by Gary Mintchell | Feb 20, 2018 | Automation, Industrial Computers, Security
Bedrock Automation, products built for security from the chips up, had a flurry of activity at the ARC Industry Forum in Orlando last week. It announced a firmware upgrade, OPC UA and partnerships for its SCADA product, and anomaly detection. Here’s a teaser—CEO and Founder Albert Rooyakkers pulled out a new piece of hardware. He didn’t have a release or specs for me, but watch for a new, lower cost, SCADA or gateway device hardened and built with security in mind from the chips up.
Bedrock and OPC UA
Bedrock Automation has published a concise, easy-to-deploy interface specification that enables users and application developers to take advantage of the security capabilities of OPC UA communications software. By following the simple procedures outlined in the Bedrock SCADA Security Platform Specification, developers can upgrade any OPC UA compliant client into a highly secure OPC UA channel, across which users can exchange data between plant floor operations and SCADA applications. Three leading SCADA software developers, Inductive Automation, ICONICS and TATSOFT, are committing and releasing support to the Bedrock interface specification.
“OPC UA provides unique cyber security advantages enabling open communications across numerous industrial devices and applications and providing the end-users options for integrating authentication keys protecting those communications. The most secure OPC level is to authenticate those keys against a known root of trust, which Bedrock supplies via a certificate authority (CA), validated against cryptographic keys built into its controller,” said Thomas J. Burke, OPC Foundation President and Executive Director, adding “Bedrock Automation is a clear leader in supporting the OPC UA standards, and provides information integration and communication that the end users have been demanding.
Bedrock designs and sources its own secure semiconductor components with encryption and authentication technologies embedded at the “birth” of their modules, assembled and tested by Bedrock in their cyber secure supply chain. The unique design then draws on the power and flexibility of public key infrastructure (PKI) and Transport Layer Security (TLS) standards similar to those used to secure ecommerce transactions and military and aerospace electronics. Bedrock Automation then uses those securely embedded keys as the basis for digital certificates that manage access and communication between SCADA applications and control systems. Bedrock Cybershield 3.0 firmware is the first control system to offer an embedded PKI for SCADA applications.
“Such a simple specification demonstrates that Open and Secure SCADA can be deployed today, and that an applications interface does not have to be thousands or even hundreds of pages. We are pleased to be working with innovative SCADA software providers such as Inductive Automation, ICONICS and TATSOFT, to help them and their customers take advantage of the secure communications capabilities of OPC UA and the intrinsic security of the Bedrock platform,” said Rooyakkers.
Cybershield 3.0
Bedrock Automation also announced the availability of Cybershield 3.0, a major firmware upgrade with advancements that make it easier for end users and developers to build control applications that are both open and secure. Among the six major innovations facilitated by the Cybershield 3.0 upgrade are the first public key infrastructure (PKI) built into an OPC UA server for SCADA applications; an industrial Certificate Authority (CA) for user key management; virtual crypto key locks for the controller; and a Secure Proxy server capability that can protect legacy controls systems of other vendors.
“Cybershield 3.0 is one of the most significant steps forward since the release of our Bedrock OSA platform. We now support leading SCADA companies in integrating their OPC UA client to our open security and key management tools. In addition, we start our march to converge IT cyber detection technologies into real-time OT automation with our integrated Anomaly Detection (AD) tools built into every controller. We are delivering secure SCADA and AD as intrinsic and zero-cost advancements, focused acutely on ease of use and reductions in lifecycle costs,” said Bedrock founder and CEO Albert Rooyakkers.
Bedrock Cybershield 3.0 includes the following capabilities:
1) Secure Open SCADA with OPC UA. The cryptographic keys built into all the Bedrock system electronics, provide the root of trust for the Bedrock Certificate Authority (CA) that verifies the reliability of OPC UA-managed communications between SCADA and PLCs or other industrial control systems.
2) Open Certificate Authority (CA) for SCADA. This advanced SaaS key and certificate management tool is not only FREE to our customers but is simple to deploy with our Secure SCADA Interface Specification. Leading SCADA providers, including Inductive Automation, ICONICS and Tatsoft, are committing to and releasing support to this interface specification.
3) Intrusion detection. Even though the Bedrock control system has protection built into its core, users still need to know when system security is challenged. Cybershield 3.0 comes standard with intrinsic Anomaly Detection (AD) functionality that continuously monitors the controller’s network and system time to detect intrusions and anomalous behavior and report it to both SCADA and enterprise database applications for trending, alarming and historizing anomalous cyber activity.
