Episode 5 “Emerging Technologies in AEC”
Featuring Paul Vandenberk
Kirsten
Hello. I'm Kirsten Nielsen. In this episode of expanding the possible, we're talking about emerging technologies. Our guest today is Paul Vandenberk. Paul is a project manager in HH Angus’ digital services team, and he's responsible for managing IoT and cloud-based projects. Paul's experience as a mechanical engineer and project manager covers a variety of industries, including oil and gas, defense, and automation, and this provides him with a unique perspective on clients’ needs and also a diverse skillset. Welcome Paul.
Paul
Thanks for having me.
Kirsten
Paul, the growth in technology these days is exponential. Let's talk about one that seems to be absolutely everywhere right now in the public consciousness, and that's artificial intelligence. AI is now writing essays. It's impersonating real actors, and it's composing music. Someday it's going to be doing interviews. How has machine learning advanced and where do we go from here with digital services within the consulting engineering sector?
Paul
Well, in terms of advancing, you hit the nail on the head - it's everywhere nowadays, right? AI back in the day used to be something that, unless you had a very big hedge fund and a very big server room, you couldn't really do on your own. But now, if I wanted to go have an AI make an artistic portrait of myself, I can go onto a website and easily do it in under 5 minutes, so it's become a lot more commonplace nowadays, so it's a lot more powerful, not as much capital investment required upfront for your everyday user.
The other thing is it's actually become almost like a marketing term too. And this kind of leads us to some of the talks that we've had - is AI real or is AI vaporware? And I'm sure for some companies one is true and for others the other is true, depending on where you look. I remember back in the day where AI vision-based systems was the pinnacle of automation, right? That was the most sophisticated program and most automation companies would try to avoid it because of the complexity. Now that's old school, that's 1 + 1 now. Now we're doing, like you said, facial recognition and driverless cars, using AI to predict diseases or to recognize diseases. Heck, we even use it in gaming. We have it in our Google Home’s our Amazon Alexa’s, right? So, the future of it is the complexity of tasks that we can now provide it and, with stuff like ChatGPT, students using it to do their homework for them, or if we truly get to AI, if you remember the movie “I, Robot” now do we need to start coming up with laws and rights for AI's. Where does that stand? What's the ethical boundary for artificial intelligence?
Kirsten
And how are you seeing its application in the engineering sector?
Paul
In the engineering sector, I mainly see it still be used for high level and very quick data analysis, providing insights to our customers or potentially any company by ingesting huge amounts of data from either, in our case building control systems and environmental conditions. And being able to provide a recommended operational parameter to follow. Not a lot of people like to just give the AI full control and autonomously change the environment, but that's where we see a lot of it right now in our industry from what I've seen. Where it goes from there, I mean, I think the natural progression is to allow the AI autonomous control of the site. I don't know if we'll ever hit there, well, I shouldn't say ‘if we'll ever hit there’, I'm sure we said that 10 years ago about AI as it is, but I don't know what the catalyst is going to be to provide that change because there's a severe distrust right now. Especially with topics like cyber security coming up and being more prevalent in hacking incidences and stuff like that.
Kirsten
You were just talking about these great volumes of data and that is something that drives a lot of modern business and that's getting more so as we've seen. You've talked about using the terms ‘volume plus velocity plus variety’. What does that look like in action?
Paul
It’s essentially our IoT world, right? So, the volume, just as we imagine, describes the amount of data coming in. The velocity is how often everyone always wants real time data, (whether they really need it or not is a different story). But it's always like ‘as fast as you can get it’, like our Amazon prime packages; and the variety is, the problem is we have so many different sources of data that can come in and it can come in in different forms or different formats or even different sources, that it's almost become a task on its own, and we even have jobs whose sole position is to just manage the combination of those 3 factors, to provide a clean set of data. It used to be transforming and cleaning up your data was a small task. Now we have various tools that we can use to clean it up. Those tools existed before, but now it's much more required. And that's I think where AI also comes in, in that it helps handle a lot of those three factors together.
Kirsten
With so many things being ‘on demand’ now, including access to data, where do you think cloud technology is heading? Your team, for example, has incorporated Amazon Web Services into the company's offerings.
