Category Archives: Cyber Security

Bedrock Announces New Firmware Upgrade for Cyber Security

Press Release from #arcforum:

 

Bedrock® Cybershield 3.0 Delivers on the Promise of Open Secure Automation (OSA®) with a Suite of Cyber Defense Tools and Open SCADA Partners

 

San Jose, Calif. – February 12, 2018 As part of their participation at the ARC Conference, Bedrock Automation has announced the availability of Cybershield 3.0, a major firmware upgrade with advancements that make it easier for end users and developers to build control applications that are both open and secure.  Among the six major innovations facilitated by the Cybershield 3.0 upgrade are the first public key infrastructure (PKI) built into an OPC UA server for SCADA applications; an industrial Certificate Authority (CA) for user key management; virtual crypto key locks for the controller; and a Secure Proxy server capability that can protect legacy controls systems of other vendors.

 

“Cybershield 3.0 is one of the most significant steps forward since the release of our Bedrock OSA platform. We now support leading SCADA companies in integrating their OPC UA client to our open security and key management tools.  In addition, we start our march to converge IT cyber detection technologies into real-time OT automation with our integrated Anomaly Detection (AD) tools built into every controller. We are delivering secure SCADA and AD as intrinsic and zero-cost advancements, focused acutely on ease of use and reductions in lifecycle costs,” said Bedrock founder and CEO Albert Rooyakkers.

 

Bedrock Cybershield 3.0 includes the following capabilities:

 

  • Secure Open SCADA with OPC UA. The cryptographic keys built into all the Bedrock system electronics, provide the root of trust for the Bedrock Certificate Authority (CA) that verifies the reliability of OPC UA-managed communications between SCADA and PLCs or other industrial control systems.

 

  • Open Certificate Authority (CA) for SCADA. This advanced SaaS key and certificate management tool is not only FREE to our customers but is simple to deploy with our Secure SCADA Interface Specification Leading SCADA providers, including Inductive Automation, ICONICS and Tatsoft, are committing to and releasing support to this interface specification.

 

  • Intrusion detection. Even though the Bedrock control system has protection built into its core, users still need to know when system security is challenged. Cybershield 3.0 comes standard with intrinsic Anomaly Detection (AD) functionality that continuously monitors the controller’s network and system time to detect intrusions and anomalous behavior and report it to both SCADA and enterprise database applications for trending, alarming and historizing anomalous cyber activity.

 

  • Quickly Secure Legacy Automation with Secure SCADA. Companies can now use Bedrock security to help integrate open standard communications protocols with legacy PLC and DCS systems from other vendors. A Bedrock secure controller module acts as a gateway between SCADA platform workstation and the legacy controllers.
  • Cryptographic key locking. Cybershield 3.0 also includes a cryptographic controller engineering key lock that permits only users with the required credentials to change the mode of the controller.

 

  • Achilles and EMP compliance on power supplies. Bedrock Automation is certifying its standalone power supply and standalone uninterruptible lithium power supply to both MiL-STD-461-G, the military standard for advanced EMP hardening, and Achilles Level 2 certification, augmenting the EMP and Achilles certification achieved for its control system modules last year.

 

“Today’s increasingly connected environment drives the process industries to search for automation solutions that deliver the benefits of open communications with ‘baked in’ cybersecurity. By extending its secure automation technology to third-party software providers, Bedrock Automation addresses this key pain point of future automation requirements. ARC believes the intrinsic and no-cost approach of Bedrock’s cybersecurity strategy is the quintessential component missing in control systems, today,” writes ARC analyst Mark Sen Gupta in his recent report, Bedrock Automation’s Open Secure Automation a “Win” with End Users

 

Availability

Cybershield 3.0 will be standard on all Bedrock control systems starting in Q2 of 2018 and will also be made available to current Bedrock users as a free upgrade.

 

Emerson Announces DeltaV version 14 and DeltaV Mobile

Press release from @arcforum:

Emerson is expanding its Plantweb™ digital ecosystem with today’s launch of DeltaV version 14, a cybersecurity-certified control system designed to deliver new value in capital projects and make plant operations more connected and productive. The latest release provides significant innovations to the entire DeltaV architecture and was built with customers’ digital transformation initiatives in mind.

This major update to the DeltaV automation system includes several meaningful enhancements to eliminate costs and reduce complexity in capital projects, plus improve productivity during operations through enhanced access to production and equipment data, improved usability and greater security.

