Cybersecurity Zero Day Threats and Executive Survey

Cybersecurity Zero Day Threats and Executive Survey

by | Aug 5, 2019 | Internet of Things, Security

Cybersecurity is in the news more often than violence or politics, its seems. Last week I received two important pieces of news—both reported below. The first details vulnerabilities found in VxWorks—the most widely used Real-Time Operating System forming the foundation for process control. The other news concerns a survey of executives that shows continued cyber attacks on industrial systems.

Zero Day Vulnerabilities

Enterprise IoT security company, Armis, announced the discovery of 11 zero-day vulnerabilities, 6 critical, that affect Wind River® VxWorks versions since version 6.5, that include the IPnet stack, collectively known as “URGENT/11.” Updated releases have been provided. URGENT/11 does not impact versions of the product designed for certification, such as VxWorks 653 and VxWorks Cert Edition.

VxWorks, the leading real-time operating system (RTOS), is used in more than two billion devices across industrial, medical and enterprise environments such as mission-critical systems including SCADA, elevator and industrial controllers, patient monitors and MRI machines, as well as firewalls, routers, satellite modems, VOIP phones and printers. If exploited, URGENT/11 could allow a complete takeover of the device and cause disruption on a scale similar to what resulted from the EternalBlue vulnerability.

“VxWorks is the most widely used operating system you may never have heard of,” said Ben Seri, vice president of research at Armis. “A wide variety of industries rely on VxWorks to run their critical devices in their daily operations—from healthcare to manufacturing and even security businesses. This is why URGENT/11 is so important. The potential for compromise of critical devices and equipment especially in manufacturing and healthcare is a big concern.”

URGENT/11 includes six Remote Code Execution (RCE) vulnerabilities that could give an attacker full control over a targeted device, via unauthenticated network packets. Any connected device leveraging VxWorks that includes the IPnet stack is affected by at least one of the discovered vulnerabilities. They include some devices that are located at the perimeter of organizational networks that are internet-facing such as modems, routers and firewalls. Any vulnerability in such a device may enable an attacker to breach networks directly from the internet. Devices protected by perimeter security measures also can be vulnerable once the devices create TCP connections to the internet. These connections can be hijacked and used to trigger the discovered TCP vulnerabilities, allowing attackers to take over the device and access the internal network.

“URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security. Every business with these devices needs to ensure they are protected,” said Yevgeny Dibrov, CEO and co-founder of Armis. “The vulnerabilities in these unmanaged and IoT devices can be leveraged to manipulate data, disrupt physical world equipment, and put people’s lives at risk.”

VxWorks is pervasive and trusted due to its rigorous and high-achieving safety certifications and its high degree of reliability and real-time accuracy. In its 32-year history, only 13 Common Vulnerabilities and Exposures (CVEs) have been listed by MITRE as affecting VxWorks. Armis discovered unusually low-level vulnerabilities within the IPnet stack affecting these specific VxWorks versions released in the last 13 years, from versions 6.5 and above. These are the most severe vulnerabilities found in VxWorks to date.

The IPnet networking stack was acquired by Wind River through its acquisition of Interpeak in 2006. Prior to the acquisition, the stack was broadly licensed to and deployed by a number of real-time operating system vendors.

Wind River has been working in collaboration with Armis on this matter, and customers were notified and issued patches to address the vulnerabilities last month. To the best of both companies knowledge, there is no indication the URGENT/11 vulnerabilities have been exploited.

Organizations deploying devices with VxWorks should patch impacted devices immediately. More information can be found in the Wind River Security Alert posted on the company’s Security Center.

Operational Downtime is the Most Common Impact of IoT-Focused Cyberattacks

As connectivity in the Industrial Internet of Things (IIoT) promises to transform the manufacturing and production industry, new research by Irdeto underlines the importance of cybersecurity, revealing that 79% of manufacturing and production organizations surveyed have experienced an IoT-focused cyberattack in the past year. This finding demonstrates the importance of cybersecurity as IoT devices proliferate across the critical infrastructure of these organizations, to ensure that the potential business benefits of IoT can be realized safely.

