- Tridium Niagara (Wired) — A critical vulnerability discovered in an industrial control system used widely by the military, hospitals and others would allow attackers to remotely control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities, say two security researchers. cf the SANS SCADA conference.
- Santa Fe Institute Course: Introduction to Complexity — 11 week course on understanding complex systems: dynamics, chaos, fractals, information theory, self-organization, agent-based modeling, and networks. (via BoingBoing)
- Terms of Service Changes — a site that tracks changes to terms of service. (via Andy Baio)
- 3D Printing a Replacement Hand for a 5 Year Old Boy (Ars Technica) — the designs are on Thingiverse. For more, see their blog.
"Industrial Internet" entries
DIY robotic hands and wells that text (industrial Internet links)
Plus, politicians and business talking about tomorrow's manufacturing landscape, and a new source for more than 400,000 electricity-data series
Two makers come together to make a robotic hand for a boy in South Africa (TechCrunch) — The maker movement is adjacent to the industrial Internet, and it’s growing fast as a rich source of innovative thinking wherever machines and software meet. In this case, Ivan Owen and Richard Van As built a robotic hand for a South African five-year-old who was born missing fingers on his right hand. Owen is an automation technician and Van As is a tradesman. They did their work on a pair of donated MakerBots — evidence that design for machines and the physical world at large is more accessible than ever to bright enthusiasts from lots of different backgrounds. The designers even open-sourced their work; the hand’s CAD files are available at Thingiverse. Owen and Van As are running a Fundly campaign; more information is available at their Web site.
WellDone — Utilities in the developed world use remote monitoring widely to keep far-flung equipment running smoothly, but their model is tough to apply in places where communications infrastructure is thin, though. This initiative has adapted the philosophy of the industrial Internet to the infrastructure that’s available: SMS text messaging. WellDone is installing water-flow sensors at local wells that send flow data by SMS to a cloud database. The system will alert local technicians when it detects anomalies in water flows, and the information it gathers will inform future data-driven development projects.
Manufacturing’s Next Chapter (AtlanticLIVE) — I’m visiting this conference in Washington, D.C. today; it’s also being live-streamed at The Atlantic‘s Web site. At 2:35pm Eastern Time and at 3:25pm, panelists will talk about the effect of technology on industry and the rise of advanced manufacturing.
Electricity Data Browser (U.S. Energy Information Administration) — The EIA has made its vast database of detailed electricity statistics available through an integrated interactive portal. The EIA has also built an API that opens more than 400,000 data series available to developers and analysts. Read more…
Four short links: 7 February 2013
SCADA 0-Day, Complexity Course, ToS Tracking, and Custom Manufacturing Prostheses
Go to Washington, build the industrial Internet
The next class of Presidential Innovation Fellows will include two people who will help define standards for the industrial Internet.
The White House has issued its call for the second round of Presidential Innovation Fellows, and it includes an invitation to spend a 6- to 12-month “tour of duty” in Washington, building the industrial Internet — or, more precisely, helping the National Institute of Standards and Technology find ways to connect proprietary intelligent machines to each other securely through standardized communication layers.
NIST is looking for two fellows — one with a background in information technology and the other from physical engineering — reflecting the convergence of those fields in the industrial Internet, where challenges move fluidly back and forth between software and hardware.
Shyam Sunder, director of the engineering laboratory at NIST, proposed the fellowships as a way to coordinate the broad public and private research efforts that are going into the industrial Internet. The President’s Council of Advisors on Science and Technology had identified cyber-physical systems as a national priority for federal research and development in 2007 and 2010, and the field was part of the mandate of the Advanced Manufacturing Partnership announced in 2011.
At the same time, private-sector work on the industrial Internet has accelerated in domains like automotive technology, manufacturing, utilities and logistics, says Sunder. “They all have, as their core, networking and information technology being integrated within engineered physical systems. They all have a strong emphasis on sensors, controls and processors that are networked and somehow have to be organized.” Read more…
Hacking robotic arms, predicting flight arrival times, manufacturing in America, tracking Disney customers (industrial Internet links)
The next wave of manufacturing will be highly automated--and American. Also, a hardware hacking collective rehabilitated a pair of cast-off industrial robots.
