IoT — Internet of Things
The Internet of Things (IoT) refers to the network of physical devices — from industrial sensors and medical monitors to smart home appliances — that are embedded with sensors, microcontrollers, connectivity modules, and software, enabling them to collect, exchange, and act on data without human intervention.
IoT by the Numbers (2026)
| Metric | Value |
|---|---|
| Connected IoT devices worldwide | ~18.8 billion |
| Industrial IoT market size | $525 billion |
| Average device lifespan | 7–15 years |
| Cybersecurity incidents involving IoT | 300% increase since 2020 |
| EU CRA compliance deadline | December 2027 |
IoT Architecture — The Four Layers
A typical IoT system consists of four interconnected layers:
1. Perception Layer (Devices & Sensors)
The physical hardware that interacts with the real world: temperature sensors, accelerometers, cameras, RFID readers, actuators. Key design decisions include power budget, operating temperature range, and form factor.
2. Network Layer (Connectivity)
Protocols that transport data from devices to the cloud or edge:
| Protocol | Range | Data Rate | Power | Best For |
|---|---|---|---|---|
| LoRaWAN | 15 km | 50 kbps | Very low | Environmental monitoring, agriculture |
| NB-IoT | Cellular | 250 kbps | Low | Wide-area asset tracking |
| Wi-Fi 7 | 50 m | 5.8 Gbps | Medium | Video, gateways |
| Thread/Matter | 30 m | 250 kbps | Low | Smart home, building automation |
| 5G RedCap | Cellular | 150 Mbps | Medium | Industrial IoT, autonomous vehicles |
| DECT NR+ | 1 km | 3 Mbps | Low | Private industrial mesh |
3. Processing Layer (Edge & Cloud)
Data processing happens at the edge (on or near the device for low-latency inference) or in the cloud (for large-scale analytics and training).
4. Application Layer
End-user dashboards, alerts, automation rules, and business intelligence.
IoT Security — The Critical Challenge
IoT devices are uniquely vulnerable because they:
- Operate unattended in physically accessible locations.
- Have limited computational resources for security.
- Remain deployed for 10+ years, requiring long-term vulnerability management.
- Often lack secure update mechanisms.
Essential security measures include:
- Hardware root of trust — Secure elements and secure boot.
- Encrypted communications — TLS 1.3, DTLS for constrained devices.
- Device identity — X.509 certificates or FIDO2 attestation.
- Secure OTA updates — Signed firmware with rollback protection.
- Vulnerability management — Continuous monitoring and SBOM (Software Bill of Materials).
EU Regulatory Landscape for IoT
| Regulation | Deadline | Impact |
|---|---|---|
| EU Cyber Resilience Act (CRA) | Dec 2027 | Mandatory cybersecurity for all connected products |
| NIS2 Directive | Oct 2024 (transposed) | Supply chain security for essential entities |
| Radio Equipment Directive (RED) | Aug 2025 | Cybersecurity for wireless devices |
| ETSI EN 303 645 | Ongoing | Consumer IoT security baseline |
| IEC 62443 | Ongoing | Industrial automation security |
Related Terms
- Secure Boot — Ensures only verified firmware runs on IoT devices.
- HSM — Provides hardware-level key management for IoT identity.
- Edge AI — Processing AI on IoT devices without cloud dependency.