IoT-based “Regulation 3.0” Might Have Avoided Merrimack Valley Tragedies

Pardon me: this is a very personal post.

For about an hour Thursday night we didn’t know whether my son’s home in Lawrence was one of those blown up by the gasline explosions (fortunately, he and his dear family were never at risk — they’re living in Bolivia for two years — but the house was right at Ground Zero). Fortunately, it is intact.

However, the scare took me back to an op-ed I wrote eight years ago in Federal Computer Week after the BP catastrophe in the Gulf, when I was working in disaster communications. I proposed what in fact was an IoT-based way to avoid similar disasters in the future: what I called “Regulation 3.0,” which would be a win-win solution for critical infrastructure companies (85% of the critical infrastructure in the US is in private hands) and the public interest by installing IoT-monitoring sensors and M2M control devices that would act automatically on that sensor data, rather than requiring human intervention:

  • in daily operations, it would let the companies dramatically increase their efficiency by giving real-time data on where the contents were and the condition of pipelines, wires, etc. so the operations could be optimized.
  • in a disaster, as we found out in Lawrence and Andover, where Columbia Gas evidently blew it on response management, government agencies (and, conceivably, even the general public, might have real-time data, to speed the response (that’s because of one of my IoT Essential Truths, “share data, don’t hoard it”).

We could never have that real-time data sharing in the past, so we were totally dependent on the responsible companies for data, which even they probably didn’t have because of the inability to monitor flow, etc.

Today, by contrast, we need to get beyond the old prescriptive regulations, which told companies what equipment to install (holding back progress when new, more efficient controls were created, and switch to performance-based regulation where the companies would instead be held to standards (i.e., in the not-too-distant future, when the IoT will be commonplace, collecting and sharing real-time data on their facilities), so they’d be free to adopt even better technology in the future.

However, Regulation 3.0 should become the norm, because it would be better all around:

  • helping the companies’ improve their daily operations.
  • cutting the cost of compliance (because data could be crunched and reported instantly, without requiring humans compiling and submitting it).
  • reducing the chance of incidents ever happening (When I wrote the op-ed I’d never heard of IoT-based “predictive maintenance,” which lets companies spot maintenance issues at the earliest point, so they can do repairs quickly and cheaper than if having to respond once they’re full-blown problems.).

I had a chance to discuss the concept yesterday with Rep. Joe Kennedy, who showed a real knowledge of the IoT and seemed open to the incident.

Eight years after I first broached the concept, PTC reports that the pipeline industry is now impementing IoT-based operations, with benefits including:

  • Situational awareness..
  • Situational intelligence..
  • and Predictive analytics.

Clearly, this is in the economic interests of the companies that control the infrastructure, and of the public interest.  The Time has come for IoT-based “Regulation 3.0.”

 

“All of Us:” THE model for IoT privacy and security!

pardon me in advance:this will be long, but I think the topic merits it!

One of my fav bits of strategic folk wisdom (in fact, a consistent theme in my Data Dynamite book on the open data paradigm shift) is, when you face a new problem, to think of another organization that might have one similar to yours, but which suffers from it to the nth degree (in some cases, even a matter of literal life-or-death!).

That’s on the likelihood that the severity of their situation would have led these organizations to already explore radical and innovative solutions that might guide your and shorten the process. In the case of the IoT, that would include jet turbine manufacturers and off-shore oil rigs, for example.

I raise that point because of the ever-present problem of IoT privacy and security. I’ve consistently criticized many companies’ lack of attention to seriousness and ingenuity, and warned that this could result not only in disaster for these companies, but also the industry in general due to guilt-by-association.

This is even more of an issue since the May roll-out of the EU’s General Data Protection Regulation (GDPR), based on the presumption of an individual right to privacy.

Now, I have exciting confirmation — from the actions of an organization with just such a high-stakes privacy and security challenge — that it is possible to design an imaginative and effective process alerting the public to the high stakes and providing a thorough process to both reassure them and enroll them in the process.

Informed consent at its best!

It’s the NIH-funded All of Us, a bold effort to recruit 1 million or more people of every age, sex, race, home state, and state of health nationwide to speed medical research, especially toward the goal of “personalized medicine.” The researchers hope that, “By taking into account individual differences in lifestyle, environment, and biology, researchers will uncover paths toward delivering precision medicine.”

All of Us should be of great interest to IoT practitioners, starting with the fact that it might just save our own lives by leading to creation of new medicines (hope you’ll join me in signing up!). In addition, it parallels the IoT in allowing unprecedented degrees of precision in individuals’ care, just as the IoT does with manufacturing, operating data, etc.:

“Precision medicine is an approach to disease treatment and prevention that seeks to maximize effectiveness by taking into account individual variability in genes, environment, and lifestyle. Precision medicine seeks to redefine our understanding of disease onset and progression, treatment response, and health outcomes through the more precise measurement of molecular, environmental, and behavioral factors that contribute to health and disease. This understanding will lead to more accurate diagnoses, more rational disease prevention strategies, better treatment selection, and the development of novel therapies. Coincident with advancing the science of medicine is a changing culture of medical practice and medical research that engages individuals as active partners – not just as patients or research subjects. We believe the combination of a highly engaged population and rich biological, health, behavioral, and environmental data will usher in a new and more effective era of American healthcare.” (my emphasis added)


But what really struck me about All of Us’s relevance to IoT is the absolutely critical need to do everything possible to assure the confidentiality of participants’ data, starting with HIPP protections and extending to the fact that it would absolutely destroy public confidence in the program if the data were to be stolen or otherwise compromised.  As Katie Rush, who heads the project’s communications team told me, “We felt it was important for people to have a solid understanding of what participation in the program entails—so that through the consent process, they were fully informed.”

