Interconnected homes, smart refrigerators and digital assistants — all promising technologies that have come to fruition in the last 10 years. With the exception of the flying car, many devices that were once science fiction have become reality.
It’s easy to see why IoT is so appealing. Consumers have become accustomed to information at the tips of their fingers, in real time. As organizations across all industries embrace digital transformation as the means to deliver new benefits and competitive advantage, the danger exists of creating security vulnerabilities that could erase those benefits and worse yet jeopardize their business.
An open window to the internet
When shopping for a home appliance — like a toaster or TV — it is getting harder to find one without a Wi-Fi connection or Bluetooth. Despite the quickening embrace of technologies that provide modern convenience, there are in many cases lurking security vulnerabilities to consider.
This isn’t to say that adopters of these devices should halt in fear, but consumers must educate themselves and understand basic protection. The easiest way to think of these devices is as windows into the internet. When people go on vacation, they don’t leave the windows of their home open; they close and lock them to protect against intruders. The same considerations should be made when connecting new devices in your home. If one of these new devices is compromised, everything else that it touches is at risk.
The risk of connected devices doesn’t end in the home. The U.S. and global population are seeing a rise in the remote workforce, people working entirely or partially from home. This connected workforce poses more risks to both homes and employers. Imagine a hacker exploiting an unchanged default password on your latest connected IoT gizmo and eventually nesting some malware onto your company-issued laptop. Because this laptop travels with you and connects to multiple networks, the malware can travel and spread with relative ease.
Today’s enterprise IT and OT teams are scrambling to make sure they know what devices are connected and to adjust their defenses appropriately. Even the most innocuous connected device can provide a path into a valuable resource, as the operators of a casino in Nevada found out when their high-roller database was compromised through a connected thermometer in a lobby fish tank.
PKI can, and will, help
So how can we address these issues with IoT connectivity and security? Well, you can’t manage what you don’t know about, so device discovery is an important first step. Once you know a device is on the network, a few of the important fundamentals are authenticating it (i.e., proving its identity), keeping it updated with security patches and updates throughout its lifecycle, protecting data it collects and transmits, and monitoring its behavior. Existing, proven technology like public key infrastructure (PKI) is ready and able to play a key role in authentication by issuing unique identities and digital certificates to devices. It also is the linchpin of secure code signing systems that can ensure the authenticity and integrity of security patches and other updates that devices need — which is important because unsecured update mechanisms are a quick and easy path in for malware. Finally, PKI techniques enable negotiation and creation of encryption keys to protect IoT data, both at rest on devices, in motion on networks and in their ultimate storage location.
PKI, specifically the creation and injection of keys and digital certificates into devices, helps device makers guard against counterfeiting and provide eventual device buyers assurance that they’ve received the device in an initial, verified state. Although its role is typically “behind the scenes,” the majority of enterprises deploy PKI to help secure their most important enterprise applications — sometimes 10 or more different applications. A recent report found that IoT is the fastest-growing influence on PKI planning, indicating the pivotal role it will soon play.
So, where do we go from here?
PKI is well positioned to address some of the fundamental issues of security and trust in IoT — not all of them, but some of the pretty important ones. If you can’t trust the devices and the data they produce, all those benefits that you charted out for your IoT projects might never come to fruition. The best approach is to understand the risks an IoT project poses to your business and choose proven security protections of a strength that matches the risk. And don’t get caught in the trap of thinking your IoT device isn’t a threat just because of what it does; it can simply be the entry point to a more interesting — and dangerous — destination.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
As 2018 draws to a close, industry would be wise to acknowledge the now-urgent necessity of prioritizing security across the industrial internet of things.
Since the Industry 4.0 movement began sweeping across the globe, it’s been firmly established that IIoT initiatives generate enormous efficiencies and cost savings in everything from government infrastructure to manufacturing to energy production. But several factors indicate that shortcomings in IIoT security threaten the upward trajectory of connected automation, casting a pall over the positive potential of deployments moving forward. In 2019, it’s time to get serious about IIoT security.
