Advice for Managing and Assessing Trustworthiness for IIoT

Advice for Managing and Assessing Trustworthiness for IIoT

by | Aug 8, 2019 | Internet of Things, Manufacturing IT

The spread of connected devices with the resultant flow of data throughout the industrial enterprise spurs concern for security and trustworthiness of that data. The Industrial Internet Consortium (IIC) and its members recognize this problem / challenge.

I normally have a conversation with the authors of the IIC papers to get a context and sense of all the work involved in their development. In this particular case, I ran out of time. Many of you know that I am up to my eyes in soccer activities at this time of year. I just finished leading a class of new referees while I am at one of my peak times for assigning referees to games. Sometimes, I just don’t have enough hours. I bet you have never felt that…

So, IIC has published the Managing and Assessing Trustworthiness for IIoT in Practice white paper. The paper serves as an introductory guide to trustworthiness in IIoT, which is driven by the convergence of IT with OT, and includes a definition of trustworthiness, examples and a best-practice approach to managing trustworthiness in IIoT systems.

Confidence is essential to business, including confidence that the consequences of decisions and processes are acceptable and that business information is handled properly. The advent of IIoT means that confidence is also now required in technologies, physical components, and systems in addition to confidence in individuals, organizations and processes.

“The fact is that it is possible to have ‘too much’ trustworthiness,” said Jim Morrish, co-Chair of the IIC Business Strategy and Solution Lifecycle Working Group. “Trustworthiness costs, in terms of the costs of devices and associated software, and also often in terms of user experience and functionality. A trustworthiness solution for a nuclear processing plant would be an unnecessary hindrance to the day-to-day operations of a peanut butter manufacturer.”

The white paper’s best-practice approach to managing trustworthiness is comprised of four phases: baselining the system, analyzing potential trustworthiness events, implementing trustworthiness targets and governance, and iterating and maintaining the resulting trustworthiness model.

“This whitepaper demonstrates that trustworthiness is more than just another academic phrase to describe expectations of stakeholders, operators and users of an IIoT system,” said Marcellus Buchheit, President and CEO of Wibu-Systems USA, cofounder of Wibu-Systems AG in Germany and co-chair of the IIC Trustworthiness Task Group. “This paper presents several models that show how trustworthiness can be practically used in business decisions to increase trust in an IIoT system under the impact of business reality and constraints.”

The white paper also highlights that trustworthiness is not a static concept. “An IIoT system must address trustworthiness requirements throughout the lifecycle of the system. This means that industrial IoT trustworthiness is not a project with a finite start and a finite end. It is a journey that must be powered by an established program,” said Bassam Zarkout, founder of IGnPower and co-author of the paper.

“Security is already recognized as one of the most important considerations when designing an IIoT system,” said Frederick Hirsch who is a Standards Manager at Fujitsu, and also co-chair of the IIC Trustworthiness Task Group. “This white paper expands on that thinking by recognizing that safety, privacy, reliability and resilience need to be considered in conjunction with security to establish trust that IIoT systems will not only be functional but also will not harm people, the environment or society.”

The white paper discusses a live example of an IIoT system analysed from a trustworthiness perspective. Fujitsu’s Factory Operation Visibility & Intelligence (FOVI) system (and IIC testbed) has the primary goal of bringing more visibility of operations to plant managers in near-real time. The goal is to reduce human errors, bring more predictability to product assembly and delivery, and optimize production all while ensuring a sufficient level of trustworthiness.

“FOVI highlights how the different aspects of trustworthiness can impact business performance,” said Jacques Durand, Director of Engineering and Standards at Fujitsu, co-Chair of the IIC Business Strategy and Solution Lifecycle Working Group and also a member of the IIC Steering Committee. “For instance slowing down a production line can reduce costs associated with stress on machinery and machine operators, but such a course of action may also adversely impact productivity or lead time. In the white paper we highlight the need to understand trade-offs and to use metrics in a data-driven and intelligent manner.”

The Managing and Assessing Trustworthiness for IIoT in Practice white paper sets the stage for further work that the IIC will undertake focusing on trustworthiness.

The full IIC Managing and Assessing Trustworthiness for IIoT in Practice white paper and a list of IIC members who contributed can be found on the IIC website.

Data Protection Best Practices White Paper

Data Protection Best Practices White Paper

by | Aug 6, 2019 | Security, Standards

Standards are useful, sometimes even essential. Standard sizes of shipping containers enable optimum ship loading/unloading. Standard railroad gauges and cars enable standard shipping containers to move from ship to train, and eventually even to tractor/trailer rigs to get products to consumers. 

Designing and producing to standards can be challenging. Therefore the value of Best Practices.

Taking this to the realm of Industrial Internet of Things where data security, privacy and trustworthiness are essential, the Industrial Internet Consortium (IIC) has published the Data Protection Best Practices White Paper. I very much like these collaborative initiatives that help engineers solve real world problems.

