世界经济论坛-实现物联网：集体行动框架（英文）.docx

WORLDCQNOMQRUMICFWhite PaperCOMMITTED TOIMPROVING THE STATEOF THE WORLDRealizing the Internet ofThings: A Framework for Collective ActionIn collaboration with the Massachusetts Institute of TechnologyJanuary 2019Key Challenges and OpportunitiesThe continuously evolving ecosystem of loT presents unique and impending challenges that must be addressed not in an ad hoc and piecemeal manner, but by considering the bigger picture. With this in mind, issues related to the five pillars more holistically are examined below.loT challenges are society-wide and enterprise-wide. As society grapples with a range of issues - such as sustainability, security and demographicshifts-the ability to sense, communicate, infer and act become necessary and indispensable in building a smarter, more efficient and more comfortable world. The growing acceptance of technology, which is now becoming a hunger for dazzling new functionality, is fuelling new categories of companies with novel offerings with creative revenue models - ones that the existing business and technical lexicons can barely describe. With the rise of payment technologies, such as cryptocurrencies,29 and the newly minted loTa,30even payment methods are reaching far into uncharted territory. However, there are issues with growing such a pervasive technology so broadly and in as decentralized away. Challenges facing the loT ecosystem include implementation, interaction and intrinsics. Some challenges stem from technical issues, others policy issues or organizational dynamics, and still others might be governance-related, all impeding the realization of the greatest benefits or the prevention of downside.31 3233 A broad viewing angle is necessary to ensure an optimal outcome for society at large.Architecture and standardsSuccessful architectures are not always obvious. For example, alternating current, or AC, which made the modern electric grid possible, was a counter-intuitive idea pioneered by Tesla in the face of ferocious competition from direct current (DC) and its formidable backer, Edison. Packet-switched networks, cellular telephony and the World Wide Web are other examples of architectural breakthroughs.loT is in pressing need of a breakthrough reference architecture. Several questions are unanswered. Should the communication be peer-to-peer? Should the computation be local? Others pertain to where the computation will occur: at the device, at the edge or in thecloud?Two key patterns are emerging. The first is the concept that was initiated contemporaneously as Cloud Things,34 Digital Twins35 or digital mirroring. The basic idea is that loT objects in the real world will be mirrored in the cloud with virtual equivalents. In some ways the concept predates even the two technical references above - the iTunes account attached to an iPod being one of the earlier commercial examples. However, the extent of the mirroring, combined with the additional functionality in the cloud and the ability to control, drive and protect the loT object through its guardian in the cloud, is the area where a great deal of progress is occurring.36 Furthermore, the communication itself can occur between the cloud instances rather than between the actual loT devices unless the latency cannot be tolerated (which, in a surprisingly large proportion of applications, it can). This enables a new form of security in which the digital twin, with its vastly superior resources in the cloud, can enable a new form of security that is referred to as the Cognitive Firewall. The Cognitive Firewall is a selflearning system capable of evaluating commands for safety in context and only allowing those safe commands to pass from the Cloud to the end device forexecution.37The second pattern is what is variously captured by so- called edge computing and fog computing. The basic idea is that some computation can and needs to occur locally to ensure responsiveness and to save bandwidth when that is important. On the other hand, some heavier- weight computation needs to occur in the cloud. A simple example of this form of distribution of computation occurs in voice assistants such as Alexa, Siri, Google and Cortana. The detection of the wake word, such as “Hey Google" or "Alexa”, occurs at the edge with an always-on signal processing system but the actual heavy lifting of understanding and routing the query string, such as "read me the news" occurs in the cloud.Evolving the ideal architecture requires iteration and refinement. A test bed is extremely effective, and often a necessary precondition, for evolving good architectures. ARPANET is a prime example of a government-initiated test bed. Successful architectures become references - so called reference architectures - that others can adopt with confidence of success. In loT, the Industrial Internet Consortium (IIC) has led a series of activities around test bed creation with use cases and business needs.38Architectures and standards are closely interrelated. The architecture defines the touchpoints and the interfaces where standards may be defined. In the World Wide Web, the hyperlinking architecture drove the two new and key standards: and HTML. In the loT world, Wi-Fi, Bluetooth, Zigbee, 6LowPAN and RFID are jostling for last-meter LAN connectivity. At the same time, new approaches, such as LPWAN, are enabling unprecedented levels of connectivity at long ranges with low-power objects. LPWAN is intended not for real- time control at all, but for relatively infrequent status updates at low bandwidths and at very low battery levels. Each of these protocols occupies a different point in the multidimensional space, consisting of axes for power consumption, bandwidth, range and latency. For example, Wi-Fi is designed for high bandwidth, low-latency but relatively high-power applications, such as video cameras, while LPWAN is meant for relatively infrequent communications with, say, a tank level sensor. The absence of a dominant standard has driven loT into a wild-west status.Intellectual property, licensing and the ability to use standards freely are key measures ofthe effectiveness of a standard. Too often standards are burdened by intellectual property rights and require cross-licensing. Stipulations, such as Reasonable and Non-Discriminatory (RAND) licensing, can help mitigate the friction in standards adoption but require careful construction of IP agreements. Understanding which standard is best for which application, and which architecture, will be necessary to lay out the relevance of various standards under development, and where to play.Other related questions on architectures and standards revolve around how the data are generated, how the data are made portable across applications/devices and how data reuse is supported. Data portability and reusability are critical to reducing operational costs and enhancing application and service capabilities. McKinsey states that interoperability is necessary to unlock more than $4 trillion in unrealized economic impact in loT by 2025 (36% ofthe maximum $11.1 trillion economic benefit from the same study).39 For example, individual car brands can collect their own traffic data - or better data can be aggregated by the entire fleet, using crowdsourcing.40 Building on such an example, connected products may fundamentally change the way in which traffic management, road maintenance, autonomy, vehicle warranty services