The ever-increasing use of connected, software-enabled technologies in almost every facet of our home, communities, and workplace is a trend that will endure. We have succeeded in labeling it—the “Internet of Things” (IoT)—and valuing it (trillions). But where will it lead, and what does the future mean for public technology policy? What are the driving forces behind this wave of technology, and can we guide it to a more useful tomorrow? When software is connected and works on more than data, when property, lives, and other aspects of our world are at risk, how do we embrace the changes but keep the potential for harm in check? This article explores these questions along with approaches for establishing a marketplace that addresses them.
March 01, 2018
The Industrial Internet of Things and Why You Should Care
By Robert A. Martin
The Age of Connectivity
For the bulk of human history, our various activities, whether in business, family, or academia, were separate and uncoupled from those of others outside our own community. However, for the last decade, a new set of market forces and physical realities have been changing our world whether we realize it or not. The very context in which many of us operate, and the scope of influence and linkage others have on what we do in our organizations, communities, and personal actions, have been shifting around us, and those changes are the motivating forces behind the emergence of the IoT.
Much as past economic and social changes have impacted large segments of our society, the power and prevalence of computing resources, data, information, connectivity, and automation is reshaping our communities, industries, and markets in ways that many have yet to appreciate, internalize, or respond to. With more of the world utilizing information-rich technologies, the continued and increasingly ubiquitous need for physical goods and products, competition for scarce resources, and dwindling differences in the costs of labor between global regions, there are increasing insensitivities to producing things locally, becoming more efficient with respect to energy, labor, and materials to keep costs down, and the need to consider competitive analysis on a global scale whether you are a small business or one that spans the globe.
Accelerating the Creation of the Industrial IoT Market
Whether it is the energy sector and the fact that globally there is little appetite for building new production capabilities powered by coal, natural gas, large dams, or nuclear, as well as little opportunity to locate such capabilities near the demands for energy and the interest of some in phasing the dirtiest of these out of our energy future, or the fact that while sources such as solar, wind, tidal, and other renewable energies are widely dispersed and fairly unpredictable in their production, they all motivate interest in research that can lead to improvement in efficiency, distributed and autonomous control, and load management to address the world’s continuing appetite for more energy. These trends are in turn motivating the instrumentation of energy consumers, both large and small, so the demand for energy can be “seen” by the power providers and so this near real-time insight into the demand for energy can be used to manage the balance between available power and requested power. This may occur through offering better rates for those who allow producers to control “smart” energy by turning devices off or “down” when demand outpaces the energy capacity or so they can proactively bring additional energy resources onto the grid to meet short-term swings in demand.
In the manufacturing and agriculture sectors we see national recapitalization efforts, like Germany’s “Plattform Industrie 4.0,” China’s “Made in China 2025,” Japan’s “Industrial Value Chain Initiative,” and India’s “Make in India,” working to change their economies by replacing manual labor with automation, increasing the efficiency of food and manufacturing capabilities, allowing for local production with the elimination of long-distance transportation-related costs, and allowing for total quality management of the supply chain flow of each sector. Within the agriculture area, the safety of food supplies is also motivating higher use of sensors and data tracking analytics to squash food-related health outbreaks at their sources.
A similar story seems to be occurring in the healthcare industry, where the need for increased efficiency motivated by increased demands for care and inelastic supply of those who can provide the workforce necessary to meet tomorrow’s needs come together with better connectivity in most regions of the globe and the move to human-centric computing with cell phones, tablets, and “aware” apps offering the ability to know more and more about patients and their lives. We, as a society, can use that insight to keep them healthier, diagnose problems earlier, and avoid medical costs more effectively while improving some aspects of our populace’s basic qualities of life.
The movement of more of the world’s population to urban settings is also prompting hard questions about city efficiency and effectiveness, driving a desire for the “smart city” and related topics—coupled with the urban environment’s need for energy, transportation, and healthcare improvements.
Separately, each area of our economy has benefited from improvements within particular market offerings or where particular IoT solutions have brought changes to a portion of the problems and challenges facing them. But in the same way that electrification started with multiple choices, so has the IoT market.
In 1879, a power station built in Dolgeville, New York, supplied alternating current (AC) power for industrial purposes. Three years later in 1882, Thomas Edison started supplying direct current (DC) electrical power to parts of New York City. The establishment of one approach to the United States power grid did not occur until 1938. In between there were a variety of approaches taken with respect to the type of current (AC or DC), the voltage, and the connectors used for powered devices.
If there are different approaches for products and services available, how does an enterprise, whether public or private, deal with the diversity of options and methods used in the market? Most large enterprises and collective segments of markets demand (and reward) integration and common approaches, with the value of consistency, interoperability, and ease of learning driving choices, either from a cost-avoidance or efficiency point of view. The same market forces that drove geographical uptake of single approaches for energy distribution collapsed the number of keyboard designs, power plug designs, and web browsers into a few, and will eventually drive the IoT market to consolidation. But do we need to wait for this to happen by itself, or can we collectively drive it to this end?
