Category Archives: Process Safety

Emerson Announces DeltaV version 14 and DeltaV Mobile

Press release from @arcforum:

Emerson is expanding its Plantweb™ digital ecosystem with today’s launch of DeltaV version 14, a cybersecurity-certified control system designed to deliver new value in capital projects and make plant operations more connected and productive. The latest release provides significant innovations to the entire DeltaV architecture and was built with customers’ digital transformation initiatives in mind.

This major update to the DeltaV automation system includes several meaningful enhancements to eliminate costs and reduce complexity in capital projects, plus improve productivity during operations through enhanced access to production and equipment data, improved usability and greater security.

“More than ever, an integrated plant data environment is essential to achieve digital transformation. With DeltaV, we’re reducing the engineering effort required to securely connect plant, operational and information systems,” said Jamie Froedge, president of Process Systems and Solutions, Emerson Automation Solutions. “Our customers will have more capabilities in their distributed control and safety systems to help them successfully execute capital projects and optimize operations.”

Capital Project Flexibility

Continuing to advance the impact of DeltaV Electronic Marshalling with CHARMs on capital project engineering, CHARM I/O Block takes CHARMs—which achieved more than one million deployments at more than 1100 sites in only five years—closer to the field. Small enclosures with up to 12 CHARMs can now be installed closer to field devices, significantly reducing wiring and overall installation costs by as much as 60 percent and providing more engineering flexibility.

Smart Commissioning, launched in 2016, took one of most engineering intensive operations off a project’s critical path. Traditionally, commissioning has been a manual task that requires more than two hours per device for thousands of devices. Smart Commissioning reduced commissioning time to 25 minutes. Emerson is now expanding these capabilities and reducing device commissioning time to as little as 10 minutes, a nearly 93 percent reduction in costly commissioning time that could save several hundred-thousand dollars in engineering costs.

Mobility and User Experience

DeltaV Live Operator Interface is a modern, built-for-purpose operations experience that is easy to understand and modify. The HMI comes pre-engineered with the industry’s best practices for user experience including ISA 101.01 and is based on research with the Center for Operator Performance, a consortium of vendors and academia focused on human factors engineering. The HTML5 interface enables scalable graphics and gives operators the flexibility to adjust their displays to focus on process data that is most important for each situation. The new operator interface helps improve overall situational awareness and decision-making speed. Emerson is helping companies prepare for the shift to mobility with DeltaV Live by building a foundation for graphics to be transferrable across desktops, laptops, and mobile devices—all without additional engineering or custom scripting.

A Secure, Connected Plant

DeltaV will offer its users a new level of confidence and protection from cybersecurity threats by being one of the only systems to have a top-to-bottom cybersecurity certification. DeltaV v14 will be certified ISASecure SSA Level 1 by the International Society of Automation (ISA), signifying that Emerson developers are trained to write secure code and the system as a whole is hardened against cyber threats.

Emerson is making connecting a plant’s OT systems with IT systems seamless by expanding OPC UA access in its DeltaV hardware and software offerings. DeltaV is the pathway for most plant data and now using the IIoT’s most prevalent protocol, OPC UA, DeltaV applications and servers can securely share data to cloud analytics applications, remote monitoring solutions, and third-party technologies.

Emerson announced the first two additions of its new DeltaV system last year with the DeltaV PK Controller and DeltaV Mobile. The DeltaV PK Controller enables plants to control skids and applications typically managed by PLCs with a standalone DeltaV controller or connect into an integrated full-scale DCS automation architecture or the cloud via embedded OPC UA. The DeltaV Mobile platform that natively connects into DeltaV—securely and without additional engineering—to enable managers, engineers, operators and subject matter experts to monitor operations and have critical data and alarms at their fingertips, whenever and wherever they need it.

Extreme Badness from Malware and Design Flaws Impact Industry

Insiderlogo3First, there’s the Triton Exploit

In 2004, Triconex safety expert Robert Adamski told me, “I’m going to share my nightmare with you.” He proceeded to talk about, not a safety issue, but a cyber security issue. He predicted that it would be possible to penetrate a control system and enter the safety instrumented system, the SIS, which is designed to safely shut down a plant in the event of a failure in the process. He explained exactly how his hacker, “Let’s call him Ali al Qaeda,” would be able to do that, and he dared me to tell him it couldn’t happen.

 

Ever since then, I have been talking about Bob Adamski’s nightmare, and nobody has ever been able to tell me it couldn’t happen.

 

The best they could do was to assert, pretty baldly, that it was highly unlikely, that it would require great resources, and would not happen because it would potentially cause extreme damage. Neither Adamski, who passed away a few years ago, nor I ever believed much in that argument, and we’ve been waiting for Bob’s nightmare to come true.

