IoT-based “Regulation 3.0” Might Have Avoided Merrimack Valley Tragedies

Pardon me: this is a very personal post.

For about an hour Thursday night we didn’t know whether my son’s home in Lawrence was one of those blown up by the gasline explosions (fortunately, he and his dear family were never at risk — they’re living in Bolivia for two years — but the house was right at Ground Zero). Fortunately, it is intact.

However, the scare took me back to an op-ed I wrote eight years ago in Federal Computer Week after the BP catastrophe in the Gulf, when I was working in disaster communications. I proposed what in fact was an IoT-based way to avoid similar disasters in the future: what I called “Regulation 3.0,” which would be a win-win solution for critical infrastructure companies (85% of the critical infrastructure in the US is in private hands) and the public interest by installing IoT-monitoring sensors and M2M control devices that would act automatically on that sensor data, rather than requiring human intervention:

  • in daily operations, it would let the companies dramatically increase their efficiency by giving real-time data on where the contents were and the condition of pipelines, wires, etc. so the operations could be optimized.
  • in a disaster, as we found out in Lawrence and Andover, where Columbia Gas evidently blew it on response management, government agencies (and, conceivably, even the general public, might have real-time data, to speed the response (that’s because of one of my IoT Essential Truths, “share data, don’t hoard it”).

We could never have that real-time data sharing in the past, so we were totally dependent on the responsible companies for data, which even they probably didn’t have because of the inability to monitor flow, etc.

Today, by contrast, we need to get beyond the old prescriptive regulations, which told companies what equipment to install (holding back progress when new, more efficient controls were created, and switch to performance-based regulation where the companies would instead be held to standards (i.e., in the not-too-distant future, when the IoT will be commonplace, collecting and sharing real-time data on their facilities), so they’d be free to adopt even better technology in the future.

However, Regulation 3.0 should become the norm, because it would be better all around:

  • helping the companies’ improve their daily operations.
  • cutting the cost of compliance (because data could be crunched and reported instantly, without requiring humans compiling and submitting it).
  • reducing the chance of incidents ever happening (When I wrote the op-ed I’d never heard of IoT-based “predictive maintenance,” which lets companies spot maintenance issues at the earliest point, so they can do repairs quickly and cheaper than if having to respond once they’re full-blown problems.).

I had a chance to discuss the concept yesterday with Rep. Joe Kennedy, who showed a real knowledge of the IoT and seemed open to the incident.

Eight years after I first broached the concept, PTC reports that the pipeline industry is now impementing IoT-based operations, with benefits including:

  • Situational awareness..
  • Situational intelligence..
  • and Predictive analytics.

Clearly, this is in the economic interests of the companies that control the infrastructure, and of the public interest.  The Time has come for IoT-based “Regulation 3.0.”

 

Previewing “The Future Is Smart”: Siemens Leads Way In IoT Transformation

Huzzah!

On August 7th, HarperCollins’ new Leadership imprint (formerly Amacom) will publish The Future Is Smart, my guide to IoT strategy for businesses and the general public.  BTW: write me if you’d like to arrange a speaking engagement/book signing event!

As part of the build-up to the release, here’s another excerpt from the book, drawn from Chapter 5: “Siemens and GE:Old War Horses Leading the IoT Revolution.” It zeroes in on these two industrial companies from the 19th (!!) century that are arguably among the top IoT companies in the world (although, sadly, GE’s transformation, which I’ll detail in the next excerpt, has not resulted — so far — in a return to its former profitability). I highlighted these two companies in part to give comfort to old-line manufacturers that have been reluctant to embrace the IoT, and in part to shame them: if they can do it, why can’t you?

Siemens is a particularly exciting example, applying IoT thinking and technology to gain a competitive edge in the railroad business, which it has been involved in since the 19th century, and because its Amberg “Factory of the Future” is the epitome of the benefits of applying the IoT to manufacturing,  The excerpt is long, but I think the details on Siemens’ IoT transformation will make it worthwhile reading.

 


For all their (referring to Siemens and GE) own distinctive products and services, there are startling parallels between the two that are relevant to this book, particularly for readers whose companies have been unaware of the IoT or are modestly testing the waters. Both Siemens and GE have fully committed to the IoT and are radically reinventing themselves, their products, and their services. 

At the same time, they are not abandoning the physical for the digital: they still make products such as trains (NB: since this book went to press, GE announced it will quit to locomotive business as it struggles to regain momentum) and large medical diagnostic devices that remain necessary in the new economy, and those devices (as well as the new software lines) are used by many other companies in their own manufacturing. Both companies aren’t just testing the IoT: they are on the bleeding edge of innovation in terms of both IoT technology and services.

Siemens and GE embody most of the marks of the IoT company outlined in the first chapter:

  • Unprecedented assembly-line precision and product quality
  • Drastically lower maintenance costs and product failure
  • Increased customer delight and loyalty
  • Improved decision-making
  • Creating new business models and revenue streams

And, while they haven’t formally addressed the sixth IoT hallmark, the circular management organization, both companies exhibit management characteristics consistent with it.

Bottom-line: if these two relics of the early Industrial Age can make the IoT transformation, why can’t you?

(Siemens’) innovations in industrial automation are now associated with the concept of the digital factory. “Siemens set the course for the digital automation of entire production facilities as far back as 1996, when the launch of its Totally Integrated Automation (TIA) Portal enabled companies to coordinate elements of their production operations and to closely intermesh hardware with software.”

Siemens has benefited in recent years from the German government’s formal strategy for what it calls “Industrie 4.0,” to merge physical products with digital controls and communications. The initiative is supported by funding from the German Federal Ministry of Education and Research and the German Federal Ministry of Economic Affairs and Energy and emphasizes the merger of the digital and physical in manufacturing through cyber-physical control systems. Because the U.S. federal government doesn’t weigh in on specific economic plans to the same extent, the concept is more advanced in Europe, and the term has gathered cachet, especially as specific examples have proved profitable.

