FWM speaks with Dr. Dieter Kraft, Managing Director of TRUMPF Venture GmbH
TRUMPF (Ditzingen, Germany) boasts one of the widest ranges of machine tools in manufacturing. Certainly, the company researches a great deal and has people in the field to see what customer problems need to be addressed.
Even with all of the observation, research and development, some problems are problems of the overall manufacturing habitat, or the general business environment. Or they are advancements that demand more advancements (a great example is Industry 4.0 and what happens during and after implementation).
In the real world, it looks something like this: One of the earliest steps in reaping the promises of Industry 4.0 is connectivity. And so, network cabling is run, software is configured, and voila, data flows. That’s great—that’s the point.
Now the downside: data flows, and it doesn’t stop at the factory walls. Top laser/press brake companies already have inclusive software platforms for shop floor management that can be remotely accessed. Even the medium-sized vendors have ways of doing remote diagnostics of equipment. So, while enjoying the early part of the journey into Industry 4.0, companies by definition open a potential vulnerability.
Recently, the venture capital unit of TRUMPF called TRUMPF Venture GmbH, made two investments directed at solving the vulnerability: CYR3CON (Tempe, AZ) which strives to reduce vulnerability via predictive analysis of where and how threats are most likely, then allocating artificial intelligence (AI) resources toward those targets; and L7 Defense, a Be’er Shiva, Israel-based firm that has solutions for Application Programming Interface (API) security that leverages AI to prevent attacks that use the programming interface, for example, to make impossible requests of a server (like inquiry statements that one would never create). These two companies are part of a 10-company portfolio (see chart below).
We spoke to the Managing Director of TRUMPF Venture, Dieter Kraft, about the advantage of participating in venture capital investments.
FWM: Let’s talk about why people in manufacturing are going to need the innovations in cybersecurity.
The trend clearly shows the process of implementing automation and networked machinery at our customer sites. Such networked machines can be protected against attacks with a firewall/cyberwall in large companies. It’s possible because of machine-based encryption of sensitive data.
Suppliers to these manufacturers, including TRUMPF, rely on data which are located centrally or on the edge, or totally decentralized at the customer site. We tend to leave that data at the customer site so as to minimize data transfer. Even if we apply machine learning, we apply that at the spot of action, at the customer site.
FWM: Because of the vulnerability at the wall.
Yes, networked machines are facing more attacks, especially in the time of Covid. We track that and we see that it is increasing dramatically.
The second trend, as an overlay, is that there are more open interfaces, such as application programming interfaces. These interfaces are well-specified, openly communicated, and most of the databases make use of it. It will be everywhere in the next five years. Many things make use of such interactive databases based on APIs.
We all use programs like SAP or some kind of customer relationship management, and our expectation is that our machines, too, will do so—depending on the size of the customers. The use starts with the larger customers and ends with small customers. At some point everyone will use database requests to feed the machine, to provide services, to create services and new capabilities.
Included in our recent investments is the ability to monitor what our APIs are facing in real time, and we can model such interfaces. Using an AI approach, it detects potential attacks.
FWM: The hacker’s trick is to go to the same device, the same port, the same API, and try to look as much like a valid request as possible. How do you sort that out?
Potentially someone is faking that, and we need to prepare ourselves to separate the legal accesses from the “illegal” accesses. We got to know L7 Defense a year and a half ago. They had good results in different governmental tests; they are well tried and tested. The methods they apply are good.
The “learning” method uses artificial intelligence, and does not need to learn from high amounts of statistics—it is called unsupervised learning. It’s very interesting to us technically, and it’s very economical. It’s very easy to put together only a small portion of statistics; the software will learn very well from that.
FWM: What about your other investment?
The second company is CYR3CON in Arizona, it’s a whole different approach. They rank the level of critical vulnerabilities on an ongoing basis, using different sources. If the hockey-stick steepness of a hack deployment increases dramatically, they give you that signature on your screen, where the recommendation is to patch the vulnerability. It will not tell you that you are currently at risk, or it is harming your production, it’s just saying that if you use this type of software, you may be vulnerable because this particular vulnerability ranking rose recently.
FWM: What are the things that TRUMPF thinks about before making investments like these?
We want our customers to be able to plan production without special needs to create downtime. Operate the TRUMPF machine 24/7 whenever necessary. Make the machine safe for mechanical handling, make it easy to use, too. Make it easy to network!
The second thing we have in mind is this: If a customer has an 85 to 90 percent production rate, then our remote services come into play. It’s important to leverage these services to maintain such a high rate of operation. If the customer network is infected with a virus, then it would be a risk for the customer and for TRUMPF. We are thinking a step ahead. We have moved from a machinery outlook to what yields we can provide to the whole customer operation.
FWM: This cyber war must be fought on multiple fronts.
We need to. The bad message is that once you are fighting this step by step, you always generate more creativity on the part of the hackers. We are careful with where we invest in cybersecurity. We do not want to attract bad people who analyze certain companies’ thinking and create new ways to do damage, to misuse the technology. When good things are created, hackers want to misuse those tools.
