Friday, June 19, 2015

Robotics Cluster meeting hosted by WPI

Our June 2015 Robotics Cluster meeting was attended by 35+ MTLC members at the oldest building in the United States still used for engineering education, Washburn Shops and Stoddard Laboratories at WPI in Worcester.  We learned all about the history and objectives of the DARPA Robotics Challenge.  Mike Gennert and Ta┼čkin Padir discussed their system architecture and Team WPI-CMU’s progression through the various phases of the challenge to the most recent competition. They described working on – and with! – WARNER (their Boston Dynamics Atlas robot) to perform the competition’s tasks. Holly Yanco spoke about initial impressions of the human-robot interaction, giving a control room perspective of the competition.  Congratulations to Team WPI-CMU for their impressive achievement!

Enjoy this fun YouTube video of “falls” during the DARPA Grand Challenge (note WARNER is not part of this video):

Velin Dimitrov, a PhD Candidate at WPI, presented two WPI projects:  WALRUS, a Water And Land Remote Unmanned Search Rover, and CARE, Cyber-Physical Systems for Advanced Response to Epidemics.

We were then treated to a tour of some of the robotics labs on campus.

Warner – JUST returned from Pomona, CA after the DARPA Robotics Challenge – still in his crate!

Tye Brady holds Warner’s hand – with Mike Gennert
Robotics Cluster Women: Lenore Rasmussen, Founder of Ras Labs, Jill Wittels, CEO of Sostenuto Strategic Advisors, Kathleen Hagan, President of Hagan & Company

Wednesday, June 17, 2015

RoboInnovation Panel

Representatives from various Robotics Innovation Initiatives and Test facilities discussed the path forward for Robotics in Massachusetts during the Devens Robotica event.

Our intellectual capital in the region is beyond compare and our entrepreneurship is thriving – put that with MassRobotics, NERVE Center, Joint Base Cape Cod and Devens IOP – what do you get?  The Robotics capital of the world!!  Where else would you rather be?

Left to right:  Tye Brady -  Draper Laboratory & co-founder of MassRobotics, Adam Norton – Manager of the NERVE Center, Joyce Sidopoulos – MassTLC Robotics Cluster Manager, Jose Vazquez - President at Avwatch providing services to JBCC, Richard Kelley – co-founder of Devens IOP

Wednesday, June 10, 2015

Spear Phishing Detection Matters: The Anthem Data Breach

By: Kevin O'Brien of GreatHorn


Spear Phishing Detection: Why Machine Learning Is The Answer

A key lesson to take away from the Anthem data breach is that organizations need to recognize that simply throwing a SIEM or log aggregation tool and an IDS into their infrastructure is not sufficient. Consider how the Anthem data breach worked:
Robots are better at catching phish.
  • A group of Chinese Hackers, dubbed “Deep Panda” by Crowdstrike, registered a domain ( that was designed to look like Anthem’s corporate domain prior to Q4 2014 (
  • A number of subdomains, including and, were also tied to the suspicious domain; trojan-horse style malware was installed on these domains.
  • The malware, masquerading as “CITRIX Access Gateway Secure Input”, was digitally signed with a certificate owned by DTOPTOOLZ Co., who are associated with the Deep Panda group
  • Spear phishing attacks sourced from the number-substituted were used to propagate the malware throughout Anthem
  • The compromised accounts were used in a classic escalation of privileges and subsequent data exfiltration scheme

The Case for Predictive Analytics

This is a depressingly standard attack — and it works, repeatedly, for three basic reasons:
  1. Users are a weak link: As busy as most people are, the difference between and is apt to go unnoticed, especially if the resulting site looks and operates as expected
  2. Information security analysts are buried in alerts: Even when good monitoring software exists, it’s unlikely that the average infosec team (or worse, IT or DevOps team who have had security thrown onto their already overloaded plates) will see and respond to minor domain name changes
  3. Attacks that take place over long periods of time fly under the radar:
  4. Time to detection for the average attack is measured in weeks and months; attackers can get into an environment in minutes or hours. If they are patient — and most government sponsored or large criminal syndicates can afford to be — they can spread the attack out over a long enough timeline to not be noticed.

