When talking about advanced technology in general and Internet of Things (IoT) in particular the first aspects that come to mind are things such as gleaming manufacturing production lines, industrial IoT solutions, critical infrastructure facilities, and consumer products for the home or fitness. It is rare that agriculture or farming gets included. Yet IoT is already having an impact within the agricultural sector, helping to improve productivity and yields.

The need

While food shortages can often be more of a food distribution problem than an absolute shortage of production per se, increases in agricultural food production are going to be essential in the years ahead. The United Nations’ World Population Prospects 2019 predicts that global population will rise from an estimated 7.7 billion people in 2019 to c.8.5 billion in 2030, 9.7 billion in 2050 and 10.9 billion by the end of the century, increasing the demand for food. This is combined with likely increased levels of prosperity and reductions in poverty, which has been shown before to always lead to increases in per capita food consumption as well as, importantly, changes in the food stuffs consumed. As the UN report puts it, “continued rapid population growth presents challenges for sustainable development”.

The response

First off, it’s important to say that any predictions of a Malthusian population crunch are likely to be way off the mark. In recent history, the agricultural sector has shown itself able to substantially increase levels of production, for example through the Green Revolution in the 1950s and 1960s that witnessed the use of new disease resistance high-yield varieties of wheat, rice and other crops.

But to ensure that food production can keep up with demand, a range of responses will be needed. Some of will be knowledge-based, others practice-based: for example, with knowledge of new farming techniques being spread, notably in developing countries; with increased used of hardier and more resistance varieties of crops; and with increased access to tools that enable greater productivity.

In some cases, this access to tools can mean access to farming equipment such as tractors or irrigation equipment. On others, it can include what is being called ‘smart farming’, ‘precision farming’, or ‘smart agriculture’.

Smart farming

The UN Food and Agriculture Organization summarizes smart farming as: “a farming management concept using modern technology to increase the quantity and quality of agricultural products. Farmers in the 21st century have access to GPS, soil scanning, data management, and Internet of Things technologies. By precisely measuring variations within a field and adapting the strategy accordingly, farmers can greatly increase the effectiveness of pesticides and fertilizers, and use them more selectively. Similarly, using Smart Farming techniques, farmers can better monitor the needs of individual animals and adjust their nutrition correspondingly, thereby preventing disease and enhancing herd health”.

In essence, smart farming is the deployment of advanced technology and IoT in agriculture.

The benefits that can be gained from this are manifold. There are the afore mentioned increases in production and greater effectiveness of agricultural inputs, such as fertilizer. But there are also major environmental benefits to be gained through the more sustainable use of water, energy, feed and the soil. The commercial and economic benefits are also significant. An Irish Government initiative that promotes smart farming states that, on participating farms, it averages EUR 6,300 in cost savings per farm and ways to reduce greenhouse gas emissions by 10%.

Using IoT and technology in agriculture

Despite the images that many may have of agriculture being technologically limited, this could hardly be further from the truth. Advanced technology and IoT have been rolling out within the sector in line with the developments elsewhere. One of the first studies to look at IoT in agriculture by Beecham Research identified several aspects where in which these could be used:

• Sensing (or observation) technologies,
• Software applications,
• Communication systems,
• Telematics and positioning technologies,
• Data analytics,
• Hardware and software systems.

Specific areas where IoT and related technologies are being rolled out within include:

• Livestock monitoring,
• Storage monitoring, for example in water tanks, fuel tanks, waste tanks,
• Indoor farming in greenhouses and stables,
• Forestry,
• Arable farming,
• Fleet management,
• Fish farming.

There are a wide range of uses within each of these areas. For examples, drones are being used for crop spraying as well as providing remote monitoring of crop growth. DroneFly, a US-based drone supplier, provides a multispectral imagery drone for agricultural use that is enabled for sunlight detection; it further estimates that fertilizer can be delivered approximately 40-60 times faster than through traditional methods. 

Larger equipment is also being outfitted with IoT technology. John Deere, the major agricultural and horticultural equipment company, provides a range of precision agricultural equipment that enables automated guidance for harvesting equipment and data collection to assist with input placement and land stewardship, amongst others.

Some of the most important IoT solutions and tools involve observation and diagnostics. Sensing IoT solutions can be used, for example, to record and monitor conditional data from crops, soil, meteorological conditions, or livestock. As with IoT solutions in other fields, this data can then be integrated and diagnosed in order for automated decisions to be taken or alerts raised. All of this reduces the workload on the farmer while improving reaction time.

Conclusion

Although public awareness of IoT solutions within smart agriculture is less than those provided for industrial IoT solutions or within the consumer environment, the range of IoT tools, systems and applications that are being deployed is rapidly growing and will make an important contribution to the future farming and food needs of us all.

There is no overstatement in the saying that that Internet of Things (IoT) is reshaping business processes and workplaces in a never-before way. Connected devices are increasingly pushing the boundary of innovation for the enterprises and industries of all niches. Thanks to these connected devices and a huge upsurge of IOT mobile app development, consumers are being benefited most through frictionless user experience.