Designed for stakeholders involved in cybersecurity, privacy and IIoT trustworthiness, the paper describes best practices that can be applied to protect various types of IIoT data and systems. The 33-page paper covers multiple adjacent and overlapping data protection domains, for example data security, data integrity, data privacy, and data residency.

I spoke with the lead authors and came away with a sense of the work involved. Following are some highlights.

Failure to apply appropriate data protection measures can lead to serious consequences for IIoT systems such as service disruptions that affect the bottom-line, serious industrial accidents and data leaks that can result in significant losses, heavy regulatory fines, loss of IP and negative impact on brand reputation.

“Protecting IIoT data during the lifecycle of systems is one of the critical foundations of trustworthy systems,” said Bassam Zarkout, Executive Vice President, IGnPower and one of the paper’s authors. “To be trustworthy, a system and its characteristics, namely security, safety, reliability, resiliency and privacy, must operate in conformance with business and legal requirements. Data protection is a key enabler for compliance with these requirements, especially when facing environmental disturbances, human errors, system faults and attacks.”

Categories of Data to be Protected

Data protection touches on all data and information in an organization. In a complex IIoT system, this includes operational data from things like sensors at a field site; system and configuration data like data exchanged with an IoT device; personal data that identifies individuals; and audit data that chronologically records system activities.

Different data protection mechanisms and approaches may be needed for data at rest (data stored at various times during its lifecycle), data in motion (data being shared or transmitted from one location to another), or data in use (data being processed).

Data Security

“Security is the cornerstone of data protection. Securing an IIoT infrastructure requires a rigorous in-depth security strategy that protects data in the cloud, over the internet, and on devices,” said Niheer Patel, Product Manager, Real-Time Innovations (RTI) and one of the paper’s authors. “It also requires a team approach from manufacturing, to development, to deployment and operation of both IoT devices and infrastructure. This white paper covers the best practices for various data security mechanisms, such as authenticated encryption, key management, root of trust, access control, and audit and monitoring.”

Data Integrity

“Data integrity is crucial in maintaining physical equipment protection, preventing safety incidents, and enabling operations data analysis. Data integrity can be violated intentionally by malicious actors or unintentionally due to corruption during communication or storage. Data integrity assurance is enforced via security mechanisms such as cryptographic controls for detection and prevention of integrity violations,” said Apurva Mohan, Industrial IoT Security Lead, Schlumberger and one of the paper’s authors.

Data integrity should be maintained for the entire lifecycle of the data from when it is generated, to its final destruction or archival. Actual data integrity protection mechanisms depend on the lifecycle phase of the data.

Data Privacy

As a prime example of data privacy requirements, the paper focuses on the EU General Data Protection Regulation (GDPR), which grants data subjects a wide range of rights over their personal data. The paper describes how IIoT solutions can leverage data security best practices in key management, authentication and access control can empower GDPR-centric privacy processes.

The Data Protection Best Practices White Paper complements the IoT Security Maturity Model Practitioner’s Guide and builds on the concepts of the Industrial Internet Reference Architecture and Industrial Internet Security Framework.

The Data Protection Best Practices White Paper and a list of IIC members who contributed to it can be found on the IIC website 

Understanding Risk Exposure of IoT Devices

Understanding Risk Exposure of IoT Devices

by | Aug 1, 2019 | Internet of Things, Manufacturing IT

Cybersecurity as a concept or even as a term didn’t exist when I discussed the future of connected control systems devices with my customer, a senior control systems engineer for an automotive component manufacturer in the 1990s. He was aware of potential problems of connectedness when he told me, “I will never run a wire from a control system in this plant.”

Today? Everything is connected. Cybersecurity is a known, if sometimes devalued, challenge. How much do organizations understand the risk exposure of IoT devices? Deloitte and Dragos, Inc. share top risks to organizations in current IoT environment.

Key takeaways:

  • In the digital age, cyber is everywhere. Cyber risk now permeates nearly every aspect of how we live and work. Organizations should better understand how to manage the risks created by known and unknown Internet of Things (IoT) and Industrial IoT (IIoT) devices. 
  • Security-by-design saves time: it takes longer to retroactively fix issues than it does to do it correctly the first time when building the product. 
  • Security-by-design reduces cost: it costs more to mitigate the risk of vulnerability exploitation than to implement security in the beginning.
  • According to a recent Deloitte poll, nearly half of respondents (48%) realized it is imperative, when developing or deploying secure-by-design connected products and/or devices, that both of these conditions exist:
  • o DevSecOps embedded throughout the design/acquisition, implementation, and deployment lifecycle.
  • o Cross-functional technology that includes teaming with legal, procurement and compliance across pre- and post-market deployments.

