by Gary Mintchell | Aug 11, 2022 | Business, News, Security
Cybersecurity continues its strong flow through my news feed. This interesting piece concerns Dragos launching a resource to help industrial asset owners and operators build their OT cybersecurity programs.
Dragos announced the launch of its new Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team), a cybersecurity resource designed for industrial asset owners and operators to help them build their OT cybersecurity programs, improve their security postures, and reduce OT risk.
Delivered via the OT-CERT portal, member organizations will have free access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. In addition, OT-CERT will coordinate with OEMs regarding disclosures for vulnerabilities discovered by Dragos threat intelligence researchers, as well as cyber threats detected by Dragos targeted at the OEMs’ products. OEM partnerships are critical to coordinated vulnerability disclosures and effective threat response to protect and support industrial infrastructure in the escalating cyber threat environment.
Dragos OT-CERT addresses a serious gap in securing industrial infrastructure: the lack of OT-specific resources readily available to the industrial infrastructure community. The gap is especially critical among small and medium sized businesses that often have limited expertise and resources to address ICS/OT cybersecurity risks. According to Gartner, “Organizations continue to face acute and growing shortages of OT security skills to foster and support IT/OT integration, and securely support digital transformation efforts.”
Want to join?
Organizations of all sizes are eligible for OT-CERT membership. Larger organizations will benefit from free resources such as OT best-practices blogs and OT vulnerability disclosures from Dragos’s industry-leading Threat Intelligence team. Dragos OT-CERT will also aid large companies by helping to improve the security posture of smaller organizations in their supply chain that can pose a risk to their business operations.
In launching this new resource, Dragos partnered with the National Association of Manufacturers, which represents 14,000 manufacturing companies in every industrial sector and supports them through a focus on both cyber threat identification and proactive security practices that are critical to making the entire supply chain more secure.
Initial Dragos OT-CERT partners include the National Association of Manufacturers, Emerson, Rockwell Automation, and four Information Sharing and Analysis Centers: E-ISAC (electricity), ONG-ISAC (oil and natural gas), DNG-ISAC (downstream natural gas), and WaterISAC.
by Gary Mintchell | Aug 5, 2022 | Manufacturing IT, Networking, Operations Management, Security
[Updated with correct name spelling.] Manufacturing companies began a digital journey decades ago. I began a digital project in 1978. Digital is one thing. Connectivity is another. My customer in 1994 told me he would never allow a wire from a PLC to anything else (other than I/O of course) as long as he was the controls leader. By 1999 he was retired and the plant had some connected controllers.
He was right, though. The concern was risk. And that was before anyone knew anything about cybersecurity. But there was risk of someone breaking in and messing with the program and settings.
And risk was a key word as I was introduced to BT, a networking and IT company, through an interview with global manufacturing lead Jose Gastey. He told me connected boxes leads to risks and liability. There is a constant tension between efficient services and risk. This was my introduction to BT. I had not interviewed anyone from there before.
Three Key Words, Connectivity, Collaboration, Cybersecurity
Gastey told me, “BT as a company had to change. The question was how to provide security around data that customers expect us to transmit for them. Last year BT invested in Safe Security. We can talk about financial risk alongside risk of data loss and hacking.”
Manufacturing has made tremendous investments in digital technologies and connectivity. That come with a risk. According to the 2021 NTT Global Threat Intelligence Report, threat actors have made manufacturing one of the five most targeted industries seven times over the last nine years. Cyber-espionage, data theft and other types of digital attacks have become the norm rather than the exception.
BT industry sales representatives have an additional security tool in their toolbox of solutions for their clients. The Safe Security SAFE (‘Security Assessment Framework for Enterprises’) platform allows organisations to take a health check of their existing defences and understand their likelihood of suffering a major cyber attack.
SAFE is unique in calculating a financial cost to customers’ risks and giving actionable insight on the steps that can be taken to address them. The platform ultimately enables organisations to surgically target gaps in their defences, and already protects multiple Fortune 500 companies and governments around the world.
Sustainability, 5G and Ecosystem
Before leaving the briefing, Gastey told me about two other BT emphases of interest to manufacturing—sustainability and 5G/WiFi6 networks.
“Sustainability adds another layer,” said Gastey. BT has joined with Cisco and Global Data to compile data about global sustainability. In this context, the focus here is reduction of energy consumption.
BT works with private 5G and WiFi6. Gastey says scaling is crucial element. “Engineers install 5G in a plant,” he says, “and business managers say, this is great. Now, roll out to 200 plants. But that is hard. There are too many differences from plant to plant. Solving scaling is a big problem.”
by Gary Mintchell | Jul 21, 2022 | Automation, Manufacturing IT, News, Security
I received this news late last week, Tuesday, July 19, Dragos and Emerson announced a partnership to strengthen ICS/OT cybersecurity and protect the critical infrastructure of industrial processes at the plant floor.
Emerson is a major industrial control system and software supplier while Dragos provides cybersecurity solutions above the device level. Emerson’s representatives typically interact with a company’s operation technology (OT) personnel. Dragos representatives forge close ties with the CISO team or other IT-oriented functions.
Why does this partnership make sense? I talked with Dan Schaffer, Dragos Sr. Business Development Manager, to gain an insight.
He told me OEMs have close ties to the operation technology side of a company, while cybersecurity companies maintain close ties to parts of the IT side. While most companies have succeeded in fostering environments bringing the two groups together, OT and IT inevitably have different pain points. Bringing a partnership of OEM and Security companies to the conversation adds value to the customer.
Schaffer pointed to an earlier partnership between the two companies through the Ovation water/wastewater business. This partnership adds DeltaV to the mix greatly expanding markets that can be served. Having Dragos validated on DeltaV provides more confidence for customers.
The partnership, among other things, includes a deep technology integration that will improve threat detection and response across the entire industrial OT environment and add Dragos Platform capabilities hyper-focused on DeltaV DCS-specific ICS networks.
This from the press release:
With this agreement expansion, Emerson has validated the Dragos Platform within its DeltaVTM distributed control system (DCS) providing organizations with greatly enhanced ICS/OT cybersecurity. This extended agreement builds on the initial global agreement between Dragos and Emerson to protect industrial control systems and operational technologies for power producers and water utilities to now include organizations in dozens of industries including oil and gas, chemical, petrochemical, food and beverage, pharmaceutical, pulp and paper, metals and mining, and others.
Emerson has agreements with cybersecurity companies at the end point. Here is a description of what this partnership brings.
The Dragos OT Security Platform is focused on reducing cyber risk to industrial environments. It provides visibility into assets and vulnerabilities, detects cyber threats to industrial systems, and enables efficient response through forensic investigation and OT-specific playbooks.
Speaking of those playbooks—Schaffer mentioned them in our conversation. They reminded me of descriptions within the book The Checklist Manifesto: How to Get Things Right by Atul Gawande. Indeed, there are similarities. They are similar to the books pilots of commercial airlines refer to in emergencies to remember critical steps for recovering control. Operators seldom see cyber attacks. When they do, such a guide would be invaluable.
by Gary Mintchell | Jul 13, 2022 | Automation, Embedded Control, Security
OK, I could use scare tactics like a mass market “journalist” talking about Russia and threats nuclear warfare. On the other hand, how would the control system on your critical infrastructure withstand a high altitude nuclear electromagnetic pulse (EMP) blast?
If you are using a controller from Bedrock Automation, this video documents tests of high voltage EMP resistance. Independent test lab certifies that the Bedrock OSA control platform and power supplies can survive repeated high voltage electromagnetic pulse (EMP) blasts
The video documents independent test procedure by which Bedrock’s Open Secure Automation (OSA) platforms have achieved compliance with U.S. Military Standard 461 (MIL-STD-461G) for electromagnetic pulse resistance. The system withstood repeated electromagnetic pulse blasts per the RS105 test, equivalent to what a high-altitude nuclear EMP detonation might deliver.
As defined by the RS105 Test Criteria, National Technical Systems, Inc., a leading independent provider of qualification testing, inspection, and certification solutions, subjected the Bedrock systems under test to a total of 67 EMP strikes in X, Y, and Z orientations. The 67 strikes are part of the test, starting at 50% (25,000 volts/m) and the last 5 strikes are at the full 50,000 volts/m.
Although surviving electrical blasts of 50,000 volts/m was required to meet the standard, the testing team maxed out the test chamber at 107,000 volts/m and the Bedrock systems under test survived multiple rapid strikes and remained operational.
by Gary Mintchell | Jul 5, 2022 | Automation, Industrial Computers, Internet of Things, Security
Emerson’s acquisitions have moved it more firmly into discrete manufacturing operations. This news of a new programmable automation controller family of products manages to combine benefits of control, automation, industrial Internet of Things (IIoT), analytics while “minimizing the need for specialized software engineering talent.” Automation suppliers have been on a fervent journey toward providing products that are easier to use for talent-strapped customers. It also brings in current requirements for security and open protocols.
Emerson, a global software, technology and engineering leader, announced the release of its PACSystems RSTi-EP CPE 200 programmable automation controllers (PAC). CPE 200 controllers will deliver large programmable logic controller (PLC) capability in a small, cost-effective, IIoT-ready form factor so machine manufacturers do not need to sacrifice performance for price.
Providing features that help speed time to use, the CPE 200 series offers security-by-design, open programming, and open communications built in to simplify connectivity to external analytics software platforms while reducing cost and complexity for OEMs and end users.
