SANS Industrial Control Systems Security Blog

The Rise of the Things #2

Derek_WebThe Things at work

After my October "The Rise of the Things" blog post, I found myself engaged in some discussion surrounding more examples (real or theoretical) of "things." There is no doubt it is getting tougher to differentiate as there is no universally agreed-upon bright line of division between categories like Internet of Things (IoT) and the Industrial Internet of Things (IIoT). There are examples that are clearly one or the other, but the underlying technologies are often similar, sometimes even using the same pieces of hardware or code.

The grey area becomes even less clear when we consider the devices performing their primary activity (communicating information) across the theoretical divide. For example, your mobile device is part of the IoT and your office building's automation system (BAS) is part of the IIoT, but when your phone notifies the BAS of your arrival and the latter modifies lighting and HVAC in response, haven't the technologies become extensions of each other?

With these considerations in mind, here are a few examples of "things" we may see being used. It's clearly not an exhaustive list and I would welcome you to contribute more, or disagree with these, in the comments.

What is the Internet of Things at work?

It could be your toothbrush analyzing your use of it and communicating with your dentist's office and developing modifications to your brushing plan. It's your smartphone turning on the coffee maker and increasing the temperature setting on your water heater before it wakes you in the morning, and turning that setting back down as you leave the house.

It's your refrigerator keeping track of its contents using RFID technology and notifying your phone when you run low on any important items. It's that same fridge monitoring the expiration dates on perishable goods it holds and warning you if your eggs or milk are reaching their use-by dates, or displaying a list of ingredients on hand for the recipe you just looked up online.

It's your car notifying your house as you head home from work and your house adjusting the thermostat, then opening your garage door and turning on lights as you get closer. It's that same car monitoring your progress homeward, measuring against your normal commute, and messaging your housemates of your expected arrival time.


What is the Industrial Internet of Things at work?

It could be the smart concrete in the bridge you cross on your daily commute informing your car as it approaches that ice has formed, and your car adjusting your speed and tire pressure to reduce the risk of losing control. It's that same smart bridge signaling for another pass of the salt truck to help melt that ice.

It's your town's mass transit system analyzing department of transportation road work plans and increasing the number of trains running to handle more commuters. It's the traffic lights in your town monitoring traffic and adjusting light schedules based on flow data rather than being on set schedules. It's that same system of lights modifying periodicity on the fly to minimize busses stopped at intersections.

It's an electric generation plant analyzing energy market data, generation reliability reports and weather forecasts, and modifying its output targets for that period. It's that plant automatically notifying its suppliers of changes in its fuel supply orders. It's the turbines in that plant reporting their utilization rates to their manufacturers, who monitor that data to optimize equipment performance and watch for indications of wear.

It's a hospital predicting when beds will become available by analyzing data feeds from sensors in those beds. It's that same hospital monitoring traffic data and police reports for indications of a possible rush of incoming emergency patients, communicating with other health facilities to manage patient influxes, and calling in additional staff when influxes arise without warning.

Bio: Derek Harp

Derek Harp is currently the Director for ICS Global Programs at SANS and the GICSP Steering Committee Chair. He is responsible for organizing events, resources and initiatives that educate and enable increased collaboration within the entire ICS security community. Mr. Harp has served as a founder, CEO, or advisor of early-stage companies for the last 16 years with a focus on cybersecurity. Derek is also a co-founder and a board member of NexDefense, Inc., a company focused on the security technology needs of ICS asset owners. Previously, he was the CEO and co-founder of LogiKeep, Inc., where he was the co-inventor of Intellishield, a pioneer IT security product which was subsequently acquired. Mr. Harp is a former U.S. Navy Officer with experience in combat information management, communications security, and intelligence.


Posted November 16, 2015 at 5:03 PM | Permalink | Reply

John Beadle

This is what I wanted to comment on Fred Gordy's LinkedIN share but could not get it through;I liked his differentiation between the Industrial and regular IoT. I also agree that there is convergence, or what Derek Harp referred as the theoretical divide, happening between the two. I think the value chain is expanded with such convergence. An example is using the hospital bed scenario. A patient is scheduled for surgery and because of a previous trended profile, the hospital can identify needs such as room temperature, humidity, and lighting. If the hospital uses any JIT software then predictions on medication and other consumables can be sent to warehouse and even manufacturing. Soon, if not now, the hospital will be able to bill the patient with energy and other materials even before arrival. Thank you Fred Gordy for sharing and of course thanks to the author Derek Harp