Dr. Daniel Engels is a “recovering” professor, currently doing consulting work in AI in the security and IoT areas.  He has spent most of his career moving between academia and industry.  Currently he is an adjunct professor at Texas A&M and a research fellow at Southern Methodist University, working in their AT&T Center.  The SMU AT&T Center for Virtualization is a premier research center at SMU with a mission to advance knowledge and practice of virtualized computing, communication, and user experience.  After earning his PhD from Massachusetts Institute of Technology, Dr. Engels joined MIT’s Auto ID Center, where he worked with the technology and standards which we currently use today as the EPC (electronic product code) system.  He joins us to discuss the evolution of IoT from RFID and barcode, to data security needs.  I’ve known Dr. Engels for over 15 years, and we dove right into the topic.

Zero Trust in a Big Data-Connected World — The IoT Evolution

TB: Thanks for joining me today Dr. Engels. Tell us a little bit more about barcodes and RFID tags, and how that has evolved. Maybe start with the Auto ID Center?

DE: Sure, thanks Trey. At the MIT Auto ID Center, we developed and came up with a really cool technology where we were literally trying to connect the physical world to the virtual world. In trying to figure out what the killer application for such a really cool technology would be, we ran into folks at the Uniform Code Council (UCC), then subsequently Procter & Gamble and Gillette. We listened to them, processed the feedback, and figured out that the killer application for connecting the physical world and the virtual world is supply chain management.

TB: Well that sounds like a reasonable place to start, and certainly a point of emphasis for our readers.

DE: It was very, very reasonable. But the whole point of that system could be narrowed down to a single question: How do you take physical objects and identify them, automatically connect them to the virtual world, process and read information about them, or maybe just identify them in the virtual world? Then figure out what to do with it, what it is and everything else.

TB: That sounds like it wasn’t just classes of things, but rather discrete instances, where everything would have a virtual “license plate”?

DE: Absolutely correct. The ubiquitous barcode that we’re all familiar with, which had been originally developed in the 1970s by the UCC, didn’t really begin adoption in the retail supermarket until the early 1980s. The catalyst was a label change required by the FDA to include ingredients and calories on all the foods that we buy. In those times, the barcode had a scanning lifespan of one time – at checkout. Fortunately for us now, barcodes can be used in a much broader range of applications, including back-end processing like your Starbucks App.

We were doing these types of things at the Auto ID Center, back in the time when 96k modems were all the rage. Believe it or not, there are probably several 96k modems and slightly faster modems still in use today. Typically the most remote facilities are on modems and not high speed internet. With Wi-Fi in the home, and fixed and mobile broadband everywhere, it’s surprising that 96K modem connections are still out there. But they are. Connectivity though was not available all the time. This drove us to develop the EPC system around RFID (radio frequency identification) tags that carried the data instead of barcodes.

We made another observation while defining the protocols and developing tags. Tags generate a huge amount of data when RFID readers are reading them, and that data needs to be managed. In the early days we had middleware processes to enable management and filtering closer to the edge. The functionality closer to the edge would push the data into a back end database. The edge functionality, our EPC servers, were there to capture the data, collate the data, store the data. The result was a local server with information accessible from various applications. These applications could mine the data then do something with the data more intelligently, but also allow that information to be potentially discoverable from somewhere else – whether it was public or private information or private corporate data – in the US or the world.

That was really the whole system. The EPC is just a unique identifier which is really a serialized GTIN (Global Trade Identification Number).

The number on a barcode today is a GTIN, identifying the class of product. The serialized GTIN adds a serial number that identifies the instance of that product. It’s unique to that particular thing in the world. The EPC was just a way to store that information in a common form factor whether it was digital or human readable or machine readable. SGTINs allow you to uniquely capture an item as it travels through the supply chain.

TB: Ok, so the first step in the merge of the physical world with the virtual representation is in the serialized GTIN. Was that the only step that needed to occur?

DE: The third part is the financial flows. When you merge the physical and virtual and truly see where things are going, track where they’re going, manage where they’re going and actually automate a lot of that, you can start automating financial flows, like auditing, controls, and billing and receiving.

TB: Makes a lot of sense. We can track almost anything through the supply chain on a discrete basis. I understand that link to IoT.