No wonder in the fact that the IoT software development is exploding with all possibilities and promises. Just like ever before, the market is brimming with a whole array of scalable, feature-rich, secure and user-optimized connected solutions that are transforming the way we interact with devices and use software solutions at the workplace.

In spite of such huge promise and possibilities, IOT software and app development faces some hefty and crucial challenges that developers of the present-day need to be aware of. Here we are going to explain some of these challenges in brief.

• Operating System (OS) Considerations

The first technical challenge and pulling factor that IOT app development companies need to deal with is the consideration of the operating system of the devices. Since IOT devices have mostly shorter memory capacity and a single track operational capacity, developers need to approach the development challenges for such devices in a different way than with the desktop solutions. The developers need to pick an OS that perfectly fits the device capability and the objective of the application.

As of now, most of the IOT developers surveyed for their OS preferences have clearly chosen Linux. Linux according to most IOT developers, offers the perfect OS for IOT devices with a lot of memory constraints, microcontrollers, and IOT gateways.

• Selecting the Gateways

The gateways in the IOT landscape plays the most critical role by connecting almost all the constituent elements ranging from connectivity protocols like Wi-Fi or Bluetooth, ports, IOT sensors, cloud systems, etc. Naturally, for the whole IOT ecosystem gateways really play the mission-critical role. 

When it comes to the choice of appropriate gateways for your IOT application, you have several well-known choices from renowned technology companies like Dell, Nexcom, Intel, etc. These gateway providers as if now are proved to be highly effective for end number of applications. Some of the key aspects that you need to consider in gateways include the particular specifications for the network, supporting development environment, power rating, memory capacity, etc.

• Security & Privacy

One of the key aspects that IOT app developers should give utmost priority is the app security and privacy. The security here not just refers to the network security but practically security of every different component. As IOT devices penetrate the personal spaces of the users, they are often vulnerable to misuse and breaching of data security through cyber-attacks.

Maintaining optimum data security and safeguarding privacy are two aspects that always remained to be the contentious areas for the IOT app developers worldwide. Let us have a closer look at various security aspects of an IOT app.

• Data Exchange Security: The data generated through an IOT app through the IoT sensors and devices pass through the gateway and is finally stored at the cloud server. To ensure optimum security to this data it is important to use encryption for safeguarding the data.
• Physical Security: The IoT devices unlike other computing devices are normally used in private and remain unattended most of the times. This is why they remain vulnerable to a lot of security threats from hackers at the device level.
• Cloud Storage Security: A cloud storage solution normally remains secure from threats and intrusions. Even then, the developers of the IOT apps need to make sure that the data in cloud storage remain safe and secure.
• Privacy Updates: To protect the privacy of the user data processed and fetched by IoT devices, there need to be certain compliance rules. For instance, all fitness tracker devices collect user data on the basis of HIPAA guidelines. Such regulations and compliance standards basically safeguard the privacy of the user data.
• Network Connectivity

The quintessential aspect of IOT app development is the fast and real-time data transmission between the device and the IOT gateway and the gateway to the cloud server. Poor connectivity will only render most of the critical app features to be ineffective. The connectivity issues and server breakdown still remain to be the major problems for too many IOT devices.

Actually, connectivity remains to be the first and foremost area of importance for connected devices that work hand in hand with gateways and cloud platforms. For meeting this challenge corresponding to connectivity with appropriate measures, the app design and device app environment play an important role. The connectivity solution should be considered as per the device constraints and capacities.

• User-Optimized App Design

Another major focus area for IOT app development should be on the app design. The app design should be thoroughly intuitive and user-focused so that the users do not need to study manuals for using an IOT device. Even for industrial IOT devices, simple and clean design is extremely important to ensure faster decision making and visualization of the data. In this respect, close and mutually reciprocating cooperation between the developers and designers is a must for building IOT apps. Some of the key attributes that design inputs should ensure include the following.

• Safe and secure user authentication
• Frictionless transition across devices and applications
• Personalized user experience based on user behavior and preferences
• A consolidated IOT environment comprising all the elements in the pipeline.

• Cross-Platform Deployment

Last but not least of all the major challenges that IOT app developers must deal with is deploying the app across multiple OS platforms. Since the IOT ecosystem comprises of a variety of device architectures, protocols, and operating systems, the app should be built to fit with all these variables for a seamless and efficient performance. This is why experts of international organizations such as the Engineering Task Force (IETF) and the Institute for Electrical and Electronic Engineers (IEEE) have already come up with explicit cross-platform development standards and architecture models to help smooth deployment across multiple OS platforms.

Conclusion

In spite of the overwhelming growth of the IOT applications and the ecosystem of connected devices, there is a multitude of challenges that the IOT app developers need to encounter regularly. By focusing on these challenges beforehand, they can at least take appropriate precautionary steps to ensure optimum quality and efficient output.

For IoT and M2M device security assurance, it's critical to introduce automated software development tools into the development lifecycle. Although software tools' roles in quality assurance is important, it becomes even more so when security becomes part of a new or existing product's requirements.