Paul
Cloud allows the entire business model behind cloud, especially AWS - the ‘pay for what you need, when you need it as you need it’. I remember the course that I took for my first certification with AWS. The gentleman who taught the course, he used to be the one spec’ing all the server hardware and ordering it all. And he's like, “it would take months and months to spin up a new server” and he’s like, now with cloud, you can have it done in a minute if you'd like. At its base form, I'm sure there's more complexity with it, but the whole premise of cloud and the benefit that keeps getting touted is the fact that you don't have to maintain it. You don't have to watch over it, that's someone else's job, it's not your responsibility for that. But it's on demand. It's, I don't want to pay for 10 gigabytes of storage and only use one. I only want to pay for one, and if I need two, I want it to automatically size up when I need it as I need it, so it really fits with that on demand nature that we talked about.
Kirsten
Within the on demand space too, there's several categories. For example, infrastructure as a service and software as a service and platform as a service. Is there one of those that you recommend or is it basically on a custom basis?
Paul
I mean, you look at all the on-demand services now … Netflix, Amazon Prime. That's the stuff that your everyday person looks at, it's all SaaS. Because infrastructure as a service or a platform as a service, they all require you to have some knowledge of how to take it from there to an actual software application. Whereas you pay a company for a SaaS product, it's done. It's developed, it's ready to go. They maintain the architecture, the network, everything. All you do is give them X amount of dollars per month. And if it goes down, you get to yell at someone.
And so it just goes back to, ‘I want what I want, I need it when I want it’ and so SaaS is really the one that gets you there. The funny thing is, and we're seeing it now, you know from a non-technical perspective you look at when Netflix started up, when it was a subscription service, not like the DVD mailing that it used to be, Netflix was the only game in town and they had no competition. Their pricing was great and now everyone with any media content is starting up their own. You've got Prime, you've got Disney Plus. Marvel used to be on Netflix, now they're fighting over that. Disney got that, and even Paramount now has their own. So, it's funny that we moved away to a SaaS model to get more efficient costing when we need it as we need it. But now everyone's doing it, my family has three subscriptions. And so, I'm almost rivaling my cable bill, that it originally was. So yeah, it's interesting to see now the competition there.
Kirsten
That kind of leads into my next question about, you know, we're all more and more connected to the Internet with our technology and this is both on a household basis and on a business basis too. How does your team use IoT technology to benefit our clients?
Paul
The big thing that we tout, advocate for, and I think the big advantage that we provide our clients is the ability to tear down vertical silos. So again, going back to the SaaS platform, you know you buy a sensor from company A. Their sensors will communicate with only their cloud and you have to go through their dashboard to do it. And as an example, one of our customers, in order to get an idea as to how their building was doing, had to log into nine different portals, extract all the data into Excel because none of the portals would talk to each other natively. And he did his own Excel work with the data from it. So they did have IoT, they did have smart technology within the building, but because they built all vertical silos for each of those companies, it actually didn't really provide the insight that they were hoping for. So what we tout and what I believe our advantage is with the IoT is that, we provide the IoT data - we're not special in that sense, there's a billion companies out there that have temperature sensors , that have CO2 sensors - but what we're able to provide is that we're vendor agnostic. We don't care where the data comes from, how it's sourced; actually to go back to the three terms, what volume, what variety or what velocity it comes in at. We ingest it all, we normalize it all and it comes into one stop shop. And however you want to look at it is how you want to look at. We can set it up that way. But we don't focus on creating a silo for them. If they don't want to stay with us, no problem, it’s their choice. So, giving the customer that freedom.
Kirsten
How much of your role, I'm curious, is in educating the customer?
