Industrial Internet: Towards Interoperability and Composability
integer can be supplied, but the author only allows integers that can be represented in 15 bits,
and furthermore that the result must fit into 15 bits or else it would not be correct. Worse still,
the function might corrupt some part of the system leading to an undetermined behavior. Such
a function would be interoperable but not composable – there is no shared expectation of how
the function behaves. That is, composability requires that the interacting parties not only
interoperate correctly by using correct protocols for information exchange and understanding
what each other actually means, but also engage each other with the correct anticipation of each
other’s behavior resulting from the exchange of information so that no unintended or
unexpected consequence would result from the information exchange.
The consequence of lacking composability in the above example might be, at worst, an incorrect
sum undetected by the user or a frozen calculator, but in an industrial setting where system-tomachine and machine-to-machine interactions prevail, the consequence of the lack of
composability could be much more severe.
As the Industrial Internet matures, more components are made of so-called Cyber-Physical
Systems (CPS). In a CPS, logical/computational (cyber) and physical capabilities are co-designed
and co-engineered to form a unified system. However, the introduction of cyber elements
increases not only the behavior space of the new system, but also the variance of behavior for
any particular observed interaction with the environment. That is, CPSs will at least appear to be
less deterministic than their traditional counterparts, precisely because part of the state of the
system and the interaction with other systems will appear to be hidden. However, its highly likely
responses to external stimulus would be state-dependent, thus making its behavior less
deterministic. Now imagine the case of two CPSs that interact with each other, resulting in a
situation outside of their respected design or tested range; or the case when a CPS from one
vendor is being replaced by that from another – how do we ensure the overall system behavior
remains the same or at least safe? Because Industrial Internet systems are large-scale distributed
systems assembled from multi-vendor heterogeneous building blocks, composability is required
for safe, secure and resilient operation.
If we are to have a shared community of services, devices and operations across multiple
communities of authors and users in the Industrial Internet, we must recognize that protocol,
data models and even conceptual models are not enough. In addition, we need to have metadata
models that support composability – allowing prediction of how the system components will act
or interact in ‘real world’ situations, not simply for those test cases in the mind of the originating
engineer when these artifacts were instantiated. Furthermore, we need this across multiple
levels of abstraction, from understanding, for instance, how a flash memory will behave under
low or high voltage conditions to how a system will behave when encountering a novel situation
in the face of a deadline that may not have sufficient time for human intervention. This is
necessary not only to drive risk out of our designs and deployments, but also to capture critical
- 60 -
June 2016