In the 13th century, Marco Polo set out with his father and uncle on a great voyage across uncharted territories. They traveled across the vast continent of Asia and became the first Europeans to visit the Chinese capital. For 17 years, Marco Polo explored many parts of world before finally returning to Venice. He later wrote about and mapped out his experiences, inspiring a host of new adventurers and explorers to travel to the exotic lands of the East.
We are all on a voyage similar to Marco Polo’s, navigating the uncharted ocean of IoT big data — seeking those elusive use cases. As we navigate this complex ocean of industrial IoT data, we need two things:
- Maps (industry-specific use cases)
- Meta patterns (common across industries)
These would help other “Data Marco Polos” avoid the potential minefields we have encountered.
We have abstracted and distilled common big data use cases in industrial IoT that pass the business case test. These are based on real-world projects executed across energy and heavy engineering industries in the U.S. and Japanese markets. Here are the seven core IoT big data use cases that we mapped out:
1. Creating new IoT business models
We worked with a customer that used our IIoT big data technology to restructure the pricing model of field assets based on ultra-specific usage behavior. Before adopting the IIoT analytics product, the customer had a uniform price point for each asset. Deploying the IoT analytics technology helped them transition from a uniform pricing model to executing usage-based dynamic pricing that resulted in improved profitability.
2. Minimize defects in connected plants
The client was a process manufacturing plant located in the Midwest, manufacturing electrical safety products. The quality of its electrical safety product could mean life or death for folks working in the power grid. This customer had sufficiently digitized the manufacturing process to get a continuous real-time stream of humidity, fluid viscosity and ambient temperature conditions. We used this new, rich sensor data pool to identify drivers of defect density and minimize them.
3. Data-driven field recalibration
Many assets come with default factory settings which are not recalibrated resulting in suboptimal performance. We worked with an industrial giant charged with shipping a crucial engineering asset to stabilize the power grid. These assets were constantly inserted into the network ecosystem with default parameter settings. One powerful question we asked was, “Which specific parameter settings discriminate the failed assets from the assets performing well?” Discriminant analysis revealed the parameter settings that needed to be recalibrated along with the optimal band setting. By putting this simple intervention in place, we were able to dramatically impact the number of failure events in the system.
4. Real-time visual intelligence
This is probably the most widely adopted use case, where the platform answers the simple question of “How are my assets doing right now?” This could be transformers in a power grid, oil field assets in a digital oil field context or boilers deployed in the connected plants context. The ability to have real-time “eyes” on industrial field assets streaming in timely state information is crucial. The reduced latency combined with the visual processing of out-of-condition events using geospatial and time-series constructs can be liberating for hardcore engineering industries not used to experiencing the power of real-time field intelligence.
5. Optimizing energy and fuel consumption
For many moving assets like aircraft, fleet trucks and ships, fuel cost is a significant line item in operations. Cost sensor data mashed with location data collected from mobile assets can help optimize fuel efficiency. We worked with a major fleet owner to reduce fuel consumption by 2%, which led to millions of dollars being shaved off the company’s operational expenses. The customer was able to reallocate the funds to a major project it had been putting off due to budget constraints.
6. Asset forensics
As assets become increasingly digitized, businesses can get a granular, 360-degree view of their health spanning sensor data pools, ambient conditions, maintenance events and connected assets. One can confirm an asset failure hypothesis and detect correlations from these new rich data pools. This would be much richer intelligence than the current existing processes would provide today to diagnose asset health.
7. Predicting failure
Once there is a critical mass of signals, multivariate models can be built for scoring an asset on failure probability. Once this predictive failure probability crosses a certain threshold, it can automatically trigger a proactive ticket in the maintenance system (like Maximo or other systems) for an intervention, such as replacing a part, recalibration of a machine or an examination of a machine for closer inspection. Many companies are looking towards predictive maintenance models versus time-series-based maintenance programs to be more efficient in their operations. We have a customer that was able to restructure its entire maintenance program based around real-time streaming signals from its machines. This company has been able to provide a more efficient maintenance program for its customers based on the actual performance of the equipment.
As Marcel Proust said, “The voyage of discovery is not in seeking new landscapes, but in having new eyes.”
Good luck with your IoT big data voyage!
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The U.S. federal government is proving increasingly vulnerable to cyberattacks, and seemingly every week we learn of more stolen federal employee identities, Russian election digital meddling and pentagon hacks.
These attacks can cripple the U.S. government if systems remain unsecure, according to the “2017 Internet Security Threat Report.” Desperate to secure government systems, the new “Internet of Things (IoT) Cybersecurity Improvement Act” legislation will require connected devices purchased by government agencies to be patchable, and would ban devices that are shipped with hard-coded passwords.
Could there be other solutions to this problem that have been overlooked?
Since IoT requires connectivity, it is this area in the solution stack which presents the most vulnerabilities. Connectivity comes in two basic flavors: wired and wireless. Wired is most common on the factory floor, often using proprietary industrial protocols, such as Profinet and Modbus. It is these systems which have never really been designed to be exposed to the internet, and it is these types of systems which Industry 4.0 promises to create huge advancements in productivity, predictive maintenance being one of the most popular discussion points today.
Due to the volume of devices to be connected in coming years, wireless IoT connectivity will be the most advantageous and where cybersecurity experts are most concerned.
With the industry promoting a raft of different IoT connectivity options, some are appropriate for federal government applications, whereas others are not.
For example, in a recent article, the Business of Federal Technology introduced the IoT Cybersecurity Improvement Act, which will require vendors of internet-connected devices purchased by the federal government ensure their devices are patchable, rely on industry standard protocols, do not use hard-coded passwords and do not contain any known security vulnerabilities.
For devices to be patchable, a worthy two-way communication link between a device and an IoT platform is required. Some wireless connectivity options aren’t developed for two-way communication, certainly not for updating firmware.
LTE (Cat-1M and NB IoT) and LoRa are the frontrunners in the emerging wireless connectivity area, the key word being “emerging.” Networks are being deployed, devices are on their way and bandwidth will be plentiful, however:
- The average price for a connected device subscription will be around $2.00
- New LTE/LPWAN hardware will be expensive in early years
If the federal government requires a few hundred million (or more) connected things, the bill is going to be high, the rollout slow and the security no better than most of today’s wireless connectivity options. The new cybersecurity bill points out that the Office of Management and Budget will develop alternative network-level security requirements for devices with limited data processing and software functionality. Considering this point, no real benefit will be derived from adopting emerging tech. If anything, it will slow things down as developing alternative network-level security requirements on new technologies — which aren’t yet ubiquitous — will take time.
One practical alternative is to use existing ubiquitous secure wireless protocols such as MQTT-SN over USSD. The USSD messaging protocol, baked into GSM networks requires no TCP-IP. If you remove the internet from IoT, the paradigm shifts completely and you guarantee the quality of service between device and IoT platform to create a very secure and reliable bidirectional communication protocol which is available not only across the U.S., but the world — today!
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
We enjoy a connected world with a fascinating array of devices and applications at our fingertips, if not on our wrists or before our eyes. In just a few years, home networks have gone from supporting a few smartphones, tablets and laptops to scores of devices. Tomorrow’s average home could soon have more online connections than today’s small to medium-sized business. It seems everyone is now in the “IoT tech” business.
On the one hand, creating a hyperconnected, wonderfully ubiquitous internet offers extraordinary convenience and productivity; on the other, this expansion breeds complexity and broader security vulnerabilities that can impact ourselves and infrastructures.
To meet this challenge, we must pursue two parallel but related paths:
- Standards and policy: Tech industry leaders and government policymakers must collaborate to set security standards and policy roadmaps that advance and not inhibit innovation; and
- Consumer awareness: Often the weakest link, consumers need to be aware of their responsibilities, while technology innovators should be aware not to shoulder too much responsibility on consumers.
Today’s connected consumer has to do more than just install antivirus software and a firewall to reduce security risks. A connected lightbulb, toaster or washing machine could be an online fugitive’s weapon to commit a cybercrime that can disrupt or bring down networks. Home networks are only as secure as the gadget with the weakest security connected to it.
The same can be said for enterprise networks. Company and government networks employ sophisticated security capabilities. Yet, it can take just one unknowing employee to click a hyperlink or open a document and subject an entire enterprise to a spear-phishing attack, which remains the major source of breaches inside enterprise networks. Here too, the weakest link rests with a consumer-level user.
Yes, we have met the enemy — and it’s often us.
New technologies may be a game changer
The fragmented yet vast IoT landscape and lack of consumer understanding are already causing communication issues as brands attempt to lock users into their ecosystem. But the problems are much bigger than an LG toaster not talking to a Samsung smart refrigerator. When purchasing a smart TV, have you ever read the fine print in the instruction manual to understand how the software inside the TV is updated or how security patches will be applied? What’s the security risk to you when the manufacturer abandons software updates four years from now?
Cyberattacks on IoT devices and networks will continue to expand and evolve. If 1930’s bank robber Willie Sutton were alive in 2017, he might be asked, “Willie, why do you hack the internet instead of robbing banks?” Willie would almost certainly reply, “Because that’s where the money (or information) is.”
There is an explicit need for industry guidelines and standards to drive better compatibility and use of security around the devices used at home and at work. As a major user of IT, the federal government should facilitate dialogue and collaboration within industry to drive at better cyberstandards, particularly those that reduce complexity, if not responsibility, for the individual consumer. Adopting “secure by design” principles and increasing breach prevention capabilities, for example, can help close the risk aperture, but we need more to not only defend but apprehend.
Artificial intelligence and the machine learning that comes along with it offer much promise to advance a more preventive posture. On the inside, for example, we can more rapidly detect potential incursions through user and entity behavioral analytic capabilities and perhaps pattern of life analysis. By employing these and other big and dynamic analytics outward into the OS and dark web, we can identify threats before they hit our turf.
The way forward
As a kid who grew up with transistor AM radios, analog black-and-white TVs and rotary phones, I’m quite amazed by the fascinating technology we use at work and at home. My generation survived with four TV channels, and “Amazon” to us was a river with dangerous fish in Brazil. And as we watched Walter Cronkite, the most precious asset of the 21st century — the internet — was being designed.