Paul
One of the instances that comes up a lot is, again, from a cyber security perspective; the idea of when you try and install, let's say a temperature sensor or, I don't know, a smart microphone on a network, it's viewed as it's an uncontrolled device and it's a security threat; rather than trying to understand the device or create a network architecture like setting up its own VLAN or subnet or wherever you want to look at it, which would secure it, or even making a VPN connection to it, thereby resulting in a secure connection. What the answer is well, ‘it just can't be on our network, it just can't’. So, we just use external SIM cards to stay off their network, but it's easier to just say no to something that you don't understand than to take the time and to have an expert in this space explain to you and offer a solution that will get you what you need, but also allow for that said device to be on the network. It's just easier to say ‘nope, it's got to be off, done’. So, from that perspective, there's that education. I talked about AI being a marketing term or the term ‘digital twin’ gets thrown around a lot. But everyone has a different definition of what a digital twin is and some of the definitions get very muddy, based on which company you're looking at.
Kirsten
I expect that integration is probably an issue that you have to deal with a lot.
Paul
Yes, we actually ran into this with our Angus Connect group where the traditional world used to be IT and OT and both departments existed, but they really didn't ever have to talk to each other. IT would handle their stuff and OT, and by OT I mean operational teams, would handle their stuff. Nowadays with the massive ingress of IoT technology into buildings, that is not possible anymore. IoT and OT teams have to work together and with that partnership comes challenges.
Usually when it comes to integrating devices, I'm no longer just able to work with the OT team and slap something in without working with the IT team, and the IT team isn't used to working with the OT team. Some IT teams don't like to initially play ball .
Kirsten
Let's talk about mixed reality. It's been around for a while now from a consumer level, and I'm thinking of things like the Nintendo Power Glove from the 80s interacting with your TV in a very tactile way. How has this technology evolved since that time, and how can it be applied to the work we're doing as consulting engineers?
Paul
So, mixed reality has just become more and more powerful in terms of the ability to have more and more systems integrated. You know, even calling reference to the glove, it was very limited as to what it could do, but it was very, very cool at the time, because that was the leading edge and now you can have in hospitals the old way of wayfinding used to be paint lines. I pity the person who had to actually paint the lines, but now, if you have a 3D model of the building, you can provide it so that people go in, they download an app and through a simple device that we all have, it's powerful enough and the processing power and the data, you know, with 5G and everything, find our way through looking through our devices. Get directions, get dynamic feedback like you do at a mall as an example.
Within the engineering community, where we're at now is a lot of the push is to use mixed reality or augmented reality to tag physical assets with digital information. So, as an example, if I had a router, and I was on the IT team and I wanted to know all the properties of that router … maybe what's the make, what's the model? For some reason I can’t look at it myself. What’s the MAC address? I could use augmented reality to hold my phone up and it's going to show it. Ubiquity is actually a company that does networking hardware and they do a very similar thing through their app for landports, so it will tell you. You just hold your phone up and it shows you which port goes to whichever IP address, like you don't have to go check a drawing. So that's where we're at, is the tagging of devices like that. But where we're going, and we've seen through several conferences, especially one where we went to re:Invent last year, the move is to integrate more dynamic data instead of static data tagged to those particular assets and within the mixed reality world. So as an example, whereas you're putting a text file before saying, this is the name of the product. Maybe now when I look at a boiler through my phone or through some sort of lens, I can see live temperature values coming out of that. So now we're tying in the IoT data that we're collecting and overlaying it with our real-world environment.
Kirsten
So, facility managers will be lining up.
Paul
I would hope so, but I mean again, when you're at the forefront, you're the one that's usually bearing the cost of the forefront, right? So, while very, very cool, not all of our customers have the bandwidth or the budget for such an undertaking.
Kirsten
Well, I'm always encouraged by the fact that HH Angus is an early adopter of technology and demonstrating its value to our clients, so I'm hoping for good things there too. There's a lot of buzz around cryptocurrencies and we've seen the new blockchain technology used for anything from a monkey JPEG to cyber security. What kind of trends are you seeing with regard to how things like smart contracts and cross industry blockchain tech are making a meaningful leap in AEC World?
Paul
I can't really talk too much about smart contracts, still learning about them, but with the cross industry use of blockchain technology, I think, especially in the cybersecurity world, just taking the concepts, essentially we have an industry that did a really good job of creating a secure currency. Or a secure object, you know through the process of the blockchain technology. What we see now is other industries learning from that and using very similar blockchain technology to secure their own environments or to use it in ways that it wasn't initially thought of. So we're kind of seeing the rapid utilization of that technology in different ways than it was originally envisioned for different purposes, like you said, to secure documents on let's say a network or a cloud platform. Essentially anything outside of the financial thing.
