Marco Alvarado
 · CartagoCosta Rica
Get Link

Check your internal project risks

It is interesting to see projects having real life application, and this one is dealing with sensitive issues on quality of life that can make a huge difference or a lot of people.

There is another interesting thing. The project is starting from minimum intelligence and trying to grow to a smarter system based on hardware and basic control devices; however, when arriving to GSM and WIFI, real problems could arise in the data security landscape. Just check what have been happening with JEEP cars and TESLA weaknesses on central control systems.

When growing to some extent, could be possible that the system must jump from Arduino to a complete Computer, maybe a Raspberry Pi or similar device (trying to keep costs on limits) and that machine would have a complete Operating System and it is extremely important to understand what type of security issues could be present there. This is particularly important because the chair user is a person that can’t have options on mobility and if somebody else tweak the device then the user will lost control on it.

I am a serious advocate on security analysis on every project we have in front of us. I agree that it is important to resolve all the possible functionality problems, but we can’t forget that IOT is one of the most dangerous development areas in the world right now and, this chair, is an IOT example.

But. What to do? … I will make an over-simplification extended for not data related security issues, as they are present in the current project stages. But the same is valid on many other project dimensions.

The first thing is to enumerate all possible vulnerable systems and sub-systems in the device. This is a plain list.

Then, to define an importance grade (1 to 5 is enough). One is for not so important things (they can fail and this won’t represent a life threatening issue) but 5 lives is a life threatening area.

After that, to describe when a vulnerability could create a real problem (vulnerability is the capacity to create that problem). That need to be graded. 1 is for not so probable and 5 for highly probable problems.

To end, you multiply the grades. And the final goal is to reduce the final value (risk). As can be seen, it is more important to deal with the high numbers because the work consume resources and higher mean more danger.

Example : power system.

Importance level 5 (without power, the chair is useless).

Vulnerability 1: waterproof. grade 5 (possible short circuit).
Vulnerability 2: overheat. grade 5 (possible explosion).
Vulnerability 3: weight. grade 3 (very heavy implies less working range)
Vulnerability 4: price. grade 3 (very expensive implies more difficult to purchase)

Total Risk Level = 5 * (5+5+3+3) = 80

Then, try a plastic box with some intelligent ventilation (air but no water). And then, the risk go down very much.

(0+0+3+3) = 30

But just trying to reduce weight won’t represent a real advantage

(5+5+0+3) = 65

I hope this helps with the project :-)

Marco Alvarado

What a fantastic analysis and explanation! Thank you!
I will keep this in mind and make my business plan accordingly.

Marco Alvarado

Marco explained clearly about the risk calculation

Award Contribution
John Rodrigues
Community Expert
Product Designer|Entrepreneur |Founder of designwithjohn.com
 · HonnavarIndia
Get Link

This a very valuable feedback

1 like 
Award Contribution
Leave a reply...
New Post
Start Project
Online Users
Share Link
Write something before you submit it!
Photo updated
Request Sent!
Copied to Clipboard