Schneider Releases Triconex Malware Advisory

Insiderlogo3From the Schneider Electric announcement:
Malware Discovered Affecting Triconex Safety Controllers V1.1 December 14, 2017
Schneider Electric is aware of a directed incident affecting a single customer’s Triconex Tricon safety shutdown system.
We are working closely with our customer, independent cybersecurity organizations and ICS- CERT to investigate and mitigate the risks of this type of attack. While evidence suggests this was an isolated incident and not due to a vulnerability in the Triconex system or its program code, we continue to investigate whether there are additional attack vectors. It is important to note that in this instance, the Triconex system responded appropriately, safely shutting down plant operations. No harm was incurred by the customer or the environment.
Triconex user documentation contains detailed security guidelines and recommendations on how to protect Triconex systems from attack. We strongly encourage all our customers to follow these recommendations regarding product use and security, as well as apply and follow industry-recognized cybersecurity best practices at all times to protect their installations:
• Ensure the cybersecurity features in Triconex solutions are always enabled;
• Never leave the front panel key position in the “Program” mode when not actively
configuring the controller;
• And ensure all TriStation terminals, safety controllers and the safety network are isolated
from the rest of the plant communication channels.
Also, review and assess your site’s cyber preparedness. Schneider Electric is a proponent of the NIST Cyber Security Framework and is ready to assist should this be necessary.
The Schneider Electric Product Security Office continues to work with ICS-CERT and will update this advisory as more information becomes available.
The modules of this malware are designed to disrupt Triconex safety controllers, which are used widely in critical infrastructure. The malware requires the keyswitch to be in the “PROGRAM” mode in order to deliver its payload. Among others, the reported malware has the capability to scan and map the industrial control system environment to provide reconnaissance and issue commands directly to Tricon safety controllers.

Walt and Joy in Control- Part Two “Can We Escape Our Fate?”

Greg McMillan continues his interview with Walt Boyes and Joy Ward in the December issue of Control magazine. Here’s the link to the article on the website:

What can be done to change our fate?

Joy and I would love to hear your thoughts on what we had to say, both in the November issue and the December issue. Comment here, or send me your comments to [contact-form-7 404 "Not Found"] 

Emerson Acquires New Temperature Company

Insiderlogo3No, not Emerson Automation Solutions, it’s Emerson Commercial and Residential Solutions. It is automation, just not process. This is an example of the pervasiveness of automation, and how the Industrial Internet of Things can be applied to supply chain management, including preservation ing the cold chain.

This is more important than it sounds. Here’s a simple example. Years ago, Haagen Dazs ice cream wanted to extend distribution to the West Coast. The attempt almost failed. The ice cream tasted terrible when it got to LA and San Francisco. Finally, Ball Datatrace encapsulated temperature dataloggers were inserted directly into the ice cream containers. What was happening was that the truckers were turning off the reefers to save money on fuel. So the ice cream melted and re-froze. Yuk! Preserving the cold chain was critical to their business expansion.

From the article in the St. Louis Business Journal:

Emerson is acquiring Cooper-Atkins, a manufacturer of temperature management devices for the foodservice, healthcare and industrial markets.

Middlefield, Connecticut-based Cooper-Atkins makes automated temperature management and monitoring products for restaurants, supermarkets and other establishments that prepare and store food. The company’s offerings will complement Emerson’s existing global cold chain business, which includes its ProAct Services portfolio for supermarkets and Cargo Solutions business for tracking perishable cargo.

Terms of the deal were not disclosed.

Major Cyber Attack on SIS Systems–and we told you so!

Insiderlogo3The late Bob Adamski didn’t live to see his prediction from the early 2000s come true, but it has. Here are some of the reports:

From FireEye, on 12/14/17:

Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure

And on 12/15,

New TRITON ICS Malware is Bold and Important

Bob and I, and Joe Weiss, have been continuously predicting this development since at least 2004. Yet it is now 2017, and the systems are still vulnerable. This is stupid.

Although the attack apparently only accidentally shut down the plant, during a search for operational data, the attack could have easily been used to destroy the plant utterly by spoofing the SIS system and using it to cause extremely unsafe conditions leading to catastrophic accidents.

At some point, somebody has to be willing to recognize how fragile OT systems are, really, and how easily they can be disrupted. It is said that our civilization is three days from anarchy. The late Dr. Jerry Pournelle, inventor of the Star Wars Defense for Ronald Reagan, said we were three weeks from cannibalism if the lights went out and stayed out.

This is seriously dangerous, folks, and I am tired, and Joe Weiss is tired, and Bob Adamski was tired before he died, of being told we are fear-mongering. We aren’t. And now we can prove it.




Multi-Phase Flow Measurement: Considering All the Options to Meet All the Requirements

Some flow measurement applications just stick in your craw and may even keep you up at night. Losing sleep may be an exaggeration, but some applications are ‘tough’. The problem is that these applications usually involve the simultaneous solution of many flow problems, each of which may have a feasible solution when taken individually.

For example, consider the problem of multi-phase flow where individual liquid and vapor flow measurements are needed. Measuring the liquid flow rate and gas flow rates individually might be straightforward, but measuring them in the same stream will create havoc in most flowmeters. Not surprisingly, solutions to this problem include separating the vapor from the liquid and measuring each stream individually. Another approach is to install a flowmeter that can handle this service, such as a Coriolis mass flowmeter with software designed for two-phase flow or a correlation flowmeter that can measure fluid velocity and void fraction.

And what if the stream contains two liquid components? Again separating the components and measuring each stream may be an option, but it is often not practical. In some applications, the densities of the liquids may differ enough such that the flow rate of the individual components can be inferred from measurements of the total flow and liquid density, predicated on a known relationship between density and composition. Another option is to measure the total flow and use an analyzer measurement to infer the flow rates of the individual components.

And what if the stream contains liquids and solids? Separation may be an option that the process will not tolerate.

And what if the stream contains a liquid, vapor and solids? Now the problem is more complicated and the phases may have to be separated in order to make the individual measurements.

And what if the temperature is 500 degC? And what if the pressure is 500 bar? And what if 200:1 turndown is needed? And what if there is only 1 diameter of straight run to install the flowmeter? And what if the pipe is located 10 meters above grade with no access platform? And what if the ambient temperature is 80 degC? And what if…?

The list can go on and on. In most cases, meeting one of these requirements is possible. However designing a flow measurement system to measure under a combination of these conditions is difficult and may require a somewhat unlimited budget. Compromising on the requirements and relaxing budgetary constraints may bring solutions into focus, but the long and short of it is that there just may not be a feasible flow measurement system available.

You just may have to measure what you can feasibly measure as a surrogate for the desired measurement. For example, measuring the individual liquid, vapor and solid flow rates in a stream may not be feasible. However, useful information might be obtained by separating the vapor flow from the other phases, and measuring the liquid/solid flow and the vapor flow. This may not be the ideal, but these measurements could provide useful information about the process at reasonable cost.

It should be understood that in some applications, there just may not be any flow measurement system available at any price that meets all of the various requirements.

Originally published in Flow Control magazine (July 2004) at

Nobody Is Doing Anything About Cyber Security

Insiderlogo3At the INSIDER we’ve been saying this for years. The adoption of even basic cyber security actions in the industrial space is very low. Many companies believe that they are “pretty safe” because they are relatively obscure. But I recall a conversation with the head of IT of a regional potato chip company about 7 or 8 years ago: “I never thought anybody would cyber attack us. We make potato chips, for God’s sake.”

Honeywell, which has maintained a very high emphasis on cyber security in the industrial environment for over a decade now, sponsored a report by LNS Research on adoption of cyber security practices.

Here’s the press release with the study’s findings. All we can say is, “Wake up, people!”

The issue has gone beyond lack of knowledge. As Joy Ward, Spitzer and Boyes LLC’s director of research says, if you put together a good intellectual argument, and nobody is buying, you are looking at high emotional barriers. She recommends doing some serious qualitative research to determine what those barriers are, so that the intellectual argument can be adjusted and become effective.

Either that, or we need to prepare for a cyber disaster of enormous proportions.