Industrial cybersecurity firm CyberX recently released its second annual “Global ICS & IIoT Risk Analysis Report” detailing the state of industrial control systems and IIoT deployments. The study spans all sectors and analyzes data obtained from over 850 production networks assessed from September 2017 to September 2018 across North and South America, EMEA and Asia-Pacific. The results paint a grim picture of IIoT networks that are easy pickings for cybercriminals and malicious intrusion. Among the findings:
- 84% of industrial sites have at least one remotely accessible device
- 69% of sites have plaintext passwords traversing their networks
- 57% of sites aren’t running feasible antivirus protections
- 40% of industrial sites have at least one direct connection to the public internet
- 16% of sites have at least one wireless access point
Separately, the cybersecurity firm Vectra coordinated observations and data for the 2018 Black Hat Edition of the “Attacker Behavior Industry Report,” which reveals attack behavior in networks from more than 250 opt-in customers in manufacturing and eight other industries. The report examines cyberattack trends sampling more than 250 Vectra customers with over four million devices and workloads from nine different industries. It noted a sharp threat increase in 2018 from 2017, with an average of 2,354 attacker behavior detections per 10,000 devices. Drilling down, examination of IIoT networks in its “2018 Spotlight Report on Manufacturing” found that:
“The monthly volume of attacker detections per 10,000 host devices in the manufacturing industry shows a much higher volume of malicious internal behaviors [than in other industries]. In many instances, there is a 2:1 ratio of malicious behaviors for lateral movement over command-and-control. These behaviors reflect the ease and speed with which attacks can proliferate inside manufacturing networks due to the large volume of unsecured IIoT devices and insufficient internal access controls.”
The report further concluded that “IIoT devices collectively represent a vast, easy-to-penetrate attack surface that enables cybercriminals to perform internal reconnaissance, with the goal of stealing critical assets and destroying infrastructure.”
And if easy IP theft and infrastructure interference and/or damage aren’t warning enough on their own, government is now also entering the fray.
While the United States federal bill known as the IoT Cybersecurity Improvement Act of 2017 remains stalled in committee, one state just enacted the first U.S. law mandating IoT device manufacturing security provisions, effective as of January 1, 2020. California’s SB 327 states:
“A manufacturer of a connected device shall equip the device with a reasonable security feature or features that are all of the following: appropriate to the nature and function of the device; appropriate to the information it may collect, contain or transmit; and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification or disclosure.”
A “reasonable security feature” for any connected device equipped with a means for authentication outside a local area network requires either that preprogrammed passwords are unique to every device manufactured or that the device contains a security feature that forces a user to generate a new means of authentication before access is granted to it for the first time. While the legislation has been criticized for superficiality, neglecting encryption and failing to address the myriad underlying bad practices identified in the aforementioned cybersecurity reports, it reflects a new reality. This is the first U.S. law stipulating security specific to “things,” and more are sure to follow.
There is hope on the horizon. Blockchain technology, for example, works as a distributed database that cryptographically and immutably records every “block” of data moving through a system — and it may point to a more secure future for our connected devices. As cybersecurity firm Trend Micro noted, “Given its decentralized nature, blockchain, in theory, can prevent a vulnerable device from pushing false information and disrupting the network environment, whether it’s a smart home or a smart factory.” There are experiments already underway using blockchain to validate and secure smart city functions in Europe. On a separate front, in the semiconductor space, there are new chip designs being explored aimed at layering or injecting artificial intelligence functionality into devices and applications that include better security at every point of computation from the edge to the cloud.
These are promising developments, but they don’t negate the present danger. Serious review, investment and a renewed commitment to security best practices are required across IIoT now. That’s a 2019 resolution worth making — and keeping.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
According to a report by the National Safety Council, there were more than 40,000 motor vehicle fatalities in the U.S. in 2017, 90% of which were the result of driver error. However, it may soon be possible to replace fallible human drivers, all too often subject to distraction, with autonomous self-driving vehicles.
The benefits of this are considerable. The University of Florida’s Professor Peter Hancock suggested that eliminating this capacity for error could save more lives in two years than were lost in the entire Vietnam War, while KPMG estimated that crash frequencies could drop by up to 80% by 2040.
And when these vehicles arrive, they will bring a wealth of valuable data with them.
New and emergent infrastructures such as the internet of things and 5G are being viewed by businesses across all industries as opportunities for driving new business value, of which the development of driverless cars is but one example. According to Intel, autonomous cars alone could provide a $7 trillion boost to the economy over the coming decades.
But it won’t necessarily all be smooth sailing…
Technology failure used to be little more than an annoyance. Today, however, the failure of an IoT device can have potentially serious life or death consequences, which can’t be fixed by a simple reboot. An autonomous vehicle responsible for a fatal accident can’t just be dusted off, restarted and put back on the road.
As a result, liability and the allocation of responsibility are now deeply intertwined with applications and service dependencies. The continuous addition of moving parts, such as the thousands of microservices that touch millions of sensors through the IT infrastructure, is making the relationship between these dependencies increasingly opaque and the need for visibility without borders using the power of smart data more strategic.
Liability and risk
While most businesses welcome digital transformation as a way of improving their operational efficiencies and customer experience, its inherent complexity now makes the potential for harm that much greater. There are very real consequences when new, sophisticated IT architectures and systems unlock access to new data frontiers; enterprises may achieve greater speed and agility, but there is the potential for more to go wrong.
