When “IoT” Becomes “Expl-IoT”

Ok, so I am being sarcastic with the title — I get it.

But let me ask you when you read this: are you entirely certain that the ‘Internet of Things’ — more importantly — (a new term recently introduced by several industry ‘leaders’) the ‘Industrial Internet of Things’…isn’t just another ‘sales job’?

Little Bobby has figured out the buzzwords to become a ‘security expert’. Posted with permission.

First, why differentiate between ‘IoT’ and “IIoT’?  I suspect that the creation of this buzzword (and yes, that’s all it is — a buzzword) is nothing more than marketing and sales folks trying to sell ‘snake oil’ by telling you that it’s more secure, can operate in harsh environments, and can even improve performance on your networks.  Sound familiar?

Does placing the word ‘industrial’ in front of ‘IoT’ mean that:

  • The product is more durable?  No.
  • The product is more secure?  No.
  • The product will adhere to operational safety standards?  Again — no.

So…re-iterating the emphasis on the importance of an industrial product over something that isn’t considered ‘industrial’ means that:

  1. The product can withstand tolerances as defined and designed per engineering specifications;
  2. Is reliable regardless of the environments or conditions (extreme heat, sauna-like humidity, extreme filth [many plants are quite dirty], shock and earthquake resistant, and more);
  3. Is robust enough to support mishandling, mismanagement, or misconfiguration that’s not going to seriously impact a given operation; and,
  4. What organization can legally substantiate claims that ‘IoT’ products encourage safety and security of any operation?

Until at such time can those four important questions be honestly and truthfully answered, then whatever product a vendor is trying to sell you is just another ‘toy’, and is not something that should be taken seriously as a real industrial product.


Bob is the founder, owner and co-moderator of the SCADASEC mailing list, and has written several books on topics pertaining to critical infrastructure research and cybersecurity.