DE: Yes, but when you start thinking about tagging the world, there is a lot of data – which creates a lot of questions. Who gets to see that data? How is it viewed? What can be done with it? Who owns it? That is, maybe your data may be about you, but it isn’t yours. Or is it owned by the guy that read it? Or somewhere in between.

Now you have a huge security problem. How do you protect the data so that only authorized people can read it? How do you ensure that you have some form of privacy? If somebody reads it, how do you protect that information? The good thing about RFID is that it’s got a limited amount of data. The bad thing about RFID is that it’s got uniquely identifying data even if it just has an identifier. If you carry multiple tags on you, even if they don’t have a unique identifier, you now have a digital fingerprint from the combination of tags like Nike shoes and Levi pants and maybe a designer wallet. We’re able to now uniquely identify you, not because you carry a unique identifier, but because you’ve got this constellation of tags. Then consider one of the benefits of RFID which is you don’t need line of sight. You can read it at three or four meters. If you want to go illegal power levels you can read it at much longer range or stay within power levels if the tag is designed for longer range. Your toll tag, which incorporates the EPC protocol we developed, can be read with a standard legal reader at speed well over 50 feet away.

You now have tags on you that can then be read and used by nefarious people, which really got me into security for these very resource constrained devices. Revere Security is a startup company that I joined as CTO where we continued to develop protocols for RFID tags, protocols for SCADA devices, which was our original impetus. We also created a cryptographic cipher algorithm which to our knowledge is yet to be broken, even though we had lots of people really look hard at it. It’s extremely lightweight, extremely durable, extremely good. But if you’re going to use anything today, I would recommend AES or public key cryptography unless you have special requirements.

I’ve been doing research and work at the intersection of IoT, cybersecurity and Data Science for decades even though on the surface someone may say “you’re doing antenna design and you’re doing cybersecurity, and you’re doing data science, they have nothing to do with one another.” Except in the world of IoT and cybersecurity and Data Science, all of them are merged together into one because they all are related.

Data science is really a broad field that encompasses your traditional data analytics database management, including all of your data engineering work that you would typically see, like database, data structures, data management, and how to analyze the data. If you’re managing the database, setting post data structures, how do you organize your queries into it? The other piece is how do you manage it? So we get into this big data concept. When I started at MIT, the reason we needed the filters in the middle to do something intelligent closer to the edge was because we couldn’t handle all the data. We didn’t have databases or servers big enough. Today, it is called cloud computing. You don’t have to filter everything on the edge, although we do for certain things. When you start thinking about that data science piece you have to think about how do you keep the data clean? Because if you get dirty data, any analysis of dirty data gives you bad results.

How do you move Big Data? You can’t just analyze it all in one place because no computer has enough memory for terabytes of data. You’ve got to do it some other way. How do you partition that up? How do you then allow that to be analyzed? That’s all part of data engineering. Based on what you know, how do you engineer the infrastructure?

TB: Where do analytics fit in?

DE: That’s all part of data science. Data science and AI, which is the big buzz word, are just applied statistics and applied data and applied computer science to data. 80% of what you need to know can be obtained through simple basic statistics. You can figure it out and do a lot with that. As you get more complex insight requirements, we start applying the more advanced techniques like neural networks, and deep learning approaches, where advanced analysis comes in. It’s typically referred to as AI. Today it starts becoming interesting and useful because now you’re doing all these insights and you’re starting to automate a tremendous amount of decision making.

TB: How does cybersecurity fit in?

DE: Cybersecurity is very much different from Data Science. There’s a lot of different types of cybersecurity, different mechanisms you can use. But they all try to do the same thing. In the computer networking world, and the database world, the operating system world, the application world, cybersecurity is all about providing confidentiality, integrity and authentication. The authentication includes authorization. You might be authenticated to do something or access an area, but not authorized to enter a particular room in the area.

In cybersecurity, while the mechanisms are very much the same across the spectrum, you have different algorithms and different protocols. You’ve got different objectives. Attacks are all pretty much well known. The NIST Framework (National Institute of Standards and Technology “Framework for Improving Critical Infrastructure Cybersecurity”) will tell you all kinds of attacks and defenses against the various attacks. In cybersecurity the human is the weakest link. Consider phishing emails. We do an ok job of identifying them, but they’re still arriving in the inbox. People still click on them causing malware to be downloaded into the whole security infrastructure. How do you apply the cybersecurity mechanisms and security framework? It’s fundamentally flawed in most organizations in the way that operating systems and applications and networks were initially developed. Cybersecurity was in most cases a complete afterthought.