Reducing Time to Detection and Response

The measurement of good security (in light of this type of sophisticated attack) should be time to detection and time to response. Based on Verizon’s 2015 Data Breach Investigations Report (well worth reading), however, these two key performance indicators are both trending in exactly the wrong direction:
Time to detection and response matter.
The good news is that even modest staffed information security teams can be given the means to change this trend. Machine learning and predictive analytics tools are capable of seeing threats that human users miss, manage even vast quantities of alert data, and identify trends across long timeframes.
It’s clear that something need to change; intercepting spear phishing attacks, recognizing and interrupting early indicators of intrusion, and protecting your organizations’s critical data is well within reach. Want to see for yourself? Request a free trial of the GreatHorn predictive security platform today, and don’t become the next Anthem.

Tuesday, June 9, 2015

Internet of Things Conference: How Smart, Connected Things Will Change Your Business

June 3, 2015

Last Wednesday nearly two hundred people from the MA region came together to share insights on the need to rethink strategies, operations, processes, and technologies when embarking on the internet of things (IoT).

Delivered by John Clippinger, Research Scientist at the MIT Media Lab Human Dynamics Group and Executive Director and CEO of ID3, the keynote address highlighted the transformative way in which devices have taken the place of people as primary observers and data gatherers.

Opportunistically, this enables multiple sources to collect and analyze data providing user experiences and which can have a hugely positive effect on organizations’ bottom lines. And as machines get smarter, the experiences continue to get better.

Yet while the technological capabilities continue to grow, so does the need for defining data ownership, governance, and authentication measures. And understanding that the antiquated regulations and processes must be updated to address our current and future needs.

As Clippinger stated “we are creating new classes of assets” and those all need to be controlled. From the smart televisions in your home collecting data about your TV habits to your cars collecting data about your driving behaviors. This data – your data – is owned by the provider. And you, the consumer, must balance these improved experiences with your sharing your personal data.

Clippinger wrapped his talk with a set of autonomous governance technologies that must be considered when multiple devices are collecting data on multiple stakeholders, across many borders, and a number of owners, including:
  •         Governance without Government
  •         Authorization without Authorities
  •         Regulation with Regulators
  •         Adjudication and Sanction without Lawyers and Judges
  •         Polis without Politicians
  •         Auditing without Auditors

John Clippinger Presentation

Following the keynote, we had a number of sessions that took deeper dives into different aspects of business strategies, regulatory bodies, data infrastructure and architects, and security.

In a panel that included Michael Munsey of Dassault Systemes, Andy Thurai of IBM, Rob Purser of Mathworks, Howard Heppelmann of PTC, and led by Chris Rezendes of INEX Advisors provided their experiences in redefining how strategic processes are created and implemented.

Asked how each defined IoT in their own views the panelists talked about better products and experiences, enjoying the benefit of having better insights and interactions into the world that never existed before, and understanding that the value derived is for themselves, their customers, and ultimately their customers’ customers.

Heppelmann expressed how IoT has changed the shape of business in that the conversations are happening at the CEO level as they flow back to engineering, sales and marketing, and every aspect and department within a company. Munsey followed that up with the huge capital investment that is going to be required, and the multitude of infrastructure providers that are gambling their futures on supporting IoT infrastructures.

Similarly to a data science team, embarking on IoT will require a variety of people across the organization each with different skill sets to build and manage a connected product. Thurai furthered this point by stating that often it is the CMO or others who want to drive business value and revenue funding these products.

Dassault Systemes Case Example

Mathworks Case Example 

The next panel, What Big Data Will Require in an IoT World, moderated by Paul Barth from Podium Data, included Kris Alexander from Akamai, Chris Baker from Dyn, and Pavandeep Kalra from Microsoft.

Alexander talked about how the entire model of big data has been inverted with IoT, whereas the internet has been geared to send massive amounts of large data sets out, but connected devices are now sending massive amounts of small data sets back in.

Kalra who focuses much of his work on machine learning, talked about how more and more there will be a marketplace of machine learning APIs which you can leverage. He also talked about pushing everything to the cloud and then testing in that type of safer environment before making any operational changes.

Baker talked about the importance of obtaining the right information and putting that back into the device to continue to learn and redeploy. Baker also said that having a firm understanding of timing when collecting and redeploying data, such as a pace maker, is the most important component of an IoT product.

