Network Security Vulnerabilities Rising at an Alarming Rate Says Nozomi Report

Chris Grove, security strategist for industrial control systems (ICS) for Nozomi Networks Labs, recently talked with me about the latest research they’ve conducted. The important takeaways concern the rise of ransomware, increased targeting of industrial control systems, and (surprisingly to  me) vulnerability of networked security cameras.

The report finds attacks are driven largely by the emergence of  Ransomware as a Service (RaaS) gangs that are cashing in on critical infrastructure organizations. Analysis of rising ICS vulnerabilities found critical manufacturing vulnerabilities was the most susceptible industry while a deep dive into IoT security cameras highlights how quickly the attack surface is expanding.

“Colonial Pipeline, JBS and the latest Kaseya software supply chain attack are painful lessons that the threat of ransom attacks is real,” said Nozomi Networks Co-founder and CTO Moreno Carullo. “Security professional must be armed with network security and visibility solutions that incorporate real time threat intelligence and make it possible to quickly respond with actionable recommendations and plans. Understanding how these criminal organizations work and anticipating future vulnerabilities is critical as they defend against this unfortunate new normal.”

Nozomi Networks’ latest “OT/IoT Security Report,” gives cybersecurity professionals an overview of the OT and IoT threats analyzed by Nozomi Networks Labs security research team. The report found: 

  • Ransomware attacks rose 116% between January and May of 2021.
  • Average ransom grew 43% to $220,298 – with payments expected to reach $20 billion this year
  • Analysis of DarkSide, REvil and Ryuk highlight the growing dominance of RaaS models
  • REvil set a new record for ransom demands, surpassing $50 million – the infamous RaaS also successfully executed a supply chain attack – tactics typically only seen from sophisticated nation-state actors.
  • ICS-CERT vulnerabilities increased 44% in the first half of 2021 
  • Vulnerabilities in the critical manufacturing sector rose 148%
  • The top 3 industries affected included critical manufacturing, a grouping identified as multiple industries, and the energy sector
  • Software supply chain-related vulnerabilities continue to surface – as do medical device vulnerabilities 
  • With more than a billion CCTV cameras expected to be in production globally this year, insecure IoT security cameras are a growing concern. The report includes an analysis of the Verkada breach and security vulnerabilities in Reolink cameras and ThroughTek software – discovered by Nozomi Networks Labs.

“As industrial organizations embrace digital transformation those with a wait and see mindset are learning the hard way that they weren’t prepared for an attack,” said Nozomi Networks CEO Edgard Capdevielle. “Threats may be on the rise, but technologies and practices to defeat them are available now. We encourage organizations to adopt a post-breach mindset pre-breach and strengthen their security and operational resiliency before it’s too late.”

Google Cloud Visual Inspection AI For Manufacturing Quality Control

What these cloud companies are doing with their platforms is becoming amazing. This news is from Google—a little later than first Amazon Web Services and then Microsoft Azure. It is quickly adding some interesting capabilities. Once again, we’re seeing artificial intelligence (AI) built into so many applications that we should cease to have surprise and awe. It’s a tool—and a powerful one if used appropriately. Check out this vision inspection solution.

Google Cloud today launched Visual Inspection AI, a new purpose-built solution to help manufacturers, consumer packaged goods companies, and other businesses worldwide reduce defects and deliver significant operational savings from the manufacturing and inspection process. 

Today, defects in products such as computer chips, cars, machinery, and other products cost manufacturers billions of dollars annually. In fact, quality-related costs can consume 15% to 20% of sales revenue[1]. In addition, high production volumes outpace the ability of humans to manually inspect each part. 

Google Cloud has traditionally supported manufacturing quality control through its general purpose AI product, AutoML. Today, it is taking the next step by offering a purpose-built solution for manufacturers. Using Google Cloud’s leading computer vision technology, Visual Inspection AI automates the quality control process, enabling manufacturers to quickly and accurately detect defects before products are shipped. By identifying defects early in the process, customers can improve production throughput, increase yields, reduce rework, and reduce return and repair costs. Visual Inspection AI operates across a wide range of industries and use cases, potentially saving manufacturers millions of dollars at each facility

Based on pilots run by Google Cloud customers, Visual Inspection AI can build accurate models with up to 300 times fewer human-labelled images than general-purpose ML platforms. This allows the solution to be deployed quickly and easily in any manufacturing setting. In addition, Visual Inspection AI customers improved accuracy in production trials by up to 10X compared with general-purpose ML approaches. And, unlike competing solutions that use simple anomaly detection, Visual Inspection AI’s deep learning allows customers to train models that detect, classify, and precisely locate multiple defect types in a single image. 

