Info sec, AI and ethics – some thoughts #codemesh

On By Kate CarruthersIn ideasLeave a comment

I’m heading off to speak at the CodeMesh Conference in London shortly and I’ve been thinking about the emerging boundaries between information security, AI and ethics. I will post some thoughts as they evolve.

Developers (and others) and ethical approaches

We need to help everyone, from coders through info sec professionals to senior organisational leaders, to understand that information security, AI and ethics are part of the everyday landscape for everyone now. It is no longer something that someone else does and it needs to become embedded into our everyday practices.

Nobody has all of the answers, and nobody even has all of the questions. But this intersection between information security, privacy, AI and ethics is becoming increasingly important as we start to think about the kind of future we are building. We need to think about to create the kind of future we want and not merely wander blindly into some kind of dystopian future.

In particular, ethics is an area that we do fairly well in academic research. Universities have well-established ethics processes and there is a high level of consciousness among researchers of its importance. But in business this is not even a secondary consideration. There is general theoretical agreement that everyone ought to take an ethical approach to their work, but it is not always welcome in practice. And yet business folks have a part to play in creating ethical workplaces. We all do.

In software development some of the practices that have been proposed – things like Privacy by Design or Security by Design – are interesting,  yet I’ve not seen either in the wild. These are sensible approaches, and Privacy by Design is even part of GDPR so it might even work (eventually). Yet neither of these explicitly focuses on ethics.

And all of this is not much help when a developer is approached by a business person and is asked to develop something that might be ethically a bit shady. Look at the example of the developer for Volkswagen who went to prison for his role in creating software to deceive regulators around the world. There can be real world consequences for poor ethical decision making in the workplace.

VW engineer sentenced to 40-month prison term in diesel case: [he] was a “pivotal figure” in designing the systems used to make Volkswagen diesels appear to comply with U.S. pollution standards, when instead they could emit up to 40 times the allowed levels of smog-forming compounds in normal driving. – Reuters 26 Aug 2017

It all seems to point to a need to develop ways for business people to run an ethical lens over their ideas way earlier than when they approach a developer.

One approach that has merit is something like the Ethics Canvas, which is inspired by notions like the Lean Canvas or the Business Model Canvas. A simple and easy to use tool such as this could provide business folks with a way to consider the ethical implications of things that they ask developers to do. I’ve started to use the Ethics Canvas at work in some projects, it will be interesting to see how it goes.

 

Future proof your career – some tips for women

On By Kate CarruthersIn ideas

Spoke at a women in technology conference recently on the topic of how to future proof your career. It might seem strange that I hardly mentioned technology at all in this talk. But the essentials for a long career are mostly outside of technology. Any intelligent person can pick up technology skills, but other essential skills include:

  • Self analysis and self understanding
  • NO to office housework
  • Support networks
  • Power of sponsorship
  • Impostor syndrome
  • And lastly, actual technology

Self analysis and self understanding

Self analysis and self understanding are the first thing to consider. If you can get a clear eyed understanding of your strengths and weaknesses this provides a good foundation for managing your career. This will also help with the development of the ability to take rejection, to ignore it, and to move on regardless. You will be rejected – sometimes because you are a woman, sometimes for other reasons. But if you have clear idea of your skills and the value that you provide then you can pick yourself up, regroup and get on with things.

Resilience counts – a career is a marathon not a sprint!

Another key skill to develop is not to take things personally at work. I always imagine that they are talking to the chair when someone appears to be having a go at me. Many times I have found out later that the person who was giving me a hard time was upset about something completely different. Of course there can be the case where someone really is out to get you – I’ve suffered from bullying at work before – the best thing to do in that case is to engineer an exit as soon as possible.

‘Wisdom is the principal thing; therefore get wisdom: and with all your getting get understanding.’ Proverbs 4:7

Take every opportunity to obtain a 360 degree understanding of yourself. And ensure that you seek feedback from diverse and reliable sources. Take time out to reflect on your work and assess it dispassionately. Learn to recognise your strengths and weaknesses, so that you can use your strengths and improve on your weaknesses. I often say that it’s not a weakness if you know about it and can compensate.

Say ‘NO’ to office housework


Office housework consists of the myriad of little tasks around  the office that folks just assume that women will do. These range from filling the dishwasher, to tidying the bench tops, buying the birthday cakes and opening the mail. People will unconsciously expect women to do it.

  • Stop doing it immediately (unless, of course, you really really want to do it)
  • It takes time for which you are not remunerated
  • It distracts you from your mission

If you consider how much of this you’ve probably done over your career it really adds up over the years. And our male colleagues have been blissfully ignoring all of this unremunerated labour and coasting past us.