“More than ever, an integrated plant data environment is essential to achieve digital transformation. With DeltaV, we’re reducing the engineering effort required to securely connect plant, operational and information systems,” said Jamie Froedge, president of Process Systems and Solutions, Emerson Automation Solutions. “Our customers will have more capabilities in their distributed control and safety systems to help them successfully execute capital projects and optimize operations.”

Capital Project Flexibility

Continuing to advance the impact of DeltaV Electronic Marshalling with CHARMs on capital project engineering, CHARM I/O Block takes CHARMs—which achieved more than one million deployments at more than 1100 sites in only five years—closer to the field. Small enclosures with up to 12 CHARMs can now be installed closer to field devices, significantly reducing wiring and overall installation costs by as much as 60 percent and providing more engineering flexibility.

Smart Commissioning, launched in 2016, took one of most engineering intensive operations off a project’s critical path. Traditionally, commissioning has been a manual task that requires more than two hours per device for thousands of devices. Smart Commissioning reduced commissioning time to 25 minutes. Emerson is now expanding these capabilities and reducing device commissioning time to as little as 10 minutes, a nearly 93 percent reduction in costly commissioning time that could save several hundred-thousand dollars in engineering costs.

Mobility and User Experience

DeltaV Live Operator Interface is a modern, built-for-purpose operations experience that is easy to understand and modify. The HMI comes pre-engineered with the industry’s best practices for user experience including ISA 101.01 and is based on research with the Center for Operator Performance, a consortium of vendors and academia focused on human factors engineering. The HTML5 interface enables scalable graphics and gives operators the flexibility to adjust their displays to focus on process data that is most important for each situation. The new operator interface helps improve overall situational awareness and decision-making speed. Emerson is helping companies prepare for the shift to mobility with DeltaV Live by building a foundation for graphics to be transferrable across desktops, laptops, and mobile devices—all without additional engineering or custom scripting.

A Secure, Connected Plant

DeltaV will offer its users a new level of confidence and protection from cybersecurity threats by being one of the only systems to have a top-to-bottom cybersecurity certification. DeltaV v14 will be certified ISASecure SSA Level 1 by the International Society of Automation (ISA), signifying that Emerson developers are trained to write secure code and the system as a whole is hardened against cyber threats.

Emerson is making connecting a plant’s OT systems with IT systems seamless by expanding OPC UA access in its DeltaV hardware and software offerings. DeltaV is the pathway for most plant data and now using the IIoT’s most prevalent protocol, OPC UA, DeltaV applications and servers can securely share data to cloud analytics applications, remote monitoring solutions, and third-party technologies.

Emerson announced the first two additions of its new DeltaV system last year with the DeltaV PK Controller and DeltaV Mobile. The DeltaV PK Controller enables plants to control skids and applications typically managed by PLCs with a standalone DeltaV controller or connect into an integrated full-scale DCS automation architecture or the cloud via embedded OPC UA. The DeltaV Mobile platform that natively connects into DeltaV—securely and without additional engineering—to enable managers, engineers, operators and subject matter experts to monitor operations and have critical data and alarms at their fingertips, whenever and wherever they need it.

Extreme Badness from Malware and Design Flaws Impact Industry

Insiderlogo3First, there’s the Triton Exploit

In 2004, Triconex safety expert Robert Adamski told me, “I’m going to share my nightmare with you.” He proceeded to talk about, not a safety issue, but a cyber security issue. He predicted that it would be possible to penetrate a control system and enter the safety instrumented system, the SIS, which is designed to safely shut down a plant in the event of a failure in the process. He explained exactly how his hacker, “Let’s call him Ali al Qaeda,” would be able to do that, and he dared me to tell him it couldn’t happen.

 

Ever since then, I have been talking about Bob Adamski’s nightmare, and nobody has ever been able to tell me it couldn’t happen.

 

The best they could do was to assert, pretty baldly, that it was highly unlikely, that it would require great resources, and would not happen because it would potentially cause extreme damage. Neither Adamski, who passed away a few years ago, nor I ever believed much in that argument, and we’ve been waiting for Bob’s nightmare to come true.

 

Well, now it has. Not quite as badly as Adamski feared, and no plant was destroyed. But an attacker targeted an SIS system, and caused it to shut down the plant.

The best description of what happened, and what the malware can do is in a blog by Heather MacKenzie of Nozomi Networks. You can read the entire blog here. She makes some important points.

