by Gary Mintchell | Aug 8, 2019 | Internet of Things, Manufacturing IT
The spread of connected devices with the resultant flow of data throughout the industrial enterprise spurs concern for security and trustworthiness of that data. The Industrial Internet Consortium (IIC) and its members recognize this problem / challenge.
I normally have a conversation with the authors of the IIC papers to get a context and sense of all the work involved in their development. In this particular case, I ran out of time. Many of you know that I am up to my eyes in soccer activities at this time of year. I just finished leading a class of new referees while I am at one of my peak times for assigning referees to games. Sometimes, I just don’t have enough hours. I bet you have never felt that…
So, IIC has published the Managing and Assessing Trustworthiness for IIoT in Practice white paper. The paper serves as an introductory guide to trustworthiness in IIoT, which is driven by the convergence of IT with OT, and includes a definition of trustworthiness, examples and a best-practice approach to managing trustworthiness in IIoT systems.
Confidence is essential to business, including confidence that the consequences of decisions and processes are acceptable and that business information is handled properly. The advent of IIoT means that confidence is also now required in technologies, physical components, and systems in addition to confidence in individuals, organizations and processes.
“The fact is that it is possible to have ‘too much’ trustworthiness,” said Jim Morrish, co-Chair of the IIC Business Strategy and Solution Lifecycle Working Group. “Trustworthiness costs, in terms of the costs of devices and associated software, and also often in terms of user experience and functionality. A trustworthiness solution for a nuclear processing plant would be an unnecessary hindrance to the day-to-day operations of a peanut butter manufacturer.”
The white paper’s best-practice approach to managing trustworthiness is comprised of four phases: baselining the system, analyzing potential trustworthiness events, implementing trustworthiness targets and governance, and iterating and maintaining the resulting trustworthiness model.
“This whitepaper demonstrates that trustworthiness is more than just another academic phrase to describe expectations of stakeholders, operators and users of an IIoT system,” said Marcellus Buchheit, President and CEO of Wibu-Systems USA, cofounder of Wibu-Systems AG in Germany and co-chair of the IIC Trustworthiness Task Group. “This paper presents several models that show how trustworthiness can be practically used in business decisions to increase trust in an IIoT system under the impact of business reality and constraints.”
The white paper also highlights that trustworthiness is not a static concept. “An IIoT system must address trustworthiness requirements throughout the lifecycle of the system. This means that industrial IoT trustworthiness is not a project with a finite start and a finite end. It is a journey that must be powered by an established program,” said Bassam Zarkout, founder of IGnPower and co-author of the paper.
“Security is already recognized as one of the most important considerations when designing an IIoT system,” said Frederick Hirsch who is a Standards Manager at Fujitsu, and also co-chair of the IIC Trustworthiness Task Group. “This white paper expands on that thinking by recognizing that safety, privacy, reliability and resilience need to be considered in conjunction with security to establish trust that IIoT systems will not only be functional but also will not harm people, the environment or society.”
The white paper discusses a live example of an IIoT system analysed from a trustworthiness perspective. Fujitsu’s Factory Operation Visibility & Intelligence (FOVI) system (and IIC testbed) has the primary goal of bringing more visibility of operations to plant managers in near-real time. The goal is to reduce human errors, bring more predictability to product assembly and delivery, and optimize production all while ensuring a sufficient level of trustworthiness.
“FOVI highlights how the different aspects of trustworthiness can impact business performance,” said Jacques Durand, Director of Engineering and Standards at Fujitsu, co-Chair of the IIC Business Strategy and Solution Lifecycle Working Group and also a member of the IIC Steering Committee. “For instance slowing down a production line can reduce costs associated with stress on machinery and machine operators, but such a course of action may also adversely impact productivity or lead time. In the white paper we highlight the need to understand trade-offs and to use metrics in a data-driven and intelligent manner.”
The Managing and Assessing Trustworthiness for IIoT in Practice white paper sets the stage for further work that the IIC will undertake focusing on trustworthiness.
The full IIC Managing and Assessing Trustworthiness for IIoT in Practice white paper and a list of IIC members who contributed can be found on the IIC website.
by Gary Mintchell | Jul 25, 2019 | Commentary, News, Security
The International Society of Automation (ISA) held a press conference today to announce the first Founding Members of its new Global Cybersecurity Alliance (GCA): Schneider Electric, Rockwell Automation, Honeywell, Johnson Controls, Claroty, and Nozomi Networks.
As we would expect, the speakers emphasized the importance of standards as the foundation for work in the Alliance. Speakers also tied in safety and productivity as partners with cybersecurity in protecting and improving manufacturing and critical infrastructure facilities and processes. I’m not so sure just exactly what the Alliance will accomplish, but if it succeeds in just raising awareness and a sense of urgency among companies it the industries, it will have accomplished an important task.
