More Blockchain Synergies With IoT: Supply Chain Optimization

The more I learn about blockchain’s possible uses — this time for supply chains — the more convinced I am that it is absolutely essential to full development of the IoT’s potential.

I recently raved about blockchain’s potential to perhaps solve the IoT’s growing security and privacy challenges. Since then, I’ve discovered that it can also further streamline and optimize the supply chain, another step toward the precision that I think is such a hallmark of the IoT.

As I’ve written before, the ability to instantly share (something we could never do before) real-time data about your assembly line’s status, inventories, etc. with your supply chain can lead to unprecdented integration of the supply chain and factory, much of it on a M2M basis without any human intervention. It seems to me that the blockchain can be the perfect mechanism to bring about this synchronization.

A brief reminder that, paradoxically, it’s because blockchain entries (blocks) are shared, and distributed (vs. centralized) that it’s secure without using a trusted intermediary such as a bank, because no one participant can change an entry after it’s posted.

Complementing the IBM video I included in my last post on the subject, here’s one that I think succinctly summarizes blockchain’s benefits:

A recent LoadDelivered article detailed a number of the benefits from building your supply chain around blockchain. They paralleling the ones I mentioned in my prior post regarding its security benefits, of using blockchain to organize your supply chain (with some great links for more details):

  • “Recording the quantity and transfer of assets – like pallets, trailers, containers, etc. – as they move between supply chain nodes (Talking Logistics)
  • Tracking purchase orders, change orders, receipts, shipment notifications, or other trade-related documents
  • Assigning or verifying certifications or certain properties of physical products; for example determining if a food product is organic or fair trade (Provenance)
  • Linking physical goods to serial numbers, bar codes, digital tags like RFID, etc.
  • Sharing information about manufacturing process, assembly, delivery, and maintenance of products with suppliers and vendors.”

That kind of information, derived from real-time IoT sensor data, should be irresistible to companies compared to the relative inefficiency of today’s supply chain.

The article goes on to list a variety of benefits:

  • “Enhanced Transparency. Documenting a product’s journey across the supply chain reveals its true origin and touchpoints, which increases trust and helps eliminate the bias found in today’s opaque supply chains. Manufacturers can also reduce recalls by sharing logs with OEMs and regulators (Talking Logistics).
  • Greater Scalability. Virtually any number of participants, accessing from any number of touchpoints, is possible (Forbes).
  • Better Security. A shared, indelible ledger with codified rules could potentially eliminate the audits required by internal systems and processes (Spend Matters).
  • Increased Innovation. Opportunities abound to create new, specialized uses for the technology as a result of the decentralized architecture.”

Note that it the advantages aren’t all hard numbers, but also allowing marketing innovations, similar to the way the IoT allows companies to begin marketing their products as services because of real-time data from the products in the field. In the case of applying it to the supply chain (food products, for example), manufacturers could get a marketing advantage because they could offer objective, tamper-proof documentation of the product’s organic or non-GMO origins. Who would have thought that technology whose primary goal is increasing operating efficiency could have these other, creative benefits as well?

Applying  blockchain to the supply chain is getting serious attention, including a pilot program in the Port of Rotterdam, Europe’s largest.  IBM, Intel, Cisco and Accenture are among the blue-chip members of Hyperledger, a new open source Linux Foundation collaboration to further develop blockchain. Again, it’s the open source, decentralized aspect of blockchain that makes it so effective.

Logistics expert Adrian Gonzalez is perhaps the most bullish on blockchain’s potential to revolutionize supply chains:

“the peer-to-peer, decentralized architecture of blockchain has the potential to trigger a new wave of innovation in how supply chain applications are developed, deployed, and used….(becoming) the new operating system for Supply Chain Operating Networks

It’s also another reminder of the paradoxical wisdom of one of my IoT “Essential Truths,” that we must learn to ask “who else could share this information” rather than hoarding it as in the past. It is the very fact that blockchain data is shared that means it can’t be tampered with by a single actor.

What particularly intrigues me about widespread use of blockchain at the heart of companies’ operations and fueled by real-time data from IoT sensors and other devices is that it would ensure that privacy and security, which I otherwise fear would always be an afterthought, would instead be inextricably linked with achieving efficiency gains. That would make companies eager to embrace the blockchain, assuring their attention to privacy and security as part of the deal. That would be a definite win-win.

Blockchain must definitely be on your radar in 2017.

 

Lo and behold, right after I posted this, news that WalMart, the logistics savants, are testing blockchain for supply chain management!

 

IoT Intangibles: Increased Customer Loyalty

There are so many direct, quantifiable benefits of the IoT, such as increased quality (that 99.9988% quality rate at Siemens’s Amberg plant!) and precision, that we may forget there are also potential intangible benefits.

Most important of those is customer loyalty, brought about by dramatic shifts both in product designs and how they are marketed.

Much of this results from the IoT lifting the veil of Collective Blindness to which I’ve referred before: in particular, our prior inability to document how products were actually used once they left the loading dock. As I’ve speculated, that probably meant that manufacturers got deceptive information about how customers actually used products and their degree of satisfaction. The difficulty of getting feedback logically meant that those who most liked and most hated a product were over-represented: those who kinda liked it weren’t sufficiently motivated to take the extra steps to be heard.