The Irdeto Global Connected Industries Cybersecurity Survey of 220 security decision makers in organizations in this sector (700 respondents in total) found that of the organizations that were hit by an attack, operational downtime (47%), compromised customer data (35%) and compromised end-user safety (33%) were the most common impacts. These findings clearly point to a direct bearing on revenue as well as health safety challenges presented by unsecured IoT devices.

The research also suggests that these organizations are aware of where the key cybersecurity vulnerabilities exist with their infrastructure, but do not necessarily have everything they need to address them. The most prominent vulnerabilities within manufacturing and production organizations were in mobile devices and apps (46%). This was followed by the IT network (41%) and the software used by the organization (40%) – which if referring to the OT equipment software which runs of the factory floor, could be hugely problematic.

However, despite this awareness, 92% of respondents feel their organization does not have everything it needs to address cybersecurity challenges. 44% state that their organization needs to implement a more robust security strategy. This is followed by a need for additional expertise/skills within the organization to address all aspects of cybersecurity (42%) and a need for more effective cybersecurity tools (37%).

This is compounded by the finding that, in the manufacturing sector, a total of 91% of manufacturers and 96% of users of IoT devices state that the cybersecurity of the IoT devices that they manufacture or use could be improved either to a great extent or to some extent. Failure to address these challenges could prove costly with the average financial impact as a result of an IoT-focused cyberattack in the manufacturing space identified as more than $280,000 USD, according to the survey.

“While the benefits of IoT may be in abundance in manufacturing and industrial environments, this connectivity also increases the attack surface and these findings demonstrate that there is an awareness of the cybersecurity challenges and impacts within the industry, but potentially a need to rethink strategies to mitigate the impact of potential cyberattacks,” said Mark Hearn, Director of IoT Security and Business Development, Irdeto. “Whatever the nature of the threat, industrial and manufacturing organizations must understand the scope of their current risk, ask hard cybersecurity-centric questions to vendors, and work with trusted advisors to safely embrace connectivity in their manufacturing process.”

As organizations fight to keep pace with the cybersecurity challenges in the manufacturing sector, they do have several security measures in place, but have often not implemented enough layers into their security strategy. 21% of organizations surveyed do not currently have software protection technologies implemented, while 39% do not have mobile app protection implemented, despite identifying mobile devices and apps as the greatest source of vulnerabilities. In addition, only 50% make security part of the product design lifecycle process.

However, the majority of organizations that don’t already have these measures in place, state that they plan to implement them in the next year. In addition, 99% of the manufacturing organizations surveyed agree that a security solution should be an enabler of new business models, not just a cost. These findings suggest that attitudes towards IoT security are changing for the better.

“As the manufacturing industry embraces IoT technology it’s clear that there are many cybersecurity challenges that must be addressed, but the industry attitude towards cybersecurity is on the right track,” added Steeve Huin, Vice President of Strategic Partnerships, Business Development and Marketing, Irdeto. “As the scope of connected manufacturing grows, the opportunities and the risks are magnified and it is imperative that organizations upskill and implement robust cybersecurity strategies to ensure they mitigate the threat and safely take advantage of the benefits that IoT can bring.”

Understanding Risk Exposure of IoT Devices

Understanding Risk Exposure of IoT Devices

by | Aug 1, 2019 | Internet of Things, Manufacturing IT

Cybersecurity as a concept or even as a term didn’t exist when I discussed the future of connected control systems devices with my customer, a senior control systems engineer for an automotive component manufacturer in the 1990s. He was aware of potential problems of connectedness when he told me, “I will never run a wire from a control system in this plant.”

Today? Everything is connected. Cybersecurity is a known, if sometimes devalued, challenge. How much do organizations understand the risk exposure of IoT devices? Deloitte and Dragos, Inc. share top risks to organizations in current IoT environment.

Key takeaways:

  • In the digital age, cyber is everywhere. Cyber risk now permeates nearly every aspect of how we live and work. Organizations should better understand how to manage the risks created by known and unknown Internet of Things (IoT) and Industrial IoT (IIoT) devices. 
  • Security-by-design saves time: it takes longer to retroactively fix issues than it does to do it correctly the first time when building the product. 
  • Security-by-design reduces cost: it costs more to mitigate the risk of vulnerability exploitation than to implement security in the beginning.
  • According to a recent Deloitte poll, nearly half of respondents (48%) realized it is imperative, when developing or deploying secure-by-design connected products and/or devices, that both of these conditions exist:
  • o DevSecOps embedded throughout the design/acquisition, implementation, and deployment lifecycle.
  • o Cross-functional technology that includes teaming with legal, procurement and compliance across pre- and post-market deployments.