What the All of Us staff designed was, in my estimation (and I’ve been in or around medical communication for forty years), the gold standard for such processes, and a great model for effective IoT informed consent:

  • you can’t ignore it and still participate in the program: you must sign the consent form.
  • you also can’t short-circuit the process: it said at the beginning the process would take 18-30 minutes (to which I said yeah, sure — I was just going to sign the form and get going), and it really did, because you had to do each step or you couldn’t join — the site was designed so no shortcuts were allowed!:
    • first, there’s an easy-to-follow, attractive short animation about that section of the program
    • then you have to answer some basic questions to demonstrate that you understand the implications.
    • then you have to give your consent to that portion of the program
    • the same process is repeated for each component of the program.
  • all of the steps, and all of the key provisions, are explained in clear, simple English, not legalese. To wit:
    • “Personal information, like your name, address, and other things that easily identify participants will be removed from all data.
    • Samples—also without any names on them—are stored in a secure biobank”
    • “We require All of Us Research Program partner organizations to show that they can meet strict data security standards before they may collect, transfer, or store information from participants.
    • We encrypt all participant data. We also remove obvious identifiers from data used for research. This means names, addresses, and other identifying information is separate from the health information.
    • We require researchers seeking access to All of Us Research Program data to first register with the program, take our ethics training, and agree to a code of conduct for responsible data use.
    • We make data available on a secure platform—the All of Us research portal—and track the activity of all researchers who use it.
    • We enlist independent reviewers to check our plans and test our systems on an ongoing basis to make sure we have effective security controls in place, responsive to emerging threats.”

The site emphasizes that everything possible will be done to protect your privacy and anonymity, but it is also frank that there is no way of removing all risk, and your final consent requires acknowledging that you understand those limits:

“We are working with top privacy experts and using highly-advanced security tools to keep your data safe. We have several  steps in place to protect your data. First, the data we collet from you will be stored on=oyters with extra security portection. A special team will have clearance to process and track your data. We will limit who is allowed to see information that could directly identy you, like your name or social security number. In the unlikely event of a data breach, we will notify you. You are our partner, and your privacy will always be our top priority.”

The process is thorough, easy to understand, and assures that those who actually sign up know exactly what’s expected from them, what will be done to protect them, and that they may still have some risk.

Why can’t we expect that all IoT product manufacturers will give us a streamlined version of the same process? 


I will be developing consulting services to advise companies that want to develop common-sense, effective, easy-to-implement IoT privacy and security measures. Write me if you’d like to know more.

Great Podcast Discussion of #IoT Strategy With Old Friend Jason Daniels

Right after I submitted my final manuscript for The Future is Smart I had a chance to spend an hour with old friend Jason Daniels (we collaborated on a series of “21st Century Homeland Security Tips You Won’t Hear From Officials” videos back when I was a homeland security theorist) on his “Studio @ 50 Oliver” podcast.

We covered just about every topic I hit in the book, with a heavy emphasis on the attitude shifts (“IoT Essential Truths” needed to really capitalize on the IoT and the bleeding-edge concept I introduce at the end of the book, the “Circular Corporation,” with departments and individuals (even including your supply chain, distribution network and customers, if you choose) in a continuous, circular management style revolving around a shared real-time IoT hub.  Hope you’ll enjoy it!

comments: Comments Off on Great Podcast Discussion of #IoT Strategy With Old Friend Jason Daniels tags: , , , , , ,

Liveblogging from Internet of Things Global Summit

Critical Infrastructure and IoT

Robert Metzger, Shareholder, Rogers Joseph O’Donnell 

  • a variety of constraints to direct government involvement in IoT
  • regulators: doesn’t trust private sector to do enough, but regulation tends to be prescriptive.
  • NIST can play critical role: standards and best practices, esp. on privacy and security.
  • Comparatively, any company knows more about potential and liabilities of IoT than any government body. Can lead to bewildering array of IoT regulations that can hamper the problem.
  • Business model problem: security expensive, may require more power, add less functionality, all of which run against incentive to get the service out at lowest price. Need selective regulation and minimum standards. Government should require minimum standards as part of its procurement. Government rarely willing to pay for this.
  • Pending US regulation shows constant tension between regulation and innovation.

             2017 IoT Summit

Gary Butler, CEO, Camgian 

  • Utah cities network embedding sensors.
  • Scalability and flexibility needed. Must be able to interface with constantly improving sensors.
  • Expensive to retrofit sensors on infrastructure.
  • From physical security perspective: cameras, etc. to provide real-time situational awareness. Beyond human surveillance. Add AI to augment human surveillance.
  • “Dealing with ‘data deluge.'”  Example of proliferation of drones. NIST might help with developing standards for this.
  • Battery systems: reducing power consumption & creating energy-dense batteries. Government could help. Government could also be a leader in adoption.

 

Cyber-Criminality, Security and Risk in an IoT World

John Carlin, Chair, Cybersecurity & Technology Program, Aspen Institute

  • Social media involved in most cyberwar attacks & most perps under 21.  They become linked solely by social media.
  • offensive threats far outstrip defenses when it comes to data
  • now we’re connecting billions of things, very vulnerable. Add in driverless cars & threat even greater. Examples: non-encrypted data from pacemakers, and the WIRED Jeep demo.

Belisario Contreras, Cyber Security Program Manager, Organization of American States

  • must think globally.
  • criminals have all the time to prepare, we must respond within minutes.
  • comprehensive approach: broad policy framework in 6 Latin American countries.

Samia Melhem, Global Lead, Digital Development, World Bank

  • projects: she works on telecommunications and transportation investing in government infrastructure in these areas. Most of these governments have been handicapped by lack of funding. Need expert data integrators. Integrating cybersecurity.

