Maintenance Mindset: Even your wrench is vulnerable to cyberattacks
Welcome to Maintenance Mindset, our editors’ takes on things going on in the worlds of manufacturing and asset management that deserve some extra attention. This will appear regularly in the Member’s Only section of the site.
Defining the scope of asset management
Boosting signal this week on a significant achievement by the Global Forum on Maintenance and Asset Management (GFMAM). On June 3, the group released V3.0 of the GFMAM Asset Management Landscape, a comprehensive view of asset management from a truly international perspective.
To quote from an excellent summary of this achievement by Sandy Dunn of Assetivity, the Asset Management Landscape "is a document that attempts to define the scope of Asset Management. It is a high-level document that outlines the key activities that are considered to be within the scope of Asset Management and arranges these into 'subjects' and groupings of subjects to aid understanding."
More than 250 people from across the 15 GFMAM member organizations have been involved in this project, including SMRP (USA), PEMAC (Canada), and IAM (UK). These groups have come together to develop a higher-level framework that represents a consolidated view of Asset Management from which to develop ongoing maturity.
The international nature of this effort is also designed to enable plant teams anywhere on the globe to compare their own asset management program with different asset management models, and to assist member organizations to refine and improve these models within the context of the landscape.
V3.0 of the GFMAM Asset Management Landscape currently is available in English, French, Portuguese, Japanese, and Mandarin, with Arabic and Spanish language versions to follow soon. This version also was timed to coincide with the release of the new version of the ISO 55001 Asset Management System Standard, due to be released later this summer.
– Thomas Wilk
AI washing – No, it won’t do your laundry, yet
Artificial intelligence (AI). Ugh, I know, another article about AI’s influence. I may be guilty, myself, of buying into the hype sometimes, especially since generative AI hit mainstream, but I try to be wary of the buzzwords in my coverage and seek out real-life, actual in production, end user case studies. For manufacturing, they are few and far between, and mostly pilot projects that aren’t ready for primetime yet.
It is an important technology. It will change business and our lives dramatically, but there’s growing concern about disingenuous claims of AI, all the more complicated by the inexplicable nature of how algorithms actually work.
Although we didn’t use this term at the time, I recently talked about AI washing in industry with system integrator Andritz for our sister pub Control Design.
“Not every technology is AI. We have to be very careful,” says Dr. Sohail Nazari, global vice president and head of automation and digitalization for Andritz. “Everything is artificial intelligence, if you think about it, because basically data analytics, some now call it machine learning.” All the different analysis that we do from mean and average data, we now call machine learning, he adds.
Modern machine learning algorithms have been in development for the past 30 years. “It’s just we couldn’t use them because we didn’t have the computation power, so taking advantage of this computation power is the merging that is happening now. It’s not the algorithms that are new,” Nazari says.
Hopefully, we’re already wary of AI coverage and AI marketing, but the Securities and Exchange Commission is watching too, signaling government’s watch over business and its AI promises. SEC has been defining “AI washing” and warning against it for some time, and in March, it settled charges that it filed against two investment advisor companies for making false and misleading statements about their use of artificial intelligence to the tune of $400,000 in penalties between the two companies.
“As more and more investors consider using AI tools in making their investment decisions or deciding to invest in companies claiming to harness its transformational power, we are committed to protecting them against those engaged in ‘AI washing,’” said Gurbir S. Grewal, director of the SEC’s Division of Enforcement. “As today’s enforcement actions make clear to the investment industry – if you claim to use AI in your investment processes, you need to ensure that your representations are not false or misleading. And public issuers making claims about their AI adoption must also remain vigilant about similar misstatements that may be material to individuals’ investing decisions.”
In April, at a compliance and enforcement conference regarding the challenges and potential missteps associated with the increased use of artificial intelligence, the SEC director again warned against AI washing, and SEC defined it more broadly, “where companies make unfounded claims regarding, among other things, their AI use and capabilities and the impacts of AI on their business.”
The SEC is obviously focused on investment fraud, but AI washing is showing up elsewhere. BBC recently ran a story about possible AI washing at Amazon Fresh and Amazon Go shops, where customers grab items and leave, while sensors do the work to automatically bill them. (Allegedly, in some cases human workers were double checking automated work.)
Forbes also recently outlines some of marketers’ tricks and attempts at AI washing (which I see more and more in press releases all the time):
- Companies overstate capabilities or imply that their AI models and algorithms are better than they actually are.
- Be wary of the term ‘intelligent’ or implications of the use of algorithms, when in reality, the software isn’t capable of learning and making decisions.
- Very vague definitions can make it unclear which elements are ‘intelligent’ and which rely on traditional software methodologies or human input.
- Companies might downplay the amount of human input involved by user or service provider.
It also cited an instance of AI washing with Coca-Cola’s Y3000 soda, which was touted as “co-created with AI” but provided no real explanation of how AI was involved in the process. A little bit of AI name dropping.
All of that is to say: be wary, even as we know AI will change everything, we’re not there, so don’t get washed yet.
– Anna Townshend
Even your wrench is vulnerable to cyberattacks
What comes to mind when I mention cyberattacks in the manufacturing sector? Do you imagine a well-intentioned employe who downloaded a seemingly official document in a phishing email, giving hackers access to company information? Do you envision large-scale system shutdowns and halted production lines? Do you think about boardrooms full of executives weighing the pros and cons of paying ransom money?
I can tell you one thing for certain. You probably aren’t thinking about a pneumatic torque wrench. In this day and age of heightened security and risk, everything can be a hazard, even the seemingly innocuous tools you use every day.
A few months ago, Nozomi Networks Labs warned the industry about vulnerabilities it discovered in the Bosch Rexroth NXA015S-36V-B pneumatic torque wrench or nutrunner. Nozomi Networks claims that it’s possible for bad actors to implant ransomware on the tool or hijack the tightening programs. This could lead to production line stoppages, potential financial loss, and tampering with products, causing them to be unsafe.
According to a recent post by Nozomi Networks, “In critical applications, the final torque levels applied to mechanical fastenings are calculated and engineered to ensure that the overall design and operational performance of the device is met. As an example, bolts, nuts and fixtures used in electrical switchboards must be torqued appropriately to ensure that connections between current carrying components, such as high voltage busbars, maintain a low resistance. A loose connection would result in higher operating temperatures and could, over time, cause a fire.”
During its testing, Nozomi Networks was able to hack into the device and create a host of issues, including disabling the trigger button, having the graphical user interface (GUI) display a unique message, and preventing operation of the tool. Additionally, Nozomi Networks was able to gain access to the nutrunner’s tightening programs and alter the preset configurations, all while the GUI showed normal values to the operator.
The vulnerabilities were brought to Bosch Rexroth’s attention, and the company committed to patching the operating system.
The purpose of this post isn’t to condemn Bosch Rexroth or cause mass panic, but to shine a light on the small vulnerabilities throughout our facilities that can lead to large problems. Anything that connects to the network can be hacked and compromised. That is just an unfortunate fact that we all have to live with.
– Alexis Gajewski