Just as we have not fully grasped the internet’s potential, so too have we not grasped its security implications. Yes, we’ve become more aware, but lately, I fear we’re becoming desensitized to cyberattacks around us at a time when we as individual users hold more responsibility for preventing them. Most of us have experienced the inconvenience of a breach, yet most people don’t believe cyberthreats are their problem. Yes, technology can and should reduce the cyber-risk factor of the individual consumer, but there will always be risks that remain our problem … and it starts with education and awareness as part of a personal and enterprise mosaic of security.
In the time I was turning the analog dial on our family TV, the federal government led a comprehensive public awareness campaign to reduce litter and pollution, which included a famous ad featuring a crying 17th century Native American in the foreground. It worked. We cleaned up our country immeasurably. Industry also responded with more recyclable products. We took a similar course to the hazards of cigarette smoking.
A similar approach is needed to “clean up” our “cyber streets and cities,” beginning with focused campaigns to increase awareness and improve personal and organizational hygiene in our nation. At the same time, industry and government needs to do their part with public policy and standards that result in innovations that help us meet the threats and mitigate them substantially.
If we don’t deal with this effectively, we may never have to confront the tokenized “Cyber Pearl Harbor,” but we might feel a “cyber-erosion of confidence” that could be every bit as paralyzing to our lives, businesses and governments.
Security has always been everybody’s business. Just now, more so than ever.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The volume of highly sensitive personal and IP data is growing exponentially with the rapid adoption of the internet of things. In a recent survey of enterprise IT development and architecture professionals by Database Trends and Applications, 44% of respondents report adoption of IoT, ranging from proof-of-concept stage, to use in one or more lines of business, to IoT being “part of our ongoing business strategy.”1
The IoT trend in turn is a major driver of the exploding growth of the Hadoop data lake where most IoT data lands. According to a TDWI report2 on a survey of 252 enterprise respondents worldwide, 53% have deployed a data lake on Hadoop and 24% have deployed on Hadoop in combination with a relational database management system. Top use cases include advanced analytics (data mining, statistics, complex SQL, machine learning), and data exploration and discovery. While the data lake is becoming more common, barriers to adoption include lack of security for Hadoop, lack of governance and risks of breach and data privacy compliance posed by exposure of personal data in analytics.
On first glance, the requirement to protect data privacy might seem in conflict with objectives to enable big data analytics that could increase data exposure risk, which often involve digging into user behavior, customer transactions, detailed consumer demographics and processing in untrusted environments such as Hadoop. Data privacy regulations mandate specific guidelines on the classes of data to be protected including personal data, protected health information and financial data. IoT sensor data, geolocation codes, vehicle identification numbers (VINs) and IP addresses, along with many other data elements, qualify as sensitive personal data under the General Data Protection Regulation (GDPR).
GDPR: A game changer for usable protected data
The GDPR establishes the most stringent regulations to date to protect EU citizens and residents from privacy and data breaches. Multinational firms around the world, whether they have operations in the EU or not, are realizing that they process EU personal data and this regulation therefore applies to them. The GDPR recommends pseudonymization and encryption as two mechanisms that can be used to protect personal data, but it must support two requirements: 1) the ability to decrypt the data when necessary, and 2) the ability to continue to run business processes on the encrypted data.
Format-preserving encryption (FPE), an innovation pioneered by HPE to protect data while maintaining its structure and context for application usability and which persists with the data, is a trustworthy and comprehensive data-centric approach to address the risk of inappropriate data exposure to users and applications. FPE is able to protect data independent of the underlying platforms that rely on a “system-centric” security controls approach which doesn’t extend or scale outside of that IT system. To the point where FPE enables analytics in the data lake, while at the same time, data privacy is maintained for compliance with the GDPR.
Case in point: A top automotive manufacturer
To address data privacy compliance for its customers, while enabling safe analytics on IoT-generated data in its Hadoop data lake, a major auto manufacturer is using FPE at a field level to protect in-car sensor data, VINs and geolocation data streaming from customers’ cars. The data is used for multiple purposes, including vehicle quality control. Engineers look at sensor data to identify potential problems in specific components or groups of vehicles, while data scientists run thousands of reports against vehicle data for internal research purposes. The company’s volumes of real-time data are predicted to grow to around 20 petabytes within just a couple of years. Data is protected by FPE prior to ingestion into the data lake (Hadoop and Teradata EDW). With FPE, this leading auto manufacturer is enabling analytics on vast amounts of data in its protected form, thus safely providing broader access for analytics, not only to its data scientists, but also to engineers, developers and other employees as BI objectives dictate.
The benefits of using the field-level encryption technology deployed by this manufacturer include:
- Referential integrity, with encrypted data which retains its characteristics such as length and data type, requiring no changes to applications and systems for use;
- The ability to perform almost all analytics on encrypted data with no requirements to re-identify data to its original form, mitigating exposure of personal data and breach trigger notification requirements; and as a result,
- Enabling compliance with multiple data privacy regulations, including GDPR, but also within other systems and platforms.
All of this is achieved with a single enterprise-grade, scalable platform to protect sensitive personal and IoT data not only in the Hadoop data lake, but also across other systems and platforms.
