Blockchain might be answer to IoT security woes

Could blockchain be the answer to IoT security woes?

I hope so, because I’d like to get away from my recent fixation on IoT security breaches and their consequences,  especially the Mirai botnet attack that brought a large of the Internet to its knees this Fall and the even scarier (because it involved Philips, a company that takes security seriously) white-hat hackers attack on Hue bulbs.  As I’ve written, unless IoT security is improved, the public and corporations will lose faith in it and the IoT will never develop to its full potential.

Now, there’s growing discussion that blockchain (which makes bitcoin possible), might offer a good IoT security platform.

Ironically — for something dealing with security — blockchain’s value in IoT may be because the data is shared and no one person owns it or can alter it unilaterally (BTW, this is one more example of my IoT “Essential Truth” that with the IoT data should be shared, rather than hoarded as in the past.

If you’re not familiar with blockchain, here’s an IBM video, using an example from the highly security-conscious diamond industry, that gives a nice summary of how it works and why:

The key aspects of blockchain is that it:

  • is transparent
  • can trace all aspects of actions or transactions (critical for complex sequences of actions in an IoT process)
  • is distributed: there’s a shared form of record keeping, that everyone in the process can access.
  • requires permission — everyone has permission for every step
  • is secure: no one person — even a system administrator — can alter it without group approval.

Of these, perhaps the most important aspect for IoT security is that no one person can change the blockchain unilaterally, adding something (think malware) without the action being permanently recorded and without every participant’s permission.  To add a new transaction to the blockchain, all the members must validate it by applying an algorithm to confirm its validity.

The blockchain can also increase efficiency by reducing the need for intermediaries, and it’s a much better way to handle the massive flood of data that will be generated by the IoT.

The Chain of Things think tank and consortium is taking the lead on exploring blockchain’s application to the IoT. The group describes itself as “technologists at the nexus of IoT hardware manufacturing and alternative blockchain applications.” They’ve run several blockchain hackathons, and are working on open standards for IoT blockchains.

Contrast blockchain with the current prevailing IoT security paradigm.  As Datafloq points out, it’s based on the old client-server approach, which really doesn’t work with the IoT’s complexity and variety of connections: “Connection between devices will have to exclusively go through the internet, even if they happen to be a few feet apart.”  It doesn’t make sense to try to funnel the massive amounts of data that will result from widespread deployment of billions of IoT devices and sensor through a centralized model when a decentralized, peer-to-peer alternative would be more economical and efficient.

Datafloq concludes:

“Blockchain technology is the missing link to settle scalability, privacy, and reliability concerns in the Internet of Things. Blockchain technologies could perhaps be the silver bullet needed by the IoT industry. Blockchain technology can be used in tracking billions of connected devices, enable the processing of transactions and coordination between devices; allow for significant savings to IoT industry manufacturers. This decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices to run on. The cryptographic algorithms used by blockchains, would make consumer data more private.”

I love it: paradoxically, sharing data makes it more secure!  Until something better comes along and/or the nature of IoT strategy challenges changes, it seems to me this should be the basis for secure IoT data transmission!

 

 

 

Libelium: flexibility a key strategy for IoT startups

I’ve been fixated recently on venerable manufacturing firms such as 169-yr. old Siemens making the IoT switch.  Time to switch focus, and look at one of my fav pure-play IoT firms, Libelium.  I think Libelium proves that smart IoT firms must, above all, remain nimble and flexible,  by three interdependent strategies:

  • avoiding picking winners among communications protocols and other standards.
  • avoiding over-specialization.
  • partnering instead of going it alone.
Libelium CEO Alicia Asin

Libelium CEO Alicia Asin

If you aren’t familiar with Libelium, it’s a Spanish company that recently turned 10 (my, how time flies!) in a category littered with failures that had interesting concepts but didn’t survive. Bright, young, CEO Alicia Asin, one of my favorite IoT thought leaders (and do-ers!) was recently named best manager of the year in the Aragón region in Spain.  I sat down with her for a wide-ranging discussion when she recently visited the Hub of the Universe.

I’ve loved the company since its inception, particularly because it is active in so many sectors of the IoT, including logistics, industrial control, smart meters, home automation and a couple of my most favorite, agriculture (I have a weak spot for anything that combines “IoT” AND “precision”!) and smart cities.  I asked Asin why the company hadn’t picked one of those verticals as its sole focus: “it was too risky to choose one market. That’s still the same: the IoT is still so fragmented in various verticals.”

The best illustration of the company’s strategy in action is its Waspmote sensor platform, which it calls the “most complete Internet of Things platform in the market with worldwide certifications.” It can monitor up to 120 sensors to cover hundreds of IoT applications in the wide range of markets Libelium serves with this diversified strategy, ranging from the environment to “smart” parking.  The new versions of their sensors include actuators, to not simply report data, but also allow M2M control of devices such as irrigation valves, thermostats, illumination systems, motors and PLC’s. Equally important, because of the potentially high cost of having to replace the sensors, the new ones use extremely little power, so they can last        .

Equally important as the company’s refusal to limit itself to a single vertical market is its commitment to open systems and multiple communications protocols, including LoRaWAN, SIGFOX, ZigBee and 4G — a total of 16 radio technologies. It also provides both open source SDK and APIs.

Why?  As Asin told me:

 

“There is not going to be a standard. This (competiting standards and technology) is the new normal.

