Q&A interview: embrace IoT and unleash new capabilities

IoT isn’t just about automating existing manual processes, it is about enabling whole new value streams and capabilities, says Alex Tarter, chief cyber consultant for Thales in the UK

new capabilities
© Thales

IoT can be seen as a technology for large companies with big shop floors, lots of sensor-laden equipment and a commercial/operational requirement to be more connected to their supply chain.

For the larger enterprise, it makes sense to build a business case for IoT based on the automation/streamlining of processes to decrease operational costs or improve organisational efficiency. Access to – and the exploitation of – huge amounts of data generated by these enterprises is a significant bonus.

Various reports suggest, however, that SME manufacturers lack confidence in data security and internet speeds. Others would like access to turnkey IoT systems, and for those systems to be standardised.

Regardless of their size, all enterprises want to increase efficiency, lower bottom-line costs and maximise profits but significant stumbling blocks are preventing the uptake of IoT solutions to engender these aims.

To address these concerns, Alex Tarter, chief cyber consultant for Thales in the UK, explains why IoT is relevant to manufacturers regardless of their size.

Have IoT solutions been overhyped? Why should a manufacturing SME adopt even the most basic of solutions (for example, to monitor and report on the condition of machinery) when the manual way has worked reliably for years?

The benefits of IoT I don’t believe have been overhyped – but I do agree that the ease of their implementation and the cost of obtaining those benefits have been. Many turnkey solutions are not as turnkey as vendors would like you to believe, or are not easily configurable/tailorable enough to meet the needs of the business.

We provide trust in the technology

That being said – businesses that view IoT as just a replacement for existing manual processes are missing out. Digital transformation is not just about making existing processes more efficient it is also about enabling whole new value streams and capabilities. Some activities were previously never possible manually, that can now be achieved digitally quite easily. Using IoT to assist with Health & Usage Monitoring (HUMS) for instance, isn’t just about enabling predictive maintenance and fault finding, but also in understanding how the operators interact with the machines. This can uncover the more common human error states and end up improving operational performance.

new capabilities
Thales Systems – Data Centre (© Thales)

Many IoT deployments are centred around the use of cloud infrastructures to collect, process and analyse the data the sensors produce. The benefit of this method is that once you have the information in the cloud you can quickly and easily test new analysis techniques or hypotheses. Building, deploying and executing software in the cloud is much cheaper and faster than it has been previously within on-premises solutions.

The downside of all of this capability is that if you move quickly there’s a chance you could make a mistake or leave yourself open to attack. After all, a cyber vulnerability is essentially just a means by which someone malicious can operate your system in a way that it wasn’t intended. The quicker you move and deploy solutions do to a specific task, the more chance there is that your solution could be operated in more ways than you anticipated and the result of those operations could have negative consequences for your business.

The benefits of IoT are amazing and should be encouraged, but those who deploy them need to also consider how the business is relying on them. Implementing a solution that the business ends up increasingly relying upon without considering the impact to the business should have solution break or become compromised will inevitably lead to fragile and risky business operations.

In what ways will the demands of larger manufacturers accelerate the uptake of IoT in the supply chain?

There is the danger that larger manufacturers have the capital to deploy and test IoT solutions, which will enable them to achieve both increased efficiencies and new value streams which will assist them in becoming larger and more profitable. So I believe that larger manufacturers will accelerate the uptake of IoT, if only because the increased value they will obtain will put them at an increased competitive advantage that others will have to adopt.

There are still a lot of use cases and value streams from IoT that have yet to be uncovered. As larger manufacturers deploy IoT these use-cases will become more concrete and drive further adoption.

Thales offers multiple levels of security for IoT devices and data. How are efforts like yours – and others – helping to create an environment in which customers have faith in data security?

For IoT to work you need to clearly know the provenance, authenticity and integrity of the data being produced and the results that are generated. You need to have confidence that the information you’re basing your business decisions on, is from a known source and hasn’t been tampered with. Through our long heritage in encryption we can imbue IoT solutions with the cryptographic protocols and tools necessary to achieve this, but it all comes down to device identity. If you can definitively give each device a unique and trusted identity then trust protocols can be deployed to achieve everything else. This is why Thales has focused so strongly on solving what we call the ‘warranted identity’ problem for all devices. This is something we’ve done for the defence and government agencies around the world, and we’re now bringing to critical infrastructure and IoT.

new capabilities
© Thales

We have a complete range of digital trust solutions that our customers deploy in various ways in order to give them trust in the technology they deploy, the data being produced, and the business insights those systems generate. We provide trust in the technology that the business can then leverage into valued capabilities.

Data breaches don’t have to take place on the shop floor. Wireless devices in a meeting room could be seen as an entry point into an SME’s IT system. Given the sharp increase in wireless devices, what conversations should be taking place to ensure that SMEs are equipped with a competent level of IT literacy?

All technologies can provide both benefits and potential vulnerabilities to a business’s operations. As I mentioned before, cyber vulnerabilities are really just the ability to use a system in an undesirable or unanticipated manner. To this end, wireless is no different to wired networks. A wireless access point in a meeting room could be a vulnerability in the same was as an exposed Ethernet port – it is how access is granted to those networks that matters more.

There is a well-known aphorism that ‘cyber security is just risk management’ which to some extent is true. Security is just the process by which we ensure our systems can only be operated in the way that we intend. We constrain undesired functionality in order to have known and authorised operations. As long as you correctly identify all of the risks (or failure modes) and you either successfully mitigate or accept those failure modes then you’ve achieved the required level of security. Unfortunately we’re still not universally great at risk identification. This is why Thales has spent a lot of time and effort to develop a wide range of risk identification methods (a toolbox if you will) to enable businesses to have a more comprehensive view of the different ways in which a cyber solution can both work for and against them when deployed. We need to encourage conversations around legitimate risks that occur in the real-world rather than just compare technologies.