Why it matters?

The number of cyberattacks, data breaches and overall business disruption caused by unsecured IoT/IIoT devices are increasing because many companies don’t know the depth and breadth of the risk exposures they face when leveraging IoT devices and other emerging technologies. IoT and IIoT are a set of business and technology innovations that offer many compelling benefits, but they also present significant cybersecurity risks and a greatly expanded attack surface. Mitigating these risks by understanding IoT/IIoT platform security can help organizations realize greater potential and benefits of these innovations.

Why is security-by-design important?

Deloitte and Dragos are teaming on a number of client initiatives to help organizations embed a security-by-design approach and to manage the risk of industrial control systems (ICS) and operational technology (OT) environments by enabling them to better monitor and assess threats. Organizations can benefit from a better understanding of threats in this environment, which can then be used to develop and embed cybersecurity strategies into organizational and technology strategy.

Security-by-design (for designing an IoT/IIoT product) is about incorporating cybersecurity practices by default into the product’s design as well as (for onboarding an acquired IoT/IIoT product) incorporating cybersecurity practices by default into the environment in which the IoT product is implemented.

Beyond securing ICS and OT systems, this combination of cyber risk services and technologies can provide a more complete picture of an organization’s ICS and OT threat landscape through active monitoring that can better inform scenario planning and response.

The following top risks were outlined by leaders from Deloitte Risk & Financial Advisory’s cyber practice and Dragos in a recent Deloitte Dbriefs webcast, The Internet of Things and cybersecurity: A secure-by-design approach:

Top 10 security risks the current IoT environment poses

  1. Not having a security and privacy program
  2. Lack of ownership/governance to drive security and privacy
  3. Security not being incorporated into the design of products and ecosystems
  4. Insufficient security awareness and training for engineers and architects
  5. Lack of IoT/IIoT and product security and privacy resources
  6. Insufficient monitoring of devices and systems to detect security events
  7. Lack of post-market/ implementation security and privacy risk management
  8. Lack of visibility of products or not having a full product inventory
  9. Identifying and treating risks of fielded and legacy products
  10. Inexperienced/immature incident response processes

Key quotes
“Security needs to become embedded into the DNA of operational programs to enable organizations to have great products and have peace of mind. Today all sorts of products are becoming a part of cyber: from ovens to instant cookers, 3D printers to cars. Organizations need to consider what can actually go wrong with what is really out there and look at those challenges as a priority.”
– Sean Peasley, a partner in Risk & Financial Advisory and the Consumer & Industrial Products leader and Internet of Things (IoT) Security leader in Cyber Risk Services at Deloitte & Touche LLP

“Organizations need to think through this. There are a lot of requirements and they need to figure out a strategy. When looking at product security requirements, I see this as a challenging aspect as organizations get a handle around what they are manufacturing. There are organizations for example in industries such as health care, medical devices, and power and utilities that are starting to ask questions of their suppliers as they consider security before they deploy devices into their customer ecosystem. Where I see a lot of organizations struggle is in understanding system misconfiguration or not having the architecture they thought they did in order to make sure their manufacturing environment is reliable.”
– Robert M. Lee, CEO at Dragos Inc.

About the online poll

More than 4,200 professionals across industries and positions participated in and responded to poll questions during the Deloitte Dbriefs webcast, “The Internet of Things and cybersecurity: A secure-by-design approach” held May 30, 2019. Answer rates differed by question.

A majority (81%) of respondents indicated that information security is accountable for the securing of connected products in their organization. The information security team is still primarily where boards look to drive their cyber agenda but as the 2019 Future of Cyber survey indicates, cyber is becoming everyone’s responsibility. It is critical to understand that if you are the plant manager you likely have the responsibility to the safety and liability of the operation. But the challenge is that everyone does have a role to play. Ultimately, the CEO is going to be held accountable.

Organizational confidence in security

How confident are respondents that their organizations’ connected products, devices, or other “things” are secure today? Not very. More than half
of respondents (51%) were somewhat confident, while 23% were uncertain or somewhat not confident, with only 18% feeling very confident in their organizations’ ability to secure connected products and devices. This may be as a result of there being an overall lack of standardization across industries for security and awareness of cyber risks and connected devices.

Guidance for security-by-design

A positive revelation in the results was when 41% of respondents indicated that they look to industry and professional organizations for guidance in driving security-by-design within their organizations. Another 28% said that they look first to regulatory bodies and agencies that set the standards; and 22% indicated their leading practices were developed internally for providing that guidance in driving security-by-design.

According to Peasley and Lee, it is a favorable strategy for organizations to understand leading practices and standards of peer organizations first, and then look to the regulatory bodies that are starting to shape standards and regulations and help inform the standards and regulations that are to come.