The Center of Democracy & Technology noted in a report that the piling up of software defects in emerging smart technologies can put the commercial viability of enterprises at risk, not to mention the well-being of the people that use these technologies. As these technologies become ever more ubiquitous, this issue will only become bigger. In Los Angeles recently, a class-action suit was brought against two e-scooter operators whose cloud-based apps enable the identification and unlocking of available scooters, along with manufacturers Xiaomi and Segway, following claims that the companies were responsible for personal injury and property damage.
Indeed, aware of the potential vulnerability of IoT technology, the State of California recently passed a bill that requires manufacturers of devices that connect “directly or indirectly” to the internet to equip them with “reasonable” security features, designed to prevent unauthorized access, modification or information disclosure.
While the issue of liability has thus far focused on device manufacturers, it’s worth examining the direct and indirect implications to the teams responsible for the creation of an application or service that are part of the product, such as an organization’s DevSecOps team.
Visibility and situational awareness
DevSecOps teams employ a security-focused continuous development, integration and deployment lifecycle model. The pace with which new functions and features are released when using this model presents inherent business risks. For example, when a function fails — due to load, latency or errors — it is tiny from a software perspective, but has a big impact on application performance. Microservices connectivity sprawl not only adds more traffic, but increases application time-out problems due to scale or logic. And as the innovation and deployment pipeline accelerates, bottlenecks within or between teams can restrict the overall flow of value to customers, increase the mean time to resolution (MTTR) and add operational costs. An effective way to reduce those risks is to have DevSecOps teams extract value from wire data — the traffic flow that comprises every action and transaction that traverses the enterprise. Continuously monitoring wire data and forging it into smart data during a development cycle and beyond — in real time — will provide unrestricted visibility into how applications and services work across the entire infrastructure and deliver meaningful and actionable insights for DevSecOps teams. The same smart data allows a common situational awareness to improve agility, reduce MTTR and keep up with the pace of change.
By providing relevant, actionable and intelligent data sets on events as they happen, smart data enables all teams — from developers to operations, security, QA and everyone in between — to work closely together while parameters continue to evolve throughout the development process, and while traffic flows from — and to — data centers, clouds and the network edge. Not only will this visibility provide enterprises with a “line of sight” into various interdependencies, the common situational awareness will go some way to containing product liability. Businesses will enjoy greater speed and agility, and be confident that any issues that arise will be dealt with before they can harm their brand or their users’ experience.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Two of the main themes echoing throughout the halls of the recent Money20/20 finance conference in Las Vegas were trust and identity. Knowing that you are who you say you are has become trickier than ever. According to Javelin Strategies, in 2018, identity theft and fraud hit a new record high, costing the U.S. consumer $16.8 billion dollars. In 2018 we watched wild-eyed as everything came under attack, from our Facebook accounts to our mobile devices to our election votes.
The fastest growing fraud is in card-not-present transactions. Online purchasing by typing your credit card number or making a mobile payment is prime fraud frontier. Fraudsters have honed their “digital synth” skills to create fake digital consumers with false identities. Aite Group predicted that synthetic identity fraud will continue to grow from at least $820 million in payment card losses in 2017 to over $1.25 billion in 2020. Faster payment platforms will be prime targets as they continue to gain traction. The trick for retailers and institutions is to make the verification process for consumers feel natural and easy while doing their stuff better than ever.
As I walked the exhibit floor of Money20/20, I threw caution to the wind and became a personal experiment in just how many ways there are to verify your identity, especially for financial and retail transactions. I forked over my bodily credentials to more companies during that three-day conference than I had in the previous six months. I had at least two iris scans, four fingerprint checks, a voice check or two, a couple of face-detection sessions and numerous instant assessments of my creditworthiness.
In all seriousness, I walked away feeling somewhat reassured that new ways to use biometric, behavioral, big data and AI in combo will help us detect fraud with increasing precision and speed. Here’s some of what I learned:
- Liveness is important. Jumio is a biometrics company that’s implemented reputable facial detection systems. It compares your government-issued ID to your selfie as part of the onboarding process for companies that include Airbnb. Now, through a partnership with Facetec, the company can suss fakesters with more accuracy. Facetec adds a sort of video selfie to the process, creating a 3D face map that’s much more difficult to spoof.
- Two can be better than one combos. Many of the products combined biometric information. Sensory cleverly combines face recognition and voice detection. A voiceprint along with a video of the customer speaking a word is their authentication. Consumers can use this on their own devices. To try it out, go to the Google Play store and download Applock by Sensory.
- Malware can be beautiful. My inner artist was intrigued by BioCatch’s “The Art of Fraud,” an online installation of art depicting the spread of malware and fraud. The company is best known for using about 400 behavioral biometrics, including your handedness and which way you swipe on your phone, to separate potential fraudsters from the real McCoys.
