Internet of Things and beyond: cyber-physical systems

Share

The new industrial revolution is a cyber-physical systems revolution. The Internet of Things (IoT) forms a foundation for this cyber-physical systems revolution and it is driving the biggest shift in business and technology since World War II.

Introduction

“Cyber-physical systems (CPS) are physical and engineered systems whose operations are monitored, coordinated, controlled and integrated by a computing and communication core. Just as the internet transformed how humans interact with one another, cyber-physical systems will transform how we interact with the physical world around us.”[1]

It has been said that the world is on the brink of a fourth industrial revolution[2], and that this new industrial revolution is a cyber-physical systems (CPS) revolution. The Internet of Things (IoT) will form a key foundation for this cyber-physical systems revolution. The emergence of IoT is the beginning of a revolution that will have as great an impact on society and the way people and business are organized as the computer revolution did on the post-World War II era.

Machines now interact and interface with other machines and as well as human beings in new ways. The combination of AI, machine learning, the cloud, and IoT means that systems of machines will be able to interact with human beings, learn about them and adapt to their wants and needs.

These systems will also be able to apply the principles of behavioral economics[3] and enable human behavior to be ‘nudged’ in predetermined directions. Governments around the world are already setting up behavioral insight teams – also known as ‘nudge units’.[4] Further, marketers are already applying the principles of neuromarketing[5], where consumers’ sensorimotor, cognitive, and affective response to marketing stimuli are being studied with a view to driving consumer purchasing behavior based upon these studies.  It is likely that we will see autonomous machines adopting the use of these kinds of techniques to drive human behavior in predetermined ways. This trend is emergent, with fitness wearable devices, such as Fitbits[6], using social sharing and gamification to assist users in achieving fitness goals.

Other technologies supporting the evolution of IoT and the emergence of CPS include software-defined networks[7], software defined storage[8]. This drives automation of repetitive tasks, even for manual labor like bricklaying [9] – consumer products as well as industrial output[10]. This is reshaping industrialization, and regulatory frameworks for IoT are now beginning to emerge[11]. Issues like privacy, data ownership, and security will remain important for CPS.

With the emergence of IoT and CPS, consumers face new challenges with their personal data. The new devices, services, and products collect data in volumes hitherto unimaginable. The volume of data being collected about consumers and their activities is reshaping how business is done. For example, insurance companies can offer insurance premiums based, not upon actuarial assumptions, but upon real-time data provided by consenting human beings as they go about their daily activities[12]. This combination of real-time data and analytics enables pricing models and risk profiles can change subject to actual results in real time.

What Will Change?

There is emergence of the industrial internet together with the rise of networked industries, this convergence of industrial, digital, analytics, and connectivity is different, it is:

  • Shaped by a design focus;
  • Enabled by ubiquitous networks;
  • Driven by application ecosystems;
  • Enabled by different modalities such as flying drones, wearables and ingestible technologies;
  • Reshaping industries with adoption of autonomous computer systems, robotics, and 3D printing; and
  • Changing the nature of employment and restructuring the

Advances in IoT and related technologies make it possible to deploy CPS within which information from all related perspectives can be monitored and synchronized between the physical manufacturing locations and computational spaces. With real-time data analytics, capabilities together with software-defined infrastructure, networked machines will be able to perform more efficiently, collaboratively and resiliently. Thus, machines will connect autonomously to each other as and when required without human intervention. This trend is transforming manufacturing industries, leading some to call for a clear definition of CPS.[13] IoT and CPS build upon well-established protocols[14] and use enterprise grade cloud hosting.  Tools such as AI, machine learning, and data analytics are also critical[15], as are mesh networks and peer-to-peer connectivity.[16]

Societal and business impact

Identity, access, privacy and data security remain critical for IoT and CPS. However, as these systems become ubiquitous, understanding what autonomous systems are doing, recording and deciding in relation human beings will emerge as a problem area, together with commercial decisions made based upon this information.

