FTC report provides good checklist to design in IoT security and privacy

FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

comments: Comments Off on FTC report provides good checklist to design in IoT security and privacy tags: , , , ,

The #IoT Can Kill You! Got Your Attention? Car Security a Must

The Internet of Things can kill you.

Got your attention? OK, maybe this is the wake-up call the IoT world needs to make certain that privacy and security are baked in, not just afterthoughts.

Markey_IoT_car_reportI’ve blogged before about how privacy and security must be Job 1, but now it’s in the headlines because of a new report by our Mass. Senator, Ed Markey (Political aside: thanks, Ed, for more than 30 years of leadership — frequently as a voice crying in the wilderness — on the policy implications of telecomm!), “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” about the dangers of not taking the issues seriously when it comes to smart cars.

I first became concerned about this issue when reading “Look Out, He’s Got an Phone,!” (my personal nominee for all-time most wry IoT headline…), a litany of all sorts of horrific things, such as spoofing the low air-pressure light on your car so you’ll pull over and the Bad Guys can get it would stop dead at 70 mph,  that are proven risks of un-encrypted automotive data.  All too typical was the reaction of Schrader Electronics, which makes the tire sensors:

“Schrader Electronics, the biggest T.P.M.S. manufacturer, publicly scoffed at the Rutgers–South Carolina report. Tracking cars by tire, it said, is ‘not only impractical but nearly impossible.’ T.P.M.S. systems, it maintained, are reliable and safe.

“This is the kind of statement that security analysts regard as an invitation. A year after Schrader’s sneering response, researchers from the University of Washington and the University of California–San Diego were able to ‘spoof’ (fake) the signals from a tire-pressure E.C.U. by hacking an adjacent but entirely different system—the OnStar-type network that monitors the T.P.M.S. for roadside assistance. In a scenario from a techno-thriller, the researchers called the cell phone built into the car network with a message supposedly sent from the tires. ‘It told the car that the tires had 10 p.s.i. when they in fact had 30 p.s.i.,’ team co-leader Tadayoshi Kohno told me—a message equivalent to ‘Stop the car immediately.’ He added, ‘In theory, you could reprogram the car while it is parked, then initiate the program with a transmitter by the freeway. The car drives by, you call the transmitter with your smartphone, it sends the initiation code—bang! The car locks up at 70 miles per hour. You’ve crashed their car without touching it.’”

Hubris: it’ll get you every time….

So now Senator Markey lays out the full scope of this issue, and it should scare the daylights out of you — and, hopefully, Detroit! The report is compiled on responses by 16 car companies (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo — hmm: one that didn’t respond was Tesla, which I suspect [just a hunch] really has paid attention to this issue because of its techno leadership) to letters Markey sent in late 2013. Here are the damning highlights from his report:

“1. Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.

2. Most automobile manufacturers were unaware of or unable to report on past hacking incidents.

3. Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.

4. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. (my emphasis)

5. Automobile manufacturers collect large amounts of data on driving history and vehicle performance.

6. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.

7. Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.

8. Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

In short, the auto industry collects a lot of information about us, and doesn’t have a clue how to manage or protect it.

I’ve repeatedly warned before that one of the issues technologists don’t really understand and/or scoff at, is public fears about privacy and security. Based on my prior work in crisis management, that can be costly — or fatal.

This report should serve as a bit of electroshock therapy to get them (and here I’m referring not just to auto makers but all IoT technologists: it’s called guilt by association, and most people tend to confabulate fears, not discriminate between them. Unless everyone in IoT takes privacy and security seriously, everyone may suffer the result [see below]) to realize that it’s not OK, as one of the speakers at the Wearables + Things conference said, that “we’ll get to privacy and security later.” It’s got to be a priority from the get-go (more about this in a forthcoming post, where I’ll discuss the recent FTC report on the issue).

I’ve got enough to worry about behind the wheel, since the North American Deer Alliance is out to get me. Don’t make me worry about false tire pressure readings.


PS: there’s another important issue here that may be obscured: the very connectedness that is such an important aspect of the IoT. Remember that the researchers spoofed the T.P.M.S. system not through a frontal assault, but by attacking the roadside assistance system? It’s like the way Target’s computers were hacked via a small company doing HVAC maintenance. Moral of the story? No IoT system is safe unless all the ones linking to it are safe.  For want of a nail … the kingdom was lost!