“AI has proven to be particularly beneficial in helping to automate the visual quality control process for manufacturers—a particular pain point felt by the industry. We’ve been delighted by the strong interest in Visual Inspection AI, and we look forward to supporting more organizations as they continue to find innovative new ways to deploy AI at scale,” said Dominik Wee, Managing Director Manufacturing and Industrial at Google Cloud. 

“We’ve been listening to the specific needs of the industry and have brought the best of Google AI technologies to help address those needs. The outcome is an AI solution that, built upon years of computer vision expertise, is purpose-built to solve quality control problems for nearly any type of discrete manufacturing process,” said Mandeep Waraich, Head of Product for Industrial AI at Google Cloud.

Building and training machine learning models typically requires deep AI expertise, as well as extensive databases containing thousands of labelled images. Such systems usually run in an on-premise data center or in the cloud, making them difficult to deploy at scale across the factory floor. With Google Cloud Visual Inspection AI:

  • No special expertise is required. Quality, test, and manufacturing engineers can use the solution without any computer vision or AI subject-matter expertise. An intuitive user interface guides employees through all of the necessary steps. 
  • Engineers can get started quickly and build more accurate models. Machine learning models can be trained using as few as 10 labelled images (vs. thousands) and will automatically increase in accuracy over time as they are exposed to more products.
  • Full edge-to-cloud capability: Inspection models can be downloaded to machines on the factory floor and run autonomously at the edge, whether it be for data governance reasons or to improve latency. At the same time, Visual Inspection AI is fully integrated in Google Cloud’s portfolio of analytics and ML/AI solutions. This enables manufacturers to combine insights from Visual Inspection AI with other data sources on the shop floor and beyond, for instance to identify root causes of quality problems or to cross-reference with supplier and customer data.
  • Problems are resolved faster. Not only does the solution flag a defective component, but also Visual Inspection AI can locate and identify the specific defect within each part, which reduces the time spent by engineers to diagnose problems, rework parts, and implement process improvements. 

“Google Cloud’s approach to visual inspection is the roadmap most manufacturing companies are looking for. Manufacturers want flexibility, scale, inherent edge-to-cloud capabilities, access to both real-time and historical data, and ease of use and maintainability”, said Kevin Prouty, Group Vice President at IDC. “Google is one of those companies that has the potential to bring together IT, OT and an ecosystem of partners that manufacturers need to deploy AI on the shop floor at scale.”

Wide Range of Use Cases for Visual Inspection AI

Automotive manufacturers: A typical vehicle factory produces around 300,000 vehicles each year, and up to 10% of them may have parts that underwent rework or replacement during the manufacturing process to address some type of production defect [2]. By automatically identifying defects in paint finish, seat fabrication, body welds, and end-of-line testing of mechanical parts, Visual Inspection AI could save automakers more than $50 million annually per plant. 

“Google Cloud’s strength in machine learning and artificial intelligence is accelerating Renault’s Industry 4.0 transformation. We are adopting innovative computer vision solutions like Visual Inspection AI, AutoML and Vertex AI to implement more accurate quality controls with a significantly reduced time to market at a lower cost. We are working now on deploying these new tools in every Renault factory. Renault is ready for future-oriented manufacturing and welcomes the partnership with Google Cloud,” said Dominique Tachet, Digital Project Leader, Renault.

Electronics manufacturing services (EMS): Of the 15 million circuit boards produced each year in a typical EMS factory, as many as 6% may be reworked or scrapped during the assembly process due to internal or external quality failures, such as soldering errors or missing screws [3]. Reducing rework and material waste can save such a facility nearly $23 million each year. 

“It’s been amazing to work with Google Cloud to bring innovative machine learning and computer vision technologies to our quality processes. Engineers from FIH Mobile, a subsidiary of Foxconn, trust Google Cloud and we are achieving considerable product improvements through our collaboration. We cannot wait to roll out the Visual Inspection AI solution further across our extensive PCB manufacturing operations.” said Sabcat Shih, Senior Associate Manager, FIH Mobile.

Semiconductor production: A chip fabrication plant that produces 600,000 wafers per year could see yield losses of up to 3% from cracks and other defects [4]. Implementing Visual Inspection AI can reduce production delays and scrap, saving up to $56 million per fab.

“With the shortage of AI engineers, Visual Inspection AI is an innovative service that can be used by non-AI engineers. We have found that we are able to create highly accurate models with as few as 10-20 defective images with Visual Inspection AI. We will continue to strengthen our partnership with Google to develop solutions that will lead our customers’ digital transformation projects to success.” said Masaharu Akieda, Division Manager, Digital Solution Division, KYOCERA Communication Systems Co., Ltd.