The best of both words with usable security
The need to comply with data privacy regulations worldwide is driving organizations to adopt FPE to protect customer personal data at the field level, using a data-centric approach so that analytics can be performed on the data in its protected form, with context maintained, in order to extract value from the data in the form of analytic insights. Recent advances in FPE enable enterprises to deploy highly scalable data protection for environments such as the Hadoop data lake, as well as their other vulnerable systems and applications deployed across cloud. This technology provides an organization with a template to roll out data protection across other applications, platforms and systems, enabling a framework that adapts to rapidly hybrid IT environments.
1 “Internet of Things Market Survey” by John O’Brien, CEO Radiant Advisors, with Database Trends and Applications
2 “Data Lakes: Purposes, Practices, Patterns, and Platforms” by Philip Russom, Senior Research Director for Data Management, TDWI, The Data Warehousing Institute
In part one of this article, Anthony Giandomenico described how cybercrime has become not only a business, but a big business, designed to generate revenue with predesigned attacks focused on attack vectors that are easy to exploit: IoT devices.
Opportunity is also the land of innovation
Because cybercriminals are focusing more on attacks that target critical infrastructure based on new, interconnected technologies, they don’t have to spend enormous resources and development cycles on figuring out how to break into these systems using complex zero-day attacks. Instead, they can spend more of their resources on making their exploits more difficult to detect, more effective by introducing things like worm capabilities to spread infections further and faster, adding multivector capabilities in order to run exploits on a wider range of vulnerable systems, and developing intelligent, multilayered malware that provides a lot of options for stealing data or compromising systems.
The recent WannaCry and NotPetya ransomworm exploits were remarkable not only for how fast they spread, but also for their ability to target a wide range of infrastructures and industries. But the dirty little secret about these attacks is that they could have been entirely prevented if IT folks simply practiced good network hygiene. That’s because these attacks targeted a vulnerability for which a critical patch had already been issued months earlier. Most organizations that were spared from these attacks had one thing in common: They had simply applied the security patch from Microsoft when it was released.
Here at Fortinet, we refer to these sorts of attacks as “hot exploits.” Cybercriminals know from experience that many organizations simply don’t have the time, resources or initiative to patch vulnerable systems. So they build effective exploits and they wait. WannaCry proved that. And NotPetya proved that even after a large attack managed to exploit a well-known vulnerability, far too many organizations were still unlikely to patch their systems. Catch me once, shame on you. Catch me twice…
Our FortiGuard threat analysis team sees this all the time. Nearly every week we record several attacks successfully targeting vulnerabilities for which patches have been available for months — and often, even years. In fact, our latest quarterly threat report showed that the average age of a known vulnerability that is successfully targeted by an exploit because it wasn’t patched is five years. Seriously.
Everything is connected to everything
And now, as infrastructures becomes more interconnected and begin to adopt new, cutting-edge technologies, the risk is being compounded. Windmills and unpatched operating systems are just the tip of the iceberg. Smart cities are beginning to interconnect energy grids, traffic control, emergency response systems and other critical infrastructure resources and services into a giant, integrated web. Smart cars are run using onboard computers that are increasingly able to make split-second, autonomous decisions. But they are also soon going to connect your car to your financial system in order to automatically pay for things like fuel, tolls, onboard Wi-Fi and streaming entertainment. Smart buildings managed by huge property management conglomerates are being designed with automated heating and cooling systems, lighting, secure access doors and smart elevators that can recognize tenants and deliver them to the appropriate floor. And building supervisors will manage all of this remotely.
The list goes on and on: smart homes, smart appliances, interactive gaming and entertainment systems, online security systems and monitors, interactive and intelligent mall kiosks, online medical consultation and even surgery using remotely controlled tools are all either here now or just over the horizon.
Security isn’t just a good idea — it may soon be the law
Because many of these manufacturers have failed to implement necessary security into their devices, it’s like we have handed the cybercriminal community our ATM cards and PINs because they don’t have to figure out how to bypass security or crack open a hardened operating system. Instead, in the rush to push out new technologies to enterprises and consumers — and even critical infrastructure systems — with little to no security attached, that job has been done for them.
While security devices and strategies can go a long way towards protecting organizations and individuals, security developers can’t solve this problem alone. IoT manufacturers have a role to play, and unfortunately, many have traded responsibility for expediency. The clock is ticking, however. The next step will be to hold manufacturers accountable for selling solutions that can be easily exploited.
Recently, U.S. Senators Mark R. Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, introduced a new bipartisan bill known as the “Internet of Things (IoT) Cybersecurity Improvement Act of 2017.” This bill prescribes that devices purchased by the U.S. government must meet minimum security requirements, and that vendors who supply the U.S. government with IoT devices have to ensure that their devices are patchable, do not include hard-coded passwords that can’t be changed and are free of known security vulnerabilities, as well as other basic security requirements.
California’s recent Senate Bill 327 would go much further by codifying the State of California’s ability to bring enforcement complaints against companies that do not build adequate security safeguards into their devices. This law has teeth, and because California is such a massive economy, its passage could significantly impact the entire IoT industry.
Such regulatory scrutiny and legislative action targeting the data security of IoT devices is likely to continue to grow, because the alternative is to continue to feed the growing cybercriminal economy. IoT device manufacturers need to prepare now to either develop security standards or conform to legislation in order to avoid massive market disruptions and consumer mutinies. Because the digital economy will continue to move forward, with or without them.