“I talk to some cities that want to become involved in smart cities, and they say we want to start working on this but we want to use the protocol that will be the winner.

“No one knows what will be the winner.

“We use things that are resilient. We install all the agents — if you aren’t happy with one, you just open the interface and change it. You don’t have to uninstall anything. What if one of these companies increases their prices to heaven, or you are not happy with the coverage, or the company disappears? We allow you to have all your options open.

“The problem is that this (not picking a standard) is a new message, and people don’t like to listen.  This is how we interpret the future.”

Libelium makes 110 different plug and play sensors (or as they call them, “Plug and Sense,” to detect a wide range of data from sources including gases, events, parking, energy use, agriculture, and water.  They claim the lowest power consumption in the industry, leading to longer life and lower maintenance and operating costs.

Finally, the company doesn’t try to do everything itself: Libelium has a large and growing partner network (or ecosystem, as it calls it — music to the ears of someone who believes in looking to nature for profitable business inspiration). Carrying the collaboration theme even farther, they’ve created an “IoT Marketplace,” where pre-assembled device combinations from Libelium and partners can be purchased to meet the specific needs of niches such as e-health,  vineyards, water quality, smart factories, and smart parking.  As the company says, “the lack of integrated solutions from hardware to application level is a barrier for fast adoption,” and the kits take away that barrier.

I can’t stress it enough: for IoT startups that aren’t totally focused on a single niche (a high-stakes strategy), Libelium offers a great model because of its flexibility, agnostic view of standards, diversification among a variety of niches, and eagerness to collaborate with other vendors.


BTW: Asin is particularly proud of the company’s newest offering, My Signals,which debuted in October and has already won several awards.  She told me that they hope the device will allow delivering Tier 1 medical care to billions of underserved people worldwide who live in rural areas with little access to hospitals.  It combines 15 different sensors measuring the most important body parameters that would ordinarily be measured in a hospital, including ECG, glucose, airflow, pulse, oxygen in

It combines 15 different sensors measuring the most important body parameters that would ordinarily be measured in a hospital, including ECG, glucose, airflow, pulse, blood oxygen, and blood pressure. The data is encrypted and sent to the Libelium Cloud in real-time to be visualized on the user’s private account.

It fits in a small suitcase and costs less than 1/100th the amount of a traditional Emergency Observation Unit.

The kit was created to make it possible for m-health developers to create prototypes cheaply and quickly.

comments: Comments Off on Libelium: flexibility a key strategy for IoT startups tags: , , , , , , ,

Siemens’s MindSphere: from automation to digitalization

Perhaps the most important component of a successful IoT transformation is building it on a robust platform, because that alone can let your company go beyond random IoT experiments to achieve an integrated IoT strategy that can add new components systematically and create synergistic benefits by combining the various aspects of the program.

A good starting point for discussion of such platforms is a description of the eight key platform components as detailed by IoT Analytics:

  1. “Connectivity & normalization: brings different protocols and different data formats into one ‘software’  interface ensuring accurate data streaming and interaction with all devices.
  2. Device management: ensures the connected ‘things’ are working properly, seamlessly running patches and updates for software and applications running on the device or edge gateways.
  3. Database: scalable storage of device data brings the requirements for hybrid cloud-based databases to a new level in terms of data volume, variety, velocity and veracity.
  4. Processing & action management: brings data to life with rule-based event-action-triggers enabling execution of ‘smart’ actions based on specific sensor data.
  5. Analytics: performs a range of complex analysis from basic data clustering and deep machine learning to predictive analytics extracting the most value out of the IoT data-stream.
  6. Visualization: enables humans to see patterns and observe trends from visualization dashboards where data is vividly portrayed through line-, stacked-, or pie charts, 2D- or even 3D-models.
  7. Additional tools: allow IoT developers prototype, test and market the IoT use case creating platform ecosystem apps for visualizing, managing and controlling connected devices.
  8. External interfaces: integrate with 3rd-party systems and the rest of the wider IT-ecosystem via built-in application programming interfaces (API), software development kits (SDK), and gateways.”

Despite (or because of, the complexity,) I think this is a decent description, because a robust IoT platf0rm really must encompass so many functions. The eight points give a basis for deciding whether what a company hawks as an IoT platform really deserves that title or really constitutes only part of the necessary whole (Aside: it’s also a great illustration of my Essential Truth that, instead of hoarding data as in the past, we must begin to ask “who else can use this data?” either inside the company or, potentially, outside, then use technology such as an IoT platform to integrate all those data uses productively.).

During my recent Barcelona trip (disclaimer: Siemens paid my way and arranged special access to some of its key decision makers, but made no attempt to limit my editorial judgment) I interviewed the company’s Chief Strategy Officer, Dr. Horst J. Kayser, who made it clear (as I mentioned in my earlier post about Siemens) that one of the advantages the company has over pure-play software firms is that it can apply its software offerings internally first and tweak them there, because of its 169-year heritage as a manufacturer, and “sits on a vast program of automation.”

Siemens’s IoT platform, MindSphere  is a collaboration with SAP, using the latter’s vast HANA cloud.  It ties together all components of Siemens’s IoT offerings, including data analytics, connectivity capabilities, developers’ tools, applications and services. MindSphere focuses on monitoring manufacturing assets’ real-time status, to evaluate and use customers’ data, producing insights that can cut production costs, improve performance, and even switch to predictive maintenance. Its Mind Connect Nano collects data from the assets and transferring it to MindSphere.

