Why Global Warming Must Be IoT Focus for Everyone

Thanksgiving 2015I want to offer you six great reasons — five of them are seated with my wife and me in this photo — why we all should make global warming a primary focus of IoT projects for the foreseeable future.

There simply is no way to sugar-coat the grim news coming out of the Paris climate talks: even with the most dramatic limits that might be negotiated there, scientists warn we will fall short of the limits in temperature rises needed to avoid global devastation for my grandchildren — and yours.

Fortunately, the Internet of Things can and must be the centerpiece of the drastic changes that we will have to make collectively and individually to cope with this challenge:

“Perhaps one of the most ambitious projects that employ big data to study the environment is Microsoft’s Madingley, which is being developed with the intention of creating a simulation of all life on Earth. The project already provides a working simulation of the global carbon cycle, and it is hoped that, eventually, everything from deforestation to animal migration, pollution, and overfishing will be modeled in a real-time “virtual biosphere.” Just a few years ago, the idea of a simulation of the entire planet’s ecosphere would have seemed like ridiculous, pie-in-the-sky thinking. But today it’s something into which one of the world’s biggest companies is pouring serious money.”

Let me leave you with a laundry list of potential IoT uses to reduce global warming compiled by Cisco’s Dr. Rick Huijbregts:

  • Urban mobility “apps” predict how we can move from A to B in a city in the most environmental friendly manner. Real time data is collected from all modes of city transportation.
  • Using solar energy to power IT networks that in turn power heating, cooling and lighting. Consequently, reduce AC/DC conversions and avoid 70% electricity loss.
  • IP­based, and POE (Power of Ethernet) LED lighting in buildings reduced energy by 50% because of LED and another 50% because of control and automation.
  • Sensors (Internet of Things) record environmental highs and lows, as well as energy consumption. Data analytics allow us to respond in real­time and curtail consumption.
  • Real time insight in energy behaviour and consumption can turn into actionable reduction. 10% of energy reduction can be achieved by behavioural change triggered by simple awareness and education.
  • Working from home while being connected as if one were in the office (TelePresence, Cisco Spark, WebEx, just to name a few networked collaboration tools) takes cars off the road.
  • Grid modernization by adding communication networks to the electrical grid to allow for capacity and demand management.
  • Planning, optimizing, and redirecting transportation logistics based on algorithms, real­time weather and traffic data, and streamlined and JIT shipment and delivery schedules.

These are all great challenges and offer the potential for highly profitable IoT solutions.  For the sake of my six grandchildren, let’s get going!

I’ll Speak Twice at Internet of Things Global Summit Next Week

I always love the Internet of Things Global Summit in DC because it’s the only IoT conference I know of that places equal emphasis on both IoT technology and public policy, especially on issues such as security and privacy.

At this year’s conference, on the  26th and 27th, I’ll speak twice, on “Smart Aging” and on the IoT in retailing.

2015_IoT_SummitIn the past, the event was used to launch major IoT regulatory initiatives by the FTC, the only branch of the federal government that seems to really take the IoT seriously, and understand the need to protect personal privacy and security. My other fav component of last year’s summit was Camgian’s introduction of its Egburt, which combines “fog computing,” to analyze IoT data at “the edge,” and low power consumption. Camgian’s Gary Butler will be on the retail panel with me and with Rob van Kranenburg, one of the IoT’s real thought leaders.

This year’s program again combines a heady mix of IoT innovations and regulatory concerns. Some of the topics are:

  • The Internet of Things in Financial Services and the Insurance sector (panel includes my buddy Chris Rezendes of INEX).
  • Monetizing the Internet of Things and a look at what the new business models will be
  • The Connected Car
  • Connected living – at home and in the city
  • IoT as an enabler for industrial growth and competition
  • Privacy in a Connected World – a continuing balancing act

The speakers are a great cross-section of technology and policy leaders.

There’s still time to register.  Hope to see you there!