Find your support network

Find a work support network. Often social friends will not understand your work context and you do need someone who understands. I’ve had conversions with family members as I try to explain some work thing and watch their eyes glaze over, or they simply do not have the mental map for my work. The main thing is that you need a cheer squad of folks who understand your work context and who can also provide contextually relevant advice.

Another sad fact is that sometimes colleagues at work will diverge as you progress in your career. This is especially true if you have risen up the ranks within a single organisation. In that case there might be envy or resentment, so you might need to socialise with different folks.

Discover the power of sponsorship

Sponsorship not mentorship. As noted in this article:

‘Mentors advise. Sponsors act.’

A sponsor is someone who will advocate on your behalf. Mentors are helpful when you need advice, but to really get ahead a sponsor can be more useful. It is helpful to have mentoring throughout your career, but a sponsor can help to make things happen and be real change agent for your career.

Nobody knows you feel like an impostor

Impostor syndrome is real, and almost everyone experiences it at some time. But the important thing to remember is that nobody knows how you feel so heed the advice to ‘fake it until you make it’ or rather ‘fake it until you become it’ as Amy Cuddy argues.

The crucial thing about imposter syndrome is that there is clear evidence that you are not an imposter, that is, someone has given you a particular role. You have the feeling that you are an imposter but there is evidence that you are not.

The Dunning–Kruger effect is a cognitive bias wherein persons of low ability suffer from illusory superiority, mistakenly assessing their cognitive ability as greater than it is. Therefore by having imposter syndrome at least you know you’re not suffering from the Dunning-Kruger effect.

New jobs will emerge as technology changes

The 21st century offers us great challenges and opportunities. Things like the  digital revolution, AI, machine learning, Internet of Things, big data and data science, and Quantum computing – among others – are all going to change things beyond recognition. Always be looking to generalise your current skillset into the next big thing, and keep in mind Amara’s law:

‘We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.’

As Paul Roehrig, chief strategy officer for Cognizant Digital Business, notes:

‘People skills are more and more important in an era where we have powerful and pervasive technology,’ he says. ‘It sounds counterintuitive, but to beat the bot, you need to be more human.’

21st Century skills include:

  • Problem solving
  • Creativity
  • Analytic thinking
  • Collaboration
  • Communication
  • Ethics, action, and accountability

Above all…

You can have multiple careers

Don’t panic!

Remember to breathe

Data is the engine of the fourth industrial revolution

On By Kate CarruthersIn ideas1 Comment

“Data is the new oil and we are in the midst of the fourth industrial revolution that is driven by the internet of things. The old fossil fuelled industrial revolutions are in their dying days and we are seeing the birth of a new era that will reshape everything that we know.”
– Kate Carruthers

Last week at the 2018 Stanford University Women in Data Science Conference in UTS Sydney I spoke on a panel along with Theresa Anderson,  Ethel KarskensNicole Dyson , Aurelie Jacquet,  Joanne Cooper, and Angela Chin. 

As first speaker I got to set the scene for the remaining speakers, here is a summary of my remarks.

My remarks

One thought to start with. I am currently the Chief Data & Analytics Officer at UNSW Sydney, and this job did not exist when I left school, and this job did not exist when I graduated from university. So, do not worry about educating kids for the jobs of the future when we probably cannot even imagine what those jobs will be. We’re at an exciting point now where people can’t be trained for the jobs they’ll have in the future because they don’t exist yet. Of all the things that I have studied, history, philosophy and anthropology have been among the most useful. And they have actually been a good grounding for an unknown future.

Data is the new oil and we are in the midst of the fourth industrial revolution that is driven by the internet of things. The old fossil fuelled industrial revolutions are in their dying days and we are seeing the birth of a new era that will reshape everything that we know. We’ve had industrial revolutions before, this is just the next one.

Data scientists are the currently the new high priests, but not for long, as algorithms take over from them. Data engineers are the new coal miners, preparing the data ready for use in new applications which are only now emerging.

This is the next stage of the digital revolution. It includes VR/AR and the internet of things. Everything will change. Things that were impossible will become possible.