 

“The attack reprogrammed a facility’s Safety Instrumented System (SIS) controllers, causing them to enter a failed state, and resulting in an automatic shutdown of the industrial process,” MacKenzie wrote. 

 

The attack is bold and notable,” she said, “because it is the first known industrial control system (ICS) attack that has targeted and impacted not just an ICS, but SIS equipment. Also, the type of SIS attacked is widely used and is commissioned in a consistent way across many industries.”

 

She then makes an important point. “The SIS system that was attacked was a Schneider Electric Triconex Safety Instrumented System (hence the malware moniker “TRITON”, also known as “TRISIS”.)  However, the malware was not designed specifically for Triconex, it was designed because the target organization was using Triconex(emphasis added).”

 

What MacKenzie, and Nozomi Networks’ partner, Fireye, which discovered the exploit, says is that FireEye is moderately confident that the attacker inadvertently shutdown operations while developing the ability to cause physical damage. You can read their reasons for coming to this conclusion, and many other important details about the attack, in the FireEye blog post on TRITON.

 

MacKenzie notes, “ It is the first known malware targeting SIS, and only the fifth malware known to specifically target ICS (after Stuxnet, Havex / Dragonfly, Blackenergy2, and Industroyer / CrashOverride).”

 

It is likely that if the target enterprise had been using another SIS system, the exploit would have targeted that one instead of the Triconex system.

 

Now that the exploit has demonstrated that SIS systems as a class are penetrable and vulnerable, we can expect to see more attacks.

 

“Cassandras” like Joe Weiss, myself, Eric Byres (of Tofino fame) and others have been pointing out for a decade that there is a thought gap between data security, which most cyber security systems are based on, and process safety. You cannot have a secure system unless it is a safe system. You cannot have a safe system unless it is a secure system. We can no longer ignore this fact or Bob Adamski’s nightmare will become all too real.

 

Intel, AMD, and Other Processors Vulnerable

 

If the Triton Exploit weren’t enough, the entire computing world was rocked in December  and early January by the revelation that processors by Intel, ARM, AMD, and even Qualcomm (one of the largest manufacturers of mobile device processors) are vulnerable to a series of vulnerabilities, like Spectre and Meltdown, which leave them open to attack.

 

How this impacts the automation industry is obvious. Since the major automation vendors abandoned making their own chips, almost forty years ago, chipsets by Intel, ARM, AMD and others have been used in everything from sensors to controllers, to the computers that DCS and SCADA systems run on. The computers that serve as cloud servers are not immune either.

 

A report from CNET describes the issue: “Researchers found two major weaknesses in processors that could let attackers read sensitive information that should never leave the CPU, or central processing unit. In both cases, attackers could see data that the processor temporarily makes available outside of the chip.

Here’s why that happens: To make computer processes run faster, a chip will essentially guess what information the computer needs to perform its next function. That’s called speculative execution. As the chip guesses, that sensitive information is momentarily easier to access.”

 

Spectre and Meltdown (which targets cloud servers) can be used on systems that are not patched to prevent it, to permit unauthorized entry into the system. Now, it is in the industrial space that systems will potentially NOT be patched.

 

This is because in many cases, the system cannot be shut down to patch it, or the system is running on an archaic processor. There are thousands of Windows XP systems running in the industrial environment. There are instances of even Windows 3.11 and DOS systems running processes yet today. These systems cannot be patched.

 

Intel and the others state that the flaw has existed for at least twenty years, so all those archaic systems are vulnerable.

 

CNET reports, “Researchers, chipmakers and computer companies all say there are no known examples of hackers using these weaknesses to attack a computer. However, now that the details of the design flaws and how to exploit them are publicly available, the chances of hackers using them are much higher.”

As the Triton Exploit and others have proven, hackers up to and including nation states, have been trying to penetrate Industrial Control Systems for at least a decade and a half already. This just gives them another avenue to exploit. And as the ICS malware exploits we have already seen show, it is not all that difficult to attack a control system that is not adequately defended.

 

Operating system manufacturers like Apple and Microsoft are scrambling to patch their systems so that the exploits cannot be used. But the fact that it exists in nearly all processors means that it will be hanging over us for a long time.

In the meantime, be wary of phishing and other means of achieving entry into your control systems. Be afraid. Be very afraid.

