Latest great guest post for us by Stanford IoT lecturer Timothy Chou
As a management consultant you’re probably starting to hear the buzz around words like the Internet of Things, Industrial Internet and Industry 4.0. You’re probably wondering what incremental people resource will you need to implement an IoT application or solution? And how do you deal with the client’s security fears? And maybe more fundamentally who in the organization actually owns IoT? We’ll try and answer each of those questions, and perhaps spark some others.
Let’s start with the client. Who is the client? First, you need to divide the world into enterprises that build Things and businesses that use Things. AGCO builds combine harvesters, August Farms uses these machines. GE builds MRI machines; the Children’s Hospital of Orange County uses healthcare machines. Goldwind builds wind turbines; Sempra uses these machines to provide electricity.
So what’s the benefit of IoT to businesses that build Machines? First, a connected Thing will have a higher quality of service. A combine harvester needs to have high availability in the harvest window so being able to predict failure and optimize performance results in a higher quality machine. Connected machines can also reduce the cost of service. A large company that rents construction equipment spends $1B on maintenance. Reducing the cost of maintenance using information has massive implications on their operating costs. Of course all of this is interesting to the executives on the product or the service side of the business. But CEOs of leading manufacturers of machines are beginning to understand that the Internet has the potential to change their business models. There are at least three business models that will allow for additional sources of revenue and product differentiation. They follow a path pioneered by the enterprise software companies. If you realize that increasingly the value of the machines will be in the software this should be no surprise.
The Internet has enabled the “as-a-service” business model for IT infrastructure and software. The Internet of Things enables machines-as-a-service or equipment-as-a-service business models for all kinds of other products, potentially letting many kinds of companies shift from selling products to selling services based on those products. This model can transform large capital expenditures into a pay-by-usage operating expense. Examples of this trend are emerging. They include selling tires by the number of miles driven, a compressor by the amount of air compressed per minute or a coal mining machine by the number cubic meters of coal mined. Such services will often be more profitable than the products they are based on. In any industry you may not want to be the first to do this, but you certainly don’t want to be the last.
Let’s move on to the enterprises that use Things: hospitals, farms, airlines, manufacturers or utilities. Why should they care about precision technology or precision machines? There are at least four reasons: lower consumable costs, higher quality service, healthier products and safer services.
— timothy chou (@timothychou) October 26, 2016
Many machines consume materials during operations. This could be fuel in the case of an airplane, ink for a high-speed printer or chemical reagents in a gene sequencer. Often times, these consumables form a large portion of the operational cost structure. As anyone with an inkjet printer knows, the cost of the printer is not near as much as the cost of the toner cartridge you buy every year before tax day.
Utilities can use a machine called a synchrophaser to measure the phase angle of the power generated. A simple deployment in a major US utility consisted of over 100 machines, each delivering data at 60 times a second, much faster than any of us can type. Why is measuring phase angles 60 times per second interesting? By collecting this data the utility can learn to predict a grid outage, obviously improving the quality of service.
Precision farming can lower the cost of consumables e.g., fuel, fertilizer, pesticides. Nick August, owner of August Farms is a precision farmer. He estimates that using precision agricultural machines he can reduce fuel consumption from 60 liters to 5.9 liters per hectare for crop establishment. But remember he’s also using various fertilizer and pesticides. While reducing the consumption, does reduce cost, by reducing chemical usage he’s also creating a healthier product and doing less damage to the environment.
The derailment of an Amtrak train in Philadelphia in 2015 left at least six people dead and created chaos on the heavily traveled Northeast corridor the next morning. New York Air Brake provides precision technology to advise to the train operators on how to operate the train more efficiently. But if you can tell the train operator what to do, it’s a short step to just having the computers do it. Not only can precision IoT technology reduce operating costs but also eliminating human error will result in a safer railroad.
So if the enterprises that build Things or those that use machines want to build an IoT application, what technology and skills will they need? IoT applications can be very complex because they cross so many different domains. In the recently published Precision: Principals, Practices and Solutions for the Internet of Things we simplify the domain into a five-layer framework: Things, Connect, Collect, Learn, Do.
Things, whether that’s a gene sequencer, locomotive or water chiller, are becoming smarter. Driven by cell phones sensor technology (there are 12 of them in all cell phones) attached to high performance computers (64-bit computers), with large amounts of memory and storage connected to a variety of networks is getting lower and lower cost. A recent oil drilling platform in the Gulf of Mexico has over 40,000 sensors. And as everyone knows compute and storage cost continue to drop so whether it’s a crop sprayer, blood analyzer or solar grid Things will increasingly be driven by more sophisticated software. As any Tesla owner can tell you they get new features much more frequently than the rest of us.
Things can be connected to the Internet in a variety of ways. Connecting Things require a diverse set of technologies based on the amount of data that needs to be transmitted, how far it needs to go, and how much power you have. Furthermore, you have many choices at a higher level on how to manage the connection and how it’s protected and secured.