A Confluence of Interests
In 2013, several organizations from industry, academia, and government asked that question and decided that they would try to accelerate the maturation of a new IoT marketplace. Rather than trying to deal with all of the possibilities from consumer IoT, they chose to focus on the enterprise perspective and called themselves the Industrial Internet Consortium (IIC). Publicly launched in March 2014, the IIC now has over 250 members from 32 countries and has created foundational documents defining the marketplace of Industrial IoT (IIoT) systems, established over 25 testbeds to explore those concepts and ideas, and actively participates with over 30 standards development organizations, like SGIP, IEEE, ISO, OASIS, oneM2M, Trusted Computing Group, W3C, and the Open Group, through liaisons for joint work efforts, sharing insights, and producing publications.
Many stakeholders are involved when considering complex systems such as those expected of IIoT systems. These stakeholders have many intertwining concerns pertinent to the system of interest. Their concerns cover the full life cycle of the system, and their complexity calls for a framework to identify and classify the concerns into appropriate categories so that they can be evaluated and addressed systematically.
To address this need, the IIC has defined an architecture framework that describes the conventions, principles, and practices for the description of architectures established within a specific domain of application and/or community of stakeholders. This framework facilitates easier evaluation and systematic and effective resolution of stakeholder concerns and serves as a valuable resource to guide the development and documentation of, and the communication about, the Industrial Internet Reference Architecture (IIRA).
The IIRA utilizes standard conventions and common practices of architecting and provides a core ontology for the description of architectures. By taking the general concepts and constructs for architecting and applying them to the challenge of the IIoT, the IIRA provides a neutral approach that can be utilized by all types of IIoT systems to express their architecture and architecture framework, concerns, stakeholders, and viewpoints. Stakeholders typically consist of system engineers, product managers, and individuals who are involved in the specification of the IIoT system under consideration and represent the ultimate users, as well as any regulatory and compliance mandates that a system must fulfill, whether it be controlling access to financial systems, protecting credit card information, upholding privacy expectations, or protecting critical infrastructure.
The work on the IIRA, first published in June 2015 and subsequently updated, became the cornerstone of establishing these collaborations, with a wide variety of standards groups who are using the IIRA, along with the IIC’s other works, to provide context and perspectives about IIoT systems and allow them to identify where their standards efforts fit into that vision as well as how their work can support and expand upon it.
The IIRA along with the IIC’s work establishing a Security Framework (IISF), Connectivity Framework (IICF), Analytics Framework (IIAF), and Business Strategy and Innovation Framework (BSIF) are all freely available on the IIC’s website. Additionally, thought-provoking papers on the various topics being examined by the IIC and its members are published in the IIC’s peer-reviewed Journal of Innovation and other white papers as the IIC community establishes and captures the specifics of this new marketplace for IIoT systems.
Foundational Concepts for an IIoT Marketplace
By definition, IIoT systems connect and integrate different types of control systems and sensors with enterprise systems, business processes, analytics, and people. IIoT systems differ from traditional industrial control systems, often referred to as operational technologies (OTs), by being connected extensively to other systems and people, increasing the diversity and scale of the systems.
IIoT systems also differ from traditional information technology (IT) systems in that they use sensors and actuators in an industrial environment. These are typically systems that interact with the physical world where uncontrolled change can lead to hazardous conditions. This potential risk increases the importance of safety, reliability, privacy, and resiliency beyond the levels expected in many traditional IT environments. Such IIoT systems may also have data flows that include multiple intermediary organizations, requiring security approaches beyond simple methods such as link encryption. Having long lifetimes, IIoT systems include legacy installations and are regulated because human health and safety is at risk.
OT and IT worlds differ, leading to a need to integrate these cultures for IIoT systems. All of these differences have implications on how these systems need to be built and operated. Historically, trustworthy OT systems relied on physical separation and network isolation of vulnerable components, and on the obscurity of the design and access rules for critical control systems. Security was, and still is, enforced through physical locks, alarm systems, and in some cases armed guards. The potential for human error or misuse was primarily through direct access, and concerns focused on disrupting the safety and reliability of the system, with those risks mitigated by good design, analysis and reviews, thorough testing, and training. Designers and operators of OT systems rarely considered that these systems might one day be exposed to a global network, remotely accessible by many, from legitimate users to rogue nation-states.
Over the past few decades, increasingly affordable computing power, ubiquitous connectivity, and evolving data analytics techniques have opened the door to convergence of control systems, business systems, and the Internet. This convergence started small, initially being used for remote monitoring and management of systems, but quickly expanded to include mining and analyzing operations data for performance metrics to predict failures, optimize across fleets, and perform remote software upgrades. This convergence has increased productivity, efficiency, and performance of the existing operational processes and enabled the creation of new ways of leveraging operations data, thus delivering business value now and into the future.
