Logistics today is governed by a set of principles called the seven Rs: the right product, the right customer, the right price, the right quantity, the right condition, the right place and the right time. Upholding these principles demands a Herculean effort. Luckily, logistics managers have some help from Industrial Internet of Things (IIoT) vendors.
In the logistics realm, the IIoT solutions employed by managers are embedded devices or sensors that provide the visibility and controls required to facilitate the proper management and transportation of goods. While they do a great job assisting managers, they lack safeguards against hacks.
It may not look like the most dangerous battlefield at first glance, but disrupting industries like logistics and transportation can have dire consequences on society. Ransomware plagues like WannaCry and NotPetya caused damages in the hundreds of millions to shipping giants Maersk and FedEx. Targeted attacks on IIoT sensors, like Very Small Aperture Terminal stations, are also possible, as evidenced by a group of cybersecurity researchers in 2017 who discovered that the configuration of certain ships’ satellite antenna systems left them open to cyberattacks. The researchers showed that a person with modest tools and know-how could hack into a Very Small Aperture Terminal equipped system and manually change a ship’s GPS coordinates or even take down the boat’s navigation system by feeding it a well-crafted piece of malicious firmware. One of the ships involved in the hacking experiment belonged to a private maritime security company and was loaded with ammunition.
Legacy and new tech is not a match made in heaven
Inventory management, warehousing and delivery in the modern supply chain is done using smart solutions that enable logisticians to visualize and manage goods in real time on a global scale. However, in logistics, smart solutions are often deployed alongside legacy systems, leaving gaps that bad actors can exploit.
Monitoring, process automation, vehicle tracking, inventory management and transportation all rely on an array of disparate technologies that lack on-board security safeguards. These smart sensors — estimated to be 40 billion strong by the year 2022, according to Statista — will greatly expand the attack surface for bad actors, resulting in hefty losses and even potentially putting lives at risk.
IIoT-based solutions have reinforced competitive advantages and are spawning new business models, according to a paper on IIoT-Connected Railways from researchers at the University of Coruña. However, these new developments come with a hefty dose of risk. The researchers explained that operational inefficiency, the lack of infrastructure and interoperability, high initial cost of deployment, and the integration complexities over legacy systems and the network, may prevent growth in the railroad industry.
The report states, “Legacy infrastructure, aging communications systems, and the slow adoption of automation and protective technology in this scenario pose enormous safety risks. Related to the issues of safety and connectivity is security. As rail systems rely more and more on wireless connectivity, they become more vulnerable to outside interference, intrusion and cyberattacks.”
The consequences of even a small disruption are exponentially more severe as trains increase in power, connectivity and speed, while carrying valuable freight or passengers. Those who operate mission-critical systems cannot afford compromising safe operation because of a single electronic node infected with malicious code. Strong security has become a fundamental requirement for mission-critical systems.
An inherent insecurity syndrome
IIoT solutions do a good job providing logistics operators with real-time visibility on monitoring and the movement of goods. This ensures that each item arrives on time, at the right place and intact, putting managers on track to uphold the seven Rs of logistics. Ironically, visibility is completely absent from a security perspective. IT staff have no way to assess the security of these embedded devices and are therefore unable to accurately check if these gadgets have been breached, infected with malware or recruited in a botnet for a distributed denial-of-service attack.
IoT systems in general — not just the industrial type — suffer from inherent insecurity, such as default credentials and an inability to patch firmware, which means traditional security solutions cannot defend them against cyberthreats. If recent hacks on government institutions, hospitals and schools are any indication, such attacks will not only increase in numbers, they will surge and extend into every industry imaginable.
Supply chain attacks, where hackers essentially poison trusted apps with malware, can be replicated in the IIoT realm just as easily and with even more devastating consequences. Imagine a motivated threat actor hacking an entire fleet of IIoT devices remotely, feeding them tainted firmware while still in production. As the vendor preps them for shipping, clients are completely oblivious that they are about to purchase systems already laced with a backdoor that the hacker will use to deploy his attack when the systems go online. In the case of logistics operators, orders of IIoT devices can reach thousands of units, giving attackers a tremendous attack surface and the possibility to wreak havoc.
One such device is the telematics gateway unit, a compact high-speed on-board vehicle and machine communications device for telematics and diagnostics functions in industrial vehicles. Exposed to the internet with public addresses and no authentication, telematics gateway units can be easily found in Shodan listings and can be abused remotely. Attackers can get the exact location of the vehicle in real time, change the mission route and even cause the vehicle to get a ticket by tampering with the recorded speed parameters.
Define anomalies outside the norm
To address this challenge, cybersecurity experts have devised a network-based approach to securing IIoT hardware.
Enter network traffic analytics, the technology that promises to assist IT departments in defending their network against hacks without the need to install an agent.
The effectiveness of network traffic analytics stems from the ability to model a behavioral baseline for devices and applications on a network. By comparing new observations against those baselines, security analysts gain actionable insights about potential threats. This includes threats that have never been seen before, as opposed to signature-based methods, which only identify known threats.