Factory of the Future:
The shining example of Industrie 4.0 is the previously mentioned Siemens plant in Amberg. It has increasingly computerized over the past 25 twenty-five years, and now is a laboratory for fusion of the physical and digital.

The plant’s 99.99885 percent quality rate would be astounding by any measure, but is even more incredible when you realize that it does not do daily repetitions of the same mass-production product run. Instead, Amberg is where the company makes the Simatic programmable logic controls (PLCs) .. that are the heart of its industrial output and which are used worldwide to allow Machine-to-Machine (M2M) automated assembly line self-regulation. They are made in more than a thousand variations for 60,000 customers worldwide, requiring frequent readjustments of the production line. In one of the ultimate examples of eating your own dog food, a thousand Simatic units are used to control the assembly line. Total output at the factory is 12 million yearly, or approximately one per second.

One downside of the Amberg system’s efficiency is that automation has nearly eliminated assembly line jobs: the only time humans touch one of the products is to put the initial circuit board on the assembly line. The 1,100-person workforce deals almost entirely with computer issues and overall supervision of the assembly line. Nevertheless, Siemens doesn’t visualize a totally automated, workerless factory in the future:

“We’re not planning to create a workerless factory,” says [Plant Manager Professor Karl-Heinz] Büttner. After all, the machines themselves might be efficient, but they don’t come up with ideas for improving the system. Büttner adds that the employees’ suggested improvements account for 40 percent of annual productivity increases. The remaining 60 percent is a result of infrastructure investments, such as the purchase of new assembly lines and the innovative improvement of logistics equipment. The basic idea here, says Büttner, is that “employees are much better than management at determining what works or doesn’t work in daily operation and how processes can be optimized.” In 2013 the [plant] adopted 13,000 of these ideas and rewarded employees with payments totaling around €1 million.

As Siemens develops new IIoT software, it is deployed at the Amberg factory to control the Simatic control units, which generate more than 50 million data points daily for analysis. Among other programs, the factory runs the NX and Teamcenter project lifecycle management software, allowing the staff to share realtime insights on the assembly line and fine-tune its operation.

Siemens’s strategy of merging the physical and digital has meant that its software offerings constantly expand, and they facilitate the kind of real and virtual collaborative workstyles that will be discussed at length in Chapter 8. Among others, they include offerings that specifically address key aspects of the IoT:

  • Product Lifecycle Management software programs, which let engineers both model new products and extensively test them virtually, without having to build and test physical models. This both cuts costs and allows more experimentation with “what if” variations on a design, because the risk of creating alternatives is so low. As we will see later, products designed with PLM can reach the market 50 percent faster. One particularly interesting part of the PLM offerings is one specifically for additive manufacturing (i.e., 3-D printing), to capitalize on this emerging option. Siemens has brought all of these programs together under the Teamcenter label, emphasizing that it provides an “open framework for interoperability,” a critical example of the “share the data” Essential Truth discussed in Chapter 2, allowing anyone who needs it companywide to access critical realtime data.
  • Digital Twins used in coordination with PLM, discussed earlier (Chapter 4) as the highest manifestation of the digital/physical synthesis, allow rigorous testing of products before they are launched.
  • Perhaps the most important of these software offerings for full realization of the Industrie 4.0 vision is the new combination of Siemens XHQ Operations Intelligence Software with the open-systems Siemens MindSphere cloud that adds advanced analytics and machine learning. Also, because it is cloud-based, the XHQ data can be ported to other cloud-based applications. If your company is considering an IoT initiative, the cloud-based alternative not only can save money compared to self-storage, but also opens the opportunity for using cloud-based Software as a Service (SaaS).

 

Railigent

Fittingly, some of the most dramatic examples of Siemens’s IoT thinking in action have centered on one of its oldest lines of business: those electric trains invented in the nineteenth century.  The company’s Railigent system (which connects to its IoT Mindsphere platform) can:

  • cut rail systems’ operating costs by up to 10%
  • deliver eye-popping on-time performance (only 1 of 2,300 trains was late!)
  • and assure 99% availability through predictive maintenance.

Its new Mobility Services have taken over maintenance for more than fifty rail and transit programs.

Again, the company’s years of experience building and operating trains pays off in the cyberworld. Dr. Sebastian Schoning, ceo of Siemens’s client Gehring Technologies, which manufactures precision honing tools, told me that it was easier to sell Siemens’s digital services to his own client base because so much of the products they already own include Siemens devices, giving his customers confidence in the new offerings.

The key to Siemens’s Mobility Services is Sinalytics, its platform architecture for data analysis not just for rail, but also for industries ranging from medical equipment to windfarms. More than 300,000 devices currently feed realtime data to the platform. Sinalytics capitalizes on the data for multiple uses, including connectivity, data integration, analytics, and the all-important cyber security. They call the result not Big Data, but Smart Data. The platform also allows merging the data with data from sources such as weather forecasts which, in combination, can let clients optimize operating efficiency on a real-time M2M basis.

Elements of an IoT system on the trains that can be adapted to other physical products include:

  • Sensing. There are sensors on the engines and gearboxes. Vibration sensors on microphones measure noises from bearings in commuter trains. They can even measure how engine oil is aging, so it can be changed when really needed, rather than on an arbitrary schedule, a key predictive maintenance advantage.
  • Algorithms: These make sense of the data and act on it. They read out patterns, record deviations, and compare them with train control systems or with vehicles of the same type.
  • Predictive Maintenance: This replaces scheduled maintenance, dramatically reducing downtime and catastrophic failure. For example: “There’s a warning in one of the windows (of the control center display): engine temperature unusual. ‘We need to analyze the situation in greater depth to know what to do next—we call it root cause analysis,’ (says) Vice-President for Customer Support Herbert Padinger. ‘We look at its history and draw on comparative data from the fleet as a whole.’ Clicking on the message opens a chart showing changes in temperature during the past three months. The increased heat is gradually traced to a signal assembly. The Siemens experts talk with the customer to establish how urgent the need for action is, and then take the most appropriate steps.”8 Padinger says that temperature and vibration analyses from the critical gearboxes gives Siemens at least three days advance notice of a breakdown—plenty of time for maintenance or replacement. Predictive maintenance is now the norm for 70 to 80 percent of Siemens’s repairs.
  • Security: This is especially important given all of the miles of track and large crowds on station platforms. It includes video-based train dispatch and platform surveillance using Siemens’s SITRAIL D system, as well as cameras in the trains. The protections have to run the gamut from physical attacks to cyber-attacks. For security, the data is shared by digital radio, not networks that are also shared by consumers.

