IoT Connectivity Protocols, Data Analytics, and Security Foundations

Posted on Oct 8, 2025 in Communications Electronic Engineering

IoT Access Technology Fundamentals

Communication Range Categories

IoT access technologies are categorized based on the distance they cover:

  • Short Range: Covers distances up to a few tens of meters. Examples include Bluetooth and Visible Light Communication (VLC), typically found in smaller IoT installations. These technologies often serve as alternatives to serial cables.
  • Medium Range: Extends from tens to hundreds of meters, with a maximum distance generally less than 1 mile. This is a primary category for IoT access technologies, encompassing Wi-Fi, IEEE 802.15.4, and 802.15.4g WPAN, as well as wired technologies like Ethernet and Narrowband Power Line Communications (PLC).
  • Long Range: Encompasses distances greater than 1 mile. This includes cellular technologies (2G, 3G, 4G) and Low-Power Wide-Area (LPWA) technologies like LoRa and Sigfox. LPWA is particularly suited for battery-powered IoT sensors due to its ability to cover large areas with low power consumption.

Frequency Bands and Spectrum Regulation

Radio spectrum is regulated by organizations like the ITU and FCC. For IoT, wireless communications primarily leverage licensed and unlicensed bands:

  • Licensed Spectrum: Used by long-range IoT access technologies and infrastructures deployed by service providers (e.g., cellular, WiMAX, NB-IoT). Users typically subscribe to services to connect their IoT devices.
  • Unlicensed Spectrum (ISM Bands): These Industrial, Scientific, and Medical bands do not require royalty fees or service subscriptions for use but offer no guarantees or protections for device communications, making them susceptible to more interference.

Sub-GHz Frequency Bands

Well-known ISM bands include 2.4 GHz (used by Wi-Fi, Bluetooth, IEEE 802.15.4 WPAN) and sub-GHz ranges (e.g., 169 MHz, 433 MHz, 868 MHz, 915 MHz). Sub-GHz frequency bands allow for greater distances between devices and better signal penetration through obstacles, while adhering to transmit power regulations. However, they typically offer lower data rates compared to higher frequencies. These lower speeds are generally acceptable for most IoT sensors.

Regulations exist for unlicensed bands, mandating device compliance on parameters such as transmit power, duty cycle, dwell time, channel bandwidth, and channel hopping.

Power Consumption in IoT Devices

IoT devices can be categorized into powered nodes (direct connection to a power source) and battery-powered nodes.

  • Powered Nodes: Offer unlimited communication capabilities but may pose deployment challenges due to power source availability and mobility.
  • Battery-Powered Nodes: Provide greater flexibility and are often classified by required battery lifetimes (e.g., 10–15 years for water/gas meters, 5–7 years for parking sensors). This need for low power has spurred the development of LPWA technologies.

Network Topology

Three dominant topologies for connecting IoT devices are star, mesh, and peer-to-peer:

  • Star Topology: Features a single central base station or controller communicating with multiple endpoints. Common in cellular, LPWA, and Bluetooth networks, as well as indoor Wi-Fi.
  • Mesh Topology: Allows a node to have multiple paths to another node, enabling direct information exchange or extending communication range through intermediate nodes. This is common with IEEE 802.15.4, 802.15.4g, and wired IEEE 1901.2a PLC. In mesh networks, intermediate nodes (full-function devices or FFDs) consume more power, while battery-powered nodes often act as leaf nodes (reduced-function devices or RFDs) that do not relay traffic.
  • Peer-to-Peer Topologies: Allow any device to communicate directly with any other device within range, forming more complex networks.

Constrained Devices and Networks

Constrained Devices

Constrained devices are limited in resources such as processing capacity, memory, power, storage, and network bandwidth. RFC 7228 defines classes of constrained nodes:

  • Class 0: Severely constrained (less than 10 KB memory, less than 100 KB Flash), typically battery-powered, and often lack resources for a full IP stack.
  • Class 1: More capable than Class 0 (approx. 10 KB RAM, 100 KB Flash) but still insufficient for a full IP stack. They can implement optimized stacks like Constrained Application Protocol (CoAP) to communicate with the network without a gateway.
  • Class 2: Run full IP stacks on embedded devices (more than 50 KB memory, 250 KB Flash), allowing full integration into IP networks.

