All Posts By

maemalynn

EdgeX Foundry Member Spotlight: Xage Security

By | Blog

The EdgeX Foundry community is comprised of a diverse set of member companies that represent the IoT ecosystem. The Member Spotlight blog series highlights these members and how they are contributing to and leveraging open source solutions. Today, we sat down with Roman Arutyunov, Co-Founder and VP of Products for Xage Security, Inc. to discuss Industry 4.0, challenges for edge computing, security and digital twins for machines.

What does your company do?

Xage is the first and only blockchain-protected security platform for industrial IoT, creating a tamper-proof “fabric” for communication, authentication, and trust that assures security at scale. Our platform supports any-to-any communication, secures user-based and machine-to-machine access to existing industrial systems, works at the edge even with irregular connectivity, and gets stronger and stronger with every device added to the network. Customers include leaders in the largest industries, spanning energy, utilities, transportation and manufacturing.

Why is your company investing in the IoT ecosystem?

Industry 4.0 promises to bring the next big wave of economic growth, optimizing production and customer experience. As a team of security, industrial digitization, and software experts, we knew security would be foundational to such an autonomous, any-to-any, edge-heavy ecosystem. The current centralized security systems simply aren’t designed to handle the scope, nature or complexity of Industry 4.0. We saw the opportunity to build a security fabric that is distributed, redundant, flexible, and adaptive enough to provide the necessary trust and integrity for secure Industry 4.0 interactions at scale.

How has IoT impacted your company? What benefits have you seen or what do you expect to achieve?

Our goal is to become the foundational and enabling security layer for IoT security across the major, evolving industries that need it––like manufacturing, transportation, utilities, and energy, among others. IoT has already had a large impact on industrial verticals ranging from robotics in manufacturing, connected cars in transportation, and integration of renewable energy sources like solar and wind in utilities. Data-driven autonomous operation with distributed intelligence is a common theme across multiple industrial verticals and has the promise of enabling significant improvement in service reliability, efficiency, and sustainability affecting our everyday lives.

Businesses currently have to invest a lot of time and energy into developing their own edge computing solutions. What are some of the business or technical challenges you have faced when adopting edge computing technologies?

When developing edge computing solutions businesses typically face the challenge of having to deal with multiple data and control protocols, building adapters for each, and creating a data store on top of which analytics solutions can be run. Additionally, as data is exchanged and accessed by multiple applications there is a need for effective access control. The Xage Security Fabric addresses the security concerns for data storage and access across multiple distributed systems and applications at the edge.

Why did your company join EdgeX Foundry?

EdgeX Foundry and Xage are aligned in our objectives to build a converged and secure solution, spanning multiple vendors, devices, and applications for industrial IoT at the edge. There’s massive potential to transform the way industrial organizations operate, and joining the EdgeX Foundry brings us one step closer to the reality of Industry 4.0, operating efficiently and securely at the edge.

How are you going to use the framework?

Xage has created a decentralized framework for securing IoT devices, applications, and and enabling any-to-any information exchange. The Xage Security Suite enables access control at the edge enabling zero-touch device enrollment, one-click user access control, and peer-to-peer application data exchange. Even before we became a member of EdgeX Foundry – we had been working with the framework. We plan to make our Security Suite accessible through EdgeX.

Where do you see enterprise and industrial IoT in 20 years?

Two decades is a very long time in technology’s terms – just think about what your cell phone looked like 20 years ago. Actually, most people used pagers back then! In 20 years, IoT will move well beyond connectivity and data, and will be a well-integrated part of our lives. Through the spread of artificial intelligence and virtual reality, we will invent “digital twins” for machines that currently power our industries, and learn to interact with them for joint machine and human decision making.

What is your favorite connected device?

I love cars, connected cars and autonomous cars. It has a been a passion of mine for some time now. One of the first connected and autonomous cars has been implemented in open-pit mining. Think large Caterpillar trucks the size of a 2-story house driving themselves.

EdgeX Foundry Member Spotlight: CloudPlugs Inc.

By | Blog

The EdgeX Foundry community is comprised of a diverse set of member companies that represent the IoT ecosystem. The Member Spotlight blog series highlights these members and how they are contributing to and leveraging open source solutions. Today, we sat down with Jimmy Garcia-Meza, Co-Founder and CEO of CloudPlugs, to discuss architecture, the ecosystem and Industrial IoT.

What does your company do? 

CloudPlugs enables energy, utility and manufacturing companies, service providers, building managers and municipalities to i) digitize and securely connect their legacy and new device infrastructure; ii) to manage end-to-end the lifecycle of their devices, applications and data; iii) to add intelligence to the edge to gain better insights and automate actions, and to easily integrate operations technology with IT systems and 3rd party applications and cloud services.

CloudPlugs offers a secure, fully integrated edge to cloud stack using state-of-the-art container technology in the cloud and in the edge.  Our suite of integrated tools for connectivity, fast service development and deployment enable companies to implement and deploy their digital transformation projects in record time. For example, a large electrical utility developed a smart micro-grid service and deployed it within 35 days making it an internal example of how technology should be implemented.

Why is your company investing in the IoT ecosystem?

The IIoT space is so large and complex that it is impossible for a single company to address the needs of the market.  For our customer projects to be successful, we need close relationships with the sensor, PLC, gateway and other edge device manufacturers, and upstream with the companies that provide data lakes, advanced analytics, machine learning tools and operations and business support systems.  A real, field deployable solution must provide integration on the edge side and integration on the cloud or data center side.  Only this way can companies truly integrate and digitize their vertical and horizontal value chains.

How has IoT impacted your company? What benefits have you seen or what do you expect to achieve? 

IoT is what we do from inception, so we live and breathe the opportunities and challenges that surround this new world.  Industrial customers tend to have 6-9-month evaluation cycles since the decisions will impact their operations and digital service and business model creation. However, what we have learned is that when they experience success, they will invest more.  Some of the benefits we saw in adding Edge One™ to Thermal and Power plants to ingest and process legacy data that is pushed to a data lake, are that the customer is now able to use data scientists to create predictive models to further optimize operations.  The confidence they gained help them venture into incorporating LoRa and sensors to transport data inside the plants and they now have an advanced material tracking system.  Other customers are building their new connected systems to change their business model from selling expensive machines to selling outcomes.  The impact of IoT and IIoT is just beginning to be felt and it will drive the Industry 4.0 initiatives in the years to come. 

Businesses currently have to invest a lot of time and energy into developing their own edge computing solutions. What are some of the business or technical challenges you have faced when adopting edge computing technologies? How have you overcome them?

We have believed in edge computing since day one. Since then, we have built Edge One™ on top of the SmartPlug™ to deliver a container based, high performance, extensible platform for edge connectivity and computing.  Coming up with an architecture that delivers flexibility, performance, scalability and extensibility has not been easy and it requires deep understanding of 1) the problem you want to solve, and 2) the technologies available and that need to be created to create a solution that can solve most of the challenges.  Extensibility is key, and we are building an ecosystem of partners who can build and sell their own container applications and services on Edge One™ to complement the modules available from CloudPlugs.

Why did your company join EdgeX Foundry?

In many ways, EdgeX Foundry mimics what we do on the edge, but we expect to contribute to the technology and use cases and to make our Edge One™ platform compatible with EdgeX products and services.

How are you going to use the framework?

We are going to add to our products the pieces that allow interoperability with other edge devices that are EdgeX enabled.

Where do you see industrial IoT in 20 years?

I hope that in 20 years we’ll be talking about something else and that most of the industrial sector will have had great experiences in deploying their Industry 4.0 initiatives.  One of the core elements of Industry 4.0 is the implementation of cyber-physical systems with the ability to learn and make autonomous decisions.  Currently, companies are overwhelmed with the tasks of connecting everything and trying to gain better insights from the data.  In a few years, as technology evolves and more, easy to integrate and use solutions become available, the number of companies using AI as part of their daily operations will grow. I expect that this will enable new battlegrounds for increased operational efficiency and new, innovative digital service and business models will emerge.

Linux Foundation Blog: EdgeX Foundry Continues Momentum with ‘California Code’ Preview

By | In the News

EdgeX Foundry is still a few months away from its one-year anniversary.  For those unfamiliar, EdgeX Foundry is a vendor-neutral, open source IoT edge computing framework project under The Linux Foundation.  At the heart of EdgeX is a microservice architecture which allows the platform to be distributed, updated, replaced, improved and even provided by commercial third parties for additional value add where it makes sense.  Its goal is to provide an interoperable platform (hardware and OS agnostic) to accelerate the deployment of industrial IoT solutions.

Even before the project’s first birthday, there is plenty to celebrate.

Read more on The Linux Foundation blog.

EdgeX Foundry Momentum Continues with California Release Preview and New Vertical Solutions Working Group Focused on Industrial Internet of Things (IIoT) Use Cases

By | Announcement

California preview demonstrates significant performance improvements ahead of full code release in Summer 2018   

SAN FRANCISCO – February 27, 2018EdgeX Foundry, an open source project building a common interoperability framework to facilitate an ecosystem for Internet of Things (IoT) edge computing, today announced early access to some elements of the California code release. Demonstrating significant performance increases and size reductions, these elements support more efficient microservices and a path toward scalability. The full California release will be available in Summer 2018 and represents a major step in evolving the EdgeX framework to support the developer requirements for deployment in business-critical IIoT applications.

The EdgeX Foundry community is working toward improved performance, lower start-up times and reduction in the overall footprint via alternative Go Lang and C-based implementations of key EdgeX microservices for easier access when deploying IoT solutions. The California preview features several Go Lang microservices that are drop-in replacements for the Java versions, including core services like Core Data, Metadata and Command. Initial test results of the Go Lang microservices include 97 percent less memory than the Java variants with a 99 percent improvement for start-up time.

“The California preview is a testament to the collaborative effort of the EdgeX community and our commitment to improve the size and speed of the platform,” said Keith Steele, EdgeX Foundry Chair of the Technical Steering Committee and CEO of IOTech. “By providing key EdgeX microservices in both Java and Go Lang, we offer developers more flexibility and a wider range of use in real world IoT and edge computing solutions.”

The full California code base is expected to be released in Summer 2018 with key planned features that include baseline APIs and reference implementations for security and manageability. The California code is a follow up to the first code release, called Barcelona, which launched in October last year. More details for the California code can be found in this blog while the technology roadmap is available on EdgeX Foundry’s wiki.

More on the project’s achievements in 2017 and what’s in store for the year ahead can be found in this recent state of the union blog post on the EdgeX Foundry website.

Accelerating IIoT Deployments through Vertical Solutions

EdgeX Foundry has also launched a new Vertical Solutions Working Group to host use case-focused projects developed with input from end users to create solutions that meet their specific requirements. Moonki Hong, Senior Engineer at the Software R&D Center for Samsung, chairs the Vertical Solutions Working Group. The new projects include:

  • The Oil and Gas Project will perform gap analysis and deliver specific market requirements to other working groups, create a reference architecture for specific use cases, develop unique source code and liaise with universities and the Society of Petroleum Engineers. Alberto Dellabianca, an Edge Computing and Technical Lead with National Oilwell Varco, leads this project.
  • The Smart Factory Project concentrates on developing the key success functions to enable smart factories with common EdgeX features such as the data processing runtime and workflow, ezMQ, OPC-UA protocol software and microservices, and Pharos, the service deployment manager and agent. The proposed features will be delivered in the form of microservice or relevant library software. MyeongGi Jeong (MJ), Software Architect for Samsung Electronics, heads the project.

A Growing Ecosystem Supporting the IoT Landscape

Hosted by The Linux Foundation, EdgeX Foundry is a collaborative project of 70 members and growing, working together to make it easy to quickly build, deploy, run and scale IIoT solutions. The EdgeX ecosystem continues to grow with the addition of five new members: Enigmedia, FIWARE Foundation, Rubicon Labs, Wanxiang Group and Xage Security.

“A successful and stable IoT ecosystem is based on an infrastructure that can support it,”

said Jason Shepherd, Chair of the EdgeX Foundry Governing Board and Dell Technologies IoT CTO. “With 70 member companies from 16 countries worldwide, the growing EdgeX ecosystem  is destined to enable interoperability and digital transformation in any number of industries through commercial value add built around the open APIs.”

“EdgeX Foundry is a great opportunity to promote an interoperable and secure alternative for Industrial IoT,” said Gerard Vidal, PhD and CEO of Enigmedia. “We are eager to share our experience in cryptography, security in PLCs and embedded systems to eliminate the cybersecurity blind spot in the IIoT field.”

