By Guy Higgins
Recently, my reading has included Chaos, Making a New Science, a book by James Gleick, a Forbes article, A Smart Home is Where the Bot Is, and an Aviation Week article, Why Are Airlines Slow to Enter the Digital Age? At the same time, I “enjoyed” a couple of encounters with the digital world. In the oft-quoted words of Inigo Montoya, “Let me ‘splain. No, there is too much. Let me sum up.”
- Chaos – this book is an intriguing history of the “discovery” and exploration of both the mathematics and the physics of chaos in academia and in the real world. The scientific chaos that Mr. Gleick explores is not the frantic Christmas morning of tearing paper, flying ribbons and broken toys, but rather the world of the non-linear, non-deterministic universe of behaviors that are characteristic of our experience – the weather, river flow, mutually interacting bodies in a gravitational relationship. This chaotic behavior is not “solvable” in any high-school algebra sense, but it is understandable – at least it’s understandable in convergent or bounded cases – there are many unbounded cases where solutions explode to infinity. Chaos exists in two situations: at the boundaries between multiple solutions to a problem and during transitions from one stable state to another. I think that this is important, and I’ll come back to it.
- Airlines – this article bemoans the slow pace at which airlines (and the aerospace industry in general) is adopting Internet-of-things (IoT) technologies. IoT technologies, the article boldly asserts, can improve operations, reduce costs and generally make the industry more profitable.
- Smart homes – this article waxes enthusiastic over all the good things that “bots” – both those with and those without artificial intelligence – will provide to make life much easier and more enjoyable in the next ten years!
- Being a proud owner of an iPhone 6S, I have been asking Siri to dial phone numbers for me. This is frequently, but not always, faster than going into my contacts list and “dialing” (how many people actually remember dialing a phone number?) the number myself. I also have a small Bluetooth speaker to which I connect my iPhone. If I ask Siri to call someone while I am connected to that (but not another) Bluetooth speaker, my phone company can’t connect the call. If I’m not connected to the Bluetooth speaker, it works. This is a problem because somewhere, buried in some implementation approach deep inside either the speaker or the iPhone is a line of code (or more likely a single bit) that creates an interface issue which, in turn, screws up the phone company’s connection software. This is a problem – but it is not a rarity. In fact, perfect interconnectivity between or among devices, even those from the same company, is almost non-existent.
- I just upgraded the operating system on my wife’s iMac to Sierra (OS 10.12.3). In general, upgrading software on an Apple device is pretty straightforward and painless. For whatever reason, the Sierra “install” process hung up. That led to the first call to Applecare. We fixed that. The next day, my wife discovered that her Contacts file was empty. Second call to Applecare. The first thing that the Applecare tech wanted to do was recover from Time Machine only to discover that we had also lost all the backups done before the upgrade to Sierra. The tech (actually, at this point a senior tech) recommended that we initiate a new Time Machine backup – okay that takes hours. After the backup, I made Applecare call number three, and we got my wife’s contacts back. We then proceeded to take advantage of our discussion with (another) senior Applecare tech to learn that several “things” in Sierra (things that my wife didn’t like) were “features – not bugs.” Sigh…
Now, don’t get me wrong, I like the Internet (as is evidenced by all the cool links that I inserted in my opening paragraph). I think that the IoT has a great deal of promise, and I would take advantage of it in lots of ways. That said, there is no coin that has only one side. There is another side to the IoT, and that’s where chaos and my recent digital experiences enter the picture.
As I noted in my “summin’ up” of Chaos (the book, not the science), chaotic/unpredictable behavior arises at the boundaries between two possible solutions (or outcomes) and/or in a transition from one stable state to another. As we connect more and more devices to the Internet, we create more and more boundaries – boundaries at which the device/system can behave in more than one way. The intent of the software coders, engineers, architects and companies is control this behavior by establishing and adhering to standards. That certainly solves many, perhaps most, problems, but it patently does not solve all of them (see my inability to have Siri [first subsystem] initiate a call from my iPhone [second subsystem, first interface/boundary] through my phone company [third subsystem, second interface/boundary] when my phone is connected to my Bluetooth speaker [fourth subsystem, third interface/boundary]). The more devices (from more and different providers), the more connections there are, and the more boundaries exist at which chaos can wreak its havoc, randomly following a solution path unintended or even un-conceived by the software company/architect/engineer/coder.
That is the second side of the coin – the bad stuff that can and will happen with an IoT. Unfortunately, the IoT coin has a third side – the bad stuff that is caused by bad people. Cyber crime has been increasing since people figured out that they could profit from doing bad stuff via the Internet, and the cyber-security industry expects that trend to continue and even accelerate.
Security is affected by the security approach implemented by each device in any organization’s IoT system as well as by the overall security architecture of that system. Just as the implementation of interface standards cannot solve all possible problems at the interfaces of an IoT system, security standards cannot solve all possible security problems. Different implementation approaches used by different system architects, engineers and coders can, and will, create vulnerabilities. Each organization, together with its vendors, has a limited number of people it can devote to monitoring and enhancing its IoT security. There are far more cyber criminals attacking organizations than any organization can deploy to defeat those attacks. Certainly, the cyber criminals are uncoordinated and there is enormous duplication of “effort’ by those bad guys – but, even so, they have the advantage of numbers. Further, the attackers need to succeed only once while the defense must succeed every time. Security is a major issue, and one that is still receiving attention in a fragmented manner by each provider of the various IoT devices, systems and software.
Does this mean that organizations should not take advantage of the potential of the IoT? Of course not. It does mean that organizational leadership needs to understand what can go wrong and establish and support:
- A system architect to ensure that the overall organizational IoT has an architecture that reduces vulnerabilities to both chaos and cyber crime
- A procurement system that adheres to the IoT architecture
- A cyber-security effort (people, tools, processes and education) to actively protect the organization from cyber attacks
- An educational effort to ensure that the people of the organization understand that things can and will go wrong and to remain alert for those cases when it does
- A program with detailed plans of what to do when things do go wrong
The legendary Ohio State football coach, Woody Hayes, in answering a question about why his teams passed the football so infrequently, famously observed, “There are only four things that can happen when you pass the ball – and three of them are bad.” While Woody was certainly right, that hasn’t stopped teams from throwing the football, and the bad things that can happen with the IoT should not stop us from pursuing and adopting it. We just need to ensure that our glasses aren’t just rose-colored.