Another Personal IoT Story: my next car will have auto braking

Posted on 16th January 2015 in automotive, Essential Truths, transportation

Sorry to burden you with another personal Internet of Things story, especially since this one’s nowhere near as nice as how car_crashsmart sockets made peace in my house!

For the second time in less than a month, I was hit by a deer at night on Rt. 27 in Medfield, MA. If you know our area, its in the outer suburbs, and plagued by deer, who are mating at this time of year, and are absolutely nuts. Two hours later, I’m still shaking, and extremely lucky to have escaped a serious injury.

I don’t know if  it would have avoided a collision, because they were running sooo fast, but you can be sure that my next car with be a smart one, with sensors and an automatic braking system like the ones on TMercedes, BMWs and high-end Hyundai‘s.  Here’s something where the smart version wouldn’t just simplify something, but would observe one of my “Essential Truths” of the IoT, “what can you do now that you couldn’t do before.”

No driver who was focused on the road ahead could have possibly seen these deer rushing out of the pitch-black woods on the other side of the road (or, if he did, he would have crashed into something else because of taking his eyes off the road), but a motion-sensor coupled to the brakes would have detected motion in time to apply the brakes and maybe avoid the crash.

Tonight was one of the most traumatic events of my life, between the accident and the first time I’ve ever heard a gunshot up close, as the police put the doe out of her misery. If I can invest in IoT technology to avoid it happening again, I’ll be at the head of the line!

Lifting the Veil After the Sale: another IoT “Essential Truth”

Count me among those who believe the Internet of Things will affect every aspect of corporate operations, from manufacturing to customer relations.

Perhaps one of the most dramatic impacts will be on the range of activities that take place after the sale, including maintenance, product liability, product upgrades and customer relations.

In the past, this has been a prime example of the “Collective Blindness” that afflicted us before the IoT, because we basically had no idea what happened with our products once they left the factory floor.

In fact, what little data we did have probably served to distort our impressions of how products were actually used. Because there was no direct way to find out how the products were actually used, negative data was probably given exaggerated weight: we heard negative comments (warrantee claims, returns, liability lawsuits, etc.), loud and clear, but there was no way to find out how the majority of customers who were pleased with their products used them.

That has all changed with the IoT.

Now, we have to think about products  in totally new ways to capitalize on the IoT, and I think this merits another “Essential Truth” about the IoT:

Everything is cyclical.

Think about products — and industrial processes in general — in the old industrial system. Everything was linear: perhaps best exemplified by Henry Ford’s massive River Rouge Complex, the world’s largest integrated factory, and the epitome of integrated production.

Ford River Rouge Complex

“Ford was attempting to control and coordinate all of the necessary resources to produce complete automobiles.  Although Ford’s vision was never completely realized, no one else has come so close, especially on such a large scale.  His vision was certainly a success, one indication of this is the term Fordism, which refers to his style of mass-production, characterized by vertical integration, standardized products and assembly-line production”

At “The Rouge,” raw materials (literally: it had its own coke ovens and foundry!)  flowed in one side, and completed cars flowed out the other, bound for who knows where. Once the cars were in customers’ hands, the company’s contact was limited to whatever knowledge could be gleaned from owners’ visits to dealers’ service departments, irate calls from customers who had problems, and (in later days) safety recalls and/or multi-million dollar class-action lawsuits.

That linear thinking led to a terrible example of the “Collective Blindness” phenomenon that I’ve written about in the past: who knew how customers actually thought about their Model T’s? How did they actually drive them? Were there consistent patterns of performance issues that might not have resulted in major problems, but did irritate customers?

Sure, you could guess, or try to make inferences based on limited data, but no one really knew.

Fast forward to the newest auto manufacturer, Tesla, and its factory in Fremont, California (aside: this massive building — Tesla only uses a portion, used to be the NUMMI factory, where Chevy built Novas and Toyota built Corollas. Loved the perceptual irony: exactly the same American workers built mechanically identical cars [only the sheet metal varied] but the Toyotas commanded much higher prices, because of the perception of “Japanese quality.” LOL. But I digress….).