Low-Power and Lossy Networks (LLNs)

Constrained-node networks are often called low-power and lossy networks (LLNs), characterized by low power, low bandwidth links, and potential unreliability due to interference or packet loss.

  • Data Rate and Throughput: IoT access technologies for constrained nodes typically offer data rates from 100 bps to less than 1 Mbps, optimized for low power. Actual throughput is often lower than the theoretical data rate. Upstream traffic (device to application server) is generally more common than downstream traffic.
  • Latency and Determinism: Latency in constrained networks can range from milliseconds to seconds due to factors like packet loss and retransmissions. UDP is often recommended for IP endpoints over LLNs due to its low overhead.
  • Overhead and Payload: Link layer protocols must account for fragmentation, especially when carrying larger IP packets (IPv6 has a minimum MTU of 1280 bytes) over networks with smaller Maximum Transmission Units (MTUs), like IEEE 802.15.4 (127 bytes payload). LPWA technologies also prioritize small payload sizes for efficiency.

Key IoT Access Technologies

The following sections discuss several promising IoT access technologies:

IEEE 802.11ah (Wi-Fi HaLow)

An extension of the well-known Wi-Fi standards, optimized for smart objects.

  • Physical Layer: Operates in unlicensed sub-GHz bands (e.g., 868–868.6 MHz, 902–928 MHz, 779–787 MHz for China). It offers a longer outdoor transmission range (e.g., 0.62 mile at 100 kbps) and can support higher data rates up to 300 Mbps.
  • MAC Layer: Optimized for low power consumption and a larger number of endpoints (up to 8192 per access point). Enhancements include:
    • Shortened MAC header for efficient communication.
    • Restricted Access Window (RAW) for fair access, power savings, and reduced collisions.
    • Target Wake Time (TWT) to reduce energy consumption by allowing devices to enter low-power states.
    • Null data packet (NDP) support, grouping, sectorization, and speed frame exchange.
  • Topology: Primarily deployed as a star topology, with a simple hop relay operation to extend range, similar to a mesh (clients handle relay function). Sectorization, using antenna arrays and beam-forming, partitions coverage areas to reduce contention.
  • Security: No additional security beyond other IEEE 802.11 specifications.
  • Conclusion: Positioned as “industrial Wi-Fi,” offering longer range and good support for low-power devices with smaller, low-bit-rate transmissions, while also capable of scaling to higher speeds.

LoRaWAN Technology

A prominent Low-Power Wide-Area (LPWA) technology operating in unlicensed bands.

  • Standardization: LoRa (the physical layer modulation) was developed by Cycleo, acquired by Semtech, and is proprietary to Semtech. LoRaWAN (the MAC layer and network architecture) is an open standard managed by the LoRa Alliance.
  • Physical Layer: Semtech’s LoRa PHY trades a lower data rate for increased receiver sensitivity to significantly extend communication distance. It uses sub-GHz frequency bands like 433 MHz, 863–870 MHz, and 902–928 MHz. Adaptive Data Rate (ADR) ensures optimal and scalable packet delivery. The spreading factor (SF) feature allows various data rates: lower SF means faster speeds and less airtime but shorter distance; higher SF means slower speeds but higher reliability over longer distances.
  • MAC Layer: Defines three classes of LoRaWAN devices to optimize battery life:
    • Class A: Default bidirectional communication for battery-powered nodes.
    • Class B: Experimental (in version 1.0.1).
    • Class C: Adapted for continuously listening powered nodes.
    MAC messages include a 1-byte header, variable-byte payload, and a 4-byte MIC. It uses join request/accept, and unconfirmed/confirmed data up/down messages.
  • Topology: Described as a “star of stars” topology, with endpoints communicating through gateways (acting as transparent bridges) to a central LoRaWAN network server, which then forwards data to application servers.
  • Security: Implements two layers of security:
    • Network Security (at MAC layer): Guarantees endpoint authentication.
    • Application Session Key (AppSKey): Performs encryption/decryption between the endpoint and its application server.
  • Conclusion: Critical for LPWANs in IoT, offering long-distance coverage with variable data rates, managed by the LoRa Alliance, and providing AES authentication and encryption at two layers.

NB-IoT and Other LTE Variations

Efforts by 3GPP (3rd Generation Partnership Project) to evolve cellular technologies for IoT, designed to be well-suited for battery-powered devices and small objects.

