By Matt Migliore
I was among the masses in attendance at GE’s annual Minds + Machines conference last week in San Francisco. The event, now in its fourth year, was formed to prophesize the role of digital technology in industrial applications. During my three days at the conference, it was clear that the industrial digital movement is starting to snowball — not only from GE’s perspective, but also from the perspectives of the end-users who presented at the show.
"This is not a conference on the Internet of Things, this is a conference on the Internet of really important things," said Bill Ruh, GE Digital’s Chief Digital Officer, during his opening session presentation at the conference.
GE CEO Jeff Immelt said GE’s customers have already realized $1 billion in productivity savings through industrial Internet-based solutions. “My belief is [the industrial Internet] will be twice the value of the consumer Internet, mainly because people can see the productivity benefits,” said Immelt. “The only way to get from 1 percent productivity as an industrial company to 4 percent productivity is going to be the [industrial Interent] and analytics.”
Industrial Internet of Things
GE’s take on what it calls the "Industrial Internet" movement is rooted in its cloud-based operating system Predix. The foundation for all of GE’s industrial Internet applications, Predix aims to bring together device connectivity, data integration and management, data analytics, cloud, and mobility — all in a way that works seamlessly together and intuitively to drive asset optimization in industrial environments.
Sounds great, right? Yes, but as is the case in most conversations that involve connectivity and cloud-based solutions in industrial scenarios, cybersecurity is a key consideration. And so it was at GE Minds + Machines 2015, with cybersecurity running a close second to industrial data analytics as a topic of discussion.
Based on the talking points at this conference and others before it, cybersecurity will be a key enabler (or disabler) in the evolution of what has been dubbed the Industrial Internet of Things (IIoT). While the supplier community has been touting the benefits of IIoT for several years, uptake on the end-user side remains a bit of a work in progress.
A live poll during one of the sessions I sat in on at Minds + Machines asked attendees where they stand in terms of IIoT planning. Of the folks who participated in the poll, 50 percent said they have an "informal strategy," while none said they have a "formal strategy" in place. According to the presentation, common obstacles cited for IIoT implementation include:
- We don’t have budget for software and integration costs.
- We can’t rip & replace existing technology/devices.
- We don’t have the resources to deploy an IIoT solution.
- There are skills gaps in our workforce.
- We need to sell our end-users first.
- Our end-users will never allow us to connect their machines.
- We’re uncomfortable with "the cloud."
- Leadership/managerial support for IIotT is weak or non-existent.
The Industrial Cybersecurity Perspective
Industrial organizations are traditionally slow to adopt new technology, and that trend figures to ring particularly true with cloud-based connectivity solutions, where cybersecurity is an issue. However, suppliers like GE are working hard to quell any concerns end-users might have about IIoT and the cybersecurity threat.
“IoT is really just an IP device that connects to a control system or some other connected device,” said Jim Guinn, global natural resources cybersecurity leader, for Accenture, during his presentation at Minds + Machines. According to Guinn, traditional assets in an industrial plant represent a unique challenge when it comes to connectivity, as they were built for uptime before failure, not cybersecurity. As such, connecting these devices to the network can present system vulnerabilities.
In a modern day industrial facility, Guinn said there are four primary threats an organization must be concerned about: 1. Internal (either mistaken or intentional); Hacktivists (contract for hire attackers); Organized Criminals; and Nation States. If you have connected devices in your facility, Guinn said you’ve likely had malware, a virus, or an infection of some sort, even if you were unaware of it. As such, he said end-users really need to get comfortable with cybersecurity and act in a proactive manner to develop systems for detecting and preventing cyber threats, which he said are inevitable in a world that is digital by design.
During a roundtable discussion on cybersecurity, Tyler Williams, manager of Industrial Cyber Security for Royal Dutch Shell, said his key lesson learned in trying to implement industrial cybersecurity is the importance of fundamentals. “Do the basics, and do them right, and then redo them, and redo them again, and get that right,” said Williams. “Then you can think about emerging technology and the future threats.”
The roundtable, which featured featured speakers from Verizon, Intel, and Shell, provided the following key takeaways for industrial cybersecurity:
- Verizon: “We as security teams have to recommit ourselves to learn the new technology. Partner with the development and product teams to learn the technologies. And vice versa, they need to understand the security as well as we understand the security.”
- Intel: “Having a very holistic view in terms of what gets addressed from a security perspective and thinking about the whole lifecycle of the product to ensure you provide security throughout the life of the product.”
- Shell: “Simplify what you’re trying to accomplish from a security perspective, adequately fund it, and focus on the fundamentals of what you’re trying to accomplish, and get that right.”
For its part, GE said end-users should start viewing cybersecurity as an enabling technology, as modern connectivity solutions are being designed from the ground up with cybersecurity at the forefront. And with a cloud-based platform like Predix, there are so many subject matter experts focused on securing the platform on an ongoing basis, GE believes it is by its very nature a more secure solution than any system an organization could deploy internally.
“Security is not bad,” said Russ Dietz, GE Digital’s Chief Security Officer, during a presentation at Minds + Machines. “It can help you get the values and outcomes you want to see. If you don’t take security seriously, none of your customers will let you go very far.”
Watch keynotes and presentations from GE Minds + Machines 2015:
Matt Migliore is director of content for Flow Control magazine and FlowControlNetwork.com. He has covered technology and industry for 15 years. He can be reached at 610 828-1711 or [email protected].