These results conflict with another question regarding whether their product teams use a defined set of product cybersecurity requirements as input for requirements selection. Twenty-eight percent use an industry defined framework, and 41% indicated a custom framework, while 30% of respondents indicated “No” that they didn’t use a defined set of requirements. The results of this question indicate there is still much work to do across the industry to influence and inform on standards for cybersecurity.

Considerations for organizations

• Understand the current state of product security and develop a cyber strategy: Whether designing connected products or acquiring such products to implement internally, assess how products, including the data they produce, are protected and develop a cyber strategy to drive improvement.

• Establish security-by-design practices: Integrate security-by-design into the design of the product itself or into the design of the ecosystem architecture, through requirements, risk assessments, threat modeling and security testing.

• Set the tone from the top: Ensure the right people are engaged and have ownership of the process – from leadership to the relevant product security subject matter experts to the product teams.

• Have a dedicated team and provide them with ample resources: Don’t expect enterprise security teams to cover missions without adding new resources for them; build a dedicated team that has product-based experience and provide training as needed to increase knowledge.

• Leverage industry-available resources: Rather than developing and providing unique questionnaires to your device vendors, use publicly-available industry resources.

Worth noting

• “Secure IoT by design: Cybersecurity capabilities to look for when choosing an IoT platform

• According to the recent Deloitte “2019 Future of Cyber” survey, there are notable gaps in organizations’ abilities to meet cybersecurity demands for the future. Results from the survey indicate that many cyber organizations are challenged by their ability to help better prioritize cyber risk across the enterprise (16%). To see additional results the Future of Cyber survey, download a copy.

The Dragos ICS asset identification, threat detection, and response platform distills decades of real-world experience from an elite team of ICS cybersecurity experts across the U.S. intelligence community and private industrial companies. Dragos’ offerings also include threat hunting and incident response services, and Dragos WorldView for weekly threat intelligence reports. Dragos is headquartered in the Washington, DC area.

Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500 and more than 5,000 private and middle market companies.

Plant Digitization Through Real Time Locating System

Plant Digitization Through Real Time Locating System

by | Jul 30, 2019 | Asset Performance Management, Manufacturing IT

I first met Quuppa and saw a demo of its real time locating system at the 2018 Hannover Messe. I have written about it here and here. The company has developed an interesting technology and application.

They wrote about industrial  applications picking up, so I asked for an example. Below is a story about defining a problem, sourcing a solution, and then implementing it.

NGK Ceramics is a global specialist in the manufacturing of ceramic substrates used in catalytic converter applications for automotive, truck and off-road vehicles. The US manufacturing facility, located in Mooresville, North Carolina, covers more than 500k square feet with 365 days a year, twenty-four hours a day operations.

The facility was initially designed in 1988 to serve a limited geographical area in the US. However, with the business growing faster than expected and more areas being served by the same production plant, NGK faced a major challenge: how to grow the capacity of the North Carolina industrial plant. Efficiency was clearly the answer. As a first step, ASRS (Automated Storage and Retrieval Systems), together with AGV’s (Automated Guided Vehicles), were introduced to move pallets and materials in the shop floor without human intervention.

Even if this mitigated the problem, it was still not enough to manage high, yet variable, production demands in the long run. As a result, during production peaks, the pallets transporting both raw materials and semi-finished goods were temporarily stored all around the shop floor according to specific procedures. While this addressed the problem of lack of (ASRS) storage space, it introduced a significant new one, the additional time spent finding and moving pallets from one production phase to the next. At least two workers per shift were assigned to this task: just searching for and moving pallets.

In addition to this, at least once a year a complete plant inventory is required to verify all materials stored in the facility, but not yet shipped or sold. During this activity, the entire plant was surveyed, and all pallets were identified and verified against the data registered in the internal ERP system. This activity could take up to one week, with the slow down (if not interruption) of the production activities. Inevitably, any items lost or duplicated created an impact on the bottom line.

To deal with these issues, in 2017 NGK Ceramics decided to explore how solutions based on a Real Time Locating System (RTLS) could help by providing a Digital Twin of the manufacturing plant: the location of every pallet would be tracked continuously and that data would be synchronized with NGK’s MRP systems. This tracking of pallets provides a real-time view of where they are located in the industrial plant, with a number of supporting services to easily and rapidly search them and manage the production cycle.

