ENTRIES TAGGED "Industrial Internet"

Security on the industrial Internet

Roel Schouwenberg on Kaspersky Lab's forthcoming industrial OS and building a system with security in mind.

Security must evolve along with the industrial Internet. The Stuxnet attack on Iran’s centrifuges in 2010 highlighted both the risks of web-borne attacks and the futility of avoiding them by disconnecting from the Internet (the worm spread, in part, using USB keys). Potential attackers range from small-time corporate spies to sophisticated government units that might use infrastructure disruption as a weapon.

Comparing industrial Internet security to consumer and enterprise web security is difficult; requirements, challenges, and approaches differ significantly. In industrial systems, stability is crucial, and isolating an infected system — or adding an air gap as a preventative measure — can be enormously costly. Some tools that are difficult to apply to the unstructured web are effective in industry, though: since industrial systems usually have known, simplified network structures with highly regular traffic patterns, anomaly detection and other machine-learning techniques hold great promise as ways to find and stop attacks. The addition of more computing power at the network level as companies connect their industrial systems will make these approaches more powerful.

Back in October, Eugene Kaspersky announced that his security firm is developing an industrial operating system — a “highly-tailored system,” one that “by design won’t be able to carry out any behind-the-scenes, undeclared activity.” Last fall, I interviewed Roel Schouwenberg (@Schouw), a researcher at Kaspersky Lab who is working on the new industrial OS. What follows is a lightly-edited transcript of our wide-ranging conversation.

Tell me a bit about how the OS project came about — does it have its origins in Kaspersky’s Stuxnet research?

Roel Schouwenberg: Eugene [Kaspersky] and a few others started talking about this a decade ago, actually. Eugene’s idea was that the only way to solve the malware problem would be to build something that was constructed with security in mind — what he called secure OS. That was just a concept for a while, and then Stuxnet came along and it became increasingly clear that the secure OS implementation would be best suited for the industrial control world, where you have this very specific set of circumstances where it would just work best.

Read more…

Comments: 2
Four short links: 5 March 2013

Four short links: 5 March 2013

Video Magnification Code, Copyright MOOC, Open Access Cost-Effectiveness, and SCADA Security (Sucks)

  1. Eulerian Video Magnification — papers and the MatLab source code for that amazing effect of exaggerating small changes in file. (*This work is patent pending)
  2. CopyrightX — MOOC on current law of copyright and the ongoing debates concerning how that law should be reformed. Through a combination of pre-recorded lectures, live webcasts, and weekly online seminars, participants in the course will examine and assess the ways in which law seeks to stimulate and regulate creative expression. (via BoingBoing)
  3. Cost Effectiveness for Open Access JournalsThis plot reveals the prestige (Article Influence score) and publication charges for open access journals.
  4. Results of SANS SCADA Survey 2013 (PDF) — Unfortunately, at this time they seem unable to monitor the PLCs, terminal units and connections to field equipment due to lack of native security in the control systems themselves. (via InfoSecIsland)
Comment: 1

New vision in old industry

A software startup builds itself to work with Michigan's manufacturers.

Nathan Oostendorp thought he’d chosen a good name for his new startup: “Ingenuitas,” derived from Latin meaning “freely born” — appropriate, he thought, for a company that would be built on his own commitment to open-source software.

But Oostendorp, earlier a co-founder of Slashdot, was aiming to bring modern computer vision systems to heavy industry, where the Latinate name didn’t resonate. At his second meeting with a salty former auto executive who would become an advisor, Oostendorp says, “I told him we were going to call the company Ingenuitas, and he immediately said, ‘bronchitis, gingivitis, inginitis. Your company is a disease.’”

And so Sight Machine got its name — one so natural to Michigan’s manufacturers that, says CEO and co-founder Jon Sobel, visitors often say “I spent the afternoon down at Sight” in the same way they might say “down at Anderson” to refer to a tool-and-die shop called Anderson Machine.

Sight Machine is adapting the tools and formulations of the software industry to the much more conservative manufacturing sector. Changing its name was the first of several steps the company took to find cultural alignment with its clients — the demanding engineers who run giant factories that produce things like automotive bolts. Read more…

Comment: 1

Masking the complexity of the machine

The industrial Internet will bring abstraction and modularity to the physical world.

The Internet has thrived on abstraction and modularity. Web services hide their complexity behind APIs and standardized protocols, and these clean interfaces make it easy to turn them into modules of larger systems that can take advantage of the most intelligent solution to each of many problems.