There is be a shift from a product delivery model to a delivering products plus services model, and this is driven from a one-off product sales based model to an ongoing service delivery model. We are already seeing this shift from delivering a one-time only product to providing ongoing services to support connected products. This means that companies will to need to change the way their organization is structured to service customers and products on an ongoing basis.

“Business models will have to change. We used to build them [products], ship them and forget about them until we had to service them…”
“We’ve moved to a new world where we have to ship and remember.”[17]

The sharing economy[18] drives different utilization models for capital equipment, and it is already starting to change the way consumers and business provide access to capital equipment. Uber and Airbnb have enabled people to obtain greater utilization from their assets – cars and houses – to derive additional revenue from an existing asset. This idea of allowing other users to access existing capital equipment is growing, even in the manufacturing sector.[19]

Devices will increasingly communicate and operate autonomously and independent of human oversight. There was a recent example of a motor vehicle involved in an alleged hit-and-run accident where the car reported the accident.[20] The driver of the vehicle did not intend to report that accident, yet her connected vehicle did so autonomously. Thus in this connected world there are new affordances for business and consumers.  However, the reality of this connected world is only now starting to be perceived by society.

The regulatory landscape for IoT is evolving and regulators struggle to understand and support the rapid emergence of new services, products, and business models.[21] The regulatory landscape includes licensing and spectrum management, switching and roaming, addressing and numbering, competition, security and privacy. At present IoT is governed by a plethora of existing regulations, which may or may not be a good fit. A US Senate Committee on Commerce, Science and Transportation hearing noted that IoT is more than merely about consumer protection and privacy. It is also significant in industry and agriculture and that strong security in all devices critical: “We have to design security in at the beginning and throughout a connected device’s lifecycle,” said Intel IoT Group Vice President and General Manager Doug Davis.”[22]

Summary

CPS includes traditional embedded and control systems, and these will be transformed by new approaches from IoT. However, the challenge for IoT and CPS remains privacy, security and risk management. As less rigorously controlled systems are linked then risk becomes distributed and the provenance of software components becomes difficult to trace. This gives rise to questions around risk management and liability for breaches or damages. As demonstrated in the 2014 Target hack[23], via their HVAC provider’s system, third party systems are now attack vectors. Further, regulators have not yet addressed this issue of distributed or daisy-chained risk arising from connected systems.  Attacks on connected systems from nation state actors and non-state actors are also an increasing threat: “According to Crowdstrike researchers, targeted intrusions will continue to proliferate and nation-states will use espionage to collect information from any organization with valuable data that will serve the country’s national interests.”[24]  The big challenges that are raised by IoT and CPS center around risk, security, geopolitics, trust, and privacy.

Notes

[1] Rajkumar, Ragunathan Raj, Insup Lee, Lui Sha, and John Stankovic. “Cyber-physical systems: the next computing revolution.” In Proceedings of the 47th Design Automation Conference, pp. 731-736. ACM, 2010.

[2] Schwab, Klaus, “The Fourth Industrial Revolution: what it means and how to respond”, World Economic Forum, 15 December 2015, https://agenda.weforum.org/2015/12/the-fourth-industrial-revolution-what-it-means-and-how-to-respond/ (retrieved at 30 December 2015).

[3] Thaler, Richard H. and Sunstein, Cass R., Nudge: Improving decisions about health, wealth, and happiness, Yale University Press, New Haven, CT, 2008.

[4] Rutter, Tamsin “The rise of nudge – the unit helping politicians to fathom human behavior,” The Guardian, 25 July 2015, http://www.theguardian.com/public-leaders-network/2015/jul/23/rise-nudge-unit-politicians-human-behaviour (retrieved at 30 December 2015).

[5] Lewis, David & Brigder, Darren (July–August 2005). “Market Researchers make Increasing use of Brain Imaging”, Advances in Clinical Neuroscience and Rehabilitation 5 (3): 35+.

[6] https://www.fitbit.com/au (retrieved at 30 December 2015).

[7] Kirkpatrick, Keith. “Software-defined networking.” Communications of the ACM 56, no. 9 (2013): 16-19.