  • LTE Cat 0 (Release 12): First enhancement, max data rate of 1 Mbps, features Power Saving Mode (PSM) and half-duplex mode to reduce cost and complexity.
  • LTE-M (Release 13): Uses licensed spectrum, lower receiver bandwidth (1.4 MHz), lower data rate (around 200 kbps), half-duplex mode, and Enhanced Discontinuous Reception (eDRX) for increased sleep time.
  • NB-IoT (Release 13): Specifically designed for LPWA IoT requirements, offering massive numbers of low-throughput devices, low power consumption, good indoor coverage, and optimized network architecture. Operates in standalone, in-band, or guard band modes. Maximum data rates: 60 kbps uplink, 30 kbps downlink. Operates in half-duplex FDD (frequency-division duplexing) mode.
  • Topology: Utilizes a cellular star topology, which provides better signal penetration in buildings and basements.
  • Conclusion: Represents the future of LPWA technology for mobile service providers using licensed spectrum, tied to the evolution of eSIMs for broader usage.

IEEE 802.15.4

A foundational wireless access technology for low-cost, low-data-rate devices that run on batteries, enabling easy installation with a compact protocol stack.

  • Criticisms: MAC reliability, unbounded latency, and susceptibility to interference (due to lack of frequency hopping in original versions). Later variants address these issues.
  • Standardization: Defines low-data-rate PHY and MAC layer specifications for Wireless Personal Area Networks (WPAN). Several iterations have been published (2003, 2006, 2011, 2015).
  • Protocol Stacks Utilizing 802.15.4: Forms the foundation for numerous protocol stacks, including:
    • ZigBee: Defines upper-layer components (network, application) for home/building automation, smart energy, and healthcare. Uses AES 128-bit security.
    • 6LoWPAN: An IPv6 adaptation layer for transporting IPv6 packets efficiently over 802.15.4.
    • ZigBee IP: An evolution that adopts 6LoWPAN, IPv6, and RPL routing for mesh networks, supporting TCP/UDP.
    • ISA100.11a: Industrial wireless system based on 802.15.4-2006, 6LoWPAN, IPv6, and UDP.
    • WirelessHART: Time-synchronized, self-organizing, self-healing mesh architecture over 2.4 GHz.
    • Thread: A secure and reliable mesh network protocol stack built on 6LoWPAN/IPv6 for home products.

802.15.4 Technical Specifications

  • Physical Layer: Supports various PHY options, including 2.4 GHz (worldwide, 250 kbps), 915 MHz (North/South America, initially 40 kbps, later up to 250 kbps), and 868 MHz (Europe, ME, Africa, initially 20 kbps, later up to 100 kbps). Maximum PSDU (payload) size is 127 bytes, requiring fragmentation for larger IPv6 packets.
  • MAC Layer: Manages access to the PHY channel, handles scheduling and routing, supports network beaconing, PAN association/disassociation, device security, and reliable link communications. Has four frame types: Data, Beacon, Acknowledgement, and MAC command. All devices support a unique 64-bit extended MAC address.
  • Topology: Can be built as star, peer-to-peer, or mesh topologies. Requires at least one full-function device (FFD) as a PAN coordinator. Reduced-function devices (RFDs) only communicate with FFDs. Routing can be mesh-under (Layer 2) or mesh-over (Layer 3, using protocols like RPL).
  • Security: Uses Advanced Encryption Standard (AES) with a 128-bit key length for data encryption and validation.

IEEE 802.15.4g and 802.15.4e Amendments

These are amendments to the core IEEE 802.15.4 standard.

  • 802.15.4e-2012: Enhances the MAC layer, improving reliability and latency, particularly for factory/process automation and smart grid. Includes Time-Slotted Channel Hopping (TSCH) for improved resilience to interference, information elements (IEs) for metadata exchange, enhanced beacons (EBs), enhanced beacon requests (EBRs), and enhanced acknowledgment.
  • 802.15.4g-2012: Focuses on the smart grid and smart utility network communication, enabling large outdoor wireless mesh networks (FANs) for applications like public lighting, environmental sensors, smart parking meters, microgrids, and renewable energy. It increased the maximum PHY payload size to 2047 bytes and improved CRC error protection.
  • Standardization: Wi-SUN Alliance promotes interoperability for smart utility networks based on 802.15.4g.
  • Topology: Mostly based on a mesh topology to expand distance in urban/rural deployments.
  • Security: Provides MAC layer security with AES 128-bit encryption, auxiliary security headers, secure acknowledgment, and secure Enhanced Beacon fields.

