HPE Blog Discusses Zero Trust on IoT Devices

I was invited into the HPE Influencer group through its development of an IoT group. I wrote a couple of times about the Texmark refinery in Houston that was a cool IoT application. The IoT thing cooled there like everywhere–morphing into “edge-to-cloud” technology and architecture. However, here is a new blog post regarding IoT and Zero-Trust security from HPE and writer David Rand.


  • There are fewer zero trust approaches for IoT than desktops, but you can still make a strong zero trust defense.
  • As on other platforms, zero trust for IoT means IT must do extra work and take extra care. That’s just the world we live in.
  • Enterprise IoT devices are a juicy target for attackers looking for a toehold in your network.

And here, from the blog:

Last March, a 21-year-old Swiss hacker successfully accessed and seized control of 150,000 smart industrial cameras developed by Verkada, a little known security-as-a-service company in Silicon Valley.

As hackers often do, the antagonist, still on the run from authorities, attacked security cameras in hospitals, factories, police departments, prisons, gyms, schools, and offices just to prove he could. In doing so, he also demonstrated how hard it has become to fully trust the cyberdefenses of those millions of internet of things (IoT) devices attaching to corporate networks around the world.

“Organizations are slowly waking up to the reality that their IT environments are not limited to the data center, office, or laptops their employees use to work from home,” says Craig Robinson, program director for worldwide security services at IDC. “IoT devices are increasingly on corporate networks, and traditional IT cybersecurity methods alone aren’t up to the task of ensuring they do not turn into major vulnerabilities.”

I’m receiving more news regarding cybersecurity than any other topic presently. Obviously hackers have noticed the pervasive networking throughout industrial and manufacturing plants and can’t avoid the temptation to see what they can do. Especially given Russian attacks on Ukrainian power plants in the current war. We all need to tap into as many ideas as feasible.

Wireless IoT Sensors Lose the Batteries

In the beginning of wireless IoT sensors on the supplier side was the concept of inexpensive wireless sensors beaming process and environmental data to the enterprise. In the beginning on the user side was the fear of sending maintenance technician on annual rounds with pockets full of batteries sort of like the annual reminder to change the batteries in your household smoke detectors.

These thoughts were soon followed by engineers tinkering with a variety of methods for generating electricity from the process or perhaps the inherent machine vibration thus eliminating batteries.

Recently I learned of a company called Everactive that has released a wireless sensor product suite that eliminates batteries. They use energy harvesting for power, their own wireless network in which each sensor reports back to the gateway. Some impressive use cases.

The publicist’s pitch related to sustainability (and Earth Day). Some examples:

With tools like Everactive’s real-time Steam Trap Monitoring, a single sensor’s impact = avoiding $1,000 in energy costs, 10+ tons in annual excess CO2 emissions, and 1,800+ therms of energy.  That’s the equivalent of removing 2 passenger cars from the road for a single year or making 5 US homes energy net-zero for a full year.  When you consider that an average manufacturing facility has hundreds to thousands of traps and there are tens of millions of these throughout industry, the impact multiplies rapidly.

With real-time Machine Health Monitoring, B2B customers are able run machinery much more efficiently and avoid extremely costly downtime events.

In general, there are hundreds of B2B IoT applications where wireless IoT devices can be put to work in the service of far more impactful uses — to curb energy usage, reduce waste, lower emissions, improve air quality, and do it using renewable energy.

Examples of Everactive’s Customers/Technology Impact on CSR

Anheuser Busch reduced its CO 2 emissions by an estimated 7,561tons of CO 2 per year using the Everactive always-on solution, which is equivalent to taking 1,644 passenger vehicles off the road each year.

Hershey Since implementing the STM (Steam Trap Monitoring), the Hershey’s plant has already saved several thousand dollars in steam system savings. The maintenance team are now piloting Everactive’s new solution for Machine Health Monitoring (MHM).

Colgate-Palmolive During the first several months of using 230 Everactive steam trap sensors in Colgate-Palmolive’s Ohio and Indiana manufacturing facilities, on-site managers received email alerts about four critical steam trap failures. Teams were able to quickly replace the malfunctioning traps. Everactive says that Colgate-Palmolive recouped its subscription-based fees for service (including installation of the sensors and use of Everactive’s web data  platform) in just three months. Everactive also estimates that as a result of the sensor-based monitoring, Colgate-Palmolive is saving 20,000 metric tons of CO2 emissions yearly.

Merck For this customer, the advantages have been manifold. Everactive delivers steam trap insights second-by-second, rather than once every six months, and does so conveniently, with intelligent notifications and easy to navigate mobile and desktop interfaces.”I was able to get on my phone real quick and read what the condensate temperature was, so we could determine if there was live steam going into [the trap],” notes the plant’s Facilities Engineer. “[That was] pretty neat.”

Foundries.io and Arduino Deliver Secure Embedded Linux IoT and Edge

I have been expecting to see Arduino applications pop up like mushrooms after a spring rain. It’s been more like the occasional gold finch gracing the backyard birdfeeder. But advancements do come. This partnership between Foundries.io and Arduino along with the explosion of interest in Edge could tip the scales.