The “digital twin” is integrated throughout the MindSphere platform. Kayser says that “there’s a digital twin of the entire process, from conception through the manufacturing and maintenance, and it feeds the data back into the model.” In fact,  one dramatic example of the concept in action is the new Maserati Ghibli, created in 16 months instead of 30 — almost 50% less time than for prior models.  Using the Teamcenter PLM software, the team was able to virtually develop and extensively test the car before anything was created physically.

IMHO, Mindsphere and components such as Teamware might really be the key to actualizing my dream of the circular company, in this case with the IoT-based real-time digital twin at the heart of the enterprise — as Kayser said, “everything is done through one consistent data set.)” I hope to explore my concept, and the benefits I think it can produce, more with the Siemens strategists in the future!  I tried the idea out on several of them in Barcelona, and no one laughed, so we’ll see…

As with the company’s rail digitization services that I mentioned in my earlier post, there’s an in-house guinea pig for MindSphere as well: the company’s “Factory of the Future” in Amberg. The plant manufactures Simatic controllers, the key to the company’s automation products and services, to which digitalization is now being added as part of the company’s Industrie 4.0 IoT plan for manufacturing (paralleling GE’s “Industrial Internet.”). As you may be aware, Siemens’s efforts in this area are a subset of a formal German government/industry initiative — I  doubt seriously we’ll see this in the U.S. under Trump.

The results of digitalization at Amberg are astonishing by any measure, especially the ultimate accomplishment: a  99.9988 percent rate (no typo!!), which is even more incredible when you realize this is not mass production with long, uniform production runs: the plant manufactures more than 1,000 varieties of the controllers, with a total volume of 12 million Simatic products each year, or about one per second.  Here are some of the other benefits of what they call an emphasis on optimizing the entire value chain:

  • shorter delivery time: 24 hours from order.
  • time to market reduced by up to 50%.
  • cost savings of up to 25%

Of course there are several other robust IoT platforms, including GE’s Predix and PTC’s Thingworx, but my analysis shows that Mindsphere meets IoT Analytics’ criteria, and, combined with the company’s long background in manufacturing and automation, should make it a real player in the industrial internet. Bravo!

When Philips’s Hue Bulbs Are Attacked, IoT Security Becomes Even Bigger Issue

OK, what will it take to make security (and privacy) job #1 for the IoT industry?

The recent Mirai DDoS attack should have been enough to get IoT device companies to increase their security and privacy efforts.

Now we hear that the Hue bulbs from Philips, a global electronics and IoT leader that DOES emphasize security and doesn’t cut corners, have been the focus of a potentially devastating attack (um, just wonderin’: how does triggering mass epileptic seizures through your light bulbs grab you?).

Since it’s abundantly clear that the US president-elect would rather cut regulations than add needed ones (just announcing that, for every new regulation, two must be cut), the burden of improving IoT security will lie squarely on the shoulders of the industry itself. BTW:kudos in parting to outgoing FTC Chair Edith Ramirez, who has made intelligent, workable IoT regulations in collaboration with self-help efforts by the industry a priority. Will we be up to the security challenge, or, as I’ve warned before, will security and privacy lapses totally undermine the IoT in its adolescence by losing the public and corporate confidence and trust that is so crucial in this particular industry?

Count me among the dubious.

Here’s what happened in this truly scary episode, which, for the first time, presages making the focus of an IoT hack an entire city, by exploiting what might otherwise be a smart city/smart grid virtue: a large installed base of smart bulbs, all within communication distance of each other. The weapons? An off-the-shelf drone and an USB stick (the same team found that a car will also do nicely as an attack vector). Fortunately, the perpetrators in this case were a group of white-hat hackers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada, who reported it to Philips so they could implement additional protections, which the company did.

Here’s what they wrote about their plan of attack:

“In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction (my emphasis), provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform.

“The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack (my emphasis). To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already (my emphasis).

“To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.”

Again, this wasn’t one of those fly-by-night Chinese manufacturers of low-end IoT devices, but Philips, a major, respected, and vigilant corporation.

As for the possible results? It could:

  •  jam WiFi connections
  • disturb the electric grid
  • brick devices making entire critical systems inoperable
  • and, as I mentioned before, cause mass epileptic seizures.

As for the specifics, according to TechHive, the researchers installed Hue bulbs in several offices in an office building in the Israeli city of Beer Sheva. In a nice flair for the ironic, the building housed several computer security firms and the Israeli Computer Emergency Response Team.  They attached the attack kit on the USB stick to a drone, and flew it toward the building from 350 meters away. When they got to the building they took over the bulbs and made them flash the SOS signal in Morse Code.

The researchers”were able to bypass any prohibitions against remote access of the networked light bulbs, and then install malicious firmware. At that point the researchers were able to block further wireless updates, which apparently made the infection irreversible. ‘There is no other method of reprogramming these [infected] devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied.’”

Worst of all, the attack was against Zigbee, one of the most robust and widely-used IoT protocols, an IoT favorite because Zigbee networks tend to be cheaper and simpler than WiFi or BlueTooth.

The attack points up one of the critical ambiguities about the IoT. On one hand, the fact that it allows networking of devices leads to “network effects,” where each device becomes more valuable because of the synergies with other IoT devices. On the other hand, that same networking and use of open standards means that penetrating one device can mean ultimately penetrating millions and compounding the damage.