For centuries, humankind regarded the wild as something to be tamed and conquered. Not so much these days. In recent decades, society has changed course and turned its attention to protecting the environment rather than trying to beat it into submission and bend it to better suit our narrow purposes.
This shift in thinking is nothing short of a revolution. With the biosphere in a precarious state thanks to generations of careless disregard, we’re now enlisting the same mighty force that devastated nature to come to its defense. Of course, that force is human technology.
Historically, technological advancements have been driven by industry and fed by the increased dominion over and exploitation of nature. For thousands of years, “progress” for the human enterprise meant more culling of wildlife, more land to clear, more domestication of the “wild,” and more poorly disposed waste. Indeed, for most of human history, nature was regarded as something crude — as something to be battled, overcome and refined in the service of man.
This view can be traced all the way back to the ancient Greeks (circa 400 BCE) who saw nature, to a large extent, as an obstacle on the path to human greatness. This perspective dominated Western thinking until Jean-Jacques Rousseau (circa 1750 CE) popularized his view of civilization as a corrupting factor and nature as the symbol of raw innocence and good. (This theory gave rise to his conception of the “noble savage” as an idealized, though derivative, version of man who is one with nature and not ruined by human society.) Since then, momentum has slowly built in favor of a more Rousseauian view. This has been a long but steady journey that has only in the last decade culminated with the wide-scale adoption of a kinder and more stewardly approach to nature.
In this article, I will look at some of the ways in which technology today — specifically, the internet of things — is working to preserve and revitalize our planet.
A relationship redefined: Prophecies of human evolution
At the current rates of global consumption, even without allowing for any growth to the population, we would need 1.6 Earths to achieve a sustainable carrying capacity. Holding aside the issues of climate change, this fact alone is enough to place sustainability among the foremost concerns for human society. Given the extent of the damage done, and how close we currently stand to the red line, it’s not enough for civilization to simply reform — we must find some way to turn back the clock and undo at least some of the damage we’ve done. And that’s where advanced technology comes in.
As sustainability takes center stage, new and emerging technologies are being put to work to save nature, becoming an integral part of the battle to reduce dependence on non-renewable energy sources, stop pollution and clean up the mess left behind from generations of exploitation.
It’s a fascinating development and in some ways it’s the realization of biblical prophecy — or perhaps more accurately, biblical paradox. In the first chapter of Genesis, Adam and Eve are placed on Earth and told to both “conquer” the land and “assert dominion” over the animals. (It is worth noting that Adam in the original Hebrew is “???,” which literally means “man” and is derived of the word “earth.”) In the second chapter of Genesis, a slightly different version the story is recounted. In this version, Adam was commanded to “tend to and protect” the Garden of Eden. The Bible seems to capture an internal conflict in the archetypical human’s relationship with nature. And it’s a conflict that we’ve seen play out over the course of human history.
I mention this because this dichotomous relationship with nature seems somehow inherent to the human condition and it’s that same dichotomy that makes the idea of engineered inventions as the best hope for environmental salvation simultaneously absurd, wonderful and romantic.
Putting IoT to work saving nature
As we enter chapter two of the human story, we’ll require more than a change in attitude to fulfill our mandate. We’ll require breakthroughs. The internet of things is one of the most promising technologies we have at our disposal. A self-communicating and largely self-managing system of interconnected devices, IoT is in many ways the technological embodiment of sustainability.
This smart network can collect an incredible amount of information from the real world, information that can be used to make existing processes profoundly more efficient or do the legwork and lay the foundations for entirely new operational models. But it’s not just about the data collected by these IP addressable devices, it’s about how that data is instantly communicated up and down a chain of purpose-specific terminals, ensuring that relevant information is always in the right place to be intelligently acted on.
In many ways, IoT represents a blank slate for companies, scientists and inventors seeking solutions to open up new frontiers or begin tackling hard-to-isolate problems entrenched deeply within normal processes.
From conservation efforts and cleantech to tracking environmental conditions and reducing electricity usage, every imaginable angle in the quest to save nature is being explored anew through the lens of IoT. While I cannot cover each and every instance of IoT being used to better the environment, I’d like to turn your attention to three such examples that I believe demonstrate the potential of such applications.
1. IoT ushers in a more circular manufacturing economy
In the circular economy, waste is reduced, repurposed and eliminated entirely from the manufacturing cycle. IoT technologies are central to evolving the economy from the “make, take, throw away” model that’s created environmental headaches and heartaches around the world. The idea here is to keep as much as possible out of landfills by extending the life of both the items being manufactured and the equipment used to make those items. (There is also a lot of great work being done, it should be noted, to transition from a material discard model to a component retrieval model once products outlive their usefulness.)
IoT’s role in the circular economy manifests through improved operational insight. This insight comes through IoT sensors that empower manufacturers to better manage people, processes and assets. The tighter the feedback loop, the more “leaks” are caught and the more quickly they can be “patched.” This applies to supply chain management, human resources, digital systems and really anything that contributes to production.
Consider, for example, the effect that IoT sensors are having on the realm of asset performance management. These sensors are empowering managers to more intelligently maintain equipment, leading to substantially extended asset lifecycles (preventing unnecessary and wasteful asset requisitions) and improving the efficiency of performance over the course of that lifecycle (preventing wasted input).
2. Managing traffic in real time, IoT technologies reduce carbon emissions
While the popularity of electric cars is increasing, non-electric (and even electric cars powered by non-renewable energy forms) still impose massive environmental costs.
Close to 30% of carbon dioxide emissions are caused by cars, with up to 45% of those emissions occurring around intersections managed by traffic lights. City planners have set their sights to tackling the problem right at the intersections where they occur by installing IoT-enabled traffic controls that respond to real-time conditions instead of preprogrammed timers.
With IoT technology, traffic lights can detect asymmetric strains on the transportation infrastructure and intelligently adapt to optimally manage traffic flow. Instead of cars idling at lights for one, two or even three minutes when there’s no traffic coming in the opposite direction, traffic lights can safely change from red to green according to the number of cars at an intersection and the traffic flow occurring at that exact moment.
Estimates claim that this technology can cut the equivalent of 35 million vehicles’ worth of carbon emissions over the next five years.
3. IoT-enabled sensors monitor water and air quality from afar
Normally, water and air quality are monitored by collecting and analyzing specimens, a laborious task made more difficult in far-flung places. Imagine if scientists and environmental officials could monitor polluted rivers, contaminated soil and brownfields in remediation without having to waste time and resources visiting the site.
Thanks to IoT technologies, that entire monitoring process could be done remotely. IoT-enabled devices collect data about the environment around them and push that information to a server where officials can review and parse the information as needed.
Air quality monitoring devices use a laser light in conjunction with sensors to detect particles in the air, while water quality sensors could be attached to a buoy and deployed into whichever body of water needs monitoring. However it’s set up and collected, the central goal is the same: to quickly assess changes in the environment so officials can act faster when a pollutant or other unwanted chemical is on the rise.
Technology and nature working towards a symbiotic tomorrow
Nature is a powerful force. And so it seems is humankind. Earlier generations might have believed these two forces at odds, but the fact is that we’re destined to coexist or to co-perish.
The original humans sought to conquer nature and took of it without a second thought. For this, they were driven from their Earthly paradise. We must not repeat the same mistake. We know better. We’ve come to realize that it is our duty to tend to and protect nature with everything we have. And what we have is human creativity, human innovation and human technology. The internet of things is just one aspect of that technology, but it’ll be an important one as we move towards a more sustainable, more symbiotic tomorrow.
When people think about the internet of things, they often think about the common “things” they use in their day-to-day lives such as laptops, smartphones and fitness trackers. These things can also include devices that are part of the connected home — for example, a smart thermostat, baby monitor or even a connected egg tray (OK, maybe that last one is less common). However, what most don’t realize is the prevalence of IoT in the enterprise — and, in tandem, the risks it presents.
The internet of things brings enterprise organizations strategic economic value and innovation. Yet as we’ve recently seen with the Mirai IoT botnet that “took down” many businesses, enterprise IoT is becoming a popular doorway for hacking. For example, a cybercriminal could manipulate a smart camera by hijacking the device’s credentials to obtain full privilege into the device. From there, they can use the device as a proxy to connect to the network and cause greater harm.
More things, more enterprise risk
Daily, new smart devices are unknowingly being connected to corporate networks with little regard to their level of risk. Although these IoT devices are intended to improve productivity, security considerations are usually an afterthought.
According to industry analysts, by 2020, there will be over 20 billion devices connected to enterprise networks. Each device has the potential to serve as an enterprise entry point. That’s 20 billion open doors for a hacker to perform any number of nefarious acts. Given these devices are ubiquitous, the inability to run sophisticated security software and, of course, network access through the connected devices makes them a perfect target for hackers who want an easy entry point into a company’s systems.
What’s more, when employees connect a device to their enterprise network, they are unknowingly surrendering private data to these devices. If a hacker were to find just one device that was not properly secured on the network, injecting a few lines of malicious code could grant access to the data on that particular device as well as all data stored on the network.
What devices make your network vulnerable?
The short answer: Everything. Your trusted employee badge scanner, conference room scheduling system, connected printers, smart lighting, security cameras, smart TVs, voice over IP, video teleconferencing system, Wi-Fi and even big power generators. Anything that is connected to your network is vulnerable.
Attackers are naturally going to target the weakest link in a network, which is increasingly IoT. On average, we find at least four connected devices for every enterprise employee. And, we expect that number to double over the next three to four years. That equates to an incredible number of vulnerable entry points for a hacker to gain network access to steal and expose private data.
How to reduce your IoT risk
Security begins with knowing what’s on your network. In the age of IoT, visibility and control of devices is a must-have, not a nice-to-have. Businesses need a technology that can discover network infrastructure, physical and virtual systems, managed and unmanaged endpoints as well as IoT and rogue devices.
Once businesses have full visibility of what’s on their network, the next step is to control the devices. A viable security product must provide continuous monitoring, be able to immediately determine device behavior, automatically set policies, and understand the context of the network environment and device posture. What’s equally as important is a scalable technology that can work across heterogeneous platforms (on-premises, cloud, data center, etc.) without compromising security as the number of connected devices continues to grow. Only then can an organization achieve a truly comprehensive security stance and keep stealthy hackers at bay.
Imagine a city where a person in a wheelchair can chart a route to the local park using curb cuts and avoiding barriers. She can then connect to the park’s Wi-Fi, receive upcoming events notifications and take e-lessons about the trees and flowers in bloom.
