Artificial Intelligence and Intelligent Data Analysis: statistics and math, not magic!!

Artificial Intelligence and Intelligent Data Analysis: statistics and math, not magic!!

Artificial Intelligence, Machine Learning, Deep Learning, Smart Devices, terms that we are constantly bombarded with in the media, making us believe that these technologies are capable of doing anything and solving any problem we face. Nothing is further from reality!!

According to the European Commission, “Artificial intelligence (AI) systems are software (and possibly also hardware) systems designed by humans that, given a complex goal, act in the physical or digital dimension by perceiving their environment through data acquisition, interpreting the collected structured or unstructured data, reasoning on the knowledge, or processing the information, derived from this data and deciding the best action(s) to take to achieve the given goal.”1.

AI encompasses multiple approaches and techniques, among others machine learning, machine reasoning and robotics. Within them we will focus our reflection on machine learning from data, and more specifically on Intelligent Data Analysis aimed at extracting information and knowledge to make decisions. Those data (historical or streaming) that are stored by companies over time and that are often not put into value. Those data that reflect the reality of a specific activity and that will allow us to create statistical and mathematical models (in the form of rules and/or algorithms) that contain information about what reality is. Then, how to “cook” the data to obtain relevant information? What are the main actors involved? First the data, which will be our “ingredients”; second the algorithms capable of processing these data, which will be our “recipes”; third computer scientists and mathematicians, who will be the “chefs” capable of correctly mixing data and algorithms; and forth the domain experts, who will be our private “tasters” and whose task will be to validate the results obtained.

First one the data. Those data from which we want extract information in order to generate models or make predictions. Through a continuous learning process of trial and error, based on analysing how things were in the past, what trends there were, what patterns were repeated,etc. we can build models and make predictions that will be as “good” as data are. It is not a question of quantity, but of quality data. What does that mean exactly? It means that if we want to teach an AI system to multiply (giving it examples of correct multiplications) the system will know how to do that task (multiply) but it will never know how to subtract or divide. And if we give it ‘wrong’ examples (3*2=9 instead of 3*2=6) the system will learn to multiply, but in the wrong way. Therefore, as fundamental ingredient of our recipe, data must be well organized, be relevant and quality

On the other hand, the AI algorithms. Our “recipes” that tell us how to mix the “ingredients” correctly, how to use the available data to try to solve our problem. Algorithms that allow us to build computer systems that simulate human intelligence when automating tasks. However, not all algorithms can be used to solve any type of problem. On the “inside” of these algorithms there are mainly mathematical and statistical formulas proposed decades ago, and whose principles have advanced little in recent years, but which are now more effective thanks to (1) the increase in the amount of data and (2) the increase in power computer calculation (which is allowing much more complex calculations in less time and at low cost). However, skills such as intuition, creativity or consciousness are human abilities that (for now) we have not been able to transfer to a machine effectively. Therefore, our “chefs” and our “tasters” will be in charge of contributing these human factors in our particular”kitchen”.

That is why not all problems can be solved using AI. Because neither data are capable of “speaking” by themselves (they are not “carriers” of the absolute truth) nor are algorithms “seers” capable of guessing the unpredictable. What data and algorithms really know how to do is answer the questions we ask them based on the past, as long as the questions asked are the right ones. After the failure of a machine, how is the data provided by the sensors that monitor the machine mathematically related to the failure produced? When an image is analysed, how similar is it to images that have been previously analysed? When a question is asked of a virtual assistant, what answer has been given (by humans) more frequently in the past to that same question? It is therefore about questioning the data in the correct way so that they reveal the information we want.

Over the last century, AI has survived several technological ‘winters’ with lack of funding and research, mainly caused by the uncontrolled enthusiasm put into technology in the previous years2. It´ s time to “learn” from our hisorical data and not make the same mistakes again. Let´ s acknowledge AI for the capabilities it really has, and leave to wizards the ability to make the impossible come true. Only in this way AI will enter in its perpetual spring.