One thing I'd really like to see is the ability for IoT devices to create their own blockchain network, because again, IoT devices are typically looked at as very insecure because not all IoT devices go through the same vetting process. With that, it would be really awesome if they could all communicate with each other and use the same kind of Ledger blockchain technology to verify that the data coming from one sensor is coming from an actual sensor that's allowed to be on the network versus one that was just maybe kind of brute forced the value over top of it. I actually went to DEF CON last year, and that was actually one of the tricks, to trick an insulin pump - not by removing the temperature sensor from it, but because there is no internal validation of the data coming in, you were able to ingest or inject your own data value on top of it and you just did it more often. So, the system thought it was an entirely different temperature, and actually in the command line when you looked at the values, you could actually see the true temperature sensor value would show up every so often, but we were putting in thousands of other fake measurements, so it got drowned out.
Kirsten
That’s concerning.
Paul
Especially when it shuts down the insulin pump.
Kirsten
That leads nicely into my next point. Cybersecurity is not a new idea, but the methods of attack and the defensive networks are getting more complex every year. We've gone from physical hard drives, siloed and locked away, to very complex cloud security. What are you seeing as growing threats in that space and how do we innovate to mitigate those risks?
Paul
It's the old problem of we invent the bullet, then we invent body armor, and then we invent bullets that go through body armor and so on and so forth. Back in the day, it used to be hacking was relatively easy. It was not as big of a task as it is today for the most part, because people just were not educated about it. The whole concept of having a password not be the word ‘password’ just didn't exist. Or if you had an admin account, well, ‘I'm going to make my username and my password the same so I never forget them’. Now, almost everyone I know has a password manager because it's been demonstrated over and over and over again that you cannot reuse passwords. You need to have unique passwords and even to the further extent with the advent of more and more technology advancements, we need better and better encryption levels. You know something like a 128 bit encryption isn't maybe as good as it used to be anymore. And so now you can use 256 or even higher, and the idea behind it is with the increase in education that your everyday user has, attackers are falling back on two things. So, you either have really advanced technology now where, as an example, you know of a zero day exploit that is still there and you've kept it secret or you've sold it. Or you rely on the good old human weakness. ‘Hey, you know I've seen you ordered something on Amazon or I've seen you’ve done this and please click here to verify.’ So phishing is a very big thing and just even with physical penetration testing or security, it always comes down to the human error.
We still make assumptions and make quick judgment calls based off information that we have in front of us, but that information could be fake. As an example, I have a reservation at a restaurant tonight. I got a text yesterday saying please text 1 to confirm your reservation please text 9 to cancel your reservation. If you wish to view the reservation, click this link and it was a text. I had assumed it was a scam, so I just left it alone and I called the restaurant to verify and they said no, no, that's a true text. That comes from the platform OpenTable. I was like well you may not want to text them anymore because a lot of scammers use texting as well, and people just won't reply to it. I don't know if you’re getting the traffic that you think you're going to get with it. So that inherent distrust towards, at least that I have, but not everyone has, that some people will just click on it and they get very, very tricky too. Especially with the advent of social media.
One of the podcasts I also listen to, they talk about open source reconnaissance - finding out as much as you can about the individual without doing any hacking, just with what's available on the Internet publicly, used to be quite difficult. But now you've got LinkedIn, Facebook, Twitter, Instagram. I'm sure there's more I'm forgetting. And if you're trying to do a physical penetration test for a building, you’ve got Google Maps. You can tour the building outside and you don't have to drive around and cause suspicion. So, the information that's available, it's a lot easier to trick a person with personal details, so the phishing attacks have become really personalized, finding out more and more about you.
Kirsten
That leads to social engineering and I think that's probably a topic for another day. Paul, thank you so much for sharing your insights with us today on such a wide variety of emerging technologies. Definitely want to invite you back to coming episodes to talk about this subject a little bit more, - there's a lot to cover, so thank you very much.
Paul
No problem, thank you again for having me.