LONDON, March 24, 2022 – Foundries.io, the leader in cloud native development and deployment solutions for secure IoT and Edge devices, today announced its partnership with Arduino to deliver secure, embedded Linux IoT and Edge solutions for the enterprise with the Arduino Pro Portenta X8 (just announced today).

Arduino is an open source electronics company that manufactures open hardware development boards used by millions of developers around the world. It will use FoundriesFactory in its enterprise product to help customers ease development and deployment, reduce costs and accelerate revenue associated with industrial IoT and Edge devices.

“A few years ago, with the legendary Yún, Arduino invented a new category of products by combining microcontrollers and microprocessors on a single hardware platform. Now, we are taking this experience to the next level by providing enterprises the same flexibility, with performance on steroids thanks to the Portenta X8 (4x Cortex®-A53, Cortex-M7 and 2x M4)”, said Fabio Violante, CEO at Arduino. “Today, the world is different: You cannot think about a Linux-based device without anticipating the challenges of securing and maintaining it over time. This requires expertise, commitment and attention to every detail related to security and maintenance. For this reason, we decided to partner with Foundries.io to simplify this approach by providing a ready-to-use solution that can help our customers build systems with confidence. By embedding a FoundriesFactory in the Arduino platform, customers can be sure to choose the best solution on the market.”

The IoT market will more than double in the next five years, and the market for Edge devices will nearly triple with accelerated growth expected in industrial IoT, Electric Vehicle (EV) infrastructure and robotics. Among the challenges to realizing this growth and innovation for businesses are the security of these devices and the expense associated with building and maintaining Linux to support them. FoundriesFactory addresses these challenges with a cloud-based DevOps service to build, test, deploy and maintain these devices. It includes a fit-for-purpose, customizable Linux microPlatform OS built using best industry practices for security and incremental Over The Air (OTA) updates. Developers can build with freedom and ease, while businesses lower costs and reduce time to revenue.

Foundries.io is in a unique position to advance Arduino’s vision for enabling enterprises to more easily deploy and maintain Linux-based products for IoT and Edge applications,” said George Grey, CEO at Foundries.io. “The combination of the Portenta X8 and the FoundriesFactory cloud solution will accelerate customer time to market, increase product security and enable rapid deployment and lifetime OTA management of customer devices and fleets, while giving freedom of choice for connectivity to public or private cloud services. From off-the-shelf to fully customized options, Arduino and FoundriesFactory are providing an industry leading solution for Linux-based IoT and Edge products.”

Users will be able to access a FoundriesFactory for the Portenta X8 hardware platform. This will enable users to immediately connect Arduino Portenta X8-based products to the cloud and start developing container-based applications, leveraging the device management and DevOps capabilities available with FoundriesFactory.

Cellular Cybersecurity Solution

Cloudflare protects my website from nefarious activity. It also provides interesting data—such as reporting this site gets from 150K to 175K visits in total per month. Also interesting was the week after the Russian invasion of the Ukraine. My traffic from Russia ran along at a relatively smooth line on the chart. The chart the first week of the invasion showed a huge spike in traffic for a couple of days. It returned to normal. They (someone?) figured out that a manufacturing site has nothing to do with the war effort?

I don’t follow cybersecurity in depth, but I cannot avoid covering it. A significant portion of the marketing communications traffic to my inbox originates with cybersecurity companies. Much activity comes from there. Here is news from an Israeli company called FirstPoint with cellular security solutions.

FirstPoint Mobile Guard launched its new Protected Cellular Connectivity Suite, built for IoT enterprises. The comprehensive, ultra-secure multi-functional system enables enterprises to securely manage thousands of IoT cellular-connected devices without depending on an operator.

FirstPoint’s cellular cybersecurity technology, which is already implemented at several large IoT organizations, MNOs, MVNOs and governmental agencies, gives enterprises robust control and protection with private, isolated services, quick-start connectivity, and complete roaming control. The network-based integrated platform detects, alerts, and blocks different network vulnerabilities and threats such as denial of service, SMS attacks, malware, mobile IP-data attacks, network fraud, and more.

“Enterprises now have complete control of their IoT cellular connected devices,” said Dror Fixler, Ph.D., CEO of FirstPoint Mobile Guard. “At a time of hyperconnectivity and record levels of cellular hacking, our platform allows enterprises to focus on their business with peace of mind using our ultra-secure protection.”

FirstPoint Mobile Guard delivers holistic cellular operations and security solutions, providing comprehensive oversight, control, and protection for any mobile, IoT, or IIoT device. The technologies enable service providers, MVNOs, and large cellular-IoT organizations to fully manage, control, and secure the connectivity of their cellular connected devices for any operational use case. The solutions are fine-tuned for security-sensitive organizations, including enterprises, critical infrastructure, fleets, smart cities, industrial, financial services, governments, military and more.

Industrial Software Enables Collaboration and Continuous Improvement

GE Digital has been one busy organization lately. This is the third release along with one interview in the past month or so. The company continues to build on its platform not looking (so far) to bring it all together. I’ve only seen a couple of companies so far who have built from the ground up. This new piece of application software is a step toward letting its customers bring its data together in order to enable improved decision making.

