How any journey to digital transformation should be informed not by fear, but by trust

Have you noticed how digital transformation is being sold on fear? The message ‘if you don’t digitally transform; if you don’t implement end-to-end connectivity and big data analytics soon, one of your competitors will beat you to it,’ crops up again and again.

The flip side of that argument, of course, is that your competitors might attempt to digitally transform but fail spectacularly, probably because of unknown security vulnerabilities.

So do you courageously take the lead and bet your business on the outcome, or do you wait for the technology to mature before making your move? Whatever you decide, it’s a substantial risk, right? Well, no.

As it happens, there is a relatively risk-free approach that you can take but, before we get to that, let’s put all the scaremongering to one side and review the benefits of digital transformation.

As a working definition, we can describe digital transformation as the journey towards a state in which your organisation can fully exploit the mass of data which comes from being more connected to the outside world.

Briefly, the benefits include new revenue streams, lower operating costs, greater organisational agility and better decision making. Let’s start with a real-life example of creating new revenue streams.

A growing number of toy manufacturers are introducing ‘connected’ toys with Wi-Fi and Bluetooth capabilities, microphones, speakers, speech recognition, web searching functionality and an app to process, receive and send data. The collected data are usually stored in a database and used for the manufacturers’ own purposes.

So now we have a toy to which we can add new features whenever we want, and which can report back to us about how it is being used and when.

So far, so good. But in the rush to market, security can sometimes be overlooked. In this case, the public’s initial trust in the toy was destroyed when it was discovered that anyone with some basic knowledge could not only listen to the child but to speak to him or her through the toy’s speakers.

Such was the lack of trust that in early 2017, Germany's Federal Network Agency not only banned the sale of this toy but made it illegal even to possess one.

Creating a leaner, more responsive organisation

Becoming digitally transformed also helps you to reduce costs, improve organisational agility, and make faster, better-informed decisions.

To illustrate this, we’ll consider railway networks. Obviously, anything which is safety critical needs regular maintenance. With railway track and signalling systems, the process involves physical inspection at (conservatively) set intervals. If something needs repairing, the parts are retrieved from a large inventory and then installed. The work is checked by a supervisor, who signs it off. Careful paperwork attends every step.

It’s an enormous effort carried out at considerable expense, but at least the process is proven and trusted.

On the other hand, what if you could continually monitor every single asset remotely? What if you predict when a component is likely to fail and see when it is starting to fail? What if you could decrease your inventory, reduce the manpower and digitise the paper trail? That is the promise of digital transformation.

Actually, you can do all of this. Thales’s Predict and Prevent technology performs round-the-clock, non-invasive monitoring of 48,000 Network Rail assets, including the track, points, point heaters, cabling, temperature, hydraulic fluid levels, and more. And it is proven and trusted just as much as the manual system that it replaced, perhaps more so.

Trusted updates

Remote software upgrades to fix problems or to add new features is another key driver for digital transformation. Again, the technology already exists. We are all accustomed to our phones, tablets, PCs and apps being updated from…well, somewhere or other.  Why not other systems?

‘Why not indeed?’ replies the automotive industry as it gears up for large scale digital transformation. According to research firm IHS Automotive, total worldwide cost savings created by pushing software updates over the air will drive annual savings of more than $35 billion by 2022.

The benefits are clear, so what’s delaying a more widespread adoption of remote upgrades? Once again, it’s a matter of trust.

The receiving system must be able to trust that the update is genuine. The manufacturer must be able to trust that the delivery has been successful and that the update was correctly installed. We all need to trust that it doesn’t contain a virus.

That’s easy to do when you’re designing a brand new, greenfield product with no legacy systems to worry about. But it is a different matter entirely with legacy systems, where trust comes more slowly. And trust, in the context of digital transformation, can only be earned by demonstrating absolute security.

Let’s say you operate a 30-year-old nuclear power station. To stop someone hacking into it you prohibit any connectivity between your operating technology and the outside world. Because if it can’t be reached, it can’t be hacked. On the other hand, it can’t benefit from digital transformation.

With the right approach, though, even a nuclear power station can be digitally transformed without taking risks with the security.

Putting trust into digital transformation

The first challenge to overcome is finding the right security partner. Fortunately, there are many providers of garden-variety IT security.

Unfortunately, finding one which also has an in-depth expertise in your operational technology is rather more difficult.

The second challenge is deciding where to start. How brave do you want to be? Because if you want to digitally transform a safety-critical system you’d better be 100% confident of the outcome. Just one successful attack a month, or even years down the line could be catastrophic. 

At Thales, we start with a proof of concept, delivered as a non-profit project, where both parties commit to identifying and overcoming a small, clearly-defined challenge. It generally takes only about six to eight weeks but it does require the customer to invest time, money and human resources. 

We recently used this approach with a high-end car manufacturer. The original requirement was to remotely map, monitor and fix the several thousand potential faults can afflict the digital systems of a modern car. The danger with this was that the sheer scale of such a project would take everyone into the unknown. Where do you start? When does it end? Where is the pay off?

Instead, we invited the manufacturer to prioritise ten faults. We then worked together to create a proof of concept system that could detect these faults, analyse them and flow the data into a control room. 

The lessons were clear and easy to understand. We had a model which could be rolled out to protect the rest of the car’s systems. What’s more, we could not only demonstrate beyond doubt that the system is secure, but we could articulate why. 

There was no need to espouse the tired old ‘what if your competitors get there first?’ mantra. And there was none of the unquantifiable risk associated with wide-scale projects and no need to act on faith alone.

By working together, and sharing the risk and the investment, we had developed much more than a proof of concept.

We had created trust.