When operations of physical objects are digitized, it allows seamlessly integrating emerging digital technologies into the services—making these huge engines showcases for the newest technologies. For example, Siemens Digital Services also included augmented reality (so repair personnel can see manuals on heads-up displays), social collaboration platforms, and—perhaps most important—3-D printing-based additive manufacturing, so that replacement parts can be delivered with unprecedented speed. 3-D printing also allows a dramatic reduction in parts inventories, It allows for replacement of parts that may no longer be available through conventional parts depots. It may even improve on the original part’s function and durability, based on practical experience gained from observing the parts in use. For example, it’s often possible with 3-D printed replacement parts to consolidate three or four separate components into a single one, strengthening and simplifying it. Siemens has used 3-D printing for the past last three years, and it lets them assure customers that they will have replacement parts for the locomotive’s entire lifespan, which can exceed thirty years.

The new Mobility Services approach’s results are dramatic:

  • None of the Velaro trains that Siemens maintains for several operators have broken down since implementing Sinalytics. Among those in Spain only one has left more than fifteen minutes behind time in 2,300 trips: a 0.0004 percent lateness rate.
  • Reliability for London’s West Coast Mainline is 99.7 percent.
  • Perhaps most impressive because of the extreme cold conditions it must endure, the reliability rate for the Velaro service in Russia is 99.9 percent.11

Siemens’s ultimate goal is higher: what the company calls (pardon the pun) 100 percent Railability.

When it does reach those previously inconceivable quality benchmarks, Siemens predicts that, as the software and sensors evolve, the next stage will be new business models in which billing will be determined by guaranteeing customers availability and performance. The manufacturing industry is now at the stage where the automation of complete workflows is the only way to ensure a long-term, defendable, competitive position.

Siemens emphasizes that it’s not enough to simply digitize the design process. Everything from design through supply chain, manufacturing, distribution, and service must be linked in a continuous digital web, with “complete digital representation of the entire physical value chain is the ultimate goal.”

 

The fact that Siemens doesn’t just sell these IoT services but makes their own manufacturing the laboratory to develop and test them is an incredible testimonial to the IoT’s transformative potential in every aspect of companies’ operations. So, as I asked above, why are you holding back? Like to think that The Future Is Smart will give you the manual you need to make the transition (why wait for August  7, when you can preorder today?).

Live Blogging #LlveWorx ’18, Day 2

Aiden Quilligan, Accenture Industry X.0, on AI:

  • Mindset and AI: must undo what Hollywood has done on this over years, pose it as human vs. machine.
  • We think it should be human PLUS machine.
  • he’s never seen anything move as fast as AI, especially in robotics
  • now, co-bots that work along side us
  • exoskeletons
  • what do we mean by AI?  Machine learning.  AI is range of technologies that can learn and then act. AI is the “new work colleague” we need to learn to get along with.
  • predictions: will generate #2.9 trillion in biz value and recover 6.2 billion hours of worker productivity in 2021.
  • myths:
    • 1) robots evil, coming for us: nothing inherently anti-human in them.
    • 2) will take our jobs. Element of truth in terms of repetitive, boring work that will be replaced. They will fill in for retiring workers. Some new industries created by them.  Believe there will be net creation of jobs.
    • 3) current approaches will still work.

6 steps to the Monetization of IoT, Terry Hughes:

  • Digital native companies (Uber) vs. digitally transforming companies
  • also companies such as Kodak that didn’t transform at all (vs. Fujifilm, which has transformed).
  • Forbes: 84% of companies have failed with at least one transformation program.  Each time you fail you lose 1/2 billion
  • steps:
    • 1) devices with potential
    • 2) cloud network communication
    • 3) software distribution
    • 4) partner and provider ecosystem
    • 5) create a marketplace.
    • 6) monetization of assets.
  • crazy example of software company that still ships packages rather than just download because of initial cost in new delivery system
  • 3 big software challenges for digitally transforming company
    • fragmented silos of software by product, business unit & software
    • messy and complex distribution channels
    • often no link between software and the hardware that it relates to
  • importance of an ecosystem
    • Blackberry example of one that didn’t have the ecosystem
  • 3rd parties will innovate and add value around a manufacturer’s core products
  • in IoT it’s a land grab for mindshare of 3rd-party innovators.
  • need strong developer program
  • tools for app development and integration
  • ease of building and publishing apps
  • path to discovery and revenue for developer
  • IDC: developer ecosystem allow enterprises to massively scale distribution
  • digitally native companies have totally different models (will get details later…)
  • hybrids:
    • GE Healthcare:  working with Gallus BioPharma
    • Heidelberg & Eig have digital biz model for folding carton printing. Pay per use
  • Ford is heading for mobility as a transformation

 


Bernard Marr: Why IoT, Combined With AI and Big Data, Fuels 4th Industrial Revolution

 

  • connecting everything in house to Internet
  • Spotify: their vision is they understand us better. Can correlate your activity on Apple Watch (such as spinning) & create a play list based on that)
  • FitBit: the photo will estimate your calorie content.
  • John Deere
  • ShotSpotter: the company that monitors gun shots
  • understanding customers & markets better than before:
    • Facebook: better at face recognition than we are. They can predict your IQ, your relationship status.
  • Lot of frightening, IMHO, examples of AI analyzing individuals and responding without consideration of ethics and privacy
  • 3) improving operations and efficiency:
    • self-driving boats
    • drones
    • medicine through Watson

panel on IoT:

  • Don’t be afraid of the cloud
  • Ryan Cahalane, Colfax: prepare for big, start small and move fast. They had remarkable growth with switch to IoT.  Not a digital strategy, but digital in everything they do. Have “connected welders,” for example.
  • Justin Hester, Hirotec: most importatnt strategic digital transformation decision your organization can make is the selection of a platform. The platform is the underlying digital thread that enables your team to meet  the unique and chanding needs of your organization and to scale those solutions rapidly. “Assisted reality” in ThingWorx
  • Shane O’Callahan, TSM (Ireland):  Make industrial automation equipment for manufacturing. Understanding your key value driver is where to start. Then start samll, scale fast and get a win!