Tesla doesn’t lose track of its customers once the cars leave the plant.

Tesla assembly line

In fact, as I’ve written before, these “iPhones on wheels” are part of a massive cyclical process, where the cars’ on-board communications constantly send back data to the company about how the cars are actually doing on the road. And, when need be, as I mentioned in that prior post, the company was able to solve a potentially dangerous problem by simply sending out a software patch that was implemented while owners slept, without requiring customer trips to a repair shop!

I imagine that the company’s design engineers also pour over this data to discern patterns that might indicate elements of the physical design to tweak as well.

Of course, what would a blog post by me about IoT paradigm shifts be without a gratuitous reference to General Electric and its Durathon battery plant (aside to GE accounting: where should I send my W-9 and invoice so you can send me massive check for all the free PR I’ve given you? LOL)?

I can’t think of a better example of this switch to cyclical thinking:

  • including sensors into the batteries at the beginning of the production process rather than slapping them on at the end means that the company is actually able to monitor, and fine tune, the manufacturing process to optimize the critical chemical reaction. The same data allows the workers to remove defective batteries from the assembly line, so that every battery that ships works.
  • once in the field (and, remember: these batteries are deployed in incredibly remote areas where it might take days for a repair crew to reach and either service or repair them) the same sensors send back data on how the batteries are functioning. I don’t know about the specifics in the case of these batteries, but GE has actually created new revenue streams with other continuously-monitored devices by selling this data to customers who can use it (because the data is shared on a real-time basis, not just historically) to optimize performance.

Elsewhere, as I’ve mentioned before, General Electric’s William Ruh has said that being able to lift the veil of “Collective Blindness” through feedback from how customers actually use their products has even revolutionized their product design process:

“… G.E. is adopting practices like releasing stripped-down products quickly, monitoring usage and rapidly changing designs depending on how things are used by customers. These approaches follow the ‘lean start-up’ style at many software-intensive Internet companies. “’We’re getting these offerings done in three, six, nine months,’ he (Ruh) said. ‘It used to take three years.’”

Back in the ’90’s, I used to lecture and consult on what I called “Natural Wealth,” a paradigm shift in which we’d find all the inspiration we needed for an information-based economy in a table-top terrarium that embodies billion-year-old  principles of nature:

  • embrace chaos, don’t try to control it. (i.e., use open systems rather than proprietary ones)
  • create symbiosis: balance competition with cooperation (IFTTT.com, where you release your APIs to create synergistic mashups with others).
  • close the loop.

With the IoT, we can finally put that last principle into practice, substituting cyclical processes for linear ones.  At long last, the “systems dynamics” thinking pioneered by Jay Forrester and his disciple, Peter Senge, can become a reality. Here’s a closing tip to make that possible: in addition to SAP’s HANA or other analytics packages, look to systems dynamics software such as isee systems’  iThink to model your processes and transform linear into cyclical ones. Now get going: close the loop!

Why the Internet of Things Will Bring Fundamental Change “What Can You Do Now That You Couldn’t Do Before?”

The great Eric Bonabeau has chiseled it into my consciousness that the test of whether a new technology really brings about fundamental change is to always ask “What can you do now that you couldn’t do before?

Tesla Roadster

That’s certainly the case for the Tesla alternative last winter to a costly, time-consuming, and reputation-staining recall  (dunno: I must have been hiding under a rock at the time to have not heard about it).

In reporting the company’s action, Wired‘s story’s subtitle was “best example yet of the Internet of Things?”

I’d have to agree it was.

Coming at the same time as the godawful Chevy recall that’s still playing out and still dragging down the company, Tesla promptly and decisively response solved another potentially dangerous situation:

 

“‘Not to worry,’ said Tesla, and completed the fix for its 29,222 vehicle owners via software update. What’s more, this wasn’t the first time Tesla has used such updates to enhance the performance of its cars. Last year it changed the suspension settings to give the car more clearance at high speeds, due to issues that had surfaced in certain collisions.”

