Tag Archives: Automation

Read the January 2018 INSIDER for free!

Because of the very high interest in the cover feature, “The Future of Automation in the Age of the Internet of Things” we have decided to make the January issue open sooner than we would normally.

So, effective immediately, you can download a copy of the issue at 2018-01 INSIDER.pdf.

And if you like this kind of content, and you want to read it regularly, visit

http://www.spitzerandboyes.com/INSIDER and click the “Become an INSIDER” button to subscribe.

India’s Expanding Economy and Emerging Growth Opportunities

Insiderlogo3India’s expanding economy and emerging growth opportunities

By Rajabahadur V. Arcot,
Independent Industry Analyst / columnist and Automation Consultant with extensive experience in writing industry and technology trend articles, market research reports, case studies, white papers, and automation & manufacturing IT insights
rajabahadurav@gmail.com

India, with a growing economy, has been an important market for global automation supplier companies for the past couple of decades. Resulting from the growth dynamics that are in play in the country, the economic and industrial profiles of the country are undergoing changes. The transformations taking place will further enhance India’s importance for the global automation industry.  Until now, process industry control system suppliers mainly benefitted because of large investments that have been taking place in industries, such as electric power, oil and gas, cement, and steel. With the expected expansion of industries relating to construction & infrastructure development, electronics & semiconductors, and defense in the coming years, the future looks bright for discrete industry automation suppliers as well.

Influenced by global trends, even electric power industry, which presently accounts for a significantly large share of the control and instrumentation market in India, is at an inflexion point. Investments in fossil fired power plants are set to decline. According to industry sources, by 2030, almost 40 percent of the country’s total generating capacity is expected to come from renewable energy sources.  Renewable electricity generation, which presently stands close to 50 GW, is set to rise to 175 GW by the year 2022, with solar power contributing to almost 100 GW. This implies boost to the growth of industries relating to production of solar cells and modules, battery, invertors, and such others. The automotive industry’s plan to switch over to electric vehicles by 2030 will also provide additional impetus for the growth of the battery, charging stations, and other related industries.

After course corrections, India’s economy scales back

India’s economy, as it expands, keeps mutating and evolving with the State initiatives continuing to play a crucial role. Some of these initiatives are major course-corrections and hence have lingering negative impacts in the near-term. Examples of such initiatives are the recent measures to free the economy of the influence of unaccounted money through demonetization of high value currency notes and the introduction of more transparent and efficient Goods and Services Tax (GST). While both these measures are long-term positive for the Indian economy, their near-term impacts have been negative leading to growth slowdown in recent quarters.  The World Bank’s report – Global Economic Prospects – that was released few months after demonetization, foresees GDP growth to scale back. Also, it attributed the initial growth slowdown to the withdrawal of a large volume of currency in circulation and their subsequent replacement with new notes. While responding to questions on the slowdown in India’s growth, World Bank President Jim Yong Kim called the recent slowdown in India’s economic growth as an “aberration” caused by temporary disruptions due to the introduction of GST. He further said that GST will have a positive impact on the Indian economy.

According to the newly released data, India’s economic indicators have turned positive once again and point to economic revival.  The United Nations’ ‘World Economic Situation and Prospects 2018’ report, which states that India will clock a GDP growth rate of 7.2 percent in 2018 and 7.4 percent in 2019, reaffirms this optimism. According to the report, India, driven by robust private consumption, public investment, and government reforms, is set once again to emerge as the fastest growing economy in the world. Other reports are also positive about the country’s growth prospects. Indian economy is expected to witness a sharp recovery in the first quarter of 2018 and its GDP growth is likely to be around 7.5 per cent for 2018, says the recent Nomura report.