[1] “Cost of Quality,” American Society for Quality (ASQ).

[2] “Internal documents reveal the grueling way Tesla hit its 5,000 Model 3 target,” Business Insider

[3] “Capturing the value of good quality in medical devices,” McKinsey & Company

[4] “Taking the next leap forward in semiconductor yield improvement,” McKinsey & Company

Additional Resources

  • Visual Inspection AI solution webpage
  • Visual Inspection AI launch blog
  • Visual Inspection AI overview video
  • FIH Mobile case study
  • Keep up with the latest Google Cloud news on our newsroom and blog

Google Cloud accelerates organizations’ ability to digitally transform their business with the best infrastructure, platform, industry solutions and expertise. We deliver enterprise-grade cloud solutions that leverage Google’s cutting-edge technology to help companies operate more efficiently and adapt to changing needs, giving customers a foundation for the future. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to solve their most critical business problems.

Unstructured Data Management Training and Application

In this year of all things data, I’ve only just discovered a company called Datadobi (news items in March and May). It bills itself as the “global leader in unstructured data management software.” I’ve had an interest in the growth of unstructured data management for several years knowing that a rapid growth in data from manufacturing was coming (and now is here).

I have two news items from the company. Just released today was news about a new training portal. Some news about an application of its technology came my way a week or so ago. That is below.

Training Portal for DatadobiDriven program

Customers Can Now Eliminate Pain and Risk Associated with Complex Data Migrations

Datadobi announced the launch of a new DatadobiDriven Training Portal, intended to provide strategic partners and end customers with tailored technical certification, support, and on-going communication. The new portal is an enhancement to the DatadobiDriven Program, which is focused on adding value for Sales Engineers, Professionals, and Administrators that helps to drive business success.

Over a decade ago, Datadobi raised the bar for data migration solutions with the launch of DobiMigrate, enterprise-class migration software for NAS (network-attached storage) and object data. With DobiMigrate, channel solutions providers and end customers now have a solution that is proven and can be trusted in the most complex and demanding environments to deliver fast, efficient, secure, accurate, and verifiable migration to new storage and/or the cloud.

“With the launch of the DatadobiDriven Training Portal, we continue to set new industry standards. It is now faster and easier than ever for channel partners to be trained and prepared to sell, deploy, and support Datadobi solutions. As a result, our partners are able to increase customer satisfaction, enjoy optimum revenue, and accelerate time to profitability,” said Michael Jack, Chief Revenue Officer and Co-Founder, Datadobi. “Likewise, for end users the portal facilitates direct access to information, training, and solutions for eliminating the pain and risk associated with seemingly straightforward, but more often than not, complex data migrations.”

In related news today, Datadobi announced it has partnered with CLIMB Channel Solutions to provide DatadobiDriven Program benefits to its Climbing Club members. “The Climbing Club is an exclusive group of valued reseller partners that we reward for their efforts in working with Climb and its partners,” said Charles Bass, Vice President of Alliances and Marketing, Climb.  

Sports Gear and Equipment Company Teams with Datadobi

DobiMigrate Meets Complex and Demanding Requirements — Compliantly Migrating Heterogeneous Archive Data 

Datadobi announced Decathlon, a global leader in sports gear and equipment, has deployed its DobiMigrate software to help enable the move of Decathlon’s entire IT operations into the cloud. 

To support the company’s tremendous growth and success, Decathlon made the decision to completely leave its onsite datacenters and migrate to a number of the main cloud providers (Azure, AWS, GCP, Alibaba Cloud, Yandex, and others). One of the final steps would be one of its most critical on its trek towards a successful digital transformation — the migration of all its on-premises unstructured archive data, ranging from product and inventory to customer data.

“We knew a migration of this magnitude could be very complicated, particularly in relation to moving the archive data,” said Tony Devert, IS Engineer, Decathlon. “We considered using CSP’s data movement capabilities but knew this wasn’t their core competency and that their tools were not really qualified to conserve our legal timestamp.” He explained, “We had over six years of archive data to move to the cloud. Every application has its own particularity and would have needed to do its own migration. In other words, the project would have been chopped up into little pieces individually by application. In addition, we had the added complication that the archives included legal data that had associated required retention periods. So, we needed to have extra checks and safety measures in place that would provide proof of the correct migration of the content.”