The Internet revolutionized the software-software interface; the industrial Internet will revolutionize the software-machine interface and, in doing so, will make machines more accessible. I’m using “access” very broadly here — interfaces will make machines accessible to innovators who aren’t necessarily experts in physical machinery, in the same way that the Google Maps API makes interactive mapping an accessible feature to developers who aren’t expert cartographers and front-end developers. And better access for people who write software means wider applications for those machines.

I’ve recently encountered a couple of widely different examples that illustrate this idea. These come from very different places — an aerospace manufacturer that has built strong linkages between airplanes and software, and an advanced enthusiast who has built new controllers for a pair of industrial robots — but they both involve the development of interfaces that make machines accessible. Read more…

Comment: 1

Frozen turkeys are thermal batteries

Balancing grid supply and demand one pump and compressor at a time.

I went to San Diego two weeks ago for DistribuTECH as part of our ongoing investigation into the industrial Internet. DistribuTECH is a very large conference for electric utility operators in the U.S. and while I was there ran into Keyvan Cohanim of Enbala Power Networks. We had an interesting conversation, the upshot of which was my realization that given the magic of absolute values, as far as the grid is concerned, slowly warming frozen turkeys are thermal batteries.

Enbala’s business is conceptually simple. They use information to optimize the match between electrical supply and demand to help utilities avoid capital expenditure in under-utilized peak-load generation assets. Then they share those supply side savings with the participating loads. The deal is simple, let Enbala control your loads within your process constraints, and you’ll earn additional revenue. At the risk of gross over-simplification, they are sort of like an Uber or AirBnB of the electrical grid, but made interesting by the complexity of constraints and the fact that it all has to happen in real time. Read more…

Comments: 2

DIY robotic hands and wells that text (industrial Internet links)

Plus, politicians and business talking about tomorrow's manufacturing landscape, and a new source for more than 400,000 electricity-data series

Two makers come together to make a robotic hand for a boy in South Africa (TechCrunch) — The maker movement is adjacent to the industrial Internet, and it’s growing fast as a rich source of innovative thinking wherever machines and software meet. In this case, Ivan Owen and Richard Van As built a robotic hand for a South African five-year-old who was born missing fingers on his right hand. Owen is an automation technician and Van As is a tradesman. They did their work on a pair of donated MakerBots — evidence that design for machines and the physical world at large is more accessible than ever to bright enthusiasts from lots of different backgrounds. The designers even open-sourced their work; the hand’s CAD files are available at Thingiverse. Owen and Van As are running a Fundly campaign; more information is available at their Web site.

WellDone — Utilities in the developed world use remote monitoring widely to keep far-flung equipment running smoothly, but their model is tough to apply in places where communications infrastructure is thin, though. This initiative has adapted the philosophy of the industrial Internet to the infrastructure that’s available: SMS text messaging. WellDone is installing water-flow sensors at local wells that send flow data by SMS to a cloud database. The system will alert local technicians when it detects anomalies in water flows, and the information it gathers will inform future data-driven development projects.

Manufacturing’s Next Chapter (AtlanticLIVE) — I’m visiting this conference in Washington, D.C. today; it’s also being live-streamed at The Atlantic‘s Web site. At 2:35pm Eastern Time and at 3:25pm, panelists will talk about the effect of technology on industry and the rise of advanced manufacturing.

Electricity Data Browser (U.S. Energy Information Administration) — The EIA has made its vast database of detailed electricity statistics available through an integrated interactive portal. The EIA has also built an API that opens more than 400,000 data series available to developers and analysts. Read more…

Four short links: 7 February 2013

Four short links: 7 February 2013

SCADA 0-Day, Complexity Course, ToS Tracking, and Custom Manufacturing Prostheses

  1. Tridium Niagara (Wired) — A critical vulnerability discovered in an industrial control system used widely by the military, hospitals and others would allow attackers to remotely control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities, say two security researchers. cf the SANS SCADA conference.
  2. Santa Fe Institute Course: Introduction to Complexity — 11 week course on understanding complex systems: dynamics, chaos, fractals, information theory, self-organization, agent-based modeling, and networks. (via BoingBoing)
  3. Terms of Service Changes — a site that tracks changes to terms of service. (via Andy Baio)
  4. 3D Printing a Replacement Hand for a 5 Year Old Boy (Ars Technica) — the designs are on Thingiverse. For more, see their blog.