 

 

The IoT Will Reinvent Replacement Parts Industry

Of all the Internet of Things’ revolutionary impacts on industry, perhaps none will be as dramatic as on replacement parts, where it will team with 3-D printing to reduce service time, inventory and costs.

I came to that realization circuitously, upon noticing Warren Buffett’s blockbuster purchase of Precision Castparts, the major precision parts supplier to the aeronautics industry.  Having read last year about yet another breakthrough innovation by Elon Musk, i.e., the first totally 3-D printed rocket engines, I was curious to see what Precision was doing in that area.  Unless my search of their website was flawed, the answer is zip, and that suggests to me that Buffett, who famously once said he doesn’t invest in technology because he doesn’t understand it, may have just bought …. a rather large dinosaur.

I noticed that one of Precision’s biggest customers is GE, which not only is using 3-D jet fuel nozzles on its engines but also ran a high-profile contest to design a 3-D printed engine mount that was open to you, me and the kids trying out the new 3-D printer at our little town’s library (note to Mr. Buffett: might be good to schedule a sit-down with Jeff Immelt before one of your biggest customers takes things in-house). As I’ve written before, not only is GE a world leader in the IoT and 3-D printing, but also in my third magic bullet, nanotech: put all three together, and you’re really talking revolution!

OK, I know 3-D printing is sloow (in its current state), so it’s unlikely to replace traditional assembly lines at places such as Precision Castparts for large volumes of parts, but that doesn’t mean it won’t rapidly replace them in the replacement parts area.  I talked to a friend several years ago whose biz consists of being a broker between power plants that need replacement parts yesterday and others with an excess on hand, and couldn’t help thinking his days were numbered, because it was predicated on obsolete technology — and thinking.

Think of how the combined strengths of the IoT and 3-D printing can help a wide range of industries get replacement parts when and where they need them, and at potentially lower cost:

  • sensors in IoT-enabled devices will give advance notice of issues such as metal fatigue, so that repairs can be done sooner (“predictive maintenance“), with less disruption to normal routine, cheaper and reducing the chance of catastrophic failure.
  • because data can be shared on a real-time by not only your entire workforce, but also your supply chain, you can automate ordering of replacement parts.
  • perhaps most important, instead of a supplier having to maintain a huge inventory of replacement parts on the possibility they may be needed, they can instead be produced only when needed, or at least with a limited inventory (such as replacing a part in inventory as one is ordered). This may lead to “re-shoring” of jobs, because you will no longer have to deal with a supplier on the other side of the globe: it might be in the next town, and the part could be delivered as soon as printed, saving both delay and money.
  • your company may have your own printer, and you will simply pay the OEM for the digital file to print a part in-house, rather than having to deal with shipping, etc.

And, as I mentioned in the  earlier post about GE’s leadership in this area, there are other benefits as well:

  • “We’ll no longer do subtractive processes, where a rough item is progressively refined until it is usable.  Instead, products will be built atom-by-atom, in additive processes where they will emerge exactly in the form they’re sold.
  • “Products will increasingly be customized to the customer’s exact specifications. The products will be further fine-tuned based on a constant flow of data from the field about how customers actually use them.”

Sooo, Mr. Buffett, it’s time that you come to terms with 21-st century technology or Berkshire Hathaway’s financial slide may continue.

 

Give It Up, People: Government Regulation of IoT Is Vital

Could this be the incident that finally gets everyone in the IoT industry to — as I’ve said repeatedly in the past — make privacy and security Job 1 — and to drop the lobbying groups’ argument that government regulation isn’t needed? 

I hope so, because the IoT’s future is at stake, and, frankly, not enough companies get it.

I’m referring to the Chrysler recall last week of 1.4 million Jeeps for a security patch after WIRED reported on an experiment in which two white-hat hackers remotely disabled a Jeep on an Interstate from miles away, exploiting a vulnerable link between its entertainment and control systems.  Put yourself in the place of reporter Andy Greenberg, then tell me with a straight face that you wouldn’t be out of your mind if this happened to you:

“As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.