[8] Ouyang, Jian, Shiding Lin, Song Jiang, Zhenyu Hou, Yong Wang, and Yuanzheng Wang. “SDF: Software-defined flash for web-scale internet storage systems.” ACM SIGPLAN Notices 49, no. 4 (2014): 471-484.

[9] Redrup, Yolanda, “Robot bricklayer that can build a home in two days impresses on ASX debut”, The Australian Financial Review, 18 November 2015 , http://www.afr.com/technology/robot-bricklayer-that-can-build-a-home-in-two-days-impresses-on-asx-debut-20151118-gl1oa9#ixzz3vnAjAWIk  (retrieved at 30 December 2015).

[10] Regalado, Antonio “GE’s $1 Billion Software Bet: To protect lucrative business servicing machines, GE turns to the industrial Internet”, MIT Technology Review, 20 May 2014, http://www.technologyreview.com/news/527381/ges-1-billion-software-bet/ (retrieved 30 December 2015).

[11] Spencer, Leon “IoT could ‘smash’ Australia’s regulatory framework”, ZDNet Australia, 25 March 2015, http://www.zdnet.com/article/iot-could-smash-australias-regulatory-framework/ (retrieved at 30 December 2015).

[12] Olson, Parmy “Wearable Tech Is Plugging Into Health Insurance”, Forbes, 19 June 2014, http://www.forbes.com/sites/parmyolson/2014/06/19/wearable-tech-health-insurance/  (retrieved at 30 December 2015).

[13] Lee, Jay, Behrad Bagheri, and Hung-An Kao. “A cyber-physical systems architecture for industry 4.0-based manufacturing systems.” Manufacturing Letters 3 (2015): 18-23.

[14] Protocols include Wi-Fi, RFID, Zigbee, Bluetooth, 2G, 3G, 4G

[15] Kambatla, Karthik, Giorgos Kollias, Vipin Kumar, and Ananth Grama. “Trends in big data analytics.” Journal of Parallel and Distributed Computing 74, no. 7 (2014): 2561-2573.

[16] Wark, Tim, Peter Corke, Pavan Sikka, Lasse Klingbeil, Ying Guo, Chris Crossman, Phil Valencia, Dave Swain, and Greg Bishop-Hurley. “Transforming agriculture through pervasive wireless sensor networks.” Pervasive Computing, IEEE 6, no. 2 (2007): 50-57.

[17] Robinson, Teri, “IoT security forcing business model changes, panel says”, SC Magazine, 22 October 2015, http://www.scmagazine.com/iot-security-forcing-business-model-changes-panel-says/article/448668/  (retrieved at 30 December 2015).

[18] Zervas, Georgios, Davide Proserpio, and John Byers. “The rise of the sharing economy: Estimating the impact of Airbnb on the hotel industry.”Boston U. School of Management Research Paper 2013-16 (2015).

[19] Anagnost, Andrew “Not Just Airbnb and Uber: Why Manufacturing Is Already a Sharing Economy”, Autodesk LINE/SHAPE/SPACE, 8 December 2015, http://lineshapespace.com/manufacturing-sharing-economy/  (retrieved at 30 December 2015).

[20] Osborne, Charlie “Car calls 911 after alleged hit-and-run, driver arrested: A Ford safety feature has also turned out to be a way to track badly-behaved drivers”, ZDNet, 7 December 2015, http://www.zdnet.com/article/car-calls-911-after-alleged-hit-and-run-driver-arrested/  (retrieved at 30 December 2015).

[21] Soltani, Ashkan “What’s the security shelf-life of IoT?”, Federal Trade Commission, 10 February 2015, https://www.ftc.gov/news-events/blogs/techftc/2015/02/whats-security-shelf-life-iot?utm_source=govdelivery (retrieved at 30 December 2015).

[22] Bracy, Jedediah “Senate Committee Explores Internet-of-Things Regulation”, The Privacy Advisor, 12 February 2015, https://iapp.org/news/a/senate-committee-explores-internet-of-things-regulation/  (retrieved at 30 December 2015).