A state-of-the-art network traffic analytics deployment draws from threat intelligence collected from millions of endpoints globally, and combines this knowledge with machine learning models. The deployment then analyzes the network metadata in real time and accurately reveals threat activity and suspicious traffic patterns. Network traffic analytic solutions that support JA3 — a standard for creating SSL client fingerprints — can also analyze encrypted data without decrypting actual data packets and ensure compliance with data protection and privacy laws. Finally, automated alert triage reduces noise and provides readable context to reduce the investigation time and increase the effectiveness of security operations and incident response teams.
By tapping into network traffic analytics’ potential, it becomes possible to secure the mix of legacy and modern logistics solutions, saving time and money for everyone and ensuring smooth transit from manufacturers to logistics managers and all the way to the user.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
If you’re going to get a full chorus to sing the same tune, you have to make sure everyone is singing from the same songbook. But how do you write the lyrics when there’s no one-size-fits-all answer to creating an IoT solution?
It’s true; the usual straightforward technical challenges in IT projects become adaptive in IoT deployments, meaning they are often open ended and ill defined.
No matter what challenge you’re looking to tackle, I’ve found one way to keep an IoT design and development process in harmony: check that every choice you make is laying the foundation for delivering insights. Insights are guidance you need to make and take actions to better your business. That’s the only way IoT can go from buzzword to business transformation.
Here are the notes you need to hit to structure your system for insights:
Blend your business infrastructure with PaaS and SaaS solutions
Any device, data and systems you want to connect — whether they are devices, sensors and gateways, internal data systems or external data streams — should blend seamlessly with an IoT platform. How would rideshare companies succeed if the smartphone GPS didn’t integrate with their platform to provide a strong user experience, while also linking with internal dashboards to track operational excellence metrics?
For your business, that means looking for the basics like multi-protocol connectivity, an easy-to-use toolkit and hardware support along with more advanced integration of AI, predictive analytics and data visualizations. Those last three are especially key if you want leading edge insights that are better than your competition’s.
Make sure the platform you pick is flexible and scalable
Data is more powerful once aggregated and analyzed for better identification of issues and real-time reporting. The only way to do that over the dozens of possible use cases in your business is to build on a flexible platform that also supports interoperability.
To assess flexibility, ask a platform provider questions, including where can I host, what role-based access options do I have, what API access do I have, what customer bases does your platform cater to, what data exports can I do or does this platform work across use cases. Flexibility among these allows you to bridge gracefully from proof of concept (PoC) to perfect implementation, avoiding PoC purgatory along the way.
Search for stable cloud services
Often organizations will purchase or develop the perfect platform for their most pressing use case and build an IoT system around this. However, if that company goes out of business or if business priorities change, you could be stuck holding the bag with a technology platform that’s not adaptable to changing business needs.
While proprietary systems have many advantages, cloud-based platforms backed with big players in the space, such as Microsoft Azure, provide your solution with a scalable and secure back-end for all of your customers’ data and business logic. Plus, an insights-focused system that uses specialized analysis and rules processing with custom logic is easy to build on best-in-class technology.
Don’t forget to consider edge intelligence
We all know everything is moving to the cloud. But in high pressure situations like hospitals, you can’t afford any hiccup with latency. Even a few seconds of delay could mean the difference between life and death. If you want your IoT solution to move beyond what’s happened and begin sensing what might happen next, edge intelligence is crucial. While AI adds massive benefits, AI at the edge makes this happen in an instant. Not only do you shrink your latency envelope to milliseconds with edge intelligence, but this instantaneous connection also often means lower power and lower cost.
A platform needs an edge gateway or a ruggedized server to aggregate sensors, perform local processing and integration and upload data to the cloud. This is how you get strong insights today as well as even better insights as your deployment goes on.
Finding the right conductor is critical
Your customers use web and mobile apps and data APIs to manage infrastructure, optimize operations and reduce costs. A strong design and development phase will include database implementation basics that create schemas, define relationships and constraints and create the required views. That’s not all you need to do, though. You must ensure that users, device, firmware and stores management sync with any custom modules you layer on top for your particular use case. It’s these small but mighty technical details that ensure the decisions made in design and development produce the insights you need when you hit deployment. The right vendor partner can illuminate the possibilities and ensure all these details work in harmony, much like a conductor or producer does with your favorite songs.
Why? IoT is not a vertical market, an application, an environment, a use case, a segment, an industry, an audience, a product or a technology. IoT is how connected objects produce data that can lead to actionable insights for your business. It’s best to consider those insights from the beginning when constructing your IoT solution to ensure it is a perennial favorite rather than a one-hit wonder.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
It often feels like our connected devices are alerting us too frequently. When we have this firehose of signals, it becomes overwhelming and eventually makes us not care about the alert anymore. Now imagine this feeling multiplied to the scale of a smart city.
For an IoT revolution to truly take off, organizations must use AI to turn signals from connected devices into business and operational insights. This will move IoT from an on the cusp technology to something that significantly changes our culture.
When we turn IoT sensor signals in a physical environment into insights, we achieve the next level in the connectivity revolution. The internet and AI no longer live just in the screens of our devices. Rather, they live all around us, effectively digitizing the physical world.
Understanding regular behavior is key
It’s predicted that there will be more than 64 billion IoT devices by 2025, an increase from 10 billion in 2018 and 9 billion in 2017, according to Business Insider’s “IoT Report: How Internet of Things technology growth is reaching mainstream companies and consumers.” As connected devices increase, so will notifications. We need to better understand normal behaviors in given locations to ensure these notifications add value, and AI is crucial in tracking this timeline.