I’m hoping against hope that when Trump’s team tries to implement cyber-warfare protections they’ll extend the scope to include the IoT because of this specific threat. If they do, they’ll realize that you can’t just say yes cyber-security and no, regulations. In the messy world of actually governing, rather than issuing categorical dictums, you sometimes have to embrace the messy world of ambiguity.  

What do you think?

 

comments: Comments Off on When Philips’s Hue Bulbs Are Attacked, IoT Security Becomes Even Bigger Issue tags: , , , , , , , ,

Siemens’s Mobility Services: Trains Become IoT Labs on Wheels

George Stephenson's Killingworth locomotive Source: Project Gutenberg

George Stephenson’s Killingworth locomotive
Source: Project Gutenberg

As those of you who know rail history understand, with Stephenson as your last name, you’re bound to have a strong interest in railroads! Add in the fact that I was associate producer of an award-winning documentary on the subject back in the early 70’s, and it’s no wonder I was hooked when I got a chance to meet with some of Siemens’s top rail executives on my trip to Barcelona last week (Disclaimer: Siemens paid my expenses, but didn’t dictate what I covered, nor did they have editorial review of this piece).

What really excites me about railroads and the IoT is that they neatly encapsulate the dramatic transformation from the traditional industrial economy to the IoT: on one hand, the railroad was perhaps THE most critical invention making possible 19th century industry, and yet it still exists, in recognizable but radically-evolved form, in 2016. As you’ll see below, trains have essentially become laboratories on wheels!

I dwelt on the example of the Union Pacific in my e-book introduction to the IoT, SmartStuff, because to CIO Lynden Tennison was an early adopter, with his efforts focused largely on reducing the number of costly and dangerous derailments, through measures such as putting infrared sensors every twenty miles along the rail bed to spot “hotboxes,” overheating bearings. That allowed an early version of what we now know as predictive maintenance, pulling cars off at the next convenient yard so the bearings could be replaced before a serious problem. Even though the technology even five years ago was primitive compared to today, the UP cut bearing-related derailments by 75%.

Fast-forward to 2016, and Siemens’s application of the IoT to trains through its Mobility Services is yielding amazing benefits: increasing reliability, cutting costs, and even leading to possible new business models. They’ve taken over maintenance for more than 50 rail and transit programs.

While I love IoT startups with a radical new vision and no history to encumber them, Siemens is a beacon to those companies firmly rooted in manufacturing which may wonder whether to incorporate the IoT in their services and strategy. I suspect that its software products are inherently more valuable than competitors from pure-play software firms at commercial launch because the company eats its own dogfood and applies the new technology first to the products it manufactures and maintains — closing the loop.

Several of its executives emphasized that one of the advantages Siemens feels they enjoy is that their software engineers in Munich work in a corner of an old locomotive factory that Siemens still operates, so they can interact with those actually building and maintaining the engines on a daily basis. When it comes to security issues, their experience as a manufacturer means they understand the role of each component of the signaling system. Dr. Sebastian Schoning, ceo of Siemens client Gehring Technologies, which manufactures precision honing tools, told me that it was easier to sell these digital services to its own client base because so much of their current products include Siemens devices, giving them confidence in the new offerings. GE enjoys the same advantages of combining manufacturing and digital services with its Evolution Series locomotives.

The key to Siemens’s Mobility Services is Sinalytics, its platform architecture for data analysis not just for rail, but also for industries ranging from medical equipment to wind farms. More than 300,000 devices currently feed real-time data to the platform,   Consistent with my IoT-centric “Circular Company” vision, Sinalytics capitalizes on the data for multiple uses, including connectivity, data integration, analytics, and the all-important cyber security — they call the result not Big Data, but Smart Data. As with data services from jet turbine manufacturers such as Rolls Royce and GE, the platform also allows merging the data with data from sources such as weather forecasts which, in combination, can let clients optimize operating efficiency on a real-time M2M basis.  

With the new approach, trains become IoT laboratories on wheels, combining all of the key elements of an IoT system:

  • Sensing: there are sensors on the engines and gearboxes, plus vibration sensors on  microphones measure noises from bearings in commuter trains. They can even measure how engine oil is aging, so it can be changed when really needed, rather than on an arbitrary schedule.
  • Algorithms to make sense of the data and act on it. They read out patterns, record deviations & compare them with train control systems or vehicles of the same type.
  • Predictive maintenance replaces scheduled maintenance, dramatically reducing down-time and catastrophic failure.For example: “There’s a warning in one of the windows (of the control center display): engine temperature unusual. ‘We need to analyze the situation in greater depth to know what to do next  — we call it  ‘root cause analysis,” (say) Vice-President for Customer Support Herbert Padinger. ‘We look at its history and draw on comparative data from the fleet as a whole.’ Clicking on the message opens a chart showing changes in temperature during the past three months. The increased heat is gradually traced to a signal assembly. The Siemens experts talk with the customer to establish how urgent the need for action is, and then takes the most appropriate steps.”  He says that temperature and vibration analyses from the critical gearboxes gives Siemens at least three days advance notice of a breakdown — plenty of time for maintenance or replacement.  Predictive maintenance is now the norm for 70-80% of Siemens’s repairs.
  • Security (especially important given all of the miles of track and large crowds on station platforms): it includes video-based train-dispatch and platform surveillance using its SITRAIL D system, as well as cameras in the trains. The protections have to run the gamut from physical attacks to cyber attacks.  For security, the data is shared by digital radio, not networks also shared by consumers.