Transformations and Initiatives underway augur holistic and sustainable growth

Additional economic and industrial transformations are also underway and they are expected to spur the country’s economy further and contribute to accelerating growth and making the growth more holistic and sustainable. Until now, the service & informal sectors and domestic private consumption largely contributed to the country’s economic growth. The manufacturing sector’s contribution was mainly related to meeting the essential needs of a nascent economy, such as electric power, steel, and cement.  While subsequently it began to encompass industries, such as generic pharmaceuticals, petroleum refining, and automotive, the country continues to depend on large-scale imports to meet the ever-expanding needs for consumer durables, electronic goods, defense equipment, and such others. With imports exceeding exports, the country, already, finds it challenging in balancing its trade account and the deficit is unsustainable in the long run. This situation dictates the growth of a manufacturing industry that caters to the needs and wants of evolving consumers and the country.

The manufacturing industry presently contributes to only 15 percent of India’s GDP. Driven by the fact that the growth of the service industry and private consumption beyond a point can be sustained only when they are backed up by the growth of the manufacturing industry that is broad-based to meet the aspirational wants of consumers, India is making efforts to increase the role of manufacturing both for achieving sustainable economic growth and job creation. The ‘Make in India’ program aims to make the country a manufacturing hub and push the share of the manufacturing industry to 25 percent from the present 15 percent, and in the process create millions of jobs in 25 industry verticals that include electronics and electronic systems, defense equipment, and infrastructure, such as construction of roads & highways, ports and others.

Yet another feature of the Indian economy is that its growth until now has been domestically funded. With limited access to capital, the country had to prioritize its investment. As a consequence, enough funding was not available for the development of infrastructure, such as the construction of roads, highways, ports, cities and others. Wealth generation that the country has witnessed in the last couple of decades has contributed to increased domestic savings, tax collections, and growth of banking & other financial sectors.  In addition, India has become attractive for global institutional investors and has emerged as an attractive investment destination. Investment in physical assets, such as gold has been the traditional means of savings in the country. But that is changing.  More and more domestic savings are finding their way to the banking and financial sectors. This is helping the country to channelize funds for building the country’s infrastructure that include building smart cities, railway networks, highways, waterways, airports, industrial corridors, and such others.

For example, the government has approved plans to develop approximately 84,000 km of roads by 2022, the biggest highway construction plan so far in the country. Other projects that the country has embarked upon are the Smart Cities Mission and Sagarmala. Smart Cities Mission is an urban renewal and retrofitting program by the Government of India with a mission to develop 100 cities and make them citizen-friendly and sustainable with the help of technology. Sagarmala is a series of projects to leverage the country’s coastline and inland waterways to drive industrial development and encompasses modernization and enhancement of port infrastructure, improve port connectivity, create 14 coastal economic zones, and develop skills of fishermen and other coastal and island communities. India needs over $1.5 trillion in investments in the next 10 years to bridge infrastructure gap, said India’s Finance Minister Arun Jaitley recently.

India set to become destination of choice for automation companies

India, apart from working on these catch-up strategies as a latecomer to industrial development, is also focusing on making the country future-ready.  The Digital India program is a flagship program of the State with a vision to transform the country into a digitally empowered society and knowledge economy. It aims to make government services available to citizen electronically through online infrastructure and by making the country digitally empowered.  India has developed a 12 digit unique-identity number, called Aadhaar, based on their biometric and demographic data. With close to 1.1 billion enrolled members already, it is the world’s largest biometric ID system. The Indian State is slowly pushing people to use this biometric ID system as proof of their residence, for opening of bank accounts, for availing social security benefits, and such others. There is also a strong thrust to make people use digital payment systems and thereby wean them away from cash transactions. All these initiatives mean greater reliance on information technology and this will spur the growth of discrete industries, such as semiconductors & electronic systems, smart phones and other communication equipment & gadgets, smart sensors & actuators, and similar others. Perforce, defense is yet another industry which is expected to witness robust growth. Strategic compulsions dictate that India builds a more vibrant domestic information-technology hardware and defense industrial base.