Paul
And to our listeners, thank you for joining us for this installment of Expanding the Possible.
Hello. I'm Kirsten Nielsen. In this episode of expanding the possible, we're talking about emerging technologies. Our guest today is Paul Vandenberk. Paul is a project manager in HH Angus’ digital services team, and he's responsible for managing IoT and cloud-based projects. Paul's experience as a mechanical engineer and project manager covers a variety of industries, including oil and gas, defense, and automation, and this provides him with a unique perspective on clients’ needs and also a diverse skillset. Welcome Paul.
Paul
Thanks for having me.
Kirsten
Paul, the growth in technology these days is exponential. Let's talk about one that seems to be absolutely everywhere right now in the public consciousness, and that's artificial intelligence. AI is now writing essays. It's impersonating real actors, and it's composing music. Someday it's going to be doing interviews. How has machine learning advanced and where do we go from here with digital services within the consulting engineering sector?
Paul
Well, in terms of advancing, you hit the nail on the head - it's everywhere nowadays, right? AI back in the day used to be something that, unless you had a very big hedge fund and a very big server room, you couldn't really do on your own. But now, if I wanted to go have an AI make an artistic portrait of myself, I can go onto a website and easily do it in under 5 minutes, so it's become a lot more commonplace nowadays, so it's a lot more powerful, not as much capital investment required upfront for your everyday user.
The other thing is it's actually become almost like a marketing term too. And this kind of leads us to some of the talks that we've had - is AI real or is AI vaporware? And I'm sure for some companies one is true and for others the other is true, depending on where you look. I remember back in the day where AI vision-based systems was the pinnacle of automation, right? That was the most sophisticated program and most automation companies would try to avoid it because of the complexity. Now that's old school, that's 1 + 1 now. Now we're doing, like you said, facial recognition and driverless cars, using AI to predict diseases or to recognize diseases. Heck, we even use it in gaming. We have it in our Google Home’s our Amazon Alexa’s, right? So, the future of it is the complexity of tasks that we can now provide it and, with stuff like ChatGPT, students using it to do their homework for them, or if we truly get to AI, if you remember the movie “I, Robot” now do we need to start coming up with laws and rights for AI's. Where does that stand? What's the ethical boundary for artificial intelligence?
Kirsten
And how are you seeing its application in the engineering sector?
Paul
In the engineering sector, I mainly see it still be used for high level and very quick data analysis, providing insights to our customers or potentially any company by ingesting huge amounts of data from either, in our case building control systems and environmental conditions. And being able to provide a recommended operational parameter to follow. Not a lot of people like to just give the AI full control and autonomously change the environment, but that's where we see a lot of it right now in our industry from what I've seen. Where it goes from there, I mean, I think the natural progression is to allow the AI autonomous control of the site. I don't know if we'll ever hit there, well, I shouldn't say ‘if we'll ever hit there’, I'm sure we said that 10 years ago about AI as it is, but I don't know what the catalyst is going to be to provide that change because there's a severe distrust right now. Especially with topics like cyber security coming up and being more prevalent in hacking incidences and stuff like that.
Kirsten
You were just talking about these great volumes of data and that is something that drives a lot of modern business and that's getting more so as we've seen. You've talked about using the terms ‘volume plus velocity plus variety’. What does that look like in action?
Paul
It’s essentially our IoT world, right? So, the volume, just as we imagine, describes the amount of data coming in. The velocity is how often everyone always wants real time data, (whether they really need it or not is a different story). But it's always like ‘as fast as you can get it’, like our Amazon prime packages; and the variety is, the problem is we have so many different sources of data that can come in and it can come in in different forms or different formats or even different sources, that it's almost become a task on its own, and we even have jobs whose sole position is to just manage the combination of those 3 factors, to provide a clean set of data. It used to be transforming and cleaning up your data was a small task. Now we have various tools that we can use to clean it up. Those tools existed before, but now it's much more required. And that's I think where AI also comes in, in that it helps handle a lot of those three factors together.
Kirsten
With so many things being ‘on demand’ now, including access to data, where do you think cloud technology is heading? Your team, for example, has incorporated Amazon Web Services into the company's offerings.
