Visibility Across IT, OT and IoT Domains to Illuminate Attack Vectors and Risks

Tenable One has some news today about the release of Tenable One. It is a visibility product that allows managers and others to see assets across an enterprise regardless of IT, OT, or IoT. You will notice a new marketing term in the release—at least new to me. The company is now called an “Exposure Management” company. They tell me that means it enables organizations to understand cyber risk in order to make more effective business decisions.

Tenable, the Exposure Management company, announced February 29, 2024 the release of Tenable One for OT/IoT. It is the first and only exposure management platform that provides holistic visibility into assets across IT and operational technology (OT) environments.

I cannot verify the “first and only” claim, but companies are often careful to define things such that they can make the claim. In this case, exposure management most likely is the key phrase (before anyone writes to me). Also they talk management. What they do is provide information for managers to be able to take informed actions.

Tenable One for OT/IoT extends visibility beyond IT, to include OT and IoT, and helps security leaders gain a clear picture of true exposure across their entire attack surface. This first-of-its-kind approach allows organizations to prioritize security risks wherever they reside – be it in the cloud, data center, or the OT environment – and most importantly, to understand how these risks create attack paths across their infrastructure.

Users can also view their global exposure, including OT assets, to see how their security posture compares to other companies in their industry and gain additional insights from their OT assets to make better decisions, faster.

Three key points:

  • Comprehensive visibility beyond the IT environment to the modern attack surface
  • Risk intelligence to mitigate operational risks
  • Actionable planning and decision making across enterprise and critical infrastructure environments

MX Workmate OT-compliant GenerativeAI Solution for Connected Workers

It had to happen sooner or later—GenerativeAI Large Language Model (LLM) for human-machine interface applications. Funny that nowhere in the press release do they mention HMI while using more awkward workaround phrasing. Maybe that is a Finish translation?

  • Generative AI Large Language Model (LLM) technology for operational environments, bridging knowledge and language barriers between industrial workers and OT systems
  • On-premise edge based MX Workmate solution enables connected workers to get contextually relevant real-time information and query OT-systems in a secure and reliable way using natural language
  • OT-compliant MX Workmate automated IT/OT knowledge retrieval, eases interaction between workers and systems to drive efficiency, productivity and worker safety

MX Workmate leverages Generative AI (GenAI) and large language module (LLM) technologies to generate contextual, human-like language content based on real-time OT data, enabling workers to understand complex machines, get real time status information and industries to achieve greater flexibility, productivity, sustainability, as well as improve worker safety.

Compression Brings Bandwidth Boost to Vision Applications

As long as I have been working with and covering vision technology in manufacturing bandwidth has been the constraint to robust applications. A Canadian company called Pleora Technologies has introduced a patented lossless compression technology called RapidPIX that is said to increase data throughput by almost 70 percent while meeting the low latency and reliability demands of machine vision and medical imaging applications.

RapidPIX is initially available on Pleora’s new iPORT NTx-Mini-LC platform, which provides a compression-enabled drop-in upgrade of the widely deployed NTX-Mini embedded interface. With added compression, designers can deploy the iPORT NTx-Mini-LC to support low latency transmission of GigE Vision compliant packets at more than 1.5 Gbps throughput rates over existing 1 Gb Ethernet infrastructure. Manufacturers are designing the iPORT NTx-Mini-LC embedded interface with RapidPIX compression into X-ray panels for medical and dental imaging, contact image sensors (CIS), and industrial camera applications.

Pleora’s RapidPIX compression is now available on the iPORT NTX-Mini-LC embedded interface to support low latency transmission of GigE Vision compliant packets at more than 1.5 Gbps throughput rates over existing 1 Gbps infrastructure. To speed time-to-market, the iPORT NTx-Mini-LC with RapidPIX Development Kit helps manufacturers develop system or camera prototypes and proof-of-concepts easily and rapidly, often without undertaking hardware development.