TRACKING SOLUTION: REQUIREMENTS NGK Ceramics decided to evaluate a number of different scenarios for implementing a RTLS to track the progress of material and semi-finished goods throughout the flow of its manufacturing process. The key requirements to be addressed by the solution were:

• Configurable tracking accuracy: since the industrial plant covers a large area, with different uses of the spaces within the plant (production area vs. stocking areas vs. corridors), the ability to vary the location accuracy of asset tracking was important. In some areas, where the density of pallets is typically high (such as the warehouse) sub-meter accuracy is required in order to easily locate a specific pallet among the many stocked there. On the other hand, a 10 metre accuracy is sufficient in corridors or transit zones, where it is sufficient to track the presence of the pallet in the zone;
• Infrastructure cost: as NGK Ceramics facility is rather large, the number of RTLS antennas required to achieve the desired accuracy was clearly an important variable of the solution to be adopted. This impacted both the cost of the infrastructure as well as the costs related to the cabling (e.g., connectivity and power). Another factor was the cost of the tags to be attached to the pallets. This extended beyond the capital cost to also include the cost of replacing the batteries in the tags.
• Asset search and location functionality : NGK wanted this Digital Twin to be used in a variety of ways, from centralized systems to hand-held devices using a Google maps style red dot metaphor, so how the system was able to process the information and extract actionable knowledge for the final user (the worker in the shop floor) was important. This required addressing issues related to the usability and ergonomics of the system, Machine-2-Machine (M2M) application integration, while delivering on its intended use and the need to facilitate the searching and location of assets.
• Maturity of the solution: an enterprise-ready solution was requested. This refers to the support for active monitoring services of both the platform and the RTLS infrastructure. Any device or software component deployed in the facility needed to be monitored, with notifications sent in case of anomalies in the system. This includes the battery status of the devices/tags used for tracking the pallets.

DIGITISING THE PRODUCTION PROCESS NGK retained the services of Statler Consulting a specialist in the area of beacons and RTLS technologies, and issued a Request for Proposal (RFP) for a solution able to track in real-time the assets in their facility, and to deliver the necessary supporting services for the optimisation and real-time control of their production process. Among the many solutions proposed, ThinkIN was chosen as it proved to be the best match to the requirements identified by NGK. ThinkIN is an innovative IoT platform for real-time tracking, monitoring and control of assets and workforce in industrial environments.

ThinkIN technology is based on Quuppa4 RTLS for the high precision location of assets in the shop floor. Quuppa utilizes a unique combination of Bluetooth Low Energy (BLE) and the Angle of Arrival (AoA) methodology, as well as advanced location algorithms that have been developed over the course of more than 15 years, to calculate highly accurate, real-time indoor positioning, even in the most demanding environments, including inside warehouses and manufacturing facilities. The low-power system is a reliable, highly-customizable, scalable and costefficient solution for providing an accurate “dot on the map.”

ThinkIN platform provides a comprehensive set of services ranging from real-time support (e.g, asset search and location, alerts and geo-fencing, etc.), to Industrial IoT analytics. It also includes a number of tools to support the active monitoring of the infrastructure (both hardware and software) and a comprehensive set of user interfaces to explore the data collected and used to locate assets in real-time in the shop floor. In terms of tracking technology, Quuppa RTLS provided an optimal trade-off in terms of location accuracy, number of antennas required to cover the NGK facility and maturity of technology.

Overall 95 antennas are used to cover the complete NGK facility, with a location accuracy of approximately one meter in the areas of interest and approximately 5 meters in other areas. Different tag form factors were evaluated. Eventually, a custom Bluetooth Low Energy tag with a slim badge form factor was designed and manufactured in order to optimally align with NGK’s existing manufacturing process. The tag ensures 4+ years of life without battery replacement. Pallets, carrying products or semi-finished goods, are identified by means of their Product Travel Ticket (PTT), which includes all the necessary information about the kind of product manufactured, together with information on production stage ( e.g. forming line, firing in kilns, etc.). At the very beginning of the production process, an RTLS TAG is associated with the pallet Travel Ticket through a mobile application running on a scanner.

The application allows the scanning of both the QR code present on the PTT and the QR code on the TAG. This association creates a Digital Twin of the pallet, which is now tracked in real-time throughout its manufacturing process. The pallets can now be easily located through the ThinkIN mobile service. Additionally, plant-level views allow staff to monitor the status of the pallets across the entire facility, maintaining an always up-to-date inventory of all pallets stocked or moving in the facility.

Starting from ThinkIN open APIs, a dedicated mobile interface was created for an optimal utilisation of data over the shop-floor and to facilitate the work of employees in the search and location of pallets with a specific Travel Ticket. Figure 3: Tracking of assets in NGK facility Additional services delivered through the ThinkIN platform enable the quality control of pallets depending on their production stage, with alerts being triggered if the pallet moves into areas not allowed. To prevent this, a specific geo-localised workflow is imposed on the travel path of pallets depending on their production process. Warnings are raised when the specific workflow is not adhered to.

LOOKING AHEAD

The project started in 2017 with an initial pilot phase, and is now scaling up to the entire production plant with a possible extension in the coming years to other NGK manufacturing sites. NGK is planning to obtain a return on their investment in a 2 year time frame. Today we are in year two and ThinkIN solution is integrated with the production control system adding value to the manufacturing process by making the pallet searching process more effective.