Paul
Cloud allows the entire business model behind cloud, especially AWS - the ‘pay for what you need, when you need it as you need it’. I remember the course that I took for my first certification with AWS. The gentleman who taught the course, he used to be the one spec’ing all the server hardware and ordering it all. And he's like, “it would take months and months to spin up a new server” and he’s like, now with cloud, you can have it done in a minute if you'd like. At its base form, I'm sure there's more complexity with it, but the whole premise of cloud and the benefit that keeps getting touted is the fact that you don't have to maintain it. You don't have to watch over it, that's someone else's job, it's not your responsibility for that. But it's on demand. It's, I don't want to pay for 10 gigabytes of storage and only use one. I only want to pay for one, and if I need two, I want it to automatically size up when I need it as I need it, so it really fits with that on demand nature that we talked about.
Kirsten
Within the on demand space too, there's several categories. For example, infrastructure as a service and software as a service and platform as a service. Is there one of those that you recommend or is it basically on a custom basis?
Paul
I mean, you look at all the on-demand services now … Netflix, Amazon Prime. That's the stuff that your everyday person looks at, it's all SaaS. Because infrastructure as a service or a platform as a service, they all require you to have some knowledge of how to take it from there to an actual software application. Whereas you pay a company for a SaaS product, it's done. It's developed, it's ready to go. They maintain the architecture, the network, everything. All you do is give them X amount of dollars per month. And if it goes down, you get to yell at someone.
And so it just goes back to, ‘I want what I want, I need it when I want it’ and so SaaS is really the one that gets you there. The funny thing is, and we're seeing it now, you know from a non-technical perspective you look at when Netflix started up, when it was a subscription service, not like the DVD mailing that it used to be, Netflix was the only game in town and they had no competition. Their pricing was great and now everyone with any media content is starting up their own. You've got Prime, you've got Disney Plus. Marvel used to be on Netflix, now they're fighting over that. Disney got that, and even Paramount now has their own. So, it's funny that we moved away to a SaaS model to get more efficient costing when we need it as we need it. But now everyone's doing it, my family has three subscriptions. And so, I'm almost rivaling my cable bill, that it originally was. So yeah, it's interesting to see now the competition there.
Kirsten
That kind of leads into my next question about, you know, we're all more and more connected to the Internet with our technology and this is both on a household basis and on a business basis too. How does your team use IoT technology to benefit our clients?
Paul
The big thing that we tout, advocate for, and I think the big advantage that we provide our clients is the ability to tear down vertical silos. So again, going back to the SaaS platform, you know you buy a sensor from company A. Their sensors will communicate with only their cloud and you have to go through their dashboard to do it. And as an example, one of our customers, in order to get an idea as to how their building was doing, had to log into nine different portals, extract all the data into Excel because none of the portals would talk to each other natively. And he did his own Excel work with the data from it. So they did have IoT, they did have smart technology within the building, but because they built all vertical silos for each of those companies, it actually didn't really provide the insight that they were hoping for. So what we tout and what I believe our advantage is with the IoT is that, we provide the IoT data - we're not special in that sense, there's a billion companies out there that have temperature sensors , that have CO2 sensors - but what we're able to provide is that we're vendor agnostic. We don't care where the data comes from, how it's sourced; actually to go back to the three terms, what volume, what variety or what velocity it comes in at. We ingest it all, we normalize it all and it comes into one stop shop. And however you want to look at it is how you want to look at. We can set it up that way. But we don't focus on creating a silo for them. If they don't want to stay with us, no problem, it’s their choice. So, giving the customer that freedom.
Kirsten
How much of your role, I'm curious, is in educating the customer?
Paul
One of the instances that comes up a lot is, again, from a cyber security perspective; the idea of when you try and install, let's say a temperature sensor or, I don't know, a smart microphone on a network, it's viewed as it's an uncontrolled device and it's a security threat; rather than trying to understand the device or create a network architecture like setting up its own VLAN or subnet or wherever you want to look at it, which would secure it, or even making a VPN connection to it, thereby resulting in a secure connection. What the answer is well, ‘it just can't be on our network, it just can't’. So, we just use external SIM cards to stay off their network, but it's easier to just say no to something that you don't understand than to take the time and to have an expert in this space explain to you and offer a solution that will get you what you need, but also allow for that said device to be on the network. It's just easier to say ‘nope, it's got to be off, done’. So, from that perspective, there's that education. I talked about AI being a marketing term or the term ‘digital twin’ gets thrown around a lot. But everyone has a different definition of what a digital twin is and some of the definitions get very muddy, based on which company you're looking at.