The annual consumption of electronic hardware in India is expected to touch US$ 400 billion by the end of the decade. If the domestic industry’s growth does not accelerate, India may well have to depend on imports to the extent of US$300 billion annually. It is imperative for the electronic industry to robustly expand if India is to avoid the impending import nightmare that can push the country into a spiral of unsustainable imports. This would necessarily entail higher external debt / borrowings and this does not bode well for India’s economy in the long term. India is the fourth largest spender on defense. Due to geopolitical compulsions, India’s defense spending accounts for almost 1.8 percent of the country’s GDP and this is set to increase. Only about 35 percent of the required defense equipment is manufactured in India. If we take into account the import component of materials that go into domestic production, both at the system and sub-system levels, the overall import content may exceed 70 percent. There are clear indications that these hi-tech industries are growing.  Apple has announced its plans to make its iPhones in India, one of the fastest growing markets for smart phones. According to available reports, the company is taking the ‘Make in India’ route. According to the Lockheed Martin’s recent news release, the company has signed an agreement with India’s Tata Advanced Systems to produce F-16 fighter jets in India. The news release goes on to say that “this unmatched U.S.-Indian industry partnership directly supports India’s initiative to develop private aerospace and defense manufacturing capacity in India.” The company is eyeing orders worth billions of dollars from the Indian Air Force. Few months ago Dassault Aviation laid the foundation stone for the Dassault Reliance Aerospace Limited’s manufacturing facility in India. Dassault Aviation is investing over 100 million euros in this a joint venture project to manufacture aircraft components as part of the ‘offset obligation’ connected to the purchase of 36 Rafale fighter jets from France.

With all these exciting developments taking place in India, the country is emerging as a destination of choice for automation suppliers. The party has begun.

This article first appeared in the December 2017 Industrial Automation and Process Control INSIDER. If you liked this type of content, you should consider subscribing to the only magazine in the automation field that is not advertiser supported. Visit http://www.spitzerandboyes.com/insider to subscribe.

 

Extreme Badness from Malware and Design Flaws Impact Industry

Insiderlogo3First, there’s the Triton Exploit

In 2004, Triconex safety expert Robert Adamski told me, “I’m going to share my nightmare with you.” He proceeded to talk about, not a safety issue, but a cyber security issue. He predicted that it would be possible to penetrate a control system and enter the safety instrumented system, the SIS, which is designed to safely shut down a plant in the event of a failure in the process. He explained exactly how his hacker, “Let’s call him Ali al Qaeda,” would be able to do that, and he dared me to tell him it couldn’t happen.

 

Ever since then, I have been talking about Bob Adamski’s nightmare, and nobody has ever been able to tell me it couldn’t happen.

 

The best they could do was to assert, pretty baldly, that it was highly unlikely, that it would require great resources, and would not happen because it would potentially cause extreme damage. Neither Adamski, who passed away a few years ago, nor I ever believed much in that argument, and we’ve been waiting for Bob’s nightmare to come true.

 

Well, now it has. Not quite as badly as Adamski feared, and no plant was destroyed. But an attacker targeted an SIS system, and caused it to shut down the plant.

The best description of what happened, and what the malware can do is in a blog by Heather MacKenzie of Nozomi Networks. You can read the entire blog here. She makes some important points.

 

“The attack reprogrammed a facility’s Safety Instrumented System (SIS) controllers, causing them to enter a failed state, and resulting in an automatic shutdown of the industrial process,” MacKenzie wrote. 

 

The attack is bold and notable,” she said, “because it is the first known industrial control system (ICS) attack that has targeted and impacted not just an ICS, but SIS equipment. Also, the type of SIS attacked is widely used and is commissioned in a consistent way across many industries.”

 

She then makes an important point. “The SIS system that was attacked was a Schneider Electric Triconex Safety Instrumented System (hence the malware moniker “TRITON”, also known as “TRISIS”.)  However, the malware was not designed specifically for Triconex, it was designed because the target organization was using Triconex(emphasis added).”

 

What MacKenzie, and Nozomi Networks’ partner, Fireye, which discovered the exploit, says is that FireEye is moderately confident that the attacker inadvertently shutdown operations while developing the ability to cause physical damage. You can read their reasons for coming to this conclusion, and many other important details about the attack, in the FireEye blog post on TRITON.

 

MacKenzie notes, “ It is the first known malware targeting SIS, and only the fifth malware known to specifically target ICS (after Stuxnet, Havex / Dragonfly, Blackenergy2, and Industroyer / CrashOverride).”