Here is the short take:

• Updated software delivers actionable information with a cross-business digital operations hub 

• New portfolio-wide data flow editor saves time and increases visibility by automatically integrating and transforming data for IoT-fueled analysis and optimization 

• Code-free development environment accelerates configuration of rich web-enabled dashboards and applications through a library of widgets

GE Digital announced updates to Proficy Operations Hub, the company’s centralized environment for building industrial applications for web-based intelligence.

Proficy Operations Hub allows both developers and non-developers to quickly assemble displays through a comprehensive library of widgets and arrange them to provide responsive operator and supervisor visualization. Companies can define data sources for connected devices and create queries to access and transform data into actionable information for operations. Drag-and-drop design allows for simple placement and configuration of visualization components on the display, then dragging the query or data source onto the component quickly enables the data connections.

Designed as an OT business intelligence (BI) tool for any industrial environment, Proficy Operations Hub is used in diverse industries including water/wastewater treatment, automotive manufacturing, food and beverage processing, power and energy, and consumer goods.

As an example, ENGIE, a global company in low-carbon energy and services, worked with Control & Protection Automation NV (CPA) to leverage Proficy Operations Hub to accelerate time to value. The team developed and delivered an expanded remote and local monitoring and control solution. CPA maximized Proficy Operation Hub’s Rapid Application Development (RAD) capabilities in conjunction with the Proficy software portfolio to create reusable objects and High Performance HMI operator screens, GIS functionality, dashboards, and more.

New features in this latest update include increasing Rapid Application Development using cloud infrastructure with Microsoft Azure and Amazon Web Services (AWS), an expanded widget library for data display and analysis, and third-party systems integration enabled by OPC UA. The software also enhances OT BI with new visualization widgets for supervisory dashboards and a pivot grid for ad hoc multi-dimensional data analysis.

“Access to data across the organization provides faster response and better decision-making with centralized visualization, digitized processes, and data analysis in context. Ultimately that leads to decreased costs and time to market as well as lower maintenance costs,” said Richard Kenedi, General Manager for GE Digital’s Manufacturing and Digital Plant business. “These outcomes are the result of improved collaboration and continuous improvement programs that are key performance indicators in the industrial environment today.”

Wi-Fi 6E and the Insatiable Demand For Network Bandwidth

Networking continues to be one of the most important technology developments for manufacturing and production enterprises. I came across this article from Michael Tennefoss, vice president of IoT and strategic partnerships at Aruba, a Hewlett Packard Enterprise company. He is responsible for the company’s ecosystem of technology partners and strategic initiatives, including the Internet of Things and blockchain.

He discusses Wi-Fi 6E in this blog post at HPE. Here are the quick takeaways:


• Wi-Fi 6E is being implemented in large, real-world environments.

• Newer applications increasingly demand high bandwidth and wireless access.

• Wi-Fi 6E was carefully engineered so as not to interfere with established uses of the bandwidth.

Following are a few of his thoughts. Click the link for the entire article.

In the networking market, one truism has held constant for decades: Applications expand to fill all available bandwidth. No sooner does a technological breakthrough that increases bandwidth hit the market than a myriad of applications are released, pushing the bar higher still. Whether it’s high-definition gaming, augmented or virtual reality, or real-time medical imaging, customer demand for network capacity is insatiable.

Wi-Fi 6 also squeezes roughly 25 percent more bits into every radio frequency (RF) cycle by adjusting the amplitude and phase of each bit through a technique called 1024-bit quadrature amplitude modulation (QAM). RF power management reduces interference with other radio networks, allowing the benefits of OFDMA and QAM to be delivered in real applications and not just lab environments.

Wi-Fi 6 operates in the 2.4 and 5 GHz bands, and while that enables backward compatibility with previous iterations of Wi-Fi, it was well known that additional bands would be needed to accommodate future needs. Work was afoot for years to secure unlicensed spectrum in the 6 GHz band for this purpose. However, doing so required reallocating frequencies already in use by ultra-wideband systems, microwave services, and wireless backhaul.

The benefits of using Wi-Fi 6E include more capacity, improved high-density congestion mitigation, and 160 MHz channels for demanding high-definition streaming. Additionally, it avoids the increasingly congested 2.4 GHz and 5 GHz bands with headroom to spare as 6 GHz devices come on the market. These benefits depend on the availability of Wi-Fi 6E access points and 6E-enabled client devices.

Aruba began shipping its AP-630 Series Wi-Fi 6E APs in 2021 and predicts that the transition to 6E will be in full swing in 2022. Industry analyst firm 650 Group forecasts that revenues for the Wi-Fi 6E-based enterprise and outdoor wireless LAN market will exceed $1 billion by 2025 and that the consumer market—including routers, consumer mesh, extenders, and broadband customer premises equipment with Wi-Fi—will also exceed $1 billion in the same period. A list of 6E-enabled products is published by the Wi-Fi Alliance.