TB: Why do you say that?

DE: Think about how computer networks have evolved over time. Originally it was a big mainframe sitting in a huge building, the ENIAC, as an example, one of the first electronic digital computers. As we moved on to mainframes, it was okay because input and output required physical punch cards to feed and receive. That required physical security. I don’t need security in the machine because I had physical security. As you start getting “dumb” [character-based display functionality only] terminals out in the world, you start needing passwords and logins because you want to keep me from stealing all of your compute time which was the original kind of hacks and tweaks on mainframes.

From mainframes we then went to workstations. Workstations, like those from Sun Microsystems, were on desktops and moving the computing to the edge. Then you got to the PCs beyond that. Then the laptops and then your phones and now we’ve got IoT. That computing edge continues to extend. The interesting thing is, as we move that edge out, the functionality of the first laptops is probably less than what we had in the first cell phones, which is also probably about what we have in a lot of our IoT devices. So, think about that for a second. We have a tremendous amount of functionality in our IoT devices. How many of them are properly secured?

The answer is not enough of them. And RFID tags without security, most of them out there, allow a broad range of attacks. But you can make sure that they’re protected or shielded, there are ways to do so. Now we start thinking about cybersecurity. The basic approach is all about CIA – confidentiality, integrity, authentication. How you achieve that evolves and changes, and it’s always the human forgetting to configure it properly, or clicking on that phishing email, doing something they’re not supposed to be doing or not doing something that they really needed to do. That allows the attackers to come in. The intersection of cybersecurity and data science is all about automating a lot of that.

The original paradigm for security is trust, but verify. This worked for decades, but it worked in a non-completely networked world where mainframes existed and I knew everybody else that was using that mainframe. I knew everybody else that was on that specific network. During that era, there were only a million computers on the entire Internet. That was pretty easy from a security perspective. When there are billions and billions of items, and the Internet of things is there, you don’t know everybody. But you’re highly connected. You are very, very vulnerable because somebody all the way on the other side of the world can log into your machine. Doesn’t matter how many firewalls you think you’re behind or anything else. Someone can get there, someone can attack you. That is the problem of today.

In the trust but verify model, which is what we had at the beginning, that works great because I trust you because I know you and then I’ll verify that you haven’t mucked around with my account or otherwise changed things on me. The problem today is you don’t know everybody. You should not be trusting everybody. And you really need to go to a verify-but-don’t-trust-even-after-you-verified world to consistently and continually verify.

That is continuously authenticate, to make sure that you’re on the access list, authenticate on a continuing basis. This whole concept of zero trust is really a step in that direction. But today’s tools and cyber tools are not in that mode, which is why you can download malware, even though we know it’s malware. We try to stop it from running after it’s been clicked, which makes absolutely no sense. That is literally security today. We are going to let you download it, but then we will stop it from running.

The Zero Trust concept is actually starting to change that approach but it’s going to be a very, very slow, adoption. Most people don’t really understand – not just the random person on the street, but even the cyber experts. They don’t understand that the trust but verify model is broken, has been broken and will forever forward be broken. When a model is forever more broken, you need to go to a new model. It’s just how long does it take to get to that new model? And that’s the authenticate and authenticate and keep authenticating and keep your trust to an absolute minimum. The Internet of things actually makes a whole bunch of things bad in this regard.

TB: What does that mean to you, Internet of things?

DE: The Internet of Things is the infrastructure that connects inanimate objects to the Internet.

When you think about that infrastructure, just like the Internet connecting computers, how do you connect inanimate objects? And when I think about the Internet of Things, I think of a barcode. That’s part of the Internet of Things. It gets connected to the Internet briefly when it gets scanned. And all that information goes through the network and the network does whatever it wants with it. Same thing with the pure passive RFID.