 

Well, now it has. Not quite as badly as Adamski feared, and no plant was destroyed. But an attacker targeted an SIS system, and caused it to shut down the plant.

The best description of what happened, and what the malware can do is in a blog by Heather MacKenzie of Nozomi Networks. You can read the entire blog here. She makes some important points.

 

“The attack reprogrammed a facility’s Safety Instrumented System (SIS) controllers, causing them to enter a failed state, and resulting in an automatic shutdown of the industrial process,” MacKenzie wrote. 

 

The attack is bold and notable,” she said, “because it is the first known industrial control system (ICS) attack that has targeted and impacted not just an ICS, but SIS equipment. Also, the type of SIS attacked is widely used and is commissioned in a consistent way across many industries.”

 

She then makes an important point. “The SIS system that was attacked was a Schneider Electric Triconex Safety Instrumented System (hence the malware moniker “TRITON”, also known as “TRISIS”.)  However, the malware was not designed specifically for Triconex, it was designed because the target organization was using Triconex(emphasis added).”

 

What MacKenzie, and Nozomi Networks’ partner, Fireye, which discovered the exploit, says is that FireEye is moderately confident that the attacker inadvertently shutdown operations while developing the ability to cause physical damage. You can read their reasons for coming to this conclusion, and many other important details about the attack, in the FireEye blog post on TRITON.

 

MacKenzie notes, “ It is the first known malware targeting SIS, and only the fifth malware known to specifically target ICS (after Stuxnet, Havex / Dragonfly, Blackenergy2, and Industroyer / CrashOverride).”

 

It is likely that if the target enterprise had been using another SIS system, the exploit would have targeted that one instead of the Triconex system.

 

Now that the exploit has demonstrated that SIS systems as a class are penetrable and vulnerable, we can expect to see more attacks.

 

“Cassandras” like Joe Weiss, myself, Eric Byres (of Tofino fame) and others have been pointing out for a decade that there is a thought gap between data security, which most cyber security systems are based on, and process safety. You cannot have a secure system unless it is a safe system. You cannot have a safe system unless it is a secure system. We can no longer ignore this fact or Bob Adamski’s nightmare will become all too real.

 

Intel, AMD, and Other Processors Vulnerable

 

If the Triton Exploit weren’t enough, the entire computing world was rocked in December  and early January by the revelation that processors by Intel, ARM, AMD, and even Qualcomm (one of the largest manufacturers of mobile device processors) are vulnerable to a series of vulnerabilities, like Spectre and Meltdown, which leave them open to attack.

 

How this impacts the automation industry is obvious. Since the major automation vendors abandoned making their own chips, almost forty years ago, chipsets by Intel, ARM, AMD and others have been used in everything from sensors to controllers, to the computers that DCS and SCADA systems run on. The computers that serve as cloud servers are not immune either.

 

A report from CNET describes the issue: “Researchers found two major weaknesses in processors that could let attackers read sensitive information that should never leave the CPU, or central processing unit. In both cases, attackers could see data that the processor temporarily makes available outside of the chip.

Here’s why that happens: To make computer processes run faster, a chip will essentially guess what information the computer needs to perform its next function. That’s called speculative execution. As the chip guesses, that sensitive information is momentarily easier to access.”

 

Spectre and Meltdown (which targets cloud servers) can be used on systems that are not patched to prevent it, to permit unauthorized entry into the system. Now, it is in the industrial space that systems will potentially NOT be patched.

 

This is because in many cases, the system cannot be shut down to patch it, or the system is running on an archaic processor. There are thousands of Windows XP systems running in the industrial environment. There are instances of even Windows 3.11 and DOS systems running processes yet today. These systems cannot be patched.

 

Intel and the others state that the flaw has existed for at least twenty years, so all those archaic systems are vulnerable.

 

CNET reports, “Researchers, chipmakers and computer companies all say there are no known examples of hackers using these weaknesses to attack a computer. However, now that the details of the design flaws and how to exploit them are publicly available, the chances of hackers using them are much higher.”

As the Triton Exploit and others have proven, hackers up to and including nation states, have been trying to penetrate Industrial Control Systems for at least a decade and a half already. This just gives them another avenue to exploit. And as the ICS malware exploits we have already seen show, it is not all that difficult to attack a control system that is not adequately defended.

 

Operating system manufacturers like Apple and Microsoft are scrambling to patch their systems so that the exploits cannot be used. But the fact that it exists in nearly all processors means that it will be hanging over us for a long time.

In the meantime, be wary of phishing and other means of achieving entry into your control systems. Be afraid. Be very afraid.

This first appeared in the December 2017 INSIDER. If you like this kind of reporting and analysis, please consider becoming an INSIDER subscriber. Visit http://www.spitzerandboyes.com/insider for more information.