4) Quickly Secure Legacy Automation with Secure SCADA. Companies can now use Bedrock security to help integrate open standard communications protocols with legacy PLC and DCS systems from other vendors. A Bedrock secure controller module acts as a gateway between SCADA platform workstation and the legacy controllers.
5) Cryptographic key locking. Cybershield 3.0 also includes a cryptographic controller engineering key lock that permits only users with the required credentials to change the mode of the controller.
6) Achilles and EMP compliance on power supplies. Bedrock Automation is certifying its standalone power supply and standalone uninterruptible lithium power supply to both MiL-STD-461-G, the military standard for advanced EMP hardening, and Achilles Level 2 certification, augmenting the EMP and Achilles certification achieved for its control system modules last year.
“Today’s increasingly connected environment drives the process industries to search for automation solutions that deliver the benefits of open communications with ‘baked in’ cybersecurity. By extending its secure automation technology to third-party software providers, Bedrock Automation addresses this key pain point of future automation requirements. ARC believes the intrinsic and no-cost approach of Bedrock’s cybersecurity strategy is the quintessential component missing in control systems, today,” writes ARC analyst Mark Sen Gupta in his recent report, Bedrock Automation’s Open Secure Automation a “Win” with End Users
Anomaly Detection
Bedrock Open Secure Automation (OSATM) firmware will include intrinsic Anomaly Detection (AD). Bedrock OSA AD will be available as standard integrated functionality that continuously monitors the controller’s network and system time to detect intrusions and anomalous behavior.
“Preventing control system intrusion is fundamental to holistic cyber security. In addition, users need to know when the system security is being challenged. This is the role of anomaly detection. At no additional cost or complexity for the user, Bedrock’s AD delivers additional assurance that no one is tampering with your automation,” said Rooyakkers. Bedrock Anomaly Detection includes the following functionality:
• Dynamic Port Connection Monitoring, which records all attempts to connect any controller or communication point and captures identifying information on the intruder
• Network Port Scanning, which detects if hackers are scanning for open ports that might provide access to the control network
• System Time Monitoring, which detects attepts to manipulate log files to conceal malicious activity
• Cryptographic Controller Engineering Key Lock, which permits only users with valid user credentials to change the configuration and operation mode of the controller and records all access
• Intrusion Event Logging, which records all detected anomalies and reports them to SCADA software through OPC UA and standard database access for historian, alarming, and trending functions. Additionally, a tri-color status LED on the faceplate of Bedrock Controllers provides indication locally whenever an intrusion is detected.
by Gary Mintchell | Feb 19, 2018 | Automation, News, Organizations, Technology
The OPC Foundation was active during the recent ARC Industry Forum in Orlando as a Platinum Sponsor and presenting a press conference. With OPC UA released and in use and the publish/subscribe about to be release, OPC Foundation’s emphasis has been on companion specifications. It had a joint press conference with the FieldComm group to discuss its joint working group and then released news of a released companion specification with Ethernet Powerlink. The last release, something I was able to work on pre-release review, concerns a study with ARC Advisory Group on adoption of the UA specification.
Below are some details. More at the Foundation website.
OPC and FieldComm
The OPC Foundation and FieldComm Group announced an alliance to advance process automation system multi-vendor interoperability and simplified integration by developing a standardized process automation device information model.
A joint working group between OPC Foundation and FieldComm Group, tasked with developing a protocol independent companion specification for process automation devices, was formed in late 2017. The goal of the working group is to leverage the extensive experience of FieldComm Group with the HART and FOUNDATION Fieldbus communication protocols to standardize data, information, and methods for all process automation devices through FDI using OPC UA. The OPC UA base information model and companion Device Information (DI) specification will be extended to include the generic definition and information associated with process automation devices.
The OPC Foundation and FieldComm Group have worked together for over a decade, initially working on the development of the EDDL specification and most recently on the creation of FDI technology.
“FDI provides the new standard for device integration to deliver a protocol independent path to configuration, diagnostics and runtime operation for process devices,” states Ted Masters, President and CEO of FieldComm Group. “The partnership between OPC Foundation and FieldComm Group further builds upon the common information model of both to deliver process automation data in context which is the key to enabling value from enterprise systems and analytics. The 350+ suppliers of devices and applications that are members of FieldComm Group have an opportunity to benefit from the key initiative to develop a standard process automation information model by their adoption of FDI and OPC UA technologies.”
