does-your-iot-device-pass-the-ul-test?

Consumers are quickly losing trust in the IoT due to numerous security breaches from relatively simple attacks. Examples abound, such as smart LED light bulbs that leaked Wi-Fi passwords, or an Internet-connected thermometer in a Casino lobby aquarium that enabled hackers to access its network and extract sensitive client information. The list of easily hackable IoT devices goes on to include everything from IoT sex toys and medical devices to smart phone enabled locks, rooftop weathervanes, and more.

All of these breaches were made possible by rather fundamental security mistakes. In addition to seriously affecting customer willingness to trust IoT technology, these hacks have tarnished company brand value, sales and revenues. With so many inconsistently secured devices, it is easy to see why the IoT is leading to a new category of cybercrime.

Manufactures have found little guidance from professional or national organizations for acceptable security practices for the sensors, devices, mobile phones, gateways and servers that make up the IoT. True, NIST recently issued a Core Cybersecurity Feature Baseline for Securable IoT Devices (Draft NISTIR 8259), which provides voluntary guidance intended to help promote the best available practices for mitigating risks to IoT security. It complements NIST’s Considerations for Managing Internet of Things Cybersecurity and Privacy Risks (NISTIR 8228), which primarily addresses large organizations that have more resources to dedicate to IoT cybersecurity.

But the NIST guidelines are intended for corporate enterprises and government agencies, not IoT manufactures and vendors. Without consistent rules and ways to gauge compliance for cybersecurity protection, manufactures are left to their own approaches and consumers are left in confusion when comparing security features between competing vendors.

This is the problem that UL, a global safety testing lab, is trying to address with its recently released IoT Security Rating Certificates. This rating will help manufacturers demonstrate their proven adherence to cybersecurity best practices. For consumers, this will give an easy to understand rating level listed on product labels, similar to existing ones that certify safety compliance for household electrical cables.

Further, the IoT Security Rating will be essential for manufactures to comply with upcoming regulations. Legislation in California (Senate Bill 327) and Oregon (House Bill 2395) will hold U.S. manufacturers responsible for adding “reasonable security features” in devices or physical objects that are able to connect to the internet directly or indirectly. Both bills become effective Jan. 1, 2020.

5 Priorities

A UL “IOT Security – Top 20 Design Principles” whitepaper describes critical principals that can be taken to increase the security of connected systems. The first five of these principals – or steps – are perhaps the most important:

  1. Provide a manual override for any safety-critical operations.
  2. Ensure parameters which could compromise the system (secret or private cryptographic keys, passwords, etc.) are unique per device.
  3. Test the system to be sure it is free of known, exploitable vulnerabilities prior to release.
  4. Allow for software updates and ensure they are cryptographically authenticated prior to installation and execution. Implement anti-rollback features to prevent the installation of previous vulnerable versions of firmware.
  5. Use industry standard security protocols with best practice defaults for any remote or wireless connections and authentication of connections to management services.

Applying these steps, as well as the other 15 listed in the UL whitepaper, will improve a company’s security rating. The actual compliance testing is done through independent security testers from partners such as UL, Brightsight, CAICT, Riscure and others.

The actual ratings are based on a Platform Security Architecture (PSA) framework established by hardware processor giant Arm and the above-mentioned test labs. The PSA framework is comprised of two elements: a multi-level security robustness scheme and a developer focused API test suite. The security testing is based on third-party lab-based evaluation that is intended to build trust through independent checking of the generic parts of an IoT platform including: PSA Root of Trust (the Root of Trust is the source of integrity and confidentiality), the real-time operating system (RTOS) and the device itself, according to ARM. There are three progressive levels of security certification.

Image Source: ARM

IEEE (Non-manufacturing) IoT Standards

The Arm-UL IOT Security Rating framework is intended as a guideline for manufacturers and vendors of IoT devices. If you are an Electronic Engineers actually designing IoT systems, then you’ll want to check out the latest IEEE standards that address the technical “vibrancy” of IoT systems:

  • Architectural framework: The focus of IEEE P2413 is to develop a standard for the architectural framework for the Internet of Things, which includes descriptions of various IoT domains, definitions of IoT domain abstractions, and identification of commonalities between different IoT domains. The architectural framework defined in this standard will promote cross-domain interaction, aid system interoperability and functional compatibility.
  • Harmonization and security of IoT: The IEEE 1451-99 is focused on developing a standard for harmonization of Internet of Things (IoT) devices and systems. This standard defines a method for data sharing, interoperability, and security of messages over a network, where sensors, actuators and other devices can interoperate, regardless of underlying communication technology.
  • Sensor Performance and Quality: Sensors are fundamental to IoT ecosystem with large volume of different sensors integrated into a complex framework. IEEE 2700 proposes a common framework for sensor performance specification terminology, units, conditions and limits is provided. IEEE P2510 defines quality measures, controls, parameters and definitions for sensor data related to Internet of Things (IoT) implementations.