We’ve been doing this for decades. For example, I’ve had the privilege of taking a tour of the GM factory in Addison, Texas. They manufacture Chevy Products, GMC products, and Cadillac products, basically the big SUVs, on the assembly line in that plant. As the various products are moving through, if it’s a Chevy, it gets certain parts. If it’s a GMC, it gets other parts. If it’s a Cadillac, it gets different parts. They’re all on the same line sneaking through the manufacturing assembly plant.

The parts bins are all barcoded. We were looking at how we could automate using RFID so we could improve the efficiencies of manufacturing, make sure everything got to the right place and triple verify that the right part is in the right bin. They’re scanning barcodes to make sure that they’ve got the right part. When they scan it out of the bin they’ll scan the barcode on the bin, pull it out, put it on the car.

TB: That assumes that the inventory was stocked appropriately into the bin, right?

DE: Correct. And occasionally because you get a lot of colors that look very much the same, and you might have a red for the Chevy and a red for the Cadillac that look basically the same under fluorescent lighting and they are basically the same part because there’s a lot of shared parts – no secrets there – it gets stocked into the Chevy part location instead of the Cadillac location. Then they put it under the bright lights and do their final check, and finally can tell that it’s the wrong red. Now they’ve got to pull it off and replace the whole bumper. This is where having RFID technology integrated into the parts can help to eliminate or further minimize those types of errors. They are all too common, given some of the similarities in the colors and the parts. Those types of errors are extremely expensive when they’re identified late in the game.

Lear, one of the seat manufacturers that is effectively co-located with Chevy, actually uses RFID in the platform that they use on their assembly line to build their seats, and that RFID tag will be read at every station. Information about that seat will come up for the operator for what they need to put on at each station. This moves very smoothly and reduces cost and decreases the time to assemble a seat in those cases.

TB: What is your view on Industrial IoT?

DE: Industrial IoT is just the IoT applied in industrial manufacturing or warehouse or other type of retail or home setting.

When you think about IoT, the extreme low end of IoT is barcode and pure passive RFID tags. However you also have RFID tags that have sensors in them. These could be cold chain sensors logging temperature or vibration sensors. That’s the next level up. Then you can start talking about active technologies. Home automation is just IoT everywhere. Your car, your smart cars and your IoT device. But really once you start moving up from this low end, the more costly. The question is, what are the applications that you have on top of that? So you’ve got the networking, you’ve got the communication, you’ve got basic identity.

You can also bring in more functionality to that edge device. So, a smart thermostat, like a Nest thermostat, for example, is often considered to be an IoT device because it is connected to the network. It’s connected through Wi-Fi to the Google Cloud, where it mixes with all the other nest thermostats and Google mindset information. It becomes a much more efficient, much better thermostat to regulate the temperature in your home the way that you like it. It’s an IoT device with localized functionality supported by cloud functionality.

TB: And gamification so you can earn “leaves.”

DE: Exactly. Google gets even more data and that is the other aspect of IoT. IoT is the foundation. It’s just the network infrastructure, connecting your inanimate objects to the Internet. But beyond that, as soon as you move beyond those simple connectivity to more functionality, you immediately get to automation. That’s really an application sitting on top, but you can have that functionality sitting at the edge. Like a nest thermostat, like your smart refrigerator or your smart lighting.

Lots of automation capabilities now become possible with more advanced Internet of Things infrastructure when we start putting the applications on top of it. Automation is really what most people equate with IoT. So the industrial IoT now isn’t so much the barcode and the passive low functionality RFID tags. It’s the smarter active IoT devices, which we used to call embedded computing. We now have embedded computing that allows for more automation.

TB: Right.

DE: Industrial IoT is embedded computing that is connecting up the information associated with your various machines up to the cloud. In the cloud we can now take all that information, take that data and mine it so that we can find potential vibration issues or quality control issues long before that would typically show up. We can have that repairman show up at your house and say I’m here to repair your refrigerator, and even though you didn’t call refrigerator repair, your refrigerator called.

TB: So the whole whole predictive maintenance or predictive diagnostics driven by the IoT communication combined with what you called your data science application, to let the refrigerator have its own voice, right?

DE: Yes, that’s really a great benefit of having IoT in the home and IoT in manufacturing. Think about your CNC machines today. You’re going to program it on a PC, usually. You’re going to then upload that into the machine itself, which will then execute it after you’ve set it up so that it can start the process. All that’s automated. So you got auto-milling, you got auto-cutting, all kinds of things that you can have with automation. And all you’ve done is told the machine what to do. That’s really a phenomenal step and you can have that in your home shop. You don’t just have to be a big industry guy. You can do the same thing with additive manufacturing and 3D printing.