PlantSwitch Closes $8 Million to Commercialize Bioplastic Technology

Here is one of my favorite companies—using “waste” bioplastic to mold those plastic eating utensils ubiquitous in fast food restaurants and picnics. They have a small operating plant and just closed an $8 million round to increase production. How many more energy and resource saving ideas are lurking out there in the minds of my readers?

PlantSwitch has developed revolutionary bioplastic technology that converts cellulosic agricultural waste streams into a low-cost, compostable plastic resin alternative. As bans on single-use plastic are increasing globally and major corporations are searching for ways to reduce their plastic footprint, PlantSwitch is uniquely positioned to provide a compostable, cost-effective alternative to conventional plastic that is both sustainable and scalable.

“Alternatives to plastic have traditionally failed to deliver on cost, quality, and availability,” shares CEO and Founder Dillon Baxter. “PlantSwitch was founded with the mission to deliver a bioplastic alternative that can replace all traditional single-use plastics. To do that, the technology must be low-cost, high performance, and rapidly scalable; and those 3 tenets have guided every decision our development team has made since inception.”

Proceeds from this raise will be used to launch PlantSwitch’s first commercial manufacturing facility in North Carolina and expand its team. At scale, the 52,000 sq ft facility is expected to produce over 50M lbs of bioplastic resin annually. PlantSwitch’s customers include some of the leading brands and manufacturers in foodservice, CPG, cosmetics, and agricultural products, and the company expects this facility to reach its capacity in 2025. PlantSwitch currently has 12 employees, primarily chemical engineers and polymer scientists that have made significant contributions to the field of sustainable materials.

Aligned with PlantSwitch’s vision, NexPoint Capital is a large institutional investor with a climate tech platform, where they allocate early-stage capital to climate-smart technologies that will require significant infrastructure to scale. NexPoint currently holds over $16 billion in assets under management.

“At NexPoint, we are always looking to support companies that do important work, and offer attractive opportunities for growth,” said Scott Johnson, Managing Director & Portfolio Manager at NexPoint Capital.  “PlantSwitch certainly fits that bill and represents an investment that aligns with our values and expertise in Climate Tech businesses.”

PlantSwitch is now gearing up for its 2024 Series A fundraise, which will be used to expand capacity with additional manufacturing facilities.

“Major corporations have made commitments to lower their plastic consumption and the toxic waste it produces, but the proper infrastructure to deliver a viable alternative hasn’t existed,” says PlantSwitch CEO Dillon Baxter. “This $8 million raise, in partnership with NexPoint, is being invested in building out this infrastructure, which will drive the alternative plastics market forward.” In conclusion, Baxter adds, “We believe the infrastructure for compostable bioplastics is critical to the future of our economy, our health, and our planet. That’s why we are on a mission to build it in a way that is scalable and cost competitive.”

5G Edge Computing Industrial IoT Cellular Solution

Computing at the Edge of the network remains a crucial and growing part of a plant’s architecture. Digi International positioned itself as an enabler of data transmission for a long time. This news is a new product exploiting some of the 5G cellular technology benefits.

Digi International announced market launch of Digi IX40, a 5G edge computing industrial IoT cellular router solution. Digi IX40 is purpose-built for Industry 4.0 use cases such as advanced robotics, predictive maintenance, asset monitoring, industrial automation and smart manufacturing. Fully integrated with Digi Remote Manager, this solution’s capabilities improve security and scalability while ensuring speed, reliability and efficiency.

Digi IX40 integrates Digi Remote Manager (Digi RM) for rapid configuration, automated security monitoring and simplified management. Digi RM — the cloud-based command center for IoT deployments — gives businesses critical insights into their network operations for more data-driven decisions. Likewise, Digi RM supports secure terminal access for out-of-band management of edge devices via serial ports and a command-line interface.

