Is Your Security Tail Wagging Your Architecture Dog? 4

tail wagging the dog

Recently, as a leader in the IIoT, I seem to get a lot of questions from insurance company executives. Their common question: where is the risk in the IIoT? Their theme seems to be: connecting things is just too risky. We don’t understand the security or safety risks, so It Can’t Be Good.

I disagree.

I do agree that the IoT is a brave new world in general, and for risk management in particular. There are all sorts of new opportunities for mischief if a machine is compromised. The hack that caused a Jeep to go off the road by getting into the tire pressure monitoring system is a classic example.

That said, intelligent machines also have more opportunity to protect themselves. The sad truth today is that most systems are very poorly protected (like that Jeep). Security gets orders of magnitude more attention today than only a short time ago. Most industrial systems didn’t even consider anything beyond “eggshell” firewalls or “air gap” offline designs until recently. That has changed 100% today; everyone is thinking security, security, security. And progress is exhilarating. Put another way, I think that everyone is installing cyber “burglar alarms” much faster than the increase in burglars. Bottom line: despite the rise in connected systems, the “likely real” risk is going down in most cases.

My insurance contacts consider this an overly optimistic view of the future. I counter that they hold a too-optimistic view of the present. You see, I claim that the situation today is unacceptably, intolerably, unbelievably high risk. Entire industries run without a whit of security. It seems scarier in the future only because the risk you don’t know seems worse than the risk you do know. That’s human nature. But anyone who looks will see that the current risks are very high, and the new designs are much better.

That said, my real optimism stems from the opportunity to change. In my experience (and this may shock security wonks), security is not a change driver. By that, I mean that industrial systems are usually not willing to implement a new architecture (just) to improve security. The power industry is my favorite example. The industry has been screaming for 20 years that security is a problem. And, imho, they will go right on screaming…unless something else drives the change.

The good news: the IIoT is that change driver. And security today is absolutely a change gate. Every application insists on security when they do implement a new architecture for other reasons. Since the IIoT is motivating many, many industrial applications to redo their architectures, security is getting better. Of course, implementing a new architecture for a major industrial application, or for that matter an entire industry, is daunting. But this is the magic of the sweeping changes offered by the IIoT. The IIoT is compelling. Change is coming, and it’s coming fast.

While we’re on the topic of change, let’s not discount improvements in technology to enable that gate. For instance, many potential IIoT systems primarily face scalability and system integration challenges. With a little thought, the architects figure out that IIoT systems are all about the data, and then that they really have a high-performance data flow and data transparency challenge. The best way to provide transparent flow is a “peer to peer” or “publish subscribe” design. This is the architecture “dog”: systems need the simplicity and performance of a communications pattern that simply sends the data where it’s needed, right now. That data transparency makes the huge future IIoT system manageable.

Of course, although data transparency is an integration dream, it’s a security nightmare.

The “dog” side of the dialog goes something like this:

Hey! Let’s just send the data right where we need it. Pervasive data availability makes systems fast, reliable, and scalable. And look how much simpler the code is!

But, then comes the security “tail”:

We can’t maintain thousands of independent secure sessions! How do we keep such a system secure?

Only last year, that was a damn good question. It blocked adoption of IIoT technologies where they are really needed. But then, the DDS standard developed a security architecture that exactly matches its data-centric data flow design. The result? The data-centric dog wags its perfectly-matched data-centric security tail. Security works seamlessly without clouding data transparency. Advances like this—that span industries—will make future IIoT systems much more secure than today’s ad-hoc industry-specific quagmire of afterthought security hacks. Security that matches the architecture is elegant and functional.

This argument leaves my insurance correspondents searching for Tao in their actuarial tables. So, I can’t resist adding that it’s not really what they should worry about.

Safety engineering will be a much bigger impact on insurance. For instance, I expect the $200b auto insurance industry to disappear in the next 10-20 yrs as ADAS and autonomous cars eliminate 90+% of accidents. Most hospital errors can also be prevented (hospital error is currently the 3rd leading cause of death in the US). In factories, and plants, and oil rigs, and mining systems, and many more applications, automated systems (somewhat obviously) don’t have humans around, thus removing a significant current risk today. Accidents, in general, are mostly the result of human folly. Machines will soon check or eliminate the opportunity for folly. I see this as an extremely positive increase in the quality and preservation of life. Insurance execs see it as an existential threat.