Jeffrey Miller, PTC: Digital Transformation:

  • if you start with digital strategy you’re starting in wrong place Start with business strategy. 
  • Couple with innovation vision merged with digital strategy. Add business use cases.
  • Jobs: it’s not how much you spend on R & D, but “about the people you have, you you’re dled, and how much you get it”
  • create an environment for innovation
    • do we encourage experimentation?
    • is it ok to fail
  • identify digital technologies to provide the required operating capabilities:
    • have we conducted proofs of concept?
    • experimented, tested  and validated?
    • reviewed use cases & success studies?
    • delivered small, important, scalable successes?

Matt,  PTC: Bringing Business Value to AR:

  • augmented service guidance
  • remote expert guidance
  • manufacturing: machine setup and turnover, assembly and process
  • example of Bell & Howell towers to store online sales in WalMart stores for customer pickup: very expensive to send one to a store for salesperson to use in sales — now just use AR app to give realistic demo without expense.
  • service: poor documentation organization, wants accurate, relevant, onsite info for technician. Want to remove return visits because the repair wasn’t done 1st time, or there’s a new technician. Manuals in binders, etc. Instead, with AR, requirements are quick access to current info. Finally, a demo.

Suchitra Bose, Accenture: Manufacturing IIoT, Driving the Speed of Digital Manufacturing:

  • convergence of IT and OT
  • expanding digital footprint across your entire factory
  • PTC has wide range of case studies (“use cases” in biz speak…) on aspects of IoT & manufacturing.

I have seen the future, and it’s written in Chalk (PTC’s Vuforia Chalk, that is!)

I just had to take time out from my live blogging of PTC’s LiveWorx ’18 to focus on one of the topics Jim Heppelmann mentioned in passing in his keynote: the new variation on the company’s Vuforia AR app: Chalk.

Significant in its own right, I suspect Chalk will have an additional, critical impact: democratizing AR.

It is an app aimed at, and accessible to, both corporate audiences AND the general public.  Downloadable for both iPhone & iPads & Android devices, I suspect that it will quickly become popular both to support remote repair staff for companies and just plain folks who are trying, for example to help a family member far away to deal with a car or plumbing repair. Not to mention the fact (mandatory disclaimer: while I work part-time for Apple, I’m not privy to any corporate internal strategy) that the spiffy new $329 6th-generation iPad really facilitates AR, and Chalk was developed in conjunction with the Apple ARKit technology so it should really become popular.

Chalk has two components:

  • real-time video and voice sharing of the same view
  • Chalk Marks, simple handswipes that allow one of the participants to highlight the part that is the subject of the question.  The “Marks” appear to be anchored to the subjects they’re “drawn” on.

Real-world uses vary from a remote super-expert helping a field technician to identify and deal with a rare problem to your millennial helping Mom master her personal technology. I saw an amazing demo this morning with one mechanic in Germany (ok, he was actually 2′ away…) directing the mechanic working on a Mercedes how to add coolant.  As the press release announcing the app said:

“Today, remote assistance can be frustrating and cumbersome. People struggle for words to describe things that are unfamiliar, whether it be a new appliance or the back of a cable box. And when the problem can’t be described clearly, it becomes almost impossible for someone else to solve. Vuforia Chalk provides a simple and intuitive solution where people can now use Chalk Marks to get a common understanding of a problem, and the steps required to solve it.”

I’ve written before that I suspected many companies got into e-commerce in the 9o’s because a CEO’s kids got him to order a book from Amazon during the holidays & he came back raving about this new device.  I can’t help thinking that this will be just the kind of low-cost (heck, in this case, no-cost) introduction to AR And the IoT that will break down some companies’ skepticism, pay off with immediate bottom line benefits in cost savings and efficiency in service operations, and get them interested in most expensive AR such as PTC’s digital twins and predictive maintenance.  Or, as ABI analyst Eric Abbruzzes said:

“Mainstream augmented reality is at the beginning of a strong positive inflection point, and Vuforia Chalk is a great example of how AR can transition from enterprise-only to use in everyday life,” said Eric Abbruzzese, ABI Research. “We see Vuforia Chalk as a fundamentally disruptive form of remote communication that will be well received across multiple sectors and for multiple use cases.”

Now to get my granddaughter to download the app so we can collaborate on the 3D-printer that I got her for her 12th- birthday!

Wahoo! Liveblogging #Liveworx ’18!

Always my fav event, I’ll be liveblogging #LiveWorx ’18.  Stay tuned!

Keynote: Jim Heppelmann:

  • “from a place to a pace” — how fast are we moving?
  • no longer OK to think of a future destination, builds inertia (“your main competitor”). Disruption may have already happened. Hard to sustain advantage due to pace of change. Must “embrace a pace of change”
  • Um, this sounds like argument for my circular company paradigm shift!!!
  • Customer Experience Center will occupy top floor of new building.
  • combo of  physical, human and digital — transforming all at once speeds change:
    • physical: been constrained by subtractive manufacturing, while nature improves via cell division (i.e., additive). “Adopt Mother Nature’s mindset.” — new additive aspects of Creo. Example of Triumph cycle sing-arm using additive. CREO uses AI to optimize performance: non-symmetrical design. Still need to use simulation tests: new intermittent, continuous style: they are doing new partnership with ANSYS (product simulation software), unified modeling and simulation with no gaps. Historically, simulation only used at end of design cycle, now can use it throughout the process: “pervasive simulation.”
      • ANSYS “Discovery Live”: optimizes for real-time. Integrates with Creo — instant feedback on new designs. “simulation critical to innovation.”
    • digital: working with Microsoft Azure (Rodney Clark, Microsoft IoT VP). Microsoft investing $5b in IoT.  1st collaboration is an industrial welder: IoT data optimizes productivity.  BAE can train new employees 30-40% quicker.
    • finally, human: “Mother Nature designed ups to interface with the physical. How do we integrate with the digital? — Siri, Alexa, Cortna still too slow.  Sight is our best bet. “Need direct pipeline to reality ” — that’s AR. “Smart, connected humans.” Sysmex: for medical lab analysis. Hospitals need real-time access to blood cell analysis. They have real-time calibration of analysis equipment. Also improving knowledge of the support techs, using AR and digital twins when repairs are needed.
      • Will help 2.5 billion workers become more productive
      • AR can project how a process is being programmed (gotta see this one. will try to get video).
      • All of their human/digital interface initiatives united under Vuforia. Already have 10,000 enterprises using it.
    • Factories are a new focus of PTC. 200 companies now using it in 800 factories. Examples from Woodward & Colfax.  Big savings on new employee training.

Keynote: Prof. Linda Hill, HBS, “Collective Genius”:

  • Innovation= novel + useful
  • Example of Pixar: collective genius “filmmaking is a team sport.”
  • 3 characteristics of creative organizations they looked at:
    • “creative abrasion” — diversity and debate
    • “creative agility” — quickly test the idea & get feedback. Experiment rather than run pilots, which often include politics
    • “creative resolution” — ability to make integrative decisions. Don’t necessarily defer to the experts.
    • sense of community and shared purpose.
  • values: bold ambition, collaboration, responsibility, learning.
  • rules of engagement: respect, trust, influence, see the whole, question everything, be data-driven.

Ray Miciek, Aquitas Solutions. Getting Started on IoT-based Maintenance:

  • his company specializes in asset maintenance.
  • “produce products with assets that never fail”
  • 82% of all asset failures are random, because they are more IT-related now
  • find someplace in org. where you could gain info to avoid failure.
  • Can start small, then quickly expand.

 

“All of Us:” THE model for IoT privacy and security!

pardon me in advance:this will be long, but I think the topic merits it!

One of my fav bits of strategic folk wisdom (in fact, a consistent theme in my Data Dynamite book on the open data paradigm shift) is, when you face a new problem, to think of another organization that might have one similar to yours, but which suffers from it to the nth degree (in some cases, even a matter of literal life-or-death!).

That’s on the likelihood that the severity of their situation would have led these organizations to already explore radical and innovative solutions that might guide your and shorten the process. In the case of the IoT, that would include jet turbine manufacturers and off-shore oil rigs, for example.

I raise that point because of the ever-present problem of IoT privacy and security. I’ve consistently criticized many companies’ lack of attention to seriousness and ingenuity, and warned that this could result not only in disaster for these companies, but also the industry in general due to guilt-by-association.

This is even more of an issue since the May roll-out of the EU’s General Data Protection Regulation (GDPR), based on the presumption of an individual right to privacy.

Now, I have exciting confirmation — from the actions of an organization with just such a high-stakes privacy and security challenge — that it is possible to design an imaginative and effective process alerting the public to the high stakes and providing a thorough process to both reassure them and enroll them in the process.

Informed consent at its best!

It’s the NIH-funded All of Us, a bold effort to recruit 1 million or more people of every age, sex, race, home state, and state of health nationwide to speed medical research, especially toward the goal of “personalized medicine.” The researchers hope that, “By taking into account individual differences in lifestyle, environment, and biology, researchers will uncover paths toward delivering precision medicine.”

All of Us should be of great interest to IoT practitioners, starting with the fact that it might just save our own lives by leading to creation of new medicines (hope you’ll join me in signing up!). In addition, it parallels the IoT in allowing unprecedented degrees of precision in individuals’ care, just as the IoT does with manufacturing, operating data, etc.:

“Precision medicine is an approach to disease treatment and prevention that seeks to maximize effectiveness by taking into account individual variability in genes, environment, and lifestyle. Precision medicine seeks to redefine our understanding of disease onset and progression, treatment response, and health outcomes through the more precise measurement of molecular, environmental, and behavioral factors that contribute to health and disease. This understanding will lead to more accurate diagnoses, more rational disease prevention strategies, better treatment selection, and the development of novel therapies. Coincident with advancing the science of medicine is a changing culture of medical practice and medical research that engages individuals as active partners – not just as patients or research subjects. We believe the combination of a highly engaged population and rich biological, health, behavioral, and environmental data will usher in a new and more effective era of American healthcare.” (my emphasis added)


But what really struck me about All of Us’s relevance to IoT is the absolutely critical need to do everything possible to assure the confidentiality of participants’ data, starting with HIPP protections and extending to the fact that it would absolutely destroy public confidence in the program if the data were to be stolen or otherwise compromised.  As Katie Rush, who heads the project’s communications team told me, “We felt it was important for people to have a solid understanding of what participation in the program entails—so that through the consent process, they were fully informed.”

What the All of Us staff designed was, in my estimation (and I’ve been in or around medical communication for forty years), the gold standard for such processes, and a great model for effective IoT informed consent:

  • you can’t ignore it and still participate in the program: you must sign the consent form.
  • you also can’t short-circuit the process: it said at the beginning the process would take 18-30 minutes (to which I said yeah, sure — I was just going to sign the form and get going), and it really did, because you had to do each step or you couldn’t join — the site was designed so no shortcuts were allowed!:
    • first, there’s an easy-to-follow, attractive short animation about that section of the program
    • then you have to answer some basic questions to demonstrate that you understand the implications.
    • then you have to give your consent to that portion of the program
    • the same process is repeated for each component of the program.
  • all of the steps, and all of the key provisions, are explained in clear, simple English, not legalese. To wit:
    • “Personal information, like your name, address, and other things that easily identify participants will be removed from all data.
    • Samples—also without any names on them—are stored in a secure biobank”
    • “We require All of Us Research Program partner organizations to show that they can meet strict data security standards before they may collect, transfer, or store information from participants.
    • We encrypt all participant data. We also remove obvious identifiers from data used for research. This means names, addresses, and other identifying information is separate from the health information.
    • We require researchers seeking access to All of Us Research Program data to first register with the program, take our ethics training, and agree to a code of conduct for responsible data use.
    • We make data available on a secure platform—the All of Us research portal—and track the activity of all researchers who use it.
    • We enlist independent reviewers to check our plans and test our systems on an ongoing basis to make sure we have effective security controls in place, responsive to emerging threats.”

