IoT security breaches are expected to reach an all-time high. It’s important to differentiate between indirect attacks, using IoT devices to conduct cyberattacks against another target, and direct attacks, where the end goal is to compromise and access the IoT device itself. With direct attacks, the goal is access to the IoT device – and by extension the sensors, machines, and environment that the device is connected to. As such, this type has the potential to be even more disruptive and destructive. Criminals, terrorists, and malicious foreign governments may use connected devices to cause havoc or harm. Seven principles can serve as guideposts to enable stronger IoT security.
It is necessary to differentiate between indirect attacks and direct attacks on IoT devices. In indirect attacks, the goal of compromising IoT devices is to use them to conduct cyberattacks against other external targets. In direct attacks, the goal is to conduct some sort of ‘local malfeasance’ right there at the device itself. The IoT security asserts that manufacturers and deployers of IoT devices and systems, especially potential targets for direct attacks, have a moral obligation to vigorously and comprehensively address security. The following seven principles can serve as guideposts to enable stronger IoT security.
Here we focus on blockchain, Identity Management, and Corporate Social Responsibility, a timeless subject that has taken on added meaning. Identity management technology exists that can obviate the need for passwords or storing personal information in servers all over the place. There has also been a movement to try and give individuals a single, universal digital identity. With regulations on the wane (for now) as an inhibitor of bad behavior, it is heartening to see business leaders stepping up to the plate to try and create cultures and actions of corporate responsibility.
A lot has been written specifically about the potential use of blockchain technologies in fresh food supply chains. The vision is that industry-wide blockchains can provide stronger assurance of origin and chain-of-custody, faster and more precise recalls, fresher produce and meat, reduce waste and spoilage, and fewer contamination incidents. A strong case can be made that the greatest value potential is in improving freshness and safety. How blockchain can help establish provenance and recall capabilities, in particular by providing traceability? To understand the role of blockchain in providing traceability, and hence provenance and recall, we examine four ways to achieve traceability.
Recording the various transactions, HACCP steps, and temperature readings onto a blockchain can add trust and additional capabilities to the system. The data about orders, prices, transactions, shipments, and so forth needs to be kept private to the parties involved. Consensus may be met with just a small number of checks being made to validate the data being written on the blockchain. Here we describe specific capabilities blockchain brings to a produce supply chain, such as tamper-resistance, automation/smart contracts, settlement, and record of soft claims, auditability, and enabling uber-like spot markets. We also touch on why a permissioned blockchain is needed.
The most valuable improvements for the produce supply chain come from increasing freshness and safety. Growers and retailers are always looking to reduce waste and spoilage in the supply chain and provide produce that has a longer post-purchase shelf life, with superior freshness. Improving freshness and reducing spoilage requires a number of additional data elements and capabilities, beyond those needed for traceability for provenance and recall. Companies can implement their own policies in a smart contract or off-chain. All data such as test results, events, etc. can also be stored in a blockchain if stronger proof of non-tampering is required.
A blockchain may contain smart contracts that trigger and execute at key handoffs and decision points for each pallet or case of produce flowing throughout the end-to-end supply chain from farm to consumer. These can be used to automate key transactions and decisions. Until we see further technology breakthroughs, the cost of executing smart contracts makes them prohibitively expensive for providing 100% of the automation required in a produce supply chain. Here we discuss the division of labor between on-chain contracts and off-chain backend automation systems.
Blockchain technology alone cannot provide freshness, safety, provenance, and recall capabilities. That requires data and capabilities from outside the blockchain. It seems that the best emerging approach will be a hybrid consisting of 1) a centralized networked SaaS platform providing economical scalability and deep algorithmic and process capabilities, combined with 2) blockchain and smart contracts for transparency and validation. Blockchains are attractive because of their ability to create a shared, trusted single-version-of-the-truth between trading partners. However, a networked SaaS platform can provide a shared, trusted single-version-of-the-truth at a much lower cost.
In the ‘outcome economy,’ people don’t buy things. They buy outcomes. They buy the end results they are looking for. When a manufacturer sells a product-as-a-service, it is a sizeable step towards an outcome-based business model. So, what about enterprise software. Why do most enterprises still keep paying for the ‘thing’ (i.e. the software) rather than the outcome that they desire? Or to flip the question around, are there any enterprise solution providers offering outcome-based payment models? Do any enterprise software companies actually sell results rather than software?