Why it matters?

The number of cyberattacks, data breaches and overall business disruption caused by unsecured IoT/IIoT devices are increasing because many companies don’t know the depth and breadth of the risk exposures they face when leveraging IoT devices and other emerging technologies. IoT and IIoT are a set of business and technology innovations that offer many compelling benefits, but they also present significant cybersecurity risks and a greatly expanded attack surface. Mitigating these risks by understanding IoT/IIoT platform security can help organizations realize greater potential and benefits of these innovations.

Why is security-by-design important?

Deloitte and Dragos are teaming on a number of client initiatives to help organizations embed a security-by-design approach and to manage the risk of industrial control systems (ICS) and operational technology (OT) environments by enabling them to better monitor and assess threats. Organizations can benefit from a better understanding of threats in this environment, which can then be used to develop and embed cybersecurity strategies into organizational and technology strategy.

Security-by-design (for designing an IoT/IIoT product) is about incorporating cybersecurity practices by default into the product’s design as well as (for onboarding an acquired IoT/IIoT product) incorporating cybersecurity practices by default into the environment in which the IoT product is implemented.

Beyond securing ICS and OT systems, this combination of cyber risk services and technologies can provide a more complete picture of an organization’s ICS and OT threat landscape through active monitoring that can better inform scenario planning and response.

The following top risks were outlined by leaders from Deloitte Risk & Financial Advisory’s cyber practice and Dragos in a recent Deloitte Dbriefs webcast, The Internet of Things and cybersecurity: A secure-by-design approach:

Top 10 security risks the current IoT environment poses

  1. Not having a security and privacy program
  2. Lack of ownership/governance to drive security and privacy
  3. Security not being incorporated into the design of products and ecosystems
  4. Insufficient security awareness and training for engineers and architects
  5. Lack of IoT/IIoT and product security and privacy resources
  6. Insufficient monitoring of devices and systems to detect security events
  7. Lack of post-market/ implementation security and privacy risk management
  8. Lack of visibility of products or not having a full product inventory
  9. Identifying and treating risks of fielded and legacy products
  10. Inexperienced/immature incident response processes

Key quotes
“Security needs to become embedded into the DNA of operational programs to enable organizations to have great products and have peace of mind. Today all sorts of products are becoming a part of cyber: from ovens to instant cookers, 3D printers to cars. Organizations need to consider what can actually go wrong with what is really out there and look at those challenges as a priority.”
– Sean Peasley, a partner in Risk & Financial Advisory and the Consumer & Industrial Products leader and Internet of Things (IoT) Security leader in Cyber Risk Services at Deloitte & Touche LLP

“Organizations need to think through this. There are a lot of requirements and they need to figure out a strategy. When looking at product security requirements, I see this as a challenging aspect as organizations get a handle around what they are manufacturing. There are organizations for example in industries such as health care, medical devices, and power and utilities that are starting to ask questions of their suppliers as they consider security before they deploy devices into their customer ecosystem. Where I see a lot of organizations struggle is in understanding system misconfiguration or not having the architecture they thought they did in order to make sure their manufacturing environment is reliable.”
– Robert M. Lee, CEO at Dragos Inc.

About the online poll

More than 4,200 professionals across industries and positions participated in and responded to poll questions during the Deloitte Dbriefs webcast, “The Internet of Things and cybersecurity: A secure-by-design approach” held May 30, 2019. Answer rates differed by question.

A majority (81%) of respondents indicated that information security is accountable for the securing of connected products in their organization. The information security team is still primarily where boards look to drive their cyber agenda but as the 2019 Future of Cyber survey indicates, cyber is becoming everyone’s responsibility. It is critical to understand that if you are the plant manager you likely have the responsibility to the safety and liability of the operation. But the challenge is that everyone does have a role to play. Ultimately, the CEO is going to be held accountable.