Things that will change

Among the things that will change are:

  • Education is on the brink of changes, and it will make the way that we were educated so divergent from the modern world. Technologies such as VR and AR will drive change in the place and nature of education and the role of educators are shifting from chalk and talk to technology and facilitation of discovery.
  • Science and Engineering will bring us new technologies such as quantum computing and CRISPR-Cas9 genome editing technology that will revolutionise everyday life.
  • Medicine is at the start of a new world of genomic medicine powered by data, AI and machine learning.
  • Home life with intelligent devices like Google Home and Alexa are reshaping how we manage our homes.
  • Autonomous vehicles are becoming a reality faster than I had imagined a few years back.
  • Jobs will change – some jobs will go, for example truck drivers, and new jobs will emerge as things like autonomous vehicles become the norm.

All of this is powered by data and enabled by the internet of things.

The people who are educated in data will be well placed in this new economy. Data science and cybersecurity grads will be well placed, and we are already seeing this in the graduate outcomes.

Challenges

We still face big challenges with things such as privacy and identity management. There is still no one ring to rule all in identity. The threats to privacy and data security are increasing. With biometric data being stored by companies in the cloud, our identities with our unchangeable features such as voice and finger prints, are now more at risk than ever.

Also, we face threats such as the increasing corporatisation and creation of proprietary goods from our data. As folks say if you’re not paying then you are the product.

And this means that old fashioned things like ethics will become increasingly important in both education and in business.

I’m particularly (and increasingly) interested in digital ethics. I think that we will need to develop customary practices that embed ethics into software development. Ideas like privacy by design and security by design will need to become commonplace.

There are huge opportunities offered by this new industrial revolution. There will be winner and losers. And the higher education sector has an important role in both inventing this future and in preparing young people to be a part of it. It is certainly an interesting time to be alive.

Thank you.

Data For Public Good

On By Kate CarruthersIn ideas

I’ve been meaning to share this discussion for ages: from the Constellation Research Conference last year on Data For Public Good.

Data data data everywhere but what to do with the deluge?

It was a wideranging discussion about how to extract the signal from the noise and ponder how data can be used for the public good. The panel discussed the power of data for health care, public sector, education, and society, and how organistions can tap in to the power of data and do good. It is clear that there is no guarantee that data will do good without our help.

Moderator: Doug Henschen
Chief Data Officer at UNSW Australia: Kate Carruthers
Director at NDSSL, Biocomplexity Institute of Virginia Tech: Madhav Marathe
Principal Digital Architect, ASRC/Federal Communications Commission: Andrew Nebus

Executive Exchange – Data For Public Good from Constellation Research on Vimeo.

Some thoughts on digital and data Ethics

On By Kate CarruthersIn ideas

‘We ask ethical questions whenever we think about how we should act. Being ethical is a part of what defines us as human beings.’
The Ethics Centre, Sydney

Humans have been thinking about the moral principles that govern our behaviour or the way in which we conduct ourselves for aeons. We are moving at lightspeed towards a new and exciting future that is built on algorithms, data, and digital technologies. Ethics is an area of increasing importance since we are barreling forward with the proliferation of data through digital and IoT and there seems to be little opportunity to slow things down.

I’ve been thinking about digital and data ethics since I joined Steve WilsonDavid BrayJohn Taschek, and R “Ray” Wang  on a Digital Ethics for the Future panel with in 2016.

5 propositions about data

  1. Data is not neutral – that is all data is subject to bias
  2. There is no such thing as raw data – that is, by the simple mechanism of selecting data, you have exercised judgment as to which data to include or exclude
  3. The signal to noise ratio has changed – we now have so much data that there is more noise than signal and it gets difficult to ascertain what is the signal
  4. Data is not inherently smart – it is our interpretation of data that adds value
  5. The more data we have the less anonymity – thus it becomes increasingly difficult to avoid identification

Why this is important

There have been numerous examples of data breaches for example the Australian Red Cross and the nation of Sweden. Every data breach is the result of some defect in the design, development or deployment of the technology. These breaches could be prevented by means of including some ethical frameworks into the design, build and deployment phases.

By the way, the World’s Biggest Data Breaches visualisation tool provides an excellent and mesmerising way to explore data breaches.

It is also interesting to recall the ease with which Microsoft’s Tay Twitter bot was trained to become rather nasty very quickly. Thus demonstrating the need to be sure of the training data one uses and to ponder the potential consequences of design and deployment decisions:  Twitter taught Microsoft’s AI chatbot to be a racist asshole in less than a day.

microsoft_tai-1024x575

And there is the recent example of bathroom soap dispensers having been designed to recognise white hands not coloured ones. This is obvious bias from the design and development team, and  an example of why diversity in teams is critical. The fact the average developer is white male means that it is likely that every design has as its default setting as a white male.