Now, by contrast, product designers, marketers, and maintenance staffs can share (that critical verb from my Circular Company vision!) real-time data about how a product is actually operating in the field, often from a “digital twin” they can access right at their desks.

Why’s that important?

It can give them easy insights (especially if those different departments do access and discuss the data at the same time, each offering its own unique perspectives, on issues that will build customer loyalty:

  • what new features can we add that will keep them happy?
  • can we offer upgrades such as new operating software (such as the Tesla software that was automatically installed in every single car and avoided a recall) that will provide better customer experiences and keep the product fresh?
  • what possible maintenance problems can we spot in their earliest stages, so we can put “predictive maintenance” services into play at minimal cost and bother to the customer?

I got interested in this issue of product design and customer loyalty while consulting for IBM in the 9o’s, when it introduced the IBM PS 2E (for Energy & Environmental), a CES best-of-show winner in part because of its snap-together modular design. While today’s thin-profile-at-all-costs PC and laptop designs have made user-friendly upgrades a distant memory, one of the things that appealed to me about this design was the realization that if you could keep users satisfied that they were on top of  new developments by incremental substitution of new modules, they’d be more loyal and less likely to explore other providers.

In the same vein, as GE has found, the rapid feedback can dramatically speed upgrades and new features. That’s important for loyalty: if you maintain a continuing interaction with the customer and anticipate their demands for new features, they’ll have less reason to go on the open market and evaluate all of your competitors’ products when they do want to move up.

 

Equally important for customer loyalty is the new marketing options that the continuous flow of real-time operating data offer you. For a growing number of companies, that means they’re no longer selling products, but leasing them, with the price based on actual customer usage: if it ain’t bein’ used, it ain’t costing them anything and it ain’t bringing you any revenue!

Examples include:

  • jet turbines which, because of the real-time data flow, can be marketed on the basis of thrust generated: if it’s sitting on the ground, the leasee doesn’t pay.  The same real-time data flow allows the manufacturer to schedule predictive maintenance at the earliest sign of a problem, reducing both its cost and the impact on the customer.
  • Siemens’s Mobility Services, which add in features such as 3-D manufactured spare parts that speed maintenance and reduced costs, keeping the trains running.
  • Philips’s lighting services, which are billed on the basis of use, not sold.
  • SAP’s prototype smart vending machine, which (if you opt in) may offer you a special discount based on your past purchasing habits.

At its most extreme is Caterpillar’s Reman process, where the company takes back and remanufactures old products, giving them a new life — and creating new revenues — when competitors’ products are in the landfill.

Loyalty can also be a benefit of IoT strategies for manufacturers’ own operations as well. Remember that the technological obstacles to instant sharing of real-time data have been eliminted for the supply chain as well. If you choose to share it, your resupply programs can also be automatically triggered on a M2M basis, giving an inherent advantage to the domestic supplier who can get the needed part there in a few hours, versua the low-cost supplier abroad who may take weeks to reach your loading dock.

It may be harder to quantify than quality improvements or streamlined production through the IoT, but that doesn’t mean that dependable revenue streams from loyal customers aren’t an important potential benefit as well.

Amazon Echo: great tech present for your tech-averse parents!

Never let it be said that I get serious about my Christmas shopping until about this date!

This year, my major suggestion is about a product that it took me a full year to buy after my mother-in-law of a certain age sent last Christmas’s check: never let it be said that I rush into purchases of any kind (I should explain that I’m like the Beacon Hill Brahmin lady who explained to a New York counterpart asking where she bought her hat: “We don’t buy hats. We have hats.” Similarly, I try to avoid buying absolutely anything: I just have what I absolutely need. A strange and complex bird, I am …).

The item in question? An Amazon Echo, which, characteristically, I bought refurbished for $50 off!

Amazon Echo

Amazon Echo

That leads me to a last-minute suggestion for an unlikely use of said Echo: introducing your tech-averse parent to the benefits of smart home and Quantified Self technology (AKA my “SmartAging” paradigm to keep seniors healthy and in their own homes instead of an institution).

 As I wrote a year ago, I think the neatest thing about the Echo in that regard (and, to a lesser extent, other voice-controlled IoT devices, although they’re handicapped because they just don’t have Alexa’s quick response time and already huge and constantly growing list of “skills) is that you don’t need to know any technology to use it: you just say “Alexa:….” and she does it!

While I knew the Echo had gone far beyond its original use to stream music, I had no idea until I bought it how robust and rapidly-growing it’s “skills” have become, and that it’s really a full-fledged smart home hub (why buy a dedicated hub that just sits there and doesn’t provide any of the Echo’s other benefits? Got me..).  It’s hard to keep up, but a recent Turbo Future article, “Amazon Echo: 15 Best New Features,” gives a pretty good overview, and it seems to me that most of them involve various services that can make it a lot easier, and definitely more enjoyable, for aging parents to continue to live in and manage their homes (although some judicious Christmas morning set-up by adult children may be in order for those seniors who avoid technology like the plague), because all you have to do is talk and listen! They’ll appreciate Alexa even more if their hands are full, which is often the case in the kitchen.