These aren’t pipe dreams. They are smart city products and services in action — aspiring to use technology to put people first. And the sooner we can realize these aspirations, the better. In the top 100 metropolitan areas of the United States, nearly 25% of citizens are over the age of 65 or living with disabilities.1 The internet of things can help advance more inclusive, accessible cities so our aging population can enjoy a better quality of life.
There are four keys to unlocking smart cities to advance more equitable and positive outcomes for people who are aging and people living with disabilities:
- Engage partners and stakeholders: It goes back to the old adage of walking a mile in someone else’s shoes. We must listen first to learn from our aging communities and those living with disabilities. Incorporating their perspectives and expectations into smart city planning will help ensure solutions align with their needs.
- Design for inclusion: We need to consider the citizen experience at every touch point within the city. For example, how will people with disabilities and aging citizens interact with websites, mobile apps, self-service kiosks, smart meters and other emerging devices? Designing smart city technologies for equitable, flexible and intuitive use will help ensure inclusion for these communities.
- Promote adoption of technology: Providing technology access alone isn’t enough. We must also look at ways to help encourage, educate and expand technology adoption. Without adoption, we’ll fail — and there is a real risk that the benefits of smart city technologies will be limited because of adoption barriers. By offering training programs — both online and in person — we can start breaking down the digital divide that often prevents those who are aging or living with disabilities from realizing the benefits of this technology.
- Foster the entrepreneur ecosystem: The next big smart cities breakthrough is still on the horizon, and entrepreneurs and innovators are our city’s new heroes. Beyond enhancing the accessibility of city infrastructure and services, there are opportunities for city governments to directly support innovation and entrepreneurship to benefit these communities. Publicly funded incubators and open data portals are just two examples of how city governments are already doing this.
From the private and public sectors to civil organizations, community groups and social entrepreneurs, we all play a vital role in advancing an inclusive vision for smart cities. By integrating aging and accessibility considerations from the ground up, we can build more inclusive cities that allow us all to connect to good.
To learn more about the keys to unlocking inclusive smart cities, download AT&T’s “Smart cities for all: A vision for an inclusive, accessible urban future.”
1 BSR Calculation based on U.S. Census Bureau, 2014 American Community Survey: One year estimates of metropolitan areas in the U.S. https://www.census.gov/
Why protecting ‘secrets’ is fundamental for good security
Today’s IT manager is responsible for a vast amount of data, and keeping it secure needs to be one of his highest priorities. Financial records, customer details and sensitive documents must be kept safe while also accessible to those who need them.
Often the best approach involves encryption. Even if stolen or compromised, encrypted data is of no use to a criminal without the key that unlocks it. But therein lies another challenge for the IT manager: The encryption key itself then becomes a “secret” that needs to be kept from unauthorized eyes.
Another type of security secret is the certificate used by a web server for authentication. These ensure visitors to a site can be confident that sight is legitimate and not a fake designed to trick them into parting with passwords or credit card details. Keeping these certificates secure is also a priority.
A long-term task
Proper management of security secrets is no small task with many remaining in use for extended periods. Management revolves around sharing them with authorized people and protecting them from everyone else.
It’s also important to ensure people’s access to them is revoked if their circumstances change. A staff member may shift to a different role in the company or leave altogether. Their access to security secrets needs to be carefully reviewed and changed as required. Regular audits of access are vital.
Maintaining security around the storage of security secrets is also important. There’s little point in locking up your house if you then leave the key on the front doormat.
A classic example occurred in a U.S.-based business called Sally Beauty. Back in 2014, the company was approached by law enforcement officials who told management that credit cards used by customers had appeared on the black market. On investigation, it was found that the laptop used as the entry point to the company’s network was adorned with a sticky note showing the username and password to the account. This had given an unauthorized person access to every single point-of-sale system in the business. This made it easy to scrape details of credit cards as they were used.
A growing challenge
Today, organizations are taking wildly different approaches when it comes to secret management. For some, it’s almost a case of head in the sand. For others, it’s the deployment of sophisticated protection mechanisms which can reduce the likelihood that secrets will fall into the wrong hands.
The importance of effective secret management is going to grow as trends such as the internet of things evolve in the business world. As more and more devices are connected to the internet, the need to ensure their credentials are secure at all times becomes paramount.
Industry commentator Jack Singleton, software developer at ThoughtWorks, explained, “It all means more keys and more things to manage, which will vastly increase the overhead and the strategies that we need to employ in order to manage all of this. IoT devices are often in the hands of customers, not sitting in a safe data center somewhere. It also complicates the management of the strategies that you have in place to provision new software; to roll out new deployments become really key.”
Examples of ineffective management of IoT devices are already appearing. One involved a flaw in internet-connected lightbulbs which allowed hackers to take over their operation. It seems every bulb was using the same key for authentication so, if one is compromised, hackers can access them all.
Awareness is the key
IT managers need to be mindful that their infrastructures are now perimeterless. The old days of protection by firewall are long gone.
It’s critical to have in place the tools and techniques needed to keep security secrets safe. For these to be effective, they must be simple to deploy and, often, automated to reduce the need for ongoing maintenance.