“I’m excited that the OPC Foundation and FieldComm Group are working together on this important initiative, and will be partnering with other organizations, end-users and suppliers to make the dream of a standardized process automation device information model a reality. This is truly a breakthrough in our industry that will provide significant operational benefits across all points of the value chain,” states Thomas J. Burke, OPC Foundation President and Executive Director.
“This important collaboration will provide a solid foundation for standardization of devices that will serve as the base infrastructure for the numerous other collaborations that the OPC Foundation is doing across international boundaries,” says Stefan Hoppe, OPC Foundation Global Vice President.
The joint working group plans to release an extensible, future-proof process automation information model specification during the first quarter of 2019.
OPC and Powerlink
An OPC UA companion specification is now available for POWERLINK according to a joint announcement by the OPC Foundation and the Ethernet POWERLINK Standardization Group (EPSG). The companion specification describes how payload data is exchanged between POWERLINK and any OPC UA platform. The result is integrated communication from the sensor to the cloud.
“As technologies, OPC UA and POWERLINK complement each other perfectly,” emphasized Thomas Burke, President of the OPC Foundation, in his announcement. “POWERLINK is among the leading real-time bus systems used in plants and machinery. Together with OPC UA, POWERLINK networks can now communicate seamlessly and securely with the IT environment and into the cloud.”
“This specification allows OPC UA and POWERLINK to fuse into a single network,” added Stefan Schönegger, Managing Director of the EPSG. “We’re then able to join devices from different manufacturers and across different levels of the automation pyramid into a single, cohesive system.”
A joint working group between the OPC Foundation and the EPSG had been working on the specification since 2016. The document can be downloaded from the OPC Foundation website.
OPC UA Adoption
OPC Foundation announced today the release of an in-depth ARC Advisory Group report on the important role the OPC data connectivity standards play in control automation today and in future IIoT and Industrie4.0 based solutions.
Key ARC report findings confirmed that with an estimated global install base of over 45 million units, OPC is the de facto standard for open data connectivity and that OPC UA is well positioned to serve as the next data connectivity foundation for control automation applications in traditional industrial settings and new ones like building automation, transportation, and others. Key contributing factors to the continued success of OPC UA included the scalability, performance, and robustness of the technology and the large community of end-users, vendors, and other standards bodies actively working with the OPC Foundation to best utilize OPC UA in their applications.
According to Thomas Burke, OPC Foundation president, “the [ARC report] findings accurately reflect what we [OPC Foundation] have been seeing from an adoption and collaboration point of view. I highly recommend reading this ARC report for a high level perspective of what OPC UA is doing in the market and the future of data connectivity”
Commenting on the popularity of the OPC UA standard, Mr.Burke explained “OPC UA has something to offer for everyone from end-users and product vendors to other standards bodies. After people look at what is really out there as far as a single standard that has the scalability, performance, and flexibility to meet the challenges of modern data connectivity and interoperability and has the reputation and a large enough adoption base needed to make it a safe investment – they come to realize OPC UA is the real deal.”
“OPC technology has become a de facto global standard for moving data from industrial controls to visualization up to MES/ERP and IT cloud levels”, according to Craig Resnick, Vice President, ARC Advisory Group. “The rapid expansion of OPC UA in automation, IIoT, and into new, non-industrial markets suggests that OPC will remain an important technology for multivendor secured interoperability, plant floor-to-enterprise information integration, and a host of other applications yet to be envisioned.”
by Gary Mintchell | Feb 17, 2018 | Automation, Industrial Computers, Internet of Things, Operations Management, Software
I was so busy during the ARC Advisory Group Industry Forum last week, that I just couldn’t find time to write coherently. The keyword was digital supplemented by embedded, edge, IIoT, security, and transformation.
The Forum attracted perhaps not only its largest attendance but also its largest attendance of end users. The things that appeal to me are those that fit into the Industrial Internet of Things the most. Here are two related new product releases. The first one involves embedding HMI/SCADA software and the second involves using that embedded software in addition to many other technologies for an edge device.
First is the announcement from Inductive Automation concerning the creation of its Ignition Onboard program. The program involves device manufacturers embedding Ignition and Ignition Edge software in the devices they manufacture.
The program includes Ignition Onboard and Ignition Edge Onboard. Ignition by Inductive Automation is an industrial application platform with tools for building solutions in human-machine interface (HMI), supervisory control and data acquisition (SCADA), and the Industrial Internet of Things (IIoT). Ignition Edge is a line of lightweight, limited, low-cost Ignition software products which empower solutions designed for edge-of-network use.