Key Digi IX40 features include:

  • Global 5G and LTE support for public and private cellular networks
  • Integrated edge computing capabilities for applications requiring edge intelligence and real-time processing
  • The Digi Accelerated Linux operating system (DAL OS)
  • Simplified configuration and management with Digi Remote Manager
  • FIPS 140-2 validation for encryption of sensitive data
  • Ethernet, SFP, serial, I/O and Modbus bridging
  • Powerful failover options, including fiber and 4G LTE for ultimate redundancy
  • Digi SureLink, VRRP+ and dual SIMs for resilient cellular connectivity
  • GNSS receiver supporting GPS, GLONASS, BeiDou and Galileo
  • License-free enterprise software: VPN, firewall, logging and authentication
  • Rugged enclosure with DIN rail and shelf mounting options
  • FirstNet Capable models to meet the demands of emergency response

Digi Containers, a Digi value-added service, augments the Digi IX40 solution to facilitate cost-effective applications via lightweight Linux containers, giving businesses additional flexibility and scalability for their Industry 4.0 initiatives. Digi is proud to provide not only a Digi Containers solution for customers who want to run their own custom applications or binaries on Digi IX40, but we also provide vetted access to software from leaders in the Industry 4.0, Networking 2.0, and industrial protocol services.

Digi WAN bonding, an add-on service available through Digi Remote Manager, provides ultra-fast, ultra-reliable network connectivity. Digi WAN Bonding enables users to centrally set up, deploy, and manage the bonding of multiple WAN Internet connections together on Digi IX40 for a combination of increased throughput speeds, WAN smoothing, packet redundancy, and seamless failover for always-on Internet connectivity. Digi WAN Bonding can scale to hundreds or thousands of sites to ensure you are getting the most robust connectivity for your entire fleet or network that is always ready, always online.

New Research Identifies Gaps in Securing Access to Connected OT Environments

This news reports yet another survey of managing security risk.

Cyolo, the access company for the digital enterprise, in partnership with Ponemon Institute, released a global study exploring how organizations that operate critical infrastructure, industrial control systems (ICS), and other operational technology (OT) systems are managing access and risk in an era of rising connectivity.

“Our world has become increasingly interconnected, and the findings of this report highlight the vital need for organizations to reevaluate and enhance their strategies for ensuring secure access into OT environments,” said Larry Ponemon, Chairman and Founder of the Ponemon Institute.

The report, “Managing Access & Risk in the Increasingly Connected Operational Technology (OT) Environment,” reveals that many industrial organizations lack the resources, expertise, and collaborative processes to effectively mitigate threats and ensure secure access to OT systems. The report is based on a survey of 1,056 security professionals across the United States and EMEA who work in organizations that run an OT environment and are knowledgeable about their organization’s approach to managing OT security and risk.

Overall key findings include:

  • Organizations allow dozens of third-party users to access OT environments. 73% permit third-party access to OT environments, with an average of 77 third parties per organization granted such access. Challenges to securing third-party access include preventing unauthorized access (44%), aligning IT and OT security priorities (43%), and giving users too much privileged access (35 percent).
  • Visibility into industrial assets is dismal. 73% lack an authoritative OT asset inventory, putting organizations at significant risk.
  • IT and OT teams share responsibility for OT security but do not communicate enough to achieve optimal outcomes. 71% report that IT or IT and OT together are responsible for securing OT environments. However, collaboration and communication are lacking, with 37% reporting little or no collaboration, and 19% reporting that teams talk about OT security issues only when an incident occurs.
  • Security is seen not only as a goal of IT/OT convergence but also as an obstacle. Reducing security risk is the top objective of companies pursuing IT/OT convergence (59%), and yet one-third (33%) of organizations not pursuing convergence cite security risk as a top factor for their decision.

Register to attend a joint webinar from Cyolo and Ponemon Institute, on Tuesday, March 12 at 11am ET here: Behind the Ponemon Report: Risk & Access Management in the OT Environment.

Privilege

People have been moaning about Boomers leaving the workforce and a coming worker gap for 20 years. Perhaps the time has arrived? How is your hiring of young people going?

Now, I know that you can’t really evaluate each candidate by what marketing-designated generation they were born into. However, consider some statistics gathered by a data company who performed an analysis of TikTok and Google search data.