ISA created the Global Cybersecurity Alliance to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. The Alliance brings end-user companies, automation and control systems providers, IT infrastructure providers, services providers, and system integrators and other cybersecurity stakeholder organizations together to proactively address growing threats.
ISA is the developer of the ANSI/ISA 62443 series of automation and control systems cybersecurity standards, which have been adopted by the International Electrotechnical Commission as IEC 62443 and endorsed by the United Nations. The standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. The standards approach the cybersecurity challenge in a holistic way, bridging the gap between operations and information technology.
Leveraging the ISA/IEC 62443 standards, the Global Cybersecurity Alliance will work to increase awareness and expertise, openly share knowledge and information, and develop best practice tools to help companies navigate the entire lifecycle of cybersecurity protection. The Alliance will work closely with government agencies, regulatory bodies, and stakeholder organizations around the world.
“Accelerating and expanding globally relevant standards, certification, and education programs will increase workforce competence, and help end users identify gaps, reduce risks, and ensure they have the tools and systems they need to protect their facilities and installations,” said Mary Ramsey, ISA Executive Director. “Through the proliferation of standards and compliance programs, we will strengthen our global cyber culture and transform the way industry identifies and manages cybersecurity threats and vulnerabilities to their operations.”
The press release notes that first Founding Members of the Alliance are leading multi-national, industrial-technology providers with deep expertise in technology and applications, and they’ll apply their experience and knowledge to accomplish the Alliance’s priorities. However, two of the members were represented by building automation divisions. Two of the members are cybersecurity suppliers. Rockwell Automation is a pure play factory and process automation company and its Maverick Technologies division has been an ardent supporter of ISA. Schneider Electric is a large, multi-disciplined company, and I’m not sure which division within it is the sponsor.
“Participating in the Alliance truly shows the commitment our founding members have to the safety and security of the industrial ecosystem, as well as the criticality of collectively moving forward together to ensure the standards, best practices and methods are applied,” Ramsey said.
“ISA engaged with discussions, initiated by Schneider Electric, to create an ISA-led global, open and industry-wide alliance comprised of all cybersecurity stakeholder companies. ISA quickly expanded those conversations to include Rockwell Automation, Honeywell, Johnson Controls, Claroty, and Nozomi Networks. These first Founding Members have since worked together to help us define the Alliance’s objectives. We are thankful for their collaboration and commitment. Together we welcome companies and organizations from all segments of industry to join our efforts.”
The Alliance is seeking additional members to support its initiatives. End-user companies, asset owners, automation and control systems providers, IT infrastructure providers, services providers, and system integrators and other cybersecurity stakeholder organizations are invited to join. Annual contributions to fund initiatives are based on company revenues and are tax-deductible.
Perspectives: Quotes from the ISA Global Cybersecurity Alliance Founding Members
“Over the last few years, global industry has recognized that taking on increasingly dangerous cyber risks can’t be limited to a single company, segment, or region. However, until now, there has been limited ability to respond as a unified whole to these worldwide threats. But by establishing an open, collaborative, and transparent body, with a focus on strengthening people, processes, and technology, we can drive true cultural change. We are pleased that ISA has stepped forward, and we look forward to working openly and collaboratively with them, our fellow Founding Members, and many others affiliated with global industry, especially end users. Together we will bring to bear the standards-based technology, expertise, and special skills required to better secure and protect the world’s most critical operations and the people and communities we serve.” — Klaus Jaeckle, Chief Product Security Officer, Schneider Electric
“Cybersecurity is critical to digital transformation. It’s critical not only for the protection of information and intellectual property, but also for the protection of physical assets, the environment, and worker safety. We make it a priority to collaborate with partners and research institutions to develop secure products. Rockwell Automation participated in the development of the 62443 standards from the beginning and continues to support ISA cybersecurity initiatives. Our engagement with the Global Cybersecurity Alliance will be another important step in our efforts to help customers identify and mitigate risks.” — Blake Moret, CEO, Rockwell Automation
“Cybersecurity is the great equalizer to all companies. It’s critical to the connected world we live in and the cornerstone of trust that the world needs to be able to operate. Whether protecting critical infrastructure or managing a building’s operations, users need to do this with the confidence the employed systems are robust and secure. We are committed to and proud to work together ISA and the GCA members to continue to drive the adoption of the ISA/IEC 62443 series of standards and identify further ways to secure and protect the connected world which we live. At Honeywell, we see cybersecurity as a core part of the future we are making, and we see the GCA as an important way to work together to make that happen.” — Matthew Bohne, Vice President and Chief of Product Security, Honeywell Building Technologies