ThinkIN’s platform has allowed NGK to digitize the shop floor by recreating the plant on screens accessible to all workers. Thanks to the data collected by tags and devices, workers can use the interface to find pallets around the manufacturing plant based on the information of the goods transported by the pallets, such as product type, bench number, kill cycle, and other key criteria for the production routing.

The efficiency of the shop floor was significantly increased thanks to ThinkIN for Industry. In the first year, NGK Ceramics reduced the costs of the wasted time searching for pallets and of the time spent doing the annual inventory. Thanks to the new solution, the inventory is constantly up-to-date. Moreover, the accuracy in tracking reduced the risk of accidents caused by the movement of pallets with forklifts in the shop floor searching for the needed pallet. ThinkIN for Industry, therefore, is a location intelligence technology that by capturing data from the shop floor in a digital platform offers the chance to automate the real world in new ways that can enhance and optimise workflows in the shop floor.

Understanding Risk Exposure of IoT Devices

Open Source IoT Project Reaching Maturity

by | Jul 12, 2019 | Commentary, Internet of Things, Manufacturing IT, News

It is great to see things mature–whether kids or adults or technologies. Or an open source project called EdgeX Foundry. Yesterday I had the pleasure of two exciting teleconferences regarding the latest release of EdgeX Foundry, named Edinburgh, from the Linux Foundation’s LF Edge organization. I’ve had many conversations with Jason Shepherd, LF Edge Board Member and Dell Technologies IoT and Edge Computing CTO, over the past three years. When we finally got a chance to catch up yesterday afternoon, he could not have concealed his excitement had he tried.

I have written about EdgeXFoundry here from Hannover 2017, again in 2018, and when incorporated in Linux Foundation’s LF Edge umbrella. This IoT platform is more than a platform. During my Hannover visits of 2017 and 2018 it seemed that all God’s children need to develop their own IoT platform. Of course, when a company develops a platform the goal is to connect as many apps as possible to its main application.

I have also been involved with organizations trying to accomplish this same thing through standards. Problem is, you just can’t get technology supplier companies to sign up for a platform that forces their products to be subservient to standards. The better approach is Loosely Coupled (book by Doug Kaye).

 The first conversation was with Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation, and Keith Steele, chair of the EdgeX Foundry Technical Steering Committee and CEO of IOTech. They walked me through the release and its meaning.

Important takeaway–This Open Source IoT Platform/Ecosystem is now stable and ready for PrimeTime.

Highlights:

  • Enables IoT digital transformation for Enterprise, Industrial, Retail and Consumer
  • Supports complementary products and services from global open ecosystem including commercial support, training and customer pilot programs 
  • Deployed in many end user projects; EdgeX also collaborates with IIC on AI testbeds and is the foundation for the Open Retail Initiative (ORI)

Created collaboratively by a global ecosystem, EdgeX Foundry’s new release is a key enabler of digital transformation for IoT use cases and is a platform for real-world applications both for developers and end users across many vertical markets. EdgeX community members have created a range of complementary products and services, including commercial support, training and customer pilot programs and plug-in enhancements for device connectivity, applications, data and system management and security.

Launched in April 2017, and now part of the LF Edge umbrella, EdgeX Foundry is an open source, loosely-coupled microservices framework that provides the choice to plug and play from a growing ecosystem of available third party offerings or to augment proprietary innovations. With a focus on the IoT Edge, EdgeX simplifies the process to design, develop and deploy solutions across industrial, enterprise, and consumer applications. 

Thefourth release in the EdgeX roadmap, Edinburgh offers a stable API baseline for the standardization of IoT edge applications that future-proof IoT investments by fostering an ecosystem of interoperable microservice-based capabilities and decoupling investments in edge functionality in areas such as connectivity, security and management from any given backend application or cloud. The EdgeX framework is designed to facilitate the secure deployment and management of devices and applications at the edge to accelerate time-to-market and enable new data-based services and capabilities such as Artificial Intelligence (AI) and Machine Learning (ML).

“Since its launch, EdgeX Foundry has experienced significant momentum in developing an open platform that can serve as the industry framework for IoT and edge-related applications,” said Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation. “EdgeX Foundry is one of the anchor projects for LF Edge and Edinburgh release is a major step in unifying open source frameworks across IoT, Enterprise, Cloud and Telco Edge.”

“Having started the EdgeX movement with a small team at Dell before contributing the code to the Linux Foundation, it’s certainly amazing to see the traction we’ve gotten through open, vendor neutral collaboration in a few short years,” said Jason Shepherd, former chair of the EdgeX Foundry Governing Board and IoT and Edge CTO, Dell Technologies. “It’s a testament to the power of the network effect in the open source community which ultimately enables developers to focus on value rather than reinvention.” 

