The Internet of Things or IoT is being hailed as the next big thing changing our world: our daily lives, the way we shop and consume information, and, finally, manufacturing.
Increasingly however, issues with data security, privacy, and hacking of connected systems, are making it clear that the rollout of a globally interconnected Internet of Things is anything but assured.
Cyber criminals are increasingly focusing on connected devices, hacking anything from Wi-Fi routers to coffee machines. If it is connected to the Internet in any way, it can be hacked. Cloud computing does not offer any consolation: blackouts at cloud service providers due to, say, DDoS attacks, affect millions of customers, supply chains, and production lines. Even edge computing, hailed as the antidote to cloud troubles, does not offer a convincing solution.
Read also: The Future of the Internet of Things
The Problem is Asian Manufacturing
From the perspective of manufacturing, there are a few obvious, and some less obvious reasons, why the deployment of IoT may be delayed, or perhaps never happen at all. That is because the vast majority of devices – an estimated 90% or more – are manufactured in Asia, namely in the mega hubs of Shenzhen and Kunshan, and of course in Taiwan. Yet both China and Taiwan are not prepared to offer the cyber security needed to make IoT a success.
Taiwan is suffering from a massive shortage of talent in cyber security, data science, and engineering in general. Falling birth rates and low wages are to blame: many talented young people try their fortunes abroad, where opportunities abound and pay is better. (Just to give you an idea: data scientists earn about 1/10 of American salaries in Taiwan, security specialists even less. And then there is quality of live and overall career prospects.)
Secondly, companies in Taiwan have a tradition of churning out products efficiently and competitively priced, focussing on “cost-down” strategies rather than innovation. That leaves little room for expensive testing or the consultation of experts who could make sure products are really hacker-safe.
After all they get paid to make products primarily. Increasingly they also feel that whether those products can be hacked or not is something out of their control. “It doesn’t matter how safe you build it, hackers will always find a way,” an engineer from one of Taiwan’s leading electronics manufacturers told me.
He may be right, but undoubtedly there is also a culture of laissez-faire, a lack of organizational excellence and oversight that prevents majorly flawed products hitting the shelves.
A few years ago, one of the largest and most successful electronics manufacturers delivered millions of routers with the password “password” hardcoded to US consumers and was promptly fined by the FCC.
Finally, Taiwan has a cultural tradition of engineers leaving jobs around age 40 to start their own business. Thousands of startups making IoT devices are thus underfunded and understaffed; all the money goes to product development, none to marketing or making sure the product meets international standards of safety and cyber security.
So, both large incumbent manufacturers and startups lack the means, the willingness, or even the awareness of the product flaws that endanger the development of the Internet of Things.
Taiwanese companies manufacture in China, and China itself is increasingly creating companies that make products for the Internet of Things. Just like in Taiwan, there are excellent and talented engineers at work, inventive and dedicated to their job – yet they do not have the right safety mindset, lack access to international norms and standards, or cyber security training.
Apart from all the problems it shares with manufacturers in Taiwan (including talent shortage, bad organizational oversight, lack of responsibility for plant managers, insufficient testing etc.) China has a trust problem.
Party officials oversee every major company; products are supposedly engineered to send back data without the knowledge of users; intellectual property protection is weak. China has nothing in the way of data protection laws or penalties for products and services that fail to adhere to such regulations; fake products fill the markets and shelves, and when something goes wrong, managers and company owners simply disappear due to lack of legal protection.
Korea and Japan
Korea and Japan may be someone better in terms of guaranteeing safe products for the IoT due to better organizational structures and more rigid SOPs, but many of their companies are manufacturing in China anyway and are thus exposed to the same risks. Even there, manufacturers hardly suffer the consequences of providing consumers with unsafe products – the legal systems and judicial process are simply not prepared for that.
Even those who don’t outsource to China are far behind in terms of digitalization. Only about 5% have a Chief Data Officer; over 40% of CEOs have never even heard the term CDO.
Compared to Europe’s and America’s leading corporations, Asian enterprises are about a decade behind in creating intelligent digital processes, deploy machine learning and artificial intelligence, data science and predictive analytics, and all the other necessary tools to detect fraud, negligence, and deficient products, predict security issues, and improve product safety and quality.
All in all, Asian manufacturers are not in position to deliver safe products for the IoT.
IIoT is the Exception
There are exceptions, in particular companies producing for the Industrial Internet of Things. These companies cannot afford to ignore cybersecurity issues because potential losses from data breaches or cyber attacks are monumental. A single factory hacked could lead to bankruptcy, the affects could trickle down the supply chain and affect hundreds of suppliers and customers.
Yet the Industrial Internet of Things is not immune to hacking, mostly because the products are usually installed, connected, and maintained by service providers or “integrator” which suffer from the same organizational problems of inadequate SOPs, lack of oversight and accountability.
What’s more, Asian manufacturers have a tradition of skimping on maintenance contracts and try to do upgrades, repairs, and modifications to existing installations in-house by engineers who often lack awareness of cybersecurity and data privacy issues. They may know how to install an extra sensor or modify parameters on an existing machine, but they usually don’t see the big picture. A major hacking accident at local manufacturer is only waiting to happen. The smaller incidents – and there are over 1000 each year, according to industry sources – are usually hushed up.
Trade Wars, Industry 4.0 and Lawyers
I have outlined the major effects of the technologies surrounding Industry 4.0 in this article: The True Meaning of Industry 4.0 for Manufacturers
From a security perspective, the lack of awareness, talent, and trust outlined in this article means that many brands who buy products manufactured in Asia will sooner or later opt for repatriation of their operations. As penalties for delivering unsafe products or violating data protection laws get stiffer in Europe and America, the risks involved with buying from Asian companies will only increase.
There is of course political will behind that too. Made in America, Made in Germany – everyone from electronics to car parts and shoe manufacturers – are trying to bring back manufacturing to their own countries and their own jurisdictions.
Thanks to automation, robotics, 3D printing etc. that is now possible. Labor cost is no longer a major factor. Supply chain issues will resolve themselves over time.
Why risk security issues, copycats, insufficient IPR protection, allegations of child labor or horrid working conditions in Asia, when you can bring everything back to almost completely automated high-tech plants fully under the brands control; with no cultural or language barriers. Why did Tesla build the Gigafactory in America, and why is Adidas building robotic sneaker factories back in Germany? Why is Foxconn starting manufacturing in Wisconsin? (hint: it’s not just the perks and tax cuts)
Because as of now, outsourcing to Asia is no longer advantageous in the long term. Companies do it mainly because old supply chains are still too rigid, and talent pools in certain locations too shallow. Automation, ad-hoc manufacturing, robotic processes etc. will overcome these hurdles.
The risks involved with creating defective IoT products, the threat of law suits or protests by customer over work practices of environmental protection issues, far outweigh the advantages Taiwan and China have in terms of lower labor costs. So don’t be surprised if Apple starts building its own Gigafactory in America soon.
The end of the trend is in sight. Sophisticated manufacturing, smart manufacturing, robots and additive manufacturing – and whatever comes next – mean that brands no longer have to take the risk of having a third-party in control of the quality and safety of their products.
For only if everyone is on board with the same level of safety and cybersecurity concerns, the same SOPs and preventative measures, can we rollout a globally interconnected Internet of Things. Otherwise there will be war.