The new UL offered IoT Security Rating will provide evidence that manufacturers meets standard best practices for IoT security, an important measure that supports upcoming security legislation. Further, this UL rating system should help consumers re-establish trust that their IoT devices meet a minimum of security robustness.

John Blyler is a Design News senior editor, covering the electronics and advanced manufacturing spaces. With a BS in Engineering Physics and an MS in Electrical Engineering, he has years of hardware-software-network systems experience as an editor and engineer within the advanced manufacturing, IoT and semiconductor industries. John has co-authored books related to system engineering and electronics for IEEE, Wiley, and Elsevier.

10-automotive-startups-to-watch-in-2020

Predicting human movement, five-minute EV charging, and enhanced sensing all all a part of this latest crop of automotive startups reshaping the industry.

  • While the timeline for deploying fully autonomous vehicles keeps getting readjusted, that hasn’t slowed growth in the automotive startup ecosystem. While companies are still working toward the goal of level 5 autonomy many others are tackling challenges around electric vehicles, cybersecurity, processor hardware, and other pain points in the automotive industry.

    Meet 10 of the newest automotive startups who are already having an impact on the auto industry that are likely to continue there momentum well into 2020 and beyond.

  • Acerta

    Canadian startup Acerta’s mission is to provide automotive OEMs and Tier 1 suppliers with data-driven insights to improve product quality at every stage of the design and manufacturing lifecycle. The company’s Acerta Cortex is a data solution specifically designed for the automotive industry.

    Cortex transforms any existing storage structure into a smart data hub that allows for a wide range of machine learning solutions to be implemented in a single framework. The company says, Cortex “ eliminates data silos, increases data discoverability, and reduces data management overhead” without the need for labor intensive data engineering.

    (Image source: Acerta)

  • Chanje

    California-based Chanje is a new addition to the electric trucking space. The company manufactures vehicles dedicated to the “last mile” of delivery – where packages and goods go from the distribution center to their final destination.

    Chanje’s V8100 (shown above) is a fully-electric, medium-duty, panel van with a 150-mile-per-charge range and 675 cubic feet of storage, capable of carrying up to a 6,000-lb payload.

    (Image source: Chanje)

  • GBatteries

    Canada’s GBatteries is working on major obstacle for electric vehicles – charging times. Gas engine vehicles are way less green, but it certainly doesn’t take hours to fill your gas tank.

    GBatteries is using a combination of software and hardware to drastically reduce vehicle charging times down to as fast as five minutes. Using hardware, along with AI that generates complex charging pulse profiles based on real-time monitoring and analysis of a battery’s internal state, GBatteries is developing a means of charging off-the-shelf lithium-ion batteries as quickly as filling up a tank of gas.

    (Image source: GBatteries)

  • GuardKnox

    Israel has become notorious for producing companies with a novel approach to cybersecurity, and GuardKnox is no exception. The automotive cybersecurity company has taken technology used to secure Israeli fighter jets and ported it over to automotive. GuardKnox produces an electronic control unit (ECU) it calls the Secure Network Orchestrator (SNO) that protects each layer of a vehicle, from its keyless entry to infotainment system, and more, from cyberattacks. GuardKnox says its SNO can be implemented by OEMS, Tier 1’s, and even in the aftermarket.

    (Image source: GuardKnox)

  • Humanising Autonomy

    The challenge with pedestrians is they don’t ever behave the way you want or expect. UK and Detroit-based startup, Humanising Autonomy is leveraging AI to go one step beyond detecting pedestrians to actually predicting their behavior. The company says it has trained AI

    to make culture and context specific predictions. Someday autonomous cars will not just recognize pedestrians at a crosswalk, but also anticipate whether they may dart out into the street unexpectedly or aren’t paying attention to traffic.

    Humanising Autonomy was the winner of the Automobility LA’s 2019 Top Ten Automotive Startups Competition

    (Image source: Humanising Autonomy)

  • Silicon Mobility

    Silicon Mobility is a French startup that creates semiconductors targeted at the automotive industry – specifically for energy efficiency and reducing emissions. The company’s OLEA field programmable control unit (FPCU) is designed for next-generation electric and hybrid electric vehicles. Combined with the company’s own software stack, Silicon Mobility’s FPCU’s can control vehicle’s motors, battery charging, and power conversion systems. The company says its products can help auto manufacturers increase the range of electric vehicles and also reduce pollutant emissions of hybrids.