This first appeared in the December 2017 INSIDER. If you like this kind of reporting and analysis, please consider becoming an INSIDER subscriber. Visit http://www.spitzerandboyes.com/insider for more information.

 

HIMA talks SIS Cyber

Insiderlogo3HIMA, the largest independent safety instrumented system manufacturer, today released this press release:

(Houston, TX, January 11, 2018)

In late 2017 the ICS cybersecurity specialist Dragos announced that a safety controller (SIS) of a HIMA competitor in a process facility in the Middle East had been targeted by a new malware attack and successfully hacked. The SIS was compromised, leading to a shutdown of the facility. The professional execution of the attack again clearly shows that facility operators need to take the subject of cybersecurity very seriously. HIMA, a leading global independent vendor of smart safety solutions for the process industry, therefore offers to provide expert consulting on the subject of cybersecurity in safety-critical systems.

The above-mentioned cyberattack represents a new dimension of cyber threats to critical infrastructure. According to current knowledge, it was specifically planned and designed to target the SIS of a particular manufacturer. This sort of attack on a SIS, the first ever seen worldwide, is very sophisticated and only possible with significant effort.

Dr Alexander Horch, Vice President Research, Development & Product Management at HIMA, comments: “The incident with our competitor should serve as a wake-up call for all of us and further enhance awareness of the subject of cybersecurity in the industry. Work processes and organizational deficiencies are by far the most common areas of vulnerability for successful cyberattacks. System interfaces that remain open during operation and can be used to program the systems concerned, for example, give attackers a potential point of access. We urgently advise facility operators to not rely solely on cyber safe components, but instead to establish a comprehensive security concept for their own facilities.”

To achieve maximum safety and security, it is especially important for facility operators to implement the requirements of the standards for functional safety and automation security (IEC 61511 and IEC 62443) for physical separation between process control systems and safety and security systems.

In addition to providing automation solutions conforming to relevant national and international standards, HIMA supports plant engineers and operators in developing security concepts for the entire life cycle.
“For facility operators it is important to constantly keep an eye on potential forms of manipulation. In this regard, safety-critical applications are fundamentally different from other industrial PLC or office applications. Considerable expertise is necessary to ensure cybersecurity in safety applications. Maintaining and constantly refining security often poses a challenge to facility operators. It is therefore advisable to draw on the services of experienced safety and security experts in order to jointly develop and implement effective concepts”, says Heiko Schween, a security expert at HIMA.

December 2017 INSIDER discusses cyber-badness

Insiderlogo3The December 2017 INSIDER has been released. The cover story, “Extreme Badness from Malware and Design Flaws Impact Industry” discusses the two cyber issues impacting the ICS community that surfaced in late December: the Triton Exploit and Spectre and Meltdown. The INSIDER has been discussing this for years, and your editor and Joe Weiss beat the drum for years at Control magazine. The late Robert Adamski called something like the Triton Exploit “Adamski’s Nightmare.” It has been infecting my dreams since 2004, and I am pleased to pass it along to you. If you aren’t afraid yet, you haven’t been paying attention.

In the Health Watch, NIck Denbow and I look at the state of the Automation Industry through the lens of ABB, and we take a look at Endress+Hauser’s alliances, distribution, and newest product and what it means for Millenials as they become engineers and operators.

Rajabahadur Arcot’s article, “India’s expanding economy and emerging growth opportunities” rounds out the last issue of 2017.

If you’re not a subscriber, visit Become an INSIDER and subscribe. Individual subscriptions are $500 per year…that works out to less than $40 a month for the best news and commentary in the industry. Corporate subscriptions are also available. Contact David Spitzer for details.

 

 

 