After careful research and a successful POC, Decathlon chose to deploy DobiMigrate as it found it to be the ideal solution for meeting its complex and demanding requirements. This included maintaining data integrity in addition to providing chain of custody via its hashing of every single file as it is migrated. With DobiMigrate, a file would only be declared successfully migrated if the source and target were an identical match. A report could then be created to show every single hash of every single file, which could be kept for future auditing.

“With DobiMigrate, we were able to dramatically accelerate our migration and complete it well under our timeline objective,” said Devert. “And, with its chain of custody capabilities, we don’t have to check and double check that our data was moved to the destination. With DobiMigrate, if we are audited in two years, five years, or 10 years we can be confident our data is there, and it is correct.”

He continued. “Now that we are in our new cloud environment we can benefit from the speed, agility, and elasticity of on-demand solutions that we can intelligently adapt to our business requirements, thereby positively impacting our bottom-line.”  

With its IT infrastructure now deployed 100% across public clouds, Decathlon’s training, recruitment, and partnership with technology visionaries and experts has become a key strategic priority. Its goal is to continue to leverage the newest and most innovative technologies in areas such as serverless applications, automation, and continuous integration and delivery (CI/CD) such as Terraform, Git, Kubernetes, and the like.

Better Gripping With Intelligent Picking Robots

Festo has consistently presented me with some of the most impressive creativity within pneumatics, robotics, and automation. This is a fascinating use of artificial intelligence (AI) with robot gripping. Only a couple of years ago, I caught myself thinking that nothing could be as boring as robotic end-of-arm-effectors. How wrong could I have been! This is my second post on this technology in a couple of weeks. Check this out.

Production, warehouse, shipping – where goods are produced, stored, sorted or packed, picking also takes place. This means that several individual goods are removed from storage units such as boxes or cartons and reassembled. With the FLAIROP (Federated Learning for Robot Picking) project Festo and researchers from the Karlsruhe Institute of Technology (KIT), together with partners from Canada, want to make picking robots smarter using distributed AI methods. To do this, they are investigating how to use training data from multiple stations, from multiple plants, or even companies without requiring participants to hand over sensitive company data.

“We are investigating how the most versatile training data possible from multiple locations can be used to develop more robust and efficient solutions using artificial intelligence algorithms than with data from just one robot,” says Jonathan Auberle from the Institute of Material Handling and Logistics (IFL) at KIT. In the process, items are further processed by autonomous robots at several picking stations by means of gripping and transferring. At the various stations, the robots are trained with very different articles. At the end, they should be able to grasp articles from other stations that they have not yet learned about. “Through the approach of federated learning, we balance data diversity and data security in an industrial environment,” says the expert. 

Powerful algorithms for industry and logistics 4.0

Until now, federated learning has been used predominantly in the medical sector for image analysis, where the protection of patient data is a particularly high priority. Consequently, there is no exchange of training data such as images or grasp points for training the artificial neural network. Only pieces of stored knowledge – the local weights of the neural network that tell how strongly one neuron is connected to another – are transferred to a central server. There, the weights from all stations are collected and optimized using various criteria. Then the improved version is played back to the local stations and the process repeats. The goal is to develop new, more powerful algorithms for the robust use of artificial intelligence for industry and Logistics 4.0 while complying with data protection guidelines.

“In the FLAIROP research project, we are developing new ways for robots to learn from each other without sharing sensitive data and company secrets. This brings two major benefits: we protect our customers’ data, and we gain speed because the robots can take over many tasks more quickly. In this way, the collaborative robots can, for example, support production workers with repetitive, heavy, and tiring tasks”, explains Jan Seyler, Head of Advanced Develop. Analytics and Control at Festo SE & Co. KG During the project, a total of four autonomous picking stations will be set up for training the robots: Two at the KIT Institute for Material Handling and Logistics (IFL) and two at the Festo SE company based in Esslingen am Neckar.

Start-up DarwinAI and University of Waterloo from Canada are further partners

“DarwinAI is thrilled to provide our Explainable (XAI) platform to the FLAIROP project and pleased to work with such esteemed Canadian and German academic organizations and our industry partner, Festo. We hope that our XAI technology will enable high-value human-in-the-loop processes for this exciting project, which represents an important facet of our offering alongside our novel approach to Federated Learning.  Having our roots in academic research, we are enthusiastic about this collaboration and the industrial benefits of our new approach for a range of manufacturing customers”, says Sheldon Fernandez, CEO, DarwinAI.