“EdgeX Foundry is one of the most promising vendor-neutral open source projects tackling IoT edge computing while FIWARE Context Broker technology is gaining growing momentum as the de facto open source standard for Context Information Management,” said Ulrich Ahle, CEO for FIWARE Foundation. “We are thrilled about the collaboration between FIWARE and the EdgeX ecosystem and look forward to creating a complete technology stack addressing the challenges of highly distributed smart solutions managing large-scale data.”

“IoT 1.0 was all about the cloud but IoT 2.0 is all about the edge,” said Julia Cline, VP of Product Marketing at Rubicon Labs. “Edge computing is rapidly unlocking the power of IoT and allowing for new business models for everyone from entrepreneurs to enterprises and Rubicon Labs is uniquely positioned to leverage the EdgeX framework to design and develop innovative key management and business enablement technology. We are excited to join this Industrial IoT-focused ecosystem and look forward to contributing secure solutions to the EdgeX platform.”

“We believe edge computing innovation has vast potential in our strategic initiatives, including smart transportation, intelligent manufacturing, clean distributed power infrastructure and our ambitious 10-square-km Innova City mega-project, and beyond,” said Jun Chen, Vice President of Wanxiang Group. “As a leading automotive component and renewable energy company and China’s blockchain ecosystem leader, we are excited by the idea of working with blockchain embedded at the edge with EdgeX Foundry. We are also members of the Industrial Internet Consortium (IIC) and Alliance of Industrial Internet (AII) and look forward to collaborating on industrial internet testbeds, architecture and standardization.”

“We’re entering a new era of industry powered by distributed intelligence” said Roman Arutyunov, Co-Founder and VP of Product of Xage Security. “EdgeX and Xage are aligned in our objectives to build a converged and secure solution, spanning multiple vendors, devices, and applications for industrial IoT. Whole industries are being transformed, and Xage joining EdgeX Foundry further advances the new generation of efficient and secure industrial edge operations.”

For more information and to learn how to get involved, please visit the following EdgeX Foundry resources:

About EdgeX Foundry

EdgeX Foundry is an open source project hosted by The Linux Foundation building a common open framework for IoT edge computing and an ecosystem of interoperable components that unifies the marketplace and accelerates the deployment of IoT solutions. Designed to run on any hardware or operating system and with any combination of application environments, EdgeX enables developers to quickly create flexible IoT edge solutions that can easily adapt to changing business needs. To learn more, visit: www.edgexfoundry.org.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

###

EdgeX Foundry Member Spotlight: Mocana

By | Blog

The EdgeX Foundry community is comprised of a diverse set of member companies that represent the IoT ecosystem. The Member Spotlight blog series highlights these members and how they are contributing to and leveraging open source solutions. Today, we sat down with William Diotte, President and CEO of Mocana, to discuss embedded security software, military applications and IoT analytics.

Tell me a little bit about your company.

Mocana provides mission-critical IoT security solutions for embedded systems, industrial controls and the internet of things. Today, Mocana protects more than 100 million embedded devices within military aircraft, manufacturing automation equipment, electric utility grid control systems, medical equipment and IoT devices. Our IoT security platform goes beyond traditional security approaches by making IoT and ICS devices trustworthy and enabling secure device-to-cloud communications.

Why is your company investing in the IoT ecosystem?

To deliver IoT- and connected-device-based services, it requires an entire ecosystem of connected, interoperable systems and services — from the chips to the sensors to the gateways, and up into the cloud or core systems and services tp provide “networks of systems.” Securing this “network of systems” requires a holistic approach and Mocana has developed relationships with a broad ecosystem of vendors in the IoT marketspace to develop pre-integrated solutions to ensure end customers receive robust, consistent protection when launching IoT services, while spending much less time architecting, developing and then supporting their new offerings.

How has IoT impacted your company? 

Mocana was founded in 2002 to provide security software for embedded systems in military aircraft and devices. We then extended our solution to address the needs of the industrial automation and controls market. With Mocana solutions protecting more than 100 million devices today, we are in a great position to help the IoT industry protect the billions of connected devices to ensure their security and safety.

Businesses currently have to invest a lot of time and energy into developing their own edge computing solutions. What are some of the business or technical challenges you have faced when adopting edge computing technologies? How have you overcome them?