When operations are digitized, it allows seamlessly integrating emerging digital technologies into the services. Siemens Digital Services also included augmented reality (so repair personnel can see manuals on heads-up displays), social collaboration platforms, and — perhaps most important — 3-D printing-based additive manufacturing, so that replacement parts can be delivered with unprecedented speed. 3-D printing also allows dramatic reduction in parts inventories and allows replacement of obsolete parts that may no longer be available through conventional parts depots or even — get this — to improve on the original part’s function and/or durability, based on practical experience gained from observing the parts in use.  Siemens has used 3-D printing for the past last 3 years, and it lets them assure that they will have replacements for the locomotive’s entire lifespan, which can exceed 30 years.

The results of the new approach are dramatic.

  • None of the Velaro trains that Siemens maintains for several operators have broken down since Sinalytics was implemented. Among those in Spain only 1 has left more than 15 min. behind time in 2,300 trips: .0004%!
  • Reliability for London’s West Coast Mainline is 99.7%

  • Perhaps most impressive, because of the extreme cold conditions it must endure, the reliability rate for the Velaro service in Russia is 99.9%!

Their ultimate goal is a little higher: what Siemens calls (pardon the pun) 100% Railability (TM).

And, consistent with what other companies find when they fully implement not only IoT technology, but also what I like to call “IoT Thinking,” when it does reach those previously inconceivable quality benchmarks, the company predicts that, as the software and sensors evolve, the next stage will be new business models in which billing will be determined by guaranteeing customers availability and performance.

PS: I’ll be posting more about my interviews with Siemens officials and the Gartner event in coming days.

comments: Comments Off on Siemens’s Mobility Services: Trains Become IoT Labs on Wheels tags: , , , , ,

#IoT and Trump’s Election

Posted on 9th November 2016 in government, Internet of Things

I try to keep my politics out of this blog (disclosure: I am an old-fashioned liberal Democrat, who cares about poor, working-class white men AND everyone), but I do feel compelled to bring one little factoid to your attention: a quick review of Google earlier for “Internet of Things” AND Trump revealed absolutely nothing.  As for Obama initiatives in the field, such as the recent Smart Cities contest, you can bet they will be among the first programs axed by executive action. If you didn’t feel compelled to vote, or, even worst, voted for him to “Send Washington a Message,” consider it sent, and I hope you can live with what you have set in process. As ye sow, so shall ye reap.

For everyone else, pray for the future of the world — it’s that dangerous when a narcissist has his finger on the nuclear Button

comments: Comments Off on #IoT and Trump’s Election tags: , , , ,

2nd day liveblogging, Gartner ITxpo, Barcelona

Accelerating Digital Business Transformation With IoT Saptarshi Routh Angelo Marotta
(arrived late, mea culpa)

  • case study (didn’t mention name, but just moved headquarters to Boston. Hmmmmm).
  • you will be disrupted by IoT.
  • market fragmented now.

Toshiba: How is IoT Redefining Relationships Between Customers and Suppliers, Damien Jaume, president, Toshiba Client Solutions, Europe:

  • time of tremendous transformation
  • by end of ’17, will surpass PC, tabled & phone market combined
  • 30 billion connect  devices by 2020
  • health care IoT will be $117 billion by 2020
  • 38% of indiustry leaders disrupted by digitally-enabled competitors by 2018
  • certainty of customer-supplier relationship disruption will be greatest in manufacturing, but also every other market
    • farming: from product procurement to systems within systems. Smart, connected product will yield to integrated systems of systems.
  • not selling product, but how to feed into whole IoT ecosystem
  • security paramount on every level
  • risk to suppliers from new entrants w/ lean start-up costs.
  • transition from low engagement, low trust to high engagement, high trust.
  • Improving efficiencies
  • ELIMINATE MIDDLEMAN — NO LONGER RELEVANT
  • 4 critical success factors:
    • real-time performance pre-requisite
    • robustness — no downtime
    • scalability
    • security
  • case studies: energy & connected home, insurance & health & social care (Neil Bramley, business unit director for clients solutions
    • increase depth of engagement with customer. Tailored information
    • real-time performance is key, esp. in energy & health
    • 20 million smart homes underway in GB by 2020:
      • digitally empowering consumers
      • engaging consumers
      • Transforming relationships among all players
      • Transforming homes
      • Digital readiness
    • car insurance: real-time telematics.
      • real-time telematics data
      • fleet management: training to reduce accidents. Working  w/ Sompo Japan car insurance:
    • Birmingham NHS Trust for health (Ciaron Hoye, head of digital) :
      • move to health promotion paradigm
      • pro-actively treat patients
      • security first
      • asynchronous communications to “nudge” behavior.
      • avoiding hip fractures
      • changing relationship w/ the patient: making them stakeholders, involving in discussion, strategy
      • use game theory to change relationship

One-on-one w/ Christian Steenstrup, Gartner IoT analyst. ABSOLUTE VISIONARY — I’LL BE INTERVIEWING HIM AT LENGTH IN FUTURE:

  • industrial emphasis
  • applications more ROI driven, tangible benefits
  • case study: mining & heavy industry
    • mining in Australia, automating entire value train. Driverless. Driverless trains. Sensors. Caterpillar. Collateral benefits: 10% increase in productivity. Less payroll.  Lower maintenance. Less damage means less repairs.
    • he downplays AR in industrial setting: walking in industrial setting with lithium battery strapped to your head is dangerous.
    • big benefit: less capital expense when they build next mine. For example, building the town for the operators — so eliminate the town!
  • take existing processes & small improvements, but IoT-centric biz, eliminating people, might eliminate people. Such as a human-less warehouse. No more pumping huge amount of air underground. Huge reduction with new system.  Mine of future: smaller holes. Possibility  of under-sea mining.
  • mining has only had incremental change.
  • BHP mining’s railroad — Western Australia. No one else is involved. “Massive experiment.”
  • Sound sensing can be important in industrial maintenance.  All sorts of real-time info. 
  • Digital twins: must give complete info — 1 thing missing & it doesn’t work.
  • Future: 3rd party data brokers for equipment data.
  • Privacy rights of equipment.
  • “communism model” of info sharing — twist on Lenin.

 

Accelerating Digital Transformation with Microsoft Azure IoT Suite (Charlie Lagervik):

  • value networking approach
  • customer at center of everything: customer conversation
  • 4 imperatives:
    • engage customers
    • transform products
    • empower employees
    • optmize operations
  • their def. of IoT combines things/connectivity/data/analytics/action  Need feedback loop for change
  • they focus on B2B because of efficiency gains.
  • Problems: difficult to maintain security, time-consuming to launch, incompatible with current infrastructure, and hard to scale.
  • Azure built on cloud.
  • InternetofYourThings.com

 

Afternoon panel on “IoT of Moving Things” starts with all sorts of incredible factoids (“since Aug., Singapore residents have had access to self=driving taxis”/ “By 2030, owning a car will be an expensive self-indulgence and will no longer be legal.”

  • vehicles now have broader range of connectivity now
  • do we really want others to know where we are? — privacy again!
  • who owns the data?
  • what challenges do we need to overcome to turn data into information & valuable insight that will help network and city operators maximize efficiency & drive improvement across our transportation network?
  • think of evolution: now car will be software driven, then will become living room or office.
  • data is still just data, needs context & location gives context.
  • cities have to re-engineer streets to become intelligent streets.
  • must create trust among those who aren’t IT saavy.
  • do we need to invest in physical infrastructure, or will it all be digital?
  • case study: one car company w/ engine failures in 1 of 3 cars gave the consultants data to decide on what was the problem.
comments: Comments Off on 2nd day liveblogging, Gartner ITxpo, Barcelona tags: , , , , ,

Live Blogging Gartner ITxpo Barcelona!

After a harrowing trip via Air France (#neveragain) I’m in lovely Barcelona, live-blogging Gartner ITxpo courtesy of Siemens — but they aren’t dictating my editorial judgment.

Keynoter is Peter Sondergaard, Sr. VP, Gartner Research:

  • start with high-scale traditional IT structures, but with new emphasis on cloud, etc. IT system now partially inside your org. and part outside.  We are half-way through transition to cloud: half of sales support now through cloud. More financial, HR & other functions. General trend toward cloud, but still some internal processes as necessary. Must clean up traditional inside processes.
    • “Ecosystems are the next evolution of Digital”
    • Must learn to measure your investments in customer experience.
    • Starting to explore VR & AR (personal shout out to PTC & clients such as Caterpillar!!)
    • must understand customer’s intent through advanced algorithms.  Create solutions to problems they don’t even know they have!
  • next domain of new platform: Things:
    • build strategies with two lenses: consumer preferences, AND the enterprise IoT lens.
    • leverage exponential growth in connected things
    • 27445 exabytes of data by 2020!
    • can’t just bolt on new systems on old ones: must rework existing systems to include devices — processes, workflow, much harder (i.e., my circular company paradigm).
  • intelligence: how your systems learn and decide independently
    • algorithms– algorithmic intelligence — drives decisions
    • now, AI, driven by machine learning. Machines learn from experience.
    • information is new code base
    • we will employ people to train things to learn from experience through neural networks
  • ecosystems
    • linear value supply chains transformed to ecosystems through electronic interchange.
    • others can build experiences, etc. that you haven’t thought out through APIs  — my “share data” Essential Truth. APIs implement business policies in the digital world.c
  • customers
    • customer driven

Where to start?

  • 70% of IoT implementation is through new organization within companies!

Now other Gartner analysts chime in:

  • insurance: engage your customers.
  • smart gov: must interact with those who implement. Must re-imaging public involvement sense/engage/interact
  • case study: Deakin University in Australia: digital platforms to enhance student experience.
  • case study: Trenitalia mass transit system switching to predictive maintenance! Huge cost savings. “Experience hands & beginners mind at work” — love that slogan!!!! “Listen to the train instead of scheduling maintenance”
  • blockchain: ecosystem, brilliant in simplicity. All can see transaction but no one can invade privacy. Use to solve many problems: data provenance, land registry, public infrastucture, AI.
  • Woo: use this to TRANSFORM THE WORLD!!!
  • ratz — I was preoccupied at time, they talked about a new mobility system for seniors — re my SmartAging paradigm!!
  • paradigm shift — partnering with competitors (much of what I wrote about in DataDynamite: share data, don’t hoard it!)  Think about Apple & Google driving car companies’ interfaces. “Do you join hands with digital giants or join hands with them?”).
  • ooh, love the digital assistant correcting his presentation. I can only dream of a future where there are millions added to grammar police!

