Skip to content

BLOG

Implementing AI Securely in IoT: A Keynote Presentation by Ben Wald

Ben Wald, founder of Very, presented an overview of artificial intelligence (AI), its impact, and how to implement it securely during his keynote address at IoT Slam ’21. Read the summary and watch his presentation to learn how AI is affecting numerous industries, plus best practices when implementing AI within your own organization.

AI has unlocked incredible potential to analyze, interpret, and act on the increasingly vast amounts of data generated by IoT products. With the swift rise of AI adoption in corporate and government settings, IoT security and privacy are top concerns. Implementation and upkeep are also common sources of questions regarding AI.

In his keynote presentation given at IoT Slam ’21, Very Founder Ben Wald defines AI, expounds on its current and potential impact, and walks through smart approaches to secure AI implementation.

AI 101: What Is Artificial Intelligence?

There are common misconceptions surrounding AI. It’s not automation, algorithms, models, software, or singularity. AI is the simulation of human intelligence by machines.

Today’s commercial AI is capable of completing “hard” tasks – computationally intensive exercises such as high-level math – but has difficulty with micromotor skills and abstract thinking. The strengths of human intelligence are weaknesses of AI, forming a complementary skill set in what’s known as Moravec’s paradox.

“AI is not robotics. It can be robots, but it is not just robots.” – What Artificial Intelligence Is Not, Kate Klonick

The 4 Types of AI

People have developed AIs which create trending internet articles, post convincing comments on Reddit, write award-winning poetry, create artistic images, and much more. 

To better understand the limitations of individual applications of AI, they are categorized in four types (or stages):

  1. Reactive Machines or Artificial Neuro Intelligence (ANI)
    ANI doesn’t have memory, meaning it can’t use past experiences to form future decisions. This AI excels at assessing a current state and running a simulation of all possible outcomes. IBM’s Deep Blue computer, which beat a world-class chess champion in 1997, is an example of ANI.
  2. Limited Memory or Artificial General Intelligence (AGI)
    Known as Type II, AGI can make informed decisions by combining current data with past experiences. Self-driving AI, a form of AGI, observes other cars, tracking their behavior and processing other environmental data over time.
  3. Theory of Mind
    This AI, known as Type III, marks the beginning of superintelligence. The AI observes the world and develops its own thoughts that influence behavior. There aren’t many commercial or practical applications utilizing theory of mind AI – yet.
  4. Self-Aware
    This is the far-off combination of awareness and permission for agency, forming consciousness.

Benefits and Risks in AI

AI is a big deal. It has the potential to incrementally add 16 percent to the global economic output by 2030, according to the Wall Street Journal. And the global pandemic only further served to skyrocket AI adoption by corporations and government organizations.

However, AI isn’t always ethically implemented. Bad actors use AI to hack businesses, causing virtual (and even physical) damage, or stealing data. 

In the industrial and manufacturing realm, there are three primary cybersecurity risks:

  1. Malicious attacks, which serve to create damage and destruction. Decryption tools based on AI and machine learning (ML) are used in these types of attacks.
  2. Cyber espionage, or ransomware attacks, where files are extracted and held until payment is made for an encryption key. AI-based social engineering is a common tool used in cyber espionage.
  3. Data siphoning, an embedded package going underneath the radar of a system to pull sensitive information. Sophisticated and dangerous programs are now in use, which sit dormant while they observe, and then begin to pull data (unnoticed) in a way that fits expected usage patterns. ML models are used to stay under the radar during this type of attack.

And these risks aren’t going away anytime soon. Cybersecurity is going to be a top concern for the indefinite future.  

Secure AI Implementation in IoT – the Very Approach

At Very, we keep IoT security top-of-mind when building systems. One of the many aspects we consider is proper device authentication – because hackers can gain access to a network by impersonating a valid device or through physical access to a device. Firmware is another critical component of IoT hardware and a common target for hackers, so secure orchestration of over-the-air (OTA) updates is key.

A truly secure system also requires informed users. Protocols should be in place for the high-risk application layers people interact with, and users at all levels should be involved and educated.

Ben emphasizes, “There is a large security risk when you are forcing team members that are not familiar with AI to handle critical parts of implementing AI or that AI chain of custody.”

A lot of the security considerations above apply to IoT in general, but AI makes dealing with them more difficult. Why? AI is data-hungry and requires a strong internet connection into operational technology (OT) data. Additionally, AI models get trained in the cloud, which means your data needs to go to the cloud. This necessitates a whole new level of security audits to make best efforts to not get hacked. And lastly, AI is likely going to require edge processing horsepower. That same edge processing horsepower can effectuate a larger or more complex payload of malware.

Turn to the Right Tools

There are tools available to take the guesswork out of your AI-powered IoT firmware updates. When implemented correctly, these tools allow for a modular approach to the company’s software systems. This empowers data scientists, allowing for horizontal scaling, increased observability, and faster feedback loops.

We lean on the tool Peridio, an OTA firmware and software delivery service with a focus on delivering AI models at the edge. Peridio adheres to what we consider industry-standard, non-negotiable best practices, including:

  • Scalable connectivity with AWS IoT/MQTT transports
  • End-to-end encryption
  • Signed and checksummed firmware
  • TLS connections for software / provisioning delivery
  • On-demand target software encryption
  • ACL-scoped APIs for support / limited operator access
  • Integratable into existing systems and workflows
  • Root trust leveraging ARM TrustZone / Trusted Platform Module / Trusted Execution Environments

Final Considerations

Ben concludes his presentation with some important reminders of the value of AI, the importance of conditioned data, the value brought to the table by true data scientists – as opposed to data engineers, and the importance of upskilling or reskilling employees whose roles will be impacted by AI.

“You can upskill folks on the manufacturing floor, people that are fixing machines and in other positions. There’s a big opportunity to upskill them and train them on how to use an AI system and they become a lot more valuable to the organization in that process.”

Implementing AI securely in IoT requires unique experience that your in-house team may not have. Reach out to our team of IoT experts today to start a conversation about how your plant can be brought online securely.