Here are a few of my favorites:

  • shopping lists: my wife doesn’t share my love of gadgetry, but we both love this simple service.  Say “Alexa, add flour to my shopping list,” and it’s instantly on the Alexa app on your phone, to pull out at the supermarket. As someone who dutifully makes shopping lists and then always forgets them, that’s worth the service alone.  I won’t buy my household staples from Amazon because, despite the savings, I don’t like the ecological impact that specialized service causes, but if that’s not an issue for you, you can order products directly from Amazon using Alexa.
  • ordering services: you can hail an Uber or order a Domino’s Pizza. For a senior who doesn’t have a car, that can be great!
  • music: obviously the prime market for Amazon’s and other streaming music services such as Pandora is millennials, but, guess what, you can even get Guy Lombardo (the soundtrack of my earliest years because of my parents’ 78’s) simply by asking Alexa.  The ultimate time machine!
  • books: if you parent has vision problems, audible books may be a boon, and since Amazon now owns Audible, this is also possible.
  • news: I’ve been trying to wean myself from the news since Something Bad Happened Last Month, but I’m still drawn like a moth to the flame, so I can get NPR instantly. A growing variety of other sources are also available.
  • smart home: I just installed two Sensi thermostats as I get deeper into smart home technology on the home front. Even though they have a great app that lets me adjust the temp when I’m away from home, it’s neat to just say “Alexa, turn down the heat two degrees” and have her do the work, not me! Next up? Adding my WeMo lights.
  • cooking: even though you can now get Echo’s little brothers (Dot and Tap) for use elsewhere in the home — or even outdoors — most Echos are found in the kitchen, and nothing is worse than flour-covered hands on a cookbook.  Now you can even ask Alexa for a great recipe for a certain dish, use it to make your shopping list, and follow the steps for making the dish, all just by asking her. Neato.
  • calendar: they may not be working anymore, but seniors have got a lot of appointments — the doctor, or my wife’s 95-year old aunt’s tango lessons (I kid you not!), so if you link your Google Calendar, Alexa will make sure you’re not late.

Equally important (and I suspect this will become more of a feature in the near future) the Echo can even help you stay on top of the other part of my SmartAging vision: improving your health, because you can access your Fitbit data.  There’s already a skill to help parents with kiddies’ ailments, from our Children’s Hospital, so why not one for geriatrics as well??

That’s just for now, and independent developers are adding new “skills” for Alexa at a dizzying pace.  So, if you still don’t have a present for Grannie? Get her an Echo, and since it’s from Amazon, she’ll still get it by the 25th!

 

Blockchain might be answer to IoT security woes

Could blockchain be the answer to IoT security woes?

I hope so, because I’d like to get away from my recent fixation on IoT security breaches and their consequences,  especially the Mirai botnet attack that brought a large of the Internet to its knees this Fall and the even scarier (because it involved Philips, a company that takes security seriously) white-hat hackers attack on Hue bulbs.  As I’ve written, unless IoT security is improved, the public and corporations will lose faith in it and the IoT will never develop to its full potential.

Now, there’s growing discussion that blockchain (which makes bitcoin possible), might offer a good IoT security platform.

Ironically — for something dealing with security — blockchain’s value in IoT may be because the data is shared and no one person owns it or can alter it unilaterally (BTW, this is one more example of my IoT “Essential Truth” that with the IoT data should be shared, rather than hoarded as in the past.

If you’re not familiar with blockchain, here’s an IBM video, using an example from the highly security-conscious diamond industry, that gives a nice summary of how it works and why:

The key aspects of blockchain is that it:

  • is transparent
  • can trace all aspects of actions or transactions (critical for complex sequences of actions in an IoT process)
  • is distributed: there’s a shared form of record keeping, that everyone in the process can access.
  • requires permission — everyone has permission for every step
  • is secure: no one person — even a system administrator — can alter it without group approval.

Of these, perhaps the most important aspect for IoT security is that no one person can change the blockchain unilaterally, adding something (think malware) without the action being permanently recorded and without every participant’s permission.  To add a new transaction to the blockchain, all the members must validate it by applying an algorithm to confirm its validity.

The blockchain can also increase efficiency by reducing the need for intermediaries, and it’s a much better way to handle the massive flood of data that will be generated by the IoT.

The Chain of Things think tank and consortium is taking the lead on exploring blockchain’s application to the IoT. The group describes itself as “technologists at the nexus of IoT hardware manufacturing and alternative blockchain applications.” They’ve run several blockchain hackathons, and are working on open standards for IoT blockchains.

Contrast blockchain with the current prevailing IoT security paradigm.  As Datafloq points out, it’s based on the old client-server approach, which really doesn’t work with the IoT’s complexity and variety of connections: “Connection between devices will have to exclusively go through the internet, even if they happen to be a few feet apart.”  It doesn’t make sense to try to funnel the massive amounts of data that will result from widespread deployment of billions of IoT devices and sensor through a centralized model when a decentralized, peer-to-peer alternative would be more economical and efficient.

Datafloq concludes:

“Blockchain technology is the missing link to settle scalability, privacy, and reliability concerns in the Internet of Things. Blockchain technologies could perhaps be the silver bullet needed by the IoT industry. Blockchain technology can be used in tracking billions of connected devices, enable the processing of transactions and coordination between devices; allow for significant savings to IoT industry manufacturers. This decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices to run on. The cryptographic algorithms used by blockchains, would make consumer data more private.”