Automated Software Development Tools

There are three broad categories of automated software development tools that are important for improving quality and security in embedded IoT products:

• Application lifecycle management (ALM): Although not specific to security, these tools cover requirements analysis, design, coding, testing and integration, configuration management, and many other aspects of software development. However, with a security-first embedded development approach, these tools can help automate security engineering as well. For example, requirements analysis tools (in conjunction with vulnerability management tools) can ensure that security requirements and known vulnerabilities are tracked throughout the lifecycle.  Design automation tools can incorporate secure design patterns and then generate code that avoids known security flaws (e.g. avoiding buffer overflows or checking input data for errors). Configuration management tools can insist on code inspection or static analysis reports before checking in code. Test automation tools can be used to test for "abuse" cases against the system. In general, there is a role for ALM tools in the secure development just as there is for the entire project.
• Dynamic Application Security Testing (DAST): Dynamic testing tools all require program execution in order to generate useful results. Examples include unit testing tools, test coverage, memory analyzers, and penetration test tools. Test automation tools are important for reducing the testing load on the development team and, more importantly, detecting vulnerabilities that manual testing may miss.
• Static Application Security Testing (SAST): Static analysis tools work by analyzing source code, bytecode (e,g, compiled Java), and binary executable code. No code is executed in static analysis, but rather the analysis is done by reasoning about the potential behavior of the code. Static analysis is relatively efficient at analyzing a codebase compared to dynamic tools. Static analysis tools also analyze code paths that are untested by other methods and can trace execution and data paths through the code. Static analysis can be incorporated early during the development phase for analyzing existing, legacy, and third-party source and binaries before incorporating them into your product. As new source is added, incremental analysis can be used in conjunction with configuration management to ensure quality and security throughout. 

Figure 1: The application of various tool classes in the context of the software development lifecycle.

Although adopting any class of tools helps productivity, security, and quality, using a combination of these is recommended. No single class of tools is the silver bullet[1]. The best approach is one that automates the use of a combination of tools from all categories, and that is based on a risk-based rationale for achieving high security within budget.

The role of static analysis tools in a security-first approach

Static analysis tools provide critical support in the coding and integration phases of development. Ensuring continuous code quality, both in the development and maintenance phases, greatly reduces the costs and risks of security and quality issues in software. In particular, it provides some of the following benefits:

• Continuous source code quality and security assurance: Static analysis is often applied initially to a large codebase as part of its initial integration as discussed below. However, where it really shines is after an initial code quality and security baseline is established. As each new code block is written (file or function), it can be scanned by the static analysis tools, and developers can deal with the errors and warnings quickly and efficiently before checking code into the build system. Detecting errors and vulnerabilities (and maintaining secure coding standards, discussed below) in the source at the source (developers themselves) yields the biggest impact from the tools.
• Tainted data detection and analysis: Analysis of the data flows from sources (i.e. interfaces) to sinks (where data gets used in a program) is critical in detecting potential vulnerabilities from tainted data. Any input, whether from a user interface or network connection, if used unchecked, is a potential security vulnerability.  Many attacks are mounted by feeding specially-crafted data into inputs, designed to subvert the behavior of the target system. Unless data is verified to be acceptable both in length and content, it can be used to trigger error conditions or worse. Code injection and data leakage are possible outcomes of these attacks, which can have serious consequences.
• Third-party code assessment: Most projects are not greenfield development and require the use of existing code within a company or from a third party. Performing testing and dynamic analysis on a large existing codebase is hugely time consuming and may exceed the limits on the budget and schedule. Static analysis is particularly suited to analyzing large code bases and providing meaningful errors and warnings that indicate both security and quality issues. GrammaTech CodeSonar binary analysis can analyze binary-only libraries and provide similar reports as source analysis when source is not available. In addition, CodeSonar binary analysis can work in a mixed source and binary mode to detect errors in the usage of external binary libraries from the source code. 
• Secure coding standard enforcement: Static analysis tools analyze source syntax and can be used to enforce coding standards. Various code security guidelines are available such as SEI CERT C [2] and Microsoft's Secure Coding Guidelines [3]. Coding standards are good practice because they prevent risky code from becoming future vulnerabilities. As mentioned above, integrating these checks into the build and configuration management system improves the quality and security of code in the product.

As part of a complete tools suite, static analysis provides key capabilities that other tools cannot. The payback for adopting static analysis is the early detection of errors and vulnerabilities that traditional testing tools may miss. This helps ensure a high level of quality and security on an on-going basis.

Conclusion

Machine to machine and IoT device manufacturers incorporating a security-first design philosophy with formal threat assessments, leveraging automated tools, produce devices better secured against the accelerating threats on the Internet. Modifying an existing successful software development process that includes security at the early stages of product development is key. Smart use of automated tools to develop new code and analyze existing and third party code allows development teams to meet strict budget and schedule constraints. Static analysis of both source and binaries plays a key role in a security-first development toolset. 

References

1. No Silver Bullet – Essence and Accident in Software Engineering, Fred Brooks, 1986
2. SEI CERT C Coding Standard,
3. Outsource Code Development Driving Automated Test Tool Market, VDC Research, IoT & Embedded Blog, October 22, 2013