and maintenance are delivered. Yet today, such standards are rare.Security and privacySecurity and privacy are related but apply to different concerns. Privacy deals with issues - intent, policy and procedures - related to personally identifiable information (PH). As with many computing and networking systems, loT has a large impact on both issues: privacy and security. A cloud-backed home security camera may track a person's movements. The privacy questions are around what the homeowner's rights are over the data, as opposed to that of the cloud provider. The security question relates to the protection of the device and the cloud from hacking by a third party.loT fundamentally expands the PI I reach of computer systems and the size of the attack surface. An industry study by Dell notes that the scale of loT creates unexpected opportunities for hacking.41 While 75% of respondentsto a Forrester survey indicated that security was important or very important, 60% identified the area as a significant challenge.42 Building and maintaining an loT system is complicated. There are no clear and agreed upon architectures to simplify development. Systems may be secure independently, but by the time glue layers are developed to link dissimilar systems, weak links and new attack surfaces have been introduced.43The next war will likely be fought through the cyber-takedown of a country5s infrastructure. Hacked power grids and exposed citizens are hardly the signs of a responsible industry.As physical and digital systems converge, unintended consequences become an increasing and significant risk in loT ecosystems.44 This includes challenges hitherto unseen in the technology world, such as Trojan-horse hardware and software (for example, a webcam innocently brought into a factory, in which lurks malware that can infect the SCADA system), the confluence of even simple workflows with loT functionality (an innocent valve may tomorrow have an embedded computer), and the attendant need to upskill, and so on. A default password can be all a malware needs to take residence inside an installation. Uniquely in this new world, safety considerations and cybersecurity considerations converge. What might have been an unintended safety lapse in the pre-loT world can become a weapon in the hands of a remote malicious party in the loT world. For example, the automotive staple CANbus may be inadequate for the challenges of security in a more interconnected world and new security solutions for loT are being explored. A series of security holes has illustrated the need for rethinking.45Security and privacy must be considered at the very start of the loT journey.46 Meanwhile, many who may think they have not started the loT journey are probably already unwitting participants in the loT ecosphere. If a system has electronic control, and it has even the most indirect connection to the internet, it is vulnerable to an loT hack.47 48 This is a very significant problem - a 2014 World Economic Forum report estimated that by 2020, cybersecurity issues may result in as much as $3 trillion in loss.49The reality is that, with the events witnessed in 2016 and 2017,5051 that number may underestimate loTs potential risk exposure. Here is another difficulty in addressing security: there are no adequate loT test beds, nor, as noted earlier, stated best practices in the form of reference architectures. And, sadly, the repercussions for insecurity are not sufficient.52 A new approach to security and privacy, such as the Cognitive Firewall, is needed.Individuals and businesses often resist loT adoption due to a lack of confidence in today's privacy-preserving measures. Identity and trust are fundamental to ensuring sustainable growth. For example, an loT valve being installed on a network must be able to show that it is certified for that installation, and the person installing the valve should be able to show that he or she is authorized to do so. This is a complex chain of actions, and one that goes well beyond our current conception of security protocols. Immediate, thoughtful community attention is needed to take on these issues. GS1 numbers can be used to identify products before they are using carriers such as barcodes and electronic product code (EPC) RFID. In a network, the Media Access Control address can be used to uniquely identify a device, and the Internet Protocol address can be used to communicate with the device. However, in loT, identification is also needed for people to identify who is authorized, for example, to set up which device, when and how. This “soup” of identification has not been clarified and is resulting in different work practices, yielding potential security risks.As indicated previously, voice, video, gesture and other similar interface standards create a whole new class of privacy questions. Voice can be used to “jump the air- gap”, i.e. communicate without using the network at all. A recent Burger King commercial on TV simply asks Google Home to read out a longer description of its products.53 Could this capability be used to unlock a smart door? TheAmazon Echo, meanwhile, erroneously recorded a man's conversation with his wife and sent it to an employee.54 Is it okay for a voice-based device to detect the mood of the person and market accordingly? It is not unlikely that an Al engine will one day be capable of recognizing a disconsolate user and market liquor. Brain interfaces or neural interfaces, the stuff of science fiction, are also now becoming a reality.55 Wearables can create a ubiquitous human-machine connection. These capabilities are powerful but, in addition to obvious privacy threats, also create security threats.Fortunately, there is much research on privacy that can be brought to bear on these questions. Several of the solutions are technical.56 57 While the research on privacy is too extensive to describe here, the work of Sweeney on k-anonymity58 and that of Dwork in differential privacy are starting points.59 The extensive work in academia and research labs can be applied on this important topic.One of the issues with loT is the number of invisible connections that can proliferate between systems. Visualization tools can help end users to understand the flow of their data: what is shared, with whom, and for what purpose. For example, an augmented reality device that can help see which device is talking when and to which other device can build both understanding and trust.60In addition to privacy and security are the questions related to policy. During the development of the EPC suite of RFID standards, the industry adopted a number of new principles, including notice and choice. The new General Data Protection Regulation from the EU has created specific guidelines that raise the bar for privacy protection. Security deals with the ability to protect systems from intrusions. loT may trigger new regulation - which may be good or bad depending on whether it is thoughtful, reactive or an overreaction.Shared value creationIn many ways, the apparently logical search for value seems to be one of the more paralysing aspects of loT adoption. Considerfirstthe individual organization. ROI calculations are extremely difficult to construct in the early days of any new technology for a large number of reasons. First, many such calculations are necessarily conservative. The myriad uses of enabling technologies, such as computers, the World Wide Web and mobil