I love it: paradoxically, sharing data makes it more secure!  Until something better comes along and/or the nature of IoT strategy challenges changes, it seems to me this should be the basis for secure IoT data transmission!

 

 

 

Libelium: flexibility a key strategy for IoT startups

I’ve been fixated recently on venerable manufacturing firms such as 169-yr. old Siemens making the IoT switch.  Time to switch focus, and look at one of my fav pure-play IoT firms, Libelium.  I think Libelium proves that smart IoT firms must, above all, remain nimble and flexible,  by three interdependent strategies:

  • avoiding picking winners among communications protocols and other standards.
  • avoiding over-specialization.
  • partnering instead of going it alone.
Libelium CEO Alicia Asin

Libelium CEO Alicia Asin

If you aren’t familiar with Libelium, it’s a Spanish company that recently turned 10 (my, how time flies!) in a category littered with failures that had interesting concepts but didn’t survive. Bright, young, CEO Alicia Asin, one of my favorite IoT thought leaders (and do-ers!) was recently named best manager of the year in the Aragón region in Spain.  I sat down with her for a wide-ranging discussion when she recently visited the Hub of the Universe.

I’ve loved the company since its inception, particularly because it is active in so many sectors of the IoT, including logistics, industrial control, smart meters, home automation and a couple of my most favorite, agriculture (I have a weak spot for anything that combines “IoT” AND “precision”!) and smart cities.  I asked Asin why the company hadn’t picked one of those verticals as its sole focus: “it was too risky to choose one market. That’s still the same: the IoT is still so fragmented in various verticals.”

The best illustration of the company’s strategy in action is its Waspmote sensor platform, which it calls the “most complete Internet of Things platform in the market with worldwide certifications.” It can monitor up to 120 sensors to cover hundreds of IoT applications in the wide range of markets Libelium serves with this diversified strategy, ranging from the environment to “smart” parking.  The new versions of their sensors include actuators, to not simply report data, but also allow M2M control of devices such as irrigation valves, thermostats, illumination systems, motors and PLC’s. Equally important, because of the potentially high cost of having to replace the sensors, the new ones use extremely little power, so they can last        .

Equally important as the company’s refusal to limit itself to a single vertical market is its commitment to open systems and multiple communications protocols, including LoRaWAN, SIGFOX, ZigBee and 4G — a total of 16 radio technologies. It also provides both open source SDK and APIs.

Why?  As Asin told me:

 

“There is not going to be a standard. This (competiting standards and technology) is the new normal.

“I talk to some cities that want to become involved in smart cities, and they say we want to start working on this but we want to use the protocol that will be the winner.

“No one knows what will be the winner.

“We use things that are resilient. We install all the agents — if you aren’t happy with one, you just open the interface and change it. You don’t have to uninstall anything. What if one of these companies increases their prices to heaven, or you are not happy with the coverage, or the company disappears? We allow you to have all your options open.

“The problem is that this (not picking a standard) is a new message, and people don’t like to listen.  This is how we interpret the future.”

Libelium makes 110 different plug and play sensors (or as they call them, “Plug and Sense,” to detect a wide range of data from sources including gases, events, parking, energy use, agriculture, and water.  They claim the lowest power consumption in the industry, leading to longer life and lower maintenance and operating costs.

Finally, the company doesn’t try to do everything itself: Libelium has a large and growing partner network (or ecosystem, as it calls it — music to the ears of someone who believes in looking to nature for profitable business inspiration). Carrying the collaboration theme even farther, they’ve created an “IoT Marketplace,” where pre-assembled device combinations from Libelium and partners can be purchased to meet the specific needs of niches such as e-health,  vineyards, water quality, smart factories, and smart parking.  As the company says, “the lack of integrated solutions from hardware to application level is a barrier for fast adoption,” and the kits take away that barrier.

I can’t stress it enough: for IoT startups that aren’t totally focused on a single niche (a high-stakes strategy), Libelium offers a great model because of its flexibility, agnostic view of standards, diversification among a variety of niches, and eagerness to collaborate with other vendors.


BTW: Asin is particularly proud of the company’s newest offering, My Signals,which debuted in October and has already won several awards.  She told me that they hope the device will allow delivering Tier 1 medical care to billions of underserved people worldwide who live in rural areas with little access to hospitals.  It combines 15 different sensors measuring the most important body parameters that would ordinarily be measured in a hospital, including ECG, glucose, airflow, pulse, oxygen in

It combines 15 different sensors measuring the most important body parameters that would ordinarily be measured in a hospital, including ECG, glucose, airflow, pulse, blood oxygen, and blood pressure. The data is encrypted and sent to the Libelium Cloud in real-time to be visualized on the user’s private account.

It fits in a small suitcase and costs less than 1/100th the amount of a traditional Emergency Observation Unit.

The kit was created to make it possible for m-health developers to create prototypes cheaply and quickly.

Siemens’s MindSphere: from automation to digitalization

Perhaps the most important component of a successful IoT transformation is building it on a robust platform, because that alone can let your company go beyond random IoT experiments to achieve an integrated IoT strategy that can add new components systematically and create synergistic benefits by combining the various aspects of the program.

