Is Your Security Tail Wagging Your Architecture Dog? 4

tail wagging the dog

Recently, as a leader in the IIoT, I seem to get a lot of questions from insurance company executives. Their common question: where is the risk in the IIoT? Their theme seems to be: connecting things is just too risky. We don’t understand the security or safety risks, so It Can’t Be Good.

I disagree.

I do agree that the IoT is a brave new world in general, and for risk management in particular. There are all sorts of new opportunities for mischief if a machine is compromised. The hack that caused a Jeep to go off the road by getting into the tire pressure monitoring system is a classic example.

That said, intelligent machines also have more opportunity to protect themselves. The sad truth today is that most systems are very poorly protected (like that Jeep). Security gets orders of magnitude more attention today than only a short time ago. Most industrial systems didn’t even consider anything beyond “eggshell” firewalls or “air gap” offline designs until recently. That has changed 100% today; everyone is thinking security, security, security. And progress is exhilarating. Put another way, I think that everyone is installing cyber “burglar alarms” much faster than the increase in burglars. Bottom line: despite the rise in connected systems, the “likely real” risk is going down in most cases.

My insurance contacts consider this an overly optimistic view of the future. I counter that they hold a too-optimistic view of the present. You see, I claim that the situation today is unacceptably, intolerably, unbelievably high risk. Entire industries run without a whit of security. It seems scarier in the future only because the risk you don’t know seems worse than the risk you do know. That’s human nature. But anyone who looks will see that the current risks are very high, and the new designs are much better.

That said, my real optimism stems from the opportunity to change. In my experience (and this may shock security wonks), security is not a change driver. By that, I mean that industrial systems are usually not willing to implement a new architecture (just) to improve security. The power industry is my favorite example. The industry has been screaming for 20 years that security is a problem. And, imho, they will go right on screaming…unless something else drives the change.

The good news: the IIoT is that change driver. And security today is absolutely a change gate. Every application insists on security when they do implement a new architecture for other reasons. Since the IIoT is motivating many, many industrial applications to redo their architectures, security is getting better. Of course, implementing a new architecture for a major industrial application, or for that matter an entire industry, is daunting. But this is the magic of the sweeping changes offered by the IIoT. The IIoT is compelling. Change is coming, and it’s coming fast.

While we’re on the topic of change, let’s not discount improvements in technology to enable that gate. For instance, many potential IIoT systems primarily face scalability and system integration challenges. With a little thought, the architects figure out that IIoT systems are all about the data, and then that they really have a high-performance data flow and data transparency challenge. The best way to provide transparent flow is a “peer to peer” or “publish subscribe” design. This is the architecture “dog”: systems need the simplicity and performance of a communications pattern that simply sends the data where it’s needed, right now. That data transparency makes the huge future IIoT system manageable.

Of course, although data transparency is an integration dream, it’s a security nightmare.

The “dog” side of the dialog goes something like this:

Hey! Let’s just send the data right where we need it. Pervasive data availability makes systems fast, reliable, and scalable. And look how much simpler the code is!

But, then comes the security “tail”:

We can’t maintain thousands of independent secure sessions! How do we keep such a system secure?

Only last year, that was a damn good question. It blocked adoption of IIoT technologies where they are really needed. But then, the DDS standard developed a security architecture that exactly matches its data-centric data flow design. The result? The data-centric dog wags its perfectly-matched data-centric security tail. Security works seamlessly without clouding data transparency. Advances like this—that span industries—will make future IIoT systems much more secure than today’s ad-hoc industry-specific quagmire of afterthought security hacks. Security that matches the architecture is elegant and functional.

This argument leaves my insurance correspondents searching for Tao in their actuarial tables. So, I can’t resist adding that it’s not really what they should worry about.

Safety engineering will be a much bigger impact on insurance. For instance, I expect the $200b auto insurance industry to disappear in the next 10-20 yrs as ADAS and autonomous cars eliminate 90+% of accidents. Most hospital errors can also be prevented (hospital error is currently the 3rd leading cause of death in the US). In factories, and plants, and oil rigs, and mining systems, and many more applications, automated systems (somewhat obviously) don’t have humans around, thus removing a significant current risk today. Accidents, in general, are mostly the result of human folly. Machines will soon check or eliminate the opportunity for folly. I see this as an extremely positive increase in the quality and preservation of life. Insurance execs see it as an existential threat.

I tell them not to feel bad; most industries will be greatly disrupted by smart machines. Navigating that transition well will make or break companies. Insurers certainly understand that losses are easier to grasp than gains; that principal underwrites their industry. But, that perception is not reality. The IIoT’s impact on the economy as a whole will be hugely positive; the analysts measure it in multiple trillions of dollars in only a few years. So, there will be many, many places to seek and achieve growth. The challenge to find those paths is no less or greater for insurance than for any other industry. But, fundamentally, the IIoT will drive a greener, safer, better future. It Is Good.

To learn more about our security solutions, visit http://www.rti.com/products/secure.html.

How OPC UA and DDS Joined Forces Reply

opcuaAndDDSUniteBlog.jpg

It all started, appropriately, at National Instrument’s annual show called NIWeek in Austin, Texas. There, Thomas Burke, President & Executive Director at the OPC Foundation, approached me and asked if I was interested in helping build a partnership between the two most important connectivity solutions in the IIoT. Because of RTI’s leadership at the IIC and within DDS, we were well placed to lead.

That was the start of a great journey.