[23] Weiss, N. Eric, and Rena S. Miller. “The Target and Other Financial Data Breaches: Frequently Asked Questions.” In Congressional Research Service, Prepared for Members and Committees of Congress February, vol. 4, p. 2015. 2015.

[24] Vicinanzo, Amanda “Targeted Intrusions By Nation-State Actors Pose A Major Cyber Threat Going Into 2015”, 12 February 2015, Homeland Security Today, http://www.hstoday.us/single-article/targeted-intrusions-by-nation-state-actors-pose-a-major-cyber-threat-going-into-2015/1f96ee7a4b2867f1b1511387660bb4b8.html (retrieved at 30 December 2015).

 

Share

Why privacy on the internet of things doesn’t scare me

it's the future
Share

The debate about the internet of things often centres on privacy, but here is why privacy on the internet of things doesn’t scare me as much as digital rights management.

I tend to suspect that issues relating to privacy on the internet of things will be sorted out as a result of consumer and government expectations enshrined in privacy regulations.

A key capability that is enabled by the internet of things is that vendors can keep charging us for services related to their device. One reason why businesses are so excited by the internet of things is it allows them to move from selling a device as a one-off sale and towards ongoing fees for services associated with that device.

This phenomenon will enable internet of things companies to increase their revenue streams and to drive sales of additional services. Thus the value of an internet of things device is not so much in the hardware as in the software and services.

Take the pacemaker as an example. If you have a pacemaker installed and the vendor decides to charge a monthly service fee to keep the device going, what happens if you miss a payment? If the vendor has, very sensibly, implemented digital rights management on your pacemaker service then they will be able to turn it off if you miss a few payments.

If this sounds far fetched, it’s not, it is already here. Last December I test drove a new electric car, the Renault Zoe, at a conference in Paris. This car has implemented digital rights management.

If you do not pay the ongoing rental fee on the battery for your Renault Zoe then you will not be allowed to recharge the battery.

Also, chipmaker FTDI,whose chips are found in many consumer electronics products, recently announced that they will kill third party chips remotely via driver updates. This will likely render useless the devices that consumers have purchased in good faith which have counterfeit chips installed.

This is why digital rights management scares me more than privacy in the brave new world of the internet of things.

Welcome to the digital revolution and our networked future.

 

 

Share

Internet of things, data security and privacy

Share

I’ve been attending the 36th International Conference of Privacy and Data Commissioners in Mauritius, presenting on the Internet of Things (IoT) privacy and security to the attendees.

Kate Carruthers
Pic of Kate Carruthers by John Edwards, NZ Privacy Commissioner

It has made me very conscious of the tension between privacy/security and the drive to bring products to market quickly.

Further, it seems that the challenges of data protection have not been fully considered for many Internet of Things products and services.

An important realisation has been that we are building the Internet of Things on the somewhat rickety security foundations provided by the existing internet. We face a situation where many devices cannot apply security patches because source code is not available.

Finding way to build a safer and more secure Internet of Things and to ensure that we do not increase risk for business and consumers is critical.

An interesting approach to privacy is that taken by the Apple privacy team, who had some people in attendance at the conference. Their inclusion of privacy engineers into development teams seems like a good approach. The idea of privacy by design seems like a useful and pragmatic way to ensure that privacy is not a mere afterthought in the design and product engineering process.

Will post my slides on SlideShare shortly.

Share

Truth, transparency and consequences

Share

Truth is said to be a double edged sword. Yet truth is only a problem if one is trying to hide something. The Wikileaks saga shows how difficult is has become to keep secrets in our hyperconnected world.

In a time of universal deceit, telling the truth is a revolutionary act. – George Orwell

Amusingly I noted a newspaper article announcing that governments around Australia are planning to ban access to web based email services like Hotmail and Gmail:

Bureaucrats could also use unmonitored emails to leak sensitive documents. “The recent WikiLeaks release of government electronic information has demonstrated the importance of maintaining appropriate protective security frameworks and the risks of failing to adequately protect electronic information,” the report said
Source: Public servants face web bans to minimise risk of password cracking

I was amused because only yesterday I noticed that you can buy a “compact 32GB USB flash drive with 2 year warranty” for $65 at JB Hi Fi.

