Together with E.D.&A., Daikin, 24/7 TailorSteel, Van Hoecke NV and Newtec , Agoria and Sirris spent a full week in Silicon Valley to get a feel on the region's advancements in digitization & manufacturing. In this last blog we would like to share with you the facts and outlooks of some local thought leaders on the topic of Cybersecurity.


Recent evolutions in Computer vision & power as well as Machine learning - also called Artificial Intelligence for Manufacturing - will transform the manufacturing world radically, enabling Factories of the Future to move to personalized and fully connected manufacturing. Together with E.D.&A., Daikin, 24/7 TailorSteel, Van Hoecke NV and Newtec, Agoria and Sirris recently spent a full week in Silicon Valley to get a feel on the region's advancements in digitization & manufacturing. Following themes clearly stand out in today's Silicon Valley manufacturing DNA: Digital transformation, AI (Machine Learning ) and Cybersecurity.

Compliance

One thing was very apparent during our visit : everybody talked about Europe's GDPR directive. Microsoft amongst others presented a tool at the RSA-conference (the world's largest conference on Cybersecurity) to check the GDPR-compliance rate of Windows 365 systems. Facebook & Google stated they are well prepared for GDPR and have huge legal teams working on it. On the other side companies like John Deere & Caterpillar have a huge amount of customer (farmer) data, but don't really know what to do with it because of GDPR…

The American initiative which comes closest to GDPR is NERC (North-american Electric Reliability Corporation), which forces the adherence to strict rules covering everything connected to the grid. Other sectors like chemicals, food, etc have much less rules ("the US doesn't like rules"), which leads to a situation where people/companies more look at what competitors are doing.

"The nr. 1 reason why people won't go for developing customer oriented IoT-solutions is SECURITY CONCERNS" 

Vincent Turmel, Director of Field Engineering @ Bayshore 

Enterprise IT vs Enterprise OT

We were invited at the offices of Trident, a Silicon Valley Venture Capitalist company that invested in the security company Bayshore.

In many manufacturing companies the central ICT department governs and executes all strategic and operational ICT related work (Information Technology focus). However, it is becoming crystal clear that the ongoing digitization of the production floor needs not only another focus, but also other competences and organizational structures (Operation Technology focus): 

As can be seen in the overview below, most manufacturing companies have their security aspects (compliance, visibility, control and analytics) quite well covered in their IT-departments, but the Operation Technology (OT) systems like SCADA, PCN, DCS, MES, Telematics, Robotics, etc. still remain largely un-addressed :

"An OT security system should always be something understandable and approvable/modifiable by a plant manager … in other words: no black box." 

Vincent Turmel, Director of Field Engineering @ Bayshore

One of the biggest worries nowadays for manufacturers of (consumer) products is that hackers change the characteristics of the product, with possibly huge customer claims as a consequence.

Bayshore's ambition is to help moving as many manufacturing companies as possible from 'Passive monitoring' towards 'Adapting & learning' and finally the most active protection, being 'Alerting & protecting'

"Security will still need one generation more to arrive at the same level of attention as the currently existing safety focus of (self-driving) automobiles."

Vincent Turmel, Director of Field Engineering @ Bayshore

Security as an opportunity

At a Flemish evening debate in San Francisco, Thomas Kallstenius from IMEC argued that Security economics is not getting the attention it deserves. Like many car brands already years ago (Volvo on top) transformed security from a 'necessity' into a (marketing) opportunity. Partly driven by unavoidable industry spill-over effects from one party to another ("the one who generates the problem is not always the one who suffers"), manufacturing companies should move the same way.

This clear advice was heavily supported by one of our travel group members, Erik Dierinck (CIO Newtec) who demonstrated the fact that Newtec already started focusing on the Added value of security 3 years ago. By acquiring a Security ISO-certification a clear customer added value (ao acquiring Panasonic as a new customer) already was benefited from by Newtec. 

RSA Conference – World's largest Cybersecurity Conference (16-20 April San Francisco)

Below you will find a short summary of the main keynotes given at the conference. They are were TEDx style presentations, meaning extremely professional and well-prepared ! Hyperlinks to review the speeches have been included as well.

  • Keynote 1:The Five Most Dangerous New Attack Techniques, and What's Coming Next :click here

This first keynote was organized as a sofa-session where 5 specialists shared their views on hostile cyber attacks. 

  • Keynote 2: Raise the Bar and Make an Impact - by John N. Stewart (Cisco Sr. Security & Trust Officer):click here

Mr. Stewart proposed 3 questions every company should ask itself with respect to Cybersecurity: Where are we today? Where are we going and is it the right direction? What should I do?

"STOP THE MADNESS of developing products without security being the main driving force."

John Stewart, Sr. Security & Trust Officer @ Cisco

He made us dream a little bit : "What if …

… we would exactly know what is going to happen and where

… an attack would be stopped right at the moment it happens

… the cost to attack would be much higher than the cost to defend"

This could change the game, he argued… but it is not easy at all and we should definitely not confuse hard work with results! Whatever you are, government, company, vendor, an individual: we're all in it together!

How to get there, knowing that 200 billion IoT-devices (26 per person) will be connected to the Internet in 2020? Mr. Stewart argued that if we, business people, don't control the outcome, regulators will push it. He also stated that we will have to start talking to people we don't usually talk to and bring them into the security discussion. Security has to be part of the development process of e.g. the vendor/supplier and we all should truly demand explicit trust in this.

  • Keynote 3:At the Edge of Prediction: A Look Back to the Future of Cybersecurity – by Samir Kapuria (Sr VP and Managing Director Symantec) :click here

Mr. Kapuria explained that Symantec is heavily working on creating self-defending, self-learning platforms to speed up the neutralization of attacks. Systems are being learned to recognize in a split of a second things like "Who made the action?" (A human or a machine?), "Who is responsible?" (A human or a machine?),...

His final conclusion is that "It's always PEOPLE that attack, and it's PEOPLE that cure… Therefore respect and creativity will be of utmost importance. This can only be reached when all of us are willing and capable of empowering diversity and inclusion."

  • Keynote 4: Attention Agents of Change: Are You Ready for Your Next Mission? By Rami Rahim, CEO Juniper Networks : click here

Mr. Rahim clearly summarized that the internet revolutionized shopping, manufacturing,… "but has also eliminated time, distance and identity constraints of bad guys making bad moves". Therefore, everyone of us needs to be an agent of change. And technology will need to help us with that. We must however not allow ourselves to slow down. And finally he ended by stating that automation is relevant, and good. Another inspirational talk to end this trip report.

Did you also read....

  • our first blog on The Silicon Valley culture?  Click here
  • our second blog on IoT products for scalable business?  Click here
  • our third blog on the Process of becoming Digital?  Click here 
  • our fourth blog on Machine Learning? Click here