, but the problems run deeper than this.
The current issue is not with the capabilities of IoT devices, but with the way they have been used. Though the promise of the consumer IoT was that it was going to network humans together, in reality, the biggest beneficiaries of these devices have been data scientists.
Finally, let’s look to the future. The lack of forward-thinking has been the largest source of the problems that now face consumer-level IoT devices and has given rise to most of the problems above. In a product development cycle that prioritizes new features and extra connectivity above security and compatibility, IoT developers are forced to work for the short term.
In contrast, military devices are typically designed to work for years, if not decades. Taking the same approach to IoT devices more generally might not have an impact on the average consumer, but it would definitely make a difference when it came to third-party uptake.
Figure 2. Military technological devices are designed to work for years, and building similar long term
compatibility will be necessary emfor the industrial, hardware-based IoT. (Source: USAASC – Army.mil)
Building long-term compatibility into IoT devices is going to be a necessity for the industrial IoT, which is much more hardware-based, but also is important as small businesses start to use IoT devices with the tools provided by quality web hosts or analytics providers. Ultimately, making the IoT ecosystem more sustainable is not only going to increase the uptake of these devices, but it is also critical for the future of the IoT sector itself.
In closing, let’s change our perspective. Although commercial IoT developers often pride themselves on their ability to “get the job done” quickly and to rapidly adapt to changing demands, this is definitely not the way that military employees see them.
Instead, the commercial sector is stereotyped in military circles as being totally dependent on short-term capital flows, and more interested in buzzwords and fashions than building “serious” systems. If you are a commercial developer, and that description strikes you as unfair, then it’s time to reassess your own stereotypes about military tech development.
At the end of the day, both sectors have a lot to learn from each other, so let’s start talking.
— Ludovic Rembert is a security analyst, researcher, and the founder of PrivacyCanada.net.