The issues of bias – both unconscious and conscious – are enormous.

Data is increasing at a vast rate, as demonstrated by this chart from the IDC Data Age 2025 study, and this means that we need to develop ethical frameworks to support the acquisition, management and analysis of large datasets .

Some existing approaches

Universities have a long history in managing ethics, but even they are struggling with the implications of the complex data sets and algorithms that they are dealing with.

Over the years the ICT industry has developed a number of codes of ethics and codes for professional practice, yet many developers and data scientists are mostly unaware of these. Some examples of these codes of practice include:

But realistically, if developers have not even heard of these codes then how can they possibly influence the design of solutions that avoid bias and other ethical issues?

Some newer approaches

“Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.’

Bruce Schneier

There are the beginnings of some new approaches, such as the Accenture: 12 guidelines for developing data ethics codes. And recent initiatives such as the OWASP Security by Design Principles and the Privacy by Design might well provide a good starting point for thinking about how we can embed good practice into the design and building of data sets and algorithms.

There is some good discussion of these issues  in  Floridi, Taddeo What is Data Ethics? (2016), and as they note, we need to examine ethics in terms of the following categories:

  • data – including how we generate, record and share data, including issues of consent and unintended uses of the data
  • algorithms – how we interpret data via artificial intelligence, machine learning and robots
  • practices – devising responsible innovation and professional codes to guide this emerging science

There have been developments in the area of community based approaches to improving digital and data ethics, chiefly in the area of machine learning and AI. Here are some examples of groups working in this area:

Some new ways to think about digital and data ethics

‘Complexity is a defining feature of the digital era, and we are not adjusting our governance structures to manage it.’

Kent Aitken, Prime Ministers Fellow, Public Policy Forum Canada, 2017

We need to be clear that technology has no ethics. It is people who demonstrate ethics. And technology inherits the biases of its makers.   We need to develop ethical frameworks and governance practices that enable us to develop solutions that are better from an ethical perspective.

I believe that if we start from the principles of Privacy by Design and Security by Design that we have a fairly firm practical basis for the future.

One thing is certain at an institutional level, information security , privacy and data governance will need more work to form a solid foundation to enable better data ethics.

References

Data governance and cybersecurity

On By Kate CarruthersIn ideas

The connection between data governance and cybersecurity might not be immediately apparent. But if one considers the ‘5 knows of cyber’, it becomes obvious that cybersecurity is all about data, and data is all about information, and we want information to be secure.

I use the ‘5 knows’ as the foundation of our data governance framework, because it really helps people to understand why data governance is important and how it can help them. And if people can understand the why then they can move towards controlling their data more effectively. And once we move towards managing our data then we can start to manage information.

Cybersecurity is very much a team sport, it is a collaboration between teams – Data & Information Governance, Cybersecurity, Risk Management, IT Operations, and the business units. There is no way any single group can manage security, especially with the emerging threat landscape.

But the fundamentals of data governance are an essential starting point for the collaboration:

  • policies, standards, procedures and guidelines for data governance
  • governance groups to coordinate activities
  • data classification
  • data handling guidelines
  • system classification
  • an information security management system

 

Data Governance: 5 Tips for getting started

On By Kate CarruthersIn ideas

I’ve been reflecting on the past year and one big focus area was data governance. Rolling out a data governance program along with an Information Security Management System (ISMS) is a big job for a large and complex organisation, and it is a multi-year project. We are in year two of the data governance program and over the past few years there have been a number of lessons learned.

It is all very easy to throw up one’s hands and say that it is all too hard, that data wants to be free, or that governing data is impossible. Yet to enable new ways of analysing data (and dare I say it, big data), and for effective cyber security management, we must work out how to do data governance.

Tips for getting a data governance program started

  1. Clarify your mandate. Get your policies and procedures sorted out early. An official policy clarifies your mandate for running the data governance program and can assist in obtaining buy-in.  My starting point was a definition:

    “Data governance is the organization and implementation of policies, procedures, structure, roles, and responsibilities which outline an enforce rules of engagement, decision rights, and accountabilities for the effective management of information assets.”

    Source: John Ladley, Data Governance: How to Design, Deploy and Sustain an Effective Data Governance Program, 2012

  2. Setup an effective governance structure. This seems like an obvious thing, but many organisations struggle with this. Getting the right structure setup and the right people involved is critical to success. I have setup a Data Governance Steering Committee (DGSC), which has oversight of the entire program, with cross-organisational executive involvement, and it has been very important in obtaining credibility. The DGSC is supported by another Committee, which takes a more hands-on day to day role in deciding how we manage data across the organisation. We also work closely with IT, Privacy, Procurement, and Legal  to ensure that they are involved in the data governance program.
  3. Make a start. Typically in a large organisation it can be daunting to consider data governance and to know where to start. Find an area of the organisation that has some willing people and just get started. This lets you demonstrate success and leverage that success to get the next area of the organisation involved.
  4. Take inspiration from other organisations. Don’t feel the need to invent data governance from scratch. Talk to other practitioners – they’re usually delighted to find a fellow traveler. Find groups where data and information governance folks hang out, like The Data Governance Institute: The DGIInformation Governance ANZ or the Data Management Association Australia (DAMA). The kind folks at DG @ Stanford University were particularly helpful to me in the early days. Of course check out my Data Governance website at UNSW Sydney, where we have shared our policies, processes and practices.
  5. Ignore the vendors. there are a plethora of vendors who say they have solutions for data governance. Ignore them. It is not about the tools, it is about practice and culture.

 

Future of work and the growth of populist politics

On By Kate CarruthersIn ideas

The future of work has been an emerging issue for a long time, and now as automation disrupts traditional employment, it is safe to say that it has emerged. It is becoming increasingly urgent to find a solution for those displaced. We need new ideas and approaches to this problem. Otherwise we will see a large number of people out of the workforce for long periods, with a concomitant growth in populist politics and the destruction of the social compact.

A good example of the issue is a recent article on NPR that shows the most common job in every US state in 2014. With the prevalence of the job of ‘truck driver’ across the country there is going to be some real pain felt when autonomous trucks hit the road in the near future. Already the so-called rust belt in the US is suffering from underemployment, and it’s about to get much worse. It’s pretty clear that all these truck drivers are unlikely to become coders, so what shall we do?


We are seeing the fight by employers to reduce wages bills means that they are adopting automation wherever it is feasible, for example: Thanks To ‘Fight For $15’ Minimum Wage, McDonald’s Unveils Job-Replacing Self-Service Kiosks Nationwide.

More entrepreneurial, approaches are appearing, but they are on a small scale. Ideas like Phil Morle’s #nextmonday initiative, where he hosted a two day workshop where former Ford employees learned how to go about turning an idea into a new business. And initiatives like code clubs for kids seek to add new digital skills to student’s portfolios.

The gig economy is growing as old-fashioned jobs with benefits are killed off by cost saving initiatives. Even in New South Wales we  see local government jobs are being taken by cheaper foreign workers.

This growth in job uncertainty will see changes in society that we remain unprepared for. It changes the nature of the social compact with which we are all familiar. In the recent past one obtained a permanent job, borrowed money to buy a house, educated your kids and life was good. Now in the more precarious gig economy, loans for housing or cars will be difficult to come by, and home prices in east coast Australia remain stubbornly high. At the same time, conservative governments are focused on austerity and are seeking to cut costs on welfare payments and to make welfare more difficult to obtain. In Australia, under the conservative government, this seems to be following the trajectory of the UK Conservative policy, and it will likely have the similar consequences as the rules get increasingly tight.

This lack of permanency in the job market will likely drive a growth in populist politics, empowering people to vote against the major parties in Australia and overseas. This phenomenon will be similar to what happened in the UK with Brexit and US with Trump, and it means that we face continued growth in minor parties in the Senate and possibly even in the House.

It is fast approaching the time for nations to consider new policy options, such as the idea of a universal basic income. But I do not think that conservative governments will support such a notion. And therefore we are in for interesting times as the old social compact disintegrates and the world of work changes forever.

Digital citizens and the future of government

On By Kate CarruthersIn ideas

Hosted a panel at the UNSW Michael Crouch Innovation Centre last week with Selena Griffith on Digital Citizens and the Future of Government with Dominic Campbell, Penny Webb-Smart, and Amelia Loye.

You can view the video here

Panel members

Dominic Campbell is a digital government entrepreneur with a background in government policy and technology-led change. He is an experienced in organisation design and has senior management experience in implementing successful change initiatives within public services. Having spent six years in government in the UK, Dominic established FutureGov in 2008. A team of 40, FutureGov supports digital and design thinking in government in the UK, Australia and many places in between. Dominic has previously been voted in the top 100 most influential people in UK local government.