“Digital transformation in the building sector continues to accelerate, which heightens the urgency for cybersecurity across the industry and beyond. As a leader in the industrial automation controls business, Johnson Controls is already a strategic member of the ISASecure program and is consistently taking proactive actions to protect customers against cyber-threats and risks. Joining ISA Global Cybersecurity Alliance is a necessary and meaningful step as it supports our company values, customer adoption of the ISA/IEC 62443 standard and efforts to educate global government and regulatory bodies. We are proud to solidify our commitment to this important effort.” — Jason Christman, Vice President, Chief Product Security Officer, Global Products, Johnson Controls
“One of the most effective ways to drive consistency in an industry is by putting standards in place, and we’re looking forward to collaborating with all of these founding members, as well as future Alliance members, to help drive global best-practices forward in this historically standard-less environment. Claroty is committed to the mission of protecting all IoT and OT networks from cyber risks. Through our work with the Global Cybersecurity Alliance, we will be able to help shape the future of cybersecurity in these high-risk industries.” — Dave Weinstein, Chief Security Officer, Claroty
“Nozomi Networks believes real community collaboration, actionable standards and effective education are key ensuring a secure future for industrial organizations around the world. That’s why we are helping develop secure-by-design standards as a working member of ISA99 standards committees, why we’ve designed our industrial cyber security solutions for easy integration across the broadest possible set of industrial and IT technologies; and why we are thrilled to help establish the Global Cybersecurity Alliance. Together we will build a secure future for the industrial infrastructure that runs the world.” — Andrea Carcano, Nozomi Networks Co-founder and Chief Product Officer
by Gary Mintchell | Jul 8, 2019 | Internet of Things, Manufacturing IT, Organizations
I’ve been off for most of the past week celebrating Independence Day and family birthdays. For those of you in the US, I hope you had a restful time off and enjoyed some fireworks displays. And now, back to what’s happening in the industrial world.
The Industrial Internet of Things (IIoT) comprises far more than just the simple connecting of devices back to a database in a server. It’s integral to digitalization. Applying abundance thinking to the system, clearly IIoT plays a key role for successful business transformation.
The Industrial Internet Consortium (IIC) has produced the IIoT Maturity Assessment, a web-based tool included in the IIC Resource Hub that enables users to better understand their enterprise IIoT maturity. The IIoT Maturity Assessment helps organizations become best-practice adopters of IIoT by guiding business managers through a range of questions about the adoption, usage and governance of IIoT within their organizations.
“The IIoT market has grown quickly and many businesses planned strategy while in the midst of execution and need to step back and assess their true IIoT maturity,” said Jim Morrish, Co-Chair of the IIC’s Business Strategy and Solution Lifecycle Working Group and co-author of the IIoT Maturity Assessment tool. “The IIoT Maturity Assessment will help companies get a baseline for their maturity right now and assess it in regular intervals to track their progress.”
This framework of four main dimensions and their corresponding strands will spur your thinking into broader areas beyond predictive maintenance or cost reduction programs.
The framework:
Business Strategy
- Business model innovation and refinement
Business Solution Lifecycle
- Interface to business strategy
- In service monitoring and feedback
Technology
- Reference architecture and standards
- Data location transparency
Security
“There’s a real difference between using IIoT to streamline processes and using it to create new revenue streams or make better business decisions,” said Ian Hughes, Senior Analyst, Internet of Things, 451 Research. “A tool like this can be a real eye opener for an organization wanting to transform their business to remain competitive and increase profits.”
The IIoT Maturity Assessment considers 63 individual capabilities, each with five levels of maturity within the above framework. For example, under strategic context, a maturity level can range from a limited number of key individuals having stepped up to IIoT ownership to full ownership of IIoT within an organization. The IIoT Maturity Assessment provides feedback about the level of maturity and highlights areas that may require development.
The final outputs provided to users also provide links to the IIC Body of Knowledge for reference and to help improve their maturity. This includes collaborative resources developed by industry leaders from the IIC membership, including IIC foundational documents (Industrial Internet Reference Architecture, Industrial Internet Security Framework, Industrial Internet Connectivity Framework, Business Strategy and Innovation Framework, Industrial Internet of Things Analytics Framework, and Vocabulary Technical Report) and other IIC documents and tools.
The IIoT Maturity Assessment is available in three levels of analysis: Quick, Standard (both open to everyone) and Detailed (IIC members only).
by Gary Mintchell | Nov 8, 2018 | Internet of Things, Operations Management, Standards
Another group validates standards for industrial communication including FDT and OPC UA.
FDT Group, an independent, international, not-for-profit standards association supporting the evolution of FDT technology (IEC 62453), announced that its Board of Directors voted unanimously to empower the emerging FDT IIoT Server (FITS) architecture with full platform independence. This decision strengthens the FITS architecture to support the diverse array of operating systems to meet industry-driven demands.