    (Image source: Silicon Mobility)

  • StreetScooter

    Given it’s name you might think that StreetScooter was out to compete with the likes of Bird and Lime. In reality the German startup produces electric delivery vehicles ranging from vans to small trucks for various commercial and municipal applications. The company’s Work L truck (shown) features a 43 KwH lithium-ion battery and a 68 kW motor capable of up to 92 horsepower. The truck’s box can also be customized and configured depending on its type of cargo. The company says it currently has more than 12,000 vehicles in daily use throughout Germany.

    (Image source: StreetScooter)

  • TriEye

    Israeli startup TriEye is a semiconductor company tackling the challenge of low visibility for autonomous vehicles and ADAS. The company’s Raven camera is a CMOS sensor based, shortwave infrared (SWIR) camera that can capture HD images under all weather and lighting conditions while still remaining cost effective. TriEye says its camera technology is algorithm agnostic and can be implemented into exists ADAS and autonomous vehicle architectures.

    (Image source: TriEye)

  • TuSimple

    San Diego-based TuSimple has had a very big year. In 2019 both the USPS and UPS signed on to conduct pilot programs using the company’s technology. TuSimple uses a combination of cameras and computer vision to convert long-haul trucks into level 4 autonomous vehicles. If the company’s momentum continues through 2020 it’s trucks could find their way into a variety of industries.

    (Image source: TuSimple)

  • Wunder Mobility

    Germany-based Wunder Mobility is all about mobility software. The company produces app-based platforms that help businesses and cities build and scale their mobility services. Essentially, rather than having to create a mobility platform from scratch, a vehicle maker can use Wunder Mobility’s app to create their own custom solution. Think of it as an app builder or template – but for automotive fleets, e-scooters, bikes, or other vehicles. The company says its platform is deployed in more than 100 cities across five continents.

    (Image source: Wunder Mobility)

Chris Wiltz is a Senior Editor at   Design News  covering emerging technologies including AI, VR/AR, blockchain, and robotics.

what-are-beckstrom’s-laws-of-cyber-security?

The Internet of Things (IoT) has many defining characteristics, such as tiny, cheap and low power sensors, embedded computers, and connectivity. But one characteristic will rule them all, namely, security. In the very near future, the IoT will probably not exist if it isn’t secure.

Beckstrom’s Laws of Cyber Security sums it up nicely:

  1. Everything that is connected to the Internet can be hacked
  2. Everything is being connected to the Internet
  3. Everything else follows from the first two laws.

Perhaps this should be called a corollary to Beckstrom’s law, as it provides a short proof to the existing law. Originally, Beckstrom’s law (or theorem) was formulated to determine the real valuable or a given network. Postulated by Rod Beckstrom, former director of the National Cybersecurity Center, the law states that, the value of a network, “equals the net value added to each user’s transactions conducted through that network, summed over all the users.”

Image Source: Beckstrom.com

According to Beckstrom, his law can be used to value any network be it social networks, computer networks, and even the Internet as a whole. In his model, the values of the network are determined by looking at all of the transactions conducted and the value added by each transaction.

To determine the value of a network, Becktrom used an economic point-of-view which considers what the additional transactions cost or loss would be if the existing network was turned off. For example, if a goods delivery service is shut down, then customers will go without those goods or obtain them in a different manner (i.e. driving to the store).

This focus on transactions is what distinguishes Beckstrom’s Law from its more famous cousin, Metcalfe’s Law. For Metcalfe, the value of a network was based purely on the size of the network, specifically the number of nodes. Conversely, Beckstrom’s Law focused on transactions, which makes it more applicable to current experiences on the Internet. This means that Metcalfe’s Law doesn’t account for a decreasing value of the network from an increase number of users or hackers who steal value.

Focusing on transactions makes Beckstrom’s Law of immediate value to the cyber security industry, i.e., the number of desired transactions versus the number of undesired transactions. To illustrate this point, consider a simplified equation:

V = B – C’ – SI – L

Where:

V = value of the network

B = benefit of the network

C = remaining costs outside of the security investments and losses

SI = security investment that a company or person spends to avoid losses

L = actual losses due to poor security.

With this equation, cyber security professionals can prioritize their efforts by focusing to minimize the costs of computer security, “SI” and “L”. Conversely, law enforcement can focus on raising the security costs of the bad actors and hackers.