Schneider Releases Triconex Malware Advisory

Insiderlogo3From the Schneider Electric announcement:
Malware Discovered Affecting Triconex Safety Controllers V1.1 December 14, 2017
Overview
____________________________________________________________________________
Schneider Electric is aware of a directed incident affecting a single customer’s Triconex Tricon safety shutdown system.
____________________________________________________________________________
We are working closely with our customer, independent cybersecurity organizations and ICS- CERT to investigate and mitigate the risks of this type of attack. While evidence suggests this was an isolated incident and not due to a vulnerability in the Triconex system or its program code, we continue to investigate whether there are additional attack vectors. It is important to note that in this instance, the Triconex system responded appropriately, safely shutting down plant operations. No harm was incurred by the customer or the environment.
Triconex user documentation contains detailed security guidelines and recommendations on how to protect Triconex systems from attack. We strongly encourage all our customers to follow these recommendations regarding product use and security, as well as apply and follow industry-recognized cybersecurity best practices at all times to protect their installations:
• Ensure the cybersecurity features in Triconex solutions are always enabled;
• Never leave the front panel key position in the “Program” mode when not actively
configuring the controller;
• And ensure all TriStation terminals, safety controllers and the safety network are isolated
from the rest of the plant communication channels.
Also, review and assess your site’s cyber preparedness. Schneider Electric is a proponent of the NIST Cyber Security Framework and is ready to assist should this be necessary.
The Schneider Electric Product Security Office continues to work with ICS-CERT and will update this advisory as more information becomes available.
Details
The modules of this malware are designed to disrupt Triconex safety controllers, which are used widely in critical infrastructure. The malware requires the keyswitch to be in the “PROGRAM” mode in order to deliver its payload. Among others, the reported malware has the capability to scan and map the industrial control system environment to provide reconnaissance and issue commands directly to Tricon safety controllers.

Major Cyber Attack on SIS Systems–and we told you so!

Insiderlogo3The late Bob Adamski didn’t live to see his prediction from the early 2000s come true, but it has. Here are some of the reports:

From FireEye, on 12/14/17:

Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure

And on 12/15,

New TRITON ICS Malware is Bold and Important

Bob and I, and Joe Weiss, have been continuously predicting this development since at least 2004. Yet it is now 2017, and the systems are still vulnerable. This is stupid.

Although the attack apparently only accidentally shut down the plant, during a search for operational data, the attack could have easily been used to destroy the plant utterly by spoofing the SIS system and using it to cause extremely unsafe conditions leading to catastrophic accidents.

At some point, somebody has to be willing to recognize how fragile OT systems are, really, and how easily they can be disrupted. It is said that our civilization is three days from anarchy. The late Dr. Jerry Pournelle, inventor of the Star Wars Defense for Ronald Reagan, said we were three weeks from cannibalism if the lights went out and stayed out.

This is seriously dangerous, folks, and I am tired, and Joe Weiss is tired, and Bob Adamski was tired before he died, of being told we are fear-mongering. We aren’t. And now we can prove it.

 

 

 

Nobody Is Doing Anything About Cyber Security

Insiderlogo3At the INSIDER we’ve been saying this for years. The adoption of even basic cyber security actions in the industrial space is very low. Many companies believe that they are “pretty safe” because they are relatively obscure. But I recall a conversation with the head of IT of a regional potato chip company about 7 or 8 years ago: “I never thought anybody would cyber attack us. We make potato chips, for God’s sake.”

Honeywell, which has maintained a very high emphasis on cyber security in the industrial environment for over a decade now, sponsored a report by LNS Research on adoption of cyber security practices.

Here’s the press release with the study’s findings. All we can say is, “Wake up, people!”

The issue has gone beyond lack of knowledge. As Joy Ward, Spitzer and Boyes LLC’s director of research says, if you put together a good intellectual argument, and nobody is buying, you are looking at high emotional barriers. She recommends doing some serious qualitative research to determine what those barriers are, so that the intellectual argument can be adjusted and become effective.

Either that, or we need to prepare for a cyber disaster of enormous proportions.

 