Stephen Pattison, VP Public Affairs, ARM

  • (yikes, never thought about this!) cyberterrorist hacks self-driving car & drives it into a crowds.
  • many cyber-engineers who might go to dark side — why hasn’t this been studied?
  • could we get to point where IoT-devices are certified secure (but threats continually evolve. Upgradeability is critical.
  • do we need a whistleblower protection?
  • “big data starts with little data”

Session 4: Key Policy Considerations for Building the Cars of Tomorrow – What do Industry Stakeholders Want from Policymakers?

Ken DiPrima, AVP New Product Development, IoT Solutions, AT&T

  • 4-level security approach: emphasis on end-point, locked-down connectivity through SIM, application level …
  • deep in 5-G: how do you leverage it, esp. for cars?
  • connecting 25+ of auto OEMs. Lot of trials.

Rob Yates, Co-President, Lemay Yates Associates

  • massive increase in connectivity. What do you do with all the data? Will require massive infrastructure increase.

Michelle Avary, Executive Board, FASTR, VP Automotive, Aeris

  • about 1 Gig of data per car with present cars. Up to 30 with a lot of streaming.
  • don’t need connectivity for self-driving car: but why not have connectivity? Also important f0r the vehicle to know and communicate its physical state. Machine learning needs data to progress.
  • people won’t buy vehicles when they are really autonomous — economics won’t support it, will move to mobility as a service.

Paul Scullion, Senior Manager, Vehicle Safety and Connected Automation, Global Automakers

  • emphasis on connected cars, how it might affect ownership patterns.
  • regulatory process slow, but a lot of action on state level. “fear and uncertainty” on state level. Balance of safety and innovation.

Steven Bayless, Regulatory Affairs & Public Policy, Intelligent Transportation Society of America

  • issues: for example, can you get traffic signals to change based on data from cars?
  • car industry doesn’t have lot of experience with collaborative issues.

How Are Smart Cities Being Developed and Leveraged for the Citizen?

Sokwoo Rhee, Associate Director of Cyber-Physical Systems Program, National Institute of Standards and Technology (NIST)

  • NIST GCTC Approach: Smart and Secure Cities. Partnered with Homeland Security to bring in cybersecurity & privacy at the basis of smart city efforts “Smart and Secure Cities and Communities Challenge”

Bob Bennett, Chief Innovation Officer, City of Kansas, MO

  • fusing “silos of awesomeness.”
  • 85% of data you need for smart cities already available.
  • “don’t blow up silos, just put windows on them.”
  • downtown is 53 smartest blocks in US
  • can now do predictive maintenance on roads
  • Prospect Ave.: neighborhood with worst problems. Major priority.
  • great program involving multiple data sources, to predict and take care of potholes — not only predictive maintenance but also use a new pothole mix that can last 12 years 
  • 122 common factors all cities doing smart cities look at!
  • cities have money for all sorts of previously allocated issues — need to get the city manager, not mayor, to deal with it
  • privacy and security: their private-sector partner has great resoures, complemented by the city’s own staff.

Mike Zeto, AVP General Manager, IoT Solutions, AT&T

  • THE AT&T Smart Cities guy. 
  • creating services to facilitate smart cities.
  • energy and utilities are major focus in scaling smart cities, including capital funding. AT&T Digital Infrastructure (done with GE) “iPhone for cities.”
  • work in Miami-Dade that improved public safety, especially in public housing. Similar project in Atlanta.
  • privacy and security: their resources in both have been one of their strengths from the beginning.

Greg Toth, Founder, Internet of Things DC

  • security issues as big as ever
  • smart city collaboration booming
  • smart home stagnating because early adopter boom over, value not sure
  • Quantified-Self devices not really taking hold (yours truly was one of very few attendees who said they were still using their devices — you’d have to tear my Apple Watch off).
  • community involvement greater than ever
  • looming problem of maintaining network of sensors as they age
  • privacy & security: privacy and security aren’t top priorities for most startups.

DAY TWO:

IoT TECH TALKS

  • Dominik Schiener, Co-Founder , IOTA speaking on blockchain
    • working with IoT version of blockchain for IoT — big feature is it is scaleable
    • why do we need it?  Data sets shared among all parties. Each can verify the datasets of other participants. Datasets that have been tampered are excluded.
    • Creates immutable single source of truth.
    • It also facilitates payments, esp. micropayments (even machine to machine)
    • Allows smart contracts. Fully transparent. Smart and trustless escrow.
    • Facilitates “machine economy”
    • Toward “smart decentralization”
    • Use cases:
      • secure car data — VW. Can’t be faked.
      • Pan-European charging stations for EVs. “Give machines wallets”
      • Supply chain tracking — probably 1st area to really adopt blockchain
      • Data marketplace — buy and sell data securely (consumers can become pro-sumers, selling their personal data).
      • audit trail. https://audit-trail.tangle.works
  • DJ Saul, CMO & Managing Director, iStrategyLabs IoT, AI and Augmented Reality
    • focusing on marketing uses.

Raising the bar for federal IoT Security – ‘The Internet of Things Cybersecurity Improvement Act’

  • Jim Langevin, Congressman, US House of Representatives
    • very real threat with IoT
    • technology outpacing the law
    • far too many manufacturers don’t make security a priority. Are customers aware?
    • consumers have right to know about protections (or lack thereof)
    • “failure is not an option”
    • need rigorous testing
  • Beau Woods, Deputy Director, Cyber Statecraft Initiative, Atlantic Council
    • intersection of cybersecurity & human condition
    • dependence on connected devices growing faster than our ability to regulate it
    • UL developing certification for medical devices
    • traceability for car parts
  • John Marinho, Vice President Cybersecurity and Technology, CTIA
    • industry constantly evolving global standards — US can’t be isolated.
    • cybersecurity with IoT must be 24/7. CTIA created an IoT working group, meets every two weeks online.
    • believe in public/private partnerships, rather than just regulatory.

