The concept of security by obscurity is completely outdated in today’s world
Published on : Saturday 20-08-2022
Sudhanshu Mittal, Head – CoE Gurugram& Director – Technical Solutions, NASSCOM Centre of Excellence – IoT& AI.
Seamless connectivity seems to be a topic arousing much interest. Why would production entities need to have autonomous communication?
While there is Industry 4.0 adoption by the user industry, there is always concern due to vendor lock-in. Users prefer open protocol, as long as proper support is available for the products. For the product developers, however, there is a different story. They make investments to build up the market and they want to have their lock-in. However this same lock-in mitigates against new entrants as it acts as an entry barrier for them and acts against future innovation.
Is the need for real time communication also experienced over the enterprise boundaries? For example, with the vendor subsystems, with delivery subsystems? How about across multiple plants?
There is a need for real time communication across enterprise boundaries. For example, OEMs want to look at the production data of their suppliers, to properly understand how much they can rely on being supplied in a timely manner, what kind of rejection rate is there, etc. In the similar manner the real-time information on deliveries is very important to allow them to plan the assembly lines. Similar kind of requirement is there for data across multiple plants, when one plant is supplying a component to be used by another plant and where the visibility into actual production is required for the receiving plant to keep low inventory.
Historically major vendors have developed their own communication interfaces and protocols. Each such protocol was embraced by their partners. Equally, since ages there has been a call out for open protocols from the side of major buyers. What actually defines an open protocol? When can a system be said to support an open protocol?
In my view an open protocol is defined as when anybody can develop the products using that protocol and after going through a standard certification process, those can be seamlessly used by user enterprises. Ideally there should be no patents in the protocol, however if there is need for incorporation of a feature which is necessary and covered under a patent, the decision to include that feature would be taken by a team which does not benefit from that patent. Such an open protocol would be published by an association which would consist of various product development enterprises as well as user enterprises as its members. User enterprises are necessary, else product entities would tend to push as many of their patents in the standard as possible, and that is something which needs to be guarded against.
Does use of Open communication compromise on cyber security aspects?
The concept of security by obscurity is completely outdated in today’s world. Open protocol doesn’t compromise on the security, on the contrary the openness of the protocol and its constant review by a large community provides it the robustness to stand against the cyber hacks.
(The views expressed in interviews are personal, not necessarily of the organisations represented)
As Head – CoE Gurugram& Director – Technical Solutions with NASSCOM Centre of Excellence – IoT& AI, Sudhanshu Mittal leads the overall operations of GurugramCoE and is also responsible for driving the solutioning of the problem statements brought by CoE partners. Vertical focus includes Automotive and Standard verticals for CoE-IoT.
The key responsibilities include: a) Driving the solutioning of the problem statements brought on by CoE partners; b) Driving the Automotive and Connected Vehicle activities for CoE; c) Driving standard body participation from CoE-IoT for Open Connectivity Foundation (OCF) and Industrial Internet Consortium (IIC); d) Driving academic research engagement activities; and e) Niche partner engagement like Indian Army, Railways, PSUs, etc. The views expressed are personal.