1 https://op.europa.eu/en/publication-detail/-/publication/d3988569-0434-11ea-8c1f-01aa75ed71a1

2 https://link.springer.com/chapter/10.1007%2F978-3-030-22493-6_2

Cybersecurity in industrial environments. Are we ready? The attacks that are still to come…

Cybersecurity in industrial environments. Are we ready? The attacks that are still to come…

Identity and user data theft, ransomware, phishing, pharming or denial-of-service attacks are terms that appear more and more in the media1,2,3,4. The hyper-connected world in which we live also affects companies that, as productive entities, are increasingly exposed to being the target of cybercrimes 5,6,7. Existing campaigns to raise awareness in cybersecurity are very diverse, but how can companies protect themselves against all these threats without compromising their final business objectives?

Traditionally, cybersecurity orchestration in industrial environments has been delegated almost exclusively to the company´ s IT department, which have focused on protecting office networks, applying well-known standards and regulations such as: ISO/IEC 27001, ISO/IEC 15408 or ISO/ICE 19790. For these cybersecurity expert teams, “your best defense is a good offense”. This quote by the Chinese general Sun Tzu (author of the book “The Art of War”, considered a masterpiece on strategy) underlies the background of what are known as penetration tests (or pentesting). Pentesting tests are basically a set of simulated attacks against a computer system with the sole purpose of detecting exploitable weaknesses or vulnerabilities so they can be patched. Why are these tests so important? Several studies show that most attacks exploit known vulnerabilities collected in databases such as CVE, OWASP or NIST that for various reasons have not already been addressed 8,9.

In the IT sector, some of the most popular security audit methodologies and frameworks for pentesting are: Open Source Security Testing Methodology Manual (OSSTMM), Information Systems Security Assessment Framework (ISSAF), Open Web Application Security Project (OWASP), and Penetration Testing Execution Standard (PTES). Each of these methodologies follows a different strategy to perform the penetration test according to the type of application to be audited (native mobile apps, web applications, infrastructure…), being in this sense complementary approaches.

cybersecurity

On a practical level, IT teams have a large number of tools to perfomr these tests both free and/or open-source and paid applications. Some of the best known are: Metasploit (Community Edition), NESSUS (Personal Edition), Saint, Nmap, Netcat, Burp Suite, John the Ripper or Wireshark. Most of these tools are already pre-installed in specific pentesting distributions such as Kali Linux, BlackArch Linux or Parrot Security.

However, office networks, of which the IT department is in charge, are not the only existing networks in an industrial company. Today, there is a growing number of production-related devices (PLC, SCADA, …), normally interconnected by fieldbus networks, that support the Internet TCP/IP protocol such as PROFINET or MODBUS TCP. Thanks to the routing function available in PLCs of some brands, it is possible to access to field buses that could not be accessed from the outside in the past, such as PROFIBUS, through gateways. The interconnection between IT (Information Technology) and OT (Operation Technology) networks, so necessary when talking about Industry 4.0, greatly increases the chances of the industry being a target of cyberattacks.

In the next article, we will talk about how we can defend ourselves against such a threat …


Post Authors

Daniel Gómez (dangom@cartif.es)

Javier Román (javrom@cartif.es)

Marta Galende (margal@cartif.es)


1 https://elpais.com/economia/2021-11-11/un-ataque-informatico-obliga-a-paralizar-la-principal-planta-de-la-cervecera-damm.html

2 https://www.lavanguardia.com/tecnologia/20211108/7847465/ciberataque-mediamarkt.html

3 https://www.elespanol.com/omicrono/tecnologia/20211025/supermercado-tesco-hackeo-clientes-sin-pedidos-varios/622188010_0.html

4 https://www.elmundo.es/economia/2021/03/09/6047578dfc6c83411b8b4795.html

5 https://cincodias.elpais.com/cincodias/2021/07/21/companias/1626821663_803769.html

6 https://directivosygerentes.es/innovacion/54-por-ciento-retailers-espanoles-sufrido-ciberataque

7 https://www.fortinet.com/lat/corporate/about-us/newsroom/press-releases/2021/fortinet-reporta-ataques-ransomware-multiplicado-diez-ultimo-ano