Organizational confidence in security

How confident are respondents that their organizations’ connected products, devices, or other “things” are secure today? Not very. More than half
of respondents (51%) were somewhat confident, while 23% were uncertain or somewhat not confident, with only 18% feeling very confident in their organizations’ ability to secure connected products and devices. This may be as a result of there being an overall lack of standardization across industries for security and awareness of cyber risks and connected devices.

Guidance for security-by-design

A positive revelation in the results was when 41% of respondents indicated that they look to industry and professional organizations for guidance in driving security-by-design within their organizations. Another 28% said that they look first to regulatory bodies and agencies that set the standards; and 22% indicated their leading practices were developed internally for providing that guidance in driving security-by-design.

According to Peasley and Lee, it is a favorable strategy for organizations to understand leading practices and standards of peer organizations first, and then look to the regulatory bodies that are starting to shape standards and regulations and help inform the standards and regulations that are to come.

These results conflict with another question regarding whether their product teams use a defined set of product cybersecurity requirements as input for requirements selection. Twenty-eight percent use an industry defined framework, and 41% indicated a custom framework, while 30% of respondents indicated “No” that they didn’t use a defined set of requirements. The results of this question indicate there is still much work to do across the industry to influence and inform on standards for cybersecurity.

Considerations for organizations

• Understand the current state of product security and develop a cyber strategy: Whether designing connected products or acquiring such products to implement internally, assess how products, including the data they produce, are protected and develop a cyber strategy to drive improvement.

• Establish security-by-design practices: Integrate security-by-design into the design of the product itself or into the design of the ecosystem architecture, through requirements, risk assessments, threat modeling and security testing.

• Set the tone from the top: Ensure the right people are engaged and have ownership of the process – from leadership to the relevant product security subject matter experts to the product teams.

• Have a dedicated team and provide them with ample resources: Don’t expect enterprise security teams to cover missions without adding new resources for them; build a dedicated team that has product-based experience and provide training as needed to increase knowledge.

• Leverage industry-available resources: Rather than developing and providing unique questionnaires to your device vendors, use publicly-available industry resources.

Worth noting

• “Secure IoT by design: Cybersecurity capabilities to look for when choosing an IoT platform

• According to the recent Deloitte “2019 Future of Cyber” survey, there are notable gaps in organizations’ abilities to meet cybersecurity demands for the future. Results from the survey indicate that many cyber organizations are challenged by their ability to help better prioritize cyber risk across the enterprise (16%). To see additional results the Future of Cyber survey, download a copy.

The Dragos ICS asset identification, threat detection, and response platform distills decades of real-world experience from an elite team of ICS cybersecurity experts across the U.S. intelligence community and private industrial companies. Dragos’ offerings also include threat hunting and incident response services, and Dragos WorldView for weekly threat intelligence reports. Dragos is headquartered in the Washington, DC area.

Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500 and more than 5,000 private and middle market companies.

Understanding Risk Exposure of IoT Devices

Open Source IoT Project Reaching Maturity

by | Jul 12, 2019 | Commentary, Internet of Things, Manufacturing IT, News

It is great to see things mature–whether kids or adults or technologies. Or an open source project called EdgeX Foundry. Yesterday I had the pleasure of two exciting teleconferences regarding the latest release of EdgeX Foundry, named Edinburgh, from the Linux Foundation’s LF Edge organization. I’ve had many conversations with Jason Shepherd, LF Edge Board Member and Dell Technologies IoT and Edge Computing CTO, over the past three years. When we finally got a chance to catch up yesterday afternoon, he could not have concealed his excitement had he tried.

I have written about EdgeXFoundry here from Hannover 2017, again in 2018, and when incorporated in Linux Foundation’s LF Edge umbrella. This IoT platform is more than a platform. During my Hannover visits of 2017 and 2018 it seemed that all God’s children need to develop their own IoT platform. Of course, when a company develops a platform the goal is to connect as many apps as possible to its main application.

I have also been involved with organizations trying to accomplish this same thing through standards. Problem is, you just can’t get technology supplier companies to sign up for a platform that forces their products to be subservient to standards. The better approach is Loosely Coupled (book by Doug Kaye).

