Iot Fundamentals Bootcamp

IoT Fundamentals Bootcamp

Gonzalo Salgueiro, Distinguished Engineer Jerome Henry, Principal Engineer David Hanes, Principal Engineer Robert Barton, Distinguished Architect TECIOT-2400 Cisco Webex Teams

Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

cs.co/ciscolivebot#TECIOT-2400

• What is IoT?

• IoT Network Architecture and Design

• Smart Objects: The “Things” in IoT

• Connecting Smart Objects

• IP as the IoT Network Layer

• Application Protocols for IoT

• Securing IoT

• Data and Analytics for IoT

IoT Big Data M2M Sensors

E-Health Tracking If You’re Confused About IoT, You Are Not Alone

Ubiquitous Internet of Things World Objects connect 2029 - Internet of Mobile even without you 2013 - 2029 Connectivity Device goes with you 2007 - 2015 You go to the device 2000 - 2007 Separation between Connecting: connected • People and • E-commerce • Processes unconnected • Social Media • Data is blurred • Email • Location-aware • Things • Web Browser applications • Search Intelligent Connections

50 “Things” per person 50 40 Billion Rapid adoption rate of digital infrastructure Smart Objects 5 x faster than electricity & telephony 30

Billions of Devices of Billions Inflection Point 10 6.307 World Population 6.721 6.894 7.347 7.83 0 2003 2008 2010 2015 2020

Things – Includes machines, devices, sensors, consumer products, vehicles, etc.

Systems – Includes business applications, ERP/CRM/PLM systems, analytics systems, data warehouses, and control systems

People – Includes workers and consumers, employees, partners and customers

IT Network (INFORMATION TECHNOLOGY

OT Network (OPERATIONAL TECHNOLOGY

Traditionally Separate Networks

Smart Cities Increased Revenue Transportation Public Safety Operational Efficiency

Process Automation Oil & Energy / Gas Utilities Actionable Insights IOT DRIVERS Ecosystem

Productivity Gains Healthcare Mining Product Quality

Imagine collecting data from 10 million electric meters

How do you secure millions of interconnected devices?

What do your things tell me about you?

Millions of smart objects, millions of sources and data points

Proprietary and targeted solutions

Can Operational Technologies use the same network as IT?

• An IoT Project should be just like any other project ⁃ You work on the requirements to develop a blueprint before buying the tools to start building

• However, IoT was not “designed”, it “happened”: ⁃ Multiple specialized / vertical solutions ⁃ Multiple requirements ⁃ Multiple sensor types ⁃ Multiple applications ⁃ Multiple languages ⁃ Multiple protocols

Requirements IoT

Large Scale Millions of clients in a single network! IPv6 is the only way…

Security Sensors exposed to the world, data travels through public networks…

Constrained Devices Lossy networks, low bandwidth, small batteries…

Large Millions of sensors produce tons of data, all the time… Volume Legacy Non-IP, specialized devices, multiple vertical solutions… Support Need for What happens now may result in proactive action… Real Time

Applications Layer: Services Layer: Network Layer: • Smart Energy oneM2M includes a common services Applications talk to the APIs to • Asset tracking horizontal framework supporting Restful communicate with sensors • Fleet Management APIs

Levels 7 Collaboration & Processes (Involving People & Business Processes) Center

6 Application (Reporting, Analytics, Control)

5 Data Abstraction (Aggregation & Access)

4 Data Accumulation (Storage)

3 Fog Computing (Data Element Analysis & Transformation)

2 Connectivity (Communication & Processing Units)

Edge Physical Devices & Controllers 1 (The “Things” in IoT) Sensors, Devices, Machines,

Physical Devices & Controllers 1 (The “Things” in IoT)

Sensors, Devices, Machines, Intelligent Edge Nodes of all types

2 Connectivity (Communication & Processing Units)

Level 2 Functions: • Communication between Level 1 devices • Reliable delivery of information across the network • Switching and routing • Translation between protocols • Network level security

Edge (Fog) Computing 3 (Data Element Analysis & Transformation)

Level 3 Functions: Data ready for • Evaluate and reformat processing at higher data for processing at levels higher levels • Filter data to reduce traffic for higher level processing • Assess data for alerting, notification, or other actions

Level 4 Functions: • Captures data and stores it so it is now usable by applications when necessary. • Converts event-based data to query-based processing.

4 Data Accumulation (Storage)

Levels

7 Center IT Query Data at Non-real Based Rest Time 6

5 Event Data in Real 4 OT Based Motion Time

Level 5 Functions: • Reconciles multiple data formats and assures consistent semantics from various sources. • Confirms that the data set is complete and consolidates data into one place or multiple data stores using virtualization.

5 Data Abstraction (Aggregation & Access)

4 Data Accumulation (Storage)

Level 6 Functions: • Interprets data using software applications. • Applications may monitor, control, and provide reports based on analyzing data.

6 Application (Reporting, Analytics, Control)

5 Data Abstraction (Aggregation & Access)

4 Data Accumulation (Storage)

Level 7 Functions: • Consumes and shares the application information. • Collaboration and communication of IoT information (often requires multi-step process).

7 Collaboration & Processes (Involving People & Business Processes) Center 6 Application (Reporting, Analytics, Control)

5 Data Abstraction (Aggregation & Access)

4 Data Accumulation (Storage)

Data Center / Cloud

Core Network

Endpoints

Traditional Approach A New Approach for IoT Take Data to the Processing Take Processing to the Data

IoT IoT Device Processing Device Processing Processing Processing

Hundreds Data Center / Cloud Data Center / Cloud

Transactional response times

Thousands Core IPv6 Network Backhaul

Tens of Thousands Multi-service Edge Fog Layer

Sensing Millisecond / sub-second Correlation response times Control Millions Embedded Systems & Sensors Smart Objects Low power, low bandwidth

Traditional Approach – Taking Data to the Processing

• Cloud • Big Data • Analytics • Applications Data Processing

IoT Approach – Taking Processing to the Data IoT Device Edge Node Fog Node Cloud Big Data Data Small Data

Processing Processing Processing

Fog computing - The systematic positioning Core IoT IoT Data Management of compute, storage, and networking resources as Functional Stack and Compute Stack close to the endpoints as possible – away from the cloud, but does not include Applications Cloud the endpoints. ~vs~ Communication Fog Mist/Edge computing – Network The systematic positioning

Security of compute, storage, and Things: Sensors Mist/Edge networking resources & Actuators directly to the endpoints – the Edge feeds data into the Fog layer.