But with these gains come risks. Systems that were originally designed to be isolated are now exposed to attacks of ever-increasing sophistication, and the design assumptions of existing OT systems no longer apply. A successful attack on an IIoT system has the potential to be as serious as the worst industrial accidents to date (e.g., Chernobyl and Bhopal), resulting in damage to the environment, injury, or loss of human life. There is also risk of secondary damage such as disclosure of sensitive data, interruption of operations, and destruction of systems. The results of attacks on IIoT systems may be widespread and comparable to large natural disasters, but stemming from malicious intent. This will result in damage to brand and reputation, material economic loss, and potential damage to critical infrastructure. With a geographically distributed IIoT system, care must be taken to ensure that disruption of an isolated system does not cascade to have global effects.
The use of sensors and actuators in an industrial environment is not the typical IT experience, nor are systems that span many organizations. IT and OT prioritize system characteristics differently. For example, resilience in IT is less important than in OT, and security is less important in OT than in IT. These characteristics interact with each other and can conflict. In IIoT systems, these characteristics must converge and be reconciled with each other into overall system trustworthiness, where trustworthiness is the degree of confidence one has that the system performs as expected in respect to all the key system characteristics in the face of environmental disruptions, human errors, system faults, and attacks.
The five characteristics that most affect the trustworthiness of an IIoT deployment are: safety, security, reliability, resilience, and privacy. Within the IIC work these are referred to as key system characteristics. Others, for example, being performant, economical, usable, maintainable, evolvable, composable, and scalable, may be important in general but are not considered “key” in respect to trustworthiness.
All of these characteristics are also emergent properties or behaviors of the IIoT system resulting from the properties of its various components and the nature of their interactions. Because IIoT systems are large-scale, heterogeneous, built with multivendor components, often broadly distributed, and continuously evolving, it is a challenge to define, measure, enforce, and maintain the system characteristics over time.
Desired key system characteristics and the aspects and degrees to which they are needed vary by system. They may be motivated by business context and values, mandated by regulations and contractual agreements, or simply commonly expected behaviors for a specific type of system. Note that some of these desired characteristics may be negated by unintended side effects of other unrelated system behaviors.
Trustworthiness and Grounds for Being Trusted
At the end of the day, the system owner/operator carries the responsibility for addressing the operational risk of the IIoT system. The trustworthiness of an IIoT system depends on the trustworthiness of all of its complex system elements, how they are integrated, and how they interact with each other. Any failures in the system trustworthiness, due to poor security, safety, reliability, resilience, or privacy, will directly affect the owner’s/operator’s business. Failing to gain the appropriate assurance about the key characteristics can threaten the existence of an owner/operator. History shows that most of the damage, lost revenue, litigation payments, and responsibility for serious injury or death were assigned to the owner/operator because its trust in the delivery was too high and the requirements were not well-enough specified to hold the deliverer responsible. Additionally, sometimes owners/operators do things with their systems that were never intended by the system builder, for example disassembling a system and reusing its components somewhere else. The owner/operator should always be aware of the constraints and supporting capabilities that fulfill the trustworthiness of a system.
Additionally, each IIoT system has a unique set of needs in order to be trustworthy. What it takes to be a trustworthy embedded medical device is different than what is required for a trustworthy hospital operating room or a trustworthy building management system, let alone a trustworthy smart grid or city or a trustworthy smart car or bus.
Each part of these systems has actors (designers, developers, manufacturers, operators, etc.) that execute the various roles in the creation, integration, testing, and usage of the hardware and software of an IIoT system. These roles cut across multiple organizations, each with its own interests and motivations, and it is only through evidence-supported assurance about the trustworthy characteristics of a particular IIoT system that we can have confidence in the trustworthiness of it in the intended operational situation. Trustworthiness cuts across the complete system life cycle, not only operation. It depends on the integrity of the chain of custody of each element of the system and its data. Everything from supply chain, commissioning, provisioning, regular usage, and end-of-life decommissioning must be carefully scoped, assessed, and monitored to ensure the initial designed trustworthiness is preserved throughout the life cycle of the system and as it transitions from organization to organization as requirements, designs, components, software, and subsystems to delivery, operations, sustainment, and beyond.
Parting Thoughts
The IIC and its work to establish a marketplace for Industrial IoT has progressed rapidly and is being adopted into the work of many standards activities and vendor efforts. But more importantly, it is changing the way large enterprises, cities, and nations look at the spread of connected, software-enabled devices and capabilities interacting with more and more aspects of daily lives and the products, services, and environments we live, work, and recreate within. Being able to trust these systems in an efficient and cost-balanced manner seems to be possible, and understanding what you and your organization should be doing to meet their obligations and expectations can be enhanced by engaging the IIC and its partners across the globe. u