“You’re doomed!” Valasek [one of the hackers] shouted, but I couldn’t make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.”

OK: calm down, get a cool drink, and, when your Apple Watch says your heart beat has returned to normal, read on….

But, dear reader, our industry’s leaders, assumedly knowing the well-publicized specifics of the Chrysler attack, had the hubris to still speak at a hearing of the Internet Subcommittee of the House of Representatives Judiciary Committee last week and claim (according to CIO) that that government regulation of the IoT industry wasn’t needed.

CEA CEO Gary Shapiro said in calling for government “restraint”:

“It’s up to manufacturers and service providers to make good decisions about privacy and security, or they will fail in the marketplace….. Industry-driven solutions are best to promote innovation while protecting consumers.”

Sorry, Gary: if someone dies because their Jeep got spoofed, the survivors’ attorneys won’t be content with the company’s failure in the marketplace.

There are some important collaborative efforts to create privacy and security standards for the IoT, such as the AllSeen Alliance. However, as I’ve written before, there are also too many startups who defer building in privacy and security protections until they’ve solved their technology needs, and others, most famously TRENDnet, who don’t do anything at all, resulting in a big FTC fine.  There are simply too many examples of hackers using the Shodan site to hack into devices, not to mention academics and others who’ve showed security flaws that might even kill you if exploited.

One local IoT leader, Paddy Srinivasan of LoMein, gets it, as reported today by the Boston Globe‘s Hiawatha Bray:

“‘I think it is a seminal moment…. These new devices need a fresh approach and a new way of thinking about security, and that is the missing piece.'”

But it’s too late to just talk about self-policing.

Massachusetts’ own Ed Markey and his Connecticut counterpart, Richard Blumenthal, have called the associations’ bluff, and filed legislation, The Security and Privacy in Your Car Act (AKA SPY Car, LOL)  that would require the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to secure cars and protect drivers’ privacy. It would also create a rating system — or “cyber dashboard”— telling drivers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards. This comes in the wake of the Markey study I reported on last Winter documenting car companies’ failure to build in adequate cyber-hacking protections.

Guess what, folks?  This is only the beginning.  Probably the only thing I’ve ever agreed with Dick Cheney on (ok, we agree it’s cool to have been born in Wyoming and that Lynne Cheney is a great writer), is that it wouldn’t be cool for the Veep to have his pacemaker hacked, so you can bet there will be legislation and regulations soon governing privacy and security for wearables as well.

As I’ve said before, I come at this issue differently from a lot of engineers, having earned my keep for many years doing crisis management for Fortune 100 companies that bet the farm by doing dumb things that could destroy public trust in them overnight. Once lost, that trust is difficult, if not impossible, to regain.  Even worse, in this case, cavalier attitudes by even one IoT company, if the shock value of the results is great enough, could make everyone in the industry suffer.

So, if you’re arguing for no regulation of the IoT industry, I have just one suggestion: shut up,clean up your act and take a positive role in shaping regulations that would be performance-based, not prescriptive: the horse has already left the barn.

Now I have to check my Apple Watch to see when my heart rate will get back to normal.

 

McKinsey IoT Report Nails It: Interoperability is Key!

I’ll be posting on various aspects of McKinsey’s new “The Internet of Things: Mapping the Value Beyond the Hype” report for quite some time.

First of all, it’s big: 148 pages in the online edition, making it the longest IoT analysis I’ve seen! Second, it’s exhaustive and insightful. Third, as with several other IoT landmarks, such as Google’s purchase of Nest and GE’s divestiture of its non-industrial internet division, the fact that a leading consulting firm would put such an emphasis on the IoT has tremendous symbolic importance.