Humidity • Sensors…sense Sensor

• Measure physical quantities and Pressure convert that measurement reading Sensor Optical into a digital representation Sensor

• Any physical quantity that can be Chemical measured…can be measured by a Sensor sensor: ⁃ Viscosity ⁃ Magnetic field ⁃ Acoustic Photoelectric ⁃ Humidity ⁃ Altitude ⁃ Light Sensor ⁃ Pressure ⁃ Biosensor ⁃ Radiation Flow ⁃ pH ⁃ Force ⁃ Chemical / Gas Sensor ⁃ Position ⁃ Flow ⁃ Occupancy / Motion ⁃ Color ⁃ Temperature ⁃ Velocity / Acceleration Temperature Sensor

• Sensors can have any size, any shape, and be embedded in any object… Light sensor Camera Some of the Sensors in a Smartphone Barometer Pedometer Camera Proximity Proximity Sensor

Pedometer Magnetometer

Barometer Light Sensor AccelerometerGyroscope

Thermometer Fingerprint Gyroscope Fingerprint Sensor Microphone Microphone

• Actuators receive a signal or command, and trigger an action

Real World – Sensors Digital Representation – Physical Environment Electric Signal

Actuators

Sensor That can measure physical data Smart Object Terminology (temperature, vibration, pollution …) Actuator (optional) • The following names usually refer to Capable of performing a task the same concept: (change traffic lights, rotate a mirror …) Communication Device ⁃ Smart Sensors ⁃ Smart Things Receive instructions , sends or routes data Self organising into networks ⁃ Smart Devices ⁃ Intelligent Nodes ⁃ IoT Devices ⁃ Intelligent Things ⁃ Intelligent Devices ⁃ Ubiquitous Things ⁃ Things ⁃ Intelligent Products Power Source • Mote - term used to refer a sensor Scavenger (Solar/Wind), battery, mains in a sensor network Tiny low cost computer Embedded into objects to make them smart Can be organised into networks

Size is decreasing

Power need is decreasing

Processing power is increasing

Communication capabilities are increasing

Communication is increasingly being standardized

• A network of sensors and actuators that can communicate and cooperate

• Smart homes are typical examples of SANETs

• SANETs can have wired or wireless Smart Objects, or both

• Wireless SANETs are known simply as Wireless Sensor Networks (WSNs)

Cons Pros

Limited security 1 1 Greater deployment flexibility and ease

Limited transmission speeds and ranges 2 2 Scaling to more devices is simple

Environment has greater impact 3 3 Low implementation costs

4 Easy to maintain

5 Easy to introduce new sensors/actuators

6 Flexible design / dynamic topology

Low Memory Few tens of kilobytes ● Lossy Communications A WSN/WSAN is network of smart Embedded OS Low Power Wireless mesh predominantly (TinyOS, Contiki etc…) objects communicating purely through IEEE802.15.4. wireless technologies Also IEEE P1902.1 (Power Line Comms)

● Typical design constraints: Narrowband Typically sub-1Mbps ⁃ Limited Power ⁃ Limited Processing Power ⁃ Limited memory ⁃ Lossy Communication ⁃ Limited Transmission Speeds Power Consumption • Smart Objects with limited processing, is critical Energy efficiency is paramount memory, power, and so on, are often Battery powered devices must last years referred to as constrained nodes. Moderate CPU Power Minimise energy use

● Individual object limitations can be mitigated with “many objects that collaborate”

● Large WSNs permit the introduction of hierarchies, which offer several important advantages, such as: ⁃ Improved fault tolerance, reliability and availability ⁃ Capability to extend the life of the WSN ⁃ Increased accuracy ⁃ Data aggregation

Data Aggregation in WSNs

Access Characteristics Scalability • Long-Range vs. Short-Range • Number of endpoints • Mobile vs. Stationary • Volume of data per node • Licensed/Unlicensed Spectrum • Topology

WSN

Device Characteristics Traffic Characteristics

• Constrained / Non-Constrained • Lossiness • Power consumption • Latency • Security • Overhead & Payload

• Limited power • Changing network topology • Multihop routing and low range communications • Non uniform data distribution

It is all interconnected…

• Lower frequencies longer wavelength

• Lower frequencies larger antennas

• Larger antennas longer range at same power

The band determines the expected range at a given power

• Increase power to increase range

• Increased power reduces battery lifetime, and limits multiple systems coexistence in given space

5G 4G • Choose protocol based on: LoRa 3G 2G • How much to transmit? Long Range • How often? Wi-Fi Wi-Fi WiFi-6 • How far? .b, .g,.n .ac .ax

• How is the environment?

• How many sensors in one cell? 802.15.4 1901.2 ZigBee g/e 802.15.4 PLC

BLE Medium Range

Bluetooth Short Range

Among the IEEE protocols, 802.15.4 defines Low Rate WPANs 802.15.4 has many IoT-friendly features: • Based on low data rate communications • Scalable and self maintained • Enable low power and cost operation • Combines scheduled and contention-based schemes

802.15.4c Sub-GHz PHY for WiFi IEEE 802.11 Wireless LAN China 802.11a/b/g/n (WLAN) 802.11ah (sub-GHz) 802.15.4e-2012 MAC Enhancement IEEE 802.15 Personal Area 802.15.1 Bluetooth Network (PAN) 802.15.4f 802.15.4 Low Rate WPAN PHY for RFID IEEE 802.16 Wireless (2003-2006-2011-2015) Broadband Access 802.15.4g-2012 amendment 802.15.6 Body Area Smart Utility Networks Networking IEEE 802.22 Wireless Regional Area Networks 802.15.7 Visible Light 15.4m Study Group Communications TV White Space amendment

• Several improvements for 802.15.4 over the years • 802.15.4g-2012 (integrated into 802.15.4-2015) • Focus is smart utility network communication: optimizes large, outdoor wireless mesh networks for Field Area Networks (FANs). New PHY definitions are introduced as well as some MAC modifications • 802.15.4.e-2012 (integrated into 802.15.4-2015) • Expands the MAC layer feature set to fix MAC reliability, unbounded latency, and multipath fading issues

802.15.4e-2012 802.15.4c Sub-GHz PHY for MAC Enhancement China 15.4m Study Group IEEE 802.15 Personal Area 802.15.4 Low Rate WPAN 802.15.4g-2012 amendment TV White Space amendment Network (PAN) (2003-2006-2011-2015) Smart Utility Networks 802.15.4f PHY for RFID

• Additional capabilities and options provided by 802.15.4g-2012 and 802.15.4e-2012 led to additional difficulty in achieving interoperability between devices and mixed vendors as requested by users. • To guarantee interoperability, Wi-SUN Alliance was formed • SUN = Smart Utility Networks. • Not a standards body, but instead industry alliance that defines communication profiles for Smart Utility and related networks • Similar in concept to WiFi Alliance or WiMAX Forum

• Full function device (FFD) • Any topology • Network coordinator capable • Talks to any other device

• Reduced function device (RFD) • Limited to star topology • Cannot become a network coordinator • Talks only to a network coordinator • Very simple implementation

Network coordinator

Master/slave

Star Point to point Tree Partial mesh Full Function Device (FFD) Reduced Function Device (RFD) Communications Flow

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 802.15.4 Uses ISM, Easy in 2.4 GHz, less in sub 1GHz Australia 915-928MHz • Allocated Frequency bands USA Canada • Licensed/unlicensed (ISM) S.A. Israel Chile • Transmit power Korea 4 W ** 2 W * Colombo 917-923.5MHz 4 W * • Time transmitting Mexico Argentina Uruguay Malaysia Europe Venezuela 2 W ** India 902-928MHz 4 W * Japan (2012) Hong-Kong 915-930MHz Iran Brazil China UAE 902-907.5, 915-928 4 W* 2 W ** MHz China 0.5 / 0.02 W * 2 W ** 4 W * 2 W ** licensed/unlicensed