Few arenas of life reveal as much as youth sports does about—parents. I remember my own good times and, with much chagrin, my bad ones. Thirty-five years working as a referee in youth and high school soccer revealed the growing trend of “helicopter” parents who hovered over their kids to protect them and “snow plow” parents who tried to pave the way for them. If these results don’t reveal what happens to kids entering the workforce after experiencing life as the recipient of helicopter or snow plow parenting, I’ve lost the ability to observe and analyze.

Job Shift Shock is the most popular work trend with a total 1.7B TikTok views and nearly 121K monthly searches on Google. The trend leads the list as it describes the transition from initial excitement of beginning a new job to the disappointment of unexpected responsibilities.

Quiet Quitting ranks as the second most popular trend, having 1.1B views on TikTok and over 612.5K searches on Google. This trend’s place in the list is secured by the increasing cost of living and workers’ dissatisfaction with their salaries or job conditions.

I can think of few clearer signals about what happens to young people when they have always had someone there to smooth the way for them. I remember hiring a young man recently graduated from university. He wondered how long (a year or two?) before he would be in line to be president of the company.

So, how is your hiring going? Must you cope with these entrants? Can you screen them out?

Honeywell Releases Significant Updates to Experion Process Knowledge System

It is inevitable. I receive a press release from Honeywell Process. This one regards the Experion PKS R530 process knowledge system. Upon reading, I think, oh, well, some incremental improvements. Then I talk with my main product interface, Joe Bastone. After digesting the output of his firehose, I see how advanced Honeywell the technology has become. 

Honeywell announced February 5, 2024 it is driving new automation capabilities into Experion Process Knowledge System (PKS), with Release R530. The technology update integrates new features that strengthen existing control room installations through both firmware and software upgrades and supports Honeywell’s alignment of its portfolio to three compelling megatrends: automation, the future of aviation and energy transition.

Evidently Honeywell corporate has identified three parts of a vision and is placing the updates to Experion into the automation bucket. That’s OK, but I think it does a disservice to the platform if one defines automation too narrowly or traditionally.

The Experion PKS Highly Integrated Virtual Environment (HIVE) forms the foundation that R530 builds upon.

The Experion PKS R530 update introduces Experion Remote Gateway, which further enables remote operations by providing a browser-independent method to simplify monitoring and operations. Additionally, the updated Ethernet Interface Module allows for Experion PKS HIVE integration of smart protocols while optimizing the processing load of the C300 controller. These features ensure the best possible security, reliability and performance for customers.

The press release slipped in a sentence about the updated Ethernet Interface Module. I had about 30 minutes with Bastone. He picked two key features to discuss. This was one. I cannot do justice to his entire discussion. Go to the tech pages. This module eliminates a need for controller peer-to-peer communications. “It changes how communications are done.” It allows non-Honeywell I/O to communicate into the I/O HIVE. It simplifies installation and eliminates junction boxes. Check that one out.

Experion PKS offers industry-leading flexibility in automation system design, engineering, deployment, and ongoing maintenance. Using Experion PKS Control HIVE can reduce controller count by up to 50% and system cabinet count by up to 80%, compared to traditional automation solutions. Experion PKS Control HIVE also minimizes manual interventions to ensure smoother and safer operations, reducing the risk of unplanned downtime which can impact users’ bottom line.

Back to Bastone. Imagine you have a plant. There are five areas with their own controllers. It’s all so logical and clean when new. But you have to add something at the edge of one of the areas. You go looking for the closest junction box. That may connect to a different controller. The way Control HIVE works, that can be OK. But go several years and several projects down the road. Now you may have a complex mess. But the HIVE decouples controllers and applications. The C300 can run two apps at the same time. Now if you are in a primary/backup architecture and a primary goes out, you have the backup. But the backup has no backup. So, Control HIVE can look for a partner and find a new backup. This decoupling has, in effect, added resiliency to the overall system while reducing the total number of controllers needed.