- When to verify makes all the difference. Uniken takes a different attack. “Today,” said Bimal Gandhi, the company’s CEO, “our business MO is to connect and then verify, but we should be verifying and then connecting.” Uniken makes sure you are who you claim you are before the connection is made, hence minimizing the chance of damage.
- A smarter network. At Cisco, financial services industry lead Al Slamecka focused on how, over time, more and more intelligence will make its way into the network with products like the company’s Clarity. Scanning the network will reveal data flaws so we’ll more quickly understand data flaws.
- Am I an alien? It could have been the whirlwind speed of my “identity trip,” but I could not manage to get Princeton Identity’s iris scan to read my irises — it reminded me that iris scanning needs a well-lit room and wide eyeballs. Fingerprints are also problematic. Anyone who uses the fingerprint scanner on their mobile device knows there’s about a 20% failure rate whether it’s because of the angle of your finger or the smudge on your scanner.
- Finally, little known security fact. Socure assesses your identity through a variety of machine learning rules and data sources that go far beyond traditional credit scores. I happily gave them the usual name, address and date of birth, but when I looked at my worthiness, I had lost points for having a VoIP line. Fraudsters, it turns out, have a higher likelihood of using a VoIP line.
Bottom line? There’s a saying that goes “If you want a job, go into IT; if you want a job for life, go into cybersecurity.” It’s always going to be an arms race to keep one step ahead of the unsavory, especially as more payment devices join the internet of things. The best defense is all defense. Personal protection on your devices, big data culling for anomalies, more intelligent networks and faster reporting systems all play their parts.
As the holiday season approaches and more and more consumers begin shopping, comparing prices, and researching gifts online, cybercriminal efforts are expected to accelerate. Retailers and others offering connectivity to their customers need to pay particular heed to their wireless access points, which can easily and quickly be exploited by malicious criminals. These threat vectors are especially concerning, not only because of the risk that a compromised access point can pose to customers, but also because they can become a gateway for exploiting your corporate network.
As cybercriminals successfully expand their attack vectors, trying to keep up by expanding your security technologies is a proven losing strategy. Too many devices and protocols can often be just as bad as not having enough security in place. And yet, organizations need to be hyper-vigilant about security or they will forfeit their ability to compete in today’s digital marketplace — especially if they become victims of the increasingly effective and ruthless cybercriminal community.
What to watch for
Fortinet’s “Threat Landscape Report Q3 2018” revealed important trends in mobile and IoT threats. Forewarned is forearmed, so these insights will help retailers be prepared for what’s ahead.
Mobile malware was on the move in Q3, with Android variants ranking in the top five of Fortinet’s Weekly Threat Briefs several times. The Agent family in the Android panel sits higher on the volume scale than any other family of malware and for any other platform. And according to the FortiGuard Labs team, that has never happened before.
There was also a decidedly IoT theme to last quarter’s report — more so than any previous quarter. The scale of attacks recorded against IoT and consumer devices is huge. More than 1 billion attacks against routers were reported. DVRs and NVRs suffered more than 10 million attacks in Q3, and exploits against IP cameras, network-attached storage, telephony and printers all numbered in the millions.
- IoT botnets rose to notoriety in September 2016 with the advent of Mirai and the 600,000 infected IoT devices under its control. Mirai’s main method of propagation was finding IoT devices and then brute forcing the target’s login credentials. Over time, this approach evolved into vulnerability exploitation of IoT devices, resulting in current IoT botnets commonly containing multiple exploits.
- The variant OMG turns infected devices into proxy servers that can be rented to individuals who want to be inconspicuous through the use of multiple proxies. IoT botnets have also begun to implant cryptojacking malware in infected IoT devices. Another risk posed by IoT botnets is the potential for infected devices to be rendered useless, including everything from laptops and medical devices to smart TVs and coffee machines.
Protection for the holidays
As devices multiply, so does the need for stronger security. The total number of company-owned mobile devices in use increased 2.5% from 2017 to 2018. This doesn’t include the expanding volume of personally owned mobile devices connected to networks as a result of the 72% of organizations that have a BYOD-friendly policy.
Because cybercriminals understand that mobile is an easy target for infiltrating a network, security leaders need to ensure they have the appropriate controls in place to protect those devices, especially at their wireless access points. This requires that wireless access points and mobile security services be fully integrated into next-generation firewalls. You can further enhance establishing visibility and controlling access to your network using a third-generation network access control system.
Those who offer omnichannel retail experiences can protect themselves from trending threats ahead of the holiday season with these additional steps:
- One in four firms reported mobile malware last quarter. Unfortunately, such devices often don’t have the level of control, visibility and protection that traditional systems receive. Effective mobile security strategies must deal with this reality through mobile application controls and malware protections built into the network to cover any device, anywhere.