Regardless of your point of view, the costs of cyber-attacks are staggering. Indeed, one is tempted to ask what hasn’t been hacked? Here are but a few example of seriously hacked networks:

1. IOT Botnet Devices Hack

Back in October of 2016, the largest DDoS attack ever was launched on service provider Dyn using an IoT botnet, i.e., a string of connected computer nodes coordinated together to perform a task. Unfortunately, the IoT botnet was easily infected by a malware called Mirai. Once infected, connected computers continually search the internet for vulnerable IoT devices (e.g., digital cameras, DVD players, etc) and then use known default usernames and passwords to login, infecting them with malware. This attack led to huge portions of the internet going down, including Twitter, the Guardian, Netflix, Reddit, and CNN.

2. The Hackable Cardiac Devices from St. Jude

Early this year, CNN wrote, “The FDA confirmed that St. Jude Medical’s implantable cardiac devices have vulnerabilities that could allow a hacker to access a device. Once in, they could deplete the battery or administer incorrect pacing or shocks, the FDA said. The article continued to say, “The vulnerability occurred in the transmitter that reads the device’s data and remotely shares it with physicians. The FDA said hackers could control a device by accessing its transmitter.”

3. The Jeep Hack

The IBM SecurityIntelligence website reported the Jeep hack a few years ago, saying, “It was just one, but it was enough. In July [2015], a team of researchers was able to take total control of a Jeep SUV using the vehicle’s CAN bus.

By exploiting a firmware update vulnerability, they hijacked the vehicle over a cellular network and discovered they could make the vehicle speed up or down and even veer off the road

In conclusion, the IoT has ushered in a need for even more robust network security. Beckman’s Law will help cyber security managers and law enforcements prioritize their efforts by focusing on the value of transactions.

what-is-beckstrom’s-laws-of-cyber-security?

The Internet of Things (IoT) has many defining characteristics, such as tiny, cheap and low power sensors, embedded computers, and connectivity. But one characteristic will rule them all, namely, security. In the very near future, the IoT will probably not exist if it isn’t secure.

Beckstrom’s Laws of Cyber Security sums it up nicely:

  1. Everything that is connected to the Internet can be hacked
  2. Everything is being connected to the Internet
  3. Everything else follows from the first two laws.

Perhaps this should be called a corollary to Beckstrom’s law, as it provides a short proof to the existing law. Originally, Beckstrom’s law (or theorem) was formulated to determine the real valuable or a given network. Postulated by Rod Beckstrom, former director of the National Cybersecurity Center, the law states that, the value of a network, “equals the net value added to each user’s transactions conducted through that network, summed over all the users.”

Image Source: Beckstrom.com

According to Beckstrom, his law can be used to value any network be it social networks, computer networks, and even the Internet as a whole. In his model, the values of the network are determined by looking at all of the transactions conducted and the value added by each transaction.

To determine the value of a network, Becktrom used an economic point-of-view which considers what the additional transactions cost or loss would be if the existing network was turned off. For example, if a goods delivery service is shut down, then customers will go without those goods or obtain them in a different manner (i.e. driving to the store).

This focus on transactions is what distinguishes Beckstrom’s Law from its more famous cousin, Metcalfe’s Law. For Metcalfe, the value of a network was based purely on the size of the network, specifically the number of nodes. Conversely, Beckstrom’s Law focused on transactions, which makes it more applicable to current experiences on the Internet. This means that Metcalfe’s Law doesn’t account for a decreasing value of the network from an increase number of users or hackers who steal value.

Focusing on transactions makes Beckstrom’s Law of immediate value to the cyber security industry, i.e., the number of desired transactions versus the number of undesired transactions. To illustrate this point, consider a simplified equation:

V = B – C’ – SI – L

Where:

V = value of the network

B = benefit of the network

C = remaining costs outside of the security investments and losses

SI = security investment that a company or person spends to avoid losses

L = actual losses due to poor security.

With this equation, cyber security professionals can prioritize their efforts by focusing to minimize the costs of computer security, “SI” and “L”. Conversely, law enforcement can focus on raising the security costs of the bad actors and hackers.

Regardless of your point of view, the costs of cyber-attacks are staggering. Indeed, one is tempted to ask what hasn’t been hacked? Here are but a few example of seriously hacked networks:

1. IOT Botnet Devices Hack

Back in October of 2016, the largest DDoS attack ever was launched on service provider Dyn using an IoT botnet, i.e., a string of connected computer nodes coordinated together to perform a task. Unfortunately, the IoT botnet was easily infected by a malware called Mirai. Once infected, connected computers continually search the internet for vulnerable IoT devices (e.g., digital cameras, DVD players, etc) and then use known default usernames and passwords to login, infecting them with malware. This attack led to huge portions of the internet going down, including Twitter, the Guardian, Netflix, Reddit, and CNN.

