by Gary Mintchell | Dec 18, 2017 | Automation, Networking
I have been wondering about the future of fieldbuses for quite some time. These include Profibus/Profinet, CC-Link, EtherNet/IP (CIP technologies), and even EtherCAT and PowerLink. Even HART, though not technically a fieldbus, fits the application. And the merger of HART’s organization with Foundation Fieldbus hints at the future.
I think that there will continue to be some development work with these technologies, but I also think that the next big advance will be with Time-Sensitive Networking. At some point in the not-to-distant future, TSN with commercially available components, will be the next communications revolution.
In the meantime, we are seeing what I’ve always believed to be the next useful application whether wired or wireless in industrial networking–gateways and connectors. Here is some news I received from the CC-Link Partner Association relating announcements from the SPS show (which I was unable to attend).
This case involves cooperation between the CC-Link Partner Association (CLPA) and PROFINET & PROFIBUS International (PI). CLPA unveiled the first working coupler device that implements the CC-Link IE/PROFINET interoperability specification. This will enable easy transmission of information between the two protocols, leading to end users and machine builders benefiting from total transparency between CC-Link IE and PROFINET, the two most prevalent networking protocols in Asia and Europe respectively.
Developed by CLPA and PI partner Hilscher, the unveiling of the device marks another milestone in the on-going cooperation between the two associations. The announcement of the first working coupler on the CLPA stand at SPS/IPC/Drives 2017 less than a year after the completion of the specification underlines the importance that the market ascribes to the cooperation between CLPA and PI.
CLPA-Americas Director Robert Miller comments: “The 2015 fair saw the announcement of the cooperation between CLPA and PI, and at the 2016 fair we announced the completion of the specification to enable seamless integration between the two protocols. Now we have the first operating coupler, demonstrating that CLPA and PI, working with their partners, have delivered on the promise to produce working solutions. Hence the promise of increasing transparency and offering maximum flexibility to end users and machine builders as they operate globally has been realized.”
With the new Hilscher coupler, users can effectively achieve communication between different parts of a line on separate networks, hugely increasing transparency and integration. Hilscher’s NT 151-CCIE-RE coupler transmits data bi-directionally between CC-Link IE and PROFINET, offering simple network integration. The NT 151 works as a CC-Link IE Field Intelligent Device on one side and as a PROFINET IO-Device on the other, allowing both network controllers to communicate with each other. Fundamental mechanisms include a mapping model to map data from both sides, diagnostics for coupler and networks, and a SyCon-based DTM which works as the coupler configuration tool.
Hilscher Business Development Manager Armin Pühringer comments: “The simple bridge between the two networks will dramatically reduce the engineering work that has traditionally been necessary to achieve integration across the heterogeneous network architectures that are a fact of life in numerous plants around the world.”
Pühringer adds: “Hilscher has a long relationship with CC-Link based technologies and PROFINET technologies, and going forward both of these will be essential for our business on a global scale. And by facilitating transparency and ease of integration between these two global leaders we are addressing a primary goal of the transition to Industry 4.0: allowing ever greater connectivity by providing end users with a simple method of achieving interoperability in brownfield applications. And all of this without the effort, cost and complexity of requiring communication architectures to support additional technologies or protocols.”
PI Chairman Karsten Schneider comments: “What CLPA and PI have proven here is that two competing organizations can work together for the good of our users. If you really mean what you say about Industry 4.0 and the Industrial Internet of Things, then we will need to see more of this sort of collaboration. CLPA and PI are paving the way, with a level of cooperation that has not been seen before.”
Miller concludes: “The cooperation between CLPA and PI really can help many companies make their vision of Industry 4.0 a reality. The introduction of this first coupler from Hilscher gives machine builders and end users the hardware they need to achieve seamless integration. We are also in discussions with other CLPA partners, so we hope the NT 151 marks the start of the arrival of other products onto the market. The delivery of such solutions to meet end user requirements shows just how committed CLPA and PI have been to deliver tangible results from their cooperation, and how partners such as Hilscher have recognized the market opportunity this represents. They also provide ample evidence of the benefits that can be gained when supposedly competing organizations work together to address their users’ needs.”
by Gary Mintchell | Dec 15, 2017 | Automation, Safety, Security
There was evidently a cybersecurity incident spotted yesterday. There was a report on FireEye quoted below. I also received this statement from CyberX. I am not primarily a cybersecurity writer, but this is significant.