- To defend against IoT botnets, organizations should pursue options such as the offsite storage of system backups, deploying redundant systems, keeping devices updated, baselining and monitoring traffic — especially between network segments, and using real-time threat intelligence.
- Several exploits targeting IoT devices topped Fortinet’s charts this past quarter. The “learn, segment and protect” approach can help quell this cybersecurity storm. It starts with learning more about devices connected to networks, how they’re configured and how they authenticate. Once complete visibility is achieved, organizations then need to dynamically segment IoT devices into secured network zones using customized policies. Segments can then be linked together across the network — especially at access points, cross-segment network traffic locations and even into multi-cloud environments — where security tools are able to monitor, inspect and secure cross-network traffic.
In addition to remaining vigilant for new threats and vulnerabilities, don’t lose sight of what’s happening within your own environment. Basic cyber hygiene is perhaps the most neglected element of security today. Continually removing unnecessary services, stamping out vulnerabilities through patch and replace strategies, and maintaining good order isn’t the most fun or interesting part of security, but it is critically important nevertheless.
A decade after the advent of IoT, the pundits’ technological forecasts are certainly upbeat in terms of the products and initiatives on the table and in the pipeline. That said, we’re still a long way from those 20 billion connected devices that the experts talk about for 2020.
IoT promises us a totally connected world with information from elements and use cases we can’t even imagine today. We are not talking here only about connected homes, smart offices or autonomous vehicles, but rather changing the very way we interact with surrounding objects, whether at home, at work or during our leisure time.
This scenario, in which practically anything in our surrounding world is connected to the information-sending and -receiving cloud, throws up a slew of challenges whose solution is revolutionizing many sectors of today’s society. The most important challenges posed in recent years are the following: connectivity needs, computational demands and lack of standardization.
Device connectivity and bandwidth was one of the main challenges technology had to take on. In many cases, the need was simply eased by turning to an existing Wi-Fi network or by using the cell phone as an access point. On other occasions, for example in open-country deployments, the answer is more complex and two approaches are now beginning to be used:
- Intermediate gateways to exchange information with the cloud from adjacent nodes by means of connections like Zigbee or LoRA. This movement favors the use of fog computing and companies are now starting to transfer part of the computation to these devices, even going so far as to transfer part of the cloud to the last mile of communications.
- New Sigfox- or NB-IoT-type narrowband communication technologies, which enable the sending of small information packages.
Information processing and cloud computation needs are now being driven and fed by the advent of platforms and services provided by market players like Microsoft Azure, AWS, IBM and so forth, or platforms like Fiware, Carriots and Predix, which can cater to the huge amount of data received from IoT devices. These platforms facilitate the necessary scaling of applications and favor the use of IoT with very affordable prices. Especially noteworthy in platforms of this type is the use and fostering of the “function as a service” concept, where the platform runs a code fragment without this forming part of a complete project or microservice, allowing automatic scaling to suit the particular load in each case.
Finally, one of the stiffest challenges yet to be met is the lack of IoT standardization due to the dizzying speed with which previous players developed and launched their services. This means interoperability is one of the greatest challenges faced by this technology.
Knock-on effect on other technologies
IoT technology has favored the development of other technology which had been stalled until recently. Take the case of artificial intelligence, which has revived on the strength of the huge amount of data that can now be obtained from IoT systems. This has had a big knock-on effect on operational efficiency, ranging from predictive maintenance and logistics to process optimization.
Big data is another of the IoT-driven technologies, enabling us as it does work with sensor data that fits in with big data requirements, i.e., variability, since data of diverse type is generated (numerical readings, soundwaves, images or videos); speed, since the readings are often obtained in milliseconds; and volume, given the great amount of connected devices.
New technologies are now cropping up around IoT, further driving its advance. A case in point is edge computing. This technology is used to ensure device data is processed as close as possible to where it is generated instead of being sent up to the cloud. IoT service providers are developing gateway-deployed software development kits that offer a subset of cloud functions, thus facilitating data processing without having to pay the cloud “toll” and often catering for the needs of latency, computation and security. They really come into their own when device connectivity is poor or in cases involving latent information processing, in such examples as augmented reality, smart cars, financial services or manufacturing — in short, in environments where every millisecond counts.
In this scenario, gateway manufacturers are endowing their devices with higher computation capabilities. This in turn calls for their virtualization to turn their capabilities to the best account, isolate processes and facilitate their administration. This leads to the advent of IoT device virtualization technology like VirtualPAC, which enables software to be remotely virtualized, run and deployed in industrial PLCs and gateways, facilitating and optimizing the operation of plant equipment across the board.