2. The Hackable Cardiac Devices from St. Jude

Early this year, CNN wrote, “The FDA confirmed that St. Jude Medical’s implantable cardiac devices have vulnerabilities that could allow a hacker to access a device. Once in, they could deplete the battery or administer incorrect pacing or shocks, the FDA said. The article continued to say, “The vulnerability occurred in the transmitter that reads the device’s data and remotely shares it with physicians. The FDA said hackers could control a device by accessing its transmitter.”

3. The Jeep Hack

The IBM SecurityIntelligence website reported the Jeep hack a few years ago, saying, “It was just one, but it was enough. In July [2015], a team of researchers was able to take total control of a Jeep SUV using the vehicle’s CAN bus.

By exploiting a firmware update vulnerability, they hijacked the vehicle over a cellular network and discovered they could make the vehicle speed up or down and even veer off the road

In conclusion, the IoT has ushered in a need for even more robust network security. Beckman’s Law will help cyber security managers and law enforcements prioritize their efforts by focusing on the value of transactions.

transformational-technologies-that-can-change-the-world

Lux Research (Boston) released on November 7 its Annual List of Transformational Technologies that are projected to have the greatest impact over the next 10 years.

Lux’s “20 for 2020” report identifies and ranks 20 technologies that will reshape the world, based on innovation interest scores from the Lux Intelligence Engine, along with input from Lux’s leading analysts.Lux-20-for-2020 Report Cover Square

While they are factored in, the report goes beyond megatrends, market demand and new innovations that can thrust many technologies into the spotlight by also providing a shortlist that is intended to provide “data-backed context for the ever-shifting technology landscape and insights into how companies can maximize the investment opportunities these data trends reveal.”

I mean, Lux really goes deep, poring through patents, papers, funding and more.

In short, it lists the emerging technologies that the firm is most bullish on near term and over the next decade. I thought it would be of interest to readers to pull out the ones of particular interest to the plastics community from this fascinating list—and we barely have to go into the list to find the first.

But we’ll begin with what Lux’s identifies as the top two broad transformational market drivers:

1. 5G Networks: From robotic surgery to self-driving cars, 5G will be critical to advances in the internet of things. 5G has officially left the realm of research and entered reality, with more than 2,200 patents being filed this year. 

2. Shared Mobility: With more than $10 billion in funding every year for the past three years, shared mobility—like car-sharing services—are reinventing urban transportation. This was a new entry to the leaderboard as is the next.Lux Top 20 List

And at #3, it’s…

That brings us to #3, which is the first in the list to point directly to plastics via a top-of-mind topic that’s of interest throughout the plastics community and beyond because it’s a subset, and perhaps a large one, of a circular value chain.

3. Advanced Plastic Recycling: Innovations that can convert plastic waste into a variety of valuable products, enabling a circular economy and avoiding pollution.

Mission-critical for companies from consumer-packaged goods companies to chemicals, China has invested in recycling technology in a big way, with 55% of all patents coming from that country. 

The report expands on the topic in the summary, noting…

Why it’s important: Regulations like single-use plastic bans and waste reduction commitments from brands are shaking up the plastics value chain. Plastic waste recycling is becoming mission-critical for companies from CPGs to chemicals.

What you should do: Companies need to develop waste collection and sorting and help scale up conversion technologies like pyrolysis and chemical recycling. Look for those collecting and converting to present new competition for oil, chemicals, and materials companies in the new circular value chain.

Lux-Chem-Recycling-Logos-Graphic

PlasticsToday had already identified this as a high-interest market when noting that reports on this topic, especially recently, appear at the top of our monthly metrics reports of the best-read content.

The Top 25 most-read articles from among approximately 900 published so far in 2019 at PlasticsToday are dominated by the overarching themes of recycling and sustainability, including also these three recent features on advanced recycling:

Dow to source pyrolysis oil feedstock made from recycled plastic waste, published August 2019;

Is plasma gasification the solution for plastics and all waste?, published August 2019;

Is an age-old chemical process the solution to today’s plastic waste problem?, published July 2019.

Some 78 articles appear using the search term chemical recycling, and there are 145 when the term is combined with pyrolysis.

Lux’s Top 5 rounds out with Solid State Batteries followed by Protein Production.

Next: Additional plastic references

microchip-technology-creates-an-automotive-cybersecurity-kit

Consumers are now choosing cars partly on available electronics. Connected infotainment networks and advanced driver assistance systems have become as competitive as styling, gas consumption, and reliability. Yet at the same time, the addition of these amenities has added numerous entry points for hackers. A few years ago Ford hired a couple hackers to crack a Jeep Cherokee. They were able to take control of the vehicle’s steering and braking systems after entering the car through the infotainment network.

cybersecurity, automotive, MCU, networks, infotainment system
Microchip Technology has developed a kit for Tier 1 auto suppliers that is designed to make commercial vehicles safe from hacking. (Image source: Microsoft Technology)

The threat of hacking is no small concern. Breeches can potentially lead to recalls, lost revenue, and tarnished brand reputations. The question for original equipment manufacturers (OEMs) and their Tier 1 suppliers is no longer whether the vehicle networks need security but how to implement this security practically and without a costly complete design overhaul.

Protecting the Network

In order to address this challenge,  Microchip Technology has created the CryptoAutomotive In-Vehicle Network (IVN) Trust Anchor/Border Security Device (TA/BSD) development kit. The purpose of the kit is to enable OEMs and Tier 1 suppliers to introduce security to networked vehicle systems, offering the highest level of protection with the least disruption in the vehicle’s networks.

The CryptoAutomotive TA/BSD was designed for implementation by Tier 1 auto suppliers. “Tier one suppliers are the main kit customer as they are the ones with the pressure to support the new specifications quickly,” Todd Slack, product manager for automotive security products at Microchip Technology, told Design News. “The kit is designed to make it easier for these suppliers to implement new OEM cybersecurity specifications while reducing risk associated with security code development,”

In order to make sure all aspects of the security are effectively in place, Microchip worked with the carmaker’s engineers directly. “Each OEM has a collection of new cybersecurity specifications and they are not easily understood without security expertise,” said Slack. The kit speeds the proof of concept stage by including sample projects for various secure boot and controller area network (CAN) message authentication schemes.”

Meeting Network Specs and Standards

Slack noted that the CryptoAutomotive TA/BSD was designed to be flexible in order to accommodates each OEM’s implementation. Manufacturers can configure the node to conform to various emerging specs and industry standards. “These new requirements represent sweeping changes by pushing hardware secure boot requirements to nodes that previously had no such requirements,” said Slack. “The same can be said for CAN message authentication.  Most OEMs have not required any cryptographic message authentication whatsoever on the CAN bus.  Depending on the OEM, we’re seeing 20 to 100 nodes per vehicle impacted by the new security requirements.”

The tool demonstrates secure key storage, electronic control unit (ECU) authentication, hardware-based crypto accelerators, and other cryptographic elements. When used with a host microcontroller, it enables designers to implement functions such as secure boot and CAN message authentication, including conversion of CAN 2.0 messages to CAN flexible data rate with appended Message Authentication Codes (MAC) when appropriate. “Connecting two or more kits creates a network to formulate meaningful CAN message authentication schemes and can be tied to existing ECU to ensure interoperability across multiple solutions,” said Slack. “A graphical user interface with drop-down menus is included to make the configuration simple, so a developer can create a multitude of different message groups each with easily customizable options for message size, MAC type and freshness values which can be accomplished the first day they open the kit.”

Security Without Disturbing Adjacent MCUs

Microchip provides a comprehensive approach to automotive security. With the companion approach, the TA/BSD emulation kit enables OEMs to continue using their MCUs and, more importantly, existing MCU firmware certified to required safety standards by later adding the companion chip the kit emulates. These companion chips will come to the customer preprogrammed and include built-in security measures to provide true hardware-based key protection. “We have worked closely with OEMs during the specification creation process and provided kits to their engineering teams to support OEM research projects focused on security scheme implementation and interoperability,” said Slack.

The tool can be used with any ECU architecture, configuration, or bus, providing the flexibility to implement security in existing systems without large-scale redesigns. This approach also removes the requirement for in-house security expertise. The tool provides an online graphical user interface program with pre-configured options to simplify and facilitate implementation.

Rob Spiegel has covered automation and control for 19 years, 17 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.

5-predictions-of-tech-disruptions-in-the-next-decade

This year brings us one step closer to a decade that will be full of disruptions. Here are five big predictions for 2020 and beyond.

The year 2019 is here, which puts us one step closer to the next decade, one that will be amazingly disruptive in terms of technology. Many people fear disruption, but disruption has been responsible for many of the most exciting innovations.

Without getting messed up every now and then, we tend to hold onto ideas well past their usefulness. Then innovation doesn’t have a home and decay takes hold. It’s an endless cycle of shredding and reinventing. And that reinventing makes progress possible.

So, with that in mind, here are five major disruptions to watch (and watch out) for in the next decade:

enterprise-blockchain-is-having-an-optimistic-year

A new survey from Deloitte Insights examines the state of global blockchain adoptions and how companies all over the world are viewing the technology. The distributed ledger technology is finding footing in enterprise use cases beyond cryptocurrency and is making its way into supply chains, cybersecurity, and even automotive applications. The new research from Deloitte highlights a growing confidence in the technology, but also highlights some challenges and major concerns.