 The first conversation was with Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation, and Keith Steele, chair of the EdgeX Foundry Technical Steering Committee and CEO of IOTech. They walked me through the release and its meaning.

Important takeaway–This Open Source IoT Platform/Ecosystem is now stable and ready for PrimeTime.

Highlights:

  • Enables IoT digital transformation for Enterprise, Industrial, Retail and Consumer
  • Supports complementary products and services from global open ecosystem including commercial support, training and customer pilot programs 
  • Deployed in many end user projects; EdgeX also collaborates with IIC on AI testbeds and is the foundation for the Open Retail Initiative (ORI)

Created collaboratively by a global ecosystem, EdgeX Foundry’s new release is a key enabler of digital transformation for IoT use cases and is a platform for real-world applications both for developers and end users across many vertical markets. EdgeX community members have created a range of complementary products and services, including commercial support, training and customer pilot programs and plug-in enhancements for device connectivity, applications, data and system management and security.

Launched in April 2017, and now part of the LF Edge umbrella, EdgeX Foundry is an open source, loosely-coupled microservices framework that provides the choice to plug and play from a growing ecosystem of available third party offerings or to augment proprietary innovations. With a focus on the IoT Edge, EdgeX simplifies the process to design, develop and deploy solutions across industrial, enterprise, and consumer applications. 

Thefourth release in the EdgeX roadmap, Edinburgh offers a stable API baseline for the standardization of IoT edge applications that future-proof IoT investments by fostering an ecosystem of interoperable microservice-based capabilities and decoupling investments in edge functionality in areas such as connectivity, security and management from any given backend application or cloud. The EdgeX framework is designed to facilitate the secure deployment and management of devices and applications at the edge to accelerate time-to-market and enable new data-based services and capabilities such as Artificial Intelligence (AI) and Machine Learning (ML).

“Since its launch, EdgeX Foundry has experienced significant momentum in developing an open platform that can serve as the industry framework for IoT and edge-related applications,” said Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation. “EdgeX Foundry is one of the anchor projects for LF Edge and Edinburgh release is a major step in unifying open source frameworks across IoT, Enterprise, Cloud and Telco Edge.”

“Having started the EdgeX movement with a small team at Dell before contributing the code to the Linux Foundation, it’s certainly amazing to see the traction we’ve gotten through open, vendor neutral collaboration in a few short years,” said Jason Shepherd, former chair of the EdgeX Foundry Governing Board and IoT and Edge CTO, Dell Technologies. “It’s a testament to the power of the network effect in the open source community which ultimately enables developers to focus on value rather than reinvention.” 

EdgeX Foundry’s community adoption continues to accelerate. Currently, there are more than 100 unique contributors to the project and code downloads are approaching 5,000 a month at a 75% month-to-month growth rate. Momentum is expected to continue with EdgeX’s Edinburgh releaseand rapidly growing commercial support in the ecosystem. 

Key features for this release include:

  • Stability: Stable API’s protecting future investment and supporting future long term support
  • Connectivity:More SDKs for north and southbound connectivity and a wider range of standard connectors
  • New Features: Significant new features, including binary data support, database swapability and improved APIs to help facilitate management/monitoring capability
  • Global Support:Support from the global EdgeX Foundry ecosystem – as well as the broader LF Edge umbrella community – that offers a range of complementary products and services

“With this EdgeX Edinburgh release, we will radically change how businesses develop and deploy IoT edge solutions,” said Keith Steele, chair of the EdgeX Foundry Technical Steering Committee and CEO of IOTech. “Edinburgh is a significant milestone that showcases the commercial viability of EdgeX Foundry and the impact that it will have on the global IoT edge landscape.”

Learn more aboutdocumentation, a new use caseand the technical details for theEdinburgh releaseon the EdgeX website.  