FWM: All of the advantages gained from management software are impossible without cabling the shop and connecting everything. The larger firms understand the investment; the medium- and small-sized firms not yet.
On the one hand, it’s the simple installation of the physical layer, but right now it’s unusual for mid-size and smaller companies to make use of it. Use depends on the customer size and how profitable the company needs to be. A large company like Mitsubishi or Siemens, or an auto maker, they operate their environment in a high-yield, high operational requirement environment. Everything is already connected.
The smaller firms are not as advanced. Some of them even deal with the psychological aspect of being continuously monitored. Allowing external parties like TRUMPF to monitor the machine operation, even if it would bring benefit, makes some people uncomfortable. Plugging into the network and enabling them to make gains means that we can see what they do. The uncomfortable feeling might even lead to actions that prevent such observation. They might switch off the machine over the weekend, they don’t need it anyway. Vendors like TRUMPF have to overcome this psychological threshold, and once you do, then you can convince people that remote services are more convenient, even in supplying spare parts.
FWM: About 15-20 years ago, the trend was toward “transparent supply chains.” In this environment, I could see how many widgets I had at my supplier’s widget warehouse. Now we are asking people to do the same thing, but not with widgets, but with services. Trust is perhaps more important now, and it seems like it will take a few years to achieve that.
Absolutely. Remote service is the logical next step, and a necessary next step, to further optimize the machine use or the assets you need to buy. If you are doing this and your competitor is not, you have an advantage. Once it gains momentum, the others will be required to use it as well, because otherwise they are not competitive.
I would compare it to the automotive industry in the late eighteenth and early nineteenth centuries. Things were handmade, more or less, and Ford made it somewhat automated. Now, you look at the Japanese production lines of the late last century, and manual/people processes have been really reduced.
Including remote services needs to happen. It will happen, and it just depends on which companies will take the lead. This might depend a bit on the industry structure, although the manufacturing industry has a long-lasting technology life.
FWM: Let’s talk about your own firm, TRUMPF Ventures. It would seem to be a strategic asset, a venture system that can look at the market and can go get some of the necessary technologies.
Yes, this is driving me personally, trying to give the company a head start in future deployments in the markets and market trends, and investing in these interesting companies. And we try to learn a bit and use the solutions ourselves.
FWM: Are you fairly autonomous?
We can invest even against the business unit recommendation. Why? Because this might give us a chance to find things which are not invented internally. There is no “not invented here” in TRUMPF, of course not. Perhaps there is a problem and no solution in the business unit, they say it can’t be done, but it is being done elsewhere, that’s a great reason to invest. We are learning about the future, we are protecting our customers’ future.
FWM: You have to concentrate on things that are deployable within a couple of years, correct? Ten years down the road is too long, and the environment may change in that time.
That describes our thoughts very well. In the last couple of years as we have built our portfolio, this is also a perception we see internally. You can’t easily measure these things [in a startup firm] because these are soft facts that are not as measurable as financial performance (which we need to prove as well). But if you allow a company like ours to do corporate research, not necessarily product development, you just burn the money in huge portions. If you install a venture capital unit, you are requested and incentivized to bring the money back.
Even though it’s a bit of a near-field approach, two to five years, it’s always intended to bring at least the invested money back.
FWM: And even if you broke even at the end, in effect you have rented that knowledge and improved your product line.
Yes, and hopefully you have helped the company increase value. The first point is, we need the strategic fit for a potential benefit for TRUMPF. The second point is this: If the company we invested in pivots to a direction that is not a strategic fit for TRUMPF, we can stay in as long as it’s financially attractive.
FWM: Why would you leave an excellent investment?
Yes, and don’t leave a friend if he needs help.
FWM: What is your experience in investments that were planned for a long time, versus a sort of a situation where something comes across your desk that looks really good and you had not considered it before?
You can’t always predict the future. At the point of investment, we try to draft a picture of a potential exit for ourselves. Who could be potential acquirers? You need to have imagination of how much you can really reach financially, how can this company grow, and how much cash is needed to make it grow toward that goal.
At the time of the exit, usually a company is never for sale. Its best case is to be acquired.
FWM: What types of companies are you looking for? What stage are they in, how many people, etc.?
It’s relatively broad based but our sweet spot due to the fund size is Series A where we step in. However, we restrict ourselves to invest in a few very early stage companies with the potential for a breakthrough innovation in technology or business. They are of course not as easy to handle, and riskier.
We also know we need to spread the portfolio and we do this from seed to Series B or later. It depends on the money and the portfolio balance. Company size is usually 10 to 100 people. Revenue size is 0 to a few million. Usually, we will take a board seat in order to have a deep insight.
We do not accommodate special terms, no right of first refusal. We always invest in syndicates. If possible, we invest together with at least one institutional investor. We do this as a corporate investment. If we were to invest by ourselves in some things, like additive manufacturing, it could leave “burnt fields.” In that case, we ask our strongest competitor (in additive manufacturing, in this example) to join us in the investment.