“Gaining competitive edge in today’s marketplace means having the flexibility to connect to the wide array of equipment end users employ as part of their proprietary processes, and supporting secure, open connectivity to allow easy access to on-premises and cloud-hosted analytics platforms,” said Jeff Householder, president of Emerson’s machine automation solutions business. “The CPE 200 series controllers take advantage of Emerson’s cybersecure-by-design architecture, common programming capabilities, and IIoT readiness to provide options currently missing in legacy compact PLCs.”
The controllers offer open communications through native, pre-licensed support for OPC UA Secure and other common industrial protocols for flexible connectivity over high-speed Gigabit Ethernet. IEC 61131 programming languages and C, the world’s most popular and easiest-to-use programming language, help engineers write and run the high-performance algorithms that enable proprietary production strategies and advanced automation technologies.
by Gary Mintchell | Jun 10, 2022 | Automation, Embedded Control, News, Security, Technology
Yesterday was a travel day and I didn’t get anything posted. I’ve been busted back in my airline priority (no traveling during Covid). I’m in the economy seats with no room to pull out the laptop. So, I rest up.
What with a user group week followed by Hannover followed by the ARC Forum, news abounds. I’m also working on essays about data and about open vs. Interoperable. Ideas that have sprung from my reading and conversations.
I had several meetings with Schneider Electric this week at ARC. The really big thing to watch is its work with Universal Automation promoting IEC 61499. The question I asked around the conference with no suggestions of answers forthcoming was “will there be a critical mass of companies and users that upsets the automation and control market?” We will watch and evaluate.
Three pieces of news this week: Digital Twin Software; collaboration on security with Claroty; collaboration with Intel.
Schneider Electric launches digital twin software solution
Short take: EcoStruxure Machine Expert Twin cuts commissioning time by 60% and reduces time-to-market by 50% by revolutionizing the design and build processes
Schneider Electric has launched EcoStruxure Machine Expert Twin, a scalable digital twin software solution to manage the entire machine lifecycle.
The software enables original equipment manufacturers (OEMs) to create digital models of real machines so they can be designed and commissioned virtually before building the machine itself. EcoStruxure Machine Expert Twin’s intuitive environment includes drag-and-drop mechatronic components, VR/AR interfaces, and application-focused libraries, all of which enable the parallel engineering of mechanical, electrical, and control tasks.
EcoStruxure Machine Expert Twin spans the entire machine lifecycle, from sales, concept, and design, to manufacturing and operation. Transforming design ideas into convincing sales animations helps customers to properly visualize the end product, while the in-depth design helps to improve and verify prototypes, reduce risk and quality costs, and speed up time-to-market.
Claroty and Schneider Electric Collaborate to Enhance Industrial Cybersecurity
Short take: Reinforces commitment to industry-leading operational cybersecurity through collaboration
Schneider Electric has announced its collaboration with Claroty, the security company for cyber-physical systems across industrial, healthcare, and commercial environments.
The agreement builds on the existing relationship between the two leading companies and leadership in their respective industries. Schneider Electric will now integrate The Claroty Platform into their offering, enabling them to better address new cybersecurity concerns, including protection, safety and insurance for industrial customers.
Schneider Electric collaborates with Intel to Drive Industrial Innovation
Short take: Project to enhance industry’s first Universal Automation system, EcoStruxure Automation Expert by creating a Distributed Control Node (DCN) software framework
Schneider Electric announced a collaboration with Intel to extend EcoStruxure Automation Expert by creating a Distributed Control Node (DCN) software framework complimented by an associated Intel processor-based DCN hardware offering.
By combining the performance, security and deployment capabilities of Intel Edge Controls for Industrial (ECI) technology with EcoStruxure Automation Expert, the DCN framework can simplify and speed the development of software defined control systems. Additionally, the DCN will enable EcoStruxure Automation Expert – the world’s first software-centric automation system – to scale faster and further in process industries, including energy and chemicals, mining, water/wastewater, pharmaceuticals and hybrid markets.
This DCN development will be based on Universal Automation (UniversalAutomation.org), an organization that manages the implementation of a shared source runtime based on the IEC61499 standard. EcoStruxure Automation Expert represents the first of a new era of automation software based on this shared runtime.
A fundament feature of EcoStruxure Automation Expert is the ability to decouple software from hardware. This allows hardware to be upgraded as required to improve system performance while the application remains the same, thereby protecting the customers intellectual property and investments. The joint effort between Schneider Electric and Intel illustrates the industry’s transition from fixed-function hardware to software-defined, flexible, plug and produce solutions that deliver customers greater operational effectiveness.
Initial results of this joint DCN framework development will be shared at this fall’s Schneider Electric Innovation Summit – Las Vegas (October 12-13).