A good starting point for discussion of such platforms is a description of the eight key platform components as detailed by IoT Analytics:

  1. “Connectivity & normalization: brings different protocols and different data formats into one ‘software’  interface ensuring accurate data streaming and interaction with all devices.
  2. Device management: ensures the connected ‘things’ are working properly, seamlessly running patches and updates for software and applications running on the device or edge gateways.
  3. Database: scalable storage of device data brings the requirements for hybrid cloud-based databases to a new level in terms of data volume, variety, velocity and veracity.
  4. Processing & action management: brings data to life with rule-based event-action-triggers enabling execution of ‘smart’ actions based on specific sensor data.
  5. Analytics: performs a range of complex analysis from basic data clustering and deep machine learning to predictive analytics extracting the most value out of the IoT data-stream.
  6. Visualization: enables humans to see patterns and observe trends from visualization dashboards where data is vividly portrayed through line-, stacked-, or pie charts, 2D- or even 3D-models.
  7. Additional tools: allow IoT developers prototype, test and market the IoT use case creating platform ecosystem apps for visualizing, managing and controlling connected devices.
  8. External interfaces: integrate with 3rd-party systems and the rest of the wider IT-ecosystem via built-in application programming interfaces (API), software development kits (SDK), and gateways.”

Despite (or because of, the complexity,) I think this is a decent description, because a robust IoT platf0rm really must encompass so many functions. The eight points give a basis for deciding whether what a company hawks as an IoT platform really deserves that title or really constitutes only part of the necessary whole (Aside: it’s also a great illustration of my Essential Truth that, instead of hoarding data as in the past, we must begin to ask “who else can use this data?” either inside the company or, potentially, outside, then use technology such as an IoT platform to integrate all those data uses productively.).

During my recent Barcelona trip (disclaimer: Siemens paid my way and arranged special access to some of its key decision makers, but made no attempt to limit my editorial judgment) I interviewed the company’s Chief Strategy Officer, Dr. Horst J. Kayser, who made it clear (as I mentioned in my earlier post about Siemens) that one of the advantages the company has over pure-play software firms is that it can apply its software offerings internally first and tweak them there, because of its 169-year heritage as a manufacturer, and “sits on a vast program of automation.”

Siemens’s IoT platform, MindSphere  is a collaboration with SAP, using the latter’s vast HANA cloud.  It ties together all components of Siemens’s IoT offerings, including data analytics, connectivity capabilities, developers’ tools, applications and services. MindSphere focuses on monitoring manufacturing assets’ real-time status, to evaluate and use customers’ data, producing insights that can cut production costs, improve performance, and even switch to predictive maintenance. Its Mind Connect Nano collects data from the assets and transferring it to MindSphere.

The “digital twin” is integrated throughout the MindSphere platform. Kayser says that “there’s a digital twin of the entire process, from conception through the manufacturing and maintenance, and it feeds the data back into the model.” In fact,  one dramatic example of the concept in action is the new Maserati Ghibli, created in 16 months instead of 30 — almost 50% less time than for prior models.  Using the Teamcenter PLM software, the team was able to virtually develop and extensively test the car before anything was created physically.

IMHO, Mindsphere and components such as Teamware might really be the key to actualizing my dream of the circular company, in this case with the IoT-based real-time digital twin at the heart of the enterprise — as Kayser said, “everything is done through one consistent data set.)” I hope to explore my concept, and the benefits I think it can produce, more with the Siemens strategists in the future!  I tried the idea out on several of them in Barcelona, and no one laughed, so we’ll see…

As with the company’s rail digitization services that I mentioned in my earlier post, there’s an in-house guinea pig for MindSphere as well: the company’s “Factory of the Future” in Amberg. The plant manufactures Simatic controllers, the key to the company’s automation products and services, to which digitalization is now being added as part of the company’s Industrie 4.0 IoT plan for manufacturing (paralleling GE’s “Industrial Internet.”). As you may be aware, Siemens’s efforts in this area are a subset of a formal German government/industry initiative — I  doubt seriously we’ll see this in the U.S. under Trump.

The results of digitalization at Amberg are astonishing by any measure, especially the ultimate accomplishment: a  99.9988 percent rate (no typo!!), which is even more incredible when you realize this is not mass production with long, uniform production runs: the plant manufactures more than 1,000 varieties of the controllers, with a total volume of 12 million Simatic products each year, or about one per second.  Here are some of the other benefits of what they call an emphasis on optimizing the entire value chain:

  • shorter delivery time: 24 hours from order.
  • time to market reduced by up to 50%.
  • cost savings of up to 25%

Of course there are several other robust IoT platforms, including GE’s Predix and PTC’s Thingworx, but my analysis shows that Mindsphere meets IoT Analytics’ criteria, and, combined with the company’s long background in manufacturing and automation, should make it a real player in the industrial internet. Bravo!

When Philips’s Hue Bulbs Are Attacked, IoT Security Becomes Even Bigger Issue

OK, what will it take to make security (and privacy) job #1 for the IoT industry?

The recent Mirai DDoS attack should have been enough to get IoT device companies to increase their security and privacy efforts.

