A New Internet of Things Operating System

What’s this? A new Internet of Things operating system in the making? I’ve been on a 3-day holiday this week. But I’m still reading my news feed. Then two articles popped up on Computerworld about Google’s new operating system Fuchsia (built on Magenta, those colorful Google developers!).

Here is an article by Sharon Gaudin. “Analysts see it as independent of Android and Chrome, set on different market.”

With Google apparently working to develop a new operating system, speculation is centered on whether the company is looking to play a big role in running the Internet of Things (IoT).

“The important thing is that this could be Google’s bid to supply the OS that runs Internet of Things-type systems,” said Dan Olds, an analyst with OrionX, a technology analyst firm. “This could be an OS to run on sensors that, for example, check on fertilizer levels in farmers’ fields or voice recognition features for fitness products. The array of possibilities in these devices is endless and they all need some sort of operating system.”

Speculation about what Google is up to arose late last week and focused on whether the company is looking to either add to its OS family of Android and Chrome or to begin to replace them.

According to a report from Android Police, which spotted Google’s extremely cryptic and basic description of Fuchsia on the project’s GitHub page the new operating system’s kernel, called Magenta, is designed to be used on everything from tiny embedded devices to laptops.

And another article from Nick Mediati. “Nobody quite knows what it’s for (yet), but according to Android Police, Fuchsia can run on just about any kind of device.”

For years, Google has developed two operating systems side-by-side in Android for mobile devices and Chrome OS for laptops and desktops. But it looks as though Google now has a third operating system project underway known as Fuchsia.

Although Google isn’t revealing much, Android Police dug into the documentation for the project on GitHub and discovered more details about the OS. The biggest takeaway, Android Police notes, is that Fuchsia’s kernel, known as Magenta, is designed to work across a wide range of devices—from small “embedded devices” all the way up to desktops and laptops.

In addition, Fuchsia makes use of Google’s Dart programming language, as well as the company’s Material Design-friendly Flutter user interface framework.

Here is the GitHub link and another Google link.

Or Engadget, Google’s Fuchsia operating system runs on virtually anything.

Android Police, Google is developing an OS called “Fuchsia,” runs on All the Things

There are many more. Wonder what’s up? What do you think? Will we use it?

The Internet of Things Is Coming–According to MIT Anyway

The Internet of Things Is Coming–According to MIT Anyway

Internet of ThingsEveryone is in a rush to get an opinion or observation published about the Internet of Things. Evidently it gets lots of page views. Recently other analysts have been publishing thought pieces on IoT in Industry. It appears they have reached the same conclusion that I first broached a couple of years ago. The IoT is not a “thing.” To make any sense of it and use it for any strategy, it must be thought of as an ecosystem encompassing a variety of technologies.

Here is an article that appeared in the Sloan MIT Management Review. Since I am a subscriber, I don’t know if you can see the article at this link.

The writer is Sam Ransbotham is an associate professor of information systems at the Carroll School of Management at Boston College and the MIT Sloan Management Review Guest Editor for the Data and Analytics Big Idea Initiative. He suggests, “The Internet of Things will bring huge changes to the way markets and businesses work — and it could get messy.”

Here is a bromide that I’ve read a thousand times, “Most businesses aren’t ready for the changes to the marketplace that the Internet of Things will bring. But the time to prepare for them is now.”

Actually most business adapt. Some are visionary and will develop new products, processes, and services–and make a lot of money. Others will adapt and survive. Still others will wonder what happened and die. That is the way of business for at least 5,000 years.

Use Case for Internet of Things

“Yes, the potential insights from IoT are enticing. For example, it’s fun to think about the potential personal and even societal benefits from self-driving cars, such as fewer accidents, no problems with parking, more productivity while traveling, car sharing, greater infrastructure efficiency, etc. But perhaps a more profound implication is the data that they can collect. These cars will also be widely distributed “things,” gathering performance data that can help manufacturers diagnose problems, operational data that can help mechanics prevent failures, driver data that can help insurers understand risk, road data that can help cities improve infrastructure, etc. These kinds of insights, we’re ready for.”

But there are a lot more changes coming with the IoT transformation than many people may recognize.