McKinsey report — The IoT: Mapping the Value Beyond the Hype

My favorite finding:

“Interoperability is critical to maximizing the value of the Internet of Things. On average, 40 percent of the total value that can be unlocked requires different IoT systems to work together. Without these benefits, the maximum value of the applications we size would be only about $7 trillion per year in 2025, rather than $11.1 trillion.” (my emphasis)

This goes along with my most basic IoT Essential Truth, “share data.”  I’ve been preaching this mantra since my 2011 book, Data Dynamite (which, if I may toot my own horn, I believe remains the only book to focus on the sweeping benefits of a paradigm shift from hoarding data to sharing it).

I was excited to see that the specific example they zeroed in on was offshore oil rigs, which I focused on in my op-ed on “real-time regulations,” because sharing the data from the rig’s sensors could both boost operating efficiency and reduce the chance of catastrophic failure. The paper points out that there can be 30,000 sensors on an rig, but most of them function in isolation, to monitor a single machine or system:

“Interoperability would significantly improve performance by combining sensor data from different machines and systems to provide decision makers with an integrated view of performance across an entire factory or oil rig. Our research shows that more than half of the potential issues that can be identified by predictive analysis in such environments require data from multiple IoT systems. Oil and gas experts interviewed for this research estimate that interoperability could improve the effectiveness of equipment maintenance in their industry by 100 to 200 percent.”

Yet, the researchers found that only about 1% of the rig data was being used, because it rarely was shared off the rig with other in the company and its ecosystem!

The section on interoperability goes on to talk about the benefits — and challenges — of linking sensor systems in examples such as urban traffic regulation, that could link not only data from stationary sensors and cameras, but also thousands of real-time feeds from individual cars and trucks, parking meters — and even non-traffic data that could have a huge impact on performance, such as weather forecasts.  

While more work needs to be done on the technical side to increase the ease of interoperability, either through the growing number of interface standards or middleware, it seems to me that a shift in management mindset is as critical as sensor and analysis technology to take advantage of this huge increase in data:

“A critical challenge is to use the flood of big data generated by IoT devices for prediction and optimization. Where IoT data are being used, they are often used only for anomaly detection or real-time control, rather than for optimization or prediction, which we know from our study of big data is where much additional value can be derived. For example, in manufacturing, an increasing number of machines are ‘wired,’ but this instrumentation is used primarily to control the tools or to send alarms when it detects something out of tolerance. The data from these tools are often not analyzed (or even collected in a place where they could be analyzed), even though the data could be used to optimize processes and head off disruptions.”

I urge you to download the whole report. I’ll blog more about it in coming weeks.

Sensors remain critical to spread of Internet of Things

What happens with sensor design, cost, and security remains front-and-center with the Internet of Things, no matter how much we focus on advanced analytical tools and the growing power of mobile devices.

That’s because, on one hand, truly realizing the IoT’s full potential will require that at least some sensors get to the low-power, tiny size and cheap costs needed to realize Kris Pister’s dream of “smart dust” sensors that can be strewn widely.

On the other hand, there’s the chance that low-end sensors that don’t include adequate security firmware can’t keep up with the changing nature of security risks and may give hackers access to the entire network, with potentially disastrous effects.

That’s why several reports on sensors caught my eye.

PWC released a report, Sensing the Future of the Internet of Things, zeroing in on sensor sales as a proxy for increased corporate investment in the IoT, and concluding that by that measure, “the IoT movement is underway.” Based on its 2014 survey of 1,500 business and technology leaders worldwide, there was one eye-popping finding: the US lags behind the entire rest of the world in planned spending on sensors this year: 26% of Asian and almost as many from South America (percentage not given)  followed closely by Africa, with 18%.  The surprising laggards? Europe with 8% and North America, dead last at only 7%.  Hello?????

