December 17, 2019 | Updated: January 8, 2020
When designing software that powers the latest Internet of Things (IoT) devices, technologists need to solve for possible issues that may come up today, but also anticipate future challenges. At the IEEE GLOBECOM 2019 conference in Waikoloa, HI, IEEE Life Fellow Vinton Cerf spoke on the importance of designing resilient IoT software to provide adequate privacy and security for the entire lifespan of an IoT device – up to 10 years in some cases.
Cerf, who currently serves as Vice President and Chief Internet Strategist at Google, is a co-designer of Transmission Control Protocol/Internet Protocol (TCP/IP), which allows computers to communicate with one another. Cerf is widely regarded as one of the “fathers of the internet, ” and posed several ethical questions during the conference on how we can build secure and scalable IoT systems.
Vinton Cerf’s Recommendations for Ethical and Secure IoT Software Design
How do we write code without bugs? How do we fix bugs once an IoT device has shipped? How do we validate IoT software updates, and guarantee that they have been tested and are certified?
“We can no longer afford to treat software bugs as just mistakes,” says Cerf. “We have a responsibility as engineers to be very thoughtful about how we design and build IoT systems.”
AI-controlled devices in our homes and industrial settings pose a significant hazard, and something all engineers should be mindful of during their design and production process.
“Machine learning (ML) is not the hazard,” explains Cerf. “The real hazard is software that bugs in IoT devices. When there are corner cases that ML has not been exposed to, it will make mistakes. To avoid hazards, we should not give ML too much autonomy.”
Cerf also suggests building IoT systems that can perform diagnostics and anticipate failures before they happen.
“Authentication and public key cryptography are central to IoT systems,” says Cerf. “We need to demonstrate resistance against external attacks, and we need to be able to recover after major failure.”
When asked what he would do differently if he could go back and redesign the internet, Cerf noted that nobody predicted mobile devices back in 1973 when computers occupied entire rooms.
“Had we known how large the internet would get, we would have started with IPv6, (Internet Protocol Version 6) and given devices unique identifiers at the TCP layer,” says Cerf. “We also should have implemented public key cryptography much earlier.”
As IoT continues to grow in unexpected ways, engineers must focus on designing ethical, resilient and secure devices that will protect consumers from bugs or cyber attacks.
About our author
Mario Milicevic is an IEEE Member and Staff Communication Systems Engineer at MaxLinear.