Ransbothem looks into information technology as a model for what will happen in IoT. “About a decade ago, advances in information technology converged to fuel a boom in corporate use of analytics. First, widespread implementation of information systems captured unprecedented amount of data in ways that could be used in isolation or combined. Second, tools and technologies allowed the inexpensive storage and processing. Third, savvy analytical innovators creatively combined these to show everyone else what could be done.”

We have seen all this play out in industrial systems. There remains more to be done, here, though.

He proceeds to look at Internet of Things. “First, the cost and physical size of sensor technology have dropped such that they can be incorporated into most items. Second, widespread communications infrastructure is in place to allow these distributed components to coordinate. Third, once again, savvy innovators are showing the rest of us the possibilities from the data they collect.”

Manufacturing and production are not only poised to exploit these technologies and strategies, they have already been implementing to one degree or another. But his point is valid. IoT needs the ecosystem of sensing devices, networking, communication technology, databases, analytics, and visualization.

Ransbothem identifies four areas of change. Of these, I direct your attention to the last–process changes. I think everything feeds into process changes–not just the processes to make things, but also the information technology, supply chain, and human processes that must not only adapt but thrive with the new information awareness.

  • Market Power: IoT should provide a greater amount and a greater value of data, but are companies ready to align their interests in obtaining value from this data with the multiple other companies and end users who create, own, and service the products that originate the data? In the driverless car example, it is easy to see how multiple stakeholders could make use of the data from cars; the same is true for other devices. But it may not be clear who owns what data and how it can be used.
  • Complexity: Few organizations are prepared to be hardware and software development companies. But that’s what the Internet of Things will enable. As products are built with embedded sensors, the component mix increases in complexity. As a result, manufacturing systems and supply chains will become more elaborate. Software embedded in products will need to be updateable when the inevitable shortcomings are found.
  • Security: If we believe data is valuable, then we need to be ready for people to want to take it from us — why would data be any different than any other precious item? The IoT context intensifies the need for security requirements; for example, sensors or software that allow physical control of the product make attacks easier.
  • Process Changes: Many business processes continue to be “pull” oriented. Information is gathered, then analyzed, then decisions are made. This works when change is slow. But with the IoT transition, data will stream in constantly, defying routine reporting and normal working hours. Flooding data from IoT devices will give opportunities for quick reaction, but only if organizations can develop the capacity needed to take advantage of it. Few mainstream large companies are ready for this, much less small- to medium-sized companies that lack the resources of their larger corporate brethren.

 

The Internet of Things is bringing and will continue to bring advances in how we do business. How well will executives, managers, and engineers execute on this vision? That is key.

ARC Industry Forum – Digital Tech in Manufacturing and Production

ARC Industry Forum – Digital Tech in Manufacturing and Production

ARCbanner-300x250We are closing in on February and time to start thinking about the ARC Industry Forum in Orlando. I went to my first one in 1998 and have my airline and hotel reservations for this edition.

Given the demise of general industry trade shows, there are precious few opportunities to see a large cross section of the automation and control industry. This is one.

I have 2 or 3 appointments set. If you are there, ping me. Maybe we can do a “meet up” in the lounge before everyone splits for dinner or something.  Or stop me to chat during the week. ARC has once again planned an afternoon of press conferences for its sponsors. I’ll arrive in time to listen if you are presenting.

The 20th Annual ARC Industry Forum has the theme, “Industry in Transition: Navigating the New Age of Innovation”.

The conference is February 8-11, 2016 at the Renaissance Sea World in Orlando, Florida.

ARC says, “New information technologies such as Industrial Internet of Things (IIoT), Smart Manufacturing, Industrie 4.0, Digitization, and Connected Enterprise are ushering in a new age of innovation. These concepts are clearly moving past the hype, where real solutions are emerging backed by strong business cases. Expect to see innovations in smarter products, new service and operating models, new production techniques, and new approaches to design and sourcing. Join us to learn how this industrial transformation will unfold and what other companies are doing today to embrace innovation and improve their business performance.”