Penny Webb-Smart is Executive Director, Service Reform for the Department of Finance, Services and Innovation in the NSW Government. The Service Reform team was established in February 2015 to facilitate digital and service innovation on a cross-agency basis that puts customer at the heart of NSW government. The key drivers for service reform are: * Accelerating digital government * Customer centric transformation * Joined up government services Penny’s has deep experience in digital transformation, service design and development, building customer-centric cultures, and developing strategic partnerships. Prior to NSW Government, Penny spent twenty years in financial services, consulting and telecommunications in Australia and New Zealand.

Amelia Loye is a social scientist with more than a dozen years’ engaging citizens and stakeholders for Government’s in Australia, New Zealand and Canada. She has engaged across the participation spectrum, for policy, planning and project development, for legislative change, and for community education and behavioural change. Amelia now provides strategic support for organisations wanting to practice digital democracy and improve the way they engage, consider social issues, and work with others to serve the needs of community. She is also well known for her work on Australia’s first Action Plan for Open Government.

 

 

Internet of Things and beyond: cyber-physical systems

On By Kate CarruthersIn ideas

The new industrial revolution is a cyber-physical systems revolution. The Internet of Things (IoT) forms a foundation for this cyber-physical systems revolution and it is driving the biggest shift in business and technology since World War II.

Introduction

“Cyber-physical systems (CPS) are physical and engineered systems whose operations are monitored, coordinated, controlled and integrated by a computing and communication core. Just as the internet transformed how humans interact with one another, cyber-physical systems will transform how we interact with the physical world around us.”[1]

It has been said that the world is on the brink of a fourth industrial revolution[2], and that this new industrial revolution is a cyber-physical systems (CPS) revolution. The Internet of Things (IoT) will form a key foundation for this cyber-physical systems revolution. The emergence of IoT is the beginning of a revolution that will have as great an impact on society and the way people and business are organized as the computer revolution did on the post-World War II era.

Machines now interact and interface with other machines and as well as human beings in new ways. The combination of AI, machine learning, the cloud, and IoT means that systems of machines will be able to interact with human beings, learn about them and adapt to their wants and needs.

These systems will also be able to apply the principles of behavioral economics[3] and enable human behavior to be ‘nudged’ in predetermined directions. Governments around the world are already setting up behavioral insight teams – also known as ‘nudge units’.[4] Further, marketers are already applying the principles of neuromarketing[5], where consumers’ sensorimotor, cognitive, and affective response to marketing stimuli are being studied with a view to driving consumer purchasing behavior based upon these studies.  It is likely that we will see autonomous machines adopting the use of these kinds of techniques to drive human behavior in predetermined ways. This trend is emergent, with fitness wearable devices, such as Fitbits[6], using social sharing and gamification to assist users in achieving fitness goals.

Other technologies supporting the evolution of IoT and the emergence of CPS include software-defined networks[7], software defined storage[8]. This drives automation of repetitive tasks, even for manual labor like bricklaying [9] – consumer products as well as industrial output[10]. This is reshaping industrialization, and regulatory frameworks for IoT are now beginning to emerge[11]. Issues like privacy, data ownership, and security will remain important for CPS.

With the emergence of IoT and CPS, consumers face new challenges with their personal data. The new devices, services, and products collect data in volumes hitherto unimaginable. The volume of data being collected about consumers and their activities is reshaping how business is done. For example, insurance companies can offer insurance premiums based, not upon actuarial assumptions, but upon real-time data provided by consenting human beings as they go about their daily activities[12]. This combination of real-time data and analytics enables pricing models and risk profiles can change subject to actual results in real time.

What Will Change?

There is emergence of the industrial internet together with the rise of networked industries, this convergence of industrial, digital, analytics, and connectivity is different, it is:

  • Shaped by a design focus;
  • Enabled by ubiquitous networks;
  • Driven by application ecosystems;
  • Enabled by different modalities such as flying drones, wearables and ingestible technologies;
  • Reshaping industries with adoption of autonomous computer systems, robotics, and 3D printing; and
  • Changing the nature of employment and restructuring the

Advances in IoT and related technologies make it possible to deploy CPS within which information from all related perspectives can be monitored and synchronized between the physical manufacturing locations and computational spaces. With real-time data analytics, capabilities together with software-defined infrastructure, networked machines will be able to perform more efficiently, collaboratively and resiliently. Thus, machines will connect autonomously to each other as and when required without human intervention. This trend is transforming manufacturing industries, leading some to call for a clear definition of CPS.[13] IoT and CPS build upon well-established protocols[14] and use enterprise grade cloud hosting.  Tools such as AI, machine learning, and data analytics are also critical[15], as are mesh networks and peer-to-peer connectivity.[16]

Societal and business impact

Identity, access, privacy and data security remain critical for IoT and CPS. However, as these systems become ubiquitous, understanding what autonomous systems are doing, recording and deciding in relation human beings will emerge as a problem area, together with commercial decisions made based upon this information.