EdgeX Foundry’s community adoption continues to accelerate. Currently, there are more than 100 unique contributors to the project and code downloads are approaching 5,000 a month at a 75% month-to-month growth rate. Momentum is expected to continue with EdgeX’s Edinburgh releaseand rapidly growing commercial support in the ecosystem. 

Key features for this release include:

  • Stability: Stable API’s protecting future investment and supporting future long term support
  • Connectivity:More SDKs for north and southbound connectivity and a wider range of standard connectors
  • New Features: Significant new features, including binary data support, database swapability and improved APIs to help facilitate management/monitoring capability
  • Global Support:Support from the global EdgeX Foundry ecosystem – as well as the broader LF Edge umbrella community – that offers a range of complementary products and services

“With this EdgeX Edinburgh release, we will radically change how businesses develop and deploy IoT edge solutions,” said Keith Steele, chair of the EdgeX Foundry Technical Steering Committee and CEO of IOTech. “Edinburgh is a significant milestone that showcases the commercial viability of EdgeX Foundry and the impact that it will have on the global IoT edge landscape.”

Learn more aboutdocumentation, a new use caseand the technical details for theEdinburgh releaseon the EdgeX website.  

Market Utilization of EdgeX Foundry 

Since the project inception, there have been tens of thousands of trials and pilot deployments of the EdgeX framework in the field and many of these are converting to production with the Edinburgh release. Several organizations already provide commercial solutions based on EdgeX, with many others folding it into their product roadmaps. For example:

  • Edge Xpert:From IOTech Systems, Edge Xpert uses the latest stable release of EdgeX Foundry to create a commercially supported solution from the baseline open source technology. IOTech will also soon announce hard real-time extensions to EdgeX.
  • MFX-1 IoT Edge Gateway: From Mainflux, the MFX-1 IoT Edge Gateway based on the EdgeX Foundry framework, is an edge computing solution supported with the EdgeFlux application for gateway management. Integrated with Mainflux IoT Cloud Platform it provides comprehensive Cloud /Edge IoT System.
  • NetFoundry Ziti Edge: NetFoundry’s Ziti Edge provides programmable, software-only “Northbound” connectivity for EdgeX Gateway applications and services. Based on Zero Trust security principles, with integrations for HW root of trust based identity and Trusted Execution Environments (TEE), Ziti Edge delivers secure “Silicon-to-Cloud” connectivity, using any Internet connection, while keeping both sides of the connection “dark” to the Internet.
  • VMware Supports EdgeX: Developers who deploy any combination of EdgeX Foundry and/or Project Photon OS with VMware Pulse IoT Center can receive support from VMware for both Pulse IoT Center and EdgeX open source software. When used with Pulse IoT Center’s device management capabilities, open source tools such as EdgeX offer developers increased control over how, when, and where they run their applications and manage their data.

The EdgeX framework is also being leveraged in various industry collaborations. For example, in collaboration with the Industrial Internet Consortium (IIC) EdgeX is used as the foundation for the Optimizing Manufacturing Processes by Artificial Intelligence (OMPAI) testbed which explores the application of AI and industrial internet technologies, deployed from the edge to the cloud, to optimize automotive manufacturing processes. EdgeX is also the foundation for the Open Retail Initiative (ORI) which has the goal of facilitating open innovation within the retail/commerce space.  Work for the ORI is manifested within the Commerce Working Group in the EdgeX project and initial target use cases include computer vision-assisted advanced loss prevention. 

Planning Ahead

Later this summer, the first EdgeX Foundry ecosystem hackathon will be hosted in the Bay Area. This initial event will be tied to the Commerce Working Group, hosted by Intel within the EdgeX project, with various award categories for implementation of the EdgeX framework in retail use cases. The best all-around winner will get to showcase their solution at future LF Edge or EdgeX Foundry events. Details will be available in late July via the EdgeX website, email list and Slack channel.

Additionally, LF Edge will host a workshop entitled “State of the (LF) Edge” on August 20 in San Diego, Calif., co-located with  Open Source Summit North America(August 21-23).  More details are available here.