Questions they expect to address:

  • How will inexpensive, easy-to-install sensors change existing products and plants?
  • Will cyber security concerns impede disruptive innovation?
  • What kind of intelligence will machines have and what value will this bring?
  • What role will Wi-Fi and LTE play?
  • How do Big Data and predictive and prescriptive analytics enable operational change?
  • What is the opportunity in aftermarket services?
  • What software capabilities are needed to achieve transformational change?
  • Which industries are already changing?
  • What steps can organizations take to foster innovative thinking?

Forum’s Keynote Presentations

Michael Carroll, Vice President, Innovation & Operations Excellence, Georgia-Pacific

Michael joined Georgia-Pacific in 2010 to focus his technological and entrepreneurial talents on innovation and leadership. Prior to that he and a partner formed McTech Group, a company focused on innovative products for the building products and construction industry. In addition to his Executive Vice President responsibilities, Michael formed a Joint Venture designed to sell consumer “DIY” products to big box retailers like Wal-Mart, Home Depot, and Lowe’s. Previous positions include Director of Operations at Riverwood International, CEO of North and South American Operations at Shepherd, and Principal Change Agent at Mead Paper.

Sandy Vasser, Facilities I&E Manager, ExxonMobil Development

Sandy has been with Exxon or ExxonMobil for over 35 years and has been involved in a number of Upstream projects covering offshore facilities, onshore facilities, and cogeneration facilities. He currently manages a team of about 120 electrical and I&C professionals responsible for the design, installation, and commissioning of electrical generation and distribution systems, process control systems, and safety instrumented systems for all major ExxonMobil Upstream capital projects. This team is also responsible for developing, promoting and implementing strategies, practices, processes, and tools for successfully executing project automation and electrical activities.

Rob High, Vice President and Chief Technology Officer, Watson Solutions, IBM Software Group

Rob has overall responsibility to drive Watson Solutions technical strategy and thought leadership. He works collaboratively with the Watson engineering, research, and development teams across IBM. Prior to joining Watson Solutions, Rob was Chief Architect for the SOA Foundation and member of the IBM Academy of Technology. He championed an open industry architectural definition of the principles of business and IT alignment enabled by SOA and business process optimization, as well as ensuring IBM’s software and services portfolio is architecturally grounded to enable for efficient SOA-based solutions. Rob has 37 years of programming experience and has worked with distributed, object-oriented, component-based transaction monitors for the last 26 years.

Real-Time Cyber Attack Detection for SCADA Devices

Real-Time Cyber Attack Detection for SCADA Devices

cybersecuritySCADA devices and networks remain a prime target for cyber attacks. Everything I’ve written has approached cybersecurity from a different angle. This is the first solution that has come my way that uses a deception approach.

Attivo Networks announced Dec. 7, 2015 a release of its deception-based Attivo BOTsink solution that provides continuous threat detection on Industrial Control Systems (ICS) SCADA devices used to monitor and control most manufacturing operations as well as critical infrastructure such as natural gas, oil, water, and electric power distribution and transmission systems around the world. Cyberattacks on these targets can and have resulted in disruption of critical local, regional, and national government and commercial infrastructures. As a result, when they are breached, the impact on societies they serve stands to be catastrophic.

According to a study by the Pew Internet and American Life Project, 60 percent of the technology experts interviewed believe that a major cyberattack will happen. The damages to property and ensuing theft will amount tens of billions of dollars, and the loss of life will be significant.

Scalable SCADA protection

“We are proud to be the first in the industry to provide customers a globally scalable, deception-based threat detection solution for SCADA protection,” emphasizes Tushar Kothari, CEO of Attivo Networks. “Many of our customers from the energy industry have requested the extension of our Attivo Deception Platform into their production and manufacturing control networks so they can get real-time visibility and the ability to promptly identify and remediate infected devices. As one stated, ‘a breach on those networks can be catastrophic and Attivo wants to do everything we can to prevent a disaster or risk to lives.”

SCADA systems had originally been designed to monitor critical production processes without consideration to security consequences. Security had been generally handled by keeping the devices off the network and the Internet using “air gaps” where malware could only be transmitted by the thumb drives used by technicians. However, today vulnerable SCADA systems are increasingly being connected to the corporate IT infrastructure and Internet, making them easily accessible to a remote attacker.