Flight Quest (GE, powered by Kaggle) — Last November GE, Alaska Airlines, and Kaggle announced the Flight Quest competition, which invites data scientists to build models that can accurately predict when a commercial airline flight touches down and reaches its gate. Since the leaderboard for the competition was activated on December 18, 2012, entrants have already beaten the benchmark prediction accuracy by more than 40%, and there are still two weeks before final submissions are due.
Robot Army (NYC Resistor) — A pair of robotic arms, stripped from their previous application with wire cutters, makes its way across the Manhattan Bridge on a bicycle and into the capable hands of NYC Resistor, a hardware-hacker collective in Brooklyn. There, Trammell Hudson installed new microcontrollers and brought them back into working condition.
The Next Wave of Manufacturing (MIT Technology Review) — This month’s TR special feature is on manufacturing, with special mention of the industrial Internet and its application in factories, as well as a worthwhile interview with the head of the Reshoring Initiative.
At Disney Parks, a Bracelet Meant to Build Loyalty (and Sales) (The New York Times) — A little outside the immediate industrial Internet area, but relevant nevertheless to the practice of measuring every component of an enormous system to look for things that can be improved. In this case, those components are Disney theme park visitors, who will soon use RFID wristbands to pay for concessions, open hotel doors, and get into short lines for amusement rides. Disney will use the resulting data to model consumer behavior in its parks. Read more…
The driverless-car liability question gets ahead of itself
Who will pay damages when a driverless car gets into an accident?
Megan McArdle has taken on the question of how liability might work in the bold new world of driverless cars. Here’s her framing scenario:
Imagine a not-implausible situation: you are driving down a brisk road at 30 mph with a car heading towards you in the other lane at approximately the same speed. A large ball rolls out into the street, too close for you to brake. You, the human, knows that the ball is likely to be followed, in seconds, by a small child; you slam on the brakes (perhaps giving yourself whiplash) or swerve, at considerable risk of hitting the other car.
What should a self-driving car do? More to the point, if you hit the kid, or the other car, who gets sued?
The lawyer could go after you, with your piddling $250,000 liability policy and approximately 83 cents worth of equity in your home. Or he could go after the automaker, which has billions in cash, and the ultimate responsibility for whatever decision the car made. What do you think is going to happen?
The implication is that the problem of concentrated liability might make automakers reluctant to take the risk of introducing driverless cars.
I think McArdle is taking a bit too much of a leap here. Automakers are accustomed to having the deepest pockets within view of any accident scene. Liability questions raised by this new kind of intelligence will have to be worked out — maybe by forcing drivers to take on the liability for their cars’ performance via their insurance companies, and insurance companies in turn certifying types of technology that they’ll insure. By the time driverless cars become a reality they’ll probably be substantially safer than human drivers, so the insurance companies might be willing to accept the tradeoff and everyone will benefit. Read more…
The bicycle barometer, SCADA security, the smart city in a disaster (industrial Internet links)
As more data from a sensor-laden world becomes available, we'll need better tools for reducing it to useful, simple, informed prescriptions.
The Bicycle Barometer (@richardjpope) — Richard Pope, a project manager at Gov.uk, built what he calls a barometer for his bike commute: it uses weather and transit data to compute a single value that expresses the relative comfort of a bike commute versus a train commute, and displays it on a dial. It’s a clever way of combining two unrelated datasets and then applying algorithmic intelligence. As more data from a sensor-laden world becomes available, we’ll need better tools like this one for reducing it to useful, simple, informed prescriptions.
Scada Security Predictions: 2013 (IndustryWeek) — Tofino Security founder Eric Byres predicts that 2013 will be the year that tablets start to show up on the plant floor. “We won’t see a full invasion of iDevices on the plant floor in 2013,” he writes, “but the wall will be breached.” Security researchers I’ve spoken with usually say that iOS is a remarkably secure platform, but connecting more devices to industrial control systems means more endpoints that make the job of securing an industrial system much more complicated.
Adaptation (The New Yorker, subscription required for full article) — Some smart-city systems, especially targeted communications and infrastructure monitoring, have become important elements of disaster preparedness. Read more…
Broadening the value of the industrial Internet
Remote monitoring appeals to management, but good applications create value for those being monitored as well.