The site emphasizes that everything possible will be done to protect your privacy and anonymity, but it is also frank that there is no way of removing all risk, and your final consent requires acknowledging that you understand those limits:

“We are working with top privacy experts and using highly-advanced security tools to keep your data safe. We have several  steps in place to protect your data. First, the data we collet from you will be stored on=oyters with extra security portection. A special team will have clearance to process and track your data. We will limit who is allowed to see information that could directly identy you, like your name or social security number. In the unlikely event of a data breach, we will notify you. You are our partner, and your privacy will always be our top priority.”

The process is thorough, easy to understand, and assures that those who actually sign up know exactly what’s expected from them, what will be done to protect them, and that they may still have some risk.

Why can’t we expect that all IoT product manufacturers will give us a streamlined version of the same process? 


I will be developing consulting services to advise companies that want to develop common-sense, effective, easy-to-implement IoT privacy and security measures. Write me if you’d like to know more.

Why IoT Engineers Need Compulsory Sensitivity Training on Privacy & Security

Posted on 4th April 2018 in AI, data, Essential Truths, Internet of Things, privacy, security

OK, you may say I’m over-sensitive, but a headline today from Google’s blog that others may chuckle about (“Noodle on this: Machine learning that can identify ramen by shop“) left me profoundly worried about some engineers’ tone-deaf insensitivity to growing public concern about privacy and security.

This is not going to be pleasant for many readers, but bear with me — IMHO, it’s important to the IoT’s survival.

As I’ve written before, I learned during my work on corporate crisis management in the 80’s and 90’s that there’s an all-too-frequent gulf between the public and engineers on fear.  Engineers, as left-brained and logical as they come (or, in Myers-Briggs lingo, ISTJs, “logical, detached and detailed” and the polar opposite of ENFP’s such as me, ” caring, creative, quick and impulsive” ) are ideally-suited for the precision needs of their profession — but often (but not always, I’ll admit…) clueless about how the rest of us respond to things such as the Russian disruption of our sacred political institutions via Facebook or any of the numerous violations of personal privacy and security that have taken place with IoT devices lacking in basic protections.

The situation is bad, and getting worse. In one Pew poll, 16% or less of Americans felt that a wide range of institutions, from companies to government, were protecting their information.

Engineers are quick to dismiss the resulting fear because it isn’t logical.  But, as I’ve written before, the fact fear isn’t logical doesn’t mean it isn’t really real for many people, and can cloud their thought processes and decision-making.

Even worse, it’s cumulative and can ensnare good companies as well as bad.  After a while, all the privacy and security violations get conflated in their minds.

Exhibit A for this insensitivity? The despicable memo from Facebook VP Andrew Bosworth:

““Maybe someone dies in a terrorist attack coordinated on our tools. And still we connect people. The ugly truth is that we believe in connecting people so deeply that anything that allows us to connect more people more often is *de facto* good.”

Eventually he, begrudgingly, apologized, as did Mark Zuckerberg, but, IMHO that was just facesaving. Why didn’t anyone at Facebook demand a retraction immediately, and why did some at Facebook get mad not at Bosworth but instead at anyone who’d leak such information?  They and the corporate culture are as guilty as Bosworth in my mind.

So why do I bring up the story about identifying the source of your ramen using AI, which was surely written totally innocently by a Google engineer who thought it would be a cute example of how AI can be applied to a wide range of subjects? It’s because I read it — with my antennae admittedly sharpened by all the recent abuses — as something that might have been funny several years ago but should have gone unpublished now in light of all the fears about privacy and security. Think of this little fun project the way a lot of the people I try to counsel on technology fears every day would have: you mean they now can and will find out where I get my noodles? What the hell else do they know about me, and who will they give that information to???

Again, I’m quite willing to admit I may be over-reacting because of my own horror about the nonchalance on privacy and security, but I don’t think so.

That’s why I’ll conclude this screed with a call for all IoT engineers to undergo mandatory privacy and security training on a continuing basis. The risk of losing consumer confidence in their products and services is simply too great for them to get off the hook because that’s not their job. If you do IoT, privacy and security is part of the job description.

End of sermon. Go about your business.

 

 

Great Podcast Discussion of #IoT Strategy With Old Friend Jason Daniels

Right after I submitted my final manuscript for The Future is Smart I had a chance to spend an hour with old friend Jason Daniels (we collaborated on a series of “21st Century Homeland Security Tips You Won’t Hear From Officials” videos back when I was a homeland security theorist) on his “Studio @ 50 Oliver” podcast.

We covered just about every topic I hit in the book, with a heavy emphasis on the attitude shifts (“IoT Essential Truths” needed to really capitalize on the IoT and the bleeding-edge concept I introduce at the end of the book, the “Circular Corporation,” with departments and individuals (even including your supply chain, distribution network and customers, if you choose) in a continuous, circular management style revolving around a shared real-time IoT hub.  Hope you’ll enjoy it!

IoT Design Manifesto 1.0: great starting point for your IoT strategy & products!

Late in the process of writing my forthcoming IoT strategy book, The Future Is Smart, I happened on the “IoT Design Manifesto 1.0” site. I wish I’d found it earlier so I could have featured it more prominently in the book.