IoT’s influence on digital transformation
Reduction of the purchase cost (in equipment, bandwidth and processing) and the abovementioned technology show that IoT is nowadays playing a key role in the digital transformation of a great part of the business fabric. It currently offers much finer granularity in the management of production and, in the future, will improve the control and predictive management of these processes on the strength of the digital twins.
Industrial environments are without any doubt one of the great drivers of IoT, even producing a further breakdown into industrial IoT. This environment poses some important challenges, especially raising awareness of the crucial nature of cybersecurity in IoT devices to ensure a more secure future. This awareness-raising must take in not only the domestic environment, where the devices habitually used are as affordable as they are insecure, but also the industrial environment itself, where IoT equipment now forms part of productive processes and any security gap could lead to a loss of information and competitiveness and even endanger human lives.
We at GMV have seen a great technological revolution around IoT in recent years. In particular, the industrial sector is calling for new use cases and applications that, working under the main cybersecurity paradigms, favor not only an increase in market efficiency, but also turn IoT into one more tool for developing new business models, allowing industrialists to be more disruptive and win a bigger market share. In this scenario we see how technology is now meeting many of the expectations that had cropped up recently; it is changing the way society interacts with itself and its environment and spawning new and thrilling challenges that spur and goad our creativity for providing our clients with the best possible solution.
A new industrial age is being propelled by companies wanting their assets to generate more revenue without further investment or infrastructure upgrades. Artificial intelligence and the industrial internet of things can make this a reality. With a system intelligently assessing conditions that affect manufacturing processes — driven by a flow of real-time data from connected devices — machines can learn and the environment itself can “make decisions.”
This allows operations to improve with little or no direct involvement from personnel, leading to lower costs and downtime, and an ability to produce faster, as well as a slew of other benefits.
Sounds good, but there’s more to this.
Large data sets are too time-consuming for standard analytics to process, especially if attempted manually. AI is used to find correlations and the cause to specific processes. Add in a good application performance management system and AI algorithms can offer advanced analytics that deliver a clear view of business outcomes, even what the future may hold.
It’s an exciting time and a lot of companies are ready to rush right in. But if AI was simple and success guaranteed, everybody would already be on board. It’s an evolving field, and if not done right, it can go very wrong. Before turning these new technologies loose, consider the following questions.
1. What are we trying to solve?
Not identifying key business pain points to solve is a reason many AI pilots flounder. The thing is, even when these initiatives appear successful, they will stall at some point. You have to know what you’re trying to achieve and, most importantly, make sure leadership is aware. This will enable you to continue, despite obstacles. Here are a few examples that grab executives’ attention and commitment:
- Reduce unplanned downtime: Forecast performance metrics and schedule maintenance to keep operations up and running.
- Reduce energy costs: Take advantage of off-peak energy prices.
- Reduce production material cost: Purchase and use resources more cost-effectively, such as lowering chemical dosing amounts.
2. What improvements will be reached?
When pilots succeed but don’t progress, it’s often because results weren’t as powerful as anticipated. The fact is results are still positive even when performance improvements weren’t obtained but a clear reason why is determined.
The challenge is to find a project with which everyone feels comfortable — getting some kind of pilot off the ground just to get an evaluation started is actually reasonable. This is where concrete, meaningful improvement goals become important. Your solution provider should lead this charge since they know what’s possible.
3. What access to data will you have?
When it comes to data, three key aspects make up the backbone of an AI project — quantity, quality and access. AI projects use historical data in order to train algorithms to predict future outcomes. The more data the better. It may not all come into play, but data scientists will want to tease out any and all correlations and look for causal effects, so access is crucial.
Even so, while less data poses challenges, project goals can still be met. Even gaps in data — such as a lack of one or more sensor inputs — can be overcome. It’s important to know what you have to work with, so bring in a data science team to conduct an investigation before beginning.
4. Do we have data scientists and subject matter experts?
It’s important to involve, and have strong collaboration between, data scientists and subject matter experts (SMEs) who understand the process to be optimized. Without this, the project will likely fail. Some solution providers have good AI expertise, others have SMEs. These types of projects require a combination of both.
5. How do we proceed?
There’s a lot of approaches you can take to evaluate and execute a plan. Do you involve an analytics company if have your own SME? Should a consulting engineering firm organize the project? Do you get a one-stop solution provider to do the whole thing?
All of these are viable options. The key is to know the analysis can be done, and access to historical and near-real-time data is crucial.
Data analysis should be completed and vetted up front. Your team or provider must be able to tell you, within certain limits, that you’ll get the prescriptive recommendations necessary to meet your project goals. If a significant payment is needed before any analysis occurs, you could be funding someone else’s learning curve.
Improving your processes is a process. The key is to be realistic, patient and persistent.