“We have information that points to Saudi Arabia as the likely target of this attack, which would indicate Iran as the likely attacker. It’s widely believed that Iran was responsible for destructive attacks on Saudi Arabian IT networks in 2012 and more recently in 2017 with Shamoon, which destroyed ordinary PCs. This would definitely be an escalation of that threat because now we’re talking about critical infrastructure — but it’s also a logical next step for the adversary. Stuxnet and more recently Industroyer showed that modern industrial malware can be used to reprogram and manipulate critical devices such as industrial controllers, and TRITON appears to be simply an evolution of those approaches.” Phil Neray, VP of Industrial Cybersecurity for CyberX, a Boston-based industrial cybersecurity firm.
From the FireEye report (see complete analysis on its Website).
Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes. We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. We have not attributed the incident to a threat actor, though we believe the activity is consistent with a nation state preparing for an attack.
TRITON is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It follows Stuxnet which was used against Iran in 2010 and Industroyer which we believe was deployed by Sandworm Team against Ukraine in 2016. TRITON is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.
The attacker gained remote access to an SIS engineering workstation and deployed the TRITON attack framework to reprogram the SIS controllers. During the incident, some SIS controllers entered a failed safe state, which automatically shutdown the industrial process and prompted the asset owner to initiate an investigation. The investigation found that the SIS controllers initiated a safe shutdown when application code between redundant processing units failed a validation check — resulting in an MP diagnostic failure message.
We assess with moderate confidence that the attacker inadvertently shutdown operations while developing the ability to cause physical damage for the following reasons:
Modifying the SIS could prevent it from functioning correctly, increasing the likelihood of a failure that would result in physical consequences.
TRITON was used to modify application memory on SIS controllers in the environment, which could have led to a failed validation check.
The failure occurred during the time period when TRITON was used.
It is not likely that existing or external conditions, in isolation, caused a fault during the time of the incident.
The TRITON attack tool was built with a number of features, including the ability to read and write programs, read and write individual functions and query the state of the SIS controller. However, only some of these capabilities were leveraged in the trilog.exe sample (e.g. the attacker did not leverage all of TRITON’s extensive reconnaissance capabilities).
The TRITON malware contained the capability to communicate with Triconex SIS controllers (e.g. send specific commands such as halt or read its memory content) and remotely reprogram them with an attacker-defined payload. The TRITON sample Mandiant analyzed added an attacker-provided program to the execution table of the Triconex controller. This sample left legitimate programs in place, expecting the controller to continue operating without a fault or exception. If the controller failed, TRITON would attempt to return it to a running state. If the controller did not recover within a defined time window, this sample would overwrite the malicious program with invalid data to cover its tracks.
by Gary Mintchell | Dec 14, 2017 | Internet of Things, Networking, Operations Management
2017 marks the year of Avnu Alliance, the consortium driving standards-based deterministic networking, making its name in the industrial Internet of Things space. I’ve caught up with news from other trips, now it’s news from SPS in Nuremberg that I missed this year.
- Avnu Alliance and Edge Computing Consortium
- Avnu Alliance and OPC Foundation
- TSN Conformance Testing
Avnu Alliance and the Edge Computing Consortium
Avnu Alliance and the Edge Computing Consortium (ECC) announced a liaison agreement to partner on shared interests of advancing industrial networking and edge computing. Under the agreement, the consortia will work together with the shared goal for interoperability across the industrial control industry.