Now we hear that the Hue bulbs from Philips, a global electronics and IoT leader that DOES emphasize security and doesn’t cut corners, have been the focus of a potentially devastating attack (um, just wonderin’: how does triggering mass epileptic seizures through your light bulbs grab you?).

Since it’s abundantly clear that the US president-elect would rather cut regulations than add needed ones (just announcing that, for every new regulation, two must be cut), the burden of improving IoT security will lie squarely on the shoulders of the industry itself. BTW:kudos in parting to outgoing FTC Chair Edith Ramirez, who has made intelligent, workable IoT regulations in collaboration with self-help efforts by the industry a priority. Will we be up to the security challenge, or, as I’ve warned before, will security and privacy lapses totally undermine the IoT in its adolescence by losing the public and corporate confidence and trust that is so crucial in this particular industry?

Count me among the dubious.

Here’s what happened in this truly scary episode, which, for the first time, presages making the focus of an IoT hack an entire city, by exploiting what might otherwise be a smart city/smart grid virtue: a large installed base of smart bulbs, all within communication distance of each other. The weapons? An off-the-shelf drone and an USB stick (the same team found that a car will also do nicely as an attack vector). Fortunately, the perpetrators in this case were a group of white-hat hackers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada, who reported it to Philips so they could implement additional protections, which the company did.

Here’s what they wrote about their plan of attack:

“In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction (my emphasis), provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform.

“The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack (my emphasis). To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already (my emphasis).

“To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.”

Again, this wasn’t one of those fly-by-night Chinese manufacturers of low-end IoT devices, but Philips, a major, respected, and vigilant corporation.

As for the possible results? It could:

  •  jam WiFi connections
  • disturb the electric grid
  • brick devices making entire critical systems inoperable
  • and, as I mentioned before, cause mass epileptic seizures.

As for the specifics, according to TechHive, the researchers installed Hue bulbs in several offices in an office building in the Israeli city of Beer Sheva. In a nice flair for the ironic, the building housed several computer security firms and the Israeli Computer Emergency Response Team.  They attached the attack kit on the USB stick to a drone, and flew it toward the building from 350 meters away. When they got to the building they took over the bulbs and made them flash the SOS signal in Morse Code.

The researchers”were able to bypass any prohibitions against remote access of the networked light bulbs, and then install malicious firmware. At that point the researchers were able to block further wireless updates, which apparently made the infection irreversible. ‘There is no other method of reprogramming these [infected] devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied.’”

Worst of all, the attack was against Zigbee, one of the most robust and widely-used IoT protocols, an IoT favorite because Zigbee networks tend to be cheaper and simpler than WiFi or BlueTooth.

The attack points up one of the critical ambiguities about the IoT. On one hand, the fact that it allows networking of devices leads to “network effects,” where each device becomes more valuable because of the synergies with other IoT devices. On the other hand, that same networking and use of open standards means that penetrating one device can mean ultimately penetrating millions and compounding the damage.


I’m hoping against hope that when Trump’s team tries to implement cyber-warfare protections they’ll extend the scope to include the IoT because of this specific threat. If they do, they’ll realize that you can’t just say yes cyber-security and no, regulations. In the messy world of actually governing, rather than issuing categorical dictums, you sometimes have to embrace the messy world of ambiguity.  

What do you think?

 

Siemens’s Mobility Services: Trains Become IoT Labs on Wheels

George Stephenson's Killingworth locomotive Source: Project Gutenberg

George Stephenson’s Killingworth locomotive
Source: Project Gutenberg

As those of you who know rail history understand, with Stephenson as your last name, you’re bound to have a strong interest in railroads! Add in the fact that I was associate producer of an award-winning documentary on the subject back in the early 70’s, and it’s no wonder I was hooked when I got a chance to meet with some of Siemens’s top rail executives on my trip to Barcelona last week (Disclaimer: Siemens paid my expenses, but didn’t dictate what I covered, nor did they have editorial review of this piece).

What really excites me about railroads and the IoT is that they neatly encapsulate the dramatic transformation from the traditional industrial economy to the IoT: on one hand, the railroad was perhaps THE most critical invention making possible 19th century industry, and yet it still exists, in recognizable but radically-evolved form, in 2016. As you’ll see below, trains have essentially become laboratories on wheels!

I dwelt on the example of the Union Pacific in my e-book introduction to the IoT, SmartStuff, because to CIO Lynden Tennison was an early adopter, with his efforts focused largely on reducing the number of costly and dangerous derailments, through measures such as putting infrared sensors every twenty miles along the rail bed to spot “hotboxes,” overheating bearings. That allowed an early version of what we now know as predictive maintenance, pulling cars off at the next convenient yard so the bearings could be replaced before a serious problem. Even though the technology even five years ago was primitive compared to today, the UP cut bearing-related derailments by 75%.

Fast-forward to 2016, and Siemens’s application of the IoT to trains through its Mobility Services is yielding amazing benefits: increasing reliability, cutting costs, and even leading to possible new business models. They’ve taken over maintenance for more than 50 rail and transit programs.

While I love IoT startups with a radical new vision and no history to encumber them, Siemens is a beacon to those companies firmly rooted in manufacturing which may wonder whether to incorporate the IoT in their services and strategy. I suspect that its software products are inherently more valuable than competitors from pure-play software firms at commercial launch because the company eats its own dogfood and applies the new technology first to the products it manufactures and maintains — closing the loop.