Blocking all the potential sources of leaks is getting rather difficult in this hyperconnected and wireless world.

These attempts to block all potential leakages of data are ultimately doomed to failure. If someone wants to leak then it will happen. Even now that we have the example of what bad things might happen – in the person of the unfortunate Bradley Manning, who is apparently being treated inhumanely in custody of the US military – there are some people who will put themselves on the line to get the truth out. For some people negative personal consequences are a price they’re willing to pay to share their truth.

Also we need to acknowledge that most of our important business information walks out the door every night in the heads of our people.

But an important question for all organisations to ask is how many of the things we keep secret really need to be secret? What would happen if we were transparent about some business information?

Salaries is one area that is subject to secrecy in many organisations. What would happen if you simply published the list? It already happens if you work for the government – it gets published in the Government Gazette – and the sky does not fall. What other things can we be more transparent about?

Obviously not everything a company does can be public. But making more rather than less of what we do secret might just make it easier to keep our more important secrets. Perhaps that is the contradiction of openness versus secrecy? Less is more.

In any case the digital genie is out of the bottle and the technology to liberate information is in everyone’s pocket. We need different solutions to locking things down and making people’s jobs more difficult. New solutions for a new age. I wonder what they will be?

Share

Privacy! Who the hell ever had privacy?

Share

One question that I am often asked when speaking to groups about the digital revolution is “what about privacy?” This is usually in relation to social media and social networking.  Privacy comes from the Latin word privatus:

In Roman law, the Latin adjective privatus makes a legal distinction between that which is “private” and that which is publicus, “public” in the sense of pertaining to the Roman people (populus Romanus).
Source: Wikipedia

This question fascinates me.  Privacy is such a recent invention and many people seem to be unaware of this. Also there is an important distinction to be made between privacy and confidentiality.  Since time immemorial societies have acknowledged that some kinds of information are confidential.  A good historical example of this is the Catholic Church keeping the revelations made during their rite of confession confidential.

However, until very recent times – during the late twentieth century – privacy was an aberration.  Anchorites had privacy, but most people lived cheek by jowl with others for their entire lives.  This is important because privacy is predicated on separation. It is predicated on a physical separation between people – it is enabled by the spaces in between individuals.  If there are no spaces between individuals then privacy is very hard to achieve (or even to conceive).

In the past even the most wealthy and most exalted personages did not experience privacy.  Kings and queens lived surrounded day and night by their courtiers.  In the days before genetic testing even queens gave birth in front of their court to ensure veracity.

Historically nobles were attended, bathed and dressed by their servants.  The servants lived together in crowded quarters.  Secrets were very hard to keep in such a world.

For the poor, there was no separation even between people and their livestock.  And, if there was no separate room for the livestock, nor was there a separate room for any of the people.  Entire families were conceived, born, lived and died within shared physical spaces.

Even in cities people lived  a village-like existence (London is a good example).  Without transport to move easily from place to place people stayed within the confines of their local village.  Neither rich nor poor city dwellers experienced privacy.

Nor did the generations of the early twentieth century experience privacy.  During the first half of the century poverty meant that most people could not afford the luxury of privacy.  And during that same period the wealthy still lived with domestic staffs who cared for their needs (and continued to ensure little privacy).

Privacy for most of us only became possible with the advent of the post World War II economic and population boom.  The growth of tract housing in suburbs meant that nuclear families could live in large houses with separate rooms for most family members.  Thus it was in this period that people could assume that they had a right to privacy.

Thus a brief flowering of privacy in the latter part of the twentieth century allowed many people to assume that this was how things had always been.  It also allowed many to assume that this would continue.  However, with the advent of the hyperconnected world of the early twenty-first century we are seeing digital villages remove the spaces between individuals once again.

Perhaps the only thing that enabled privacy to blossom was the increased physical space between people and lack of communications technology during the late twentieth century? And perhaps it is now time to farewell privacy once more?

Some resources for thinking about privacy follow:

Share