“Device manufacturers have joined Ignition Onboard in response to their customers’ demands for an all-in-one solution that contains hardware and software at a reasonable price,” said Don Pearson, chief strategy officer for Inductive Automation. “These are companies that understand the importance of building a strong IIoT, and we’re very happy to be collaborating with them.”
The other announcement came from Opto 22. This is a significant advance in edge devices for industrial and SCADA applications.
The new groov EPIC system from Opto 22 combines I/O, control, data processing, and visualization into one secure, maintainable, edge-of-network industrial system. groov EPIC lets engineers and developers focus on delivering value, not on triaging loosely connected components.
“We are a company of engineers inspired and driven to create products that unleash our customers’ imaginations,” says Mark Engman, Opto 22 CEO. “groov EPIC is a culmination of that mission, a response to industry requests to more wholly integrate IT and OT technologies, simplify development and deployment, and provide a platform for long-term growth now and well into the future.”
Combining reimagined intelligent I/O with an embedded Linux real-time controller, gateway functions, and an integrated display, groov EPIC offers field-proven industrial hardware design with a modern software ensemble, to produce the results that visionary engineers want today.
Connecting legacy systems, controlling processes and automating machines, subscribing to web services and creating mashups, acquiring and publishing data, visualizing that data wherever it is needed, and mobilizing operators—all of these are now within reach. In addition, groov EPIC simplifies commissioning and wiring and helps engineers develop rapidly and deploy quickly.
“The groov EPIC system incorporates in one unit everything needed to connect and control field and operational devices and data, through on-premises IT databases, spreadsheets and other software, to cloud storage and services—and back again,” says Benson Hougland, Opto 22 vice president of Marketing & Product Strategy. “This ability to easily exchange data and use it where needed opens opportunities automation engineers have not had until now. This is a truly new system that builds on the past but looks fundamentally to the future of our industry.”
Of particular interest to original equipment manufacturers (OEMs) will be optional access to the Linux operating system through secure shell (SSH). This access, along with toolchains and interpreters for Java, C/C++, Python, JavaScript/Node.js, and more, allows OEM developers to execute their own custom developed applications on this ruggedized, edge processing control system.
The main point of discussion between Benson and me lately is whether Sparkplug (from the developer of MQTT) is adequate for IoT applications. He favors the lightweight (technical, not pejorative) protocol or I tend to favor OPC UA over MQTT as a better overall solution due to its interoperability. But that’s OK. He and I have had these technical discussions for almost 20 years now. I love pushback, and I think Benson does as well. It raises the energy level.
by Gary Mintchell | Feb 17, 2018 | Data Management, Manufacturing IT, News, Organizations
Digital Transformation has generated so much news that company executives have begun ordering projects and task forces within the company to begin that transformation. The pressure on engineers and IT people increases with each new directive. To help clients deal with these new directives, ARC Advisory Group launched the Digital Transformation Council (DTC) at its 2018 Forum.
The council is a member community for industry, energy, and public-sector professionals. Membership is by invitation only and restricted to end users of digital transformation technology, such as professionals working for manufacturers, utilities, and municipalities. There is no fee to join.
“As data-driven market disruption grows, professionals across similar industries need to connect and learn from one another,” according to Jesus Flores-Cerrillo, Associated R&D Director at Praxair, one of the world’s largest providers of industrial gases. He added, “It’s becoming mission-critical to understand how to use data to develop services and products and optimize operations and assets. That can only be accomplished by understanding the possibilities provided by modern data tools such as artificial intelligence, machine learning, and digital twins.”
“We are delighted to support the Digital Transformation Council by bringing members together in person and online,” commented Greg Gorbach, Vice President at ARC Advisory Group. “This community will enable individuals and companies to get up to speed quickly on digital transformation innovations and share ideas about what provides value and what doesn’t.”
Each February, a member-only meeting, anchored to the annual ARC Industry Forum, will bring the Council together to set the focus and agenda for the coming year. Members will also gather via virtual quarterly meetings to discuss research findings, activities, and other topics.
In addition to annual in-person meetings and quarterly virtual meetings, Digital Transformation Council members will have year-round access to research and fellow members via an online community. ARC Advisory Group’s role will be to conduct research, organize meetings, provide venues, and facilitate peer-to-peer discussions. ARC will also deliver technical support for the group’s online presence.
