A new coalition is building a low-cost solution to save lives in earthquake-threatened regions, rather than garnishing a profit from a new early-warning system. OpenEEW is an open-source IoT project with the goal to save lives by reducing the cost of earthquake early-warning (EEW) systems and accelerating their deployments globally.
The Linux Foundation earlier this month announced that it will host the project’s developer — Grillo — in collaboration with IBM. The project includes the core components of the Grillo EEW system, comprised of integrated capabilities to sense, detect, and analyze earthquakes and alert communities.
Nearly one-third of the world’s population live in seismically-active regions. At risk is the safety and survival of approximately three billion people living in earthquake-prone areas without early-detection systems that could cost upwards of US$1 billion to put in place.
A Project for a Safer Future
OpenEEW was created by Grillo with support from IBM, USAID, the Clinton Foundation, and Arrow Electronics to address the heightened dangers of injury and death in developing countries. The severe consequences result in part from construction and infrastructure issues in those regions.
Timely alerts have the potential to help save lives in the communities where earthquakes pose the greatest threat. EEW systems already provide nationwide public alerts in Mexico, Japan, South Korea, and Taiwan; and alerts to select user groups in India, Turkey, Romania, and the United States.
“For years we have seen that EEWs have only been possible with very significant governmental financing, due to the cost of dedicated infrastructure and development of algorithms,” according to Andres Meira, Grillo’s founder.
Meira expects that OpenEEW will reduce these barriers and work toward a future where everyone who lives in seismically-active areas can feel safe. OpenEEW has the potential to become a game-changer as crossover technology for other uses, he noted.
“The technology has already been used by Grillo to monitor buildings that are in danger of collapsing. The OpenEEW sensor has been designed with a spared I2C port for adding additional sensors, in case someone wants to monitor smoke/temperature/or something else,” Meira told LinuxInsider.
The OpenEEW Project’s sensor hardware and firmware can rapidly detect and transmit ground motion. Its real-time detection systems can be deployed on various platforms from a Kubernetes cluster to a Raspberry Pi. It is also highly suitable for pairing with applications that allow users to receive alerts on hardware devices, wearables, or mobile apps as quickly as possible.
The open source community aims to help advance earthquake technology by contributing to OpenEEW’s three integrated technology capabilities. Grillo’s OpenEEW is the most recent project to be open sourced for communities that need them most, according to The Linux Foundation.
To that end, IBM has deployed a set of six of Grillo’s earthquake sensor hardware and is conducting tests in Puerto Rico, complementing Grillo’s tools with a new Node-RED dashboard to visualize readings.
As an example of open source technology’s widening reach, IBM is extending a Docker software version of the detection component that can be deployed to Kubernetes and Red Hat OpenShift on the IBM Cloud.
Grillo sensors have generated more than 1TB of data since 2017 in Mexico, Chile, Puerto Rico and Costa Rica, including information from large earthquakes of magnitudes six and seven. Researchers from Harvard University and the University of Oregon are already working with this data, which will enable new machine learning earthquake characterization and detection methods.
Grillo used several other open-source technologies in designing its OpenEEW project, Meira noted.
“OpenEEW features the hardware and firmware for the sensor, the software for the detection system — which can be deployed on various platforms — and various examples for sending alerts (alarm devices, apps),” he said.
Security Remains a Managed Concern
Recent disclosures of vulnerabilities involving open-source software will not negatively impact on OpenEEW’s viability, assured Paul Holland, principal research analyst at the Information Security Forum.
“The usage of open source software does not alter the viability of the project at all. Many closed source products have as many vulnerabilities as their open source equivalents. The problems with vulnerabilities arise from mismanagement of them,” he told LinuxInsider.
If the project implements a robust patch management process, vulnerabilities will not impact OpenEEW’s viability. These would include a test bed for testing new patches as soon as they are released and a method for implementing the patches in the live environment once testing has been completed then it is certainly a viable option.
“Security is of vital importance to OpenEEW,” added Grillo’s Meira. “From the start it was designed in mind so that no one can maliciously trigger a false alert. That could have the effect of desensitizing users when they receive future alarms, or worse.”
For example, fatalities occurred with the Mexican SASMEX system through panic following false alerts. To overcome this, OpenEEW has a number of safeguards built in, according to the project’s developer.
All messages from each sensor are encrypted with TLS/SSL so that a ‘man in the middle’ attack is not possible, Meira explained. In a case where someone was to simulate a false alert message from his/her sensors, the detection system would discard this because it needs several sensors confirming an event before any alert is issued.
Not Quite Bulletproof
Still, a hacker or cyberattacker who breaches this project’s security would be a significant problem, admitted Meira. But he feels it has been mitigated sufficiently.
“Please note that no EEW is perfect and free of false positives or false negatives. This is true of Mexico’s SASMEX and the U.S.’s Shakealert, both public projects with decades of investment,” he added.
Any IoT deployment will have security issues. Keeping these types of systems up to date is notoriously difficult, offered Thomas Hatch, CTO and co-founder at SaltStack. But he does not think this should be a serious negative for the OpenEEW project.
“Overall, making these platforms open source and using standard libraries should improve the security of these earthquake detection systems over time — much more than if they were proprietary. The overarching problem we typically see with proprietary IoT devices is that the probability of neglect seems to be much higher over time,” he told LinuxInsider.
Assuming a bad actor breached the security defenses, the project’s intent to issue early warning alerts of earthquakes would be met with two possible outcomes, suggested Information Security Forum’s Holland.
One, they could amend the data so as to warn of an earthquake that is not about to happen, thus causing mass panic and people evacuating an area unnecessarily. Two, a hacker could suppress an alert so no warning of the forthcoming earthquake would be issued. That could equate to more loss of life.