Kirsten
I expect that integration is probably an issue that you have to deal with a lot.
Paul
Yes, we actually ran into this with our Angus Connect group where the traditional world used to be IT and OT and both departments existed, but they really didn't ever have to talk to each other. IT would handle their stuff and OT, and by OT I mean operational teams, would handle their stuff. Nowadays with the massive ingress of IoT technology into buildings, that is not possible anymore. IoT and OT teams have to work together and with that partnership comes challenges.
Usually when it comes to integrating devices, I'm no longer just able to work with the OT team and slap something in without working with the IT team, and the IT team isn't used to working with the OT team. Some IT teams don't like to initially play ball .
Kirsten
Let's talk about mixed reality. It's been around for a while now from a consumer level, and I'm thinking of things like the Nintendo Power Glove from the 80s interacting with your TV in a very tactile way. How has this technology evolved since that time, and how can it be applied to the work we're doing as consulting engineers?
Paul
So, mixed reality has just become more and more powerful in terms of the ability to have more and more systems integrated. You know, even calling reference to the glove, it was very limited as to what it could do, but it was very, very cool at the time, because that was the leading edge and now you can have in hospitals the old way of wayfinding used to be paint lines. I pity the person who had to actually paint the lines, but now, if you have a 3D model of the building, you can provide it so that people go in, they download an app and through a simple device that we all have, it's powerful enough and the processing power and the data, you know, with 5G and everything, find our way through looking through our devices. Get directions, get dynamic feedback like you do at a mall as an example.
Within the engineering community, where we're at now is a lot of the push is to use mixed reality or augmented reality to tag physical assets with digital information. So, as an example, if I had a router, and I was on the IT team and I wanted to know all the properties of that router … maybe what's the make, what's the model? For some reason I can’t look at it myself. What’s the MAC address? I could use augmented reality to hold my phone up and it's going to show it. Ubiquity is actually a company that does networking hardware and they do a very similar thing through their app for landports, so it will tell you. You just hold your phone up and it shows you which port goes to whichever IP address, like you don't have to go check a drawing. So that's where we're at, is the tagging of devices like that. But where we're going, and we've seen through several conferences, especially one where we went to re:Invent last year, the move is to integrate more dynamic data instead of static data tagged to those particular assets and within the mixed reality world. So as an example, whereas you're putting a text file before saying, this is the name of the product. Maybe now when I look at a boiler through my phone or through some sort of lens, I can see live temperature values coming out of that. So now we're tying in the IoT data that we're collecting and overlaying it with our real-world environment.
Kirsten
So, facility managers will be lining up.
Paul
I would hope so, but I mean again, when you're at the forefront, you're the one that's usually bearing the cost of the forefront, right? So, while very, very cool, not all of our customers have the bandwidth or the budget for such an undertaking.
Kirsten
Well, I'm always encouraged by the fact that HH Angus is an early adopter of technology and demonstrating its value to our clients, so I'm hoping for good things there too. There's a lot of buzz around cryptocurrencies and we've seen the new blockchain technology used for anything from a monkey JPEG to cyber security. What kind of trends are you seeing with regard to how things like smart contracts and cross industry blockchain tech are making a meaningful leap in AEC World?
Paul
I can't really talk too much about smart contracts, still learning about them, but with the cross industry use of blockchain technology, I think, especially in the cybersecurity world, just taking the concepts, essentially we have an industry that did a really good job of creating a secure currency. Or a secure object, you know through the process of the blockchain technology. What we see now is other industries learning from that and using very similar blockchain technology to secure their own environments or to use it in ways that it wasn't initially thought of. So we're kind of seeing the rapid utilization of that technology in different ways than it was originally envisioned for different purposes, like you said, to secure documents on let's say a network or a cloud platform. Essentially anything outside of the financial thing.