Let’s say during regular hours, a connected sensor on the storage room of a small business opens 30 times instead of the average ten times. Or an elderly parent with the same daily routine isn’t following it as usual, and this is picked up by strategically placed, non-invasive sensors around the house. AI can be used to build an intelligence layer by learning regular behavioral patterns, and then provide a suggestion or alert when something might be out of trend. This enables IoT devices to connect into a lifestyle seamlessly without businesses or users having to think about it.
As an industry, we need to talk about intelligent use cases like these, and not just show off clever gadgets. Otherwise, the value and potential adoption of IoT will not be realized.
From behavior analysis to predictions
Beyond looking for irregularities, an AI layer can also be used to give predictions of what might happen in the future and change depending on the proposed outcome. Notably, it can make a connection between various sensors that humans can’t comprehend.
For example, take a look at a smart city. With a mix of noise and motion sensors, a city might be able to detect that a previous pattern led to a large gathering a few hours or days later. AI can give an alert of a probable event in the future and call for closer monitoring. This connection creates a next step prediction that can be executed on.
Once sensors are widespread, everything will be tracked and key performance indicators created in the physical world, much like they are on an e-commerce website such as Amazon. Physical locations then have the same efficiency as online shops. We can predict when people might come and go, how long they are engaged and better understand behaviors.
Digitization of the physical world relies on communications providers
Even with better intelligence, the IoT revolution is nothing without trillions of connected devices and seamless connectivity. The next step in the physical-to-digital revolution rests on the shoulders of a communications service provider (CSP). Beyond implementing the right technologies in the cloud, CSPs will play a significant role in the physical deployment of sensors, and taking these solutions to market with enterprises and customers. This adds another layer of services beyond traditional connectivity.
Further, large scale use cases such as smart cities and campuses will require more integration than anything we’ve seen before. It requires a facilitator to gather insights, create hotspots, enable consumer services and onboard devices to networks, care and maintenance. In their ability to provide this direct integration, CSPs will have a pivotal role. However, they’ll need to stake their place in the value chain now. If not, they lose the opportunity to scale beyond faster pipes and monetize this revolution.
There is so much waste in not understanding our surroundings. When we do understand it, it makes everything more efficient and also makes us more knowledgeable. We can have safer cities, smarter buildings, more sustainable environments and better support for our communities. This is where the real impact of IoT will shine through.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Businesses continue to demand easy access to larger, more detailed quantities of data because the initial capture of information on products and areas of the supply chain only scratches the surface of business opportunities that data can provide. There are vast amounts of untapped value from many resources that can drive forward strategic success, and businesses can monetize their data through intelligent IoT deployments, particularly within the cold chain retail environment.
Achieving value with context
IoT sensors enable companies to collect and store data across all departments and in a range of parameters. To improve business operations in the long term, context must be added. The process must move past simple information collation into a cloud-based database to an environment that revolves around edge computing systems that strive towards a profitable purpose. For instance, within the cold chain retail environment, this sort of application is used to convert data from sensors into actionable processes that work to reduce food waste, improve food quality and transform energy consumption.
Cold chain benefits
For food retailers, the ability to analyze data effectively on site through edge computing can be profitable. By gaining insight into the operational performance and temperatures of fridges in real time, cold chain managers can make informed and intelligent decisions that affect both the company and its customers. For example, immediate action is crucial to prevent food waste due to a faulty refrigerator. IoT deployments that react instantly to temperature sensor readings equip managers to reduce damages and costs from food recalls.
Integrating real-time analytics with predictive analytics of historical performance data provides businesses with the knowledge of when machinery is likely to fail before it does, which keeps food retailers one step ahead. By having this awareness, operational efficiency can be improved and initial problems can be addressed before they cause major issues. With equipment manufacturers intelligently brought into the loop and edge computing analysis suggesting suitable times for check-ups, businesses can avoid the shut down and repair step of machinery altogether.
The opportunities that arise from data are exciting, but there are still a number of areas to consider in detail for the deployment of IoT to be successful. As a business, ownership of data is something that needs additional thought. The supermarket, cold chain suppliers and the company that deployed the sensors clearly have ownership of the operational data. But can the product manufacturer lay claim to the product’s performance data as well? Additionally, data needs to be packaged in a way that is both secure and provides value to a specific third party. How is the additional data context to be added, and by whom?
However, the promise of IoT has so far been its downfall, with businesses expecting to be able to transmit large data sets to a central point for analysis — something that is simply not possible, even with the bandwidth of 5G and similar. Even though IoT was meant to leverage data to drive local decisions and improve local performance, it’s simply creating another huge resource at a central point that at best adds to the depth of overall business intelligence. To take full advantage of IoT deployments, retailers must embrace edge computing and ensure analysis specifically focuses on clear missions, such as eliminating food waste within the cold chain.
To be able to truly monetize IoT to benefit the cold chain and create true value, it is fundamental to layer data sources over the original insight that is provided by sensors. A variety of aspects must be taken into consideration, such as the implementation of an effective data model and the provision of context and succinct business direction to ensure IoT can become the compelling new value stream that businesses are crying out for.
