New Research Identifies Gaps in Securing Access to Connected OT Environments

This news reports yet another survey of managing security risk.

Cyolo, the access company for the digital enterprise, in partnership with Ponemon Institute, released a global study exploring how organizations that operate critical infrastructure, industrial control systems (ICS), and other operational technology (OT) systems are managing access and risk in an era of rising connectivity.

“Our world has become increasingly interconnected, and the findings of this report highlight the vital need for organizations to reevaluate and enhance their strategies for ensuring secure access into OT environments,” said Larry Ponemon, Chairman and Founder of the Ponemon Institute.

The report, “Managing Access & Risk in the Increasingly Connected Operational Technology (OT) Environment,” reveals that many industrial organizations lack the resources, expertise, and collaborative processes to effectively mitigate threats and ensure secure access to OT systems. The report is based on a survey of 1,056 security professionals across the United States and EMEA who work in organizations that run an OT environment and are knowledgeable about their organization’s approach to managing OT security and risk.

Overall key findings include:

  • Organizations allow dozens of third-party users to access OT environments. 73% permit third-party access to OT environments, with an average of 77 third parties per organization granted such access. Challenges to securing third-party access include preventing unauthorized access (44%), aligning IT and OT security priorities (43%), and giving users too much privileged access (35 percent).
  • Visibility into industrial assets is dismal. 73% lack an authoritative OT asset inventory, putting organizations at significant risk.
  • IT and OT teams share responsibility for OT security but do not communicate enough to achieve optimal outcomes. 71% report that IT or IT and OT together are responsible for securing OT environments. However, collaboration and communication are lacking, with 37% reporting little or no collaboration, and 19% reporting that teams talk about OT security issues only when an incident occurs.
  • Security is seen not only as a goal of IT/OT convergence but also as an obstacle. Reducing security risk is the top objective of companies pursuing IT/OT convergence (59%), and yet one-third (33%) of organizations not pursuing convergence cite security risk as a top factor for their decision.

Register to attend a joint webinar from Cyolo and Ponemon Institute, on Tuesday, March 12 at 11am ET here: Behind the Ponemon Report: Risk & Access Management in the OT Environment.

Privilege

People have been moaning about Boomers leaving the workforce and a coming worker gap for 20 years. Perhaps the time has arrived? How is your hiring of young people going?

Now, I know that you can’t really evaluate each candidate by what marketing-designated generation they were born into. However, consider some statistics gathered by a data company who performed an analysis of TikTok and Google search data.

Few arenas of life reveal as much as youth sports does about—parents. I remember my own good times and, with much chagrin, my bad ones. Thirty-five years working as a referee in youth and high school soccer revealed the growing trend of “helicopter” parents who hovered over their kids to protect them and “snow plow” parents who tried to pave the way for them. If these results don’t reveal what happens to kids entering the workforce after experiencing life as the recipient of helicopter or snow plow parenting, I’ve lost the ability to observe and analyze.

Job Shift Shock is the most popular work trend with a total 1.7B TikTok views and nearly 121K monthly searches on Google. The trend leads the list as it describes the transition from initial excitement of beginning a new job to the disappointment of unexpected responsibilities.

Quiet Quitting ranks as the second most popular trend, having 1.1B views on TikTok and over 612.5K searches on Google. This trend’s place in the list is secured by the increasing cost of living and workers’ dissatisfaction with their salaries or job conditions.

I can think of few clearer signals about what happens to young people when they have always had someone there to smooth the way for them. I remember hiring a young man recently graduated from university. He wondered how long (a year or two?) before he would be in line to be president of the company.

So, how is your hiring going? Must you cope with these entrants? Can you screen them out?

Honeywell Releases Significant Updates to Experion Process Knowledge System

It is inevitable. I receive a press release from Honeywell Process. This one regards the Experion PKS R530 process knowledge system. Upon reading, I think, oh, well, some incremental improvements. Then I talk with my main product interface, Joe Bastone. After digesting the output of his firehose, I see how advanced Honeywell the technology has become. 