One thing I'd really like to see is the ability for IoT devices to create their own blockchain network, because again, IoT devices are typically looked at as very insecure because not all IoT devices go through the same vetting process. With that, it would be really awesome if they could all communicate with each other and use the same kind of Ledger blockchain technology to verify that the data coming from one sensor is coming from an actual sensor that's allowed to be on the network versus one that was just maybe kind of brute forced the value over top of it. I actually went to DEF CON last year, and that was actually one of the tricks, to trick an insulin pump - not by removing the temperature sensor from it, but because there is no internal validation of the data coming in, you were able to ingest or inject your own data value on top of it and you just did it more often. So, the system thought it was an entirely different temperature, and actually in the command line when you looked at the values, you could actually see the true temperature sensor value would show up every so often, but we were putting in thousands of other fake measurements, so it got drowned out.
Kirsten
That’s concerning.
Paul
Especially when it shuts down the insulin pump.
Kirsten
That leads nicely into my next point. Cybersecurity is not a new idea, but the methods of attack and the defensive networks are getting more complex every year. We've gone from physical hard drives, siloed and locked away, to very complex cloud security. What are you seeing as growing threats in that space and how do we innovate to mitigate those risks?
Paul
It's the old problem of we invent the bullet, then we invent body armor, and then we invent bullets that go through body armor and so on and so forth. Back in the day, it used to be hacking was relatively easy. It was not as big of a task as it is today for the most part, because people just were not educated about it. The whole concept of having a password not be the word ‘password’ just didn't exist. Or if you had an admin account, well, ‘I'm going to make my username and my password the same so I never forget them’. Now, almost everyone I know has a password manager because it's been demonstrated over and over and over again that you cannot reuse passwords. You need to have unique passwords and even to the further extent with the advent of more and more technology advancements, we need better and better encryption levels. You know something like a 128 bit encryption isn't maybe as good as it used to be anymore. And so now you can use 256 or even higher, and the idea behind it is with the increase in education that your everyday user has, attackers are falling back on two things. So, you either have really advanced technology now where, as an example, you know of a zero day exploit that is still there and you've kept it secret or you've sold it. Or you rely on the good old human weakness. ‘Hey, you know I've seen you ordered something on Amazon or I've seen you’ve done this and please click here to verify.’ So phishing is a very big thing and just even with physical penetration testing or security, it always comes down to the human error.
We still make assumptions and make quick judgment calls based off information that we have in front of us, but that information could be fake. As an example, I have a reservation at a restaurant tonight. I got a text yesterday saying please text 1 to confirm your reservation please text 9 to cancel your reservation. If you wish to view the reservation, click this link and it was a text. I had assumed it was a scam, so I just left it alone and I called the restaurant to verify and they said no, no, that's a true text. That comes from the platform OpenTable. I was like well you may not want to text them anymore because a lot of scammers use texting as well, and people just won't reply to it. I don't know if you’re getting the traffic that you think you're going to get with it. So that inherent distrust towards, at least that I have, but not everyone has, that some people will just click on it and they get very, very tricky too. Especially with the advent of social media.
One of the podcasts I also listen to, they talk about open source reconnaissance - finding out as much as you can about the individual without doing any hacking, just with what's available on the Internet publicly, used to be quite difficult. But now you've got LinkedIn, Facebook, Twitter, Instagram. I'm sure there's more I'm forgetting. And if you're trying to do a physical penetration test for a building, you’ve got Google Maps. You can tour the building outside and you don't have to drive around and cause suspicion. So, the information that's available, it's a lot easier to trick a person with personal details, so the phishing attacks have become really personalized, finding out more and more about you.
Kirsten
That leads to social engineering and I think that's probably a topic for another day. Paul, thank you so much for sharing your insights with us today on such a wide variety of emerging technologies. Definitely want to invite you back to coming episodes to talk about this subject a little bit more, - there's a lot to cover, so thank you very much.
Paul
No problem, thank you again for having me.
Paul
And to our listeners, thank you for joining us for this installment of Expanding the Possible.