The industrial Internet makes data available at levels of frequency, accuracy and breadth that managers have never seen before, and the great promise of this data is that it will enable improvements to the big networks from which it flows. Huge systems can be optimized by taking into account the status of every component in real time; failures can be preempted; deteriorating performance can be detected and corrected.
But some of this intelligence can be a hard sell to those being monitored and measured, who worry that hard-learned discretion might be overridden by an engineer’s idealistic notion of how things should work. In professional settings, workers worry about loss of agency, and they imagine that they’ll be micro-managed on any minor variation from normal. Consumers worry about loss of privacy.
The best applications of the industrial Internet handle this conflict by generating value for those being monitored as well as those doing the monitoring — whether by giving workers the information they need to improve the metrics that their managers see, or by giving consumers more data to make better decisions.
Fort Collins (Colo.) Utilities, for instance, expects to recoup its $36 million investment in advanced meters in 11 years through operational savings. The meters obviate the need for meter readers, and the massive amounts of data they produce is useful for detecting power failures and predicting when transformers will need to be replaced before a damaging explosion occurs. Read more…
Four short links: 23 January 2013
Thwarting Facial Recognition Software, Operations Security, Password Cracking SCADA Systems, and Wearables Evolved
- These Glasses Thwart Facial Recognition Software (Slate) — good idea, but don’t forget to put a stone in your shoe to thwart gait recognition too.
- opsec for Hackers (Slideshare) — how boring and unexciting most of not getting caught is.
- DHS Warns Password Cracker Targeting Industrial Networks (Nextgov) — Security consultants recently concluded that there are about 7,200 Internet-facing critical infrastructure devices, many of which use default passwords. Wake me when you stop boggling. Welcome to the Internet of Insecure Things (it’s basically the Internet we already have, but Borat can pwn your hydro dam and your fridge is telling Chinese milspec hackers when you midnight snack).
- The Evolution of Steve Mann’s Apparatus (Beta Knowledge) — wearable computing went from “makes you look like a robot who will never get laid” to “looks like sunglasses and promiscuity is an option”.
Strata Week: Political data mining “bait-and-switch”
Inaugural 2013 app has plans for your data, the "unprecedented" security issues of the Internet of Things, and optical switches speed up data centers.
Here are a few stories from the data space that caught my attention this week.
Inaugural 2013 app takes as much as it gives
The Presidential Inaugural Committee (PIC) launched the first official inaugural smartphone app, Inaugural 2013 (for iOS and for Android), Monday. Daniel Strauss reports in a post at The Hill that inauguration attendees can use the app to locate and RSVP to events, watch events via livestream, and navigate the event with an interactive map.
What isn’t front and center in the pomp and circumstance of the shiny new app are the terms of service and the privacy statement. Steve Friess at Politico points out that in the fine print, users are giving the PIC permission to share their data — phone numbers, email, home addresses, and GPS location data, for instance — “with candidates, organizations, groups or causes that [the PIC] believe have similar political viewpoints, principles or objectives.”
Gregory Ferenstein reports at TechCrunch that “privacy advocates find it troubling that the fine-print on the PIC’s website says it can use activity data ‘without limitation in advertising, fundraising and other communications in support of PIC and the principles of the Democratic party, without any right of compensation or attribution.'”
Seeing peril — and safety — in a world of connected machines
Industrial malware has captured the imagination of the tech industry, but efforts by security researchers are promising.
I’ve spent the last two days at Digital Bond’s excellent S4 conference, listening to descriptions of dramatic industrial exploits and proposals for stopping them. A couple of years ago Stuxnet captured the imagination of people who foresee a world of interconnected infrastructure brought down by cybercriminals and hostile governments. S4 — which stands for SCADA Security Scientific Symposium — is where researchers convene to talk about exactly that sort of threat, in which malicious code makes its way into low-level industrial controls.
It is modern industry’s connectedness that presents the challenge: not only are industrial firms highly interconnected — allowing a worm to enter an engineer’s personal computer as an e-mail attachment and eventually find its way into a factory’s analytical layer, then into its industrial controls, bouncing around through print servers and USB drives — but they’re increasingly connected to the Internet as well.