Equally interesting was the company’s listing of the industry segments leading the deployment of sensors and examples of the sensors they’re using:

  • Energy & Mining: 33%. “Sensors continuously monitor and detect dangerous carbon monoxide levels in mines to improve workplace safety.”
  • Power and Utilities: 32%.  Instead of the old one-way metering, “Internet-connected smart meters measure power usage every 15 minutes and provide feedback to the power consumer, sometimes automatically adjusting the system’s parameters.”
  • Automotive: 31%.  “Sensors and beacons embedded in the road working together with car-based sensors are used for hands-free driving, traffic pattern optimization and accident avoidance.”
  • Industrial: 25%. “A manufacturing plant distributes plant monitoring and optimization tasks across several remote, interconnected control points. Specialists once needed to maintain, service and optimize distributed plant operations are no longer required to be physically present at the plant location, providing economies of scale.”
  • Hospitality: 22%. “Electronic doorbells silently scan hotel rooms with infrared sensors to detect body heat, so the staff can clean when guests have left the room.”
  • Health Care: 20%. “EKG sensors work together with patients’ smartphones to monitor and transmit patient physical environment and vital signs to a central cloud-based system.”
  • Retail: 20%. “Product and shelf sensors collect data throughout the entire supply chain—from dock to shelf. Predictive analytics applications process this data and optimize the supply chain.”
  • Entertainment: 18%. “In the gaming world, companies use tracking sensors to transfer the movements of users onto the screen and into the action.”
  • Technology: 17%. “Hardware manufacturers continue to innovate by embedding sensors to measure performance and predict maintenance needs before they happen.”
  • Financial Services: 13%. “Telematics allows devices installed in the car to transmit data to drivers and insurers. Applications like stolen vehicle recovery, automatic crash notification, and vehicle data recording can minimize both direct and indirect costs while providing effective risk management.”

The surprises there were that health care penetration was so low, especially because m-health can be so helpful in diagnosis and treatment, while the examples of telematics seemed off the mark in the financial services category. Why not examples such as ApplePay?

More compelling were the relatively high rates of sensor deployment in high-stakes fields such as energy, utilities, and automotive: those are such huge industries, and the benefits of real-time data are so compelling that they show the IoT is really maturing.

Finally, the percentage of companies investing in sensors grew slightly, from 17% to 20%, with 25%of what PWC labels “Top Performers” are investing in them compared to 18% the previous year. Surprisingly, most companies don’t get it about sensors’ importance: only “14% of respondents said sensors would be of the highest strategic importance to their organizations in the next 3–5 years, as compared to other emerging technologies.”

Most important, 54% of those “Top Performers” said they’d invest in sensors this year.


 

Sensors’ promise as the size decreases — radically — and functionality increases was highlighted by The Guardian.  It focused on PragmaticIC Printing, a British firm that prints tiny, hairlike sensors on plastics. CEO Scott White’s hope is that:

” the ultra-thin microcircuits will soon feature on wine bottles to tell when a Chablis is at the perfect temperature and on medication blister packs to alert a doctor if an elderly patient has not taken their pills.

“With something which is slimmer than a human hair and very flexible, you can embed that in objects in a way that is not apparent to the user until it is called upon to do something. But also the cost is dramatically lower than with conventional silicon so it allows it to be put in products and packaging that would never justify the cost of a piece of normal electronics,” said White.

 

These uses certainly meet my test of real innovation: what can you do that you couldn’t do before. Or, as White puts it, “It is the combination of those factors [price and size] which allows us to start thinking about doing things with this which wouldn’t even be conceivable with conventional silicon based electronics.”

Another article that really caught my eye regarded a new category of “hearable” — and perhaps even, more radically, “disappearables” –sensors which the headline boldly predicted “As Sensors Shrink, Wearables Will Dis-appear.” But they were barely here in the first place, LOL!  The article mentioned significant breakthroughs in reducing sensors’ size and energy requirements, as well as harvesting ambient energy produced by sources such as bodily movement:

“Andrew Sheehy of Generator Research calculates that, for example, the heat in a human eyeball could power a 5 milliwatt transmitter – more than enough, he says, to power a connection from a smart contact lens to a smartphone or other controlling device.”