Session 9: Meeting the Short and Long-Term Connectivity Requirements of IoT – Approaches and Technologies

  •  Andreas Geiss, Head of Unit ‘Spectrum Policy’, DG CONNECT, European Commission
    • freeing up a lot of spectrum, service neutral
    • unlicensed spectrum, esp. for short-range devices. New frequency bands. New medical device bands. 
    • trying to work with regulators globally to allow for globally-usable devices.
  • Geoff Mulligan, Chairman, LoRa Alliance; Former Presidential Innovation Fellow, The White House
    • wireless tradeoffs: choose two — low power/long distance/high speed.
    • not licensed vs. unlicensed spectrum. Mix of many options, based on open standards, all based on TCP/IP
    • LPWANs:
      • low power wide area networks
      • battery operated
      • long range
      • low cost
      • couple well with satellite networks
    • LoRaWAN
      • LPWAN based on LoRa Radio
      • unlicensed band
      • open standards base
      • openly available
      • open business model
      • low capex and opex could covered entire country for $120M in South Korea
      • IoT is evolutionary, not revolutionary — don’t want to separate it from other aspects of Internet
  • Jeffrey Yan, Director, Technology Policy, Microsoft
    • at Microsoft they see it as critical for a wide range of global issues, including agriculture.
  • Charity Weeden, Senior Director of Policy, Satellite Industry Association
    • IoT critical during disasters
    • total architecture needs to be seamless, everywhere.
  • Andrew Hudson, Head of Technology Policy, GSMA
    • must have secure, scalable networks

Session 10: IoT Data-Ownership and Licencing – Who Owns the Data?

  • Stacey Gray, Policy Lead IoT, Future Privacy Forum 
    • consumer privacy right place to begin.
    • need “rights based” approach to IoT data
    • at this point, have to show y0u have been actually harmed by release of data before you can sue.
  • Patrick Parodi, Founder, The Wireless Registry
    • focus on identity
    • who owns SSID identities? How do you create an identity for things?
  • Mark Eichorn, Assistant Director, Division of Privacy and Identity Protection, Federal Trade Commission 
    • cases involving lead generators for payday loan. Reselling personal financial info.
  • Susan Allen, Attorney-Advisor, Office of Policy and International Affairs, United States Patent & Trademark Office 
    • focusing on copyright.
    • stakeholders have different rights based on roles
  • Vince Jesaitis, Director, US Public Affairs, ARM
    • who owns data depends on what it is. Health data very tough standards. Financial data much more loose.
    • data shouldn’t be treated differently if it comes from a phone or a browser.
    • industrial side: autonomous vehicle data pretty well regulated.  Pending legislation dealing with smart cities emphasis open data.
comments: Comments Off on Liveblogging from Internet of Things Global Summit tags: , , , ,

A Vision for Dynamic and Lower-Cost Aging in Cities Through “SmartAging”

I’ve been giving a lot of thought recently about how my vision of I0T-based “SmartAging” through a combination of:

  • Quantified Self health apps and devices to improve seniors’ health and turn their health care into more of a partnership with their doctors
  • and smart home devices that would make it easier to manage their homes and “age in place” rather than being institutionalized

could meld with the exciting developments in smart city devices and strategy.  I believe the results could make seniors happier and healthier, reduce the burdens on city budgets of growing aging populations, and spur unprecedented creativity and innovation on these issues. Here’s my vision of how the two might come together. I’d welcome your thoughts on the concept!

 

A Vision for Dynamic and Lower-Cost Aging in Cities Through “SmartAging”

It’s clear business as usual in dealing with aging in America won’t work anymore.  10,000 baby boomers a day retire and draw Social Security. Between now and 2050, seniors will be the fastest growing segment of the population.  How can we stretch government programs and private resources so seniors won’t be sickly and live in abject poverty, yet millennials won’t be bankrupted either?

As someone in that category, this is of more than passing interest to me! 

I propose a new approach to aging in cities, marrying advanced but affordable personal technology, new ways of thinking about aging, and hybrid formal and ad hoc public-private partnerships, which can deal with at least part of the aging issue. Carving out some seniors from needing services through self-reliance and enhancing their well-being would allow focusing scarce resources on the most vulnerable remaining seniors. 

The approach is made possible not only by the plummeting cost and increasing power of personal technology but also the exciting new forms of collaboration it has made possible.

The proposal’s basis is the Internet of Things (IoT).  There is already a growing range of IoT wearable devices to track health indicators such as heart rates and promoting fitness activities, and IoT “smart home” devices controlling lighting, heat, and other systems. The framework visualized here would easily integrate these devices, but they can be expensive, so it is designed so seniors could benefit from the project without having to buy the dedicated devices.

This proposal does not attempt to be an all-encompassing solution to every issue of aging, but instead will create a robust, open platform that government agencies, companies, civic groups, and individuals can build upon to reduce burdens on individual seniors, improve their health and quality of life, and cut the cost of and need for some government services. Even better, the same platform and technologies can be used to enhance the lives of others throughout the life spectrum as well, increasing its value and versatility.

The proposal is for two complementary projects to create a basis for later, more ambitious one.

Each would be valuable in its own right and perhaps reach differing portions of the senior population. Combined, they would provide seniors and their families with a wealth of real-time information to improve health, mobility, and quality of life, while cutting their living costs and reducing social isolation.  The result would be a mutually-beneficial public-private partnerships and, one hopes, improve not only seniors’ lives, but also their feeling of connectedness to the broader community. Rather than treat seniors as passive recipients of services, it would empower them to be as self-reliant as possible given their varying circumstances. They would both be based on the Lifeline program in Massachusetts (and similar ones elsewhere) that give low-income residents basic Internet service at low cost.

Locally, Boston already has a record of achievement in internet-based services to connect seniors with others, starting with the simple and tremendously effective SnowCrew program that Joe Porcelli launched in the Jamaica Plain neighborhood. This later expanded nationwide into the NextDoor site and app, which could easily be used by participants in the program.