8 https://owasp.org/Top10/

9 https://www.muycomputerpro.com/2021/11/11/ransomware-ataques-vulnerabilidades-empresas

Cybersecurity in the industrial environment, are we ready? Defence comes next…

Cybersecurity in the industrial environment, are we ready? Defence comes next…

As we mentioned in our previous post, companies OT (Operation Technology) networks are no exception from suffering cyberattacks. So far, there have been multiple cyber-attacks suffered by industrial companies since the first registered one in 2010 that had a direct impact on the physical world1. These security incidents affect a wide range of entities ranging from large technology companies to final products suppliers2. All industrial infrastructures, and not only the critical ones, are in the crosshairs of cyber criminals or crackers, in which the OT sector is in a certain way “negligent”, since alomst 90% of vulnerabilities and attack vectors present in an industrial system are identifiable and exploitable using strategies widely known by the attackers, with 71% being extremely high or critical risk as they can partially or totally take to a halt all the company production activity3.

Given this outlined panorama, a series of questions should arise: Are there appropriate kit tools adapted to these OT network environments? Can cybersecurity experts protect the industry OT scenario? The detection and exposure of vulnerabilities that affect the resources associated with OT networks, key elements in the automation of industrial plants, is shown as a compulsory step for any penetration test. Once these vulnerabilities have been identifies, it will be possible to take the necessary preventive measures, adapting existing solutions and well-known good practices from the IT environment to the OT world, and not carrying out a direct implementation of them.

Some attempts to adapt existing standards are IEC 62443, based on the ISA 99 standar, which sets up the international reference framework for cybersecurity in industrial systems, or ISO/IEC 27019:2013 which provides guiding principles for the management of information security applied to the world of the process control systems. Regarding specific tools, we find, among others, the ControlThings platform, which is a specific Linux distribution to exposure vulnerabilities in industrial control systems, without forgetting tools dedicated to get a real-time asset inventory in the OT infrastructure like IND from Cisco, eyeSight from ForeScout (these are paid applications) or GRASSMARLIN opne source which passively maps the network and visually shows the topology of the different ICS/SCADA systems present in the network. The different objectives liable to be attacked in an OT environment in a specific way can be found in databases such as MITTRE-ATT&CK.

Nevertheless, these attempts at standardization are not enough and it is essential to continue going on different fronts supporting initiatives such as the following:

  • To allow experts from the OT environment to take the initiative and learn how to protect their systems. To train them in the correct way to commission the devices of these type of networks, making that commissioning easier for non-IT experts and thus, avoiding the possibility of misconfigurations due to lack of the associated technical information (simplifying the security aspect of this).
  • Improve the adaptation of SIEM (Security Information and Event Management) solutions to the OT networks, so that they ae less intrussive than current ones and making them to identify patterns that are typical of the indsutrial process networks, allowing and early identification of anomalous situations4.
  • Put into practice new ways of cyberprotecting industrial systems, not focused on the continuous software updating and/or the periodic investments on them5.

Until not long ago, OT network systems have run disconnected from the outside world and therefore with a false feeling of being secure6. However, the protection of these OT environments should be prioritized, as well as the creation of new professional profiles in OT cybersecurity, capable of understanding the needs and particularities of these specific environments.


Authors of the post

Daniel Gómez (dangom@cartif.es)

Javier Román (javrom@cartif.es)

Marta Galende (margal@cartif.es)


1 https://www.businessinsider.es/10-anos-stuxnet-primer-ciberataque-mundo-fisico-657755

2 https://www.incibe-cert.es/alerta-temprana/bitacora-ciberseguridad

3 https://security.claroty.com/1H-vulnerability-report-2021

4 https://www.incibe-cert.es/blog/diseno-y-configuracion-ips-ids-y-siem-sistemas-control-industrial

The century of the photon

The century of the photon

Most likely, the word photonics is not part of yourusual vocabulary, but the technologies developed in this field are increasignly used in the daily course of our lives.