 

 

comments: Comments Off on Live Blogging Gartner ITxpo Barcelona! tags: , , , , , ,

Smart Disposables: Could This Be Birth of Internet of Everything?

Could EVERYTHING be “smart?” It may be happening sooner we thought, and with implications that are hard to fathom today.

That’s the potential with new technology pioneered by Shyam Gollakota, an assistant professor at the University of Washington.  For the first time, it would let battery- and cordless-less devices harvest signals from Wi-Fi, radio, or TV to communicate and power themselves.

Astounding!

For a long time, the most “out there” idea about IoT sensors has been Prof. Kris Pister’s “smart dust” concept, which aimed at a complete sensor/communication system in a package only one cubic millimeter in size. Pister argued that such devices would be so small and cheap that they could be installed — or perhaps even scattered — almost everywhere. The benefits could be varied and inconceivable in the past. According to Pister, possible applications could include:

  • “Defense-related sensor networks
    • battlefield surveillance, treaty monitoring, transportation monitoring, scud hunting, …
  • Virtual keyboard
    • Glue a dust mote on each of your fingernails.  Accelerometers will sense the orientation and motion of each of your fingertips, and talk to the computer in your watch.  QWERTY is the first step to proving the concept, but you can imagine much more useful and creative ways to interface to your computer if it knows where your fingers are: sculpt 3D shapes in virtual clay, play  the piano, gesture in sign language and have to computer translate, …
    • Combined with a MEMS augmented-reality heads-up display, your entire computer I/O would be invisible to the people around you.  Couple that with wireless access and you need never be bored in a meeting again!  Surf the web while the boss rambles on and on.
  • Inventory Control
    • The carton talks to the box, the box talks to the palette, the palette talks to the truck, and the truck talks to the warehouse, and the truck and the warehouse talk to the internet.  Know where your products are and what shape they’re in any time, anywhere.  Sort of like FedEx tracking on steroids for all products in your production stream from raw materials to delivered goods.
  • Product quality monitoring
    • temperature, humidity monitoring of meat, produce, dairy products
      • Mom, don’t buy those Frosted Sugar Bombs, they sat in 80% humidity for two days, they won’t be crunchy!
    • impact, vibration, temp monitoring of consumer electronics
      • failure analysis and diagnostic information, e.g. monitoring vibration of bearings for frequency signatures indicating imminent failure (back up that hard drive now!)
  • Smart office spaces
    • The Center for the Built Environment has fabulous plans for the office of the future in which environmental conditions are tailored to the desires of every individual.  Maybe soon we’ll all be wearing temperature, humidity, and environmental comfort sensors sewn into our clothes, continuously talking to our workspaces which will deliver conditions tailored to our needs.  No more fighting with your office mates over the thermostat.
  • Interfaces for the Disabled (courtesy of Bryndis Tobin)
    • Bryndis sent me email with the following idea: put motes “on a quadriplegic’s face, to monitor blinking & facial twitches – and send them as commands to a wheelchair/computer/other device.”  This could be generalized to a whole family of interfaces for the disabled.  Thanks Bryndis!”

Now imagine that a critical component of such a tiny, ubiquitous device was removed. Because it didn’t need a battery it could be even smaller and cheaper (because of cheaper and simpler radio hardware circuitry).

The goal is having billions of disposable devices start communicating,” Gollakota said (my emphasis).

You may remember that I’ve written before about my metaphor of a pre-IoT era of “Collective Blindness,” the universal inability to peer (literally or figuratively) inside things in the past, which forced us to create all sorts of work-arounds to cope with that lack of real-time data. Imagine how precise our knowledge about just about everything will be if Gollakota’s technology becomes commonplace.

.As Technology Review reported, the critical challenge is making it possible for a device lacking a traditional power source to communicate: “Transferring power wirelessly is not a new trick. But getting a device without a conventional power source to communicate is harder, because generating radio signals is very power-intensive and the airwaves harvested from radio, TV, and other telecommunication technologies hold little energy.”

The principle making the innovation possible is “backscattering,” reflecting waves, particles or signals back in the direction they came from, which creates a new signal.

The early results are encouraging. Gollakata has made a contact lens that can connect with a smartphone. Think I’ll pass on that one, but other devices he and his team have created include brain implants and “a flexible skin patch that can sense temperature and respiration, a design that could be used to monitor hospital patients.”  Marketers will love this one: a concert poster broadcasting a bit of the featured band’s music over FM radio!

Jeeva Wireless, Gollakata’s commercial spinoff, is using a variety of the technology, “passive Wi-Fi.” Devices using it can data up to 100 feet and connect through walls.

Tiny passive devices using backscatter could be manufactured for as little as a dollar. “In tomorrow’s smart home, security cameras, temperature sensors, and smoke alarms should never need to have their batteries changed.”

Gollakata sums up the potential impact: “We can get communication for free” (my emphasis).

That’s incredible, but in light of the continuing series of major DDoS attacks made possible by weak or non-existent IoT security measures, I must remind everyone that speed, power, and ubiquity aren’t everything: we also need IoT security, so I hope the low cost and ability to function without a dedicated energy source won’t obscure that need as well.


 

BTW: a MIT profile on Gollakata mentions one of his other, related, inventions, which I think would mesh beautifully with my SmartAging vision to help seniors age in place in better health.