The DTC will address topics such as analytics, industrial Internet of Things (IIoT), artificial intelligence and machine learning, cybersecurity, and additive manufacturing.
by Gary Mintchell | Feb 12, 2018 | News
A tale of the business state of two industrial technology supplier companies–GE and ABB.
This is a great article tracing the heritage and woes of GE. While the company is still strong in all the basic industrial categories, it’s moves deeper in to financial and entertainment industries have cost it dearly. Not to mention decades of financial sleight-of-hand. When I was at Minds + Machines last fall, I wondered if this might be the last. The new CEO hinted at changes in GE Digital at the conference. Shortly afterwards, the shoe dropped. GE Digital was to be essentially gutted. No more grandiose plans for a huge software platform that would be the solution of everything digital. Smaller applications and partnerships were to be the new direction. There will be some GE people at ARC this week, I’ll see what else I can learn.
Meanwhile, ABB released its full year 2017 financial results. It has been in the midst of restructuring since Ulrich Spiesshofer assumed the reins in 2013 succeeding GE alum Joe Hogan. ABB touts its progress in this report.
Ulrich Spiesshofer, ABB CEO
“In the transition year 2017, we shaped a streamlined and strengthened ABB. Now, our digital-first portfolio for customers in utilities, industry and transport and infrastructure is based on two clear value propositions: bringing electricity from any power plant to any plug, and automating industries from natural resources to finished products,” said Spiesshofer. “The annual results include the dampening effect of our massive transformation. With our targeted actions to shift our center of gravity, we have improved competitiveness, addressed higher-growth segments and de-risked ABB. We delivered four consecutive quarters of increasing base-order growth. The momentum we have built in 2017 positions us for profitable growth as the global markets are improving. Today’s proposal to increase the dividend for the 9th consecutive year demonstrates our confidence in the future.”
Full-year 2017 Group Results
ABB delivered a steady financial performance in 2017 despite market headwinds and its ongoing transformation. Total orders were steady (steady in US dollars). Base-order growth (base orders are classified as orders below $15 million) showed increasing momentum each quarter, and for the full year increased 5 percent (6 percent in US dollars), mitigating the effect of lower large orders. The large order share of total orders in 2017 was 8.5 percent, versus 13.5 percent in 2016, in part as a consequence of ABB’s business model shift. Total service orders grew 8 percent (8 percent in US dollars) to 20 percent of total group orders.
The order backlog at the end of December 2017 was $22,414 million, 4 percent lower (2 percent in US dollars) compared with the prior year. The book-to-bill ratio2 was 0.97x for 2017, compared with 0.99x in 2016.
Revenues improved 1 percent (1 percent in US dollars) to $34,312 million, with positive contributions from Electrification Products and Robotics and Motion more than offsetting the declines in Industrial Automation and Power Grids. Total services revenues grew 3 percent (3 percent in US dollars) and now stand at 18 percent of total group revenues.
ABB executed on its Next Level strategy throughout 2017. The company launched ABB Ability, its digital solutions offering, and continued to invest in digital, sales, branding and research & development. It delivered strong cost savings in White Collar Productivity and supply chain/operational excellence and completed or announced a number of important transactions. It continued to de-risk its portfolio by divesting non-core businesses, and taking actions to implement its EPC (Engineering, Procurement and Construction) business model change. These activities impacted full year results. The company’s operational EBITA declined 2 percent (1 percent in US dollars) to $4,130 million, inclusive of approximately $140 million of charges related to the EPC businesses. The reported operational EBITA margin was 12.1 percent, 30 basis points lower due to charges related to the EPC businesses and would have been steady without these charges.
Net income in 2017 rose 17 percent compared with the previous year to $2,213 million, reflecting primarily lower transformation-related restructuring and restructuring-related expenses and net gains recorded on the business divestments in the year. Basic earnings per share grew 17 percent to $1.04. Operational EPS2 was $1.25, 1 percent lower in constant currency4
Cash flow from operating activities was steady compared with 2016 at $3,799 million for the full year. ABB continued to benefit from improvements in net working capital which generated approximately $600 million of cash during 2017. Net working capital as a percentage of revenue was reduced to 11.3 percent, a 10 basis point improvement year on year. Capital expenditures for the group were $949 million during 2017. Free cash flow of $2,926 million was 5 percent lower than 2016 and the company’s cash return on invested capital (CROI) was 12.4 percent2, mainly impacted by the acquisition of B&R.