If we pay attention to the definition of photonics given by dictionaries such as Merriam-Webster´ s:

“A branch of physics that deals with the properties and applications of photons especially as a medium for transmitting information”, perhaps this means nothing to you, unless you know research works such as those of the great pysicist Albert Einstein. Specifically, his explanation of the photoelectric effect discovered by Hertz in 1887 and for which, curiosities of life, Einstein received exactly 100 years ago (1921), the Nobel Prize and not for his famous theory of relativity.

Albert Einstein

Photonic is better understood if we use other definitions, such as the one described by the French scientist Pierre Aigrain in 1967:

“Photonics is the science of the harnessing of light. Photonics encompasses the generation of light, the detection of light, the management of light through guidance, manipulation, and amplification, and, most importantly, its utilization for the benefit of mankind.”

Therefore, light is the center of photonics, a physical phenomenon whose explanation has needed hundreds of years and great geniuses for its understanding, at least to a high degree. From the Greek schools with Aristotle and Euclid as outstanding exmples, numerous scientists, such as Al Haytham, Newton, Young, Maxwell or Einstein himself dedicated part of their lives to answering the question What is light?.

If we summarize some of the conclusions of these parents of photonics, we can say that light is defined by both a wave and a particle, which has been called the wave-particle duality of light. This duality was the source of fierce discussions like the one carried out between Huygens and Newton in the 17th century, Huygens defended the wave nature of light, while Newton only understood light as a set of luminous corpuscles. In the 19th century, it was Young with his famous double slit experiment and Maxwell with his treatise on electromagnetism who confirmed the wave nature of light, while in the early 20th century, Plank and Einstein demosntrated the need to quantify light in form of discrete packets of energy to be able to explain the radiation of a black body and the aforementioned photoelectric effect. In 1926, Gilbert Lewis called this “quantum” of energy a photon.

Wave-particle duality of light Source: https://www.youtube.com/c/inanutshell

On the other hand, light is not only the radiation that we can see with our eyes, namely, the visible spectrum, but it is also associated with infrared, ultraviolet, microwaves, radio waves, X-ray and gamma radiation, since these ones are of the same nature as demonstrated by Maxwell. In fact, the International Society of Photonics and Optics (SPIE) in its 2020 annual report states that photonics covers the entire range of the electromagnetic spectrum, from gamma rays to radio waves.

photonics - electromagnetic spectrum
Electromagnetic spectrum

We could say, in a simplified way that:

“Light is made up of a set of particles, called photons, propagating in ther form of electromagnetic waves with a wide range of frequencies.”

Photons interact with matter at the subatomic level. If these particles have the right energy value, defined by the frequency of the wave, they will cause the electrons of the atoms to absorbb their energy and position themselves at higher energy levels. In the same way, these particles of light are released when electrons returns spontaneously or stimulated to lower or more stable energy levels.

photonics- interaction of photons with matter
The interaction of photons with the matter.
Source: https://users.aber.ac.uk/ruw/teach/327/spec.php

Well, these phenomena that occur at the suabtomic level are tha basis for the velopment of devices such as LEDs or LASERs, without which we could not, among other uses, improve the energy efficiency of our homes or have better bandwidth in fiber optic communications. These are a small part of the applications of photonics, but it gives an idea of the magnitude of its importance since it is present in a myriad of application sectors.

So when you turn on the lights, hear the news on the radio or watch them on television, connect to the internet via fiber optics or via wireles with yout tablet or smartphone to watch your favorite series, activate your home alarm sensors, take pictures, heat your breakfast in the microwave and other countless daily actions, think about how photonics has changed our lives. It is not surprising that the 21st century was the century of the electron and that photonics is one of the key technologies for humanity to continue its development and overcome many of thec omplicated challenges that has to face today and in the future.

Since 2020 CARTIF is part of PhotonHub Europe, a platform made up of more than 30 reference centers in photonics from 15 European countries in which more than 500 experts in photonics offer their support to companies (mainly SMEs) to help them to improve their productionprocesses and products through the use of photonics. With this objective, training, project development and technical and financial advisory actions have been organized until 2024.

In addition, to be aware of what is happening in the worl of photonics, we encourage you o be part of the community created in PhotoHub Europe. In this community you can be aware of the activities of the platform as well as news and events related to photonics.