Hong-Kong 920-924 MHz Thailand 2 W * Singapore 0.5 W ** Singapore 2 W **

840 850 860 870 880 890 900 910 920 930 940 950 MHz

* e.i.r.p. ** e.r.p. E.U CEPT new frequency bands discussion (870- 876MHz and 915-921MHz) 56 Source: CEPT - DKE 731.09r1 JSC TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 802.15.4-2006 PHY Layer Bands

• Multiple rates and (ISM) bands from 169 MHz to 2.4 GHz

Channels 1-10 868MHz/ Channel 0 2 MHz 915MHz PHY 868.3 MHz 902 MHz 928 MHz 2.4 GHz PHY Channels 11-26 5 MHz

2.4 GHz 2.4835 GHz

• IEEE 802.15.4 PHY and MAC layers are the foundations for several networking protocol stacks. • Make use of 802.15.4 at the physical and link layer levels but the upper layers are different • E.g. 6LowPAN

• ZigBee and Thread leverage IEEE 802.15.4 MAC and PHY • Both are driven by industry-level alliances that push the protocol development forward and certify products out in the market. • Thread leverages IPv6 natively, and leaves application level open (not included in specification)

Application Application

UDP App framework Security IP Routing Security Network 6LoWPAN

IEEE 802.15.4 MAC IEEE 802.15.4 PHY

monitors TV VCR sensors DVD/CD automation INDUSTRIAL & CONSUMER Remote control COMMERCIAL ELECTRONICS control ZigBee monitors LOW DATA-RATE mouse diagnostics RADIO DEVICES keyboard sensors PERSONAL PC & HEALTH CARE PERIPHERALS joystick

security consoles HVAC portables TOYS & HOME lighting educational GAMES AUTOMATION closures

Certificate Intrusion NMS SIEM Authority Prevention Dist. Planning IWC FLISR SCADA MDM CIS Historian

Directory Access Services Control

EVSE Mgmt. DER Distribution Management System AMI Head-End HER Secure Network Infrastructure Data Center, Enterprise Apps Ethernet, WiMAX, Wi-Fi CGR2010 2G/3G/LTE Substation IR800 Distribution WiFi Automation WANTier CGR1000 LoRaWAN IR800 + IXM IR800 Work Force Resilient Mesh (RF and PLC) IR829 Automation SCADA Protection Neighborhood Area Network

and Control Network NAN NAN Tier

Gas/Water Meters

AMI Metering/ Transformer Distribution Faulted Circuit EV Charging Direct Load Outdoor Distributed HAN Gateway Monitoring Automation Indicator Infrastructure Control Lighting Energy Resources Cisco Resilient Mesh IR500 Endpoints TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Wi-Fi, BT and BLE Bluetooth… for Home IoT

• PAN range – up to 10 meters / 30 feet • Bluetooth is an easy solution for wearables • Short sessions, low power, low density • Bluetooth 4.2 added BLE features • Connection-less broadcasts • Bluetooth 5 contains multiple features for home IoT • 10 to 30 meters with BT 4.2 • 40 to 120 meters with BT 5.0 • 2 Mbps with BT 5.0 (1 Mbps with BT 4.0) • Target is “Home IoT Wi-Fi market”

Listening

Listening Standard Bluetooth BLE

• With Bluetooth, the master connects to the slave and maintains the connection (energy greedy, but allows for things like VoIP)

• With BLE, the master detects the slave announce, and (if interested) connects, retrieves data, and closes the connection (few milliseconds, energy efficient, but no real-time support: built for small data chunks exchanges)

I can send the user pulse

Connect What is the pulse value? Pulse = 93 Hey! Your pulse is 93 ACK Disconnect ☺

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69 BLE Channels and Power • BLE is built to be Wi-Fi friendly • Announce messages are sent on non-Wi-Fi channels • If you just read the announces, no impact on Wi-Fi. If you connect to exchange more, Wi-Fi is impacted (40 x 2 MHz channels instead of 80 x 1 MHz channels with standard Bluetooth) Feature Standard BLE Bluetooth Max range < 100m < 100 m (theoretical) Data rate 1 – 3 Mbps 1 Mbps Throughput 0.7 – 2.1 Mbps 0.27 Mbps Time to send 100 ms 6 ms data Power 1 W as 0.01 to 0.5 consumption reference W Peak current <30 mA < 15 mA consumption

• WLAN range – 100 meters / 300 feet • Pros: • High throughput if needed • “Large” number of clients if needed • Any home has Wi-Fi • Cons: • Sessions required • Keepalives needed • Not optimal for battery-powered devices • IoT prefers simple modulation to complex and high throughput • 802.11ax (Wi-Fi 6) may change the landscape

• ✔ TWT and Long Sleep time allowed •

STA1 Wake time All Wake AP beacon trigger beacon time Frame Sleep Sleep Frame Frame STA1

Sleep Frame STA2

• With Target Wake Time (TWT), AP can let STAs sleep for long durations (battery saved), set per STA or group of STAs • By using the same scaling factor as 802.11ah, 11ax allows STAs to sleep up to 5 years

Single STA packet time

Subcarriers 3. Dual Sub-Carrier Modulation 1.OFDMA, (DCM) 2. 2MHz RU, 375 kbps Frequency

6. 20 MHz-only stations 4. Target Wake Time (TWT)

5. Long Sleep allowed (up to 5 7. Longer preamble, years) 8. Longer Guard Intervals

Edge TX x RX Rate Mbps (Range) 11ac/n 5 GHz 6.5 3x2 Available, but low 20 MHz BW (27m) adoption 11ac/n @5 40 MHz BW 11n/b GHz 6.5 (other solutions exist for 2.4 GHz 3x2 27m range (54m) 20 MHz BW the same use cases, 11n/b @ 2.4 11 ah @ 900 MHz 6.5 Mbps 11ah with active ecosystem) GHz 88m range 900 MHz 5.9 edge 2x2 54m range 8 MHz BW (88m) 5.8 Mbps edge (US Only) 6.5 Mbps Smartphones, edge Tablets, Laptops can be used in Garages, Backyards, and Streets

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 Example: Mining Challenges • Scale • Gigantic sites • Always-changing terrain • Gigantic machines • No Cellular coverage

MDF Central Control Field Office Fiber with IDF

RAP RAP

Field Office with IDF

MAP MAP MAP

Wi-Fi Mesh MAP

MAP MAP

NB- NB-LTE OFDMA

“Clean EC- NB-IoT Slate” GSM (CAT M1) C-IoT

C-UNB N-GSM

Vs.

Or more like… Vs.

