The KIT -- Knowledge and Information Technology -- No. 285

The KIT

Knowledge & Information Technology

No. 285 - 1 April 2021

In this Issue

· Digital Twins for Smart Cities

· Software Bills of Materials

· CODASPY 2021

· The Case of the Two CaaS

· AI Surges During COVID, but...

Our Consulting Services

IT Strategy and Roadmap

Enterprise Architecture

Business Process Modeling

Enterprise Software Selection

IT Innovation Briefings

IT Due Diligence for M&A

Cloud Computing Adoption

Enterprise Security Maturity

Knowledge Management

Communities of Practice

Taxonomy Development

Enterprise Social Media Adoption

For more information

Visit us: www.cebe-itkm.com

E-mail us: info@cebe-itkm.com

Phone: +1 415 870 4856

+33 970 444 992

Twitter: @cbaudoin

See: Previous KIT issues

Forward this issue to colleagues and friends!

Digital Twins for Smart Cities

The members of the Digital Twin Consortium (DTC), which is managed by Object Management Group (OMG), met two weeks ago. A recurrent theme was the application of digital twins to smart cities.

The 2030 Districts Network is a consortium of real estate property owners who are looking into transforming urban areas and reducing emissions by architecting interconnected smart buildings. A pilot project started with three buildings in Lower Manhattan will later expand to 20. A digital twin of the project is being built at the Brooklyn Navy Yards, which were transformed into a startup incubator facility, and will be used for integration testing and certification. Information security is managed using DDS domains, part of the Data Distribution Service standard from OMG.

The following week, Dan Isaacs, CTO of the Digital Twin Consortium, spoke at the TechEx virtual IoT Tech Expo about business cases and challenges of digital twins. He described the Yorkshire Geospatial Twin project launched by Slingshot Simulations, which will model the cities of Leeds, Hull and York to allow traffic authorities to improve mobility and reduce lost time and emissions. Digital Urban European Twins (DUET) is a similar project in the EU, comprising three testbeds: the cities of Athens (Greece), Pilsen (Czechia) and the Flanders region of Belgium. DUET focuses on the use of the cloud and high-performance computing.

The Latest on Software Bills of Materials (SBOM)

The work led by the U.S. National Telecommunications and Information Administration (NTIA) continues. In addition to reportss and a medical device software proof of concept, a demonstration of SBOM interchange is around the corner (see below). If you are a software supplier, you should learn about this and plan when and how you will be able to deliver an SBOM with your product before a customer surprises you with an RFP that mandates it! And if you buy software, you should learn about what you should ask for. Here are recent announcements:

A document called "Sharing and Exchanging SBOMs" has been published.
A tool classification taxonomy has been published.
A "plugfest" to demonstrate the exchange of SBOM information represented in different standards (such as SWID, SPDX and CycloneDX) and collect reference examples will be held on April 9, 9:00-12:00 US Eastern Time. Sign up here to attend.

The main remaining challenge is that there is no standard to uniquely identify a piece of software. The community assembled by NTIA continues to research this.

To learn more about the whole initiative, attend the Spring SBOM Community Meeting on April 29, 12:00-16:00 US Eastern Time. The meeting is open to all. Attendance instructions are not available yet but will be posted here, where you can find a whole repository of information about the initiative.

CODASPY 2021: the 11th ACM Conference on Data and Application Security and Privacy

ACM's Special Interest Group on Security, Audit and Control (SIGSAC) announced this virtual conference for April 26-28. It will "feature co-located workshops on Security and Privacy Analytics; Secure and Trustworthy Cyber-Physical Systems; and Software Defined Networks & Network Function Virtualization Security. Panels will address 'Is there a Security Mindset and Can It Be Taught?' and 'AI for Security and Security for AI.'" While you don't have to plan for travel, we're a little concerned that the conference page still doesn't have an agenda or registration instructions. We'll let you know in the next issue if we learn of a change.

What's in a Name? The Case of the Two CaaS

The cloud computing community knows about containers -- a deployment technology that allows workloads to be deployed and ported between different cloud platforms, and a more recent option called Container-as-a-Service, or CaaS. During a recent discussion on the formalization of vocabularies, we discovered that for the International Telecommunications Union (ITU-T), "CaaS" means Communications-as-a-Service. The fact that the same abbreviation can mean different things in different domains is not new -- Wikipedia is full of so-called "disambiguation articles" to address this -- but the fact that this is a clash between two abbreviations in the same area (cloud services) is a bit too uncomfortable. Caveat lector.

AI Surges During COVID-19 But Heightens Privacy Concerns

A new study from consulting firm KPMG found that AI adoption surged during the pandemic, helping (for example) handle the increased level of "remote shopping" through automated chatbots and voice response systems. Less visible to the general public is the use of AI in contact tracing applications or to process the vast amount of medical data from tests and hospitalizations. But this has raised privacy concerns and calls for government regulation. This Datanami article summarizes the study.

(Thanks to former colleague Martin Koistinen of Diveplane Corp. for posting the article on LinkedIn)

Seen Recently...

"Definition of 'edge': everything outside the data center. Definition of 'cloud': someone else's data center."

-- Jeff Ready, CEO of Scale Computing, during a March 18 webinar on Industry 4.0 and Edge Computing

(This is cute, but grossly oversimplified. Your laptop is outside a data center, but I doubt you' d call what it does edge

computing; and someone else's data center that doesn't provide self-provisioning and pay-as-you-go isn't a cloud).

"If by moving a data center to the cloud you are introducing a lot more privacy and security risks, I would argue that you have not architected the rest of your solution correctly."

-- James Parker, of Education First, during a panel at the TechEx Cyber Security and Cloud Expo

(in one of the good moments of an event that otherwise rehashed a lot of known stuff about the reasons to move

to the cloud, the importance of considering the business case, the need to consider the migration costs, etc., etc.)