Examples of this would be the Sandworm malware that attacked Telecommunications and Energy sectors, Havex malware that infected a SCADA system manufacturer, and BlackEnergy malware that attacks ICS products manufactured by GE, Siemens, and Advantech. These attacks primarily targeted the operational capabilities of these facilities. With the increased malicious and sophistication of malware, concerns are now escalating to fears of an irreversible disaster.

Situational awareness

“Industrial systems have increasingly come under scrutiny from both attackers and defenders,” said Chris Blask, Chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC). “Situational awareness is the focus of the ICS-ISAC and its membership, including the ability for asset owners to detect and respond to incidents on their systems.”

These devices generally have long lifecycles creating an exposed environment driven by equipment that is less hardened and patches made infrequently. Additionally, because of their critical functions, SCADA devices cannot be taken offline frequently or for any length of time. This, along with costs that can run into the millions for every hour the network is offline, has made patching very difficult, often as infrequent as once a year, leaving many industrial facilities open to attacks. These risks are quite large considering these devices are found everywhere in electrical facilities, food processing, manufacturing, on-board ships, transportations and more.

“Companies operating in critical infrastructures like energy, utilities, nuclear, oil and gas know that they are not only vulnerable to the same security issues faced by most enterprises, they have the added enticement as a rich target for cyber terrorism,” stated Tony Dao, Director Information Technology, Aspect Engineering Group. “They recognize that securing their industrial control processes is not only critical to them, but to the institutions they serve. A loss would not only have repercussions throughout their economic sector but throughout the entire economy.”

The vulnerabilities begin with the use of default passwords, hard-coded encryption keys, and a lack of firmware updates, which pave the way for attackers to gain access and take control of industrial devices. Traditional perimeter-based solutions are designed to detect attacks on these devices by looking for suspicious attack behavior based on known signature patterns. SCADA supervisory systems are computers running normal Windows operating systems and are susceptible to zero day attacks, in which there are no known signatures or software patches. Several vulnerabilities also exist in the standard and proprietary protocols within Logic Controllers. Popular protocols include MODBUS (supervision and control), DNP3 (Energy and Water), BACNET (Building Automation), and IPMI (Baseboard Management Control).

Deception technology

Attivo Networks takes a different approach to detecting cyber attacks on ICS- SCADA devices. Instead of relying on signatures or known attack patterns, Attivo uses deception technology to lure the attackers to a BOTsink engagement device.  Customers have the flexibility to install their own Open Platform Communications (OPC) software while running popular protocols and PLC devices on the BOTsink solution making it indistinguishable from production SCADA devices. This provides real-time detection of BOTs and advanced persistent threats (APTs) that are conducting reconnaissance to mount their attacks on critical facility and energy networks.  Additionally, BOTsink forensics capture information including new device connections, issued commands and connection termination, enabling administrators to study the attacker’s tools, techniques, and information on infected devices that need remediation.

The Attivo SCADA solution is provided through a custom software image that runs on its BOTsink appliance or virtual machine. SCADA BOTsink deployment and management are provided through the Attivo Central Manager, which provides global central device management and threat intelligence dashboards and reporting.

“To a significant degree, the growing security problems impacting industrial control systems have originated from the fact that ICSs are increasingly less and less isolated from outside networks and systems, and ICSs are now more susceptible and vulnerable to attacks,” comments Ruggero Contu, Research Director at Gartner in his Market Trends: Industrial Control System Security, 2015 report.  “At the heart of this change is the demand to integrate enterprise IT systems to operational technology, and for remote connectivity.”

Check out this whiter paper. Dynamic Deception for Industrial Automation and Control Systems

CyberSecurity Blog Looks at IIoT Challenges

Belden’s “The State of Security” blog has published “5 Key Challenges for the Internet of Things (IIoT)” featuring thoughts from a variety of experts and observers. They included a couple of paragraphs from me. Check it out.

Key Challenge #1: Settling on Device Capabilities

Key Challenge #2: Supply Chain Concerns

Key Challenge #3: Security

Key Challenge #4: Bridging the Gaps that Divide Us

Key Challenge #5: Safety

Follow this blog

Get a weekly email of all new posts.