Almost two thirds of surveyed companies don’t monitor for suspicious behavior

HOUSTON, December 6, 2017 – Honeywell (NYSE: HON) today released a new study showing industrial companies are not moving quickly to adopt cyber security measures to protect their data and operations, even as attacks have increased around the globe.
The survey – Putting Industrial Cyber Security at the Top of the CEO Agenda – was conducted by LNS Research and sponsored by Honeywell. It polled 130 strategic decision makers from industrial companies about their approach to the Industrial Internet of Things (IIoT), and their use of industrial cyber security technologies and practices. Among the findings were:
• More than half of respondents reported working in an industrial facility that already has had a cyber security breach.
• 45% of the responding companies still do not have an accountable enterprise leader for cyber security.
• Only 37% are monitoring for suspicious behavior.
• Although many companies are conducting regular risk assessments, 20% are not doing them at all.
“Decision makers are more aware of threats and some progress has been made to address them, but this report reinforces that cyber security fundamentals haven’t been adopted by a significant portion of the industrial community,” said Jeff Zindel, vice president and general manager, Honeywell Industrial Cyber Security. “In order to take advantage of the tremendous benefits of industrial digital transformation and IIoT, companies must improve their cyber security defenses and adapt to the heightened threat landscape now.”
The study suggests these three immediate actions for any industrial organization to capture the value of the new technologies:
1. Making industrial cyber security part of digital transformation strategies;
2. Driving best practice adoption across people, processes and technology, from access controls to risk monitoring, and tap external cyber expertise to fill gaps
3. Focusing on empowering leaders and building an organizational structure that breaks down the silos between IT and OT.
“Cyber security needs to be part of every CEO’s agenda to ensure the effective, immediate and long-term deployment of strategies and technologies such as IIoT,” said Matthew Littlefield, president and principal analyst, LNS Research. “In short, in order for a business to succeed on its digital transformation journey, it needs to succeed with industrial cyber security.”
LNS Research is a global leader in research and advisory for digital transformation of industry, delivering technology insights for business executives. Its analysts focus on identifying the metrics, leadership, business process, and technology capabilities effecting change.
​Honeywell’s industrial cyber security technologies and expertise address many of the issues identified in the LNS Research study. For more information, please visit and


Dick Morley’s Obituary…from the pages of the INSIDER

Insiderlogo3My editorial this month in the Industrial Automation and Process Control INSIDER(TM) is an homage to my friend Dick Morley.

Dick Morley loved his Harley. He rode until he was forced by ill health to give it up in his mid – 70s. He told me that after he dropped out of MIT because he didn’t want to learn German, he went down to Brooklyn and got a job as a bouncer in a biker bar. He had a rare genetic mutation that made him not feel pain. So he could go after big bikers fearlessly. He said he met his wife, Shirley, there. “She was a real biker chick,” he said. Together, he and Shirley raised their own and over 35 foster children. When she passed, it was clear to his friends that Dick had lost the will to live.

But what a life he led. You’d think that the man who invented the floppy disk, the handheld terminal, zone building HVAC, was the father of the PLC, and created the people mover for Detroit and Disney World, among the more than 100 patents he held, would be a household name, but Dick was a surprisingly private individual who didn’t really want or enjoy credit for all that, and the limelight. So names like Bill Gates and Steve Jobs became famous, while Dick Morley just went on inventing.

linked (his and hers) choco- late. He was working in his last years with several Chinese firms who were trying to use stem cells to cure cancer. He said they were very close, too.

Dick and Shirley, and Odo Struger (of Allen – Bradley) and his wife were skiing buddies. I’m sure that the ideas that led to the Modicon PLC were discussed on the chairlift and in the lodge in the evening. But Dick hated long lift lines. He went to his boss and said, I want to work Wednesday through Sunday, please. His boss said, “No, and why aren’t you wearing a necktie?” Dick, as you might guess, quit on the spot.

Shirley told him they had about six months’ savings, so he’d better invent something good, quickly. Bedford Associates was born and started doing work in programming for CNC machines. One night, Dick said, he got drunk and the concept of the PLC came to him as if in a dream.

“It was always a computer,” Dick told me, “but we had to call it something else so that the plant floor electricians would be allowed to operate it. So we called it a PLC, and we programmed it in ladder logic, which most of the electricians knew.”

Ladder logic is the most widely used industrial programming language to this day, and his other brainchild, Modbus, may be the oldest network protocol in common use. They were simple, elegant, easy to use, easy to learn to use, and very powerful…all hallmarks of the Morley touch.

If Dick thought you were worthy of it, he’d talk to you for hours. I loved spending time with him in his later years, listening to his stories, and his no – nonsense theories about manufac- turing. For example, he believed that the prop- er ratio of engineers to sales people was about 10 sales people to every engineer.

Very different beliefs than most entrepreneurs.

Dick on his Harley, with his famous Javahoe remotely operated backhoe.

He and his friend Jim Pinto spent years as angel investors, specializing in helping young inventors be successful. And he always made sure that there were a couple of young entre- preneurs at the annual Geek Pride Day at his barn in New Hampshire.

Some of Dick’s friends are planning a memorial Geek Pride Day next June in his memory. If you are interested in being part of the planning, let me know.

Dick was a good friend, a brilliant and unconventional mind, and a very great man. I will, we all will, miss him very much.

Farewell to MIT’s most famous drop – out. May your Harley ever run sweet, Dick.