Joint activities between Avnu Alliance and the ECC will include:
- Identifying and sharing IIoT best practices
- Collaborating on test beds
- Collaborating on standardization and conformance testing
“We are very excited about the cooperation between ECC and Avnu Alliance,” said Mr. Haibin Yu, Chairman of ECC. “We believe that Time Sensitive Networking (TSN) technology will enable edge computing to better meet the industrial customers end-to-end needs and promote the global industry digitization transformation.”
“Edge computing is a key enabling technology to the industrial IoT. The liaison with the Edge Computing Consortium enables Avnu to broaden the scope for creating an interoperable foundation of Time Sensitive Networking (TSN) for the industrial IoT in alignment with our organization’s goal to build coalitions within the networking space,” said Todd Walter, Avnu Alliance Industrial Segment Chair.
Avnu Alliance and ECC conducted a joint presentation at the ECC Summit in Beijing on November 29, 2017 to announce their agreement and the opportunities ahead for Edge Computing and Time Sensitive Networking.
Avnu Alliance and OPC Foundation Combined IT-OT Leadership
Avnu Alliance (Avnu), Industrial Internet Consortium (IIC), and OPC Foundation announce their collaboration with IT-OT industry leaders to advance industrial device interoperability and to show the progress made in bringing the open, unified communication standard OPC UA over Time Sensitive Networking (TSN) to market.
Leading companies active in these groups have pledged their commitment to ensuring the interoperability of deterministic industrial devices and have made significant investments in achieving this goal. Rapid developments of these technologies have been made over the last year.
“With the rapid adoption of TSN as a foundational technology for automation, the community is increasingly relying on an interoperable set of network services and infrastructure. Today, 17 market leaders are reinforcing their commitment to complete a unified communication technology,” said Todd Walter, Avnu Alliance Industrial Segment Chair. “By leveraging the liaison agreements of Avnu, IIC and OPC Foundation, we’re creating a faster process for the creation of an open, interoperable ecosystem of devices that take advantage of secure, guaranteed latency and delivery for critical traffic. It is exciting to see the fruits of our labor in these milestones.”
The pillars of this announcement are:
Conformance testing advances: Avnu TSN conformance test plans for time synchronization of industrial devices are ready and available to test houses. At last month’s Avnu IIC Interoperability Workshop, more than 20 companies came together to demonstrate interoperability in the IIC TSN Testbed and to advance the conformance tests with the assistance of University of New Hampshire InterOperability Lab, an Avnu-recognized test facility.
Standards evolved, more vendors, more devices: The Publish Subscribe extension for OPC UA is now available in release-candidate form, enabling the exchange of OPC UA over UDP connections. This is the prerequisite for running OPC UA TSN.
“OPC UA over TSN adds additional capability to the OPC Foundation portfolio, including enhancing controller-to-controller and machine-to-machine communication and information integration. OPC UA addresses the complex requirements of initiatives like Industrie 4.0 and the IIoT, providing information integration between devices, applications and the cloud, truly providing the foundation for the much-demanded seamless communication and information integration between IT and OT networks,” said Thomas Burke, OPC Foundation President.
Demonstrated interoperability between different vendors: Interoperability testing via the IIC TSN Testbed is rapidly progressing with eight hands-on plugfests taking place in the US and Europe over the past 18 months. More than 20 companies have participated in these face-to-face events to test and demonstrate interoperability between devices from various manufacturers and vendors – both collaborative and competitive.
“Our TSN Testbed stands as a showcase for the business value of TSN. The work coming out of the TSN Testbed is already having a direct impact on suppliers and manufacturers who see the technology as a value-add for their system structures,” said Paul Didier, IIC TSN Testbed Coordinator, Cisco Solution Architect. “Companies are invited to participate in our plugfests to test their own TSN devices for interoperability, including OPC UA Pub-Sub TSN devices.”
Avnu Alliance Delivers First TSN Conformance Tests for Industrial Devices
Avnu Alliance announced the first set of Avnu TSN conformance test plans for time synchronization of industrial devices are ready and available now for test houses to implement.