 The same article mentioned some cutting-edge research such as a Google/Novartis collaboration to measure glucose levels in tears via a contact lense, and an edible embedded microchip — the size of a grain of sand — and powered by stomach juices, which would transmit data by Bluetooth.
Elsewhere, a sampling of sensor design breakthroughs in recent months show the potential for radical reductions in costs and energy needs as well as increased sensitivity and data yield:

HOWEVER, as I said above, here’s what worries me. Are developers paying enough attention to security and privacy? That could be a real downfall for the IoT, since many sensors tend to be in place for years, and the nature of security challenges can change dramatically during that time.  Reducing price can’t be at the expense of security.

Let me know what steps you’re taking to boost sensor security, and I’ll mention them in a future post!

FTC report provides good checklist to design in IoT security and privacy

FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

The #IoT Can Kill You! Got Your Attention? Car Security a Must

The Internet of Things can kill you.

Got your attention? OK, maybe this is the wake-up call the IoT world needs to make certain that privacy and security are baked in, not just afterthoughts.

Markey_IoT_car_reportI’ve blogged before about how privacy and security must be Job 1, but now it’s in the headlines because of a new report by our Mass. Senator, Ed Markey (Political aside: thanks, Ed, for more than 30 years of leadership — frequently as a voice crying in the wilderness — on the policy implications of telecomm!), “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” about the dangers of not taking the issues seriously when it comes to smart cars.

I first became concerned about this issue when reading “Look Out, He’s Got an Phone,!” (my personal nominee for all-time most wry IoT headline…), a litany of all sorts of horrific things, such as spoofing the low air-pressure light on your car so you’ll pull over and the Bad Guys can get it would stop dead at 70 mph,  that are proven risks of un-encrypted automotive data.  All too typical was the reaction of Schrader Electronics, which makes the tire sensors:

“Schrader Electronics, the biggest T.P.M.S. manufacturer, publicly scoffed at the Rutgers–South Carolina report. Tracking cars by tire, it said, is ‘not only impractical but nearly impossible.’ T.P.M.S. systems, it maintained, are reliable and safe.

“This is the kind of statement that security analysts regard as an invitation. A year after Schrader’s sneering response, researchers from the University of Washington and the University of California–San Diego were able to ‘spoof’ (fake) the signals from a tire-pressure E.C.U. by hacking an adjacent but entirely different system—the OnStar-type network that monitors the T.P.M.S. for roadside assistance. In a scenario from a techno-thriller, the researchers called the cell phone built into the car network with a message supposedly sent from the tires. ‘It told the car that the tires had 10 p.s.i. when they in fact had 30 p.s.i.,’ team co-leader Tadayoshi Kohno told me—a message equivalent to ‘Stop the car immediately.’ He added, ‘In theory, you could reprogram the car while it is parked, then initiate the program with a transmitter by the freeway. The car drives by, you call the transmitter with your smartphone, it sends the initiation code—bang! The car locks up at 70 miles per hour. You’ve crashed their car without touching it.’”

Hubris: it’ll get you every time….

So now Senator Markey lays out the full scope of this issue, and it should scare the daylights out of you — and, hopefully, Detroit! The report is compiled on responses by 16 car companies (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo — hmm: one that didn’t respond was Tesla, which I suspect [just a hunch] really has paid attention to this issue because of its techno leadership) to letters Markey sent in late 2013. Here are the damning highlights from his report:

“1. Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.

2. Most automobile manufacturers were unaware of or unable to report on past hacking incidents.

3. Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.

4. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. (my emphasis)

5. Automobile manufacturers collect large amounts of data on driving history and vehicle performance.

6. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.

7. Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.

8. Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

In short, the auto industry collects a lot of information about us, and doesn’t have a clue how to manage or protect it.

I’ve repeatedly warned before that one of the issues technologists don’t really understand and/or scoff at, is public fears about privacy and security. Based on my prior work in crisis management, that can be costly — or fatal.