It’s the interconnection that will be crucial for cold chain success and sustainability on top of that. Supermarkets and cold chain stakeholders can move beyond simple data collection to overhauling customer safety, dramatically lowering risks from food spoilage and ultimately improving their supply chain and business operations.
A decade ago, cloud computing was creating a ton buzz in the technology marketplace. Today there is a similar amount of excitement around edge AI.
Edge analytics is a fundamentally different approach from what we’ve seen in previous years. During the cloud era many enterprises focused on creating centralized cloud-based data processing and analytics systems. In contrast, edge analytics architectures store, process and analyze data in real-time. This approach offers benefits like reduced network burden and connectivity costs, reduced storage and database management costs and, most importantly, real-time data crunching and analysis.
There is huge potential for this emerging technology across industries and a mix of different IoT applications.
For example, an energy management company using different sources of power — such as renewable, traditional grid generators and battery — can use edge analytics to optimize use. If solar energy supply falls in one location, the system automatically increases power supply from another source. If a cheaper source is available, the system shifts to a more optimal source for that location. A similar value can be seen in medical tracking and monitoring tools, which provide the patient and a medical professional with instant notifications if any issues arise.
Edge AI is ideal for instances in which mission critical data requires near real-time decision making at the device level. In these cases, the end device is not only a collector of data, but an almost autonomous system often equipped with machine learning, so that is to be able to make decisions on its own. Connected cars and vehicle-to-everything, or V2X, communications require edge AI capabilities for automated hazard warning, collision avoidance and congestion avoidance systems. These instances can’t afford the time lag thatdata takes to travel up to the cloud for analysis to make the right split-second decision.
Edge AI is also effective in cases where constant cloud connectivity is simply not available. The ship engine agnostics company MAN PrimeServ uses AI on the edge to monitor and evaluate data from ship computers on-board while at sea, because sending this mission-critical data to the cloud would be too expensive using satellite connectivity. When a ship returns to shore, computers transfer the data to the cloud using cellular connectivity.
While there is clearly great potential in edge AI, organizations must also overcome challenges. The biggest question organizations must answer is whether IoT devices that are already deployed have the capability to become more intelligent. That is, are they able to support edge AI applications and take actions based on that intelligence?
The other major concern with edge AI is security. When you give end points more control over data, they become a target for cyberattacks. To overcome this issue, organizations can equip SIM cards with solutions that would improve device authentication, network policy controls to limit what data sources the devices can reach and ensure security for IoT data in motion.
Solving the security issue alone will require a lot of additional compute, and the more functionality you put on the end point, the more power it will consume. All of this requires significant investment, so you need to determine if the benefits of real-time intelligence and decision making will outweigh the cost of turning existing IoT solutions into edge AI solutions.
Ultimately, it all depends on the use case, including desired objectives and value creation gained. If real-time decision making isn’t required, the investment isn’t likely to be worth it. If it does, you may be better off using an IoT gateway as an intermediary between the existing IoT end points and deploy edge AI on that gateway instead. In industrial IoT applications, this gateway sits between the machine-to-machine endpoints on the factory floor and the cloud. The machine-to-machine endpoints can then leverage the data analytics and decision-making capability of the IoT gateway in real time.
Because we’re dealing with nascent technology, it’s important to balance the excitement with some pragmatism. The cost of adopting edge AI may outweigh the benefits of real-time intelligence and decision making in some use cases, so this is the first point to consider. You must ask other questions to before adopting edge AI including: what do you want your IoT application to do – just collect data or make decisions; does that decision making need to be immediate; or do you need data analytics on an hourly, weekly or daily basis?
When it comes to the Internet of Medical Things (IoMT), healthcare providers have powerful tools at their disposal for capturing and contextualizing vast troves of data useful for improving care outcomes and driving profitability. Securing your IoMT network is critical to not only the benefits of your connected devices and network infrastructure, but also prevent catastrophic digital attacks.
Globally, there are around 420 million connected medical devices in deployment, with a further 70 million or so devices expected to be installed by the end of 2019, according to BI Intelligence. With IoMT devices so prevalent, cybersecurity is fast becoming a critical success factor for forward-looking healthcare delivery organizations.
What is IoMT?
Before we dive into the strategic and technical details, let’s define our terms. The term IoMT generally refers to two groups of devices. The first group is connected medical devices like patient monitors, lab devices and in vitro diagnostic products.
The second group is made up of devices that support clinical administration and operational workflows, which includes assets such as nurse calling devices, label printers, sensors and controllers.
While it might be tempting to approach these technologies with a set it and forget it approach, the way in which you configure, maintain and interact with your IoMT devices can have a large impact on the security of your network. A review of more than 30 hospitals found that 61% of devices are at risk, offering would-be intruders no shortage of actionable attack vectors through which they can compromise your entire organization, according to CyberMDX .
Thankfully, some of the most common risk factors associated with IoMT devices can be addressed with a combination of software solutions and strict governance. These risks and their remediations include:
- Devices with default passwords: Set unique, strong credentials for all devices and services.
- Unpatched software: Set a routine patching schedule and monitor for urgent patching needs.
- Rogue software: Audit devices for rogue software and conduct uninstalls as appropriate; restrict permissions to prevent future rogue installs.
- Unauthorized network access: Configure the Network Access Control system with better defined and more vigilant security policies.