• Focus on Low Power and Low Cost

• LTE, CAT-M and NB-IoT have done a good job at addressing top line low power messaging, but battery life near noise floor is not as good

• 3GPP battery life model assumes a 5Wh battery (>>$1)

Source: GSMA CLP.15

Designed for Low Power Consumption, Low Data Rate, and Long Distance IoT Use Case • Fill the gap between local wireless and cellular Applicable Use Case wireless technologies • End-device with battery life lasting 10+ years • Optimized for small and intermittent data burst • Over-the-air distance over 15+ km • Outdoor coverage and sufficient indoor penetration Low cost module at sub-$5 • Technology branches from utilized spectrum • Licensed band - 3GPP NB-IOT on LTE – Public Mobile SP • Unlicensed band - LoRaWAN and SigFox on ISM radio – SP and Enterprises and Open Communities

• Semtech is a leading supplier of high-quality analog and mixed-signal semiconductor products, and owner of LoRa chipset / modulation technology

• LoRa modulation scheme is owned by Semtech. Based on spread spectrum modulation techniques and a variation of Chirp Spread Spread spectrum (CSS) along with FEC

• LoRa Protocol supports 125 KHz and 500KHz channels

• The link budget, typically given in decibels (dB), is the primary factor in determining the range in a given environment

• 19.5 dBm demodulation below noise floor

• Low data rates between 0.3 Kbps and 22 Kbps

• Dynamically trades data rate against range and density of sensors

LoRa Alliance Specifications

Semtech modulation

LoRa Alliance Regional Profiles

Roaming (LoRaWAN™ 1.1)

RF Backhaul API

LoRaWAN™ LoRaWAN™ IP App Data IP Transport App Data Radio PHY MAC Tunnel

LoRaWAN™ Devices Gateway Network Servers Application Servers Certification program by Semtech HW MAC decaps, Security Platform for ASP LoRa Alliance reference design Network/Radio management e.g., Parking, Air quality, Version 2.0 Message scheduling, ZTD, etc… Meter reading

• Currently fixed channel plan with • Up to 16 channels at 125 KHz • At least 3 channels at 250 KHz are implemented on all devices • Data rates for 125 KHz channels are SF0 to SF7 • 250 to 11000 bps • Maximum EIRP 16 dBm (400 mW)

Commodity (& open to all)

Present in 37 countries, challenges in some theatres (e.g. Americas) where 900 MHz spectrum is challenged

• Pressure monitoring LoRa network • Gas level monitoring • Tank & cylinders locations

Monitor, track & optimise the delivery of industrial gas cylinders on industrial sites (oxygen, cryogenics, argon, etc.)

1 Remote Metering 2 Fault Monitoring 2 Asset Tracking

Utility management server Retrieving fault messages from Utility requirements: locate the power lines are equipped with cable reels and diesel groups an intelligent electronic device based on their GPS (IED) coordinates LPWA networks can be used Base stations are rolled out on as the main technology 2G/3G selected utility poles. IEDs are equipped with pulse sensors ThingPark Wireless Network Powerline Concentrator Gas Power Power meters meters meters

Water meters

• Real-time workplace analytics based on low-power sensors allow central facility managers to optimize resource allocation and LoRaWAN dispatching Network • Office facilities are instrumented with presence, temperature, CO2 and door sensors CO2 Sensor • Workplace usage analytics are fed into a central WorkPlace Temperature Management Software from which Sensor optimized automated work orders Humidity are created for internal and Sensor external technicians Door Sensor © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91 IP and the IoT Network Layer Why IP for IoT?

Open and Standards-Based

Ubiquitous

Scalable

Stable and Resilient

Versatile

Sensing

Ventilation Cloud Lighting Management BACnet and Analytics

Coax Experiences PBX

1995 2005 Late 2000s 2010 2015

Data IP Telephony IP Cameras Building Management IP Building Systems Using Systems on Network Low-Voltage PoE low-voltage PoE OpEx

• IoT devices and smart objects can connect IEEE using a myriad of 802.15.4 protocols that do not Homeplug RFID directly “talk” to one another • IPv6 has become the common thread that IPv6 IEEE allows for the ? Wi-Sun interoperability of IoT 802.11 devices using different connectivity (link layer) protocols Cellular 3G/4G/LTE Bluetooth © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95 Cisco Head Cisco Digital Ceiling Case Quarters Building, Study Toronto, Canada ▪ 4 Floors Challenge ▪ 1400 LED / IoT Lights • Build an innovative, energy-efficient workspace ▪ 2200 HVAC endpoints Digital Transformation ▪ Distributed Deployment • PoE-powered lighting with Cisco switches Model • Sensor-based access to workspaces • Analytics with fixture-level visibility Why IPv6? • Scale of lights to wired ports is ~6:1 • Address exhaustion of IPv4 is limitation to deployment

Metering Web Services, SOAP, SCADA DNS, IPfix/Netflow, SSH Application IEC 61968 CIM, RestFul, HTTPS/CoAP, IEC 61850, 60870 RADIUS, AAA, SNMP,… ANSI C12.22, Layer MQTT DNP3/IP, Modbus/TCP,… (RFC 6272 IP in Smart Grid) DLMS/COSEM,… Transport UDP/TCP Security (DTLS/TLS) Layer Network IPv6/IPv4 Addressing, Routing, Multicast, Layer IPv6 RPL QoS, Security

Mgmt 802.1x / EAP-TLS & IEEE 802.11i based Access Control IPv6 over PPP IP or Ethernet LLC 6LoWPAN (RFC 6282) IPv6 over Ethernet (RFC 2464) Data (RFC 5072) Convergence SubL. Link M IEEE 802.15.4e MAC enhancements IEEE 802.11 IEEE 802.3 2G, 3G, LTE IEEE 802.16 Layer A IEEE 1901.2a Wi-Fi Ethernet Cellular WiMAX C IEEE 802.15.4 802.15.4 frame format IEEE 802.15.4 IEEE 1901.2a Physical IEEE 802.11 IEEE 802.3 2G, 3G, LTE IEEE 802.16 2.4GHz, 915, 868MHz NB-PLC Wi-Fi Ethernet Cellular WiMAX Layer DSSS, FSK, OFDM OFDM

• IPv6 over Low Power Wireless Personal Area Networks (6LoWPAN) defines the transmission of IPv6 over IEEE 802.15.4 (RFC 4944) • IEEE 802.15.4 has an MTU of only 127 bytes!

• Optional headers defined for 6LoWPAN include Mesh Addressing, Fragmentation, and Header Compression

802.15.4 Mesh Addressing Fragmentation IPv6 Header Header Header Header Compression IPv6 Payload

Allows for Layer 2 Fragments IPv6 packets Shrinks IPv6 and routing (mesh-under) to fit into 127 byte UDP headers within a single IP subnet 802.15.4 frames TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 102 6LoWPAN IPv6 Adaptation Layer and Fragmentation

Transport Layer TCP/UDP IPv6 Network Layer IPv6 (MTU=1280 Bytes) 6LoWPAN Adaptation Layer Data Link CGR Layer 802.15.4

Physical Layer Wired/Wireless 802.15.4 Mesh (MTU=127 Bytes)

• More than doubles the payload & increases efficiency from 41% to 84% 127 Byte IEEE 802.15.4 Frame 1B 40B 8B 53B 802.15.4 UDP IPv6 Header Payload FCS Header Header

6LoWPAN Header 6LoWPAN Without Header Compression

127 Byte IEEE 802.15.4 Frame 2B 4B 108B 802.15.4 UDP Payload FCS Header Header

6LoWPAN Header with 6LoWPAN With IPv6 and UDP Header Compression Compressed IPv6 Header

• 6LoWPAN was designed specifically to enable IPv6 over 802.15.4

• The IETF 6Lo Working Group (WG) is chartered to define IPv6 over various IoT links types