Consciousness is not a computation, it is quantum

Consciousness is not a computation, it is quantum

A lot of the new hype arounf the Artificial Intelligence (AI) is directly related with the potentiality for imitate or overcome the capabilities of the human brain (in terms of data volume managed and process speed) using computers. The neuroscientist Henry Markram in 2009 announced a project that pretend to simulate the human brain in a super-computer with different objectives such as “understanding perception or reality and maybe even undertanding physic reality as well”.

The so-called “technological singularity” established how the AI and robotics will surpass us humans. There are different predictions about when will occur this “apocalypse”. Elon Musk figured it out this singularity in 2025, the Russian millionaire Dmitri Itskov in 2045, to cite some examples. The continuous advance of microprocessors capabilities also feeds, wrongly, the hype of the AI. If someone compares only the numebr of neurons (around 86,000 million) with the number of transistors of the last M1 chip from Apple (16,000 millions) may be tempted to ensure that the “computation capacity” of the human being is easily overcome. I know, comparisons are hateful, and in this case, very daring.

Until very recently I was already among the expectant of such predictions, but with a reasonable scepticism degree. All this changed for me in the crudest of the confinement of 2020. I was wandering around YouTube in search of interesting videos related to AI and I came to a very curious one that gives the title to this post, and that attracted my curosity: 1consciousness is not a computation. In this video, a more than kucid Sir Roger Penrose, physicist, mathematician and philosopher, is interviewed by the vlogger Lex Fridman, expert in AI and autonomous driving.

I have to say that, even the scientific level of what is exposed in the video is very high, the lucidity, detail and kindness shown by Penrose, caught me and got me to be attentive throughout the whole interview. Specially, there is a part that sticks me on the chair, and makes me rewind several times to try to understand as much details as possible. The interview starts directly with this devastating thesis: “I´ m trying to say that whatever consciousness is, it´ s not a computation…it´ s not a physical process which can be described by computation”.

During the interview, Penrose explains how his curiosity about neurophysiology led him to explore the basic principles of the physic, cosmology, mathematics and philosophy in his book in 1989 “The Emperor´ s New Mind” to propose that human thinks could never be emulated by a machine, against the “mainstream” thesis of those times about how computers using artificial intelligence could soon make everything a human can do.

Which leads him to assure so bluntly the impossibility of emulating human consciousness by using a computer? It is not supposed that joining several chips of our computers one could overcome the number of neurons of our brain and its capacity of computation (if you allow me this crude comparison)? Just like life isn´ t a set of cells grouoed in organs, the “emulation” of the brain capacities is not a question of grouping a high number of transistors and their electrical impulses. We all remember the explanations of how neurons transport information throughout electrical impulses. In his analysis of the brain physiology, Penrose, even at the final of his book could not get to explain completely how it was possible that the nervous signals could transmit by electrical impulses consistently across the brain. Something did not fit or was missing in his theory. But it seems that, to a reader of his book, the anaesthesiologist Stuart Hameroff, was to the only one that figured it out. “I think you have missed something, don´ t you know what microtubules are?”- said to Penrose. “Is what you need to amke your theory work”. Microtubules could be the answer to the Penrose search about a no computable source in the human consciousness, from a physiological point of view.

But what the hell are microtubules? May molecular biologists forgives me, but it seems that they are molecular structures of tubular shape that we can found in different cells of our body, from red blood cells to neurons. These structures that “inhbait” the interconnections of our grey cells, have the property of conserving their state in a very effective way (quantum type state, but we will leave this for another post) and allow us to somehow return to being the same as we were after a loss of consciousness, for example, after and anaesthesia. We could say that microtubules are the basic storage unit (quantum) of our brain. Some scientifics call them “the neuron brain“.

Another reason for being able to aspire to emulate the brain has been to be able to replicate the number of connections that exist in our neurons. It´´ s a pretty big number actually. It is estimated that each neuron has an average of 1,000 connections. With 86,000 million of neurons this would give us about 86 trillion of connections or so. Even though the numbers give vertigo, for some experts they seems achievable with the current calculation capacity in operations per second (FLOP) of the processors. Going back to Apple´ s M1, this processor declares to be able to carry out 2.6 TFLOP, 2.6 billion operations per second (10 to the 12th). Again, a number apparently “near” to our connections if we join a lot of chips working at the same time. But it seems that consciousness is something more than connections, right?