The first project would capitalize on the widespread popularity of the new digital “home assistants,” such as the Amazon Echo and Google Home.  One version of the Echo can be bought for as little as $49, with bulk buying also possible.  A critical advantage of these devices, rather than home monitoring devices specifically for seniors, is that they are mainstream, benefit from the “network effects” phenomenon that means each becomes more valuable as more are in use, and don’t stigmatize the users or shout I’M ELDERLY. A person who is in their 50s could buy one now, use it for routine household needs, and then add additional age-related functions (see below) as they age, amortizing the cost.

The most important thing to remember about these devices regarding aging is the fact that they are voice-activated, so they would be especially attractive to seniors who are tech-averse or simply unable to navigate complex devices. The user simply speaks a command to activate the device.

The Echo (one presumes a variation on the same theme will soon be the case with the “Home,” Apple’s forthcoming “Home Pod” and other devices that might enter the space in the future) gets its power from “skills,” or apps, that are developed by third-party developers. They give it the power, via voice, to deliver a wide range of content on every topic under the sun.  Several already released “skills” give an idea of how this might work:

  • Ask My Buddy helps users in an emergency. In an emergency, it can send phone calls or text messages to up to five contacts. A user would say, “Alexa, ask my buddy Bob to send help” and Bob would get an alert to check in on his friend.
  • Linked thermostats can raise or lower the temperature a precise amount, and lights can also be turned on or off or adjusted for specific needs.
  • Marvee can keep seniors in touch w/ their families and lessen social isolation.
  • The Fitbit skill allows the user who also has a Fitbit to trace their physical activity, encouraging fitness.

Again looking to Boston for precedent, related apps include the Children’s Hospital and Kids’ MD ones from Children’s Hospital. Imagine how helpful it could be if the gerontology departments of hospitals provided similar “skills” for seniors!

Most important to making this service work would be to capitalize on the growing number of city-based open-data programs that release a variety of important real-time data bases which independent developers mash up to create “skills”  such as real-time transit apps.  The author was a consultant to the District of Columbia in 2008 when it began this data-based “smart city” approach with the Apps for Democracy contest, which has spawned similar projects worldwide since then.  When real-time city data is released, the result is almost magic: individuals and groups see different value in the same data, and develop new services that use it in a variety of ways at no expense to taxpayers.

The key to this half of the pilot programs would be creating a working relationship with local Meetups such as those already created in various cities for Alexa programmers, which would facilitate the relationship) to stage one or more high-visibility hackathons. Programmers from major public and social service institutions serving seniors, colleges and universities, and others with an interest in the subject could come together to create “skills” based on the local public data feeds, to serve seniors’ needs, such as:

  • health
  • nutrition
  • mobility
  • city services
  • overcoming social isolation (one might ask how a technological program could help with this need. The City of Barcelona, generally acknowledged as the world’s “smartest” city, is circulating an RFP right now with that goal and already has a “smart” program for seniors who need immediate help to call for it) .

“Skills” are proliferating at a dizzying rate, and ones developed for one city can be easily adapted for localized use elsewhere.

Such a project would have no direct costs, but the city and/or a non-profit might negotiate lower bulk-buying rates for the devices, especially the l0wer price ($59 list) Amazon Dot, similar to the contract between the Japan Post Group, IBM, and Apple to buy 5 million iPads and equip them with senior-friendly apps from IBM which the Post Group would then furnish to Japanese seniors. Conceivably, the Dots bought this way might come preloaded with the localized and senior-friendly “skills.” 

The second component of a prototype SmartAging city program would make the wide range of local real-time location-based data available by various cities usable by cities joininh the 100+ cities worldwide who have joined the “Things Network” that create free citywide data networks specifically for Internet of Things use.

The concept uses technology called LoRaWAN: low-cost (the 10 units used in Amsterdam, each with a signal range of about 6 miles, only cost $12,000 total — much cheaper ones will be released soon), and were deployed and operative in less than a month!  The cost and difficulty of linking an entire city has plummeted as more cities join, and the global project is inherently collaborative.

With Things Network, entire cities would be converted into Internet of Things laboratories, empowering anyone (city agencies, companies, educational institutions, non-profits, individuals) to experiment with offering new services that would use the no-cost data sharing network.  In cities that already host Things Networks,  availability of the networks has spawned a wide range of novel local services.  For example, in Dunblane, Scotland, the team is developing a ThingsNetwork- based alarming system for people with dementia.  Even better, as the rapid spread of citywide open data programs and resulting open source apps to capitalize on them has illustrated, a neat app or service created in one city could easily be copied and enhanced elsewhere — virtuous imitation!

The critical component of the prototype programs would be to hold one or more hackathons once the network was in place.  The same range of participants would be invited, and since the Things Network could also serve a wide range of other public/private uses for all age groups and demographics, more developers and subject matter experts might participate in the hackathon, increasing the chances of more robust and multi-purpose applications resulting.

These citywide networks could eventually become the heart of ambitious two-way services for seniors based on real-time data, similar to those in Bolsano, Italy

The Internet of Things and smart cities will become widespread soon simply because of lowering costs and greater versatility, whether this prototype project for seniors happens or not. The suggestions above would make sure that the IoT serves the public interest by harnessing IoT data to improve seniors’ health, reduce their social isolation, and make them more self-sufficient. It will reduce the burden on traditional government services to seniors while unlocking creative new services we can’t even visualize today to enhance the aging process.

comments: Comments Off on A Vision for Dynamic and Lower-Cost Aging in Cities Through “SmartAging” tags: , , , , , , ,

Surprising Benefits of Combining IoT and Blockchain (they go beyond economic ones!)

One final effort to work this blockchain obsession out of my system so I can get on to some exciting other IoT news!

I couldn’t resist summarizing for you the key points in”Blockchain: the solution for transparency in product supply chains,” a white paper from Project Provenance Ltd., a London-based collective  (“Our common goal is to deliver meaningful change to commerce through open and accessible information about products and supply chains.”).