 

It is likely that if the target enterprise had been using another SIS system, the exploit would have targeted that one instead of the Triconex system.

 

Now that the exploit has demonstrated that SIS systems as a class are penetrable and vulnerable, we can expect to see more attacks.

 

“Cassandras” like Joe Weiss, myself, Eric Byres (of Tofino fame) and others have been pointing out for a decade that there is a thought gap between data security, which most cyber security systems are based on, and process safety. You cannot have a secure system unless it is a safe system. You cannot have a safe system unless it is a secure system. We can no longer ignore this fact or Bob Adamski’s nightmare will become all too real.

 

Intel, AMD, and Other Processors Vulnerable

 

If the Triton Exploit weren’t enough, the entire computing world was rocked in December  and early January by the revelation that processors by Intel, ARM, AMD, and even Qualcomm (one of the largest manufacturers of mobile device processors) are vulnerable to a series of vulnerabilities, like Spectre and Meltdown, which leave them open to attack.

 

How this impacts the automation industry is obvious. Since the major automation vendors abandoned making their own chips, almost forty years ago, chipsets by Intel, ARM, AMD and others have been used in everything from sensors to controllers, to the computers that DCS and SCADA systems run on. The computers that serve as cloud servers are not immune either.

 

A report from CNET describes the issue: “Researchers found two major weaknesses in processors that could let attackers read sensitive information that should never leave the CPU, or central processing unit. In both cases, attackers could see data that the processor temporarily makes available outside of the chip.

Here’s why that happens: To make computer processes run faster, a chip will essentially guess what information the computer needs to perform its next function. That’s called speculative execution. As the chip guesses, that sensitive information is momentarily easier to access.”

 

Spectre and Meltdown (which targets cloud servers) can be used on systems that are not patched to prevent it, to permit unauthorized entry into the system. Now, it is in the industrial space that systems will potentially NOT be patched.

 

This is because in many cases, the system cannot be shut down to patch it, or the system is running on an archaic processor. There are thousands of Windows XP systems running in the industrial environment. There are instances of even Windows 3.11 and DOS systems running processes yet today. These systems cannot be patched.

 

Intel and the others state that the flaw has existed for at least twenty years, so all those archaic systems are vulnerable.

 

CNET reports, “Researchers, chipmakers and computer companies all say there are no known examples of hackers using these weaknesses to attack a computer. However, now that the details of the design flaws and how to exploit them are publicly available, the chances of hackers using them are much higher.”

As the Triton Exploit and others have proven, hackers up to and including nation states, have been trying to penetrate Industrial Control Systems for at least a decade and a half already. This just gives them another avenue to exploit. And as the ICS malware exploits we have already seen show, it is not all that difficult to attack a control system that is not adequately defended.

 

Operating system manufacturers like Apple and Microsoft are scrambling to patch their systems so that the exploits cannot be used. But the fact that it exists in nearly all processors means that it will be hanging over us for a long time.

In the meantime, be wary of phishing and other means of achieving entry into your control systems. Be afraid. Be very afraid.

This first appeared in the December 2017 INSIDER. If you like this kind of reporting and analysis, please consider becoming an INSIDER subscriber. Visit http://www.spitzerandboyes.com/insider for more information.

 

Consolidating Distribution

Insiderlogo3The Ongoing Consolidation Trend in Distribution
E+H Appoints TriNova in Upstate New York and New England

When your editor first began working as a sales engineer in the automation industry, distribution in North America was defined by the Dodge marketing territories.

These were county-by-county (later modified to be zipcode-based) distribution and representation maps, published by the F. W. Dodge Company. Every automation company representation contract used these territories. There was the “Northern California Territory” for example, which included the counties of Western Nevada, but not Clark County (home of Las Vegas and the military bases).

These territories were most often “exclusive” meaning that only one company had distribution rights in that territory for those products.

These territories have become more and more irrelevant. There are several reasons for this.