You can have a small 3D printer in your house. You can buy these commercially for a couple hundred dollars and manufacture parts on demand. You don’t have to stamp them out. They’re not as cheap as a single instance of a part that was stamped out thousands of times. The cost of the die and equipment gets very, very expensive and typically you only make money after you make several thousands or millions of them from stamping. With the 3D printer, now you can say “Okay I need something that looks like this and I need three of them.” Each one is going to cost you not the pennies per but maybe it’s tens of pennies per, but you only have to make three instead of three million.

That’s less capital and is much faster. You don’t have to go get dies or other capital items. Now you can start designing these things. You have this just-in-time manufacturing, just-in-time capability to get parts for whatever it is you need, as long as you’ve got the proper form for the file that allows you to print it out. For just-in-time manufacturing or just-in-time repair, instead of stockpiling thousands of parts, you stockpile enough material, and a 3D printer that can print those parts when you need them. Automotive knows this and most of what you have on a tractor or vehicle can be 3D printed.

This is part of that Internet of Things aspect where you are digitizing and creating true automation. My vehicle knows something’s wrong with it and sends a message. We diagnose it as we think this part is being worn. If that’s a printable part, we can send off to have that part printed and have it ready before the part fails in the field, then schedule maintenance and get it repaired and replaced.

TB: So through IoT every item has a “voice.” Pair that with an automated analytic comparative for that specific part, and you have an active feedback loop that can be monitored. And everything has been digitized.

DE: Correct. And that feeds directly into having your digital twins, that feeds directly into having your smart things. Just because you have something that’s smart, doesn’t mean it has to be like a human where the intelligence is in the thing. Most Internet of things devices are smart not because the intelligence is in the device itself, but it’s smart because of what’s happening up in the cloud with that data. This also gets back to that cybersecurity issue and that privacy issue with all of that data.

That’s the big danger of having all this data. We recognized this danger very early on at MIT. It continues to be an active area of research that I work on. How do you secure the data and the infrastructure? And this is really what cybersecurity for me is all about. It’s not just “Hey make sure that you use the right tools,” although I consult with certain companies on cybersecurity and cybersecurity companies themselves about how to make sure they address many of these things.

Previously, data was just something you had. Google understood this. Marketing companies have understood this for decades since they were founded. Most people and companies are just starting to come to realize that data is the crown jewel. Really, it’s the crown jewel for just about every company on the planet. Because with that data, you can do predictive maintenance, you can do predictive customer wants. You can figure out ways to upsell your customers, market to new customers, improve your revenue, decrease your costs, all kinds of things.

TB: How do we extend that discussion to industry and the data that’s being captured? I guess you could say we have to protect the idea that I’m making this unit of one for that individual consumer, or the intellectual property contained in the design being sent to the CNC machine or the 3D printer. What other kinds of corporate impact do you see in industry, from the cybersecurity agenda, that’s being elevated everywhere?

DE: I think you just hit on the IoT, the main topics where the big one is, of course, data is the big change. It’s a big game changer. So how do you protect it? That’s the biggest, absolute biggest change. You have to protect that data. It’s not just don’t use it for nefarious purposes. It’s keeping other people from accessing it. So that’s one aspect of cyber security.

The other aspect because everything is going digital, everything’s getting networked, is if you assume that your firewall is going to work you need to make other assumptions. You have to have defense in depth. More than likely the IoT device that you’ve installed to monitor your machines or otherwise help control them and in your machine on the manufacturing floor is not very secure, if it’s got any security on it at all. In fact, a lot of these have zero security. You need to protect that and need to understand that you have to protect that. You can architect your network so that it’s isolated, or not connected to the Internet directly. You can make sure that you’ve got a lot of extra rules and limitations but you need to get over this trust but verify and go to a verify and continually verify security approach.