This report should serve as a bit of electroshock therapy to get them (and here I’m referring not just to auto makers but all IoT technologists: it’s called guilt by association, and most people tend to confabulate fears, not discriminate between them. Unless everyone in IoT takes privacy and security seriously, everyone may suffer the result [see below]) to realize that it’s not OK, as one of the speakers at the Wearables + Things conference said, that “we’ll get to privacy and security later.” It’s got to be a priority from the get-go (more about this in a forthcoming post, where I’ll discuss the recent FTC report on the issue).

I’ve got enough to worry about behind the wheel, since the North American Deer Alliance is out to get me. Don’t make me worry about false tire pressure readings.


PS: there’s another important issue here that may be obscured: the very connectedness that is such an important aspect of the IoT. Remember that the researchers spoofed the T.P.M.S. system not through a frontal assault, but by attacking the roadside assistance system? It’s like the way Target’s computers were hacked via a small company doing HVAC maintenance. Moral of the story? No IoT system is safe unless all the ones linking to it are safe.  For want of a nail … the kingdom was lost!

Another Personal IoT Story: my next car will have auto braking

Posted on 16th January 2015 in automotive, Essential Truths, transportation

Sorry to burden you with another personal Internet of Things story, especially since this one’s nowhere near as nice as how car_crashsmart sockets made peace in my house!

For the second time in less than a month, I was hit by a deer at night on Rt. 27 in Medfield, MA. If you know our area, its in the outer suburbs, and plagued by deer, who are mating at this time of year, and are absolutely nuts. Two hours later, I’m still shaking, and extremely lucky to have escaped a serious injury.

I don’t know if  it would have avoided a collision, because they were running sooo fast, but you can be sure that my next car with be a smart one, with sensors and an automatic braking system like the ones on TMercedes, BMWs and high-end Hyundai‘s.  Here’s something where the smart version wouldn’t just simplify something, but would observe one of my “Essential Truths” of the IoT, “what can you do now that you couldn’t do before.”

No driver who was focused on the road ahead could have possibly seen these deer rushing out of the pitch-black woods on the other side of the road (or, if he did, he would have crashed into something else because of taking his eyes off the road), but a motion-sensor coupled to the brakes would have detected motion in time to apply the brakes and maybe avoid the crash.

Tonight was one of the most traumatic events of my life, between the accident and the first time I’ve ever heard a gunshot up close, as the police put the doe out of her misery. If I can invest in IoT technology to avoid it happening again, I’ll be at the head of the line!

Lifting the Veil After the Sale: another IoT “Essential Truth”

Count me among those who believe the Internet of Things will affect every aspect of corporate operations, from manufacturing to customer relations.

Perhaps one of the most dramatic impacts will be on the range of activities that take place after the sale, including maintenance, product liability, product upgrades and customer relations.

In the past, this has been a prime example of the “Collective Blindness” that afflicted us before the IoT, because we basically had no idea what happened with our products once they left the factory floor.

In fact, what little data we did have probably served to distort our impressions of how products were actually used. Because there was no direct way to find out how the products were actually used, negative data was probably given exaggerated weight: we heard negative comments (warrantee claims, returns, liability lawsuits, etc.), loud and clear, but there was no way to find out how the majority of customers who were pleased with their products used them.

That has all changed with the IoT.

Now, we have to think about products  in totally new ways to capitalize on the IoT, and I think this merits another “Essential Truth” about the IoT:

Everything is cyclical.

Think about products — and industrial processes in general — in the old industrial system. Everything was linear: perhaps best exemplified by Henry Ford’s massive River Rouge Complex, the world’s largest integrated factory, and the epitome of integrated production.

Ford River Rouge Complex

“Ford was attempting to control and coordinate all of the necessary resources to produce complete automobiles.  Although Ford’s vision was never completely realized, no one else has come so close, especially on such a large scale.  His vision was certainly a success, one indication of this is the term Fordism, which refers to his style of mass-production, characterized by vertical integration, standardized products and assembly-line production”

At “The Rouge,” raw materials (literally: it had its own coke ovens and foundry!)  flowed in one side, and completed cars flowed out the other, bound for who knows where. Once the cars were in customers’ hands, the company’s contact was limited to whatever knowledge could be gleaned from owners’ visits to dealers’ service departments, irate calls from customers who had problems, and (in later days) safety recalls and/or multi-million dollar class-action lawsuits.