IoT Link Type or Technology IETF Standard or Draft Bluetooth Low Energy (BLE) RFC 7668: IPv6 over BLUETOOTH® Low Energy Digital Enhanced Cordless RFC 8105: Transmission of IPv6 Packets over Digital Enhanced Cordless Telecommunications (DECT) Ultra Telecommunications (DECT) Ultra Low Energy (ULE) Low Energy (ULE) Power Line Communication (PLC) draft-ietf-6lo-plc-01: Transmission of IPv6 Packets over PLC Networks Near Field Communication (NFC) draft-ietf-6lo-nfc: Transmission of IPv6 Packets over Near Field Communication (standard pending) BACnet RFC 8163: Transmission of IPv6 over Master-Slave/Token-Passing (MS/TP) Networks 802.15.4e TSCH (6tisch WG) RFC 8480: 6TiSCH Operation Sublayer (6top) Protocol (6P)

• Comprised of around 12 IEEE 802 standards, TSN brings determinism and an enhanced quality of service to Ethernet • Allows for different traffic types to mix on same physical network and still be deterministic

TSN Core Elements Synchronization Scheduling Configuration

Time sync of multiple nodes Ensures deterministic arrival Configuration of all network and switches over Ethernet of packets and no conflicts elements is standardized

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106 Example: Honeywell OneWireless ISA100.11a with Wi-Fi Deployment Wireless Control Loop Business/Process Control Network Sensor Actuator ISA100.11 Wireless Switch Device Manager Cisco Wireless Controller

PLC

Cisco 1552S Access Points

ISA100.11a Field Devices

Mobile Station 802.11 Wireless Mesh Backhaul ISA100.11a 802.11 Wireless Client

IT management Control System center

Catalyst IW6300

Catalyst Catalyst IW6300 IW6300

IoT Module IoT Module IoT Module

Wi-Fi Catalyst Personnel asset Mesh IW6300 location detection

WirelesHart/ ISA100 Sensor

• TSCH offers centralized scheduling and is optimized for Time-Sensitive flows, such as Upper Layers (RPL, CoAP, etc.) control loops L4 Transport TCP/UDP/ICMP • 802.15.4e defines a time slot structure L3 Network IPv6

• 6TiSCH defines the scheduling L2 Adaptation Layer IETF 6LoWPAN and forwarding algorithms (see L2 Adaptation Layer IETF 6TiSCH (6top) RFC 7554, 8180, and 8480) L2 Data Link IEEE 802.15.4 MAC (TSCH) • IETF DetNet WG is looking at TSN and its application and L1 Physical IEEE 802.15.4 PHY architecture

Route Over Mesh Under L3 Forwarding Decision L2 Forwarding Decision Each node is an IP router Each LoWPAN is a single IP network

IP Network

IP Network IP Network Upper Layers Upper Layers IPv6 IPv6 IP Network 6LowPAN 6LowPAN 802.15.4 MAC 802.15.4 MAC 802.15.4 PHY 802.15.4 PHY 802.15.4 Mesh 802.15.4 Mesh TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 110 Routing over Low Power Lossy Networks (RoLL):

• Existing IP routing protocols are poorly suited for IoT • lossy connections and will lose state too easily RPL • Only consider link cost, not node type or other constraints • Lack of routing flexibility when different objective functions are required ICMP

• RFC 6550 defines RPL: IPv6 Routing Protocol for Low-Power and IPv6 Lossy Networks IETF 6LoWPAN • RPL is a Distance Vector routing protocol used in route over scenarios IETF 6TiSCH (optional)

IEEE 802.15.4 MAC

IEEE 802.15.4 PHY

RPL Protocol Stack

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 111 RPL Definitions DODAG 0 Root • A Directed Acyclic Graph (DAG) flows in a single direction without encountering the same node again DAG 1 1 • A Destination Oriented DAG (DODAG) is the same as a DAG except that it flows to a root • Rank defines a node’s position with respect to 2 other nodes and the root (value of 0) 2 • Rank increases in the Down direction and 2 increases in the Up direction

• Rank is computed from the Objective Function (OF) defined for the DODAG 3

3 4

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 112 RPL Tree DODAG Structure The Rank is a rough approximation of how “close” a node is to the Root and serves to avoid routing loops Dag Information Object IP (DIO) messages Infrastructure RPL Rank 0 (Root advertise upward routes of DODAG Tree) downward from root Cisco CGR Down Border Router RPL Rank 1

RPL Rank 2 DAG Advertisement Object (DAO) messages advertise 802.15.4 Wireless Mesh RPL Rank 3 routes to parents Up

CGR1000_JAD1843000D#show wpan 4/1 rpl tree ------WPAN RPL TREE FIGURE [4] ------

[2620:175:F00:100::1] (4/12) Rank 0 (CGR Router) \--- 2620:175:F00:100:5C71:CA79:791D:A52 \--- 2620:175:F00:100:787B:876E:8B52:2692 (4) \--- 2620:175:F00:100:4496:CCDD:DF26:907A \--- 2620:175:F00:100:5841:99F5:A721:33F Rank 1 \--- 2620:175:F00:100:58B8:CC09:85A2:529E \--- 2620:175:F00:100:FC6C:F5F2:5E2C:BC88 \--- 2620:175:F00:100:95A7:E3B8:E818:B349 \--- 2620:175:F00:100:C11B:F90E:C1F1:9C7 (4) Rank 2 \--- 2620:175:F00:100:25FC:C9D3:682C:3418 \--- 2620:175:F00:100:4D80:B8F2:4A1F:67C4 \--- 2620:175:F00:100:D06C:6C65:E465:97 \--- 2620:175:F00:100:E4E0:EE1F:BBD3:4A56

• An Objective Function (OF) defines how ETX Value metrics are used to select routes and establish a node’s Rank. 1 1 • Metrics include: • Expected Transmission (ETX) – how 2.5 reliable the link is • Hop Count • Latency • Node Energy (Avoid nodes with low power) 3 1.5

Battery-Powered Node

The goal is to choose the path Cisco CGR with the lowest ETX value Border Router 0 (DODAG Root) ETX Value ෍ 퐸푇푋 푅푎푛푘=푛

Left: 2 1 1 Path 퐸푇푋 = Middle: 3 Right: 2.5 3

1 1.5

The goal is to choose the path Cisco CGR with the lowest ETX value Border Router 0 (DODAG Root) ETX Value ෍ 퐸푇푋 푅푎푛푘=푛

Left: 2 1 1 Path 퐸푇푋 = Middle: 3 Right: 2.5 3

1 1.5 The left path has the lowest ETX!

