Category Archives: IIoT

The INSIDER is out! The February issue has stories…

Insiderlogo3Walt Boyes’ analysis of the ARC Orlando Forum 2018

Videos and commentary from the ARC Press Conference including:

–Stratus Technologies

–Siemens

–Emerson

–Honeywell

–L&T Technologies

–Schneider Electric

–OPC and Fieldcomms

–Microsoft

–Inductive Automation

–more

Joy Ward on the Human Face of Automation

Joe Weiss’ speech at DefCon last year

Walt Boyes on How to Make Open Standards Work

Rajbahadur V. Arcot on Industry 4.0

 

Subscribe now at www.spitzerandboyes.com/insider

Emerson Announces DeltaV version 14 and DeltaV Mobile

Press release from @arcforum:

Emerson is expanding its Plantweb™ digital ecosystem with today’s launch of DeltaV version 14, a cybersecurity-certified control system designed to deliver new value in capital projects and make plant operations more connected and productive. The latest release provides significant innovations to the entire DeltaV architecture and was built with customers’ digital transformation initiatives in mind.

This major update to the DeltaV automation system includes several meaningful enhancements to eliminate costs and reduce complexity in capital projects, plus improve productivity during operations through enhanced access to production and equipment data, improved usability and greater security.

“More than ever, an integrated plant data environment is essential to achieve digital transformation. With DeltaV, we’re reducing the engineering effort required to securely connect plant, operational and information systems,” said Jamie Froedge, president of Process Systems and Solutions, Emerson Automation Solutions. “Our customers will have more capabilities in their distributed control and safety systems to help them successfully execute capital projects and optimize operations.”

Capital Project Flexibility

Continuing to advance the impact of DeltaV Electronic Marshalling with CHARMs on capital project engineering, CHARM I/O Block takes CHARMs—which achieved more than one million deployments at more than 1100 sites in only five years—closer to the field. Small enclosures with up to 12 CHARMs can now be installed closer to field devices, significantly reducing wiring and overall installation costs by as much as 60 percent and providing more engineering flexibility.

Smart Commissioning, launched in 2016, took one of most engineering intensive operations off a project’s critical path. Traditionally, commissioning has been a manual task that requires more than two hours per device for thousands of devices. Smart Commissioning reduced commissioning time to 25 minutes. Emerson is now expanding these capabilities and reducing device commissioning time to as little as 10 minutes, a nearly 93 percent reduction in costly commissioning time that could save several hundred-thousand dollars in engineering costs.

Mobility and User Experience

DeltaV Live Operator Interface is a modern, built-for-purpose operations experience that is easy to understand and modify. The HMI comes pre-engineered with the industry’s best practices for user experience including ISA 101.01 and is based on research with the Center for Operator Performance, a consortium of vendors and academia focused on human factors engineering. The HTML5 interface enables scalable graphics and gives operators the flexibility to adjust their displays to focus on process data that is most important for each situation. The new operator interface helps improve overall situational awareness and decision-making speed. Emerson is helping companies prepare for the shift to mobility with DeltaV Live by building a foundation for graphics to be transferrable across desktops, laptops, and mobile devices—all without additional engineering or custom scripting.

A Secure, Connected Plant

DeltaV will offer its users a new level of confidence and protection from cybersecurity threats by being one of the only systems to have a top-to-bottom cybersecurity certification. DeltaV v14 will be certified ISASecure SSA Level 1 by the International Society of Automation (ISA), signifying that Emerson developers are trained to write secure code and the system as a whole is hardened against cyber threats.

Emerson is making connecting a plant’s OT systems with IT systems seamless by expanding OPC UA access in its DeltaV hardware and software offerings. DeltaV is the pathway for most plant data and now using the IIoT’s most prevalent protocol, OPC UA, DeltaV applications and servers can securely share data to cloud analytics applications, remote monitoring solutions, and third-party technologies.

Emerson announced the first two additions of its new DeltaV system last year with the DeltaV PK Controller and DeltaV Mobile. The DeltaV PK Controller enables plants to control skids and applications typically managed by PLCs with a standalone DeltaV controller or connect into an integrated full-scale DCS automation architecture or the cloud via embedded OPC UA. The DeltaV Mobile platform that natively connects into DeltaV—securely and without additional engineering—to enable managers, engineers, operators and subject matter experts to monitor operations and have critical data and alarms at their fingertips, whenever and wherever they need it.

Is Malware the Achilles Heel of the IIoT?

Insiderlogo3Is Malware the Achilles Heel of the IIoT?
By Walt Boyes

(Originally published in the December 2017 Industrial Automation and Process Control INSIDER)

The big appeal of the Industrial Internet of Things is the potential vast increase of meaningful information we could obtain by increasing the sheer number of sensors and the analytical methodologies of Big Data and the latest visualization tools for working with that data. The central axiom of the IIoT is that this information will be used to operate plants and even entire enterprises much more profitably.

There are some obvious problems with this axiom, It is pretty glaring that you have to collect the right information. It doesn’t help to add 100 or 1000 sensors to a process if the values of those sensors aren’t critical information. The problems don’t stop there.