First, the economics of the small, family-operated, one- or two- person rep firm, or distribution company decayed. It now costs approximately $500 to make a single sales call. The traditional “eight calls a day” sales methodology simply stopped working.

Second, the generational shift left many second- or third- generation rep/distributor owners looking for exit strategies because they didn’t really want to work in the family business, or couldn’t make a living at it any longer.

Third, the better capitalized rep and distributor firms started expansion plans that focused on either buying a small rep or distributor in a new territory or simply bypassing existing distribution and starting up an entirely new enterprise, and soliciting crossover from their existing principals.
Endress+Hauser has been working with this level of consolidation since the early 2000s. At one point, they even purchased a representative firm which was in financial distress, and kept it running. Now, they’ve done it again, in New England and Upstate New York.

Fourth, the explosion of electronic commerce has made other options than buying from a local rep or distributor possible.

TriNova Inc. is a long-time representative and business partner of Endress+Hauser, and is 50 years old as a company. The company is the automation supplier’s Sales Representative and Authorized Service Provider in the southeast and has now expanded its operations in New England and Upstate New York from new offices in Ballston Spa, NY.

The two companies have spent the last three months preparing for a smooth transition by staffing the new office and training personnel. Teams have been established and are ready to provide customers in the new territory dedicated support and services in all markets and industries.

“We are pleased to have the opportunity to expand our partnership with TriNova in the New England and Upstate New York region,” said Chris English, Vice President of Sales, Endress+Hauser.

And, just as this issue is going to press, E+H announced that they were partnering with their rep and service provider in Oklahoma, Vector Controls to put together a consortium to work in the oil field industry, with partnerships with Angus Measurement Services, TechnipFMC and its Authorized Service Provider, Vector Controls. The automation companies will collaborate to bring added value to the oil and gas industry, assisting customers with transition to the digital oilfield. The partnership alignment between the automation companies is to inform and better prepare the oil and gas industry and customers for Industry 4.0. The oil and gas industry has played a pivotal role in the economic transformation of the world. Today the industry can set new parameters and direction through digitalization.

If you liked this content, there’s much more where it came from. This story was originally published in the December 2017 Industrial Automation and Process Control INSIDER. You can subscribe by visiting http://www.spitzerandboyes.com/insider.

Emerson Acquires ProSys Inc.

Emerson Completes Acquisition of ProSys, Inc.

Deal adds new software capabilities to improve plant performance and brings new technologies to Emerson’s Operational Certainty initiative

Emerson (NYSE: EMR) announced on the 17th of January that it has acquired ProSys Inc., a global supplier of software and services that increase production and safety for the chemical, oil and gas, pulp and paper, and refining industries. By building intuitive processes for plant operators, these solutions make everything from everyday operations to responding during abnormal situations easier.

“The staff of ProSys are all friends of long standing and the INSIDER wishes them all well and congratulates them on their success,” said Walt Boyes, editor/publisher of the INSIDER.

“Adding ProSys’ differentiated technologies and expertise allows us to help our customers improve plant performance, safety and profitability by optimizing their human and automation resources,” said Mike Train, executive president, Emerson Automation Solutions. “With ProSys, we can provide innovative control and operator performance capabilities to make control room operators far more effective.”

Executive President Mike Train

ProSys’ portfolio includes solutions that help operators manage alarms critical to plant production and safety, and efficiently handle changing plant states. In addition, ProSys provides modern, high performance and intuitive graphics for better operator communications.

ProSys complements Emerson’s May 2017 acquisition of MYNAH Technologies, which provides dynamic simulation and operator training software. Together, these technologies embed expertise to help operators navigate plant systems safely and efficiently, and prepare customers to accommodate the changing state and age of the industrial workforce.

“Our specialization in software and services that increase operator performance builds on Emerson’s market leadership in automation control systems,” said Dustin Beebe, president and CEO at ProSys. “By working together as one, we can provide even more operational and financial value to customers.” Beebe will join Emerson Automation Solutions as vice president, control and operator performance.

Dustin Beebe will join Emerson as Vice President of control and operator performance

The ProSys software portfolio supports Emerson’s Operational Certainty™ program designed to help industrial companies achieve Top Quartile performance in areas of safety, reliability, and production.
Terms of the acquisition were not disclosed. For more information about ProSys Inc., visit https://www.prosys.com/.

Is Malware the Achilles Heel of the IIoT?

Insiderlogo3Is Malware the Achilles Heel of the IIoT?
By Walt Boyes

(Originally published in the December 2017 Industrial Automation and Process Control INSIDER)

The big appeal of the Industrial Internet of Things is the potential vast increase of meaningful information we could obtain by increasing the sheer number of sensors and the analytical methodologies of Big Data and the latest visualization tools for working with that data. The central axiom of the IIoT is that this information will be used to operate plants and even entire enterprises much more profitably.

There are some obvious problems with this axiom, It is pretty glaring that you have to collect the right information. It doesn’t help to add 100 or 1000 sensors to a process if the values of those sensors aren’t critical information. The problems don’t stop there.

We have pointed out before that the cost of sensors must decrease dramatically be- fore the IIoT can become a reality. I remember hearing a friend from Shell saying that if they needed a measurement, they’d be willing to pay for it. The flip side of that is that if the cost of making those measurements goes down substantially, the impetus for needing the measurement goes up.

But the real issue that IIoT boosters don’t want to talk about is security.
There are two basic schools of thought about IIoT security. One is that nobody would try to penetrate a network through its edge devices. The other is that the problem is so large that it is basically unsolvable, so who cares.

The first school of thought is the same old “security by obscurity” nonsense. Our concepts of cyber security have been formed by network-centric security experts. There have been some lonely security researchers, like Joe Weiss, and others like the INSIDER who have been pointing this bias out for years. And for years, we have noticed a steadily growing number of “security researchers” at Blackhat and other gatherings, who have concentrated their research on network penetration through the sensor network.

The other school of thought is much more pervasive and even more insidious. This claim is the reason that there is always the next patch coming out for software. You can’t solve the problem because there are always smarter black hats.

Somehow, it seems to us, that both schools of thought are missing the point. Which is that if the potential users of the Industrial Internet of Things see that from a cost-benefit viewpoint the potential loss from an attack far outweighs the potential gain from all that beautiful information, adoption of the IIoT will stall.

We are already seeing this in the commercial IoT world. Sales of Nest thermostats and household control systems have stalled. People are concerned. Now, with the latest revelations about inherent design flaws in Intel, AMD, and other processor chips, they are becoming frightened. All they can see to do is to pray that nobody ever attacks them. And we see the same fear in the industrial space.
So, if the IIoT is to be a success, we have to focus on two things. First and foremost, we need to make security inherent in every de- vice and the firmware and software that runs on them, from field sensor to process controller to MES and ERP systems.

And, second, we need to focus on providing the right information at the right time, or there will be no value add with the IIoT.
End users vote with their feet, and their dollars, pounds, euros, pesos and yuan. For all the ballyhooed new IIoT centric plants, there are dozens more built to the old standards, because we are sure that they work, and the perceived risk is less.

Change the risk and the IIoT will grow to its potential.

If you liked this content, and want to see more, visit http://www.spitzerandboyes.com/insider to subscribe.

 

HIMA talks SIS Cyber

Insiderlogo3HIMA, the largest independent safety instrumented system manufacturer, today released this press release:

(Houston, TX, January 11, 2018)

In late 2017 the ICS cybersecurity specialist Dragos announced that a safety controller (SIS) of a HIMA competitor in a process facility in the Middle East had been targeted by a new malware attack and successfully hacked. The SIS was compromised, leading to a shutdown of the facility. The professional execution of the attack again clearly shows that facility operators need to take the subject of cybersecurity very seriously. HIMA, a leading global independent vendor of smart safety solutions for the process industry, therefore offers to provide expert consulting on the subject of cybersecurity in safety-critical systems.

The above-mentioned cyberattack represents a new dimension of cyber threats to critical infrastructure. According to current knowledge, it was specifically planned and designed to target the SIS of a particular manufacturer. This sort of attack on a SIS, the first ever seen worldwide, is very sophisticated and only possible with significant effort.