In my past experiences, I’ve been able to see lots of interesting things happening on networks. And these are interesting things that you say, “Oh well, why would that be interesting? You just have this piece of the company talking to this piece of the company.” It’s like, “Yeah, but this piece of the company should not be talking to this piece of the company.” And if they do talk, it needs to be a particular conversation. And it’s not sending customer data from one to the other. Why is this piece of the company getting that customer data? Probably because that piece of the company has been compromised and it’s being externally traded out of that piece of the company in some way. We’ve got to see that all the time. You can’t just say put my firewalls on the outside and I’m good on the inside.

No, everything that you have in your network and on your network, particularly because it’s a Bring-Your-Own-Device world, is a potential access point for the bad guys. Sometimes we do this to ourselves. So, data exfiltration is a huge problem. One way that data exfiltration happens accidentally is that somebody will set up a cloud service, a cloud database, because they needed to share something with some other group for the purposes of a business deal or project. They load a bunch of data up there. It’s not secured. It’s shadow IT. Nobody knows about it. It doesn’t get registered anywhere. They forget to shut it down or they forget to secure it and suddenly they get this big data leak. Humans will do whatever is the easiest thing for them to do. So you need to make security easy for them.

Just like we have made passwords. So when I was in college, you know, this was the early days of computing and you could hack stuff more easily and you would get a thousand or billion different attempts at guessing passwords before things shut you out. You just sit there and run a password cracker on the administrator account just because you want to give yourself more privileges.

You can’t do that today because of all these requirements for how your password should look, rather onerous. Nobody ever remembers their passwords today. You use a password manager. So the more we move to things that automate security, like single sign-on, password managers, and two-factor authentication, the better we will be.

We can do that with machines as well. As we start doing more and more of that two-factor authentication, continual authentication, automated security, we are able to stop things.

Suppose I set up a database so you and I can work together. Oh wait, the network won’t let me do anything with something because it’s not authorized. I can’t connect to it therefore it’s not part of my network. I need IT involved. So that’s how you really stop a lot of these human issues.

Password manager, single sign-on are just two examples of things that we have done right and need to do more of. If we move to that approach where we verify before we trust, and that’s really what single sign-on and password protections are for, verify before you trust, and when you don’t trust and continually verify, you end up with much stronger security. It is unfortunately not a concept that a lot of security people understand or fathom or agree with – old school is not always the best.

TB: What is on the horizon that everyone concerned with the Internet of Things needs to have on the radar today or needs to start investigating today? What technologies are out there that are going to be rolling down the pipe that you can discuss?

DE: As an example consider RFID versus other technologies which may have been superior in different aspects, like Surface Acoustic Wave (SAW), RFID has won the mainstream battle because traditional silicon based RFID technologies have improved. It is standardization, just good enough, and then that evolution of capabilities, improvements in designs, adding more functionality to capture an ever increasing set of possible applications with one set of technologies. We’ve seen this before and we’ll see it again. We talked about computers, mainframes to workstations to desktops to laptops to phones to IoT. At every step of that evolution, we moved to the next one because the functionality of the current one has achieved such a level that it can support that next level layer. That next layer has a level of capability that can support usable functionality. That’s really where we’re at now. We’re sitting in that evolution phase. 10 years ago, I would have said we’re going to have active communications for passive tags and vibration sensing and just energy scavenging.

That technology exists as capable and possible today. Nobody does it. If they do it, it’s all very niche applications. It’s not to say it will not happen.

TB: Right.

DE: When do we reach the point where I need a very small piece of silicon that has everything integrated into it and I can drop it in and I can communicate with it at three meters, and it gives me at least an ID and maybe some other information and it’s secure? We can do that today but it’s probably at least another decade before we get to a tipping point where we actually do that.

TB: And cross the chasm to mainstream, right?

DE: Exactly. Because you need to get over what everybody else is doing today. Part of it is just what is everybody else doing? One of the reasons SAW failed is that it was great in areas that nobody cared about at the time. Now, it’s becoming more and more relevant but it’s no longer here. So we’ve taken the existing technology, the passive UHF technology for example, we’ve added more functionality to it and more security to it. We’ve been able to improve its range, keeping its cost about the same, maybe even dropping the cost a little bit and that has expanded the range of possible applications that can use it. You say “Well, but who needs all this security when you really only need an identifier for retail products?” Yes, you only need an identifier for retail products, but you add all this other functionality and now it can go on all these other more commercial products.