Avnu Alliance has built a rich set of conformance and interoperability tests with a defined procedure for certification in various markets. Leveraging that multi-industry experience, Avnu defined a baseline certification in the industrial market that consists of robust and comprehensive test requirements based on the market requirements for industrial automation devices and silicon. These conformance tests ensure that the device or silicon conforms to the relevant IEEE standards, as well as additional requirements that Avnu has selected as necessary for proper system interoperability.
“Time Synchronization, or 802.1AS, is the foundation for all TSN devices, hence it is the first set of conformance tests that are ready and available,” said Todd Walter, Avnu Alliance Industrial Segment Chair. As the standards and networks continue to evolve, so does Avnu’s work to define and certify the standard foundation. In the future, Avnu will also be able to test and certify other traffic shaping mechanisms, frame preemption, redundancy, ingress policing, strict priority, and security. “Our work with the Industrial Internet Consortium (IIC), OPC Foundation and other industry organizations drives the industry closer toward achieving an interoperable ecosystem,” added Walter.
Avnu is committed to speeding up the path to an interoperable foundation. To this end, Avnu members have made open source code available for 802.1AS timing and synchronization in the OpenAvnu repository on GitHub.
To encourage and enable multiple industry groups, vendors and protocols to share a TSN network, Avnu has outlined the system architecture and requirements for this industrial model built on an Avnu certified foundation in a document entitled “Theory of Operation for TSN-enabled Industrial Systems,” which is available for download. This document introduces the fundamental mechanisms needed for a system architecture to build on, including time synchronization, quality of service using scheduled transmission and network configuration and walks through the requirements of several industrial use cases including how to enable and integrate non-TSN technologies where needed.
Avnu Alliance members have created this document to help designers and engineers in the industry understand the real-world application context and build a TSN network that is configured for multiple vendor and industry groups. Avnu’s defined foundation will continue to support additional capabilities, including support for multiple IEEE 1588 profiles, guidelines for scaling to very large network architectures, centralized and distributed configuration for the network, and aggregation/composition of multiple networks into a single TSN-enabled network domain.
by Gary Mintchell | Dec 13, 2017 | Automation, Internet of Things, Operations Management
An interesting, and at times intense, discussion has risen over the past couple of years in information communication circles between OPC UA and MQTT proponents. Some see a competition between the technologies while others (me) see complimentary technologies enabling engineers the flexibility to develop the communication application that best suits their needs.
Kepware, a PTC business, is a leading supplier of OPC development tools. Its newly released version 6.4 of KEPServerEX now includes an MQTT Client driver. Inclusion of this new driver enables users to collect data from sensor networks and other devices that utilize MQTT—and make that data available to the industrial automation devices and applications they rely on to run their plants efficiently.
“Many KEPServerEX users are now acquiring industrial data in their operational environments through new intelligent sensors and open-source or lightweight devices,” said Jeff Bates, Kepware Product Manager. “The MQTT Client driver and KEPServerEX seamlessly integrate data from these devices—enabling users to access new real-time data and provide a robust view of their plant floor operations.”
The MQTT Client driver included in KEPServerEX version 6.4 offers users a commercially available out-of-the-box MQTT to OPC UA translator. It uses innovative parsing tools to enable users to create tags from popular devices that utilize MQTT. With this new driver, KEPServerEX is able to securely subscribe to MQTT topics through any MQTT broker, receive updates as new device data is published, and make that data available over a variety of protocols.
“The enhancements in KEPServerEX version 6.4 are extremely valuable to any customer whose devices utilize the MQTT protocol, including customers of Wzzard Wireless Sensing Solutions,” said Mike Fahrion, CTO and VP of IoT Technologies at Advantech B+B SmartWorx. “There are significant benefits to making IoT Sensor data available in traditional industrial automation applications, and that is now possible with KEPServerEX.”
Along with the MQTT Client driver, KEPServerEX version 6.4 includes:
- Siemens TCP/IP Ethernet Driver Read/Write Enhancements: Enables users of Siemens TCP/IP Ethernet drivers with Siemens S7-400 and S7-1500 controllers to perform read/writes more efficiently by configuring their Packet Data Unit (PDU) size up to the maximum levels supported by the controller. Users can now easily monitor high-fidelity data with high tag counts and high data change rates.