- Device misuse: Restrict internet browsing to pre-approved whitelisted destinations, allowing new destinations upon request.
- Malicious activity: Ongoing surveillance of your IoMT network to proactively identify and patch potential vulnerabilities, reducing the likelihood that attackers can compromise the system.
- Lack of containment: It’s important to not only prepare to repel attacks before they land, but to have controls in place that allow you to contain and expel them should they pass through your defenses. To this end, you should construct and enforce a network segmentation regime not only at the perimeter, but internally around endpoint groups that share similar clinical applications and network workflows.
The good news is that these risks can be largely marginalized with a little due diligence and strategic planning. The bad news is that, if left unaddressed, every device at risk represents a potential point of failure.
Real-world consequences of these vulnerabilities are significant
Data breaches are no small issue for any business, but healthcare organizations have even more to lose. Whereas other industries only have to worry about customer data, healthcare organizations must contend with the possibility that a breach can put patient safety at risk. A successful breach essentially opens the door for attackers to interfere with — or even shut down — the delivery of care.
In the healthcare industry, the cost of a data breach is roughly double the global average of data breaches in other industries. Some of the most high-profile healthcare breaches have seen millions of patient records stolen in a single instance, and all it takes is one vulnerable device to provide a malicious actor with access.
Establish a live inventory for asset management
The steep costs associated with a cyberattack should be enough to convince any conscientious healthcare provider of the need for a comprehensive and proactive cybersecurity strategy. Crafting such a strategy requires first understanding where the typical gaps occur and then moving to fill them.
Perhaps the most foundational aspect of your IoMT security strategy is automating inventory management of the connected assets in your deployment. Some sort of directory should be produced to reflect all the devices in need of protection and where they lay within your network topography. Once you have eyes on the whole of your digital domain, you can begin to intelligently plan for its sustained protection. In other words, you can’t secure what you don’t see.
The importance of automation
With a continually expanding network of connected devices, automation is key. Healthcare networks are becoming rapidly more complex, forcing some IT teams to fall into a keep the lights on pattern rather than a more proactive, big picture approach. Automation can boost processes across the board, saving time and resources while also increasing coverage.
Any automatic mapping solution should include high granularity device classifications, which not only account for a wide range of devices in detail, but also place those devices within the context of the organization and the wider healthcare ecosystem. For example, your automated mapping solution should recognize the difference between a device that captures personal health information and one that doesn’t. Your solution must then be able to prioritize the more sensitive devices from a security standpoint.
While automatically identifying and classifying medical devices according to the most predictive operational and cyber factors is critical to IoMT success; it’s also far easier said than done. With so many different variables interacting in a fast changing regulatory, protocol and human behavior ecosystem, rule-based, programmable logic alone is ill-suited to the task. In an effort to avoid a Sisyphean predicament, smart solutions often enlist machine learning technology to assist in the process.
Cybersecurity strategy and tool integration
Comprehensive IoMT management means that your cybersecurity strategy and tooling must integrate with your broader IT strategy and tooling, which must also integrate with your broader business strategy and tooling.
As far as security is concerned, it’s important that solutions complement existing capabilities, including adjacent systems, without compromising operational integrity in any way. This includes integration with the organization’s computerized maintenance management system, which helps better manage inventory and keep devices up to date, as well as your electronic health record system, practice management software and any other significant HIT tools used by your organization.
Seamless integration is a must to ensure that data is shared as effectively as possible, and that day-to-day workflows are not disrupted by the introduction of a new, incompatible technology.
Operational analytics grant insight
To maintain security and move toward operational excellence, you need a mechanism for contextualizing the expanding troves of data captured from each connected device in your IoMT network. An ongoing risk analysis framework needs to keep pace with the real world as threats evolve and new vulnerabilities are discovered.
Machine learning can and should be used to automatically flag potential vulnerabilities or anomalies, and notify the appropriate managers, so they can respond quickly. You should not only receive actionable insights on the individual device level, but in the aggregate as well, presenting a departmental and organizational overview of your risk profile.
Effective operational analytics gives your organization the ability to prioritize potential threats and work to fill security gaps before they’re exploited. An ongoing automated risk analysis mechanism means your team will continuously reprioritize and refocus its efforts as needed.
Proactively defending your IoMT network
In a dynamic healthcare environment where more data is generated, stored, tracked and analyzed than ever before, cyberdefense becomes more critical with each new introduced technology. However, as networks grow, they become more cumbersome, which reduces IT teams’ abilities to think proactively and stay a step ahead of attackers.
Combining automation with a system of best practices, policies and procedures is an essential step toward giving healthcare IT administrators the tools to implement forward-looking security measures every time a network expands and new IoMT devices are added.
IoT, also commonly referred to as connected devices and smart devices, has brought previously unthinkable benefits to our lives and many of the products we use on a daily basis. But it also delivers significant risks — particularly when it comes to cybersecurity and the device operating as originally intended.
Regardless of whether an organization manufactures consumer electronics — such as hair curlers and clothing dryers — or products for a business-to-business market, they should start with the big picture when it comes to IoT implementation: just because you can, should you?