HONEYWELL SURVEY SHOWS LOW ADOPTION OF INDUSTRIAL CYBER SECURITY MEASURES

Almost two thirds of surveyed companies don’t monitor for suspicious behavior

HOUSTON, December 6, 2017 – Honeywell (NYSE: HON) today released a new study showing industrial companies are not moving quickly to adopt cyber security measures to protect their data and operations, even as attacks have increased around the globe.
The survey – Putting Industrial Cyber Security at the Top of the CEO Agenda – was conducted by LNS Research and sponsored by Honeywell. It polled 130 strategic decision makers from industrial companies about their approach to the Industrial Internet of Things (IIoT), and their use of industrial cyber security technologies and practices. Among the findings were:
• More than half of respondents reported working in an industrial facility that already has had a cyber security breach.
• 45% of the responding companies still do not have an accountable enterprise leader for cyber security.
• Only 37% are monitoring for suspicious behavior.
• Although many companies are conducting regular risk assessments, 20% are not doing them at all.
“Decision makers are more aware of threats and some progress has been made to address them, but this report reinforces that cyber security fundamentals haven’t been adopted by a significant portion of the industrial community,” said Jeff Zindel, vice president and general manager, Honeywell Industrial Cyber Security. “In order to take advantage of the tremendous benefits of industrial digital transformation and IIoT, companies must improve their cyber security defenses and adapt to the heightened threat landscape now.”
The study suggests these three immediate actions for any industrial organization to capture the value of the new technologies:
1. Making industrial cyber security part of digital transformation strategies;
2. Driving best practice adoption across people, processes and technology, from access controls to risk monitoring, and tap external cyber expertise to fill gaps
3. Focusing on empowering leaders and building an organizational structure that breaks down the silos between IT and OT.
“Cyber security needs to be part of every CEO’s agenda to ensure the effective, immediate and long-term deployment of strategies and technologies such as IIoT,” said Matthew Littlefield, president and principal analyst, LNS Research. “In short, in order for a business to succeed on its digital transformation journey, it needs to succeed with industrial cyber security.”
LNS Research is a global leader in research and advisory for digital transformation of industry, delivering technology insights for business executives. Its analysts focus on identifying the metrics, leadership, business process, and technology capabilities effecting change.
​Honeywell’s industrial cyber security technologies and expertise address many of the issues identified in the LNS Research study. For more information, please visit https://hwll.co/uhrgs and www.becybersecure.com.

 

The INSIDER for August 2017 emailed yesterday!

I’ve been fighting off a flu bug, so it was a few days later than I wanted it to be…but it is out. I will be posting some articles from it throughout the month, but if you want to read them now, visit http://www.spitzerandboyes.com/insider to subscribe.

The cover story in the August INSIDER is an Insider Special Report on “Cyber Security in the Age of the Industrial Internet of Things.” I think you will find it thought provoking.

 

Vertiv Ranks Most Critical Industries

Vertiv Ranks Most Critical Industries in the World
Utilities, mass transit, telecom rank high, cloud and colocation fifth and rising

Utilities, including electricity, gas, nuclear power and water treatment, are the most critical industries in the world according to a new ranking from Vertiv, formerly Emerson Network Power. Vertiv convened a panel of global critical infrastructure experts to systematically quantify and rank the criticality of multiple industries based on 15 criteria. Mass transit—specifically rail and air transportation—ranked second on the list, followed by telecommunications, upstream oil and gas activity and cloud and colocation. The full list is available in a new report, Ranking the World’s Most Critical Industries, released today and available at www.VertivCo.com/MostCritical.

The panel set criteria encompassing the range of potential impacts from the loss of availability of critical systems and weighted them based on the severity of the impact. These criteria then were used to create a criticality rubric that the panel used to score the industries, which then were ranked by their average scores.

“If there is a common theme at the top of this list, it is the interconnectedness of these industries,” said Jack Pouchet, vice president, market development, Vertiv. “These sectors are important to the foundation of today’s society, and downtime in any of these areas can reverberate across industries and around the globe. This will only continue as our world becomes more mobile and more connected and as the Internet of Things expands.”

Clean power and water are fundamental needs in a developed society and underpin most other industries and services, making utilities a clear choice as the most critical industry. Mass transit ranked second, with panellists citing not just the safety of travellers, but the massive impact delays and disruptions can have across multiple businesses, markets and the world. The No. 3 ranking for telecommunications reflects the importance of communications and connectivity in personal and business activities and emergency situations.

Financial services topped the list of industries ranking highest in terms of financial impact of unplanned downtime. E-commerce was second, followed by cloud and colocation. Cloud and colocation also ranked fifth overall in the list of most critical industries due to the increased dependence on those platforms across multiple businesses. The panel also identified cloud and colocation as one of several rapidly emerging industries that are becoming increasingly critical.

“Cloud and colocation are becoming more and more critical as an increasing number of devices and businesses rely on these platforms to perform,” said panellist Emiliano Cevenini, vice president of power sales and business development for Vertiv in Europe, Middle East and Africa. “We’re expecting this trend to continue for the foreseeable future as the IoT networks that serve industries and smart cities are opting to use the cloud as the go-to platform to underlie their technology.”

The full list of critical industries as well as the analysis of specific categories, emerging industries and the ranking methodology are available in the report, Ranking the World’s Most Critical Industries. To see how other industries rank, use the Criticality Calculator. For more information on technologies and solutions to ensure network availability and additional content from Vertiv, visit http://www.VertivCo.com/MostCritical.