Managing Industrial IoT Edge Devices

If you ask end users about factors that impede the Industrial IoT the #1 factor is usually cybersecurity and the second is manageability. Drill down on what they mean by “manageability” and this expands to “remote device management” or “remote system management”. And without saying so they also mean “management at scale”.

This is not an issue in the consumer IoT (in theory, at least) because a consumer has a relatively small number of things to manage, and many of the consumer’s things have a short lifespan (a mobile handset for example). As a result, the embedded software one finds in a typical CE device is an older Linux system (complete with a large set of unpatched vulnerabilities). This is why baby monitors now participate in botnets and DDOS attacks. That’s not a good thing, but remember it’s in the consumer world, not industrial. So, no worries.

In the industrial IoT the embedded software is more likely an RTOS than Linux or a “rich” OS, and the devices are connectable via one or more industrial protocols as well as IP. How about their remote software update capability? Usually it’s zero or quite minimal. That used to be counted as a feature, not a bug (who needs one more critical attack surface?). But I believe it is no longer a benefit. Let me explain why.

Device Embedded Software Stack

Device Deployment Software is Most Critical

Earlier I wrote here about how IIoT needs zero-touch deployment. But after the initial deployment, the end user needs a deployment, monitoring, and management toolset that enables any part of the device’s embedded software to be securely updated on demand. This is a different way to think about device management than is common today in industry. It means that the tools you use to deploy your embedded software onto the device are located at “the bottom of the stack” (see figure). They are the most fundamental part of the device’s software. The OS may also talk to the bare metal of the device, but management of the OS over the device life-cycle is performed by a local deployment agent and directed from a central point.

It’s an interesting thought experiment to list the kinds of devices that follow this model today. It seems to me that they are all in the IT domain. Is that correct? I’d love to know some industrial examples. In fact, I’d like to show them off at the next ARC Orlando Forum. Your ideas for candidate devices are most welcome.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *