by Gary Mintchell | Dec 15, 2017 | Automation, Safety, Security
There was evidently a cybersecurity incident spotted yesterday. There was a report on FireEye quoted below. I also received this statement from CyberX. I am not primarily a cybersecurity writer, but this is significant.
“We have information that points to Saudi Arabia as the likely target of this attack, which would indicate Iran as the likely attacker. It’s widely believed that Iran was responsible for destructive attacks on Saudi Arabian IT networks in 2012 and more recently in 2017 with Shamoon, which destroyed ordinary PCs. This would definitely be an escalation of that threat because now we’re talking about critical infrastructure — but it’s also a logical next step for the adversary. Stuxnet and more recently Industroyer showed that modern industrial malware can be used to reprogram and manipulate critical devices such as industrial controllers, and TRITON appears to be simply an evolution of those approaches.” Phil Neray, VP of Industrial Cybersecurity for CyberX, a Boston-based industrial cybersecurity firm.
From the FireEye report (see complete analysis on its Website).
Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes. We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. We have not attributed the incident to a threat actor, though we believe the activity is consistent with a nation state preparing for an attack.
TRITON is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It follows Stuxnet which was used against Iran in 2010 and Industroyer which we believe was deployed by Sandworm Team against Ukraine in 2016. TRITON is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.
The attacker gained remote access to an SIS engineering workstation and deployed the TRITON attack framework to reprogram the SIS controllers. During the incident, some SIS controllers entered a failed safe state, which automatically shutdown the industrial process and prompted the asset owner to initiate an investigation. The investigation found that the SIS controllers initiated a safe shutdown when application code between redundant processing units failed a validation check — resulting in an MP diagnostic failure message.
We assess with moderate confidence that the attacker inadvertently shutdown operations while developing the ability to cause physical damage for the following reasons:
Modifying the SIS could prevent it from functioning correctly, increasing the likelihood of a failure that would result in physical consequences.
TRITON was used to modify application memory on SIS controllers in the environment, which could have led to a failed validation check.
The failure occurred during the time period when TRITON was used.
It is not likely that existing or external conditions, in isolation, caused a fault during the time of the incident.
The TRITON attack tool was built with a number of features, including the ability to read and write programs, read and write individual functions and query the state of the SIS controller. However, only some of these capabilities were leveraged in the trilog.exe sample (e.g. the attacker did not leverage all of TRITON’s extensive reconnaissance capabilities).
The TRITON malware contained the capability to communicate with Triconex SIS controllers (e.g. send specific commands such as halt or read its memory content) and remotely reprogram them with an attacker-defined payload. The TRITON sample Mandiant analyzed added an attacker-provided program to the execution table of the Triconex controller. This sample left legitimate programs in place, expecting the controller to continue operating without a fault or exception. If the controller failed, TRITON would attempt to return it to a running state. If the controller did not recover within a defined time window, this sample would overwrite the malicious program with invalid data to cover its tracks.
by Gary Mintchell | Dec 7, 2017 | Automation, Internet of Things, Operations Management, Safety, Wireless
An enterprise computing and IT infrastructure company user event seems a weird place for a discussion of the Internet of Things and the Refinery of the Future. But there I was moderating a bloggers’ Coffee Talk with Doug Smith, CEO, and Linda Salinas, plant manager, of Texmark Chemicals, along with an executive of Hewlett Packard Enterprise (HPE) and one from PTC (ThingWorx).
HPE invited me to Madrid, Spain, (and paid my expenses) as an Operations Technology blogger to participate in Influencer sessions, interview a number of technologists, and experience its Discover Madrid user conference. Several times during each of the three days November 28-30 we participated in coffee talks. These were Live Streamed by Geekazine. This is a link to the first day. My session was toward the beginning of the first day, and I appear at the end of day three.
Telling the IoT Story
Texas toll manufacturer Texmark Chemicals teamed with HPE and Aruba to build a Refinery of the Future featuring advanced IIoT capabilities. The results: better process analytics, increased up-time, uninterrupted productivity, satisfied customers, and safer workers.
Every IoT implementation I have seen so far relied on predictive maintenance as the justifying application. Here, the first priority was safety. Then came predictive maintenance, improved operations, and consistent quality.
Texmark produces dicyclopentadiene (DCPD), a polymer precursor for everything from ink to boats. DCPD manufacturing processes involve flammable materials requiring stringent safety measures — and as demand increases, so does the complexity of the supply chains that rely on it.
Its manufacture involves heat and highly reactive chemicals, making safety a top priority. And as demand for DCPD grows, the global supply chain becomes increasingly complex, requiring ever more stringent controls, granular visibility, uninterrupted productivity, and regulatory oversight. Texmark must ensure its workers adhere to Process Safety Management (PSM) procedures at all times, and that its facility is managed in ways that put worker and community safety first.
As a contract manufacturer, Texmark must be prepared to adapt to customer requirements, which can change with little advance warning.
And it must continually drive plant efficiency and productivity. Historically, Texmark has depended on physical inspections of process equipment to ensure all systems remain in working order. However, these plant walk-downs can be time-consuming and labor-intensive. Texmark has 130 pumps in its plant, and spends nearly 1,000 hours a year on walk-downs and vibration analysis.
Depending solely on physical inspections also carries risk, because it relies on employees who — based on years of experience — can tell if a pump is starting to malfunction by recognizing slight variations in its noise and vibrations. But what happens if an employee with that skill is out sick, or reaches retirement age? Texmark needs ways to institutionalize that type of intelligence and insight.
Texmark’s vision for next-generation worker safety, production and asset management hinges on the emerging promise of the Industrial Internet of Things (IIoT): sensored devices combined with advanced analytics software to generate insights, automate its environment, and reduce the risk of human error.
The IIoT architecture must eliminate the need to transmit device data over a WAN, but instead support analytics at the edge to deliver real-time visibility into equipment and processes.
Texmark launched a multi-phase project to implement an end-to-end IIoT solution. Phase 1 and 2 established the digital foundation by enabling edge-to-core connectivity. Aruba deployed a secure wireless mesh network with Class 1 Div 1 access points and ClearPass for secure network access control. Aruba beacons provide location-based services for plant safety and security purposes. The wireless solution cost about half of what it would have cost to deploy a hardwired network.
For its edge analytics, Texmark selected the HPE Edgeline Converged IoT platform, an industrialized solution that supports robust compute capabilities. HPE Pointnext implemented the system as an HPE Micro Datacenter, which integrates its compute and networking technology within a single cabinet. HPE also upgraded Texmark’s plant control room to enable seamless edge-to-core connectivity and high-speed data capture and analytics, and to meet Texmark’s safety and security standards. The Edgeline system runs Texmark’s Distributed Control System software, integrating its operations technology and IT into a single system.
Phase 3 builds on the foundation established by these technology solutions to support Texmark’s use cases: predictive analytics, advanced video analytics, safety and security, connected worker, and full lifecycle asset management.
Texmark’s new IIoT solution will help make its workers even safer. It can monitor fluid levels, for example, reducing the risk of spills. It can alert Texmark immediately if a system starts to malfunction, enabling the company to respond before workers or production are endangered. And in the event of an emergency, it can help protect workers by ensuring Texmark knows their precise location and movements within the facility.
Other benefits will improve the company’s bottom line. Texmark can use data from IIoT sensors to identify which systems require hands-on evaluations, for example, so it can conduct physical inspections in a more focused and efficient manner.
The new IIoT solution makes it easier for the company to plan inspections and maintenance. To work on distillation columns, Texmark must often take systems offline and erect costly scaffolding. Improved maintenance planning will reduce these associated costs by at least 50%.
by Gary Mintchell | Jul 10, 2017 | Automation, Podcast, Safety, Security
Cybersecurity and safety in an industrial environment complement each other. People may think that these are separate disciplines, but such is definitely not the case.
That is the message we explore in this Gary on Manufacturing podcast featuring a conversation with two Rockwell Automation experts–Lee Lane, chief product security officer, and George Schuster, functional safety expert.
The first class I took from Rockwell on safety was most likely around 1995. Since that time, I’ve seen the growth of safety products and services grow steadily. During that time, I’ve featured Rockwell safety experts twice on these podcasts.
The first was Podcast 125 on the Safety Automation Builder software with OEM Technical Consultant Jonathan Johnson. We learn that the tool is part of trend of providing easy-to-use tools for engineers to help them improve design, get projects done faster and provide end-of-project documentation.
The second was Podcast 138 on the Safety Maturity Index a conversation with Rockwell’s Steve Ludwig, Safety Programs Manager, and Mark Eitzman, Safety Market Development Manager, who provide an update on acceptance of the SAB and discuss the Safety Maturity Index.
Here is Podcast 165–Safet and Security
by Gary Mintchell | Feb 24, 2017 | Automation, Internet of Things, News, Operations Management, Safety, Software, Technology
Connections, services, augmented reality. Three technology directions and three companies that contacted me last month to point out some cool things going on, often beneath the radar. One of them just raised a bunch of VC money, though. I think you’ll be hearing more.
Now that I’m catching my breath from a couple of intense weeks with the ARC Forum and then the Industry of Things Conference, I have time to look at some new directions.
Knowledge Connected
Omnity uses the tagline Knowledge, connected. It accelerates the discovery of otherwise hidden, high-value patterns of interconnection within and between fields of knowledge as diverse as science, medicine, engineering, law and finance.
More than 2,500 scientific papers and 2,200 patent applications are published every day. Just the last five years of most scientific and engineering fields have produced on the scale of 100,000 documents. Reading these one an hour would take 50 years, a professional lifetime. Pair-wise comparison of these documents at three minutes per comparison would take more than 9,000 years, nearly the length of recorded human civilization. It is impossible to stay current in any field, much less the boundaries between two or more different fields, where most innovation occurs.
Omnity enables research and development professionals in all fields to rapidly and efficiently detect otherwise hidden patterns of relevant document interconnections. Whether for basic research or advanced product development, Omnity allows real-time insight into complex document sets, enabling research and development professionals to efficiently and systematically answer a wide range of questions. Read more here.
I heard about it on the podcast/radio show Tech Nation.
Augmenting Field of Vision
Safety Compass overlays information on your smartphone camera view, enhancing your field of vision. Warnings when and where you need it most—it is with you at work whenever and wherever you are, with coverage for the entire team. Simple, clear functionality with interactive hazard information suits any workplace size.
- Sign in and Select Your Site
- Supervisors can add a site or specific area on site within minutes.
- Adding hazard information is easy, simply follow the prompts to identify issues quickly.
- Workers can then sign in with secure login details and select from any number of relevant worksites.
- Scan Your Location for Hazards Using Augmented Reality
- The Safety Compass uses intuitive augmented reality to communicate hazard information to users in the field.
- Using the phone’s GPS and accelerometers the app superimposes real time information onto the camera view that adapts and compensates for worker’s field of vision.
- View Hazards Site-Wide
- By accessing the worker’s physical location, the app presents vital information on present dangers straight to the worker’s phone, avoiding the necessity of bulky safety manuals to locate and manage risk.
- A worker’s position is shown in relation to hazards, and workers can zoom, tilt and pan across a detailed site map.
- Access In-Depth Safety Information
- Workers receive critical site information well before they enter a hazardous area, allowing them time to prepare for safe work practices and overcoming the challenges of reading large volumes of complicated text in dark, shifting, loud or crowded environments.
- Additional safety information including video content can be added for more detail.
Frameworks of Applications
MuleSoft Agility starts with an application network according to MuleSoft. Mobility, Cloud services, the Internet of Things are creating incredible opportunities for business — but they’re raising customers’ expectations. MuleSoft builds application networks: seamless frameworks of applications, data sources, and devices connected by APIs, whether on-premises or in the cloud. They speed up app launch and modification cycles, make it easier to secure and manage access, and ultimately enable companies to do more — and faster — with less.
Leverage the power of API-led connectivity for a complete connectivity solution for digital business. Connect and orchestrate data on IoT devices, across devices, or with back-end applications. Leverage open standards and developer-friendly tools for speed and productivity. Connect to devices using out-of-the-box transport protocols like Zigbee and MQTT. Adapt Anypoint Platform to fit IoT architecture, not the other way around. Achieve full flexibility with a hybrid architecture and extensibility to connect future technologies.
MuleSoft recently received a large investment. Look for more from it.
by Gary Mintchell | Nov 16, 2016 | Automation, Safety
This is another of a series of posts from the Rockwell Automation show Automation Fair last week. This stop on the tour concerned Safe Machines. The safety team has been active for many years now developing new products and initiatives. Not everything they do is expressly pointed at selling a product. Often they are out in public teaching safe machine practices, risk assessment, and safe machine design.
They showed a BevCorp machine that had been designed with the latest safety advances in mind. The idea involved removing incentives to defeating safeties. One feature is an ultra-wide door that allows access to more of the machine.
The safety system has a “request to enter” function. This is a high inertia filler machine. Activating the function begins with guiding the machine to a slow stop at a repeatable location. Therefore the controls always know status without requiring a reboot. Of course, there is a safe reduced speed mode to allow maintenance without a shutdown.
Integral with the Connected Enterprise philosophy of Rockwell Automation, the HMI and software collects data on who/what stopped the machine, which safety devices were triggered, and the like. From this data, employee behavior can be ascertained.
This leads to the real value of Connected Enterprise–production, engineering and EH&S can come together to evaluate the entire system from all points of view. The goal is to maintain productivity through use of a safe machine.
I’ve followed Rockwell Automation safety for years. In fact, I can remember classes in the 90s before becoming an editor on risk assessment and the launch of safety products. There have been two popular podcast interviews at Automation Minutes one on Safety Automation Builder and the other on the Safety Maturity Index.
This is the last stand where I had a deep dive. Following will be a review of partners who also exhibited at the Fair. Then it will be on to the next conference–which I couldn’t visit in person, but I have some interviews.
by Gary Mintchell | Oct 31, 2016 | Automation, News, Safety, Software, Technology
I have a little batch of process automation and industry news involving predictive technologies—two acquisitions and a new safety product. Congratulations to Mike Brooks and the team at Mtell for a good exit. Also congratulations to the MaxEAM folks. Finally, an important new take on process automation safety from PAS.
MTell Acquired by Aspen Technology
Aspen Technology Inc., a provider of software and services to the process industries, announced it has acquired Mtelligence Corp. (known as Mtell), a San Diego, California-based pioneer in the field of predictive and prescriptive maintenance for asset performance optimization.
Mtell products enable companies to increase asset utilization and avoid unplanned downtime by accurately predicting when equipment failures will occur, understanding why they will occur, and prescribing what to do to avoid the failure.
The products provide a low-touch, rapidly deployable, end-to-end solution that combines a deep understanding of operations and maintenance processes, real-time and historical equipment data and cutting-edge machine learning technologies. As a result, customers can:
- Monitor the health of equipment, detect early failure symptoms, diagnose their root-cause and recommend the best responses to avoid the failure
- Continually learn and automatically adapt to changing equipment and process behaviors
- Automatically share findings across a network of similar equipment to improve the overall process performance.
Some of the world’s largest process manufacturing companies use Mtell. Customer results have shown significant benefits including improved industrial safety, removal of risk, reduced failures, enhanced productivity and increased profitability.
Mtell products include:
- Previse – Mtell’s flagship end-to-end machine learning solution that monitors equipment health 24/7, detects early indicators of degradation or failures, diagnoses the root cause and prescribes responses that prevent breakdowns and unplanned downtime.
- Basis – A connected condition monitoring application that facilitates collaboration between operations and maintenance organizations to determine the best course of action for equipment alert conditions.
- Reservoir – A high performance, scalable, big data repository that captures, manages and synchronizes large volumes of time series, event and asset data from multiple sources.
- Summit – A remote monitoring center application for monitoring, analyzing and benchmarking asset performance.
The purchase price of the transaction was $37M. Additional terms are disclosed in AspenTech’s Quarterly Report on Form 10-Q for the first quarter of Fiscal 2017 filed with the United States Securities and Exchange Commission.
Schneider Electric Adds to Asset Management Portfolio
Schneider Electric, the global specialist in energy management and automation, announced the acquisition of MaxEAM, a software company with complementary applications that extend Avantis.PRO Enterprise Asset Management. The acquisition further solidifies the portfolio and adds valuable domain expertise to Schneider Electric’s existing team.
Schneider Electric and MaxEAM have a long standing business relationship working together to deliver successful customer projects on a global scale. The acquisition gives customers a single point of contact for support and delivery services, and more closely aligns future product development.
“The strength of our asset management portfolio continues to grow, both organically and through acquisition. MaxEAM enhances the functionality of our Avantis.PRO offering, securing the investment our customers have made in our products,” said Rob McGreevy, Global Vice President, Software at Schneider Electric. “The addition of MaxEAM subject matter expertise and technology will allow us continued expansion of our industry-leading Enterprise APM platform.”
“Our advanced technology linked to mobile work execution streamlines processes, adding tremendous capabilities for mobile workers,” said Eric Stern, President of MaxEAM. “Schneider Electric’s Enterprise APM platform is the broadest in the market today. I’m excited that our people and technology will be an integral component to the overall offering.”
Two years ago Schneider Electric acquired InStep Software, adding advanced predictive analytics. That acquisition furthered its delivery of Enterprise APM solutions leveraging the Industrial IoT, helping to close the gap between IT and OT.
PAS Launches Process Safety Analytics Software
PAS Inc., the solution provider of process safety, cybersecurity, and asset reliability for the energy, power, and process industries announces the general availability of its newest product, PAS IPL Assurance. The software provides real-time predictive analytics on the health and availability of the safety instrumented systems (SIS), Alarm Management Systems, and other Independent Protection Layers (IPL). In addition to managing operational risk, IPL Assurance reduces compliance costs by automatically reporting on the SIS performance during a demand on the safety system.
PAS IPL Assurance delivers actionable information on safety instrumented systems, alarm systems, control loops, and operational boundaries to streamline compliance activities and expose operational risk. As a result, plant personnel can mitigate abnormal situations before they impact plant safety, reliability, and profitability.
IPL Assurance provides the following analytics, alert, and visualization features:
• Safety instrumented function (SIF) performance management,
• Testing and maintenance management,
• Demand on safety system rate tracking,
• Status of safety related alarms,
• Safety system bypass management, and
• Safety and operational risk dashboard.
“IPL Assurance provides up-to-date IPL lifecycle management so that operations can immediately ascertain the overall risk profile of any facility,” said Mark Carrigan, Senior Vice President of Global Operations at PAS. “This visibility from an automated single source of truth is essential to preventing critical safety incidents and supporting IEC and OSHA compliance requirements.”