The reason is that the manifesto is the product (bear in mind that the original team of participants designed it to be dynamic and iterative, so it will doubtlessly change over time) of a collaborative process involving both product designers and IoT thought leaders such as the great Rob van Kranenburg. As I’ve written ad nauseam, I think of the IoT as inherently collaborative, since sharing data rather than hoarding it can lead to synergistic benefits, and collaborative approaches such as smart cities get their strength from an evolving mishmash of individual actions that gets progressively more valuable.

From the names, I suspect most of the Manifesto’s authors are European. That’s important, since Europeans seem to be more concerned, on the whole, about IoT privacy and security than their American counterparts, witness the EU-driven “privacy by design” concept, which makes privacy a priority from the beginning of the design process.

At any rate, I was impressed that the manifesto combines both philosophical and economic priorities, and does so in a way that should maximize the benefits and minimize the problems.

I’m going to take the liberty of including the entire manifesto, with my side comments:

  1. WE DON’T BELIEVE THE HYPE. We pledge to be skeptical of the cult of the new — just slapping the Internet onto a product isn’t the answer, Monetizing only through connectivity rarely guarantees sustainable commercial success.
    (Comment: this is like my “just because you can do it doesn’t mean you should” warning: if making a product “smart” doesn’t add real value, why do it?)*
  2. WE DESIGN USEFUL THINGS. Value comes from products that are purposeful. Our commitment is to design products that have a meaningful impact on people’s lives; IoT technologies are merely tools to enable that.
    (Comment: see number 1!)
  3. “WE AIM FOR THE WIN-WIN-WIN. A complex web of stakeholders is forming around IoT products: from users, to businesses, and everyone in between. We design so that there is a win for everybody in this elaborate exchange.
    (Comment:This is a big one in my mind, and relates to my IoT Essential Truth #2 — share data, don’t hoard it — when you share IoT data, even with competitors in some cases [think of IFTTT “recipes”] — you can create services that benefit customers, companies, and even the greater good, such as reducing global warming).
  4. WE KEEP EVERYONE AND EVERYTHING SECURE. With connectivity comes the potential for external security threats executed through the product itself, which comes with serious consequences. We are committed to protecting our users from these dangers, whatever they may be.
    (Comment: Amen! as I’ve written ad nauseum, protecting privacy and security must be THE highest IoT priority — see next post below!).
  5. WE BUILD AND PROMOTE A CULTURE OF PRIVACY. Equally severe threats can also come from within. Trust is violated when personal  information gathered by the product is handled carelessly. We build and promote a culture of integrity where the norm is to handle data with care.
    (Comment:See 4!).
  6. WE ARE DELIBERATE ABOUT WHAT DATA WE COLLECT. This is not the business of hoarding data; we only collect data that serves the utility of the product and service. Therefore, identifying what those data points are must be conscientious and deliberate.
    (Comment: this is a delicate issue, because you may find data that wasn’t originally valuable becomes so as new correlations and links are established. However, just collecting data willy-nilly and depositing it in an unstructured “data lake” for possible use later is asking for trouble if your security is breeched.).
  7. WE MAKE THE PARTIES ASSOCIATED WITH AN IOT PRODUCT EXPLICIT. IoT products are uniquely connected, making the flow of information among stakeholders open and fluid. This results in a complex, ambiguous, and invisible network. Our responsibility is to make the dynamics among those parties more visible and understandable to everyone.
    (Comment: see what I wrote in the last post, where I recommended companies spell out their privacy and usage policies in plain language and completely).
  8. WE EMPOWER USERS TO BE THE MASTERS OF THEIR OWN DOMAIN. Users often do not have control over their role within the network of stakeholders surrounding an IoT product. We believe that users should be empowered to set the boundaries of how their data is accessed and how they are engaged with via the product.
    (Comment: consistent with prior points, make sure that any permissions are explicit and  opt-in rather than opt-out to protect users — and yourself (rather avoid lawsuits? Thought so…)
  9. WE DESIGN THINGS FOR THEIR LIFETIME. Currently physical products and digital services tend to be built to have different lifespans. In an IoT product features are codependent, so lifespans need to be aligned. We design products and their services to be bound as a single, durable entity.
    (Comment: consistent with the emerging circular economy concept, this can be a win-win-win for you, your customer and the environment. Products that don’t become obsolete quickly but can be upgraded either by hardware or software will delight customers and build their loyalty [remember that if you continue to meet their needs and desires, there’s less incentive for customers to check out competitors and possibly be wooed away!). Products that you enhance over time and particularly those you market as services instead of sell will also stay out of landfills and reduce your pduction costs.
  10. IN THE END, WE ARE HUMAN BEINGS. Design is an impactful act. With our work, we have the power to affect relationships between people and technology, as well as among people.  We don’t use this influence to only make profits or create robot overlords; instead, it is our responsibility to use design to help people, communities, and societies  thrive.
    Comment: yea designers!!)

I’ve personally signed onto the Manifesto, and do hope to contribute in the future (would like something explicit about the environment in it, but who knows) and urge you to do the same. More important, why start from scratch to come up with your own product design guidelines, when you can capitalize on the hard work that’s gone into the Manifesto as a starting point and modify it for your own unique needs?


*BTW: I was contemptuous of the first IoT electric toothbrush I wrote about, but since talked to a leader in the field who convinced me that it could actually revolutionize the practice of dentistry for the better by providing objective proof that  patient had brushed frequently and correctly. My bad!

“The House That Spied on Me”: Finally Objective Info on IoT Privacy (or Lack Thereof)

Posted on 25th February 2018 in data, Essential Truths, Internet of Things, privacy, security, smart home

Pardon a political analogy, Just as the recent indictment of 13 Russians in the horrific bot campaign to undermine our democracy (you may surmise my position on this! The WIRED article about it is a must read!) finally provided objective information on the plot, so too Kasmir Hill’s and Surya Matu’s excruciatingly detailed “The House That Spied on Me”  finally provides objective information on the critical question of how much personal data IoT device manufacturers are actually compiling from our smart home devices.