IP WAN

CGR ETX Value (Primary Path)

1 2 1 ETX Value (Backup Path)

1 2 Starting Node 1 1 2 Battery Powered Node 1 1 1 2 1 2 1.5 1.5 1

DAG Where OF = Minimum ETX

IP WAN IP WAN

CGR CGR 1 2 1

1 2 1 1 2

1 1 1 2 1 2 1.5 1.5 1

DAG Where OF = Minimum ETX DAG Where OF = Energy Conservation

Yukon Territory • Serving 5 million people in an area the size of California, Oregon, and Washington State combined

• Over 2 million residential and commercial meters in service running on an infrastructure built on IPv6, 802.15.4, and RPL Pacific Ocean Alberta, Canada

Certificate Intrusion NMS SIEM Authority Prevention Dist. Planning IWC FLISR SCADA MDM CIS Historian

Directory Access Services Control

and Control Network NAN NAN Tier

Gas/Water Meters

• Power generation and consumption must always be kept in balance • During periods of high power draw (peaking), energy consumption needs to be reduced to avoid brownouts • Demand Response allows control of high energy consumption devices on the grid • The DR device connected to water heater is connected to the FAN mesh (e.g. the meter on the home)

Communications Board with Field Area Network (FAN) radio

Register board: registers voltage/energy usage, stores load/voltage profile and contains ZigBee radio for Home Area Network (HAN)

Metrology board: processes voltage and current measurements and converts them to pulses

IPv6 made the mesh flatter and faster compared to proprietary implementation

• Before IPv6: Only 20% of meters were within 3 hops of CGR, 60% were 6+ levels deep. Max depth was 30 levels

• After IPv6: ~60% of meters within 3 hops of CGR with max depth of 14 levels deep

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128 BC Hydro Case Study: Comparing to Full IPv6 After Conversion Pre-IPv6 Post-IPv6 Ping (msec) – Difference Average Round Trip Difference application-layer between levels Time between levels ping (non-IP) (msec) (msec) CGR 2670

Rank 1 4000 1330 430.5

Rank 2 5000 1000 716.1 285.7

Rank 3 7330 2330 1074 357.5

Rank 4 8330 1000 1119 45.05

Rank 5 11330 3000

Average 1732 279.69

• Created in the 1960 to carry data using L2 Supervisory System protocols over serial (e.g. RS-232 and RS- (Computers, HMI, 485) Data storage) • Evolved to support IP

• Master/slave relationship Control Communication Sensing • Commonly found in Infrastructure Manufacturing/Industrial (using protocols (Serial, ethernet, IP) like Modbus) and Utilities (DNP3 and International Electrotechnical Commission (IEC) 60870-5-101 protocols) verticals Remote Site 1 Remote Site 2 (RTU, PLC, (RTU, PLC, Sensors, Sensors, Equipment) Equipment)

Standards protocols Proprietary protocols Standard protocols over TCP/IP (IEC IEC 61850 over Serial over Serial (IEC 60870- 60870-5-104, DNP3, SCADA 5-101, DNP3, Modbus) Modbus)

Protocol Translation IP Tunneling • IEC 60870-5-101 to Using Raw IEC 60870-5-104 Ethernet/IP Socket • DNP3 to DNP3/IP • Modbus to MQTT

Secure IP infrastructure (Data Integrity, Confidentiality and Privacy)

• Developed in 1999, MQTT uses TCP and a publisher/subscriber model • Publisher publishes “topic” at a given address • MQTT Server (MQTT Broker) can retrieve topics from publishers • Clients subscribe to topics from a broker or server • Broker can distribute topics to clients (subscribers)

Subscriber: Temp/RH Building climate control system Publishers: Temperature, RH

Operation Centers MQTT Server (Broker)

Raspberry Pi or Virtualized RTU

Cisco Kinetic IR809 Router Cloud MQTT HVAC Broker

MQTT Publish Temperature Sensor

Smoke alarm Message Broker Data Client (MQTT Subscriber)

▪ CoAP (RFC 7252) is a lightweight version of HTTP defined by IETF in the Constrained RESTful Environments (CoRE) standard ▪ UDP based with small headers (<10 bytes) ▪ Request / Response model (GET, POST, PUT, DELETE) Applications ▪ Supports block transfer, proxy, caching, resource discovery CoAP IPv6

6LoWPAN

MAC

Phy

coap://my-bright-light.com:5683/foo.xml

CON or confirmable 0x47 is the message ID, means an ACK is required ensures reliability

In this example, CoAP CON tid=0x47 is used to adjust the brightness of a PoE POST /foo light using a CoAP POST command Operation POST is used to send Centers data/command

Client Light

coap://my-bright-light.com:5683/foo.xml

Light confirms CON tid=0x47 brightness adjustment POST /foo

Operation ACK tid=0x47 Centers 2.01 “

0x47 is correct message ID Client ACK or acknowledgement Light of CON message 2.01 indicates success for the POST action

CoAP MQTT Network Protocol IPv6 IPv6 Transport Protocol UDP TCP

Typical Messaging Request/Response (like HTTP) Publish/Subscribe

Effectiveness in LLNs Excellent Fair

Security DTLS SSL/TLS Scalability Complex Simple Strengths Light-weight and fast with low TCP and QoS options provide robust overhead, suitable for constrained communications; simple management networks; Uses RESTful model that and scalability using a broker is easy to code to; Easy to parse, architecture; and process for constrained devices

Increasing Industrial Threats IT and OT Have Gaps Challenges between IT & OT

• IT prefers to patch as quickly as German Steel Mill possible Cyber attack (2014) 78% • OT prefers not to patch, EVER! Cyber attack on Saudi • Devices can go years with serious Aramco (2012) 78% of IT security staff lack cyber vulnerabilities 151 Cyber Incidents led to visibility & management to secure IoT devices* power outage or disruptions in 2014 US*

Unauthorized Malicious People, Code Device

Industrial Physical Protocol Offense Attack

Asset Description Examples and Notes

Intelligent Electronic Device – Commonly used Sensor, actuator, motor, transformer, IED within a control system, and is equipped with a circuit breaker, pump small microprocessor to communicate digitally. Remote Terminal Unit – Typically used in a substation or remote location. It monitors field Overlap with PLC in terms of capability and RTU parameters and transmit data back to central functionality station. Programmable Logic Controller – A specialized Most PLCs do not use commercial OS, and PLC computer used to automate control functions use “ladder logic” for control functions within industrial network. Human Machine Interfaces – Operator’s HMIs are typically modern control software HMI dashboard or control panel to monitor and running on modern operating systems (e.g. control PLCs, RTUs, and IEDs. Windows) Supervisory Collect information from industrial assets and Unlike HMI, a supervisory workstation is Workstation present the information for supervisory purposes primarily read-only Software system that collects point values and Data Typically with built-in high availability and other information from industrial devices and Historian replicated across the industrial network store them in specialized database Many other devices may be connected to an For example, printers can be connected Other Asset industrial network directly to a control loop © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public The Challenges of Protecting OT Digital Systems: Weak and/or Old Protocols, limited security culture in OT

• Visibility and asset management is extremely difficult in IoT

• Assets are uncontrolled

• SCADA is the predominant protocol used in IoT - it was created in the 1960s and is inherently insecure

• IT and OT have different skills, priorities and centers of control

• Little to no security segmentation

Internet

Corporate Media

Network

Z HMI Network

M (Sit. Awareness, D Control, Protec on)

Computers Vendors /

Partners

Z ICS Network

M (Programming,

D Maintenance)

PLC Network (Physical Devices)

Customer Networks Built in this Period

Vulnerabilities Stuxnet Black Hat

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 151 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Case Study: Ukraine Substation Industrial Attack

City of Kiev, December 2015

• Widespread attack against the Ukrainian power grid • Dozens of sub-stations disconnected power • Attackers gained access to the SCADA system and turned off power

Photo credit: CBS News

Spear phishing to gain Theft of Remote operation KillDisk to erase MBR business network access Credentials of ICS Systems and delete targeted logs

BlackEnergy 3 Use of VPNs to S2E devices compromised at Power Outage malware installed access ICS network firmware level

Spear phishing to gain Theft of Remote operation KillDisk to erase MBR business network access Credentials of ICS Systems and delete targeted logs

Attack on IT Domain Attack on OT Domain

BlackEnergy 3 Use of VPNs to S2E devices compromised at Power Outage malware installed access ICS network firmware level

Unit

Function

Parameter Value (Data)

Visibility

IT cares about OT cares about Cyber Threats Operational Insights

Is this event a malicious Did this event impact the attack on the system? integrity of the system? Are security policies Security Analytics Are my OT assets properly enforced in the OT domain? configured?

