SAN JOSE, Calif. – The hype phase is over. Engineers are rolling up their sleeves to do the hard work of building an Internet of Things.

Early projections for IoT are now seen as overblown. But the market still has huge potential, so a widening circle of companies and consortia is looking ahead to big challenges in areas such as interoperability, security and ease-of-use.

You could trace the end of the beginning to June 2015. That’s when one market researcher and former engineer got tired of the inflated predictions of tens of billions of connected devices just around the bend. He decided to put out a more sober forecast.

At his first event dedicated to the Internet of Things, Linley Gwennap estimated 1.9 billion new IoT devices would ship in 2020, up from about 200 million he projected were shipping at that time, mainly in the industrial space. Gwennap took a bottom’s up approach to sizing the market that resulted in a far less rosy view than the 50 billion devices in 2020 that Cisco Systems optimistically forecasted.

Since then, the outlook has darkened slightly.

At its latest event in late July, the Linley Group said the IoT market won’t hit a run rate of a billion units a year until 2019. The problem is consumer systems expected to make up the brunt of the market someday are still too expensive and too hard to use, said senior analyst Mike Demler. “Connecting things to Wi-Fi is so difficult and unreliable that it’s been holding things back,” he said, giving an example of his frustrations with an Amazon Echo.

In their candid moments, chip executives pursuing this nirvana agree. “IoT is in a bit of a trough right now,” Tyson Tuttle, CEO of Silicon Labs told EE Times in late June.

The consumer IoT has yet to have its "iPhone moment" when a design fires the public imagination, Tuttle complained. “It will take multiple decades for IoT to play out,” he said, adding that he still believes it represents “the biggest opportunity of our lifetime.”

20170822_iot_01_01 **Comparisons of smartphone-based chips for midrange wearables (top) and MCUs with Wi-Fi. Click to enlarge (Tables: Linley Group) ** Engineers are feeling some blowback from the IoT bubble bursting, said Gwennap.

“Last year and the year before a lot of chips were popping up like MCUs with integrated radios and chips targeting smart watches and other wearables. This year, I am seeing less interest. We are not seeing follow-ons to last year’s products and more people are just repurposing existing smartphone SoCs,” the market watcher said.

Few innovative chips makes it harder for OEMs to craft the iPhones of the consumer IoT. The good news is in communications.

Chips for Bluetooth mesh and the 802.11ah version of W-Fi for low cost, long range connections over 900 MHz bands should ship this year. Outside the smart home a handful of new options--LoRa, Sigfox, Cat-M1 and NB-IoT--are expanding the still-new low power wide area (LPWA) sector. Pointing toward a polyglot future, the Imec research institute showed a chip last year that supports five networks that run in the 780-930 MHz ISM band—802.15.4g/k, LoRa, KNX-RF, Sigfox and Wireless M-Bus. A Silicon Labs exec said he sees evidence of collaboration and consolidation in IoT protocols.

Another market watcher said the good news in comms is just one of several forces working in tandem to push IoT forward.

The big-company energy pouring into services such as Amazon Echo, Google Home, Baidu DuerOS and others fueled by advances in machine learning will drive consumer IoT growth. Meanwhile businesses are getting traction with still-expensive augmented reality products that will eventually trickle down to consumers, said Sam Lucero, a senior principal analyst for IoT at IHS Markit. The China government’s Internet+ initiative from 2015 is already driving up stats on cellular IoT there, said Lucero. The country’s three big carriers reported at the end of 2016 huge leaps to tens of millions of connections for smart city apps such as asset tracking and environmental monitoring, he added.

20170822_iot_01_02 **Sigfox, Narrowband-IoT (a variant of LTE) and LoRa are expected to dominate in LPWA nets. Click to enlarge (Charts: HIS Markit) ** The consumer market may “coalesce around familiar names like Amazon, Google and Apple that control the cloud” and connect smart home devices, said Gwennap. On the commercial side, Amazon announced Greengrass in June, a runtime to host its Web services on any IoT gateway supporting Linux.

