A Call for Municipal IoT Interoperability Standards: Security, Binding Agents, and Towers of Baked Goods

This is the seventh installment in our series on technology convergence, cybersecurity, and the implications for policymakers. You can read the full series here.

Key Takeaways

• Municipal IoT needs a protocol standard that enables interoperability in connected community architectures.

• Interoperability in municipal IoT creates better security and resilience for the architecture.

• The cyber resilience of a connected community architecture can directly impact critical infrastructure and individuals.

Pun opportunities abound when the thing you are writing about is called “Matter.” But don’t worry. I’m not going to find some awful pun that hasn’t already been used in every press release around the time of its publication. After all, I’m not even that good at puns. I once entered a pun contest where each entrant had to submit ten puns. I was hoping one of mine would make it through to the finals, but no pun in ten did (give it a minute…there it is).  

What I’m talking about, of course, is the Matter home IoT standard. Matter is a protocol-level security standard for home IoT that was the product of significant collaboration between the members of the Connectivity Standards Alliance. Basically, it means that if all home IoT like Amazon Echo, Apple HomeKit, and Google Home can work together and be, this is the key, interoperable. Thanks to our friends at the Connectivity Standards Alliance, you can now fill your home with as many virtual assistants, doorbell cameras, and smart locks as your heart desires, and you don’t have to choose one brand! 

While this might appeal to gamophobes, it has an important security feature. Since you can now have different branded home IoT devices in your home, you are less vulnerable to a single cyber breach that affects a single IoT maker. If you have your house decked to the rafters in Apple stuff and Apple has a vulnerability, the whole works comes down. This is what the Nassim Nicholas Taleb fans among us will recognize as “antifragile.” If you can introduce vendor diversity and interoperability, you make yourself less vulnerable to single failures. CSA recognized this for home IoT, and we are all the better for it, but there’s another step we need to take. 

Have you ever tried baking something? Baking is much more science than art because multiple ingredients have to come together with a reasonable level of precision to achieve the best results. For example, there are multiple ingredients in a croquembouche. All of them work together to create a unique flavor profile and fun structure, but they have to have one major ingredient to make sure the whole croquembouche is both delicious and beautiful to look at. That’s the binding agent. Binding agents can be a wide range of things, including eggs, flour, flax seeds, and even something called psyllium husk, which is the husk from plantains (I had to look it up). The binding agent ensures the croquembouche ecosystem of ingredients works together, which is an excellent way of thinking about interoperability in municipal IoT. A croquembouche wouldn’t taste very good or look as nice if it was only made of one ingredient, and a connected community architecture with only one vendor will not be as secure. Interoperability allows us to bring in all the tasty ingredients that make a wonderful croquembouche of a community where we can taste the security in every bite. If a binding agent is what we need, what do we use? A Matter-like standard for municipal IoT.

If vendor diversity and interoperability are good ideas for home IoT, they are a necessity for municipal IoT. Everyone’s connected home is different, but one may have something on the order of 20 IoT devices on the high end in a single home. That number may feel high but is dwarfed by the tens of thousands of IoT devices deployed as part of a municipal deployment. The same goes for industry as advanced manufacturing or Industry 4.0 comes online. Thousands of devices are all connected to a 5G network, transmitting information to the cloud, analyzing data using AI, and displaying it on a fun and compact dashboard. There are companies, who shall  remain nameless here, that are more than happy to sell you the whole lot. Need a smart city? No trouble. We have the sensors, a custom 5G network, a cloud service, AI that we wrote, and a dashboard all in an easy-to-buy package. Convenient, right? Sure. Secure? Not at all.  

International standards are critically important to technology development and the richness of our domestic innovation ecosystem. To be effective, they must be done as an international cooperation, like through CSA. If we can agree on the Matter standard at the home level, we should be able to agree on a similar standard at the municipal level. The sensor packages deployed in municipal environments sit on top of our critical infrastructure and introduce potentially thousands of cyber vulnerabilities into an already painfully complex system. This is an excellent opportunity for international cooperation leveraging shared concern for critical infrastructure and cybersecurity as compatible issues with partners.

Matter was an excellent start and pointed to an important issue. It is now incumbent on governments to publicly call for a municipal IoT standard on par with Matter and for the private sector to begin to build the coalition that will create it. Critical infrastructure security, emergency services, disaster response, and more depend on the ability of the sensors that are supposed to make their mission more effective to be secure. Sure, it’s nice to have multiple IoT devices in your home and have them all play well together, but there’s a bigger reason. That reason becomes an imperative at the municipal level, and it is time to publicly call for a focused and resourced effort to create a protocol-level security standard for municipal IoT that encourages vendor diversity and interoperability.  

What’s the Matter? Malicious cyber actor got your tongue?