IEEE 1901.2a (Narrowband Power Line Communication)

A wired technology focusing on Narrowband Power Line Communication (NB-PLC), using the same wires that carry electric power. Offers low power and long range.

  • Use Cases: Smart metering, distribution automation, public lighting, electric vehicle charging stations, microgrids, and renewable energy.
  • Physical Layer: Defined for frequency bands from 3 to 500 kHz. Supports dynamic PHY payload size and MAC sublayer segmentation based on channel conditions.
  • MAC Layer: Based on the IEEE 802.15.4 MAC, incorporating information elements and a Segment Control field for fragmentation of larger upper-layer packets.
  • Topology: Deployments are tied to physical power lines, often using a mesh topology. Supports IPv6 6LoWPAN and RPL for network layer routing over PLC.
  • Security: Similar to 802.15.4g, offering AES encryption and authentication, plus Key Management Protocol support.

IP as the IoT Network Layer

The Internet Protocol (IP) suite plays a key architectural role in IoT, offering significant advantages, though it requires optimization for constrained IoT environments.

The Business Case for IP

IP provides a solid foundation for IoT, enabling secure, manageable, and bidirectional data communication across devices due to the following advantages:

  • Open and Standards-Based: Supported by IETF, promoting interoperability.
  • Versatile: Layered architecture adapts to any physical and data link layers.
  • Ubiquitous: Integrated dual (IPv4 and IPv6) IP stacks in most operating systems and increasingly supported by IoT application protocols.
  • Scalable: Massively deployed and tested, offering robust foundations for large numbers of devices.
  • Manageable and Highly Secure: Leverages well-understood network management and security protocols.
  • Stable and Resilient: A proven solution, used for decades in critical infrastructures.
  • Consumers’ Market Adoption: Common protocol linking IoT devices in the consumer space.
  • Innovation Factor: Underlying protocol for diverse applications, from file transfer to social networking.

Adoption or Adaptation of the Internet Protocol

  • Adaptation: Involves Application Layer Gateways (ALGs) to translate between non-IP and IP layers. This is common when integrating legacy non-IP devices.
  • Adoption: Replaces non-IP layers with IP counterparts, simplifying deployment and operations. This is increasingly seen in sectors like industrial and manufacturing.

Factors determining the choice include bidirectional vs. unidirectional data flow, per-packet overhead (IPv4 20 bytes, IPv6 40 bytes minimum headers), end-to-end communication benefits of adoption, and diversity of underlying network technologies.

The Need for Optimization

Despite IP’s advantages, challenges remain in IoT solutions due to constrained nodes and networks, and the ongoing transition from IPv4 to IPv6.

  • Constrained Nodes: IoT devices are often battery-powered with multi-year lifetime requirements, impacting communication intervals. These nodes can be very resource-limited, necessitating either communication through gateways (adaptation model) or optimized IP stacks (adoption model).
  • Constrained Networks (LLNs): Limited by low-power, low-bandwidth links (wireless and wired), operating at a few kbps to hundreds of kbps. They often experience high latency and packet loss.

IP Versions

The Internet is transitioning from IPv4 (limited address space) to IPv6 (vast address space). IoT solutions must support both concurrently, using techniques like tunneling and translation for interoperability. Many legacy devices support IPv4 only, while newer technologies almost always support both. IPv6-only adaptation layers exist for some IoT protocols like IEEE 802.15.4, IEEE 1901.2, and ITU G.9903.

Optimizing IP for IoT

Optimizations are applied across TCP/IP layers to deal with constrained environments:

Adaptation Layers (6LoWPAN to 6Lo)

These layers define how IP packets are transported over specific Layer 1 (PHY) and Layer 2 (MAC) protocols, often including optimizations for constrained nodes/networks.