It’s called  WiSee, which uses wireless signals such as Wi-Fi to “enable whole-home sensing and recognition of human gestures. Since wireless signals do not require line-of-sight and can traverse through walls, WiSee can enable whole-home gesture recognition using few wireless sources (e.g., a Wi-Fi router and a few mobile devices in the living room).”

I love the concept for seniors, because (like Echo, which I’m finally getting!!) it doesn’t require technical expertise, which many seniors lack and/or find intimidating, to launch and direct automated devices. In this case, the activation is through sensing and recognition of human gestures. According to Gollakata,“’Gestures enable a whole new set of interaction techniques for always-available computing embedded in the environment. As an example, he suggests that a hand swiping motion in the air could enable a user to control the radio volume while showering – or change the song playing on the stereo in the living room while you are cooking in the kitchen.”

He goes on to explain:

“…. that the approaches offered today to enable gesture recognition – by either installing cameras throughout a home/office or outfitting the human body with sensing devices – are in most cases either too expensive or unfeasible. So he and his group members are skirting these issues by taking advantage of the slight changes in ambient wireless signals that are created by motion. Since wireless signals do not require line-of-sight and can traverse through walls, he and his group have achieved the first gesture recognition system that works in those situations. ‘We showed that this approach can extract accurate information about a rich set of gestures from multiple concurrent users.”

Combine that with speaking to Alexa, and even the most frail seniors could probably control most of the functions in a smart home. Gollakota says that the approaches offered today to enable gesture recognition – by either installing cameras throughout a home/office or outfitting the human body with sensing devices – are in most cases either too expensive or unfeasible. So he and his group members are skirting these issues by taking advantage of the slight changes in ambient wireless signals that are created by motion. Since wireless signals do not require line-of-sight and can traverse through walls, he and his group have achieved the first gesture recognition system that works in those situations. “We showed that this approach can extract accurate information about a rich set of gestures from multiple concurrent users, “he says.

Incredible work, professor!

comments: Comments Off on Smart Disposables: Could This Be Birth of Internet of Everything? tags: , , , , , , , ,

Don’t Say I Didn’t Warn You: One of Largest Botnet Attacks Ever Due to Lax IoT Security

Don’t say I didn’t warn you about how privacy and security had to be THE highest priority for any IoT device.

On September 19th, Chris Rezendes and I were the guests on a Harvard Business Review webinar on IoT privacy and security. I once again was blunt that:

  • you can’t wait until you’ve designed your cool new IoT device before you begin to add in privacy and security protections. Start on Day 1!
  • sensors are particularly vulnerable, since they’re usually designed for minimum cost, installed, and forgotten.
  • as with the Target hack, hackers will try to exploit the least protected part of the system.
  • privacy and security protections must be iterative, because the threats are constantly changing.
  • responsible companies have as much to lose as the irresponsible, because the result of shortcomings could be held against the IoT in general.

The very next day, all hell broke loose. Hackers used the Mirai malware to launch one of the largest distributed denial-of-service attack ever, on security blogger Brian Krebs (BTW, the bad guys failed, because of valiant work by the good guys here in Cambridge, at Akamai!).

 

The threat was so bad that DHS’s National Cyber Awareness System sent out the first bulletin I ever remember getting from them dealing specifically with IoT devices. As it warned, “IoT devices are particularly susceptible to malware, so protecting these devices and connected hardware is critical to protect systems and networks.”  By way of further explanation, DHS showed how ridiculously simple the attacks were because of inadequate protection:

“The Mirai bot uses a short list of 62 common default usernames and passwords to scan for vulnerable devices. Because many IoT devices are unsecured or weakly secured, this short dictionary allows the bot to access hundreds of thousands of devices. The purported Mirai author claimed that over 380,000 IoT devices  (my emphasis) were enslaved by the Mirai malware in the attack on Krebs’ website.”

A later attack in France during September using Mirai resulted in the largest DDoS attack ever.

The IoT devices affected in the latest Mirai incidents were primarily home routers, network-enabled cameras, and digital video recorders. Mirai malware source code was published online at the end of September, opening the door to more widespread use of the code to create other DDoS attacks.

How’d they do it?

By a feature of the malware that detects and attacks consumer IoT devices that only have default, sometimes hardwired, passwords and usernames (or, as Dark Reading put it in an apocalyptic sub-head, “Mirai malware could signal the beginning of new trend in using Internet of Things devices as bots for DDoS attacks.”

To place the blame closer to home (well, more accurately, in the home!) you and I, if we bought cheap smart thermostats or baby monitors with minimal or no privacy protections and didn’t bother to set up custom passwords, may have unwittingly participated in the attack. Got your attention yet?

 

No responsible IoT inventor or company can deny it any longer: the entire industry is at risk unless corporate users and the general public can be confident that privacy and security are baked in and continuously upgraded. Please watch the HBR webinar if you haven’t already, and pledge to make IoT privacy and security Job #1!


 

PS: According to the DHS bulletin:

“In early October, Krebs on Security reported on a separate malware family responsible for other IoT botnet attacks. This other malware, whose source code is not yet public, is named Bashlite. This malware also infects systems through default usernames and passwords. Level 3 Communications, a security firm, indicated that the Bashlite botnet may have about one million (my emphasis) enslaved IoT devices.”

BTW: thanks for my friend Bob Weisberg for reminding me to give this situation its due!

comments: 6 » tags: , , ,
http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management