As Singleton explained, “Usability in general, will be critical. People don’t use tools that make them go out of their way in order to use them. They will work around them. We do this all the time. We need to get things done and we work around things that stop us from getting things done. We’re going to need to start seeing tools that enable people rather than making them jump through hoops and hoops and hoops. If they have to jump through seven different hoops every time they have to access a secret, what’s going to happen is they’re going to ignore that tool and they’re going to write it on a sticky note, or they’re going to keep it in a spreadsheet. At the same time, better support for end-to-end encryption in regular applications will lessen the importance of secrets that administrators need to track in order to protect that data.”
Security secrets will remain at the very heart of IT infrastructures, and their effective protection and management is critical to an organization’s ongoing operations.
How secure are your secrets?
According to Accenture, the industrial internet of things could add $14.2 trillion to the global economy by 2030. There is a disconnect, however, between the availability of these technologies and capitalizing on their full potential by applying them effectively within organizations. For many executives within the manufacturing industry, IoT, smart factories and intelligence in the cloud are little more than fancy buzzwords proclaiming to one day transform the way your industry will work.
Unfortunately, when you’re in the thick of it, it’s hard to think in context of what’s real and achievable in your existing manufacturing environment. After all, automation associations have a 30+ year history of relentlessly pursuing interoperability standards. However, thanks to the OPC Foundation’s Unified Architecture, suppliers are finally able to realize the promise of IIoT for manufacturing applications.
The future of manufacturing is here
Although technology is quickly changing, your goals as a manufacturer likely haven’t. You still aim to please your customers by delivering quality products, while increasing productivity and profitability. Yet, new and unprecedented innovations will potentially impact all aspects of the execution of those goals at the operational level. Smarter connected devices that use open IoT protocols are rapidly penetrating factories. At the same time, the Industry 4.0 trend is showing how people, connected devices and artificial intelligence can work together to make factory automation more efficient and effective. To remain competitive, you must quickly adapt.
Upgrading your legacy systems
A survey of more than 1,400 C-suite decision-makers revealed that while 84% believe their organizations have the capability to create new income streams from IIoT, 73% confess that their companies have yet to make any concrete progress. While your current manufacturing environment is likely driven by legacy technologies that have been around since the late ’90s, such as SCADA, PLCs and OPC, you’re keenly aware that the rapidly evolving technological landscape will require you to understand the impact of new technologies and be ready to embrace those that can deliver measurable advantages. But technological progress always comes at a cost. Be careful not to rush into throwing out all your legacy automation infrastructure, as entirely upgrading your factory to the latest IIoT sensor technologies may be both impractical and unnecessary. Instead, manufacturers should consider technologies that provide a graceful transitional path to the smart factory of the future.
Transitioning to IIoT
While Industry 4.0 is the grand IIoT nirvana manufacturers dream about reaching, many find themselves stuck within the limitations of OPC/SCADA technologies. OPC Classic presented quite a few limitations, including being exclusive to the Microsoft Windows platform, being notoriously unfriendly to modern enterprise security architectures, offering limited scalability and being plagued by frequent configuration issues. On the other hand, OPC Unified Architecture (UA) — a modern standardized communication protocol that enables secure industrial IoT and Industry 4.0 technologies — solves all those problems. OPC UA can be used with any software platform, can scale from small embedded controllers to huge cloud infrastructures, offers robust native security and provides connectivity without context. As a result, OPC UA serves as an ideal bridge between the legacy and next-generation factory automation capabilities. It is the glue that allows you to seamlessly take your existing factory automation infrastructure and tie it into a cloud-connected, artificial-intelligence-powered world. With OPC UA, you can go into an existing factory and enable it for IIoT without buying a bunch of new PLCs. You can experiment immediately with developing cyber-physical systems, realizing the benefits incrementally one production line or factory at a time.
At the end of the day, the goal of evolving your factory toward an Industry 4.0 model is to deliver meaningful improvements in your operational performance. Whether it is by providing more interoperability and decentralized intelligence associated with your machines, or a better contextual control and an understanding of how the data generated by those machines can inform the people who make your business decisions, manufacturers can now focus more on optimizing outcomes and less on the technologies or operational obstacles that have, so far, hindered their progress. Advanced business and operational analytics (including machine learning and predictive intelligence) is the next frontier. Manufacturers are beginning to employ the power and intelligence of AI algorithms in the cloud to detect anomalies, predict failures and advise on the optimal remedial actions that will deliver value to business. Self-service advanced analytics toolkits are now capable of delivering unparalleled insight (using the data from both legacy and IIoT devices) and placing control directly in the hands of domain experts within the business. The latest IIoT human machine interfaces allow real-time visualization of factory systems — using virtual representations often called “digital twins” — to dramatically improve information transparency. These technologies can place the smart factory of the future well within the reach of even midsize or small manufacturers.
Ultimately, there is no right path toward Industry 4.0; it varies for every manufacturer. For those that have the means to jump headfirst into the world of IIoT, by all means go for it. However, for those manufacturers who don’t have the resources to make the leap overnight, not to worry, you don’t have to replace everything you own. You can simply upgrade to an OPC UA IIoT architecture, tie it into your existing factory automation infrastructure, feed your factory data to the latest cloud-based advanced analytic tools, and immediately begin taking advantage of all Industry 4.0 has to offer.