SAN JOSE, Calif. — The Internet of Things won’t live up to its promise unless engineers redouble their efforts to develop high quality, secure and interoperable software. Even then, new programming techniques and even legislation may be needed.

That’s the message Vint Cerf, a co-developer of the Internet Protocol and chief Internet evangelist for Google, shared with colleagues at a recent technical gathering.

“We should be extremely thoughtful about the quality of IoT software. People are relying on these things to work autonomously, and these days almost anything can become a programmable, communicating device because the chips are so inexpensive,” Cerf told EE Times in an interview.

Security remains perhaps the biggest of several related concerns. Cerf recounted the October 2016 attack on Dyn Corp. that took it and many other companies for which it resolves domain names off the Web for a time.

“I used to joke that my biggest concern was 100,000 refrigerators will attack Bank of America, and now with Dyn’s experience, that’s real,” he said.

The answer, Cerf believes, is developing the discipline to apply existing tools such as digital certificates and authentication using encrypted keys.

“I’m relatively persuaded we have all the technology we need for strong authentication. But we probably need to figure out how to organize the mechanisms for tasks like updating devices online, transferring ownership of devices and operating them at scale,” he said.

On bug-free code and legislation

In other areas, new technologies may be needed. “It’s embarrassing to admit we still haven’t figured out how to write code without bugs,” said Cerf.

He pointed to programming languages such as TLA+ and Coq and tools from companies such as Coverity, acquired in 2014 by Synopsys, as steps in the right direction. “I’m not an expert here, but my guess is we are still in the research stage to see how programming environments can be tailored to reduce mistakes,” he said.

The industry still needs to define and use more standards to make products from different vendors easy-to-use. In addition to today’s many low-level communications protocols, he called for more application-layer standards that define basic commands for operations like dimming or changing the color of a digital light bulb.

Vint Cerf

“We need interoperable semantics for similar devices. Schema.org is one place where this ontology of commands can be documented and adopted,” he said, noting similar standards are needed for configuring IoT devices.

Cerf praised draft legislation from U.S. Senator Mark Warner (D., Virginia), setting requirements for government IoT procurements. “I would urge them not to specify any particular technology, that’s always a mistake, but stating demonstrable capabilities makes sense,” he said.

That said, Cerf thinks creating a bill aimed at industry that defines the equivalent of seat belts for IoT products would be premature.

“The time may come when we are ready to recommend that legislation, but I don’t think we have enough experience yet. However, it wouldn’t hurt to have a manifesto of desirable properties of IoT products,” he added.

“I don’t have answers for all these things, but I think it’s important to pose questions so designers have in mind the desirable properties,” he concluded.

— Rick Merritt, Silicon Valley Bureau Chief, EE Times