I tell them not to feel bad; most industries will be greatly disrupted by smart machines. Navigating that transition well will make or break companies. Insurers certainly understand that losses are easier to grasp than gains; that principal underwrites their industry. But, that perception is not reality. The IIoT’s impact on the economy as a whole will be hugely positive; the analysts measure it in multiple trillions of dollars in only a few years. So, there will be many, many places to seek and achieve growth. The challenge to find those paths is no less or greater for insurance than for any other industry. But, fundamentally, the IIoT will drive a greener, safer, better future. It Is Good.

To learn more about our security solutions, visit


  1. That “Human Error” thatr causes so many accidents is often assuming that the automated system is functioning correctly. Serious industrial systems are usually designed with reliability and secure accuracy as the primary goals, while consumer products are created with maximum profit being the main goal, and all other considerations as distant secondary concerns. We constantly see evidence that the presumption is that consumers will not recall the failures of a product wen they purchase a replacement. AND, security does not add marketable features to a product and so any security features that do get included are minimal cost ones.
    That wonderfulness of self driving cars does not include any conepts of their inability to handle exceptions, nor does it consider the cost of providing and maintaining all of that massive infrastructure. So the whole concept will fail to benefit the real world as anticipated.


    • Thanks for the comment!

      I don’t really know consumer devices; that’s not our world. However, I think security is improving there as well. The current state is wide open.

      Why do you think humans handle exceptions better than carbots? The most common human failure modes are the exceptions. An alert, well-trained driver is pretty safe. Unfortunately, that’s only about 70% of the time. Accidents happen when the driver is distracted, or another car runs a light, etc. Carbots are much better at these things. Carbots can also learn from previous errors. For instance, the famous Tesla crash into a white truck will now be well handled and is thus unlikely to be repeated. Humans make the same mistakes over and over.

      I don’t know of any current carbots that require new infrastructure. (?) To what are you referring?


      • Many discussions tell us that the “infrastructure” will warn the car about deteriorated road conditions and traffic backups ahead. The other item that I include in that term is the very detailed maps that will include all of the roads currently available and all of the current construction and repair operations, as well as all traffic controls. That driving robot needs to be alerted to things like “no left turn 4PM to 8PM, as well as those traffic lights that require the car to approach closer to activate the signaling system.
        And I do not believe that any automatic system will be able to tell the difference between a large chunk of cardboard flipped up by a truck, just ahead, and another vehicle stopped just ahead. All of those driver errors are in fact driver inattentions, mostly caused by those high-profit distractions that keep being added to the vehicles. The actual arrors are mostly committed by young and inexperienced drivers who have no understanding of how vehicle kinematics work.
        So a far better, but less profitable, solution would be a much more comprehensive driving test. The most demanding part of the current tests that I have seen is the payment part. Removing the option of having many of the distractions would also increase the safety quite a bit.


  2. OK. The carbots we’re working with just operate the car like a human would. Some do have access to “HD” maps when available, even using their LIDAR to make them as they go. But, this is mostly for operating in conditions like snow-covered roads. Long term, that gives them a much better ability to handle poor visibility, etc. But, they don’t need any special infrastructure to work in most conditions today. The examples you cite are optimizations.

    They are able to navigate all the lights and signs through image and text recognition, just like you are. And they can do dynamic modeling of objects to differentiate between hard things and things they can hit (the classic is a plastic bag blowing across the road). The technology is pretty far along. Ford (for one) announced they will have a vehicle in mass production with no steering wheel and no brake in the 2021 model year…3 short years.

    I started my career crashing cars for bio-mechanic impact testing at UMich. Safety engineering has come a long ways, but 30yrs later, there are still 30,000+ fatalities caused by driver error every year in the US. Teens and drunks and texters have a higher rate…but even the best drivers have an unacceptably high error rate. Occupant protection and driver education/improvement are not the answer.

    Today’s prototype systems are only version 0.1. 20 years from now, computers will be better…10,000 times better (Moore’s law). Humans will still be the same. Version 0.1 is already arguably safer than human drivers. The potential to save lives and improve safety is astounding!!


Submit a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s