- Store And Forward Capabilities With The ThingWorx Native Interface: Enables users to reliably transmit data between KEPServerEX and ThingWorx—even in the event of network instability. During communication disruptions between KEPServerEX and ThingWorx, the store and forward service collects data that ThingWorx had been requesting. Upon reconnection, the stored data is automatically forwarded to ThingWorx.
- CODESYS Ethernet Driver Tag Browsing Capabilities: Users of the CODESYS Ethernet driver now have the option to select and import only relevant tags into their KEPServerEX projects. This enables users to more efficiently connect to and start streaming data from CODESYS devices.
by Gary Mintchell | Dec 12, 2017 | Automation, Operations Management
Rockwell Automation continues its path of Connected Enterprise. In the grand scheme of RA products, I’ve never thought of software and networking as having a major impact on sales numbers. But the company continues to roll out some innovation. The “Shelby” bot and Project Scio analytics reveal some unexpected software advances for what has been a devotedly hardware-centric company.
To accompany software and networking and connectivity, Rockwell has beefed up its services offering. Its Connected Services offerings are designed to help customers plan for, deploy, and maintain new digital transformation solutions.
This is the last of my reports from interviews during Automation Fair in November in Houston. It seems the more work that I complete, the more that comes my way. I don’t think I’ll catch up in January either since it appears that my off-season soccer administrative responsibilities keep growing.
Back to Connected Services.
Connected Services offerings include industrial infrastructure assessment, design, implementation, support and monitoring capabilities including Infrastructure-as-a-Service (IaaS), remote asset monitoring and predictive maintenance, cybersecurity threat detection and recovery, training and consulting offerings. These software-powered services build on existing application and product support services to help organizations access and use production data to improve asset utilization and productivity, while reducing risk and time-to-market.
“Industrial operators have been using cutting-edge technology since the Industrial Revolution,” said Sherman Joshua, global portfolio manager for Connected Services, Rockwell Automation. “Our customers understand that digitizing operations or building a Connected Enterprise is about much more than rolling out new technology. They need the right infrastructure, process and people in place to transform operations and capture the value new technology is unlocking. That value is huge. Our Connected Services are making it easier and faster for our customers to uncover it.”
For example, according to ARC Advisory Group, the cost of unscheduled downtime in industrial operations exceeds $20 billion. Through traditional means of detecting, diagnosing and fixing downtime, approximately 76 percent of downtime occurs before any corrective action is undertaken. Connected Services can help users detect and resolve issues quickly, reducing downtime by as much as 30 percent.
Connected Services offerings start with building a secure information infrastructure. Network and cybersecurity services include assessments and design, technical support, IT/OT training, remote monitoring, threat detection and recovery, turnkey implementation, pre-engineered network solutions, and network monitoring and management. These services can speed the integration of new equipment and systems, vastly improve security and help reduce downtime with access to technical resources.
Remote support, monitoring and response services can prove especially valuable for critical processes through around-the-clock operations and remote operations. These services can complement on-site maintenance teams, providing everything from continuous machine monitoring and incident response to 24/7 remote support and software/firmware updates. Deployments can make use of the FactoryTalk Cloud gateway, on-premise Rockwell Automation Industrial Data Center servers, or a hybrid model that combines both options to help improve productivity and reduce downtime.
Data integration and contextualization services can help capture a wealth of data and convert it into actionable information. These services can provide new opportunities to help increase productivity. Producers can reduce skills gap challenges by relying on Rockwell Automation to monitor, maintain and manage the network, equipment or entire applications. Additional digital transformation and data scientist consulting services will be available in 2018.
Connected Services offerings are also scalable, allowing producers to build ROI as they go, and rely more on OPEX than CAPEX funding. Rockwell Automation can deliver and execute Connected Services offerings globally, giving organizations consistent support across operations.