If you’ve followed any of the controversies over products such as “blood diamonds” or fish caught by Asian slaves & sold by US supermarkets, you know supply chains are not only an economic issue but also sometimes a vital social (and sometimes environmental) one. As the white paper warns:

“The choices we make in the marketplace determine which business practices thrive. From a diamond in a mine to a tree in a forest, it is the deepest darkest ends of supply chains that damage so much of the planet and its livelihood.”

Yikes!

Now blockchain can make doing the right thing easier and more profitable:

“Provenance enables every physical product to come with a digital ‘passport’ that proves authenticity (Is this product what it claims to be?) and origin (Where does this product come from?), creating an auditable record of the journey behind all physical products. The potential benefits for businesses, as well as for society and the environment, are hard to overstate: preventing the selling of fake goods, as well as the problem of ‘double spending’ of certifications present in current systems. The Decentralized Application (Dapp) proposed in this paper is still in development and we welcome businesses and standards organizations to join our consortium and collaborate on this new approach to understanding our material world.”

I also love Provenance’s work with blockchain because it demonstrates one of my IoT “Essential Truths,” namely, that we must share data rather than hoard it.  The exact same real-time data that can help streamline the supply chain to get fish to our stores quicker and with less waste can also mean that the people catching it are treated fairly. How cool is that?  Or, as Benjamin Herzberg, Program Lead, Private Sector Engagement for Good Governance at the World Bank Institute puts it in the quote that begins the paper, Now, in the hyper-connected and ever-evolving world, transparency is the new power.

While I won’t summarize the entire paper, I do recommend that you so, especially if blockchain is still new to you, because it gives a very detailed explanation of each blockchain component.

Instead, let’s jump in with the economic benefits of a blockchain and IoT-enabled supply chain, since most companies won’t consider it, no matter what the social benefits, if it doesn’t help the bottom line. The list is long, and impressive:

  • “Interoperable: A modular, interoperable platform that eliminates the possibility of double spending
  • Auditable: An auditable record that can be inspected and used by companies, standards organizations, regulators, and customers alike
  • Cost-efficient:  A solution to drastically reduce costs by eliminating the need for ‘handling companies’ to be audited
  • Real-time and agile:  A fast and highly accessible sign-up means quick deployment
  • Public: The openness of the platform enables innovation and could achieve bottom-up transparency in supply chains instead of burdensome top-down audits
  • Guaranteed continuity:  The elimination of any central operator ensures inclusiveness and longevity” (my emphasis)

Applying it to a specific need, such as documenting that a food that claims to be organic really is, blockchain is much more efficient and economical than cumbersome current systems, which usually rely on some third party monitoring and observing the process.  As I’ve mentioned before, the exquisite paradox of blockchain-based systems is that they are secure and trustworthy specifically because no one individual or program controls them: it’s done through a distributed system where all the players may, in fact, distrust each other:

“The blockchain removes the need for a trusted central organization that operates and maintains this system. Using blockchains as a shared and secure platform, we are able to see not only the final state (which mimics the real world in assigning the materials for a given product under the ownership of the final customer), but crucially, we are able to overcome the weaknesses of current systems by allowing one to securely audit all transactions that brought this state of being into effect; i.e., to inspect the uninterrupted chain of custody from the raw materials to the end sale.

“The blockchain also gives us an unprecedented level of certainty over the fidelity of the information. We can be sure that all transfers of ownership were explicitly authorized by their relevant controllers without having to trust the behavior or competence of an incumbent processor. Interested parties may also audit the production and manufacturing avatars and verify that their “on-chain” persona accurately reflects reality.”

The white paper concludes by also citing an additional benefit that I’ve mentioned before: facilitating the switch to an environmentally-sound “circular economy,” which requires not only tracking the creation of things, but also their usage, trying to keep them out of landfills. “The system proposed in this paper would not only allow the creation (including all materials, grades, processes etc) and lifecycle (use, maintenance etc) to be logged on the blockchain, but this would also make it easy to access this information when products are returned to be assessed and remanufactured into a new item.”

Please do read the whole report, and think how the economic benefits of applying blockchain-enabled IoT practices to your supply chain can also warm your heart.

 

comments: Comments Off on Surprising Benefits of Combining IoT and Blockchain (they go beyond economic ones!) tags: , , , , , , ,

Libelium: flexibility a key strategy for IoT startups

I’ve been fixated recently on venerable manufacturing firms such as 169-yr. old Siemens making the IoT switch.  Time to switch focus, and look at one of my fav pure-play IoT firms, Libelium.  I think Libelium proves that smart IoT firms must, above all, remain nimble and flexible,  by three interdependent strategies:

  • avoiding picking winners among communications protocols and other standards.
  • avoiding over-specialization.
  • partnering instead of going it alone.
Libelium CEO Alicia Asin

Libelium CEO Alicia Asin

If you aren’t familiar with Libelium, it’s a Spanish company that recently turned 10 (my, how time flies!) in a category littered with failures that had interesting concepts but didn’t survive. Bright, young, CEO Alicia Asin, one of my favorite IoT thought leaders (and do-ers!) was recently named best manager of the year in the Aragón region in Spain.  I sat down with her for a wide-ranging discussion when she recently visited the Hub of the Universe.

I’ve loved the company since its inception, particularly because it is active in so many sectors of the IoT, including logistics, industrial control, smart meters, home automation and a couple of my most favorite, agriculture (I have a weak spot for anything that combines “IoT” AND “precision”!) and smart cities.  I asked Asin why the company hadn’t picked one of those verticals as its sole focus: “it was too risky to choose one market. That’s still the same: the IoT is still so fragmented in various verticals.”