Computing at the edge involves placing more intelligence in devices rather than handling all of the analytics and decision-making at the core, in a remote data center. For example, today’s modern industrial-grade surveillance cameras handle much of the video analytics at the edge. This allows a remote camera on a street corner to analyze surveillance video footage locally within the camera, rather than having to backhaul all of the data back to the cloud to analyze it. There is great advantage to doing this to speed analysis and reduce the time it takes to identify characteristics, such as color, object type and direction, in real time. The challenge of embedding more intelligence into edge devices is that they are sometimes resource constrained, meaning they have limited processing power and memory relative to a full-blown computer or data center server. Mocana addresses this by working closely with silicon vendors and real-time operating system software providers to optimize the performance of our security software on minimal systems so that edge computing applications can run securely.

Why did your company join EdgeX?

Mocana joined EdgeX as a founding member in order to deepen partnerships and relationships with Dell, VMware, Ubuntu, ADI and other major organizations within the growing IoT gateway ecosystem collaborating in the EdgeX community. The membership extends Mocana’s mission as an IoT security provider for devices that are delivering high-value connected services on edge computing systems. Mocana’s interoperability with the EdgeX ecosystem is essential to ensuring end customers have access to a robust, reliable, commercially tested and supported security solution that secures their high-value services running at the edge, as well as their device-to-gateway-to-cloud network of systems. The company is focused on improving interoperability, securing gateways, and providing a chain of trust for both northbound and southbound communication and analytics.

How are you going to use the framework?

Mocana will deliver an easy-to-use plug-in to quickly migrate from the base EdgeX open-source security framework and tools to Mocana’s comprehensive, reliable, commercially tested and supported security solution that secures their high-value services running at the edge, as well as their device-to-gateway-to-cloud network of systems.

Where do you see enterprise and industrial IoT in 50 years?

It’s hard to predict where the industry will be in 50 years; however, there no question that the internet of things  will transform the way we live, work and interact with our physical world. Sensors will be ubiquitous in everything, from our basic needs of what we eat and drink to what we use to do our jobs and experience the world. For example, today, sensors — tiny microcontrollers that are as small as grain of sand — are used in agricultural applications to measure temperature, moisture and pH of the soil. These sensors will decrease in size so that they can be ingested and measure various aspects of your health. In factories or even hospitals, human workers will work alongside robots that can use artificial intelligence and enhanced physical strength to improve the productivity as well as the safety of workers. In smart cities, the street lights will become beacons of information filled with sensors for weather, light, traffic, sound, proximity and surveillance. These will provide a great deal of information to make our cities safer and more efficient. As part of the Industry 4.0 revolution, industrial manufacturers are already incorporating sensors into factory equipment to measure performance and improve uptime and productivity. In the transportation sector, we will certainly see connected vehicles and autonomous driving cars. Fast progress is being made in this area. In 50 years, I could see flying personal vehicles and certainly a proliferation of drones.

 

EdgeX Foundry Member Spotlight: Kodaro, LLC

By | Blog

The EdgeX Foundry community is comprised of a diverse set of member companies that represent the IoT ecosystem. The Member Spotlight blog series highlights these members and how they are contributing to and leveraging open source solutions. Today, we sat down with Larry Andriunas, President of Kodaro, to discuss analytics, the EdgeX ecosystem and the role software plays in the Internet of Things. 

What does your company do and what is your your role?

Kodaro is a building software company primarily aimed at helping contractors and controls companies find value in building data from the edge to the cloud. We’re a company of engineers and computer programmers who believe building analytics should empower people to solve problems and make facilities more efficient. In addition to Analytics as a Service, analytics rules packages, and cloud hosting services, we make a variety of products to integrate and expand the capabilities of the Dell Edge Gateways for building systems. I’m the Founding President of Kodaro, overseeing the team as we unpack building data and turn it into actionable information for building controls managers.

Why is your company investing in the IoT ecosystem?

In a very short time the IoT has gone from something people whisper about to a keyword at the heart of countless analyst reports from here to Dubai. This has been driven by consumer-facing sectors like smart home devices and wearable technologies and we in the buildings industry are realizing it’s only a matter of time before all those people and all those devices impact the way we operate buildings. We’re investing in the IoT ecosystem because we believe that buildings of the future are connected and full of data that adds value, through energy savings, increased occupant comfort, equipment longevity and better connections.

How has IoT impacted your company? What benefits have you seen or what do you expect to achieve?