  • 6LoWPAN: Initially focused on optimizing IPv6 transmission over IEEE 802.15.4 LLNs.
  • 6Lo: (IPv6 over Networks of Resource-Constrained Nodes) generalizes this to other link layer technologies (e.g., Bluetooth Low Energy, 802.11ah, NFC).
  • Header Compression: Shrinks IPv6 (40 bytes) and UDP (8 bytes) headers, potentially down to 6 bytes combined, to maximize payload size over low-MTU links. It is defined for IPv6 only.
  • Fragmentation: Breaks large IPv6 packets (MTU of 1280 bytes) into multiple smaller frames (e.g., 127 bytes for 802.15.4 frames) at Layer 2, using fragment headers with fields like Datagram Size, Datagram Tag, and Datagram Offset.
  • Mesh Addressing: Provides hop limits, source, and destination addresses for forwarding packets over multiple hops.
    • Mesh-Under: Routing handled at the 6LoWPAN adaptation layer.
    • Mesh-Over (Route-Over): Routing handled at the IP layer.

6TiSCH and RPL Routing

  • 6TiSCH: A working group that glues the MAC layer and 6LoWPAN adaptation layer using a sublayer called 6top, enabling IPv6 over IEEE 802.15.4e TSCH (Time-Slotted Channel Hopping). It defines schedule management mechanisms (static, neighbor-to-neighbor, remote, hop-by-hop) and forwarding models (Track Forwarding, Fragment Forwarding, IPv6 Forwarding).
  • RPL (IPv6 Routing Protocol for Low Power and Lossy Networks): A distance-vector routing protocol developed by the IETF’s RoLL working group specifically for IP smart objects in constrained networks.
    • Each node acts as a router, forming a mesh network with routing performed at the IP layer (mesh-over).
    • Defines storing mode (nodes keep full routing table) and non-storing mode (only border routers keep full table, other nodes use parents as default routes to save memory).
    • Based on a Destination-Oriented Directed Acyclic Graph (DODAG) concept.
    • Uses Objective Functions (OFs) to define how metrics are used to select routes and establish a node’s rank (proximity to the root).
    • Supports flexible metrics and constraints for routing, including Expected Transmission Count (ETX), Hop Count, Latency, Link Quality Level, Link Color, Node State/Attribute, Node Energy, and Throughput.

Authentication and Encryption on Constrained Nodes

IETF working groups (ACE for Authentication and Authorization for Constrained Environments, DICE for DTLS in Constrained Environments) focus on adapting security protocols like DTLS (Datagram Transport Layer Security) for constrained IoT environments. CoAP (Constrained Application Protocol) can be used with DTLS.

Profiles and Compliances

Organizations promoting IP in IoT include:

  • Internet Protocol for Smart Objects (IPSO) Alliance: Promotes IP for smart object communications.
  • Wi-SUN Alliance: Focuses on IEEE 802.15.4g and its support for secure IPv6 communications over UDP.
  • Thread Group: Defines an IPv6-based wireless profile for low-power, wireless mesh networks (over 250 devices).
  • IPv6 Ready Logo Program: Ensures interoperability and certification for IPv6 implementations.

Data and Analytics for IoT

The real value of IoT lies in the data produced by connected things, the new services enabled, and the business insights derived from that data.

Data Categorizations

  • Structured Data: Follows a predefined model or schema, easily formatted, stored, queried, and processed (e.g., IoT sensor values like temperature, pressure). Fits well with traditional relational database management systems (RDBMS) and tools like SQL, Excel, Python, R, and Tableau.
  • Unstructured Data: Lacks a logical schema, making it difficult to decode with traditional programming (e.g., text, speech, images, video). Accounts for about 80% of business data. Requires technologies like data lakes, Hadoop, NoSQL databases (e.g., MongoDB), cloud storage, and techniques like machine learning, natural language processing (NLP), and image processing.
  • Data in Motion vs. Data at Rest:
    • Data in Motion: Data in transit (e.g., sensor data moving through the network). Often processed at the edge using edge/fog computing for filtering, real-time processing, or forwarding (e.g., Apache Kafka, Apache Spark, Google Cloud Dataflow, Amazon Kinesis).
    • Data at Rest: Data held or stored (e.g., in IoT brokers or data center storage arrays). Processed using tools like Hadoop for batch processing and storage.