The best illustration of the company’s strategy in action is its Waspmote sensor platform, which it calls the “most complete Internet of Things platform in the market with worldwide certifications.” It can monitor up to 120 sensors to cover hundreds of IoT applications in the wide range of markets Libelium serves with this diversified strategy, ranging from the environment to “smart” parking.  The new versions of their sensors include actuators, to not simply report data, but also allow M2M control of devices such as irrigation valves, thermostats, illumination systems, motors and PLC’s. Equally important, because of the potentially high cost of having to replace the sensors, the new ones use extremely little power, so they can last        .

Equally important as the company’s refusal to limit itself to a single vertical market is its commitment to open systems and multiple communications protocols, including LoRaWAN, SIGFOX, ZigBee and 4G — a total of 16 radio technologies. It also provides both open source SDK and APIs.

Why?  As Asin told me:

 

“There is not going to be a standard. This (competiting standards and technology) is the new normal.

“I talk to some cities that want to become involved in smart cities, and they say we want to start working on this but we want to use the protocol that will be the winner.

“No one knows what will be the winner.

“We use things that are resilient. We install all the agents — if you aren’t happy with one, you just open the interface and change it. You don’t have to uninstall anything. What if one of these companies increases their prices to heaven, or you are not happy with the coverage, or the company disappears? We allow you to have all your options open.

“The problem is that this (not picking a standard) is a new message, and people don’t like to listen.  This is how we interpret the future.”

Libelium makes 110 different plug and play sensors (or as they call them, “Plug and Sense,” to detect a wide range of data from sources including gases, events, parking, energy use, agriculture, and water.  They claim the lowest power consumption in the industry, leading to longer life and lower maintenance and operating costs.

Finally, the company doesn’t try to do everything itself: Libelium has a large and growing partner network (or ecosystem, as it calls it — music to the ears of someone who believes in looking to nature for profitable business inspiration). Carrying the collaboration theme even farther, they’ve created an “IoT Marketplace,” where pre-assembled device combinations from Libelium and partners can be purchased to meet the specific needs of niches such as e-health,  vineyards, water quality, smart factories, and smart parking.  As the company says, “the lack of integrated solutions from hardware to application level is a barrier for fast adoption,” and the kits take away that barrier.

I can’t stress it enough: for IoT startups that aren’t totally focused on a single niche (a high-stakes strategy), Libelium offers a great model because of its flexibility, agnostic view of standards, diversification among a variety of niches, and eagerness to collaborate with other vendors.


BTW: Asin is particularly proud of the company’s newest offering, My Signals,which debuted in October and has already won several awards.  She told me that they hope the device will allow delivering Tier 1 medical care to billions of underserved people worldwide who live in rural areas with little access to hospitals.  It combines 15 different sensors measuring the most important body parameters that would ordinarily be measured in a hospital, including ECG, glucose, airflow, pulse, oxygen in

It combines 15 different sensors measuring the most important body parameters that would ordinarily be measured in a hospital, including ECG, glucose, airflow, pulse, blood oxygen, and blood pressure. The data is encrypted and sent to the Libelium Cloud in real-time to be visualized on the user’s private account.

It fits in a small suitcase and costs less than 1/100th the amount of a traditional Emergency Observation Unit.

The kit was created to make it possible for m-health developers to create prototypes cheaply and quickly.

comments: Comments Off on Libelium: flexibility a key strategy for IoT startups tags: , , , , , , ,

When Philips’s Hue Bulbs Are Attacked, IoT Security Becomes Even Bigger Issue

OK, what will it take to make security (and privacy) job #1 for the IoT industry?

The recent Mirai DDoS attack should have been enough to get IoT device companies to increase their security and privacy efforts.

Now we hear that the Hue bulbs from Philips, a global electronics and IoT leader that DOES emphasize security and doesn’t cut corners, have been the focus of a potentially devastating attack (um, just wonderin’: how does triggering mass epileptic seizures through your light bulbs grab you?).

Since it’s abundantly clear that the US president-elect would rather cut regulations than add needed ones (just announcing that, for every new regulation, two must be cut), the burden of improving IoT security will lie squarely on the shoulders of the industry itself. BTW:kudos in parting to outgoing FTC Chair Edith Ramirez, who has made intelligent, workable IoT regulations in collaboration with self-help efforts by the industry a priority. Will we be up to the security challenge, or, as I’ve warned before, will security and privacy lapses totally undermine the IoT in its adolescence by losing the public and corporate confidence and trust that is so crucial in this particular industry?

Count me among the dubious.

Here’s what happened in this truly scary episode, which, for the first time, presages making the focus of an IoT hack an entire city, by exploiting what might otherwise be a smart city/smart grid virtue: a large installed base of smart bulbs, all within communication distance of each other. The weapons? An off-the-shelf drone and an USB stick (the same team found that a car will also do nicely as an attack vector). Fortunately, the perpetrators in this case were a group of white-hat hackers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada, who reported it to Philips so they could implement additional protections, which the company did.

Here’s what they wrote about their plan of attack:

“In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction (my emphasis), provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform.

“The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack (my emphasis). To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already (my emphasis).

“To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.”

Again, this wasn’t one of those fly-by-night Chinese manufacturers of low-end IoT devices, but Philips, a major, respected, and vigilant corporation.

As for the possible results? It could:

  •  jam WiFi connections
  • disturb the electric grid
  • brick devices making entire critical systems inoperable
  • and, as I mentioned before, cause mass epileptic seizures.

As for the specifics, according to TechHive, the researchers installed Hue bulbs in several offices in an office building in the Israeli city of Beer Sheva. In a nice flair for the ironic, the building housed several computer security firms and the Israeli Computer Emergency Response Team.  They attached the attack kit on the USB stick to a drone, and flew it toward the building from 350 meters away. When they got to the building they took over the bulbs and made them flash the SOS signal in Morse Code.