Several of its executives emphasized that one of the advantages Siemens feels they enjoy is that their software engineers in Munich work in a corner of an old locomotive factory that Siemens still operates, so they can interact with those actually building and maintaining the engines on a daily basis. When it comes to security issues, their experience as a manufacturer means they understand the role of each component of the signaling system. Dr. Sebastian Schoning, ceo of Siemens client Gehring Technologies, which manufactures precision honing tools, told me that it was easier to sell these digital services to its own client base because so much of their current products include Siemens devices, giving them confidence in the new offerings. GE enjoys the same advantages of combining manufacturing and digital services with its Evolution Series locomotives.

The key to Siemens’s Mobility Services is Sinalytics, its platform architecture for data analysis not just for rail, but also for industries ranging from medical equipment to wind farms. More than 300,000 devices currently feed real-time data to the platform,   Consistent with my IoT-centric “Circular Company” vision, Sinalytics capitalizes on the data for multiple uses, including connectivity, data integration, analytics, and the all-important cyber security — they call the result not Big Data, but Smart Data. As with data services from jet turbine manufacturers such as Rolls Royce and GE, the platform also allows merging the data with data from sources such as weather forecasts which, in combination, can let clients optimize operating efficiency on a real-time M2M basis.  

With the new approach, trains become IoT laboratories on wheels, combining all of the key elements of an IoT system:

  • Sensing: there are sensors on the engines and gearboxes, plus vibration sensors on  microphones measure noises from bearings in commuter trains. They can even measure how engine oil is aging, so it can be changed when really needed, rather than on an arbitrary schedule.
  • Algorithms to make sense of the data and act on it. They read out patterns, record deviations & compare them with train control systems or vehicles of the same type.
  • Predictive maintenance replaces scheduled maintenance, dramatically reducing down-time and catastrophic failure.For example: “There’s a warning in one of the windows (of the control center display): engine temperature unusual. ‘We need to analyze the situation in greater depth to know what to do next  — we call it  ‘root cause analysis,” (say) Vice-President for Customer Support Herbert Padinger. ‘We look at its history and draw on comparative data from the fleet as a whole.’ Clicking on the message opens a chart showing changes in temperature during the past three months. The increased heat is gradually traced to a signal assembly. The Siemens experts talk with the customer to establish how urgent the need for action is, and then takes the most appropriate steps.”  He says that temperature and vibration analyses from the critical gearboxes gives Siemens at least three days advance notice of a breakdown — plenty of time for maintenance or replacement.  Predictive maintenance is now the norm for 70-80% of Siemens’s repairs.
  • Security (especially important given all of the miles of track and large crowds on station platforms): it includes video-based train-dispatch and platform surveillance using its SITRAIL D system, as well as cameras in the trains. The protections have to run the gamut from physical attacks to cyber attacks.  For security, the data is shared by digital radio, not networks also shared by consumers.

When operations are digitized, it allows seamlessly integrating emerging digital technologies into the services. Siemens Digital Services also included augmented reality (so repair personnel can see manuals on heads-up displays), social collaboration platforms, and — perhaps most important — 3-D printing-based additive manufacturing, so that replacement parts can be delivered with unprecedented speed. 3-D printing also allows dramatic reduction in parts inventories and allows replacement of obsolete parts that may no longer be available through conventional parts depots or even — get this — to improve on the original part’s function and/or durability, based on practical experience gained from observing the parts in use.  Siemens has used 3-D printing for the past last 3 years, and it lets them assure that they will have replacements for the locomotive’s entire lifespan, which can exceed 30 years.

The results of the new approach are dramatic.

  • None of the Velaro trains that Siemens maintains for several operators have broken down since Sinalytics was implemented. Among those in Spain only 1 has left more than 15 min. behind time in 2,300 trips: .0004%!
  • Reliability for London’s West Coast Mainline is 99.7%

  • Perhaps most impressive, because of the extreme cold conditions it must endure, the reliability rate for the Velaro service in Russia is 99.9%!

Their ultimate goal is a little higher: what Siemens calls (pardon the pun) 100% Railability (TM).

And, consistent with what other companies find when they fully implement not only IoT technology, but also what I like to call “IoT Thinking,” when it does reach those previously inconceivable quality benchmarks, the company predicts that, as the software and sensors evolve, the next stage will be new business models in which billing will be determined by guaranteeing customers availability and performance.

PS: I’ll be posting more about my interviews with Siemens officials and the Gartner event in coming days.

#IoT and Trump’s Election

Posted on 9th November 2016 in government, Internet of Things

I try to keep my politics out of this blog (disclosure: I am an old-fashioned liberal Democrat, who cares about poor, working-class white men AND everyone), but I do feel compelled to bring one little factoid to your attention: a quick review of Google earlier for “Internet of Things” AND Trump revealed absolutely nothing.  As for Obama initiatives in the field, such as the recent Smart Cities contest, you can bet they will be among the first programs axed by executive action. If you didn’t feel compelled to vote, or, even worst, voted for him to “Send Washington a Message,” consider it sent, and I hope you can live with what you have set in process. As ye sow, so shall ye reap.