The fourth Industrial Revolution, or Industry 4.0, is well underway. Emerging technologies such as artificial intelligence, augmented and virtual reality, wearables and autonomous vehicles are making sizeable advancements and becoming a part of everyday lives and business.
These emerging technologies all create a lot of data, data that needs to be protected. Connected medical devices transmit sensitive patient information and are also responsible for keeping people healthy and alive. Connected power plants and other critical infrastructure transmit sensitive information and are also vulnerable to attacks. The list goes on. Not only are these technologies creating large amounts of data that require protection, they also require protection for the intellectual property (IP) fueling them. Augmented and virtual reality companies are creating helmets and goggles for civil and construction employees straight out of Iron Man. And there are states out there that are not above stealing this kind of IP, which raises the stakes as many of the world’s electronic components come from those states, adding extra pressure to manufacturers to keep devices secure.
This creates two situations where data, whose value is exponential to criminals, needs to be given extra precaution when securing both it and the devices producing and transmitting it, as well as protecting the intellectual property making them work. Data in transit and data at rest in these situations require heightened security through greater encryption and IoT security as well as high-assurance data protection environments to secure it when not in use.
IoT security efforts should focus on developing a dedicated plan to secure the IoT devices, especially given how an IoT architecture — with its disparate protocols, software and hardware — differs from the traditional enterprise network. Integrating IoT devices into enterprise networks will require new risk management strategies and updated operational security strategies with the level of protection for a given asset greatly depending on its use case and the criticality of the application it supports.
It is therefore essential for enterprises to establish a clear vision of the business need for IoT devices, validate the technologies with stakeholders (including security professionals), assess the risks, deepen their technical understanding of how the IoT system really works, and validate system operations and feasibility.
To be most effective, IoT security has to be a shared responsibility. Many security incidents could be avoided if developers and manufacturers were aware of the risks they face on a daily basis, considering not just those that affect IoT devices, but also those that affect the IoT environment as a whole and develop products accordingly. But connected devices are typically designed to be low-cost and built for a single purpose — not with security at the forefront. They often have limited memory and computing power, which means they can’t be protected by traditional endpoint security. Therefore, enterprises must fully vet new IoT devices to understand how much security is built in. For example, the device may have strong embedded encryption, or it may have a USB port. The administrative password might be “password,” providing an open invitation for misuse and abuse.
Finally, it should be noted that is impossible for every IoT system to behave securely at all times within every context. A good rule of thumb and a sound approach for enterprises is to always adopt an evolving security posture.
Opportunities for IoT innovation in mobility, smart cities and urban technology abound. There are a multitude of things to be discovered, systems to be developed and problems to be solved. IoT will shift the paradigm of how we work, when we work and ultimately how we interact with the physical world, blending the lines between virtual and physical. However, this brave new world doesn’t come without its share of challenges.
I recently sat down with Chuck Byers, principal engineer and system architect at Cisco, who has served as the lead architect on over 20 IoT products to get his take on where urban technology is headed — the challenges, the opportunities and his future vision.
What are the biggest challenges for IoT mobility, smart cities and urban technology?
The worst challenges out there are security and privacy. Security is a particularly nasty problem because the internet of things and actuators to the networks control capabilities. Up until very recently, we just had sensors. We just had data flowing into the internet without any vast opportunities for it to instantaneously affect the outside world. Indeed, we have data breaches (several very well-publicized multimillion-dollar losses because of those data breaches), but there was no physical harm; no humans got injured as a result of that.
Now we have things such as autonomous vehicles and chemical plants in the field that have actuators that can change the parameters of the physical world. As soon as those become part of the network and the control of humans is one level indirect from that network, then we start seeing stakes get much higher for security. Hackers have much more opportunity for mayhem if they can disrupt a pipeline or cause an autonomous vehicle traffic jam on the interstate. We need to ensure that the security of IoT systems is up to the job — trustworthy and appropriate for mission-critical, safety-critical and even life-critical applications.
A second challenge is the control of these networks. By control, I mean the installation, configuration and ongoing monitoring of all the IoT endpoints. Depending upon whose study you read, there may be 50 billion IoT endpoints in the world, even as early as next year. Moreover, think about what happens if someone has to select that security camera, type this IP address, click a bunch of boxes to configure its parameters and then push the download and start the camera button. Even if it only takes a minute to access each of these endpoints, that’s 50 billion minutes in person-hours required. Automation is necessary to make that system cost-effective and sustainable. There have to be universal, trustworthy plug-and-play interfaces that would make all of these things function interdependently. The ideal scenario: the technician bolts these devices to the wall and flips the power switch on while all the network connections, all the configurations, all the operational parameters and calibration operate without human intervention, at least 99.9% of the time.
What are the next frontiers of the IoT revolution and urban mobility/future cities innovation?