Market Utilization of EdgeX Foundry 

Since the project inception, there have been tens of thousands of trials and pilot deployments of the EdgeX framework in the field and many of these are converting to production with the Edinburgh release. Several organizations already provide commercial solutions based on EdgeX, with many others folding it into their product roadmaps. For example:

  • Edge Xpert:From IOTech Systems, Edge Xpert uses the latest stable release of EdgeX Foundry to create a commercially supported solution from the baseline open source technology. IOTech will also soon announce hard real-time extensions to EdgeX.
  • MFX-1 IoT Edge Gateway: From Mainflux, the MFX-1 IoT Edge Gateway based on the EdgeX Foundry framework, is an edge computing solution supported with the EdgeFlux application for gateway management. Integrated with Mainflux IoT Cloud Platform it provides comprehensive Cloud /Edge IoT System.
  • NetFoundry Ziti Edge: NetFoundry’s Ziti Edge provides programmable, software-only “Northbound” connectivity for EdgeX Gateway applications and services. Based on Zero Trust security principles, with integrations for HW root of trust based identity and Trusted Execution Environments (TEE), Ziti Edge delivers secure “Silicon-to-Cloud” connectivity, using any Internet connection, while keeping both sides of the connection “dark” to the Internet.
  • VMware Supports EdgeX: Developers who deploy any combination of EdgeX Foundry and/or Project Photon OS with VMware Pulse IoT Center can receive support from VMware for both Pulse IoT Center and EdgeX open source software. When used with Pulse IoT Center’s device management capabilities, open source tools such as EdgeX offer developers increased control over how, when, and where they run their applications and manage their data.

The EdgeX framework is also being leveraged in various industry collaborations. For example, in collaboration with the Industrial Internet Consortium (IIC) EdgeX is used as the foundation for the Optimizing Manufacturing Processes by Artificial Intelligence (OMPAI) testbed which explores the application of AI and industrial internet technologies, deployed from the edge to the cloud, to optimize automotive manufacturing processes. EdgeX is also the foundation for the Open Retail Initiative (ORI) which has the goal of facilitating open innovation within the retail/commerce space.  Work for the ORI is manifested within the Commerce Working Group in the EdgeX project and initial target use cases include computer vision-assisted advanced loss prevention. 

Planning Ahead

Later this summer, the first EdgeX Foundry ecosystem hackathon will be hosted in the Bay Area. This initial event will be tied to the Commerce Working Group, hosted by Intel within the EdgeX project, with various award categories for implementation of the EdgeX framework in retail use cases. The best all-around winner will get to showcase their solution at future LF Edge or EdgeX Foundry events. Details will be available in late July via the EdgeX website, email list and Slack channel.

Additionally, LF Edge will host a workshop entitled “State of the (LF) Edge” on August 20 in San Diego, Calif., co-located with  Open Source Summit North America(August 21-23).  More details are available here.