The IoT essentially is our company. Without a network of connected devices transmitting data within and between each other, we couldn’t do what we do. Some of our software facilitates the data transfer, others translate and analyze the data once it gets to where it needs to go. As building controls and integrators advance into this open and connected world we as a software company will be able to find, understand and act on more information about what’s happening in buildings than ever before.

Businesses currently have to invest a lot of time and energy into developing their own edge computing solutions. What are some of the business or technical challenges you have faced when adopting edge computing technologies? How have you overcome them?

As a software company in building automation, we’re often working between hardware and third-party applications. Each piece operates at opposite edges, and in many cases they use different languages or frameworks to conduct similar operations. So, much of our time and energy is spent bridging those gaps with software. One exciting example is our machine learning algorithms that automatically tag data so that it can be integrated into the building automation system more quickly and cost effectively.

Why did your company join EdgeX?

By creating an open source community, we believe EdgeX will attract the best minds to solve the most complex problems of the IoT. As a software company for the IoT, it was important that we part of the team that’s stitching it all together.

EdgeX Foundry Ecosystem

 

How are you going to use the framework?

We plan to deploy the EdgeX Framework from edge to cloud to create easier, faster connectivity so that we can better run data analytics in building systems.

Where do you see enterprise and industrial IoT in 20 years?

IoT is now compartmentalized into homes, buildings, industrials. In 20 years, I see seamless integration across verticals. Our lives will be integrated into buildings, buildings will be integrated into cities and so on. As the IoT advances, it will change how our lives are connected.

 

 

EEJournal: Living On the Edge: EdgeX Defines an “Edge” Framework

By | In the News

Ah, words… Simple audio utterances that contain meaning. Well, except when they don’t. Or when each of us parses a different meaning out of a given collection of phonemes, making even morphemes morph.

In our world of technology, in particular, we deal with inordinately complex concepts, and we have to find shorthand ways of referring to them, or else we’d forever be locked up with convoluted phrases like, “a single binary unit of information” instead of “bit.” And, in most cases, for purposes of communicating in the English language, we borrow from the vast English lexicon (or occasionally from other languages, but English has a rather large vocabulary from which to choose). We take words that mean some specific mundane thing – like “bit” – and leverage them for some technical concept that evokes the simple meaning of the word.

Read more at EEJournal.

Automated Buildings: What’s Happening at the Edge of IT/OT Convergence

By | In the News

Technologies with the power to transform lives, industries, and societies almost always spring from the meeting of science and art. Author Walter Isaacson has documented how innovation happens at these crossroads in his biographies of Leonardo da Vinci, Benjamin Franklin, Albert Einstein and Steve Jobs. His book The Innovators is a compendium on the topic, offering highlights from the lives of other ‘hackers, geniuses and geeks’ that made the discoveries that have led us to today’s digital revolution. This moment in Tech feels particularly transformative in that the silo mentality that has kept various engineering disciplines apart and evolving along different lines is breaking down. Experts in enterprise computing, telecoms, embedded systems, automation & controls are all contributing their brain power to a common goal—realizing smart and connected systems, aka the Internet of Things (IoT).

Learn more at Automated Buildings.

SDxCentral: Unraveling the MEC Standards Puzzle

By | In the News

Multi-access Edge Computing (MEC) is quickly gaining traction as a disruptive technology that promises to bring applications and content closer to the network edge. It is also expected to reduce latency in networks and make new services possible.

Analyst Iain Gillott of iGR Research says that he expects MEC to be as disruptive to the market as 5G and software-defined networking (SDN).  And several companies, including Huawei, have said that they are currently testing MEC.

Read more at SDxCentral.

EdgeX Foundry Member Spotlight: Two Bulls

By | Blog

The EdgeX Foundry community is comprised of a diverse set of member companies that represent the IoT ecosystem. The Member Spotlight blog series highlights these members and how they are contributing to and leveraging open source solutions. Today, we sat down with Noah Harlan, EdgeX Foundry Board Member and Founder of Two Bulls, to discuss the IoT market, connected devices and security.  

When we talk about IoT we mostly think of consumer IoT, but there is also managed consumer IoT (like security devices offered by ADT/Comcast/Verizon) and Industrial IoT. Can you talk a bit about the IoT market in general?

IoT is a marketing term for connected devices. Any edge device that connects to either a central system or makes itself available via the internet can plausibly be viewed as IoT.

