The IEC and ISO Joint Technical Committee (ISO/IEC JTC 1) produces consensus-based International Standards for information and communication technologies (ICT) for business and consumer applications. It established Subcommittee (SC) 41 in 2016 to develop standards for the Internet of Things (IoT). e-tech caught up with its Chair, François Coallier, to ask him what trends are expected to impact its work in the years ahead.
What is your standardization strategy for IoT, as it is a game-changer in so many different areas?
It is a complex topic. SC 41 started by developing standards which promote level-one generic interoperability. At that level, these documents are technology agnostic and horizontal. We need to make sure that we have the same framework and that we speak the same language in all the different areas impacted by IoT. These generic standards are ISO/IEC 30141 which establishes a common vocabulary and architecture as well as, more recently, interoperability standards ISO/IEC 21823-1 and ISO/IEC 21823-2. A lot more work will have to be put in at the lower levels, when we start going into the different application areas.
Which areas will you focus on initially?
Smart manufacturing and the industrial IoT (IIoT) are key areas for the subcommittee. We set up a joint working group with IEC Technical Committee 65, which prepares standards for industrial-process measurement, control and automation. We are looking at the convergence between operating technology (OT) and information technology (IT). We have established a liaison group on the IIoT.
Another priority is smart energy. We are in the process of forming a joint working group with the IEC systems Committee for Smart Energy and we will also be working with IEC TC 57, which standardizes power system management systems. IoT systems are already used in smart grids and standardization is required, for instance. Our joint working group with TC 65 is working on those aspects. In the health sector, constructive links have been established with IEC TC 124, which prepares standards on wearables. The subommittee will be looking at consumer technology in a second phase. There is a giant need for standards – it is the wild west out there!
Some experts already call the IoT the Intelligence of Things. What is your view?
Artificial intelligence is creating a fundamental shift in the technology for IoT systems. Sensors, which are becoming smarter, generate a huge amount of data which can be filtered and aggregated. The sensor is connected to other parts of the system and that is one of the reasons why systems engineering is so important in SC 41. One of the crucial issues is the quality of the data. It is the “garbage in, garbage out quandary”. If you feed AI learning systems corrupt data, then the result will also be corrupt no matter how powerful the algorithm. SC 41 anticipates a need for performance standards to help to measure the quality of the data.
Can you explain how trustworthiness is a guiding principle for cyber security?
Sure. IoT is not a technology but uses many technologies. The system engineering focus inside SC 41 means that we are taking existing systems and trying to make them more complex, so that more services can be provided. The big challenge is that by making the systems more complex, you use more and more IT and the question of trust arises. Instead of only focusing on security, which is only a part of the picture, engineers and experts in various fields need to build systems that are trustworthy. A system which is resilient is trustworthy.
Security incidents will always happen but we need to make sure that, despite these incidents, key processes are resilient. It’s a system engineering challenge and requires a holistic approach, looking at different layers and finding ways to makes some areas, which are key, more secure than others. This is where distributed or edge computing comes in.
Is distributed computing always more secure that central cloud computing?
It is a more resilient system. I will give you an example: traffic lights in a city. If there is a problem with the connectivity of the traffic light system in the cloud, you will need each light to have its own form of computing in order to be able to work even when the global system is not working. The idea is to have layers of intelligence. Your traffic light may not talk to the cloud directly but to an edge system or application which gives it more autonomy. Your traffic lights could also be using a smart architecture which enables different lights to talk to each other and reconfigure if they have a problem.
What about blockchain?
We have built a study group in cooperation with ISO/TC 307, which was established to standardize blockchain. We are currently writing a technical report and we plan to transfer the standardization work on blockchain to an eventual joint working group because we need expertise from both sides – IEC as well as ISO.
What are your immediate plans?
We are working on a second edition of ISO/IEC 30141, which will be more complete than the current edition. It will include references to distributed computing, for instance. We will be aligning with the ISO/IEC/IEEE 42010 standard which establishes a common architecture for systems and software. We expect the new edition of ISO/IEC 30141 to be issued in a couple of years.