If we focus only on the quantitative question and we return to microtubules that inhbait our neurons, how much of them can we have? Neurobiology said that inhabit our neurones, how much of them can we have? Neurobiology said that more than 1,000 microtubules per each one of our 86,000 million of neurons, that is, 86,000,000,000,000 micortubules (86 billion, similar to the neural connections) that “stores quantum information” in which some scientifics affirm, our consciousness live. We can say that actually our brain is a quantum computer, don´ t you think? Wow, sorry to fall back into a computational analogy. Let´´ s go back to the technology to conclude this post. IBM, promises a quantum computer of 1,000 qubits for 2023. Quite inferior to the 86 billion microtubules of our head. In my humble opinion, and comparing only quantitative aspects of actual and future computation capacities, the so called “technological singularity” as a promise of overcoming our human capacities only with actual computer technology and artificial intelligence i still very far away or seems almost unattainable. I don´ t know about you, but I still see a little bit far away the technological singularity, don´ t you think?


1 Human beings’ ability to recognize and relate to the surrounding reality

Industry 5.0, seriously?

Industry 5.0, seriously?

It seems unbelievable, but 5 years have passed since CARTIF inaugurated the blog with the post on Industry 4.0 in which I analysed some of the keys to the so-called “fourth industrial revolution” and how it could affect the industry in our country. It has always seemed risky to me to try to define this revolution from within itself. I suppose that time and the historical perspective will make it clearer if it really has been a revolution or simply a technological mantra. Fasten your seat belts because if we have not yet assimilated this revolution now they “threaten” us with the next one, Industry 5.0, they call it. Original, isn’t it?

If the fourth promised to interconnect the productive means of the entire value chain to make a transition to the intelligent industry or Smart Industry (everything has to be Smart as when many years ago any self-respecting appliance needed to carry “fuzzy logic” on-board). The fifth industrial revolution tries to humanize the concept beyond just producing goods and services for economic profit. The challenge of this revolution is to include social and environmental considerations in its purpose. Keywords if this revolution, as defined by the European Commission, should include human-centric approach, sustainability and resilience.

By developing innovative technologies with a human-centric approach, Industry 5.0 can support and empower workers, rather than replace them. Likewise, other approaches complement this vision from the consumer’s point of view in such a way that they can have access to products that are as personalized as possible or adapted to their possibilities. Thus, concepts such as personalized food or tailor-made clothing could be virtually applied to any consumer product.

The sustainability in the development of the industry needs to reconcile the economic and environmental progress objectives. To achieve such common environmental objectives, it is necessary to incorporate new technologies and integrate existing ones by rethinking the manufacturing processes by introducing environmental impacts in their design and operation. Industry must be a leading example in the green transition.

Industry resilience means developing a greater degree of robustness in its production, preparing it against disruptions and ensuring that it can respond in times of crisis such as the COVID-19 pandemic. The current approach to globalized production has shown great fragility during the pandemic that devastates us. Supply chains must also be sufficiently resilient, with adaptable and flexible production capacity, especially in those aspects of products that satisfy basic human needs, such as healthcare or security.

Just as the fourth needed digital enablers, this new revolution needs technological aspects to make it happen. From a practical point of view, we can say that the enablers we reviewed a while ago are fully up-ot-date for Industry 5.0. We could include some additional ones such as quantum computing or block-chain, incipient ones 4 or 5 years ago. If the enablers are similar, why are we talking about a new revolution? It is a matter of priorities. If the fourth spoke abou hyper-connection of processes to the digital world through cyber-physical systems or the IoT, in the fifth, a cooperation between human and digital technology is sought, either in the form of collaborative industrial robots, social robots or artificial intelligence systems that complement or assist in any task related to production, from installing a door in a car to deciding how to organize the next work shift to meet the productivity goal of the manufacturing plant.