Instead of just trying to keep up with the latest and greatest in technology and product development, manufacturers should not lose focus on the key purpose of their product or system. They should only consider making a smart device if it provides clear benefits to their core customer base. For instance, is there truly a benefit in hair straighteners being connected to the internet? Is the consumer’s life going to be richer if their refrigerator egg tray can tell them there is only one egg left? For the latter, there is a strong argument to be made for convenience and being able to shop more effectively and efficiently. The key is to know when the benefits outweigh the potential risks.
If a company decides to make a product a connected device, it needs to create it with the duty of care to customers that ensures the connected products are secure and remain fit for its intended purpose.
All IoT devices and systems are open to external threats, including those that do not directly have a safety or security function. Devices you may never have regarded as likely targets for cybercriminals, such as TVs, can be hit by potentially paralyzing hacks and computer viruses. In many cases these connected devices can open access to home owners’ networks and data contained therein.
To underscore this, in a 2018 report titled “Secure by Design,” the U.K. government emphasized that “cyber criminals could exploit vulnerabilities in IoT devices and associated services to access, damage and destroy data and hardware or cause physical, or other types of harm. Where these vulnerabilities can be exploited at scale, impact could be felt by multiple victims across geographic boundaries.”
An example of a connected device that has the potential to enhance the user’s experience and provide the type of convenience that seems to epitomize the IoT are smart locks. Smart locks are often connected to smart speakers and apps on smart-phones; while they add a tremendous amount of convenience and control, they also are at risk of cyberattack. What if they were hacked? As technology gets smarter, so do criminals. This is a simple example based on a residential application; the implications are amplified exponentially when applied to a commercial setting.
There are also risks associated with something as seemingly benign as a smart refrigerator; imagine if someone decided to adjust the temperature of your refrigerator, all the refrigerators in the neighborhood or at a grocery store or at a distribution center?
Minimal human intervention, maximum catastrophic impact
Research group Gartner estimates that there are already 8.4 billion Internet-connected devices in use worldwide, generating revenue of $2 trillion, and that by 2020 there could be 20 billion such devices worldwide. A study of 400 small businesses in the U.S. that use connected devices found 48 percent had already experienced at least one IoT breach. Additionally, the research showed that among companies with annual revenue of less than $5 million, the costs of IoT hacks equaled 13.4%of revenue. For larger organizations, these unwelcome costs ran to tens of millions of dollars.
For devices and systems that communicate with each other and learn and act with minimum human intervention, the impact of breaches can be crippling, resulting in maximum catastrophic impact.
IoT adoption continues to explode and could be even more transformative if not for widespread concerns about the security of enabled products and systems. One way for companies to assess whether their products should be connected would be to start with sales and marketing business units and not the technical teams. Sales and marketing teams have the best pulse on the customer, market and industry and can help clearly identify what value your IoT products bring to customers through this technology. Then turn it over to the technical team to consider how best to implement it, rather than the other way around.
It takes more than a secure password and encryption to make a secure IoT system. A range of basic issues must be addressed. IoT devices need to be tested against an internationally-recognized set of protocols and the product’s intended use should also be verified. It does no good for a lock, for example, to be connected to the internet if it doesn’t work for its intended purpose. Verifying both the fit for purpose and the security of device connectivity will help build trust in the device and you as its manufacturer.
Among concerns your business may face as a manufacturer or retailer of IoT devices is a rising lack of consumer trust in the whole system. More and more, consumers report worries about both security and the performance of IoT-enabled devices and systems, a trend that could lead to stalling sales and a downturn in mass adoption. To recognize this threat, it’s vital that security be implemented in the connected device’s design stage, rather than considered as an afterthought.
Avoid serious negative repercussions
Serious negative repercussions — such as legal action and fines, declining sales and profits or a damaged business reputation — may result from a failure by manufacturers to address IoT security challenges. At times, IoT manufacturers may be tempted to put form over function in their rush to bring a connected product to market. Without a thoughtful product development roadmap in place, a newly IoT enabled device may inadvertently leave your product no longer suited for its intended purpose and vulnerable to hacking, creating security and service concerns, and opening the door to organizational risk.
It’s clear IoT has the potential to undermine companies and their reputation, but when carefully considered, it can also be part of the solution, acting as a huge enabler in the key business resilience areas of information, operations and supply chain. Once you determine that IoT does add value and that it’s secure for your customers, seeking assurance can help businesses mitigate risks and safely accelerate time to market in highly competitive industries.
Pharmaceutical companies are facing uncertainty on a variety of fronts. To remain competitive, they must go beyond developing tamper-proof packaging and invest in tools and infrastructure to manage complex logistics while meeting high requirements for speed and reliability. While the costs of drug development is soaring, so is the risk of fraud, theft and other costly supply chain disruptions. Due to the distributed global economy, more individuals than ever are handling cargo, which increases the potential for nefarious activity.
Supply chain visibility is key to a safer pharmaceutical pipeline, but implementation is challenging. Amidst thinning margins, distributors must balance the increased pace of new drug development with evolving consumer delivery expectations and rigorous regulations. In this article, I’ll explain the pillars of a functional supply chain for those operating at the multi-regional level to a global scale.
Pharmaceutical shipments are fragile, environmentally sensitive and at high risk of theft. Rather than deploying a solution across operations, invest in the business units with the highest risk potential. For example, the most critical juncture in the supply chain is the handoff process when humans are involved. To mitigate theft, mishandling, and other errors, you can deploy smart tags and Bluetooth sensors.