It was easy to agree to Thomas’s proposal. Both communities were struggling with how to differentiate our core value propositions. As everyone now knows, in practice, OPC UA and DDS solve very different problems. They focus on different industries. Even in the same application, they solve different use cases.

Nonetheless, the world thought we were at war. Why?   You need to understand the confusion of a new, very hot market. The Internet changed banking, retail, and travel agencies.  It created huge new companies and ended many others.  But, it didn’t touch most industrial applications.  Factories, plants, hospitals, and power systems operate today the same way they did 20 years ago.

Suddenly that is changing.  Gartner, the analyst firm, predicts that the “smart machine era” will be the most disruptive in the history of IT.  The CEO of General Electric famously said if you go to bed an industrial manufacturer, you will wake up a software and analytics company.  The modernization of the industrial landscape—the “Industrial Internet of Things” (IIoT)—will impact virtually every industry on the planet.

Mega trends that sweep through huge swaths of the economy like that always cause a lot of stress.

In this case, the stress was a perceived clash of industry alliances. The German industrial leadership has been developing a new architecture for manufacturing called Industrie 4.0. The German government invested over a billion Euros in Industrie 4.0 over most of a decade. Then, in 2014, five large US companies founded the Industrial Internet Consortium (IIC). The IIC struck a nerve in the market, and quickly grew to include hundreds of companies. Since both the IIC and Industrie 4.0 are working on “industrial systems” architecture, people assume they compete. A challenging reporter wrote an article on the implications for world dominance, and a conflict was born.

Then, that same reporter posted an opinion that the conflict was really technical, rather than political, and the most important technical conflict was between OPC UA and DDS. Suddenly, both communities were embroiled in controversy that made no real sense.

The rest, as they say, is history. Today, the IIC and Industrie 4.0 announced their cooperation. Their plan is to seek ways to combine Industrie 4.0’s depth in manufacturing with the IIC’s breadth across industries. The core technologies have similar strengths and similar goals.

Our path had its rocky stretches, but we are making great progress. We are working on mapping the architectures. The OMG has an official standards effort to define an OPC UA/DDS bridge. The OPC Foundation is building a “DDS Profile” for OPC UA pubsub. And, the IIC is creating joint testbeds that will prove the integration. We are, together, building the IIoT’s future.

The positioning document and press release going out today are the result of many people’s work. It combines input from the major DDS and OPC UA vendors, from the IIC and Industrie 4.0, and from the OMG and OPC Foundation standards organizations. I would like to particularly thank those most involved: Thomas Burke and Stefan Hoppe from OPCF, Matthias Damm from Unified Automation, and RTI’s Gerardo Pardo-Castellote. Coordinating all these organizations to make any joint statement would be impressive on its own. But, somehow, we managed the deep cooperation required to clarify the markets and design a technical integration. That’s because we all realized how important it is to build a standard, interoperable design that covers the IIoT. By coordinating our political leadership with the leading technologies, we will build, together, the future of the IIoT.

RTI’s 2015 and a Peek at 2016 Reply

2016YearInReviewBlog.jpg
Hello RTI Customer!

I will always fondly remember 1999 … at the peak of the dotcom boom. Our company, then focused on tools, was one of the fastest-growing in the frothy Silicon Valley market. The dawn of The Internet age was exciting, and we were along for the ride.

2015 may not have matched the hyperactive dotcom era. But, I will also always remember it as a standout year. It was a real turning point for RTI. It was by far our best sales and strategic year since the dotcom days. In particular:

  • Our expanded sales team turned in an impressive performance. We grew sales nearly 30%, easily exceeding our goals. And, two years in, it’s great to see customers flocking to our fair, simple and open subscription pricing.
  • The Industrial IoT and the Industrial Internet Consortium created a hot market. We are perhaps the best positioned of all small companies to ride and lead the IIoT wave.
  • Our great new products and features like security, better tools, queuing, easier installation, and safety certification help us explore this market like no competitor.
  • We now have experience with about 1000 applications, including surgical robotics, autonomous cars, drones, emergency medical systems, automotive testing, imaging, communications, operating room integration, video sharing, grid control, cancer treatment, oil & gas drilling, ships, wind turbines, avionics, broadcast television, air traffic control, SCADA, robotics, defense, and on and on. And on. Wow! The IIoT truly spans all industries.
  • We shared our story in dozens of webinars, conferences, and trade shows. My favorite? The Inside Story: GE Healthcare’s IIoT Architecture.

So, what about 2016? We expect another strong sales growth year. With our great new “Service Delivery Partners” like Tech Mahindra, we will offer a more complete solution. We will drive product quality and coverage to ensure we can meet our customers’ demanding use cases. We will hire many new teammates in sales, business development, services, engineering, and marketing (watch www.rti.com/jobs). These new resources will help us serve you, our customers, with better products and care.

Back during the dotcom boom, nobody could really foresee the transformative impact of The Internet. The shocking truth: the IIoT smart machine era will be an even bigger transformation. We are at the beginning of a new world of intelligent distributed systems. The IIoT will change every industry, every life, every application, and every job.

RTI is a real leader of this transformation. Our fundamental purpose is “To enable and realize the potential of smart machines to serve mankind.” We are now designed into well over $1 trillion worth of “things.” We are saving lives, improving efficiency, and ensuring reliability across an amazing slice of the new world.

To deliver on our purpose, we understand that, in the end, we must earn your trust. We accept that as a fundamental responsibility. I am continually grateful for your faith in us as your partner on the IIoT adventure.

Thank you,

Stan Schneider, CEO RTI