Support from Contributing Members and Users of EdgeX Foundry

  • “EdgeX Foundry is the key component of Beechwoods IoT gateway solution that allows our customers to engage confidently in edge computing technology. With the Edinburgh release, this solution will be ready to transition from customer engagement to product deployment.” – Brad Kemp, President, Beechwoods Software
  • “The Edinburgh release of EdgeX Foundry brings much needed standardization and stability for edge computing in production environments through an open source, common framework. The availability of the EdgeX Foundry snap enables developers an easy path to getting started with EdgeX Foundry, and benefit from confinement, easy integration into their own infrastructure, and automatic updates. In addition, this release introduces new device snaps providing integration with MQTT and ModBus.”- Loic Minier, IoT Field Engineering Director, Canonical
  • “As EdgeX Foundry reaches maturity with the Edinburgh release, CloudPlugs is excited to also announce the integration of the CloudPlugs IIoT platform with the open EdgeX ecosystem.  CloudPlugs IoT is a robust backend to deploy, orchestrate and manage EdgeX-compliant devices and micro service-based applications, as well as to manage and visualize field data. The EdgeX framework provides new levels of flexibility in field-level interoperability and the combination of EdgeX with CloudPlugs IoT delivers a powerful, end-to-end software and service stack to digitize assets and to deploy commercial and industrial IoT solutions at scale.” – Jimmy Garcia-Meza, CEO, CloudPLugs Inc.    
  • “EdgeX Foundry provides an important software platform standardizing on the south bound IoT device connectivity and northbound data storage connectivity and allows vendors to plug-in their core IoT capabilities in between. FogHorn is aligned with this data ingestion and publication standardization and will continue to collaborate as appropriate.” – Sastry Malladi, CTO, FogHorn
  • “The EdgeX platform offers HMS Networks a path to quickly build Industrial IoT solutions by providing predefined set of services for I/O functionality. HMS has created a J1939 service for EdgeX platform to help simplify IoT solutions for the commercial vehicle telemetry market. Ultimately, the EdgeX platform will significantly reduce the R&D investment required to create a majority of the Industrial IoT applications required in the market today.” – Tom McKinney, Director Engineering Services and Business Development, HMS Networks 
  • “EdgeX Foundry is an important project arriving at the right time. It promises to connect devices to capabilities, and then get out of the way so you can run containerized workloads to generate insights, run model scoring, or detect anomalies… all at the edge. IBM is collaborating with EdgeX Foundry as part of our hybrid cloud strategy to help enterprises unlock the value of data from on-premises to the cloud to the edge.” – David Boloker, Distinguished Engineer, IBM
  • “EdgeX Foundry’s open source platform enables the industrial software ecosystem to integrate rapidly with ioTium’s managed services converged infrastructure offering – it’s microservices framework with open APIs is a powerful driver in the fragmented Industrial Control Systems market. ioTium enables rapid scalable deployment of the EdgeX Foundry framework globally.”- Ron Victor, CEO, ioTium  
  • “EdgeX Foundry provides an open framework for ease of design, development, & deployment at the Edge, while addressing stringent security,  privacy & compliance requirements. NetFoundry added its vendor-agnostic, connectivity-as-code solution to  EdgeX in order to enable developers and integrators to get similar ease of use, security and performance for their northbound application connectivity to core, clouds and service meshes. With the release of the EdgeX Edinburgh release, the EdgeX Foundry developer community has all the tools needed to deliver on market needs and ensure secure, agile innovation at the Edge” – Galeal Zino, CEO, NetFoundry Inc.
  • “As Digital Transformation for IoT gathers momentum, companies are demanding the same reliability, performance and security at the edge as they are used to getting from their Cloud Computing stack. With this release, EdgeX with Redis Labs RedisEdge not only delivers upon those expectations, but provides an ecosystem of open source technologies and plug-ins such as Redis Modules that help developers innovate.” – Dave Nielsen, Head of Community and Ecosystem Programs, Redis Labs
  • “EdgeX Foundry addresses the problem of the license stack at the IoT Edge constantly increasing in cost by providing a well architected, high performance, open source platform that can be used for industrial solutions today.” – Mike Malone, Vice President, Technotects, Inc.
  • “EdgeX Foundry’s global community ecosystem has experienced explosive growth, and the tangible advances delivered in the EdgeX  Edinburgh release are exciting developments for edge computing. We fully support EdgeX Foundry’s goals to establish an open interoperable framework for edge computing to provide developers with increased control over how, when, where and with whom they run their applications and manage their data. We look forward to continuing our contributions to the EdgeX Foundry community and related efforts in fostering open industry-wide innovation such as the Open Retail initiative.” – Mimi Spier, Vice President, Edge and IoT Business, VMware
  • “As a founding member of LF Edge, Wipro is proud to have contributed to the Edinburgh release. We will continue to actively participate as it is a key platform for delivering open, microservices-based, edge IoT applications for today’s interoperable distributed enterprise world.” – Andrew Aitken, general manager and global open source practice leader, Wipro Limited.
  • “ZEDEDA’s vision is to free cloud-native and legacy apps to run on any edge device anywhere in the world. This vision drives our support for EdgeX Foundry and its mission of promoting open interoperability between edge devices. We’ve made our virtualization solutions compatible with EdgeX releases because we believe they will have a central role in our industry’s future.” – Joel Vincent, VP Marketing, ZEDEDA

Follow this blog

Get a weekly email of all new posts.