Types of Data Analytics Results

Data analysis provides different types of insights:

  1. Descriptive Analysis: Provides insight into current conditions by pulling data at any moment (e.g., current engine temperature).
  2. Diagnostic Analysis: Explains why something happened (e.g., why an engine overheated).
  3. Predictive Analysis: Estimates future outcomes or events based on historical data (e.g., remaining life of engine components, need for oil change). This is more resource-intensive.
  4. Prescriptive Analysis: Recommends actions to achieve optimal outcomes by considering various factors and alternatives (e.g., cost-effective maintenance for a truck). This is the most resource-intensive and highest value.

Big Data Analytics Tools and Technology

These tools collect, process, and analyze massive amounts of IoT data. Big data is characterized by the “Three Vs”: Velocity (how quickly data is collected and analyzed), Variety (different types of data), and Volume (the scale of data).

Popular Technologies for IoT Big Data

  • Massively Parallel Processing (MPP) Databases: Extend relational data warehouses, built for higher speed and efficiency by distributing data and processing across multiple nodes (scale-out architecture, shared-nothing). Ideal for complex SQL queries on large structured datasets but less suitable for varied or unstructured data. Examples: Amazon Redshift, Google BigQuery, Snowflake.
  • NoSQL Databases: “Not only SQL,” supports semi-structured, unstructured, and structured data. Designed for high-velocity, fast-changing data and horizontal scalability. Examples:
    • Document Stores: MongoDB (for JSON, XML)
    • Key-Value Stores: Redis, DynamoDB
    • Wide-Column Stores: HBase, Apache Cassandra
    • Graph Stores: Neo4j (for relationships)
  • Hadoop: An open-source framework for data storage and processing.
    • Hadoop Distributed File System (HDFS): Distributes data across multiple nodes, ensuring fault tolerance through data replication.
    • MapReduce: A distributed processing engine for batch processing data stored on HDFS nodes. Effective for analyzing trends but not suitable for real-time processing due to latency.
  • Apache Kafka: A distributed publish-subscribe messaging system for ingesting real-time data from sources like sensors and log files for stream processing. Acts as a bridge between data producers and stream processing engines.
  • Apache Spark: An in-memory distributed data analytics platform that accelerates processes in the Hadoop ecosystem by processing data in high-speed memory, enabling faster batch processing and near-real-time event processing, unlike MapReduce’s disk-based operations.

Edge Streaming Analytics

This process acts on data in real-time closer to IoT devices (at the edge) to reduce bandwidth requirements and latency associated with sending all data to the cloud. It involves three stages: raw input data from sensors, Analytics Processing Unit (APU) for filtering and combining data, and output streams that guide smart object behavior and are sent to the cloud via protocols like MQTT.

Network Analytics

Focuses on discovering patterns in communication flows from a network traffic perspective. Helps identify security vulnerabilities, plan network evolution, and understand network element behavior.

Securing IoT

The rapid growth of IoT devices increases the attack surface for cyber threats, making security and privacy crucial.

Security and Privacy Issues

  • IoT devices collect large amounts of personal data, raising significant privacy concerns.
  • Hackers exploit vulnerabilities to access or modify data, or disrupt operations.
  • Clear policies on data collection, usage, and storage are necessary, along with security and privacy regulations.

IoT Threats

Threat actors aim to compromise IoT systems to access or modify data, send new data, or disrupt operations. Key security threats include:

  • Confidentiality: Unauthorized access to data content. Solution: Cryptography.
  • Integrity: Unauthorized modification of data. Solution: Hashing algorithms.
  • Authentication: Impersonating a legitimate user to gain access. Solution: Password/multifactor/token-based authentications.
  • Non-repudiation: Denying the validity of data or actions. Solution: Digital signatures.
  • Availability: Disrupting IoT system operations (e.g., Denial of Service attacks).

IoT Vulnerabilities

Common vulnerabilities include insufficient authentication/encryption, insecure ports and interfaces, lack of secure update mechanisms, insecure network/mobile connectivity, not utilizing whitelists, insecure device chip manufacturing, configuration issues, and privacy issues (collecting/analyzing/storing data without consent).

IoT Threat Modeling and Risk

Threat modeling is a process to identify potential threats, assess their impact and likelihood. It involves four key steps:

  1. Identify Assets: Determine physical and data assets, their value, ownership, and security needs.
  2. Identify Message Flow: Map data flow between system components and external entities.
  3. Identify Threat Types: Classify threats (e.g., spoofing, tampering, DoS, privilege escalation).
  4. Rate Threats and Calculate Risks: Evaluate impact and likelihood to determine overall risk.