Practically speaking I would bucket IoT into consumer and industrial but the edges quickly become fuzzy. A single apartment with a connected thermostat is clearly consumer IoT but if that apartment’s connected thermostat is part of a building-wide HVAC system is that now Industrial? To the company that installed the building-wide system, probably since they’re B2B2C, while the building management is in the middle (B2C), but to the apartment resident it’s a consumer product. Furthermore, when you expand outward and look at areas like smart cities which may involve a mixture of stakeholders it’s hard to differentiate. TL;DR: perspective matters. So given that, if you view it all as connected devices, then the underlying technologies need to address connectivity and devices, not an “Internet of Things.”

 

Can you tell us about your own solutions for the IoT world?

Two Bulls is a digital and connected product consultancy that works with some of the world’s biggest brands and most innovative startups to bring great products to market. We provide strategic, design, and development services and handle everything from embedded systems, to cloud infrastructure, to user interfaces and everything in between. We currently are working on products in the consumer IoT, smart cities, and industrial IoT spaces and our client list includes Verizon, Vodafone, Qualcomm, LIFX, and many others. 

IoT devices have earned the reputation of Insecure Internet of Things. Why do we keep hearing so many attacks and vulnerabilities in IoT device? 

Poor planning and poor design has led to some very significant security breaches or lapses, whether that was in the form of hacks like the Mirai botnet or overaggressive data gathering (always-on listening TVs and toys). While guaranteeing perfect security is extremely hard, putting in place a set of basic best practices mitigates the risks. When devices are deployed which are connected but can’t be updated or rely on hard-to-update common default security credentials, you are asking for a problem.

Furthermore, when a large company is hacked, it may include your credit card information but the breach is still relatively abstract to you as an individual whereas when you find out that a security camera in your house was breached you feel it very acutely and as more and more devices gain connectivity, the possibility of nefarious actors doing bad things grows. Hacking your email account is bad. Hacking the lock on your front door is potentially catastrophic.

There are two components of IoT devices – the Edge device and the backend server. Where do you see is the problem when it comes to security?

If you don’t worry about end to end, then you’re not thinking about security seriously. That said, we have good protocols for encryption of the upstream communications and we have a lot of experience with protecting backends. Where we have a harder problem is the device-to-device communication at the edge, particularly when there are multiple protocols involved. The protocol translation issue is a very hard security problem. If I am a router and I have a device on one side that speaks Protocol A and a device on the other that speaks Protocol B and I want to translate, I can’t generally rely on end-to-end encryption. I have to decrypt the messages from A, translate them, and then encrypt them when I send them off to B. The challenge becomes how do you determine trust for the translator so that all parties feel comfortable with a “man in the middle” being able to view everything and that the translator is both legitimate and uncompromised.

In most cases we have seen that IoT devices don’t get software updates and patches. Should IoT devices adopt an OS similar to Container OS where the systems are automatically updated? 

Any good edge operating system should have inbuilt systems for easy remote updating or they will eventually be subject to a security risk. Period. 

How much is standardized when it comes to IoT platform (the OS level) and applications?

Currently, nothing is “standardized” and thus a platform like EdgeX Foundry that can acknowledge that the proliferation of protocols and transports likely won’t consolidate for a range of reasons. It provides a system for translation, processing, and gateway security that  are essential and valuable going forward.

Do you think government and regulations can play some role in forcing IoT vendors to take security seriously?
I have worked with members of Congress on their first steps looking at IoT, in particular Cory Booker who is co-sponsoring the DIGIT Act which is making its way through Congress now. My best advice to them was to work to avoid a patchwork of security rules (one set for health, another for automotive, another for consumer, etc…) as that would lead to conflicting rules and stifle innovation. Instead, I encouraged them to establish a privacy and security spectrum which defines the requirements of each place on the spectrum (eg: at one end devices with very little security or privacy and at the other devices with very high security or privacy) and to encourage or require IoT vendors to declare their device’s “tier” in the Security & Privacy Spectrum (eg: a connected speaker with no microphone might be a level 3 device while a connected blood pressure monitor is a level 7 device while a pacemaker is a level 10 device because if it get hacked someone could die). This would mean that regulators would stay out of the minutia of defining *how* to comply and simply state what compliance means. This frees the industry to innovate and gives them a bar to measure against.