Think of it: because Tesla has basically converted cars into computers with four wheels, modifying key parts by building in sensors and two-way communications, it has also fundamentally changed its relationship with customers: it can remain in constant contact with them, rather than losing contact between the time the customer drives off the lot and when the customer remembers (hopefully..) to schedule a service appointment, and many modifications that used to require costly and hard-to-install replacement parts now are done with a few lines of code!

Not only can Tesla streamline recalls, but it can even enhance the customer experience after the car is bought: I remember reading somewhere that car companies may start offering customer choice on engine performance: it could offer various software configurations to maximize performance or to maximize fuel savings — and continue to tweak those settings in the future, just as computers get updated operating systems. That’s much like the transformation of many other IoT-enhanced products into services, where the customer may willingly pay more over a long term for a not just a hunk of metal, but also a continuing data stream that will help optimize efficiency and reduce operating costs.

Wired went on to talk about how the engineering/management paradigm shift represented a real change:

  • “In nearly all instances, the main job of the IoT — the reason it ever came to be — is to facilitate removal of non-value add activity from the course of daily life, whether at work or in private. In the case of Tesla, this role is clear. Rather than having the tiresome task of an unplanned trip to the dealer put upon them, Tesla owners can go about their day while the car ‘fixes itself.’
  • Sustainable value – The real challenge for the ‘consumer-facing’ Internet of Things is that applications will always be fighting for a tightly squeezed share of disposable consumer income. The value proposition must provide tangible worth over time. For Tesla, the prospect of getting one’s vehicle fixed without ‘taking it to the shop’ is instantly meaningful for the would-be buyer – and the differentiator only becomes stronger over time as proud new Tesla owners laugh while their friends must continue heading to the dealer to iron out typical bug fixes for a new car. In other words, there is immediate monetary value and technology expands brand differentiation. As for Tesla dealers, they must be delighted to avoid having to make such needling repairs to irritated customers – they can merely enjoy the positive PR halo effect that a paradigm changing event like this creates for the brand – and therefore their businesses.
  • Setting new precedents – Two factors really helped push Tesla’s capability into the news cycle: involvement by NHTSA and the word ‘recall.’ At its issuance, CEO Elon Musk argued that the fix should not technically be a ‘recall’ because the necessary changes did not require customers find time to have the work performed. And, despite Musk’s feather-ruffling remarks over word choice, the stage appears to have been set for bifurcation in the future by the governing bodies. Former NHTSA administrator David Strickland admitted that Musk was ‘partially right’ and that the event could be ‘precedent-setting’ for regulators.”

That’s why I’m convinced that Internet of Things technologies such as sensors and tiny radios may be the easy part of the revolution: the hard part is going to be fundamental management changes that require new thinking and new questions.

What can you do now that you couldn’t do before??

BTW: Musk’s argument that its software upgrade shouldn’t be considered a traditional “recall” meshes nicely with my call for IoT-based “real-time regulation.”  As I wrote, it’s a win-win, because the same data that could be used for enforcement can also be used to enhance the product and its performance:

  • by installing the sensors and monitoring them all the time (typically, only the exceptions to the norm would be reported, to reduce data processing and required attention to the data) the company would be able to optimize production and distribution all the time (see my piece on ‘precision manufacturing’).
  • repair costs would be lower: “predictive maintenance” based on real-time information on equipment’s status is cheaper than emergency repairs. the public interest would be protected, because many situations that have resulted in disasters in the past would instead be avoided, or at least minimized.
  • the cost of regulation would be reduced while its effectiveness would be increased: at present, we must rely on insufficient numbers of inspectors who make infrequent visits: catching a violation is largely a matter of luck. Instead, the inspectors could monitor the real-time data and intervene instantly– hopefully in time to avoid an incident. “

It’s Time for IoT-enabled “Real-Time” Regulation

Pardon me, but I still take the increasingly-unfashionable view that we need strong, activist government, to protect the weak and foster the public interest.

That’s why I’m really passionate about the concept (for what it’s worth, I believe I’m the first to propose this approach)  that we need Internet of Things enabled “real-time regulation” that wouldn’t rely on scaring companies into good behavior through the indirect means of threatening big fines for violations, but could actually minimize, or even avoid, incidents from ever happening, while simultaneously improving companies’ operating efficiency and reducing costly repairs. I wrote about the concept in today’s O’Reilly SOLID blog — and I’m going to crusade to make the concept a reality!