There is be a shift from a product delivery model to a delivering products plus services model, and this is driven from a one-off product sales based model to an ongoing service delivery model. We are already seeing this shift from delivering a one-time only product to providing ongoing services to support connected products. This means that companies will to need to change the way their organization is structured to service customers and products on an ongoing basis.

“Business models will have to change. We used to build them [products], ship them and forget about them until we had to service them…”
“We’ve moved to a new world where we have to ship and remember.”[17]

The sharing economy[18] drives different utilization models for capital equipment, and it is already starting to change the way consumers and business provide access to capital equipment. Uber and Airbnb have enabled people to obtain greater utilization from their assets – cars and houses – to derive additional revenue from an existing asset. This idea of allowing other users to access existing capital equipment is growing, even in the manufacturing sector.[19]

Devices will increasingly communicate and operate autonomously and independent of human oversight. There was a recent example of a motor vehicle involved in an alleged hit-and-run accident where the car reported the accident.[20] The driver of the vehicle did not intend to report that accident, yet her connected vehicle did so autonomously. Thus in this connected world there are new affordances for business and consumers.  However, the reality of this connected world is only now starting to be perceived by society.

The regulatory landscape for IoT is evolving and regulators struggle to understand and support the rapid emergence of new services, products, and business models.[21] The regulatory landscape includes licensing and spectrum management, switching and roaming, addressing and numbering, competition, security and privacy. At present IoT is governed by a plethora of existing regulations, which may or may not be a good fit. A US Senate Committee on Commerce, Science and Transportation hearing noted that IoT is more than merely about consumer protection and privacy. It is also significant in industry and agriculture and that strong security in all devices critical: “We have to design security in at the beginning and throughout a connected device’s lifecycle,” said Intel IoT Group Vice President and General Manager Doug Davis.”[22]

Summary

CPS includes traditional embedded and control systems, and these will be transformed by new approaches from IoT. However, the challenge for IoT and CPS remains privacy, security and risk management. As less rigorously controlled systems are linked then risk becomes distributed and the provenance of software components becomes difficult to trace. This gives rise to questions around risk management and liability for breaches or damages. As demonstrated in the 2014 Target hack[23], via their HVAC provider’s system, third party systems are now attack vectors. Further, regulators have not yet addressed this issue of distributed or daisy-chained risk arising from connected systems.  Attacks on connected systems from nation state actors and non-state actors are also an increasing threat: “According to Crowdstrike researchers, targeted intrusions will continue to proliferate and nation-states will use espionage to collect information from any organization with valuable data that will serve the country’s national interests.”[24]  The big challenges that are raised by IoT and CPS center around risk, security, geopolitics, trust, and privacy.

Notes

[1] Rajkumar, Ragunathan Raj, Insup Lee, Lui Sha, and John Stankovic. “Cyber-physical systems: the next computing revolution.” In Proceedings of the 47th Design Automation Conference, pp. 731-736. ACM, 2010.

[2] Schwab, Klaus, “The Fourth Industrial Revolution: what it means and how to respond”, World Economic Forum, 15 December 2015, https://agenda.weforum.org/2015/12/the-fourth-industrial-revolution-what-it-means-and-how-to-respond/ (retrieved at 30 December 2015).

[3] Thaler, Richard H. and Sunstein, Cass R., Nudge: Improving decisions about health, wealth, and happiness, Yale University Press, New Haven, CT, 2008.

[4] Rutter, Tamsin “The rise of nudge – the unit helping politicians to fathom human behavior,” The Guardian, 25 July 2015, http://www.theguardian.com/public-leaders-network/2015/jul/23/rise-nudge-unit-politicians-human-behaviour (retrieved at 30 December 2015).

[5] Lewis, David & Brigder, Darren (July–August 2005). “Market Researchers make Increasing use of Brain Imaging”, Advances in Clinical Neuroscience and Rehabilitation 5 (3): 35+.

[6] https://www.fitbit.com/au (retrieved at 30 December 2015).

[7] Kirkpatrick, Keith. “Software-defined networking.” Communications of the ACM 56, no. 9 (2013): 16-19.

[8] Ouyang, Jian, Shiding Lin, Song Jiang, Zhenyu Hou, Yong Wang, and Yuanzheng Wang. “SDF: Software-defined flash for web-scale internet storage systems.” ACM SIGPLAN Notices 49, no. 4 (2014): 471-484.