Go to Washington, build the industrial Internet

The next class of Presidential Innovation Fellows will include two people who will help define standards for the industrial Internet.

The White House has issued its call for the second round of Presidential Innovation Fellows, and it includes an invitation to spend a 6- to 12-month “tour of duty” in Washington, building the industrial Internet — or, more precisely, helping the National Institute of Standards and Technology find ways to connect proprietary intelligent machines to each other securely through standardized communication layers.

NIST is looking for two fellows — one with a background in information technology and the other from physical engineering — reflecting the convergence of those fields in the industrial Internet, where challenges move fluidly back and forth between software and hardware.

Shyam Sunder, director of the engineering laboratory at NIST, proposed the fellowships as a way to coordinate the broad public and private research efforts that are going into the industrial Internet. The President’s Council of Advisors on Science and Technology had identified cyber-physical systems as a national priority for federal research and development in 2007 and 2010, and the field was part of the mandate of the Advanced Manufacturing Partnership announced in 2011.

At the same time, private-sector work on the industrial Internet has accelerated in domains like automotive technology, manufacturing, utilities and logistics, says Sunder. “They all have, as their core, networking and information technology being integrated within engineered physical systems. They all have a strong emphasis on sensors, controls and processors that are networked and somehow have to be organized.” Read more…


Hacking robotic arms, predicting flight arrival times, manufacturing in America, tracking Disney customers (industrial Internet links)

The next wave of manufacturing will be highly automated--and American. Also, a hardware hacking collective rehabilitated a pair of cast-off industrial robots.

Flight Quest (GE, powered by Kaggle) — Last November GE, Alaska Airlines, and Kaggle announced the Flight Quest competition, which invites data scientists to build models that can accurately predict when a commercial airline flight touches down and reaches its gate. Since the leaderboard for the competition was activated on December 18, 2012, entrants have already beaten the benchmark prediction accuracy by more than 40%, and there are still two weeks before final submissions are due.

Robot Army (NYC Resistor) — A pair of robotic arms, stripped from their previous application with wire cutters, makes its way across the Manhattan Bridge on a bicycle and into the capable hands of NYC Resistor, a hardware-hacker collective in Brooklyn. There, Trammell Hudson installed new microcontrollers and brought them back into working condition.

The Next Wave of Manufacturing (MIT Technology Review) — This month’s TR special feature is on manufacturing, with special mention of the industrial Internet and its application in factories, as well as a worthwhile interview with the head of the Reshoring Initiative.

At Disney Parks, a Bracelet Meant to Build Loyalty (and Sales) (The New York Times) — A little outside the immediate industrial Internet area, but relevant nevertheless to the practice of measuring every component of an enormous system to look for things that can be improved. In this case, those components are Disney theme park visitors, who will soon use RFID wristbands to pay for concessions, open hotel doors, and get into short lines for amusement rides. Disney will use the resulting data to model consumer behavior in its parks. Read more…


The driverless-car liability question gets ahead of itself

Who will pay damages when a driverless car gets into an accident?

Megan McArdle has taken on the question of how liability might work in the bold new world of driverless cars. Here’s her framing scenario:

Imagine a not-implausible situation: you are driving down a brisk road at 30 mph with a car heading towards you in the other lane at approximately the same speed. A large ball rolls out into the street, too close for you to brake. You, the human, knows that the ball is likely to be followed, in seconds, by a small child; you slam on the brakes (perhaps giving yourself whiplash) or swerve, at considerable risk of hitting the other car.

What should a self-driving car do?  More to the point, if you hit the kid, or the other car, who gets sued?

The lawyer could go after you, with your piddling $250,000 liability policy and approximately 83 cents worth of equity in your home. Or he could go after the automaker, which has billions in cash, and the ultimate responsibility for whatever decision the car made. What do you think is going to happen?

The implication is that the problem of concentrated liability might make automakers reluctant to take the risk of introducing driverless cars.

I think McArdle is taking a bit too much of a leap here. Automakers are accustomed to having the deepest pockets within view of any accident scene. Liability questions raised by this new kind of intelligence will have to be worked out — maybe by forcing drivers to take on the liability for their cars’ performance via their insurance companies, and insurance companies in turn certifying types of technology that they’ll insure. By the time driverless cars become a reality they’ll probably be substantially safer than human drivers, so the insurance companies might be willing to accept the tradeoff and everyone will benefit. Read more…

Comments: 7