Deloitte polled 1,386 senior executives at companies in a dozen countries (Brazil, Canada, China, Germany, Hong Kong, Israel, Luxembourg, Singapore, Switzerland, United Arab Emirates, United Kingdom, and the United States).The US-based companies posted an annual revenue of $500 million or more and those outside the US posted revenues of $100 million or more. The majority of respondents came from technology, media, and telecommunications (26%), financial services (15%) and manufacturing (12%).

Despite blockchain being most known for facilitating cryptocurrencies, payments and digital currencies were only the fourth and fifth most-cited use cases respectively that organizations have for blockchain. The top use cases were data validation (43%), data access and sharing (40%), and identity protection (39%).

The survey says organizations are looking at blockchain primarily as a means of improving process efficiency (55% of respondents) but cost savings (51% of respondents), risk reduction (50% respondents), and time savings (48% of respondents ) were also cited as metrics of success in implementing blockchain.

“Though blockchain hasn’t reached its full potential, savvy executives surveyed for Deloitte’s 2019 global blockchain survey are confident about new and evolving use cases; they continue to see the technology as a connecting platform that can enable many business processes,” the report’s authors state. “…The question for executives is no longer, ‘Will blockchain work?’ but, ‘How can we make blockchain work for us?’ “

View more insights from Deloitte’s report in our infographic below:

Chris Wiltz is a Senior Editor at  Design News covering emerging technologies including AI, VR/AR, blockchain, and robotics.

The Midwest’s largest advanced design and manufacturing event!

Design & Manufacturing Minneapolis connects you with top industry experts, including design and manufacturing suppliers, and industry leaders in plastics manufacturing, packaging, automation, robotics, medical technology, and more. This is the place where exhibitors, engineers, executives, and thought leaders can learn, contribute, and create solutions to move the industry forward. Register today!

deepmind-is-working-on-a-solution-to-bias-in-ai

In DeepMind’s hypothetical college admissions example: qualifications (Q), gender (G), and choice of department (D), all factor into whether a candidate is admitted (A). A Causal Bayesian Network can identify causal and non casual relationships between these factors and look for unfairness. In this example gender can have a non-causal effect on admission due to its relationship with choice of department. (Image source: DeepMind)

DeepMind, a subsidiary of Alphabet (Google’s parent company) is working to remove the inherent human biases from machine learning algorithms.

The increased deployment of artificial intelligence and machine learning algorithms into the real world has coincided with increased concerns over biases in the algorithms’ decision making. From loan and job applications to surveillance and even criminal justice, AI has been shown to exhibit bias – particularly in terms of race and gender – in its decision making.

Researchers at DeepMind believe they’ve developed a useful framework for identifying and removing unfairness in AI decision making. Called Causal Bayesian Networks (CBNs), these are visual representations of datasets that can identify causal relationships within the data and help experts identify factors that might be unfairly weighed against or skewing others. The researchers describe their methodology in two recent papers, A Causal Bayesian Networks Viewpoint on Fairness and Path-Specific Counterfactual Fairness.

“By defining unfairness as the presence of a harmful influence from the sensitive attribute in the graph, CBNs provide us with a simple and intuitive visual tool for describing different possible unfairness scenarios underlying a dataset,” Silvia Chiappa and William S. Isaac, the authors of the studies, wrote in a blog post. “In addition, CBNs provide us with a powerful quantitative tool to measure unfairness in a dataset and to help researchers develop techniques for addressing it.”

To describe how CBNs can be applied to machine learning, Chiappa and Isaac use the example of a hypothetical college admissions algorithm. Imagine an algorithm designed to approve or reject applicants based on their qualifications, choice of department, and gender. While qualifications and gender can both have a direct (causal) relationship to whether a candidate is admitted, gender could also have an indirect (non-causal) impact as well due to its influence on choice of department. If a male and female are both equally qualified for admission, but they both applied to a department that historically admits men at a far higher rate, then the relationship between gender and choice of department is considered unfair.

“The direct influence captures the fact that individuals with the same qualifications who are applying to the same department might be treated differently based on their gender,” the researchers wrote. “The indirect influence captures differing admission rates between female and male applicants due to their differing department choices.”

This is not to say the algorithm is capable of correcting itself however. The AI would still need input and correction from human experts to make any adjustments to its decision making. And while a CBN could potentially provide insights into fair and unfair relationships in variables in random datasets, it would ultimately fall on humans to either proactively or retroactively take steps to ensure the algorithms are making objective decisions.