Four different technologies are particularly promising and vital for the future of these markets:
1. Wireless mobility especially 5G, advanced Wi-Fi and even various kinds of free-space optical communications. We have to continuously figure out how to connect things at ridiculously high bandwidths with ridiculously high densities, and that’s an essential enabling technology for all of these verticals.
2. Various forms of artificial intelligence, machine intelligence, deep learning and analytics algorithms. The technology has gotten to the point where the complexity of these networks is so high and the rate of change is so fast that humans can’t keep up. We need artificial intelligence and all its variants to support that. There are many growth areas associated with automation, automatic configurations and the analytics of these huge fire hoses of data that are coming off these huge arrays of IoT sensors.
3. Security and privacy. The GDPR, recently enacted in Europe, is going to be influencing the rest of the world. I would expect that there will be more teeth in national privacy legislation forthcoming. There will be a lot of interesting network problems associated with maintaining security and privacy, especially isolating designated recipients of a specific sensor stream from those who not authorized to receive that stream.
4. Distribution of intelligence up and down the network. Many IoT deployment models have these relatively dumb, relatively simple sensors and actuators out on the edge points. They also have a dumb network that hooks them to the cloud. Their model is dependent on the lion’s share of the work getting done in the cloud. It turns out that that’s probably a flawed model, because of concerns with latency, reliability, network bandwidth and a multitude of other reasons. Ideally, we should distribute the computation, networking and storage that are working those sensors and actuators on a hierarchy between the cloud and the devices. That’s variously called fog computing, edge computing, cloudlets or some call it mist computing. Regardless of the name, the point is that we’re going to be distributing the computational resources a lot deeper in the network than one would find today with a few dozen major web cloud data centers. It’s going to be the equivalent of a small cloud data center in every building, on every street corner and rolling in every autonomous vehicle. Consequently, there are substantial challenges associated with designing those networks, distributing their workloads and operating them reliably and profitably.
The automotive industry is in the middle of one of its biggest technological revolutions in a generation, and it starts with the internet of things IoT and telematics. The IoT-connected car is enabling manufacturers and service providers to increase the amount of technology found within the vehicle. Consider the fact that GPS navigation was once a premium feature packaged up within a car. Now, GPS maps are found in the palm of our hands while we’re talking about self-driving and self-parking cars already out on the road today. It’s a technological disruption that will only continue as innovations grow within the industry.
Yet, connected cars are about more than just driving and parking. Enhanced security features, including crash alert management, theft alert assistance, and breakdown call and assistance, need to lie at the heart of all telematics services.
Ultimately, connected telematics technologies are helping change the way vehicles act on the road while providing those within the automotive industry insights into their own vehicles. IoT enables the ability to monitor vehicles for safety factors, control costs by monitoring vehicle usage, increase fleet efficiency and deliver more responsive service to customers, enhancing the way drivers interact with other vehicles and the infrastructure around them. Doing so not only disrupts the auto manufacturing market, but the markets related to automotive.
For example, let’s look at fleet management. By installing a simple black box within each fleet vehicle, fleet owners can gain access to a cost-effective end-to-end system that provides global IoT services and access to a management platform. The combination of platform and connectivity enables fleet owners to remotely track and monitor vehicles’ locations and conditions via extensive reporting and mapping. This makes a wide range of insights available for the accurate management of information about the fleet overall. Crash reconstruction, remote diagnostics, fuel consumption and driving behavior information captured via IoT provides owners with powerful details that ultimately help manage fleets and empower the responsible use of their vehicles.
Beyond IoT’s ability to disrupt how fleet owners manage their vehicles, IoT also creates new opportunities for insurers. IoT services open up the possibility for usage-based insurance, which uses IoT technology to capture detailed data from in-car services. This functionality allows insurers to set and adjust premiums based on driving behavior or mileage, rather than previous claim history or demographics alone, helping insurers tailor products and services to individual drivers.
While drivers may not like the idea of their every move being tracked, it can ultimately help save them money in the long run while also improving vehicle safety and security. For example, if drivers understand their behavior on the road is being monitored and their insurance is priced based on their driving quality, they may refrain from aggressive driving scenarios, leading to a reduction in accidents. Further, connected technologies can also help insurers easily track and recover stolen vehicles.
Reliable, global connections through trusted service providers will be an important focus for the drivers, fleet managers and operators who are using connected services all over the world. Organizations will need to look for opportunities that enable end-to-end managed systems — including all service components, from hardware to telematics infrastructure to service operations.
As this automotive technology revolution continues to forge on, IoT services will be among the leading technologies helping reshape the way we think about travel and will open up endless possibilities for the entire transportation industry — beyond just the self-driving and self-parking car. Ultimately, IoT technology gives ambitious vehicle manufacturers, insurance companies and fleets a competitive edge.