I first wrote about “real-time” regulation before I was really involved in the IoT: right after the BP Gulf blow-out, when I suggested that:

The .. approach would allow officials to monitor in real time every part of an oil rig’s safety system. Such surveillance could have revealed the faulty battery in the BP rig’s blowout preventer and other problems that contributed to the rig’s failure. A procedure could have been in place to allow regulators to automatically shut down the rig when it failed the pressure test rather than leaving that decision to BP.”

Since then I’ve modified my position about regulators’ necessarily having first-hand access to the real-time data, realizing that any company with half a brain would realize as soon as they saw data that there might be a problem developing (as opposed to having happened, which is what was too often the case in the past..) would take the initiative to shut down the operation ASAP to make a repair, saving itself the higher cost of dealing with a catastrophic failure.

As far as I’m concerned, “real-time regulation” is a win-win:

  • by installing the sensors and monitoring them all the time (typically, only the exceptions to the norm would be reported, to reduce data processing and required attention to the data) the company would be able to optimize production and distribution all the time (see my piece on “precision manufacturing“).
  • repair costs would be lower: “predictive maintenance” based on real-time information on equipment’s status is cheaper than emergency repairs.
  • the public interest would be protected, because many situations that have resulted in disasters in the past would instead be avoided, or at least minimized.
  • the cost of regulation would be reduced while its effectiveness would be increased: at present, we must rely on insufficient numbers of inspectors who make infrequent visits: catching a violation is largely a matter of luck. Instead, the inspectors could monitor the real-time data and intervene instantly– hopefully in time to avoid an incident.

Even though the IoT is not fully realized (Cisco says only 4% of “things” are linked at present), that’s not the case with the kind of high-stakes operation we’re most concerned with.  GE now builds about 60 sensors into every jet, realizing new revenues by proving the real-time data to customers, while being able to improve design and maintenance by knowing exactly what’s happening right now to the engines.  Union Pacific has cut dangerous and costly derailments due to bearing failures by 75% by placing sensors along the trackbed.

As I said in the SOLID post, it’s time that government begin exploring the “real-time regulation” alternative.  I’m contacting the tech-savvy Mass. delegation, esp. Senators Markey and Warren, and will report back on my progress toward making it a reality!

Follow-up: Winners in Postscapes’ annual best-of-the-IoT contest

Following up on my recent post on my favorite nominees for the 2013 Postscapes best-of-the-IoT contest, here are the actual winners.  What do you think??

comments: Comments Off on Follow-up: Winners in Postscapes’ annual best-of-the-IoT contest tags:

Best quick intro to the IoT that I’ve seen!

Following up on my last post, I’ve found what I think is the best quick intro to the Internet of Things!

Internet of Things,” released today by the Center for Data Innovation (hadn’t heard of them! BTW, they also get points in my book for covering XBRL, the magic potion for data…) is a quick read: it has short intros to most of the major consumer-oriented areas affected by the IoT, from healthcare to home automation, combined with two examples for each of those topics. I hadn’t heard of some of the examples (thanks, authors Daniel Castro and Jordan Misra!), although most are frequently cited ones ranging from the Nest thermostat to the Vitality GlowCap.  All in all, they’ll show almost any skeptic that the IoT is already a reality and that it will change their life!

The report concludes with brief policy recommendations for government and business alike:

  • (for government agencies) lead by example, i.e., include funding for sensors in bridge projects, etc. Yea (you listening, Obama Administration?).
  • reduce barriers to data sharing (this harkens back to my Data Dynamite book: data gains value by being shared!).
  • give consumers access to their data (again, something I wrote about in Data Dynamite).
  • avoid inundating consumers with notices (a fine line, since they need to be informed, in plain English, about how their data will be used).
  • regulate the use of data, not the collection (in line with Mercatus Center’s advice)

All in all, a nice intro to the IoT!