Cyber Vision Center: Centralized Analytics & Data Visualization

Cisco Integrations Partner Integrations

ISE, Stealthwatch, Deep analytics Firepower, DNA-C

Sensor Sensor Sensor Sensor Sensor Industrial IoT Gateways / Industrial Industrial Sensor Networking Switching Compute Routing Wi-Fi (RF Mesh) Cyber Vision Sensors: Deep Packet Inspection Built into Network Elements

Cyber Vision Center Centralized Analytics & Data Visualization

Cisco Integrations Partner Integrations

ISE, Stealthwatch, Deeper analytics Firepower, DNA-C

Available today Future

Sensor Sensor Sensor Sensor

IR 1101 Gateway Catalyst 9000 Series Switch IC3000 Industrial Compute IE 3400 Switch Hardware-Sensor Network-Sensors To support brownfield Deep Packet Inspection built into network elements

TECIOT-2400 © 20202020 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved. CiscoCisco PublicPublic 162 Demo: Airport Baggage Claim System Security 1. No Segmentation and Flat Networks with unmanaged switches Airport 2. Contractor connects to network to do IT Network maintenance 3. Malware Spreads from Contractor device 4. Increased traffic impacts critical devices and operators lose visibility into the process

1 Flight No. Flight No. 2

from from

PLC PLC

Actuators Drives Sensors HMIs Actuators Drives Sensors HMIs

Barcode scanners

Cisco DNA-C

1. Cyber Vision Identifies Assets and application flows Cisco ISE to enable segmentation via DNA-C and ISE Airport Cisco Cyber Vision 2. Cyber Vision detects application level changes IT Network 3. DNA-C & ISE integration restrict access and segment to prevent spreading

Sensor Sensor Cisco IE Cisco IE 3400 with 3400 with Cyber Vision Cyber Vision 1 Flight No. Sensor Sensor Flight No. 2

from from

PLC PLC

Actuators Drives Sensors HMIs Actuators Drives Sensors HMIs

Cyber Vision Center Operational Insights Threat Detection

Cisco Firepower Cisco ISE Traffic Filtering Access Control T VISIBILITY A C

L Sensor T O Cisco DNA-C Sensor Cisco Stealthwatch R Network Management AP Network Flow Analysis S Gateway Sensor Threat Threat Intelligence Response Switch

Cyber Vision Sensors Deep Packet Inspection Built into Cisco Industrial Network

Cisco Security for Industrial IoT

• Imagine a mega-field of oil with no way to extract it from the ground

• Data needs to be extracted before it can be refined, and then used

App App App

App App App App

of data will be created and Smart Critical processed outside a Insights biz decision 45%75% traditional centralized data center or cloud by 2025*

Multi-Cloud Top Drivers

Cost, Efficiency, Regulatory IoT Edge & Data

Complexity

Instrumenting / Sensors / Measuring stands in the way - bringing HW/SW components together

* Gartner

• Predictive Analytics

• Proactive Part Replacement

CELL 07

REPLACE BEARINGS Intelligence at the Edge is Needed Cisco IOx

• Run distributed compute at the edge

• Leverage secure connectivity of Cisco IOS software

• Manageable with on-premises or cloud- based interface

• Runs on wide variety of IoT platforms

• Builds on existing developer tools and trainings on DevNet

IOx

Cisco Cisco Application IOS / IOx Services Local Application Hosting Manager IOS-XE Framework Software (CAF) Application Management

Linux

Edge

Network #> export DOCKER_HOST=tcp://***.**.***.***:****

#> exportdocker DOCKER_TLS=*run -–network=container:*****

#> export--volume=/software/ DOCKER_API_VERSION=*.*caf/work/repo-docker/*** Enable Docker Access And Create App Profile On Edge --memory= 64m docker_image_name Setup Remote Access Environment On Dev Machine

Transfer Docker Image To Edge

Run & Test Container With App Profile < / >

Developer

IoT Edge

Compute Network

CGR 1120, 1240 IC3000 IR1101 IR829 IR809 IE3000 with Compute Module

Management App & Analytics App & Analytics EI Manager

Cloud On-Prem App Management Provider DC GW Management

Cyber Vision Edge Intelligence ISV Micro-svc

IOx - Edge Compute Infrastructure

IoT GW - Ready IoT networking/compute portfolio

Edge to multi-cloud Out of the box experience with One stop solution data delivery centralized deployment for scale for IoT edge needs

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 176 Customer / Partner apps Customer / Partner User • Technician apps Persona • SI/OT Developer • SI/OT Soln Architect Azure/AWS IoT Hub Azure IoT Hub EI Manager for OT UI & Work Flow Azure/ AWS Infra Azure Stack/ DC Infra

Control Path Data Path Edge Intelligence Edge

GovernanceEngine NB Connector 1 NB Connector 2 NB Connector 3 NB Connector 4 NB Connector 5

Azure IoT MQTT Client AWS IoT …. …. EngineScripting

Broker

SB Connector 1 SB Connector 2 SB Connector 3 SB Connector 4 SB Connector 5 OPC ModBus EIP/CIP MQTT Server …..

IOx IC, IR, IE

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 177 Smart & Centralized to deploy across hundreds of Gateways -- Templates automatically push data policy to all locations

Location 1

Location 2

Location 3

Location 4

Cisco GMM

config APPs

• Secure connection of IoT Devices • Secure IoT app lifecycle management • Simplified GW management at scale

LTE Gateway WiFi Gateway Mobile Radio LTE Gateway RFID LTE Gateways Fare Payment (e.g. Motorola, Telematics/ODB-II Passenger WiFi Automatic System Harris) (Engine, Bus Vehicle Logic Unit Passenger (e.g. Cubic performance, fuel (VLU) Counter monitoring, etc.) Compass) Voice (Init, Trapeze, Mobile Dispatch Clever Devices) Data System Terminal [HW and SW] Vehicle Video Sensors Security (Door, Bike rack, Tires, etc.) IP Video Cameras

Destination Passenger Info PA System Signs Display

Characteristics: Results: 1. VLU centric solution with custom hardware 1. Large hardware footprint & expensive airtime 2. Multiple LTE gateways, unnecessary CPUs 2. Significant OT overhead to deploy and manage 3. Minimal to no security 3. Significant security risks due to multiple networks 4. Legacy vendor lock-in

Oil / Fuel Tire Pressure Steering wheel consumption monitor Stability Engine sensors Air Control Pressure Vehicle speed and acceleration

• A Controller Area Network (CAN bus) is a vehicle bus standard allowing microcontrollers and devices to communicate with each other without a host computer • CAN bus provides a rich base of data for analysis

Typical Legacy Hardware Next-gen Architecture

1. Consolidate to one dual-LTE/WiFi RFID Systems Gateway (reduce LTE costs, streamline

LTE Gateway LTE Gateway Land Mobile Radio WiFi AP/Gateway LTE Gateways connectivity management) packaged with packaged with fare (e.g. Motorola, installed by WiFi installed by engine VLU System Harris, JVC) provider vendor & body builder • VLU, Signage, Video Cameras, APC, Vehicle Sensors • Fuel/Operations monitoring • WiFi • Fare Payment