These lightweight and low-cost trackers can be engineered to log a variety of environmental conditions. These include humidity, light exposure, pressure, NIST traceable temperature, motion, impact and vibration. Installed at the item or pallet level, these devices can alert operators when shipments may be damaged, stolen or need to be rerouted. There are also disposable trackers for shipments over air and sea when device retrieval is not required or possible. Trackers like these are difficult to compromise and can be synced with your data management software of choice.
While you might be unsure about integrating smart tags and sensors onto your legacy infrastructure as-is, there are a variety of providers who offer end-to-end subscription-based SaaS solutions. A SaaS solution relieves the complexity of integrating your devices with existing fleet and supply chain logistics systems and instead provides a seamless all-in-one place where your data and device management can live and operate.
Engage your fleet
Driver training is central to supply chain integrity. Drivers are at the front lines of keeping products safe by avoiding unnecessary stops and high-crime areas on their route and minimizing idle time. By investing in a centralized command center and fleet management applications you can provide real-time coaching and maintain shipment integrity across your fleet.
Continuous driver training is essential to maintaining pharmaceuticals within the correct temperature range. You can also prevent fraud and tampering at the pallet level, and receive alerts when operators are behaving suspiciously. Fleet management applications can be further integrated with advanced sensors and probes to gain a comprehensive view of shipment integrity. Shipping information, compliance history, and traceability can be leveraged to expedite claims and investigations, as well as to optimize future routes and inform training for your entire fleet.
Integrating fleet management and supply chain logistics technology decreases risk and lowers your maintenance cost via real-time insights into vehicle health. Rather than relying on drivers to self-manage details — such as confidentiality and prompt incident response — you ensure that drivers are compliant with your standards at all times.
Train your team
Amidst the rise of theft, fraud and shipment tampering, maintaining a single source of truth from the point of pack to patient is critical. However, you also need to invest in an accessible platform for easy day-to-day decision-making in the office as well as on the field.
Pharmaceuticals have a limited window of use, so it’s critical to ensure that they are disposed of and not redistributed on the black market. With a secure command platform, you can reroute damaged goods or dispose of them in an environmentally-friendly manner. You can also execute time-critical decisions to meet sudden fluctuations in demand, such as natural disasters and epidemics. With agile logistics enabled by telematics, you can easily repackage to deliver critical medications to those who need them most.
Provide adequate ramp-up periods for individuals with different skill sets so that they not only recognize the business value of IoT telematics, but can deploy these solutions with minimal oversight. Keep operators honest with regular check-ins and training. Also, replace the traditional handbook with an up-to-date web portal or mobile application to route queries and frequently asked questions. By investing in resources for your employees early on, you minimize the risk of major mistakes or miscommunication in implementing complex IoT solutions.
From a security standpoint, make sure that you set clear ground rules and expectations for BYOD and devices that operate outside of your internal networks. With IoT telematics devices and applications, you can ensure instructions outlined in your contracts are carried out. Advanced location tracking and sensor tech can immediately notify you when there is a security breach, failure to follow driver rules and instructions, or accidents and natural disasters.
Employees will have greater peace of mind with adequate avenues to mitigate daily decision-making as well as oversight to avoid breaches of data or other compromising information. While breakthroughs in sensor tech, location tracking and analytics may be able to help you contain costs, it is up to your team to realize that return.
Interest is mounting among major drug supply chain stakeholders for real-time, interoperable supply chain management solutions to identify and trace certain prescription drugs as they are distributed within the country. In addition to minimizing human error in handling, IoT telematics and supply chain logistics technology ultimately improves the line of sight for shipments in transport, allowing you to make better purchasing decisions and develop proactive plans to react to data breaches, equipment malfunction and other crises. With smart investments in IoT telematics devices, applications and infrastructure, you can easily secure shipments while delighting your customers with reliable delivery and superior service.
When Wi-Fi was first released, it was difficult to imagine that it would become such an important wireless communication tool currently connecting billions of devices and counting. Wireless technology has freed electronic devices from Ethernet cables, but finding a solution to eliminate power cords and the need for battery power still remains.
A growing number of devices connected to IoT, including those with low-power consumption, continue to rely on disposable batteries. The demand for batteries is prevalent in local retail stores where not long ago an 8-pack of AA batteries was considered a bulk package. Now, it is not uncommon to see 72-pack AA and AAA batteries sitting on the shelves and in our homes. In fact, billions of batteries are used every year for key fobs, door locks, sensors, remotes, computer mice, keyboards, beacons, wearables and more.
Redefining battery life
After decades of creating ubiquitous embedded wireless connectivity, it’s time to take a fresh look at redefining battery life for wirelessly connected devices. The market requires a new vision that not only extends the lifetime, but in some cases completely eliminates our reliance on batteries.
The obvious choice to extend battery life of a device is to lower its power consumption. Through Bluetooth 5.0, along with a combination of circuit-level and system-level innovations, it is now possible to reduce the power consumption to a low enough level for energy harvesting to be a genuinely viable power source. This enables the possibility for battery life that lasts forever or battery-free devices.
When does a pipe dream become reality?