BTW: Thanx to ol’ friend Pete O’Dell for turning me on to this report!

comments: Comments Off on Best quick intro to the IoT that I’ve seen! tags: , , , , , , , , ,

Usage-based Insurance: Preview of Radical Industry Change Through IoT

Holy Clayton Christensen! Another wave of “disruptive innovation” is on its way, and this time the Internet of Things is responsible!

I’m confident that the IoT is going to bring about radical change throughout a wide range (if not all…) of vertical markets in the near future, through new realities such as giving everyone who needs it access to real-time information or by making preventive maintenance simple through real-time data from products such as jet turbines (General Electric is, again, a leader…).

However, for concrete evidence of how the IoT will change things, perhaps the best industry to look at is auto insurance, where the IoT is facilitating a fundamental shift in marketing, from the prior practice of basing premiums on proxy indicators such as a student’s grades or a person’s credit rating (leading to the heinous — and expensive — crime of “driving while poor,” LOL).

Progressive Snapshot

Progressive Snapshot

Instead, what is emerging worldwide (especially in Europe) is “usage-based insurance” (UBI), where the rates are based not on guestimates, but the driver’s actual behavior!

Insurance & Technology reports that the transition will only accelerate in the future.

“‘In five or ten years, all insurers will have dynamic driving data, so all will be able to offer discounts,’ says George Ayres, vice president of global sales for Verizon Telematics. ‘There will be no more asymmetry in terms of what they know about customers, so price alone won’t be as effective [for acquiring and retaining customers]. …The insurers who are out front on this idea are realizing [that soon] all will [have to] start to provide much wider breadth of services to keep those captured through price.’

“These services can be as simple as sending additional driving data to the driver’s smartphone, or as complex as auto insurance bundled with a customer relationship solution that sends alerts for scheduled maintenance.”

What a transformation!

Smart business leaders will start paying close attention to the features of the Internet of Things, and begin planning now on how to get ahead of the curve on making certain they are the beneficiaries of disruptive innovation — not the victims!

 

 

Automated factories: that’s not the IoT’s potential!

It’s easy to see why some people make the assumption that one of the results of the Internet of Things will be fully-automated factories.

After all, if automatic, real-time machine-2-machine data sharing would allow self-starting and self-regulating machinery, wouldn’t that allow us a utopian vision of completely autonomous manufacturing?

Instead, I think Bosch’s Volkmar Denner nailed it with this blog entry. He says that rather than complete automation:

“Instead, it’s about finding ways to increase agility. Putting that into figures, optimizing resource allocation within a more flexible production process can result in a jump in productivity of as much as 30 percent. Our goal is to be able to customize even the smallest unit volumes while retaining optimum productivity, and ultimately leading to achieve optimized multi-variant series production.”

I agree totally that what’s going to happen is an end to centralized management and top-down control of information (see my last post, on “Buckyball Management”!, with decentralized, self-management emerging that could threaten old industry leaders who don’t get it (see my posts about how GE does get it!) :

“… And I’m convinced that this shift will provide opportunities for established companies to offer new business models. But they too need to watch out: the IoTS is shaking up what until now has been very much a closed market, opening it up for entirely new players such as IT companies. Here, the IoTS is not just about connecting objects, machines, and systems. On the contrary, it’s also about how to use the data that this connectivity generates. And instead of using this information only within the plant itself, now everyone along the manufacturing chain can be given access to the data over the internet. Once again, the knowledge gained from these data can be applied to generate new business models.”

Denner says that one of the #IoT services that Bosch — the leading supplier of automotive sensors and one of the leaders in industrial sensors — is developing is predictive maintenance, which innovators such as GE (with its jet turbines) and the railroads (I’ve never traced my ancestry on my father’s side, but I harbor the possibility that I’m descended from the Stephensons, pere et fils, who invented the locomotive, so I have a warm spot in my heart for that industry…) are already doing.  As Denner says, “Having such a solution in place allows organizations to offer their customers new and improved levels of service, including a guarantee of reduced downtimes.”

So don’t count out the human element in manufacturing once the IoT is commonplace: in fact, it will be more important, and more valuable, than ever!

comments: Comments Off on Automated factories: that’s not the IoT’s potential! tags: , , , , ,
http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management