[9] Redrup, Yolanda, “Robot bricklayer that can build a home in two days impresses on ASX debut”, The Australian Financial Review, 18 November 2015 , http://www.afr.com/technology/robot-bricklayer-that-can-build-a-home-in-two-days-impresses-on-asx-debut-20151118-gl1oa9#ixzz3vnAjAWIk  (retrieved at 30 December 2015).

[10] Regalado, Antonio “GE’s $1 Billion Software Bet: To protect lucrative business servicing machines, GE turns to the industrial Internet”, MIT Technology Review, 20 May 2014, http://www.technologyreview.com/news/527381/ges-1-billion-software-bet/ (retrieved 30 December 2015).

[11] Spencer, Leon “IoT could ‘smash’ Australia’s regulatory framework”, ZDNet Australia, 25 March 2015, http://www.zdnet.com/article/iot-could-smash-australias-regulatory-framework/ (retrieved at 30 December 2015).

[12] Olson, Parmy “Wearable Tech Is Plugging Into Health Insurance”, Forbes, 19 June 2014, http://www.forbes.com/sites/parmyolson/2014/06/19/wearable-tech-health-insurance/  (retrieved at 30 December 2015).

[13] Lee, Jay, Behrad Bagheri, and Hung-An Kao. “A cyber-physical systems architecture for industry 4.0-based manufacturing systems.” Manufacturing Letters 3 (2015): 18-23.

[14] Protocols include Wi-Fi, RFID, Zigbee, Bluetooth, 2G, 3G, 4G

[15] Kambatla, Karthik, Giorgos Kollias, Vipin Kumar, and Ananth Grama. “Trends in big data analytics.” Journal of Parallel and Distributed Computing 74, no. 7 (2014): 2561-2573.

[16] Wark, Tim, Peter Corke, Pavan Sikka, Lasse Klingbeil, Ying Guo, Chris Crossman, Phil Valencia, Dave Swain, and Greg Bishop-Hurley. “Transforming agriculture through pervasive wireless sensor networks.” Pervasive Computing, IEEE 6, no. 2 (2007): 50-57.

[17] Robinson, Teri, “IoT security forcing business model changes, panel says”, SC Magazine, 22 October 2015, http://www.scmagazine.com/iot-security-forcing-business-model-changes-panel-says/article/448668/  (retrieved at 30 December 2015).

[18] Zervas, Georgios, Davide Proserpio, and John Byers. “The rise of the sharing economy: Estimating the impact of Airbnb on the hotel industry.”Boston U. School of Management Research Paper 2013-16 (2015).

[19] Anagnost, Andrew “Not Just Airbnb and Uber: Why Manufacturing Is Already a Sharing Economy”, Autodesk LINE/SHAPE/SPACE, 8 December 2015, http://lineshapespace.com/manufacturing-sharing-economy/  (retrieved at 30 December 2015).

[20] Osborne, Charlie “Car calls 911 after alleged hit-and-run, driver arrested: A Ford safety feature has also turned out to be a way to track badly-behaved drivers”, ZDNet, 7 December 2015, http://www.zdnet.com/article/car-calls-911-after-alleged-hit-and-run-driver-arrested/  (retrieved at 30 December 2015).

[21] Soltani, Ashkan “What’s the security shelf-life of IoT?”, Federal Trade Commission, 10 February 2015, https://www.ftc.gov/news-events/blogs/techftc/2015/02/whats-security-shelf-life-iot?utm_source=govdelivery (retrieved at 30 December 2015).

[22] Bracy, Jedediah “Senate Committee Explores Internet-of-Things Regulation”, The Privacy Advisor, 12 February 2015, https://iapp.org/news/a/senate-committee-explores-internet-of-things-regulation/  (retrieved at 30 December 2015).

[23] Weiss, N. Eric, and Rena S. Miller. “The Target and Other Financial Data Breaches: Frequently Asked Questions.” In Congressional Research Service, Prepared for Members and Committees of Congress February, vol. 4, p. 2015. 2015.

[24] Vicinanzo, Amanda “Targeted Intrusions By Nation-State Actors Pose A Major Cyber Threat Going Into 2015”, 12 February 2015, Homeland Security Today, http://www.hstoday.us/single-article/targeted-intrusions-by-nation-state-actors-pose-a-major-cyber-threat-going-into-2015/1f96ee7a4b2867f1b1511387660bb4b8.html (retrieved at 30 December 2015).