That linear thinking led to a terrible example of the “Collective Blindness” phenomenon that I’ve written about in the past: who knew how customers actually thought about their Model T’s? How did they actually drive them? Were there consistent patterns of performance issues that might not have resulted in major problems, but did irritate customers?

Sure, you could guess, or try to make inferences based on limited data, but no one really knew.

Fast forward to the newest auto manufacturer, Tesla, and its factory in Fremont, California (aside: this massive building — Tesla only uses a portion, used to be the NUMMI factory, where Chevy built Novas and Toyota built Corollas. Loved the perceptual irony: exactly the same American workers built mechanically identical cars [only the sheet metal varied] but the Toyotas commanded much higher prices, because of the perception of “Japanese quality.” LOL. But I digress….).

Tesla doesn’t lose track of its customers once the cars leave the plant.

Tesla assembly line

In fact, as I’ve written before, these “iPhones on wheels” are part of a massive cyclical process, where the cars’ on-board communications constantly send back data to the company about how the cars are actually doing on the road. And, when need be, as I mentioned in that prior post, the company was able to solve a potentially dangerous problem by simply sending out a software patch that was implemented while owners slept, without requiring customer trips to a repair shop!

I imagine that the company’s design engineers also pour over this data to discern patterns that might indicate elements of the physical design to tweak as well.

Of course, what would a blog post by me about IoT paradigm shifts be without a gratuitous reference to General Electric and its Durathon battery plant (aside to GE accounting: where should I send my W-9 and invoice so you can send me massive check for all the free PR I’ve given you? LOL)?

I can’t think of a better example of this switch to cyclical thinking:

  • including sensors into the batteries at the beginning of the production process rather than slapping them on at the end means that the company is actually able to monitor, and fine tune, the manufacturing process to optimize the critical chemical reaction. The same data allows the workers to remove defective batteries from the assembly line, so that every battery that ships works.
  • once in the field (and, remember: these batteries are deployed in incredibly remote areas where it might take days for a repair crew to reach and either service or repair them) the same sensors send back data on how the batteries are functioning. I don’t know about the specifics in the case of these batteries, but GE has actually created new revenue streams with other continuously-monitored devices by selling this data to customers who can use it (because the data is shared on a real-time basis, not just historically) to optimize performance.

Elsewhere, as I’ve mentioned before, General Electric’s William Ruh has said that being able to lift the veil of “Collective Blindness” through feedback from how customers actually use their products has even revolutionized their product design process:

“… G.E. is adopting practices like releasing stripped-down products quickly, monitoring usage and rapidly changing designs depending on how things are used by customers. These approaches follow the ‘lean start-up’ style at many software-intensive Internet companies. “’We’re getting these offerings done in three, six, nine months,’ he (Ruh) said. ‘It used to take three years.’”

Back in the ’90’s, I used to lecture and consult on what I called “Natural Wealth,” a paradigm shift in which we’d find all the inspiration we needed for an information-based economy in a table-top terrarium that embodies billion-year-old  principles of nature:

  • embrace chaos, don’t try to control it. (i.e., use open systems rather than proprietary ones)
  • create symbiosis: balance competition with cooperation (IFTTT.com, where you release your APIs to create synergistic mashups with others).
  • close the loop.

With the IoT, we can finally put that last principle into practice, substituting cyclical processes for linear ones.  At long last, the “systems dynamics” thinking pioneered by Jay Forrester and his disciple, Peter Senge, can become a reality. Here’s a closing tip to make that possible: in addition to SAP’s HANA or other analytics packages, look to systems dynamics software such as isee systems’  iThink to model your processes and transform linear into cyclical ones. Now get going: close the loop!