In addition to platform independence, key features of the FITS solution include native integration of the OPC Unified Architecture (OPC UA), as well as comprehensive Control and Web Services interfaces. With built-in security protecting valuable information and operating data, the FITS platform will enable cloud, enterprise, on-premise, and a single-user desktop deployment method meeting the needs of the process, hybrid and discrete manufacturing sectors.
“The FITS platform is the ‘game changer’ the automation industry has been anticipating,” said Glenn Schulz, managing director of FDT Group. “I’d like to thank our Architecture and Specification Working Group that worked behind the scenes investigating and prototyping the platform independence feature approved by our board.”
Schulz added, “The Architecture and Specification Working Group has been directed to immediately transition FDT Server Common Components to a pure .NET Core implementation, previously built on the Microsoft .NET Framework. This transition will result in a single FDT Server environment deployable on a Microsoft-, Linux-, or macOS-based operating system, which will empower the intelligent enterprise by bridging the current installed base with next-generation solutions supporting the IIoT and I4.0 era.”
The significant decision and direction allows nearly unlimited deployment and application scenarios. For example, cloud-based FDT Servers can enjoy the performance and cost benefits of a Linux operating system. Traditional control system vendors can offer the FDT Server embedded in their hardware, and machine builders can deploy a small Linux-based FDT Server offering a comprehensive preconfigured asset management system for their skid that can be securely accessed remotely or with smart phones or browsers.
MES applications can also incorporate an FDT Server to gain secure, direct access to production data and asset health and availability metrics through OPC UA. In addition, service providers can wrap services around an FDT Server delivered in an industrial hardened Linux box. The opportunities for cost savings and value creation goes on due to the highly flexible deployment options of the FITS standard.
Because of the security, scalability and the ease of deployment of an FDT Server, the solution will simplify entry into the IIoT marketplace as the only open platform standardized integration architecture providing a single interface with cloud-to-plant floor mobile access. The decision to migrate to platform independence will delay the launch of the FITS specification by approximately six months. With the launch planned for the latter half of 2019, alongside Common Components supporting the FITS standard, automation suppliers and service providers will immediately reap the benefits of a quick development and deployment strategy. Common Components create a library of FDT routines and will simplify compliant development of FITS-based solutions such as Servers, Device Type Managers (DTMs) and APPs.
The final standard will be delivered as three documents: the FDT 2.5 specification, which builds on FDT 2.1 to include HTML5 and JavaScript graphical user interface features; the FITS Web Services Technical Specification, which describes the Web Services interfaces and requirements for an FDT Server; and the OPC UA Annex detailing the OPC UA Server mapping for an FDT Server.
by Gary Mintchell | Oct 24, 2018 | Automation, Process Control
Our schedules finally aligned and I was able to catch up with Ed Harrington, director of the Open Process Automation Forum for The Open Group. A few months ago I talked with Gary Freburger and Peter Martin of Schneider Electric’s process automation unit. We discussed the OPAF and what had been going on since the ARC Forum in Orlando last February.
OPAF has laid out an ambitious agenda moving automation toward an era of open connectivity and interoperability.
The original plan broached a couple of years ago at ARC Forum by representatives of ExxonMobil and Lockheed Martin was to prod suppliers into reducing the problem of upgrading systems in the field without the huge expense of rip-and-replace. Considerable industry jockeying ensued. Schneider Electric (Foxboro) eventually taking a leadership position in the effort with assistance from Yokogawa and to a degree Siemens. Other suppliers are watching and evaluating.
Smaller suppliers such as Inductive Automation have become involved along with some of the major automation systems suppliers.
The OPAF specification is really a standard of standards. The group wishes to build upon existing standards, assembling them in such a way as to advance the cause of open automation.
Harrington told me that so far this year, the group has published three items (that are open to the public). One is a business guide, The Open Process Automation Business Guide: Value Proposition and Business Case for the Open Process Automation Standard.
The industrial control systems that manufacturers use to automate their processes are critical to the company’s productivity and product quality. To increase the business contribution from control systems, manufacturers need:
1. Increases in operational benefits from improved capabilities
2. Improvements in cybersecurity compared to currently available systems
3. Reductions in the system’s capital and lifecycle costs
The organization has also published The Open Group Snapshot—Open Process Automation Technical Reference Model: Technical Architecture and a white paper Requirements for an Open Process Automation Standard.
Harrington also told me to expect an announcement of further work at next week’s Open Group Quarterly Meeting in Singapore.
I have seen a number of these initiatives in my career. Few succeed in entirety. However, the thinking that goes into this work always moves industry forward. I don’t know if we’ll ever see a truly OPAF control system. Anything that brings more rationality to the market keeping in minds the goals of OPAF will do much for helping manufacturers and producers improve performance. And that’s what it’s all about.