In the early days of Wi-Fi development, its range and data rates were considered to be too inferior to ever replace the Ethernet cable. Two decades later, Wi-Fi is the preferred internet connection for smart buildings and businesses. A new generation has grown up never needing an Ethernet cable; many of them don’t even know what one is. For them, Wi-Fi and Internet are synonymous. There is a similar journey ahead with forever battery or battery-free IoT devices. Bluetooth 5.0 is one of the wireless technologies that is sufficient for low data range applications that most IoT solutions fall under. As engineers continue to push the envelope of low-power design and energy harvesting, more devices and applications will benefit from significantly longer battery life and battery-free operation. Forever battery and battery-free technology enables new use cases and applications that are yet to be invented. Maybe in the near future, a new generation will grow up in a world where they will never need to change batteries.
The ultimate cost
While energy harvesting capabilities evolve for connected devices, it’s only a matter of time before forever batteries are commonplace in industrial IoT, smart commercial buildings and beyond. Meanwhile, remember that the cost of wirelessly connected devices rarely end at the initial purchase. Building managers are burdened with purchasing and replacing batteries, as well as spending hours to ensure devices are sufficiently powered. The next time a battery must be replaced, the question that will be asked is this: Do these battery-operated devices require an upgrade to a newer low power model optimized with energy harvesting?
There are compelling incentives for an organization to innovate and transform, including revenue growth, new markets, operational efficiencies, cost savings and gaining the ability to derive value from IoT data, just to name a few. While most organizations know they need to transform digitally to reap those benefits, it can be difficult to know where to start.
Digital transformation starts with a strategic plan. Once that plan is in place and you’ve selected the right development tools and platform, you’ll be ready to deliver on your digital transformation goals rapidly. The key is to think continuously and iteratively vs. thinking about a defined end to your digital transformation. You’ll never run out of ways to improve your business using technology.
Start with a strategic business and technical plan that can guide your digital experience efforts. Unlike other strategy planning processes, this should be a nimble plan that is tied specifically to the most important business goals. Five key components set organizations up for success.
- Business and Technology Alignment. Align company and team objectives and measurements.
- Customer Experience Brainstorm. Identify customer experience initiatives.
- Employee Engagement Brainstorm. Identify employee engagement initiatives.
- Channel Optimization Brainstorm. Identify partner optimization initiatives.
- Digital Initiative and Investment Summary. Produce a prioritized list of initiatives by impact and feasibility.
Align business and technology
If you have goals that cascade through your organization, you have a great starting point for step one. The idea here is to leverage any existing corporate-level strategic plans regardless of what methodology was used to drive the planning process. What’s important is that the goals reflect the organization’s primary mission. At the very top it should address major go-to-market topics like revenue, operating margins, customer growth, corporate expansion and so on. For this exercise, less is more, so simply identify the three key company objectives along with measurable results. If it can’t be measured, it can’t be a goal.
This process should be done for each major business function, including sales and marketing, products and services, finance and operations and customer service.
Brainstorming the customer experience
Since digital transformation starts with the customer, we’ll first brainstorm what we can do to improve the customer experience. Start by choosing a slogan as a guiding principle or some inspirational approach to get people in the right mindset. Next, assess customer preferences for both digital and physical interactions by doing a high-level persona evaluation. Consider their geographic location and the potential of harvesting IoT sensor data to more deeply engage them. It’s important to identity future customer considerations as well and to understand just who comprises your audience. Different generations have different preferences. Finally, consider digital opportunities at each stage of the customer journey from pre-sale, to the actual purchase process, to post-sale.
Brainstorming the employee experience
Employee engagement and customer engagement are symbiotic, with research revealing that organizations with happy, productive employees have much higher customer satisfaction ratings and profitability, plus the ability to attract and keep quality talent.
We will use an approach for employee engagement that will produce the same output as the customer experience process. I like to use an attract and retain every day approach to set the stage. Think in terms of the entire employee lifecycle, which includes branding and recruiting. Think also of innovative tools to make employees lives easier and more efficient, such as mobile field service apps that leverage sensor data to further enable productivity.
Brainstorming partner optimization
Depending on the structure of your organization, it may be important to consider your channel or partner ecosystem. Take a holistic partner ecosystem approach and consider aspects such as:
- Partner recruitment and training
- Company and partner system integration
- Partner selling and transaction support
Don’t neglect your supply chain and your sales and marketing channel. In both cases, it’s imperative to think about the entire partner lifecycle.
Digital initiative investment strategy
Before we prioritize and build a high-level timeline, it’s time to think about digital from a different perspective. This will complement the assessment that you did for customer, employee and partner.
In this exercise, you’ll consider how digital or the combination of digital and physical can be used to impact each company objective. You should include each discipline that was identified as part of the upfront corporate goal alignment step.
Next, prioritize your digital initiatives by assessing three elements: value, acceptance and risk. Plot them on a diagram like the one below where impact represents value, and success feasibility addresses both acceptance and risk into a single factor. One way to do this is to place each digital project in the appropriate quadrant, looking for initiatives that have the highest impact as well as the highest probability of success.
To be successful, participants in this exercise need to come from across the enterprise. In addition to AppDev and IT, they should include groups like sales and marketing, products and services, finance and operations and customer service. By the end of the process, you should have a clear plan for success for your organization’s digital transformation.