Our next session was a fireside chat style discussion between Niko Pipaloff of PwC and Said Tabet of EMC, who was there on behalf of the Industrial Internet Consortium (IIC).

Tabet talked about the IIC’s mission, which is to take IoT forward. Just a year old, the IIC has already amassed 170 member companies and is currently running 6 test beds across the globe to help develop the use cases that companies can use as an example of how to bring the physical and digital worlds together. .  The IIC’s test beds can leverage use cases to build the requirements for the future.

Pipaloff spoke of the benefit of having already proven that working together and offering open standards at with the creation of internet over two decades before will help us.

They concluded the discussion by reiterating that IoT is massive and it’s here already and that a number of small organizations must all come and work together to create the standards and regulations

As the Value of Data panel got underway, it was very clear that it really is all about the data. But what this stellar group talked about was how to understand what data you need and why.

According to Rob Patterson from ColdLight, 9 out of 10 companies coming out of academia are based on artificial intelligence technology - highly data intensive. Combining the AI with machine learning and skilled talent, the intelligence gained can be enormous.

Don Schuerman from Pegasystems, talked about the best insights coming from multiple devices connected to each other to discover external drivers and changing the outcomes.

Subu Ramasamy from Philips Lighting talked through a number of case studies in which creating connected lighting could provide efficiencies through measuring occupancy rates, not just in energy consumption, but also in cleaning or stocking particular offices based on use. He went on to say, customers are not looking for technologies they are looking for services.

When probed by the moderator, Jeff Kaplan of THINKstrategies, the panel members all agreed challenges were around the complexities surrounding the variety of data sources and sets as well as the the limited talent that exists today.

The conference closed on perhaps the most important topic of the day, security. Editor in Chief of Security Ledger, Paul Roberts facilitated a discussion between Brandon Creighton of Veracode and Paddy Srinivasan of Xively by LogMeIn.

The panelists talked about the first step – identifying there is a very real problem. And they stressed that today we are in a world where every vertical now needs to have an information security mindset, but unfortunately that is not the case.

Srinivasan and Creighton spend a great deal of time talking with their customers about what risks exist in products that do not have operating systems.

Srinivasan went on to suggest that he urges customers to follow a multi-step process that includes: uniquely identify each connected device, then securing the information that is coming from the device to the cloud. And once the device and communication are secured, there is then a need to secure and ID the data and assign permissions and actors to that data.

Creighton concludes his remarks with stressing that until there are established protocols for IoT, to have have your engineers do security training, understand what the basic code mistakes are, and then retain security experts to review the architecture and communications networks. And the most important thing is to do this during the development, not as an add-on.

Thank to our Platinum Sponsors: Mathworks, PTC, and PwC

Tuesday, June 2, 2015

Robotics Cluster meeting hosted by Harvest Automation: May 28, 2015

Our May 2015 Robotics Cluster meeting was attended by 40+ MTLC members, standing room only!  After “around the room introductions”, as is customary at our meetings, Josh Lessing gave us a look at Soft Robotics, taking Harvard research to soft grippers with their first sale just THIS month!  He spoke of understanding the customer need, solving their problem, and their process – stressing the importance of balancing adaptability, complexity and cost.
Tye Brady, Distinguished Member of Technical Staff at Draper Laboratory, discussed his findings and recommendations for enabling UAS growth within Massachusetts a result of the MAAVRIC (Massachusetts Autonomous Air Vehicle Research and Innovation Consortium) study completed earlier this year.
Soft Robotics demo box

                        Kenn Sebesta with CyPhy’s LVL 1 Drone                       

Charlie Grinnell, Founder & COO of Harvest Automation gave a brief history of the company and new growth areas they are pursuing.  We later received a tour of their ecommerce test site and a live demonstration.
There was no shortage of live demonstrations during this meeting.  We were treated by Kenn Sebesta to a demonstration of Cy Phy’s LVL 1 Drone – which Kenn flew indoors:  <  click here 1 >  This project has almost doubled its funding goal with Kickstarter and will be funded on 18 June 2015.
After a long networking break, many in the group ventured over to the Harvest warehousing test site to watch the TM-100 in action.  This is a distribution/fulfillment robot available for purchase next Spring 2016.  See this bot in action <  click here 2 >