Vehicle Logic Unit Fare Payment System Voice Dispatch Passenger Vehicle (CAD/AVL) (e.g. Compass/Cubic) System WiFi Engine/Performance • VoIP dispatch E.g. Trapeze, INIT, Monitoring Clever Devices • Bus vendor telematics Fuel Monitoring Destination Signage (e.g. Transign) 2. Position next-gen, cloud-based

Video Cameras (3- applications + edge compute 5) (multiple vendors)

Automatic Passenger Counter 3. Layer in additional Cisco products: (e.g. Dilax) Security, ICs, Collab, Video, etc. Vehicle Sensors (Door, Bike rack, Tires, etc)

• Consolidate networks on bus Head Office • Network resiliency ASR1000 • Live data analysis • Easy to manage for OT

FlexVPN Data Cisco Kinetic GMM LTE Provider 1 Tunnel LTE Provider 2

Kinetic GMM is the LTE 1 LTE 2 FlexVPN Control FlexVPN Control Plane Tunnel Dual-SIM Mobile Router (e.g. IR829) The vehicle on vehicle has one active LTE backhaul

Serial 1 Gigabit Ethernet 0 RS232 DTE WAN SFP

Serial 0 • 4 x 10/100/1000Mbs RJ45 switched Gigabit Ethernet ports RS232/RS485 With POE option ports with PoE option to share 30.8W + DCE/DTE GI 1 1 GE Routed port SFP GI 2 USB Type A port Dual Core CPU with • Serial ports and adapter for ODBII HW Crypto GI 3 (smart telematics interface) + • Dual Cellular interface Status LEDs Memory GI 4 + • GPS, Accelerometer/Gyroscope Storage Accelerometer + AP803 • Ignition/power management Gyroscope Wi-Fi • IOx Capable DC Power 3G/4G LTE + Ignition Power modem Management + GPS

Mini-USB Type B 2nd 3G/4G LTE Console port modem + GPS IR 829 (roadmap)

TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 186 Security and ISE Pushes policy for all buses, supervisor vehicles, etc. to ASR 1000 – managing on- Policy Control boarding and security for bus routers

ASR1000

Cisco Kinetic (GMM) LTE Provider 1 LTE Provider 2

Kinetic GMM is the LTE 1 LTE 2 FlexVPN Control FlexVPN Control Plane Tunnel Dual-SIM Mobile Router (e.g. IR829) The vehicle on vehicle has one active LTE backhaul

aaa group server radius ISE server name ISE Per-Vehicle Configuration on Head ip vrf forwarding Mgmt-intf End Router (ASR 1000) ip radius source-interface GigabitEthernet0 ! crypto ikev2 keyring Flex_key aaa authorization network ISE group ISE peer ! identity email @iotspdev.io aaa server radius dynamic-author pre-shared-key client 10.203.254.30 vrf Mgmt-intf server-key ****** ! ! crypto ikev2 name-mangler GET_NAME crypto ikev2 authorization policy FTX2053Z09L email username pool ! route set interface crypto ikev2 profile Bus-Routers route set access-list CLOUD match fvrf any no route accept match address local 199.60.181.248 match identity remote email domain iotspdev.io ! configure the IP address as needed identity local key-id 199.60.181.248 ip local pool 172.16.4.20 authentication remote pre-share authentication local pre-share keyring aaa ISE name-mangler GET_NAME password ****** dpd 60 3 periodic x2000 = ~20,000 lines of config!! nat force-encap aaa authorization user psk cached virtual-template 1 !

• IoT is a rapidly developing technology – new protocols, new access methods, new challenges • Wireless and Industrial Ethernet are the predominant access methods, but require specialized handling • IPv6 is taking hold as the networking protocol of choice and has been adapted for IoT use cases • Securing IoT is extremely challenging and requires visibility as the baseline • The future of IoT will be in how we analyze the data and leverage AI/ML

BRKIOT-2600 BRKIOT-2213 16:45 Enabling OT-IT collaboration by 17:00 From Zero to IOx Hero transforming traditional industrial TECIOT-2400 networks to modern IoT Architectures IoT Fundamentals 08:45 BRKIOT-1618 Bootcamp 14:45 Industrial IoT Network Management PSOIOT-1156 16:00 using Cisco Industrial Network Director Securing Industrial – A Deep Dive. Networks: Introduction to Cisco Cyber Vision PSOIOT-2155 Enhancing the Commuter 13:30 BRKIOT-1775 Experience - Service Wireless technologies and 14:30 BRKIOT-2698 BRKIOT-1520 Provider WiFi at the Use Cases in Industrial IOT Industrial IoT Routing – Connectivity 12:15 Cisco Remote & Mobile Asset speed of Trains and Beyond Solutions PSOIOT-2197 Cisco Innovates Autonomous 14:00 TECIOT-2000 Vehicles & Roadways w/ IoT BRKIOT-2497 BRKIOT-2900 Understanding Cisco's 14:30 IoT Solutions for Smart Cities and 11:00 Automating the Network of Internet Of Things (IOT) BRKIOT-2108 Communities Industrial Automation Solutions Connected Factory Architecture Theory and 11:00 Practice PSOIOT-2100 BRKIOT-1291 Unlock New Market 16:15 Opening Keynote 09:00 08:30 Opportunities with LoRaWAN for IOT Enterprises Embedded Cisco services Technologies IOT IOT IOT Track #CLEMEA © 2020www.ciscolive.com/emea/learn/technology Cisco and/or its affiliates. All rights reserved. Cisco-tracks Public.html Cisco Live Thursday, Jan. 30th Celebration 18:30 Friday, Jan. 31st

Guest Keynote 17:00

BRKIOT-2548 BRKIOT-2100 Cisco Distributed 08:30 IoT and Intent-Based Networking Automation Solutions Solutions for Smart Cities and Connected Roadways 11:30 BRKIOT-2225 BRKIOT-3511 BRKIOT-2003 A security design for enabling IoT gateway scalable 09:45 Digital Building Theory & Practice deployment with Cisco Industry 4.0 Kinetic Gateway Management Module (GMM)

BRKIOT-2204 BRKIOT-2394 Leveraging industrial BRKIOT-2526 Unlocking the Mystery of Machine 09:00 device visibility and 11:15 Wi-Fi Technology in Learning and Big Data operational intent to 14:45 Industrial IoT inform security policies and controls PSOIOT-2400 Bringing IT and OT together PSOIOT-1151 to drive business benefits Achieving business 13:15 outcomes using IoT 13:30 solutions IOT IOT IOT Track #CLEMEA © 2020www.ciscolive.com/emea/learn/technology Cisco and/or its affiliates. All rights reserved. Cisco-tracks Public.html Complete your online session • Please complete your session survey survey after each session. Your feedback is very important.

• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live t-shirt.

• All surveys can be taken in the Cisco Events Mobile App or by logging in to the Content Catalog on ciscolive.com/emea.

Cisco Live sessions will be available for viewing on demand after the event at ciscolive.com.

Demos in the Walk-in labs Cisco campus

Meet the engineer Related sessions 1:1 meetings