Balancing risks with the Internet of Things (IOT)
Amethyst’s Steve Mash investigates
The recent news headline "Pets left hungry as smart feeder breaks" (http://www.bbc.co.uk/news/technology-36912992) reported problems with a smartphone app-controlled pet-feeding device that failed to operate correctly due to a central server issue.
Some of the comments from disgruntled owners highlight the issue that it can be too easy to become over reliant on smart technology without taking a considered view of the risks associated with their use. Particularly in this case, where the failure was in part of the system that was outside the control of the end user of the system, and which the majority of users were not even aware was a potential risk.
A simple risk assessment of such systems quickly reveal the risks associated with the use of the system, taking into account the likelihood of risks being realised to assess the consequential impact of system failures. In this case, the likelihood of incorrect operation or failure to operate of a smartphone app, a central server or the pet-feeding device, can be readily seen to be high-based on experience with typical consumer standard products.
The end consequence is the failure to provide your pet with the food they require to maintain good health. It’s easy to see that such devices should therefore never be relied upon in isolation and risk mitigations such as monitoring of the devices and manual feeding need to be put in place. However, the typical purchaser of such products would probably not consider performing a risk assessment. There is a tendency to assume that products work exactly as it says on the box and to become reliant on them over time. When things do subsequently go wrong then it comes as a surprise and the consequences can be serious.
No safety or security critical system would enter into operation without extensive risk identification and management activities to ensure risks are reduced to as low a level as possible through mitigations including fail safe modes of operation, multiple redundancy of critical items and alternate means of control. As devices for consumers become more complex, it is far too easy for safety or security critical consequences from the failure of such devices to occur if they are used in such a way as to leave risks unmanaged. After all, who could have envisaged that we would have televisions that can watch and listen to us in our living rooms, fridges that can go online and order goods, home washing machines that can be switched on and off when we are still in the office or door locks that can be opened and closed from the opposite side of the planet.
In a world where the range of IOT devices available is rapidly expanding, a balance needs to be struck between the convenience of having such devices and the risks they introduce. The question for domestic users of such devices is where do they find out what the risks are and how they can be mitigated.