This is critical, because we’ve previously had to rely on anecdotal evidence such as the Houston baby-cam scandal, and that’s not adequate for sound government policy making and/or advice to other companies on how to handle the privacy/security issue.

Last year, Hill (who wrote one of the first articles on the danger when she was at Forbes) added just about every smart home you can imagine to her apartment (I won’t repeat the list: I blush easily…) . Then her colleague, Matu, monitored the outflow of the devices using a special router he created to which she connected all the devices:

“… I am basically Kashmir’s sentient home. Kashmir wanted to know what it would be like to live in a smart home and I wanted to find out what the digital emissions from that home would reveal about her. Cybersecurity wasn’t my focus. … Privacy was. What could I tell about the patterns of her and her family’s life by passively gathering the data trails from her belongings? How often were the devices talking? Could I tell what the people inside were doing on an hourly basis based on what I saw?”

The answer was: a lot (I couldn’t paste the chart recording the numbers here, so check the article for the full report)!

As Matu pointed out, with the device he had access to precisely the data about Hill’s apartment that Comcast could collect and sell because of a 2017 law allowing ISPs to sell customers’ internet usage data without their consent — including the smart device data.  The various devices sent data constantly — sometimes even when they weren’t being used! In fact, there hasn’t been a single hour since the router was installed in December when at least some devices haven’t sent data — even if no one was at home!

BTW: Hill, despite her expertise and manufacturers’ claims of ease-of-setup, found configuring all of the devices, and especially making them work together, was a nightmare. Among other tidbits about how difficult it was: she had to download 14 different apps!  The system also directly violated her privacy, uploading a video of her walking around the apartment nude that was recorded by the Withings Home Wi-Fi Security (ahem…) Camera with Air Quality Sensors. Fortunately the offending video was encrypted. Small comfort.

Hill came to realize how convoluted privacy and security can become with a smart home:

“The whole episode reinforced something that was already bothering me: Getting a smart home means that everyone who lives or comes inside it is part of your personal panopticon, something which may not be obvious to them because they don’t expect everyday objects to have spying abilities. One of the gadgets—the Eight Sleep Tracker—seemed aware of this, and as a privacy-protective gesture, required the email address of the person I sleep with to request his permission to show me sleep reports from his side of the bed. But it’s weird to tell a gadget who you are having sex with as a way to protect privacy, especially when that gadget is monitoring the noise levels in your bedroom.”

Matu reminds us that, even though most of the data was encrypted, even the most basic digital exhaust can give trained experts valuable clues that may build digital profiles of us, whether to attract us to ads or for more nefarious purposes:

“It turns out that how we interact with our computers and smartphones is very valuable information, both to intelligence agencies and the advertising industry. What websites do I visit? How long do I actually spend reading an article? How long do I spend on Instagram? What do I use maps for? The data packets that help answer these questions are the basic unit of the data economy, and many more of them will be sent by people living in a smart home.”

Given the concerns about whether Amazon, Google, and Apple are constantly monitoring you through your smart speaker (remember when an Echo was subpoenaed  in a murder case?), Matu reported that:

“… the Echo and Echo Dot … were in constant communication with Amazon’s servers, sending a request every couple of minutes to http://spectrum.s3.amazonaws.com/kindle-wifi/wifistub-echo.html. Even without the “Alexa” wake word, and even when the microphone is turned off, the Echo is frequently checking in with Amazon, confirming it is online and looking for updates. Amazon did not respond to an inquiry about why the Echo talks to Amazon’s servers so much more frequently than other connected devices.”

Even the seemingly most insignificant data can be important:

“I was able to pick up a bunch of insights into the Hill household—what time they wake up, when they turn their lights on and off, when their child wakes up and falls asleep—but the weirdest one for me personally was knowing when Kashmir brushes her teeth. Her Philips Sonicare Connected toothbrush notifies the app when it’s being used, sending a distinctive digital fingerprint to the router. While not necessarily the most sensitive information, it made me imagine the next iteration of insurance incentives: Use a smart toothbrush and get dental insurance at a discount!”

Lest you laugh at that, a dean at the BU Dental School told me much the same thing: that the digital evidence from a Colgate smart brush, in this case, could actually revolutionize dentistry, not only letting your dentist how well, or not, you brushed, but perhaps lowering your dental insurance premium or affecting the amount your dentist was reimbursed. Who woulda thunk it?

Summing up (there’s a lot of additional important info in the story, especially about the perfidious Visio Smart TV, that had such a company-weighted privacy policy that the FTC actually forced it to turn it off the “feature” and pay reparations, so do read the whole article), Hill concluded:

“I thought the house would take care of me but instead everything in it now had the power to ask me to do things. Ultimately, I’m not going to warn you against making everything in your home smart because of the privacy risks, although there are quite a few. I’m going to warn you against a smart home because living in it is annoying as hell.”

In addition to making privacy and security a priority, there is another simple and essential step smart home (and Quantified Self) device companies must take.

When you open the box for the first time, the first thing you should see must be a prominently displayed privacy and security policy, written in plain (and I mean really plain) English, and printed in large, bold type. It should make it clear that any data sharing is opt-in, and that you have the right to not agree, and emphasize the need for detailed, unique passwords (no,1-2-3-4 or the ever-popular “password” are not enough.

Just to make certain the point is made, it needs to be at the very beginning of the set-up app as well. Yes, you should also include the detailed legalese in agate type, but the critical points must be made in the basic statement, which needs to be reviewed not just by the lawyers, but also a panel of laypeople, who must also carry out the steps to make sure they’re really easily understood and acted on. This is not just a suggestion. You absolutely must do it or you risk major penalties and public fury. 


Clearly, this article gives us the first objective evidence that there’s a lot more to do to assure privacy and security for smart homes (and that there’s also a heck of a lot of room for improvement on how the devices play together!), reaffirming my judgement that the first IoT Essential Truth remains “make privacy and security your highest priority.” If this doesn’t get the focus it deserves, we may lose all the benefits of the IoT because of legitimate public and corporate concern that their secrets are at risk. N.B.!

http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management