Dr Alexander Horch, Vice President Research, Development & Product Management at HIMA, comments: “The incident with our competitor should serve as a wake-up call for all of us and further enhance awareness of the subject of cybersecurity in the industry. Work processes and organizational deficiencies are by far the most common areas of vulnerability for successful cyberattacks. System interfaces that remain open during operation and can be used to program the systems concerned, for example, give attackers a potential point of access. We urgently advise facility operators to not rely solely on cyber safe components, but instead to establish a comprehensive security concept for their own facilities.”

To achieve maximum safety and security, it is especially important for facility operators to implement the requirements of the standards for functional safety and automation security (IEC 61511 and IEC 62443) for physical separation between process control systems and safety and security systems.

In addition to providing automation solutions conforming to relevant national and international standards, HIMA supports plant engineers and operators in developing security concepts for the entire life cycle.
“For facility operators it is important to constantly keep an eye on potential forms of manipulation. In this regard, safety-critical applications are fundamentally different from other industrial PLC or office applications. Considerable expertise is necessary to ensure cybersecurity in safety applications. Maintaining and constantly refining security often poses a challenge to facility operators. It is therefore advisable to draw on the services of experienced safety and security experts in order to jointly develop and implement effective concepts”, says Heiko Schween, a security expert at HIMA.

December 2017 INSIDER discusses cyber-badness

Insiderlogo3The December 2017 INSIDER has been released. The cover story, “Extreme Badness from Malware and Design Flaws Impact Industry” discusses the two cyber issues impacting the ICS community that surfaced in late December: the Triton Exploit and Spectre and Meltdown. The INSIDER has been discussing this for years, and your editor and Joe Weiss beat the drum for years at Control magazine. The late Robert Adamski called something like the Triton Exploit “Adamski’s Nightmare.” It has been infecting my dreams since 2004, and I am pleased to pass it along to you. If you aren’t afraid yet, you haven’t been paying attention.

In the Health Watch, NIck Denbow and I look at the state of the Automation Industry through the lens of ABB, and we take a look at Endress+Hauser’s alliances, distribution, and newest product and what it means for Millenials as they become engineers and operators.

Rajabahadur Arcot’s article, “India’s expanding economy and emerging growth opportunities” rounds out the last issue of 2017.

If you’re not a subscriber, visit Become an INSIDER and subscribe. Individual subscriptions are $500 per year…that works out to less than $40 a month for the best news and commentary in the industry. Corporate subscriptions are also available. Contact David Spitzer for details.

 

 

 

Happy Holidays!

Insiderlogo3The staff of the INSIDER and Spitzer and Boyes LLC want to wish you all Happy Holidays, whichever tradition you follow. May your holidays be merry, and may your next year be better than this one. We hope your lives are filled with love and plenty, and your families be happy and secure.

With All Our Best Wishes!

 

 

Major Cyber Attack on SIS Systems–and we told you so!

Insiderlogo3The late Bob Adamski didn’t live to see his prediction from the early 2000s come true, but it has. Here are some of the reports:

From FireEye, on 12/14/17:

Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure

And on 12/15,

New TRITON ICS Malware is Bold and Important

Bob and I, and Joe Weiss, have been continuously predicting this development since at least 2004. Yet it is now 2017, and the systems are still vulnerable. This is stupid.

Although the attack apparently only accidentally shut down the plant, during a search for operational data, the attack could have easily been used to destroy the plant utterly by spoofing the SIS system and using it to cause extremely unsafe conditions leading to catastrophic accidents.

At some point, somebody has to be willing to recognize how fragile OT systems are, really, and how easily they can be disrupted. It is said that our civilization is three days from anarchy. The late Dr. Jerry Pournelle, inventor of the Star Wars Defense for Ronald Reagan, said we were three weeks from cannibalism if the lights went out and stayed out.

This is seriously dangerous, folks, and I am tired, and Joe Weiss is tired, and Bob Adamski was tired before he died, of being told we are fear-mongering. We aren’t. And now we can prove it.