We have pointed out before that the cost of sensors must decrease dramatically be- fore the IIoT can become a reality. I remember hearing a friend from Shell saying that if they needed a measurement, they’d be willing to pay for it. The flip side of that is that if the cost of making those measurements goes down substantially, the impetus for needing the measurement goes up.

But the real issue that IIoT boosters don’t want to talk about is security.
There are two basic schools of thought about IIoT security. One is that nobody would try to penetrate a network through its edge devices. The other is that the problem is so large that it is basically unsolvable, so who cares.

The first school of thought is the same old “security by obscurity” nonsense. Our concepts of cyber security have been formed by network-centric security experts. There have been some lonely security researchers, like Joe Weiss, and others like the INSIDER who have been pointing this bias out for years. And for years, we have noticed a steadily growing number of “security researchers” at Blackhat and other gatherings, who have concentrated their research on network penetration through the sensor network.

The other school of thought is much more pervasive and even more insidious. This claim is the reason that there is always the next patch coming out for software. You can’t solve the problem because there are always smarter black hats.

Somehow, it seems to us, that both schools of thought are missing the point. Which is that if the potential users of the Industrial Internet of Things see that from a cost-benefit viewpoint the potential loss from an attack far outweighs the potential gain from all that beautiful information, adoption of the IIoT will stall.

We are already seeing this in the commercial IoT world. Sales of Nest thermostats and household control systems have stalled. People are concerned. Now, with the latest revelations about inherent design flaws in Intel, AMD, and other processor chips, they are becoming frightened. All they can see to do is to pray that nobody ever attacks them. And we see the same fear in the industrial space.
So, if the IIoT is to be a success, we have to focus on two things. First and foremost, we need to make security inherent in every de- vice and the firmware and software that runs on them, from field sensor to process controller to MES and ERP systems.

And, second, we need to focus on providing the right information at the right time, or there will be no value add with the IIoT.
End users vote with their feet, and their dollars, pounds, euros, pesos and yuan. For all the ballyhooed new IIoT centric plants, there are dozens more built to the old standards, because we are sure that they work, and the perceived risk is less.

Change the risk and the IIoT will grow to its potential.

If you liked this content, and want to see more, visit http://www.spitzerandboyes.com/insider to subscribe.

 

December 2017 INSIDER discusses cyber-badness

Insiderlogo3The December 2017 INSIDER has been released. The cover story, “Extreme Badness from Malware and Design Flaws Impact Industry” discusses the two cyber issues impacting the ICS community that surfaced in late December: the Triton Exploit and Spectre and Meltdown. The INSIDER has been discussing this for years, and your editor and Joe Weiss beat the drum for years at Control magazine. The late Robert Adamski called something like the Triton Exploit “Adamski’s Nightmare.” It has been infecting my dreams since 2004, and I am pleased to pass it along to you. If you aren’t afraid yet, you haven’t been paying attention.

In the Health Watch, NIck Denbow and I look at the state of the Automation Industry through the lens of ABB, and we take a look at Endress+Hauser’s alliances, distribution, and newest product and what it means for Millenials as they become engineers and operators.

Rajabahadur Arcot’s article, “India’s expanding economy and emerging growth opportunities” rounds out the last issue of 2017.

If you’re not a subscriber, visit Become an INSIDER and subscribe. Individual subscriptions are $500 per year…that works out to less than $40 a month for the best news and commentary in the industry. Corporate subscriptions are also available. Contact David Spitzer for details.

 

 

 

Major Cyber Attack on SIS Systems–and we told you so!

Insiderlogo3The late Bob Adamski didn’t live to see his prediction from the early 2000s come true, but it has. Here are some of the reports:

From FireEye, on 12/14/17:

Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure

And on 12/15,

New TRITON ICS Malware is Bold and Important

Bob and I, and Joe Weiss, have been continuously predicting this development since at least 2004. Yet it is now 2017, and the systems are still vulnerable. This is stupid.

Although the attack apparently only accidentally shut down the plant, during a search for operational data, the attack could have easily been used to destroy the plant utterly by spoofing the SIS system and using it to cause extremely unsafe conditions leading to catastrophic accidents.

At some point, somebody has to be willing to recognize how fragile OT systems are, really, and how easily they can be disrupted. It is said that our civilization is three days from anarchy. The late Dr. Jerry Pournelle, inventor of the Star Wars Defense for Ronald Reagan, said we were three weeks from cannibalism if the lights went out and stayed out.

This is seriously dangerous, folks, and I am tired, and Joe Weiss is tired, and Bob Adamski was tired before he died, of being told we are fear-mongering. We aren’t. And now we can prove it.

 

 

 

The INSIDER for August 2017 emailed yesterday!

I’ve been fighting off a flu bug, so it was a few days later than I wanted it to be…but it is out. I will be posting some articles from it throughout the month, but if you want to read them now, visit http://www.spitzerandboyes.com/insider to subscribe.

The cover story in the August INSIDER is an Insider Special Report on “Cyber Security in the Age of the Industrial Internet of Things.” I think you will find it thought provoking.