If you like content like this, you should subscribe to the INSIDER. Visit to subscribe.

Level Gauge Performance (Part 3 of 3)

To review — the performance of a level measurement system is quantified by means of its accuracy statements. The reader must understand not only which parameter is being described, but also the manner in which the statement is expressed. In level measurement, parameters are commonly described in terms of a(n):

absolute (fixed) distance error
percentage of the empty distance (farthest measurement in span)
percentage of the maximum sensor distance
percentage of measured distance
percentage of set span
percentage of maximum span

Note that other terminology may be used to express these concepts. Some variations actually used by suppliers include mm, cm and percentages of:

Full span
Span in air
Rated span
Maximum span
Calibrated span
Maximum measured span
Maximum span of the sensor
Maximum measuring span
Span value
Full range
Detected range
Measured range
Target range
Measuring range
Maximum range
Range distance
Maximum target range (in air)
Set measuring range
Range with no temperature gradient
Full scale
Maximum distance
Target distance
Measured distance
Tank height
An undefined parameter (for example, 0.25%)

Many of the above terms do not have clear meanings. In addition, discussions with suppliers revealed different meanings for specifications that otherwise seemed to be clear and well defined. Regardless of the terminology used by the supplier, the reader is advised to confirm exactly what the meaning of the terms used in the specification in order to understand them correctly so as to correctly evaluate performance.

More importantly, the performance specifications may not describe performance. Consider some examples that were actually encountered.

Stated Accuracy  Meaning (after discussion with supplier)
0.25% Range                          0.25% of empty distance (farthest measurement)
1.2% of range                         1.2% of maximum sensor range
0.25% of measuring range       0.25% of maximum sensor range
0.25% of span                         0.25% of maximum sensor range
0.25%                                    0.25% of maximum sensor range
0.3%                                      0.3% of measured distance

These examples illustrate the difference between published specifications and their actual meaning. From the above data set, it would be conservative to assume that statements expressed as percentages are percentages of the maximum sensor range until they are confirmed otherwise by the supplier.

This article was excerpted from “The Consumer Guide to Non-Contact Level Gauges”

Level Gauge Performance (Part 2 of 3)

A percentage of measured distance statement describes a parameter that is in error by a constant percentage of the actual distance measurement. In the measurement of a 1000 mm high vessel (100% level located 100 mm below the sensor) measured with an accuracy of 1 percent of measured distance, the absolute error can be calculated as:

An absolute (fixed) distance error statement describes an error that is constant. This error is independent of the calibration range and the actual level in the vessel. For example, the stated accuracy of a level measurement system in a 1000 mm high vessel (100% level located 100 mm below the sensor) might be ±10 mm. The absolute error at different levels is:

Level Absolute Error (1% of measured distance)
0% (empty) 1% of 1100 = 11.0mm
25% 1% of 850 = 8.5mm
50% 1% of 600 = 6.0mm
75% 1% of 350 = 3.5mm
100% (full) 1% of 100 = 1.0mm

A percentage of set span statement describes the error in terms of the full scale range. For example, the stated accuracy of a level measurement system in a 1000 mm high vessel (100% level located 100 mm below the sensor) might be ±1 percent of set span. The set span is 1100-100 or 1000mm, so the absolute error at different levels is:

Level Absolute Error (1% of set span)
0% (empty) 1% of 1000 = 10mm
25% 1% of 1000 = 10mm
50% 1% of 1000 = 10mm
75% 1% of 1000 = 10mm
100% (full) 1% of 1000 = 10mm

A percentage of maximum span statement describes the error in terms of the maximum sensor distance minus the blocking distance. For example, the stated accuracy of a level measurement system with a sensor that can measure from 400 mm to 8000 mm might be ±1 percent of the maximum span. The maximum span is 8000-400 or 7600 mm, so the absolute error at different levels is:

Level Absolute Error (1% of maximum span)
0% (empty) 1% of 7600 = 76mm
25% 1% of 7600 = 76mm
50% 1% of 7600 = 76mm
75% 1% of 7600 = 76mm
100% (full) 1% of 7600 = 76mm

In order to fairly compare performance, the same type of accuracy statement should be used for each level measurement system. For level measurement, the best measure of performance is usually the absolute (fixed) level error statement because it quantifies the amount of error expected to be present. Therefore, in most cases, statements should be expressed or converted to an absolute (fixed) level error statement before using the information for comparison purposes.

Note the significant variation in absolute errors associated with the different error statements above.

The preponderance of error statements used by suppliers will be discussed in Part 3.