Some claim the Internet of Things (IoT) is anything with an Internet protocol (IP) address. As a result, IIoT devices range from smart thermostats and security cameras to industrial sensors and healthcare monitoring equipment. Their rapid proliferation is reshaping manufacturing, healthcare, agriculture, logistics, and smart buildings and cities.
Municipalities use IoT to connect traffic systems and public safety networks, and monitor utilities, creating a data-driven, urban environment. The result is enhanced city management, improved emergency response times, and lower-cost, more-responsive residential services such as identifying and repairing potholes.
However, IoT strains supporting infrastructures due to:
- Increased data traffic: IoT devices continuously transmit data, so their networks must have the capacity to handle it, even when some require high bandwidth and low latency to ensure real-time communication between devices and systems.
- Security: More devices connected to a network expands its attack surface, so the security of IoT devices and their sensitive data is a critical concern.
- Scalability: More IoT devices also requires networks to seamlessly scale to accommodate added activity without compromising performance or reliability.
Because of its ubiquity and ability to meet the above requirements, Wi-Fi is the normal default network for IoT, but it’s not the only option. There’s long-range, wide-area network (LoRaWAN), Zigbee, Bluetooth Low Energy (BLE), narrowband-IoT (NB-IoT), and cellular 4G/5G networks. And now there’s also Wi-Fi HaLow, which is defined by the IEEE 802.11ah standard, and certified by the Wi-Fi Alliance as a new IoT enabler because it provides the long-range, low-power connectivity required by today’s smart, wireless devices.
Wi-Fi HaLow enables mesh access points and backhauls to communicate over extended distances. It supports seamless communication for wireless sensor networks and other IoT devices over license-free, sub-GHz bandwidth over distances up to 1 km (> 0.5 mile), while offering up to 78 Mbps capacity over short distances, with 150 Kbps achievable at the end of its range, as well as minimizing data collision with its listen-before-talk capability that allows high network utilization among multiple devices.
Wi-Fi HaLow also introduces enhanced sleep modes, such as Target Wake Time and Restricted Access Window, so devices can conserve energy and sleep, while not responding to irrelevant network traffic to extend battery life. A recent IMEC comparison study published by the Wi-Fi Alliance found that battery life can be more than three years for Wi-Fi HaLow devices using 500 mAh batteries at 10-minute transmission intervals.
Wi-Fi HaLow, like other IP-based systems, requires stringent security protocols to combat evolving cyber-threats, including implementing and regularly updating security technologies like WPA3 authentication and AES encryption. These measures safeguard extended IoT networks, as well as the subjects of over-the-air provisioning that initially connect devices to the network to start the full security cycle.
Because IoT deviceconnections are increasing, and associated IP devices can be backdoors to a network, there are new regulations establishing a minimum increase in this vulnerability. A concept from Singapore of IoT devices requiring a security label is gaining traction worldwide with similar legislation being introduced in the U.S. and EU.
In April, the U.K. adopted the Product Security and Telecommunications Infrastructure Act that requires smart device manufacturers to follow minimum security standards. thatIt mandates three main requirements:
- Shipping devices with easily crackable default passwords is no longer allowed;
- Manufacturers must provide a point of contact for individuals reporting security concerns; and
- Though a minimum time frame isn’t specified, they must also clarify the minimum period that the device will receive security updates.
The prohibition against easy default passwords is the part likely to have the biggest initial impact. The act allows default passwords, but if they're easily discoverable online, they’ll run afoul of the act. The likely recourse is that manufacturers will retain a default password for initial provisioning, but as part of the process, they’ll require users to change it to something different. These won’tnecessarily put any constraints on minimum length, special characters, or use any of the most common passwords based on number sequences or rows on the keyboard.
I suppose you can only do so much to protect people from themselves. As a colleague and I tell each other on an unfortunately too regular basis, “Despite all the work by engineers to make things more foolproof, we continue to find the world producing better fools.”