 

Vertiv Ranks Most Critical Industries

Vertiv Ranks Most Critical Industries in the World
Utilities, mass transit, telecom rank high, cloud and colocation fifth and rising

Utilities, including electricity, gas, nuclear power and water treatment, are the most critical industries in the world according to a new ranking from Vertiv, formerly Emerson Network Power. Vertiv convened a panel of global critical infrastructure experts to systematically quantify and rank the criticality of multiple industries based on 15 criteria. Mass transit—specifically rail and air transportation—ranked second on the list, followed by telecommunications, upstream oil and gas activity and cloud and colocation. The full list is available in a new report, Ranking the World’s Most Critical Industries, released today and available at www.VertivCo.com/MostCritical.

The panel set criteria encompassing the range of potential impacts from the loss of availability of critical systems and weighted them based on the severity of the impact. These criteria then were used to create a criticality rubric that the panel used to score the industries, which then were ranked by their average scores.

“If there is a common theme at the top of this list, it is the interconnectedness of these industries,” said Jack Pouchet, vice president, market development, Vertiv. “These sectors are important to the foundation of today’s society, and downtime in any of these areas can reverberate across industries and around the globe. This will only continue as our world becomes more mobile and more connected and as the Internet of Things expands.”

Clean power and water are fundamental needs in a developed society and underpin most other industries and services, making utilities a clear choice as the most critical industry. Mass transit ranked second, with panellists citing not just the safety of travellers, but the massive impact delays and disruptions can have across multiple businesses, markets and the world. The No. 3 ranking for telecommunications reflects the importance of communications and connectivity in personal and business activities and emergency situations.

Financial services topped the list of industries ranking highest in terms of financial impact of unplanned downtime. E-commerce was second, followed by cloud and colocation. Cloud and colocation also ranked fifth overall in the list of most critical industries due to the increased dependence on those platforms across multiple businesses. The panel also identified cloud and colocation as one of several rapidly emerging industries that are becoming increasingly critical.

“Cloud and colocation are becoming more and more critical as an increasing number of devices and businesses rely on these platforms to perform,” said panellist Emiliano Cevenini, vice president of power sales and business development for Vertiv in Europe, Middle East and Africa. “We’re expecting this trend to continue for the foreseeable future as the IoT networks that serve industries and smart cities are opting to use the cloud as the go-to platform to underlie their technology.”

The full list of critical industries as well as the analysis of specific categories, emerging industries and the ranking methodology are available in the report, Ranking the World’s Most Critical Industries. To see how other industries rank, use the Criticality Calculator. For more information on technologies and solutions to ensure network availability and additional content from Vertiv, visit http://www.VertivCo.com/MostCritical.

New Honeywell SCADA in the Cloud

HONEYWELL INTRODUCES REAL-TIME SCADA
AS A SECURE AND SCALABLE SERVICE

Experion Elevate provides a cloud-based solution that minimizes hardware, software and
maintenance requirements

In a recognition of the inescapable march of software and supervisory control strategies to the Cloud, Honeywell (NYSE: HON) Process Solutions (HPS) today announced the launch of Experion Elevate, a real-time process supervisory control and data acquisition (SCADA) solution delivered as a secure and scalable service.

Experion Elevate allows for predictable costs, easy upgrades, and continual support. It is a member of Honeywell’s suite of cloud-enabled solutions for operations technology and information technology (OT/IT). HPS made the announcement at its annual Honeywell Users Group symposium.

The clear advantage to customers is easy upgrades and the ability to show the expense of Experion Elevate as OPEX.
The advantage to Honeywell is easy migration, upgrade, and a steady monthly paycheck instead of project work. With the SCADA software running in Honeywell’s cloud, Honeywell helps to bind customers to them.
“By choosing Experion Elevate, process industry companies can take their performance to a new level with visibility of field assets from a central monitoring site and/or mobile locations,” said John Rudolph, vice president and general manager, HPS Projects and Automation Solutions. “They can be sure their SCADA implementation will be robust, reliable and secure because their system is running on ours. Users can depend on Honeywell’s experience and vision for any size solution.”
Experion SCADA is at the heart of Honeywell’s Experion systems and provides a highly scalable, integrated multi-service system with a superior human-machine interface (HMI). The use of Honeywell’s Distributed System Architecture (DSA) allows multiple SCADA servers to operate as one within a single asset or across the enterprise and enables seamless global access to points, alarms, interactive operator control messages and history.

With Experion Elevate, Honeywell is uniquely positioned to provide any combination of SCADA solutions, offering end users more options than when choosing a service-only vendor. This approach brings business agility and increased efficiency from implementation through ongoing lifecycle operations. Customers can take advantage of the latest software with less on-site support and maintenance skills required. They also benefit from a lower cost of entry with the potential for reduced CAPEX, rapid project deployment, and lower lifecycle costs.
Having Honeywell host the SCADA application, and its associated data, in the Honeywell Cloud is also good for the customers from a cybersecurity vantage. Honeywell is now responsible to keep the application and data safe from cyber attack or intrusion. This means that the end user’s cybersecurity expense is much less.
To learn more about Honeywell’s Experion Elevate, visit http://www.honeywellprocess.com/elevate.