Support from Contributing Members and Users of EdgeX Foundry

  • “EdgeX Foundry is the key component of Beechwoods IoT gateway solution that allows our customers to engage confidently in edge computing technology. With the Edinburgh release, this solution will be ready to transition from customer engagement to product deployment.” – Brad Kemp, President, Beechwoods Software
  • “The Edinburgh release of EdgeX Foundry brings much needed standardization and stability for edge computing in production environments through an open source, common framework. The availability of the EdgeX Foundry snap enables developers an easy path to getting started with EdgeX Foundry, and benefit from confinement, easy integration into their own infrastructure, and automatic updates. In addition, this release introduces new device snaps providing integration with MQTT and ModBus.”- Loic Minier, IoT Field Engineering Director, Canonical
  • “As EdgeX Foundry reaches maturity with the Edinburgh release, CloudPlugs is excited to also announce the integration of the CloudPlugs IIoT platform with the open EdgeX ecosystem.  CloudPlugs IoT is a robust backend to deploy, orchestrate and manage EdgeX-compliant devices and micro service-based applications, as well as to manage and visualize field data. The EdgeX framework provides new levels of flexibility in field-level interoperability and the combination of EdgeX with CloudPlugs IoT delivers a powerful, end-to-end software and service stack to digitize assets and to deploy commercial and industrial IoT solutions at scale.” – Jimmy Garcia-Meza, CEO, CloudPLugs Inc.    
  • “EdgeX Foundry provides an important software platform standardizing on the south bound IoT device connectivity and northbound data storage connectivity and allows vendors to plug-in their core IoT capabilities in between. FogHorn is aligned with this data ingestion and publication standardization and will continue to collaborate as appropriate.” – Sastry Malladi, CTO, FogHorn
  • “The EdgeX platform offers HMS Networks a path to quickly build Industrial IoT solutions by providing predefined set of services for I/O functionality. HMS has created a J1939 service for EdgeX platform to help simplify IoT solutions for the commercial vehicle telemetry market. Ultimately, the EdgeX platform will significantly reduce the R&D investment required to create a majority of the Industrial IoT applications required in the market today.” – Tom McKinney, Director Engineering Services and Business Development, HMS Networks 
  • “EdgeX Foundry is an important project arriving at the right time. It promises to connect devices to capabilities, and then get out of the way so you can run containerized workloads to generate insights, run model scoring, or detect anomalies… all at the edge. IBM is collaborating with EdgeX Foundry as part of our hybrid cloud strategy to help enterprises unlock the value of data from on-premises to the cloud to the edge.” – David Boloker, Distinguished Engineer, IBM
  • “EdgeX Foundry’s open source platform enables the industrial software ecosystem to integrate rapidly with ioTium’s managed services converged infrastructure offering – it’s microservices framework with open APIs is a powerful driver in the fragmented Industrial Control Systems market. ioTium enables rapid scalable deployment of the EdgeX Foundry framework globally.”- Ron Victor, CEO, ioTium  
  • “EdgeX Foundry provides an open framework for ease of design, development, & deployment at the Edge, while addressing stringent security,  privacy & compliance requirements. NetFoundry added its vendor-agnostic, connectivity-as-code solution to  EdgeX in order to enable developers and integrators to get similar ease of use, security and performance for their northbound application connectivity to core, clouds and service meshes. With the release of the EdgeX Edinburgh release, the EdgeX Foundry developer community has all the tools needed to deliver on market needs and ensure secure, agile innovation at the Edge” – Galeal Zino, CEO, NetFoundry Inc.
  • “As Digital Transformation for IoT gathers momentum, companies are demanding the same reliability, performance and security at the edge as they are used to getting from their Cloud Computing stack. With this release, EdgeX with Redis Labs RedisEdge not only delivers upon those expectations, but provides an ecosystem of open source technologies and plug-ins such as Redis Modules that help developers innovate.” – Dave Nielsen, Head of Community and Ecosystem Programs, Redis Labs
  • “EdgeX Foundry addresses the problem of the license stack at the IoT Edge constantly increasing in cost by providing a well architected, high performance, open source platform that can be used for industrial solutions today.” – Mike Malone, Vice President, Technotects, Inc.
  • “EdgeX Foundry’s global community ecosystem has experienced explosive growth, and the tangible advances delivered in the EdgeX  Edinburgh release are exciting developments for edge computing. We fully support EdgeX Foundry’s goals to establish an open interoperable framework for edge computing to provide developers with increased control over how, when, where and with whom they run their applications and manage their data. We look forward to continuing our contributions to the EdgeX Foundry community and related efforts in fostering open industry-wide innovation such as the Open Retail initiative.” – Mimi Spier, Vice President, Edge and IoT Business, VMware
  • “As a founding member of LF Edge, Wipro is proud to have contributed to the Edinburgh release. We will continue to actively participate as it is a key platform for delivering open, microservices-based, edge IoT applications for today’s interoperable distributed enterprise world.” – Andrew Aitken, general manager and global open source practice leader, Wipro Limited.
  • “ZEDEDA’s vision is to free cloud-native and legacy apps to run on any edge device anywhere in the world. This vision drives our support for EdgeX Foundry and its mission of promoting open interoperability between edge devices. We’ve made our virtualization solutions compatible with EdgeX releases because we believe they will have a central role in our industry’s future.” – Joel Vincent, VP Marketing, ZEDEDA
Understanding Risk Exposure of IoT Devices

Industrial Internet of Things Maturity Assessment Explorer

by | Jul 8, 2019 | Internet of Things, Manufacturing IT, Organizations

I’ve been off for most of the past week celebrating Independence Day and family birthdays. For those of you in the US, I hope you had a restful time off and enjoyed some fireworks displays. And now, back to what’s happening in the industrial world.