“While it is important to acknowledge the limitations and difficulties of using this tool – such as identifying a CBN that accurately describes the dataset’s generation, dealing with confounding variables, and performing counterfactual inference in complex settings – this unique combination of capabilities could enable a deeper understanding of complex systems and allow us to better align decision systems with society’s values,” Chiappa and Isaac wrote.

Improving algorithms themselves is only one half of the work to be done to safeguard against bias in AI. Figures released from studies such as one conducted by New York University’s AI Now Institute suggest there is a greater need to increase the diversity among the engineers and developers creating these algorithms. For example, as of this year only10 percent of the AI research staff at Google was female, according to the study.

Chris Wiltz is a Senior Editor at  Design News covering emerging technologies including AI, VR/AR, blockchain, and robotics.

The Midwest’s largest advanced design and manufacturing event!

Design & Manufacturing Minneapolis connects you with top industry experts, including esign and manufacturing suppliers, and industry leaders in plastics manufacturing, packaging, automation, robotics, medical technology, and more. This is the place where exhibitors, engineers, executives, and thought leaders can learn, contribute, and create solutions to move the industry forward. Register today!

4-reasons-why-someone-would-hack-your-car

If hackers are going to break into our cars they’ll most likely be motivated by profit over anything else.

Autonomous vehicles haven’t even hit public roads in any kind of widespread deployment yet, but Hollywood is already painting frightening scenarios on the potential of car hacking. The 2019 remake of Child’s Play features a scene in which a woman is held prisoner in a self-driving car run amok. Most notorious is a scene from The Fate of the Furious in which hackers remotely control autonomous vehicles to wreak havoc on city streets – even making cars rain down from multilevel parking structures.

While these situations may seem outlandish, they’re not terribly far from reality. Hackers have demonstrated for years now that it is possible to remotely access vehicles’ braking and other crucial systems. A recent study by Georgia Tech’s School of Physics found that if hackers were able to hack only 20 percent of the vehicles in Manhattan they could grind New York City to a halt. Such a hack would not only freeze commuter traffic, but also prevent important services and emergency vehicles from getting around the city.

But is creating chaos the only value proposition for car hackers? Asaf Ashkenazi, Chief Strategy Officer at Verimatrix, a provider of security solutions to the automotive industry, believes we should be worried less about terrorist-level attacks and more about the ways hackers will attempt to turn a profit by hacking cars.

“It’s very sexy to talk about these terror attacks, I think. But if you put aside the terror – big states that are launching acts of war. You have to look at what is the practicality of that,” Ashkenazi told Design News following a talk at the 2019 Drive Conference & Expo.

Here are four major reasons hackers might want to break into your car in the very near future:

1.) Credit Card and Bank Fraud

As vehicles become increasingly connected to infrastructure for things such as automated toll booth payments, it will create more points of entry for hackers looking to steal personal data such as credit card or banking information. “Hackers are looking to make the maximum profit for the minimum effort,” Ashkenazi said. “Cars are going to have to implement a lot of payment systems because you will be able to pay via your car when you go to toll roads and parking lots.”

2.) Stalking

Fraud can be a big way for hackers to make money. But Ashkenazi also noted there’s a healthy black market for other forms of stolen information as well. Hacked vehicles could provide avenues for stalkers or other malicious parties to track potential victims.

“All the cars will have GPS. So if I have the ability to track any car I can start a service where anyone that wants to track somebody can. I’d just need a VIN number,” Ashkenazi said. “Let’s say that I have access to half of the cars in the U.S. You just log into my service, pay me monthly, and I give you access to track whatever car you want. It’s a great business.”

3.) Helping Car Thieves

Thanks to key fobs and other security technologies, cars are becoming increasingly more difficult to steal the old fashioned way. But hackers could bridge the gap and give thieves an easy way to steal modern vehicles. “Let’s say that I’m a hacker and I have access to your digital key,” Ashkenazi said. “If a car thief wants to steal your car they could connect to a service I offer, give me the VIN number of the car, and I could open it remotely.”

4.) Ransom

Even if a hacker were able to create a widespread disruption or attack using vehicles, it wouldn’t be the best way to turn a profit, Ashkenazi said. The moneymaking proposition here is to use the exploits to extort companies.

“If I have the capability to stop the car and do all sorts of damage then as hacker I probably won’t use it because the entire world would be after me – FBI and Interpol and the like,” he said. ”But I can demonstrate it to a car manufacturer and say, ‘If you don’t pay me this amount of money I’ll leak it out. The real danger in this situation is the hacker makes the money and the public will never hear about it.”

Chris Wiltz is a Senior Editor at  Design News covering emerging technologies including AI, VR/AR, blockchain, and robotics.