For everyone else, pray for the future of the world — it’s that dangerous when a narcissist has his finger on the nuclear Button

2nd day liveblogging, Gartner ITxpo, Barcelona

Accelerating Digital Business Transformation With IoT Saptarshi Routh Angelo Marotta
(arrived late, mea culpa)

  • case study (didn’t mention name, but just moved headquarters to Boston. Hmmmmm).
  • you will be disrupted by IoT.
  • market fragmented now.

Toshiba: How is IoT Redefining Relationships Between Customers and Suppliers, Damien Jaume, president, Toshiba Client Solutions, Europe:

  • time of tremendous transformation
  • by end of ’17, will surpass PC, tabled & phone market combined
  • 30 billion connect  devices by 2020
  • health care IoT will be $117 billion by 2020
  • 38% of indiustry leaders disrupted by digitally-enabled competitors by 2018
  • certainty of customer-supplier relationship disruption will be greatest in manufacturing, but also every other market
    • farming: from product procurement to systems within systems. Smart, connected product will yield to integrated systems of systems.
  • not selling product, but how to feed into whole IoT ecosystem
  • security paramount on every level
  • risk to suppliers from new entrants w/ lean start-up costs.
  • transition from low engagement, low trust to high engagement, high trust.
  • Improving efficiencies
  • ELIMINATE MIDDLEMAN — NO LONGER RELEVANT
  • 4 critical success factors:
    • real-time performance pre-requisite
    • robustness — no downtime
    • scalability
    • security
  • case studies: energy & connected home, insurance & health & social care (Neil Bramley, business unit director for clients solutions
    • increase depth of engagement with customer. Tailored information
    • real-time performance is key, esp. in energy & health
    • 20 million smart homes underway in GB by 2020:
      • digitally empowering consumers
      • engaging consumers
      • Transforming relationships among all players
      • Transforming homes
      • Digital readiness
    • car insurance: real-time telematics.
      • real-time telematics data
      • fleet management: training to reduce accidents. Working  w/ Sompo Japan car insurance:
    • Birmingham NHS Trust for health (Ciaron Hoye, head of digital) :
      • move to health promotion paradigm
      • pro-actively treat patients
      • security first
      • asynchronous communications to “nudge” behavior.
      • avoiding hip fractures
      • changing relationship w/ the patient: making them stakeholders, involving in discussion, strategy
      • use game theory to change relationship

One-on-one w/ Christian Steenstrup, Gartner IoT analyst. ABSOLUTE VISIONARY — I’LL BE INTERVIEWING HIM AT LENGTH IN FUTURE:

  • industrial emphasis
  • applications more ROI driven, tangible benefits
  • case study: mining & heavy industry
    • mining in Australia, automating entire value train. Driverless. Driverless trains. Sensors. Caterpillar. Collateral benefits: 10% increase in productivity. Less payroll.  Lower maintenance. Less damage means less repairs.
    • he downplays AR in industrial setting: walking in industrial setting with lithium battery strapped to your head is dangerous.
    • big benefit: less capital expense when they build next mine. For example, building the town for the operators — so eliminate the town!
  • take existing processes & small improvements, but IoT-centric biz, eliminating people, might eliminate people. Such as a human-less warehouse. No more pumping huge amount of air underground. Huge reduction with new system.  Mine of future: smaller holes. Possibility  of under-sea mining.
  • mining has only had incremental change.
  • BHP mining’s railroad — Western Australia. No one else is involved. “Massive experiment.”
  • Sound sensing can be important in industrial maintenance.  All sorts of real-time info. 
  • Digital twins: must give complete info — 1 thing missing & it doesn’t work.
  • Future: 3rd party data brokers for equipment data.
  • Privacy rights of equipment.
  • “communism model” of info sharing — twist on Lenin.

 

Accelerating Digital Transformation with Microsoft Azure IoT Suite (Charlie Lagervik):

  • value networking approach
  • customer at center of everything: customer conversation
  • 4 imperatives:
    • engage customers
    • transform products
    • empower employees
    • optmize operations
  • their def. of IoT combines things/connectivity/data/analytics/action  Need feedback loop for change
  • they focus on B2B because of efficiency gains.
  • Problems: difficult to maintain security, time-consuming to launch, incompatible with current infrastructure, and hard to scale.
  • Azure built on cloud.
  • InternetofYourThings.com

 

Afternoon panel on “IoT of Moving Things” starts with all sorts of incredible factoids (“since Aug., Singapore residents have had access to self=driving taxis”/ “By 2030, owning a car will be an expensive self-indulgence and will no longer be legal.”

  • vehicles now have broader range of connectivity now
  • do we really want others to know where we are? — privacy again!
  • who owns the data?
  • what challenges do we need to overcome to turn data into information & valuable insight that will help network and city operators maximize efficiency & drive improvement across our transportation network?
  • think of evolution: now car will be software driven, then will become living room or office.
  • data is still just data, needs context & location gives context.
  • cities have to re-engineer streets to become intelligent streets.
  • must create trust among those who aren’t IT saavy.
  • do we need to invest in physical infrastructure, or will it all be digital?
  • case study: one car company w/ engine failures in 1 of 3 cars gave the consultants data to decide on what was the problem.