The Web giant is perhaps the largest of more than 20 companies working on IoT software platforms for edge networks. It’s a hot area for a growing number of companies seeking their way into IoT such as Stanley Black & Decker.

A 40-person central software team at Stanley Black & Decker sets software standards and develops code for business units trying to add digital services to their products. It helped create connected battery packs, vacuum cleaners and DIY apps among other projects to date.

Big distributors such as Arrow Electronics (the publisher of EE Times) and rival Avnet are both active in IoT. Defining new data-centric business models and finding IoT-class systems integration experts are among their top challenges, said Aiden Mitchell, who heads up Arrow’s IoT initiative.

“There almost isn’t a company that you can’t have a conversation with, so it’s about prioritizing for the biggest outcomes … We spend a lot of time on finding new talent in roles that never existed in the company before. We’ve had good engineers and sales people but not IoT business developers, or solution architects for sensor-to-cloud system and app engineers,” Mitchell said.

A handful of consortia have coalesced around some of the biggest problems in IoT.

For example, late last year two major application frameworks for consumer IoT merged efforts under the management of the Linux Foundation. The Open Connectivity Foundation and the AllSeen Alliance were the major alternatives to Apple’s HomeKit and Google’s Thread and Weave environments.

Over the last few years a consensus has emerged that security is probably the toughest nut to crack in IoT. The good news is a growing set of efforts are engaged in various aspects of the issue. The most recent effort came in February with the launch of the OpenFog group focused on edge networks. The group of more than 50 organizations released its OpenFog Reference Architecture, a broad framework that aims to set a baseline for guiding work on standards and product design, starting with security.

Security got special attention in the baseline document which includes a 30-page appendix with many detailed calls for action covering silicon and software. The Trusted Computing Group’s standards for a hardware root of trust widely used in today’s systems may need to be modified for IoT, it said. The group also called for rivals such as ARM and Intel to align the security primitives in their competing architectures to create consistent programming environments.

UL, the former Underwriters Laboratory, aims to take the lead in this space, providing a specific certification for software security it discussed in May. So far progress has been slow: Two systems have received the UL 2900 certification and three more are in progress.

UL hopes to roll out by the end of the year a software security standard for IoT gateways and a set of best practices for software security in consumer IoT products. Its aims to ramp up its first initiatives in hardware security next year.

In the U.K., a May 2015 IoT security summit at Bletchley Park, the site where researchers cracked the Enigma machine, helped launch the IoT Security Foundation (IoTSF). While the group has a distinctly British flavor, it includes global giants such as ARM, Huawei, IBM, Infineon, Intel, NXP and Vodaphone as well as links to professionals in South America, Australia and elsewhere. Among other efforts, the Online Trust Alliance already has available a second version of its IoT Trust Framework. Earlier this year AT&T, IBM, Nokia and others formed an IoT Cybersecurity Alliance, another resource.

One of the early pioneers in the area was the Industrial Internet Consortium (IIC). It released a security framework last year for its target markets.

The IIC has set up a handful of testbeds to get hands-on learning on all aspects of IIoT. Its first was a factory floor project now two-and-a-half years old, spawning results that member Bosch is deploying to 250 of its plants worldwide, said Richard Soley, IIC’s executive director. The group is also setting up liaison agreements with industrial IoT efforts around the globe in hopes of unifying standards and best practices. It struck deal with China’s IIoT planners late last year. The work is just beginning. Indeed, security and privacy issues have come on the radar screen for regulators in the US and Europe.

The U.S. Senate proposed the Internet of Things Cybersecurity Improvement Act of 2017 to force vendors to set clear standards for things like security software patches.

Europe’s General Data Protection Regulation is scheduled to take effect in May 2018. While its first phase is focused on big-data analytics at Web giants, regulators anticipate a second phase directed at data privacy in IoT.

“Regulations are necessary, important and complex — and they’re coming. We can’t afford to ignore these issues until it’s too late,” said Bruce Schneier, a security expert and Harvard lecturer, in testimony to the U.S. Congress last November, following the Mirai attack.