Not all Devices are IoT or IIoT

Not all Devices are IoT or IIoT

An article by Daniel Ehrenreich, SCCE, Consultant and Lecturer on OT Cyber Security.

Business opportunities created by Internet of Things (IoT) and the Industrial IoT (IIoT) are among the most debated topics, as these are designed to function in a broad range of consumer and industrial applications. Manufacturers of IoT components believe in this new trend, but many of them still not understand the essence of the IoT concept. In reality, not every controlled device is an IoT nor IIoT.

The IoT/IIoT concept is a communication-based eco-system in which control devices, CCTV cameras and industrial sensors communicate via the Internet with cloud-based computer systems and data sources, and the result of this process is displayed on a computer screen, smartphone or used for optimal activation of a process. Through an IoT/IIoT ecosystem you may boost productivity and achieve unique benefits. Examples of IoT/IIoT include applications such as; remote operation of home appliances, medical devices, check on availability of a product in a store, warnings of unusual conditions and malfunctions and more.

Leading market research firms already estimate that by 2020 there will be over 20 billion devices worldwide, defined as part of IoT/IIoT systems. Although the forecasted number is growing every year, it is not clear whether these figures correctly refer to what can be and what cannot be considered IoT or IIoT. It is strongly recommended that decision factors such as outlined below shall be taken into consideration.

Devices not considered as IoT/IIoT
In reality not all devices can be accepted to the “IoT/IIoT Club”. Through the following three examples I will try to clarify the main considerations referring to this topic.

    a) You purchased a home air conditioner activated by a smartphone or a web based application. If the packing label shows “Wi-Fi-Ready”, you can do that, but it will not necessarily make it an IoT, since remote activation by itself is not a sufficient condition to call it an IoT.
    b) You consider to add a vibration sensor to a large water pump or gas turbine to diagnose a malfunction. This is not an IIoT, as the vibration sensor device is reporting to a special PLC and an ICS computer which control the operation of that machinery and may stop it if a fault is detected.
    c) You purchased a CCTV camera, which is connected to a home computer or a VCR for security surveillance. This is also not an IoT, because 24/7 loop recording system does not require additional data available from cloud based resources and not require cloud based computing.

Devices considered as IoT/IIoT

Here are three commercial, consumer oriented and industrial examples, that according to listed explanations are considered appropriate for being considered as IoT/IIoT ecosystem.

    a) Computerized control of a washing machine. The IoT ecosystem using the built-in controller which support the decision related to optimal starting of the washing process. Consequently, the IoT controller device communicates with cloud based data sources related to the following considerations:

    • Is there a report from the electric company on unusually high loading of the power grid at the neighborhood? If yes, the washing process is delayed.
    • Is it forbidden to cause unusual noise in a residential area such as may be caused by the washing machine? If yes, the washing process is delayed.
    • Is there sufficient amount of hot water from the sun-roof boiler as required for the washing? If not, the activation is delayed until electric heating of the water is completed.
    b) The operation of a solar power plant can be controlled by an IIoT process. After the power plant receives a request to start supplying power, the IIoT ecosystem system checks the following conditions:

    • Is the forecasted intensity of sun-rays during the next few hours adequate to generate the required energy to the grid? If not, the power plant activation is canceled.
    • Are there alternative electric power resources that are more suitable to generate electricity for the requested period? If yes, the power plant activation is rejected.
    • If there are no other alternatives, the solar power plant will be activated with limiting conditions, and the power grid operator will be advised accordingly.
    c) An order is received to purchase a certain type meat for home use. Following this requirement, the customer can start and IoT-based search using his smartphone:

    • In which food chain is this item available, and what is the ticket price
    • Which stores are active during the hours when the purchase is required
    • The outcome of that process shall be a list of options sent to the customer

From the three examples listed above you may learn that the IoT/IIoT concept is applicable when it is impossible to perform a simple interaction between the requesting entity and the device which provides the service. IoT/IIoT systems allow such interactive process through cloud-based data resources.

Is there a reason for concerns?

Definitely yes, because huge amounts of cheap IoT components without professional configuration and without cyber security measures will flood the internet network and allow cyber-attacks from all directions and for any purpose. Can ordinary home owners properly configure these devices, replace the default password and detect DDoS-type security breach? Of course not, and that’s the problem.

Today, as a result of strong expectations towards IoT market, none wants to remember the early 2000’s and the bubble. Then, well-known and professional companies invested billions of dollars in products that did not provide benefits for which users were willing to pay. The benefits came only years later, and then more resources were required to create new business models in order to recover their losses.


We all hope for huge IoT/IIoT deployments in the future, as this is good for users, vendors and also for innovation. But…., anyone considering to develop a new IoT/IIoT ecosystem, shall focus on finding a real need and properly design a cloud-data based solution that delivers significant benefits.

Cyber protection for any IT and ICS architecture consists of three essential elements that are achievable: a) the use of security technologies, b) strict adherence to policies, and c) careful user behavior. This is also true for IoT/IIoT ecosystems. Innovative technologies, components and architectures that will include cyber protection as part of the IoT/IIoT ecosystem at no extra cost, will definitely drive the success.

About the author:
Daniel EhrenreichDaniel Ehrenreich, BSc. is a consultant and lecturer acting at Secure Communications and Control Experts, and periodically teaching in colleges and industry conferences on integration of cyber defense with industrial control systems; Daniel has over 25 years’ engineering experience with ICS and OT systems for: electricity, water, gas and power plants as part of his activities at Tadiran, Motorola, Siemens and Waterfall Security. Daniel can be contacted by email: or tel: +972-54-9151594
The views and opinions expressed in this blog post are solely those of the author(s) and do not necessarily reflect the opinions of IoT Business News.

Related posts