The researchers”were able to bypass any prohibitions against remote access of the networked light bulbs, and then install malicious firmware. At that point the researchers were able to block further wireless updates, which apparently made the infection irreversible. ‘There is no other method of reprogramming these [infected] devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied.’”

Worst of all, the attack was against Zigbee, one of the most robust and widely-used IoT protocols, an IoT favorite because Zigbee networks tend to be cheaper and simpler than WiFi or BlueTooth.

The attack points up one of the critical ambiguities about the IoT. On one hand, the fact that it allows networking of devices leads to “network effects,” where each device becomes more valuable because of the synergies with other IoT devices. On the other hand, that same networking and use of open standards means that penetrating one device can mean ultimately penetrating millions and compounding the damage.


I’m hoping against hope that when Trump’s team tries to implement cyber-warfare protections they’ll extend the scope to include the IoT because of this specific threat. If they do, they’ll realize that you can’t just say yes cyber-security and no, regulations. In the messy world of actually governing, rather than issuing categorical dictums, you sometimes have to embrace the messy world of ambiguity.  

What do you think?

 

comments: Comments Off on When Philips’s Hue Bulbs Are Attacked, IoT Security Becomes Even Bigger Issue tags: , , , , , , , ,

#IoT and Trump’s Election

Posted on 9th November 2016 in government, Internet of Things

I try to keep my politics out of this blog (disclosure: I am an old-fashioned liberal Democrat, who cares about poor, working-class white men AND everyone), but I do feel compelled to bring one little factoid to your attention: a quick review of Google earlier for “Internet of Things” AND Trump revealed absolutely nothing.  As for Obama initiatives in the field, such as the recent Smart Cities contest, you can bet they will be among the first programs axed by executive action. If you didn’t feel compelled to vote, or, even worst, voted for him to “Send Washington a Message,” consider it sent, and I hope you can live with what you have set in process. As ye sow, so shall ye reap.

For everyone else, pray for the future of the world — it’s that dangerous when a narcissist has his finger on the nuclear Button

comments: Comments Off on #IoT and Trump’s Election tags: , , , ,

Smart Infrastructure Logical Top Priority for IoT

The only issue Clinton and Trump can agree on is the need for massive improvements to the nation’s crumbling infrastructure, especially its roads and bridges. But, please, let’s make it more than concrete and steel.

Let’s make it smart, and let’s make it the top priority for the IoT because of the trickle-down effects it will have on everything else in our economy.

Global economist Jeffrey Sachs stated the case eloquently in a recent Boston Globe op-ed, “Sustainable infrastructure after the Automobile Age,” in which he argued that the infrastructure (including not only highways and bridges but also water systems, waste treatment, and the electric grid) shaped by the automotive age has run its course, and must be replaced by one “in line with new needs, especially climate safety, and new opportunities, especially ubiquitous online information and smart machines.”

I’m currently reading Carlo Ratti and Matthew Claudel’s The City of Tomorrow: Sensors, Networks, and the Future of Urban Life, which makes the same argument: “The answer to urban expansion and diffusion — and the host of social consequences that they bring — may be to optimize, rather than increase, transportation infrastructure.”

The IoT is perfectly suited to the needs of a new information-based infrastructure, especially one which must balance promoting the economy and mobility with drastic reductions in greenhouse gasses (transportation produces approximately a third of the U.S.’s  emissions). It can both improve maintenance (especially for bridges) through built-in sensors that constantly monitor conditions and can give advance warning in time to do less-costly and less-disruptive predictive maintenance, and reduce congestion by providing real-time information on current congestion so that real-time alterations to signals, etc., can be made rather than depending on outmoded fixed-interval stoplights, etc.

Sachs points out that infrastructure spending as a percentage of GDP has fallen since the Reagan years, and that it will require much more spending to bring it up to date.

A good place to look for a model is China.  The country already sports the largest concentration of M2M connections in the world: “74 million connections at the end of 2014, representing almost a third of the global base,” much of that in the form of smart bridges, smart rails, and smart grid, and critical because of the country’s rapid economic growth (Ratti cites a Beijing traffic jam that immobilized cars for an astounding 12 days!). Similarly, the government aims to have 95% of homes equipt with smart meters by next year.The country has used its investment in smart infrastructure to build its overall IoT industry’s ability to compete globally.

Sachs argues for a long-term smart infrastructure initiative:

“I propose that we envision the kind of built environment we want for the next 60 years. With a shared vision of America’s infrastructure goals, actually designing and building the new transport, energy, communications, and water systems will surely require at least a generation, just as the Interstate Highway System did a half-century ago.”

He says we need a plan based on three priorities to cope with our current national and global challenges:

“We should seek an infrastructure that abides by the triple bottom line of sustainable development. That is, the networks of roads, power, water, and communications should support economic prosperity, social fairness, and environmental sustainability. The triple bottom line will in turn push us to adopt three guiding principles.

First, the infrastructure should be “smart,” deploying state-of-the-art information and communications technologies and new nanotechnologies to achieve a high efficiency of resource use.

Second, the infrastructure should be shared and accessible to all, whether as shared vehicles, open-access broadband in public areas, or shared green spaces in cities.

Third, transport infrastructure should promote public health and environmental safety. The new transport systems should not only shift to electrical vehicles and other zero-emission vehicles, but should also promote much more walking, bicycling, and public transport use. Power generation should shift decisively to zero-carbon primary energy sources such as wind, solar, hydro, and nuclear power. The built environment should be resilient to rising ocean levels, higher temperatures, more intense heat waves, and more extreme storms.”

The IoT, particularly because of its ability to let us share real-time data that in turn can regulate the infrastructure, is ideally suited to this challenge. It’s time for Congress to not only spend on infrastructure but to do so wisely.

The result will be not only the infrastructure we need, but also a more robust IoT industry in general.

 

comments: Comments Off on Smart Infrastructure Logical Top Priority for IoT tags: , , , ,
http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management