The Industrial Internet of Things (IIoT) comprises far more than just the simple connecting of devices back to a database in a server. It’s integral to digitalization. Applying abundance thinking to the system, clearly IIoT plays a key role for successful business transformation.

The Industrial Internet Consortium (IIC) has produced the IIoT Maturity Assessment, a web-based tool included in the IIC Resource Hub that enables users to better understand their enterprise IIoT maturity. The IIoT Maturity Assessment helps organizations become best-practice adopters of IIoT by guiding business managers through a range of questions about the adoption, usage and governance of IIoT within their organizations.

“The IIoT market has grown quickly and many businesses planned strategy while in the midst of execution and need to step back and assess their true IIoT maturity,” said Jim Morrish, Co-Chair of the IIC’s Business Strategy and Solution Lifecycle Working Group and co-author of the IIoT Maturity Assessment tool. “The IIoT Maturity Assessment will help companies get a baseline for their maturity right now and assess it in regular intervals to track their progress.”

This framework of four main dimensions and their corresponding strands will spur your thinking into broader areas beyond predictive maintenance or cost reduction programs.

The framework:

Business Strategy

  • Market context
  • Strategic context
  • Business model innovation and refinement
  • IoT Foundations

Business Solution Lifecycle

  • Interface to business strategy
  • Solution design
  • Project team structuring
  • Project management
  • In service monitoring and feedback

Technology

  • Technology strategy
  • Reference architecture and standards
  • Platforms stack
  • Data location transparency

Security

  • Governance
  • Enablement
  • Hardening

“There’s a real difference between using IIoT to streamline processes and using it to create new revenue streams or make better business decisions,” said Ian Hughes, Senior Analyst, Internet of Things, 451 Research. “A tool like this can be a real eye opener for an organization wanting to transform their business to remain competitive and increase profits.”

The IIoT Maturity Assessment considers 63 individual capabilities, each with five levels of maturity within the above framework. For example, under strategic context, a maturity level can range from a limited number of key individuals having stepped up to IIoT ownership to full ownership of IIoT within an organization. The IIoT Maturity Assessment provides feedback about the level of maturity and highlights areas that may require development.

The final outputs provided to users also provide links to the IIC Body of Knowledge for reference and to help improve their maturity. This includes collaborative resources developed by industry leaders from the IIC membership, including IIC foundational documents (Industrial Internet Reference Architecture, Industrial Internet Security Framework, Industrial Internet Connectivity Framework, Business Strategy and Innovation Framework, Industrial Internet of Things Analytics Framework, and Vocabulary Technical Report) and other IIC documents and tools.

The IIoT Maturity Assessment is available in three levels of analysis: Quick, Standard (both open to everyone) and Detailed (IIC members only).

Podcasts and Education Opportunities

Podcasts and Education Opportunities

by | Jun 27, 2019 | Manufacturing IT, Podcast

I’ve been busy behind the microphone lately. Here is news about my latest Gary on Manufacturing podcast (I’m taking suggestions for a new name since I cover a much broader area than manufacturing) plus a conversation I had for an SAP-sponsored podcast with the famous Tamara McCleary for a series called TechUnknown. Finally, I will refer you to an education resource Website.

Gary on Manufacturing 191

Podcast 191–If we are ever going to finally bring IT and OT together, indeed break through all of a company’s silos, it will be through adopting coaching as a key component of the manager’s tool kit. I reference Trillion Dollar Coach by Schmidt, Rosenberg, and Eagle—a book about legendary Bill Campbell and how his coaching made the difference for executives at Google, Apple, and many more Silicon Valley companies. I also take a look at another Bill—Bill Gates—whose 10 top tech trends and 10 top challenges to solve appeared in this spring’s MIT Technology Review.

TechUnknown Podcast

I had an entertaining and informative conversation with Tamara McCleary. How do you manage the human element of automation & #AI adoption? I share my thoughts on real-life applications for #IIoT with @TamaraMcCleary on the @SAP #TechUnknown podcast.

Earn a Masters Degree

Industries of all sorts have a need for data scientists. I heard from a publicist for a Website that consolidates and explains degree programs in that area. If you or someone you know wants career advancement or change, check out this page.

Follow this blog

Get a weekly email of all new posts.