The sheer volume of data that can be generated by Things will be exponentially larger than that of IoP applications. Today, data might be collected and stored using SQL, NoSQL, and traditional time-series from companies like IBM, SAP, Oracle and Teradata. Your data architect will be dealing with a different kind of data than a traditional transaction processing systems.
With an increasing amount of data coming from Things, we’ll need to apply technology to learn from that data. Learning and analysis products will include query technology, and both supervised and unsupervised machine-learning technologies. Because, as an industry, we have mostly focused on IoP (Internet of People) applications, most of the technology applied to learning from data streams has been applied to learning from data about people. As with all parts of the stack, there is machine-learning innovation being driven by large companies like IBM and the Watson technology to a stealth startup called Lecida.
As it was with IoP applications, there will be both packaged applications (e.g. ERP, CRM), Oomnitza, a San Francisco company is building a Thing management application, where they assume Things can be programmed. Like the IoP world, there will be many more custom applications than packaged applications. Many companies are starting to provide middleware from large companies like GE with Predix down to young companies like Atomiton with their unique Thing Query Language (TQL). As many in the software industry already know, the movement to delivering software as a service has revolutionized the enterprise software industry. It promises to be no different for enterprises that build machines and those who use machines.
No matter which part of the five layers you’ll have to make sure you’re considering the issues of security. Some of these will be unique to IoT, for example, the difference between machine data and nomic data. Data from agricultural equipment, compressor or gene sequencer will consist of two kinds of data: machine data and what I’m going to call nomic data. A gene sequencer has machine data such as the power level of the laser, or the amount of chemical reagents. While that’s machine data, there is also ge-nomic data, the actual gene sequence, also available from the machine. On the farm there are seed spreaders and fertilizer sprayers. Again there is machine data like speed, oil pressure or location, but also there is also agro-nomic data like the nitrogen level of the soil or the moisture level of the grain. Should all machine data be available to the builders of machines? Large car manufactures might not want to share the robot data from the robots used to make the cars, as you might be able to forecast the car company’s quarterly results. Semiconductor manufacturers might not want sensitive process data outside of their four walls. Or Chinese wind turbine companies might not want energy data in a foreign country. This is going to be an ongoing debate since clearly the machine manufacturer can only build a more reliable, secure, performant product if the data is shared. We’re only at the beginning of this debate.
As someone who’s worked in the area of cloud computing for years I’m often asked, “is the cloud secure?” Just like the word cloud computing, or IoT we need a more sophisticated understanding what the word “secure” means.
Security is a complex topic, but as a management consultant it’s useful to simplify the subject and bring it to a higher level: An IoT application is secure if and only if it meets feature specifications in five key areas: hardening, identity and access management, auditing, testing, and compliance.
The security of any IoT application depends on not only the integrity of the application itself but also all the supporting software and hardware. So at the basic level you must make sure the latest security patches have been applied and there are no viruses or malware. A well-documented vulnerability in an IoT application is the story of the StuxNet virus. If the application down to the network is not hardened then all bets are off. A security feature for an IoT application might be: From the time a security patch is issued from these ten suppliers, 433 tests are applied and the patch is placed into production in 32 minutes +/- 15 seconds.
The implementation of any security policy is dependent on knowing the identity of an individual. Once authenticated, access management is deciding what data or operations the individual can do. Just like the speakeasies during Prohibition, someone has to know who you are and then what rooms you can enter. Thing or machine authentication might be able to skip ahead and move to schemes, which require no passwords.
A key principle in building secure systems is auditing. Auditing is the recording of all the changes that happen to the application and the underlying technology. Largely because any system built by people will have flaws you want to be able to study the audit trail and perhaps identify the source. Intrusion detection solutions use real time auditing to sound the alarm when a security fault occurs. Maybe one day like the characters in the movie Minority Report, we’ll be able to discover a security fault before it happens, which brings us to security testing.
The Most Active VCs In The Internet Of Things And Their Investments In One Infographic https://t.co/2G6JhrmhXw
— timothy chou (@timothychou) October 26, 2016
There are a wide variety of security tests, which can be run to determine whether the security of the application and underlying technology can be compromised. This class of operations management cloud services is available from a number of companies. And finally while there are compliance standards for financial systems like PCI and healthcare systems like HIPPA, it will remain to be seen what standards emerge for IoT.
We’re only at the beginning of this wave of technology, what I think of as the third generation of enterprise software. As a management consultant consider becoming a student of the area. As I tell my Stanford students, our industry has only really affected the virtual world. We’ve made it easier to pay for things, find a restaurant or plan a trip; but we stand at the beginning of being able to use software to change the physical world. And unless we all move to Mars, we’re going to need to build a more precision planet.