What has amazed me is that Honeywell has developed almost everything that the original designers of OPAF envisioned—except for total interoperability. They were looking for totally generic hardware so that any supplier’s products could be seamlessly inserted on upgrades. That’ll probably never happen. But Honeywell’s decoupling and HIVE technology provides a lot of upgrade capability and modernizes the architecture.

Getting Proactive About Securing Smart Manufacturing

A PR person recently contacted me about a new paper, Emerging Trends and Securing the Future of Smart Manufacturing, from an analyst firm new to me—Takepoint. Soon thereafter I was on a video call with analyst and author Jonathon Gordon.

He first mentioned about getting proactive with security. Too much cybersecurity is network detection after there is a problem. It is inherently passive. This may help some in recent scenarios where the goal of the intruder is ransomware. But what about now when nation-state actors are trying to gain access to critical infrastructure control in order to disrupt production or even cause major damage?

Gordon took a closer look at a control system. A potential vulnerability lies in the connection between the engineering workstation and the PLC. That is the cyber-physical connection. The focus needs to shift to mitigate this vulnerability. This workstation to PLC connection must be locked down.

These notes come from the company.

In today’s interconnected industrial world, data sharing is not just a convenience; it’s a necessity for growth and innovation. However, sharing data safely with partners, suppliers, or even within different departments of the same organization, requires a sophisticated approach to cybersecurity. The industrial CISO’s role evolves from just protecting data to enabling its safe and efficient flow across various networks, ensuring that it remains secure even when it’s outside their direct control.

 Innovation, especially in the context of Industry 4.0, naturally brings risks. But here’s the catch – innovation without risk is like swimming without getting wet; it’s just not possible. The key lies in understanding these risks – they can be accepted to a certain degree, actively mitigated, or in some cases, transferred (think insurance policies or outsourcing certain aspects). Ignoring these risks is not an option. Doing so is akin to flirting with the dark side, where the consequences can be severe and far-reaching.

In this dynamic environment, the role of the industrial CISO is not just reactive; it’s increasingly proactive. This means anticipating potential security breaches and having robust strategies in place. It’s about understanding not just the technology, but also the human and process elements of cybersecurity. Training staff, developing a security-conscious culture, and keeping abreast of the latest threats and countermeasures are all part of this proactive stance.

The message here is straightforward and urgent: cybersecurity in manufacturing isn’t a passive or reactive task; it’s an active, ongoing process. This involves regular risk assessments, identifying and mitigating vulnerabilities, and implementing robust security controls. Equally important is fostering a cybersecurity-aware culture throughout the organization, ensuring everyone from top executives to factory floor workers understands their role in maintaining security.

Verusen Joins AWS ISV Accelerate Program

Amazon Web Services just keeps growing in our market space. In this news Verusen, supplier of MRO optimization and collaboration products, announced joining the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. 

The AWS ISV Accelerate Program enables Verusen to accelerate value for manufacturing customers by directly connecting with Verusen with the AWS Partner Network and Sales organizations. AWS provides Verusen with co-sell support and benefits to meet customer needs through collaboration with AWS field sellers globally. Co-selling provides better customer outcomes and ensures AWS and its partners’ mutual commitment. 

“Verusen is delivering industry-leading solutions to AWS customers worldwide, working with AWS Account Executives and Solutions Architects providing access to simplified transactions via AWS Marketplace,” said Scott Matthews, Verusen’s CEO. “Now, customers can achieve multiple benefits by accessing Verusen’s next-generation MRO optimization platform in AWS Marketplace.” 

Verusen’s inventory policy optimization, global material search, network and supplier collaboration, and data deduplication capabilities allow existing AWS customers to enhance their tech stack further to transform their end-to-end MRO materials management processes digitally. Manufacturers gain significant visibility to their entire MRO landscape through Verusen’s easy access to purpose-built MRO optimization solution utilizing cloud infrastructure. 

Follow this blog

Get a weekly email of all new posts.