“The University of Waterloo is ecstatic to be working with Karlsruhe Institute of Technology and a global industrial automation leader like Festo to bring the next generation of trustworthy artificial intelligence to manufacturing.  By harnessing DarwinAI’s Explainable AI (XAI) and Federated Learning, we can enable AI solutions to help support factory workers in their daily production tasks to maximize efficiency, productivity, and safety”, says Dr. Alexander Wong, Co-director of the Vision and Image Processing Research Group, University of Waterloo, and Chief Scientist at DarwinAI.

The FLAIROP (Federated Learning for Robot Picking) project is a partnership between Canadian and German organizations. The Canadian project partners focus on object recognition through Deep Learning, Explainable AI, and optimization, while the German partners contribute their expertise in robotics, autonomous grasping through Deep Learning, and data security.

  • KIT-IFL: consortium leadership, development grasp determination, development automatic learning data generation.
  • KIT-AIFB: Development of Federated Learning Framework
  • Festo SE & Co. KG: development of picking stations, piloting in real warehouse logistics
  • University of Waterloo (Canada): Development object recognition
  • Darwin AI (Canada): Local and Global Network Optimization, Automated Generation of Network Structures

DH2i Launches DxEnterprise Smart Availability Software for Containers

Containers have become a must have technology for those pursuing some form of Digital Transformation, or whatever you wish to label it. I’ve written little about the subject. Following is a news release concerning a way for cloud-native Microsoft SQL Server.

DH2i, a provider of multi-platform Software Defined Perimeter (SDP) and Smart Availability software, announced June 22 the general availability (GA) of DxEnterprise (DxE) for Containers, enabling cloud-native Microsoft SQL Server container Availability Groups (AG) outside and inside Kubernetes (K8).

Container use is skyrocketing for digital transformation projects—particularly the use of stateful containers for databases such as Microsoft SQL Server. This growing stateful database container use is also generating a hard production deployment requirement for database-level high availability (HA) in Kubernetes.

For medium and large organizations running SQL Server, database-level HA has traditionally been provided by SQL Server Availability Groups (AGs). However, SQL Server AGs have not been supported in Kubernetes until now—hindering organizations’ ability to undergo digital transformations. DxEnterprise (DxE) for Containers is the answer to the problem.

DxEnterprise for Containers accelerates an enterprise’s digital transformation (DX) by speeding the adoption of highly available stateful containers. DxEnterprise (DxE) for Containers provides SQL Server Availability Group (AG) support for SQL Server containers, including for Kubernetes clusters. It enables customers to deploy stateful containers to create new and innovative applications while also improving operations with near-zero RTO to more efficiently deliver better products and services at a lower cost. Additionally, it helps organizations generate new revenue streams by enabling them to build distributed Kubernetes AG clusters across availability zones/regions, resulting in hybrid cloud and multi-cloud environments which can rapidly adapt to changes in market conditions and consumer preferences.

“Kubernetes lacks SQL Server AG support, which is essential for using stateful containers in production,” said Shamus McGillicuddy, Vice President of Research, EMA Network Management Practice. “DxEnterprise for Containers solves this problem. It enables AG support in Kubernetes.”

“DxE for Containers is the perfect complement to Kubernetes’ pod/node-level cluster HA,” said Don Boxley, DH2i CEO and Co-Founder. “DxE for Containers enables Microsoft users to confidently deploy highly available SQL Server containers in production, speeding their organizations’ digital transformation.”

DxEnterprise for Containers Features & Benefits:

–       Kubernetes SQL Server Container Availability Groups with automatic failover, an industry first – Enables customers to deploy stateful containers to create new and innovative applications

–       Near-zero recovery time objective (RTO) container database-level failover – Improves operations to more efficiently and resiliently deliver better products and services at a lower cost to the business

–       Distributed Kubernetes AG clusters across availability zones/regions, hybrid cloud and multi-cloud environment with built-in secure multi-subnet express micro-tunnel technology – Enables customers to rapidly adapt to changes in market conditions and consumer preferences

–       Intelligent Health & performance QoS monitoring, alerting management – Simplifies system management

–       Mix and match support for Windows and Linux; bare metal, virtual, cloud servers – Maximizes IT budget ROI

Organizations can now purchase DxEnterprise (DxE) for Containers directly from the DH2i website to get immediate full access to the software and support. Customers have the flexibility to select the support level and subscription duration to best meet the needs of their organization. Users can also subscribe to the Developer Edition of DxEnterprise (DxE) for Containers to dive into the technology for free for non-production use.

DH2i Company is the leading provider of multi-platform Software Defined Perimeter (SDP) and Smart Availability software for Windows and Linux. DH2i software products DxOdyssey and DxEnterprise enable customers to create an entire IT infrastructure that is “always-secure and always-on.”