TB: On a pallet in the warehouse for instance?

DE: Exactly. You add a bigger antenna and integrate it in, you get longer range, etc, etc. That’s all from one silicon design, maybe one or two tag designs integrated in, you get economies of scale, it’s cheaper and it works. It’s good enough. Whereas I take that single piece of silicon, today it’s still a niche capability. There’s not many people that know how to do that. There’s a small number of silicon designers that can do that. The technology doesn’t quite give you three meters, it definitely gives you one to maybe one and a half meters today. But if you iterate on that enough, you can get to that three meter and beyond capabilities still from a grain of sand. You can start integrating in the security functionality and everything else that you want. But now you have this grain of sand instead of a tag which has an antenna, large footprint by comparison and integration problems. With a single piece of silicon a lot of those issues go away.

That’s really one piece. So there’s those types of technologies that are in the lab that just can’t get enough momentum in the marketplace, that even though they clearly will provide a lot of benefit the incumbents do a good enough job and these competitors don’t have enough value-add to be able to overcome the competitive advantage of what everybody else is already doing.

I think that active battery powered tags are really where a lot of the innovation is happening because everybody wants to go to the cell phone today. It’s because the cell phone is the computing device. We were talking about this before, mobile computing.

Why is mobile computing so big? It’s because it is the computer for a lot of people. If you go to a Third World place, like Brazil, most people can’t afford a computer but they have a smartphone. It may be a low-end smartphone but it’s a smartphone. More and more in the US, regardless of your income level, you have a smartphone. That is your gateway to the Internet, that is your computing device. You do everything on that computing device which enables more interaction with the world around us, that whole smart cities thing.

Now, in a chemical plant, you can be using something like Wireless Heart, which is a fairly secure industrial grade ad hoc networking system protocol and systems that are used for it. It works great, but your cell phone doesn’t talk that language.

In the smart city, you need to have the devices talking to smartphones. So that means you’re going to use Bluetooth Low Energy (BLE). That means you’re going to have NFC (Near Field Communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 4cm or less to initiate a connection. NFC allows you to share small payloads of data between an NFC tag and a smartphone). That means you have something visual like a QR code. All of that feeds back into your cell phone. So that’s why we’re seeing some of this bifurcation. Industry has slightly different protocols that they use that are not cell phone friendly. That is starting to change too because of the value of smartphones in the work environment, even in the manufacturing environment, and the costs associated with something like a Wireless Heart versus a BLE. Wireless Heart is more expensive usually, by a lot. BLE, providing the same functionality, not necessarily the same ruggedness that you might get from a Wireless Heart device, but will last almost as long and overall cost of ownerships going to be less because they’re a lot cheaper. It’s three or four to one last time I checked. It’s cheaper to use the BLE, making it friendly to your repairman, your workers, particularly if it’s a remote location. I don’t need to bring something special, just my cell phone.

I can talk with NFC, QR code, Bluetooth to all the devices in the remote facility and I just need my cell phone. We’re definitely seeing a move towards those types of commercial products with clear winners. It’s whoever can talk to the cell phone. I’m starting to see that on the industrial side as well where it’s traditionally been more customized or targeted protocols and devices for the industrial setting. We are still always going to have those. But that is definitely changing particularly from a wireless perspective.

SCADA devices are really an interesting mix. A lot of SCADA devices out there are 30, 40, 50 years old. Most SCADA is in industrial plants – chemical plants as well as power plants and water maintenance. If you’ve got SCADA devices working, generally the approach is they work. Let them be. Don’t screw up what works. Just maintain it, manage it. With IoT we put all these things on the Internet. Those data devices were not designed for the Internet and a lot of them are being put on the Internet through a Windows XP box.

Hopefully that’s starting to change as people have realized cybersecurity is important. But now you have all these legacy systems that need to be secured. How do you secure those? There are products on the market and ways to do that. But it costs money.

TB: IoT means you secure your data because everything’s going to be talking. Everything’s going to have a voice and you never know when there will be some information that provides a tip to someone or provides a competitive advantage out there that you didn’t mean to be in the unsecured domain. Even intellectual property I suppose for manufacturing processes.

DE: Yep. That’s a great summary.

TB: It’s a great wrap right there. Daniel, thank you so much for taking time to talk with us.