Honeywell announced February 5, 2024 it is driving new automation capabilities into Experion Process Knowledge System (PKS), with Release R530. The technology update integrates new features that strengthen existing control room installations through both firmware and software upgrades and supports Honeywell’s alignment of its portfolio to three compelling megatrends: automation, the future of aviation and energy transition.

Evidently Honeywell corporate has identified three parts of a vision and is placing the updates to Experion into the automation bucket. That’s OK, but I think it does a disservice to the platform if one defines automation too narrowly or traditionally.

The Experion PKS Highly Integrated Virtual Environment (HIVE) forms the foundation that R530 builds upon.

The Experion PKS R530 update introduces Experion Remote Gateway, which further enables remote operations by providing a browser-independent method to simplify monitoring and operations. Additionally, the updated Ethernet Interface Module allows for Experion PKS HIVE integration of smart protocols while optimizing the processing load of the C300 controller. These features ensure the best possible security, reliability and performance for customers.

The press release slipped in a sentence about the updated Ethernet Interface Module. I had about 30 minutes with Bastone. He picked two key features to discuss. This was one. I cannot do justice to his entire discussion. Go to the tech pages. This module eliminates a need for controller peer-to-peer communications. “It changes how communications are done.” It allows non-Honeywell I/O to communicate into the I/O HIVE. It simplifies installation and eliminates junction boxes. Check that one out.

Experion PKS offers industry-leading flexibility in automation system design, engineering, deployment, and ongoing maintenance. Using Experion PKS Control HIVE can reduce controller count by up to 50% and system cabinet count by up to 80%, compared to traditional automation solutions. Experion PKS Control HIVE also minimizes manual interventions to ensure smoother and safer operations, reducing the risk of unplanned downtime which can impact users’ bottom line.

Back to Bastone. Imagine you have a plant. There are five areas with their own controllers. It’s all so logical and clean when new. But you have to add something at the edge of one of the areas. You go looking for the closest junction box. That may connect to a different controller. The way Control HIVE works, that can be OK. But go several years and several projects down the road. Now you may have a complex mess. But the HIVE decouples controllers and applications. The C300 can run two apps at the same time. Now if you are in a primary/backup architecture and a primary goes out, you have the backup. But the backup has no backup. So, Control HIVE can look for a partner and find a new backup. This decoupling has, in effect, added resiliency to the overall system while reducing the total number of controllers needed.

What has amazed me is that Honeywell has developed almost everything that the original designers of OPAF envisioned—except for total interoperability. They were looking for totally generic hardware so that any supplier’s products could be seamlessly inserted on upgrades. That’ll probably never happen. But Honeywell’s decoupling and HIVE technology provides a lot of upgrade capability and modernizes the architecture.

Getting Proactive About Securing Smart Manufacturing

A PR person recently contacted me about a new paper, Emerging Trends and Securing the Future of Smart Manufacturing, from an analyst firm new to me—Takepoint. Soon thereafter I was on a video call with analyst and author Jonathon Gordon.

He first mentioned about getting proactive with security. Too much cybersecurity is network detection after there is a problem. It is inherently passive. This may help some in recent scenarios where the goal of the intruder is ransomware. But what about now when nation-state actors are trying to gain access to critical infrastructure control in order to disrupt production or even cause major damage?

Gordon took a closer look at a control system. A potential vulnerability lies in the connection between the engineering workstation and the PLC. That is the cyber-physical connection. The focus needs to shift to mitigate this vulnerability. This workstation to PLC connection must be locked down.

These notes come from the company.

In today’s interconnected industrial world, data sharing is not just a convenience; it’s a necessity for growth and innovation. However, sharing data safely with partners, suppliers, or even within different departments of the same organization, requires a sophisticated approach to cybersecurity. The industrial CISO’s role evolves from just protecting data to enabling its safe and efficient flow across various networks, ensuring that it remains secure even when it’s outside their direct control.

 Innovation, especially in the context of Industry 4.0, naturally brings risks. But here’s the catch – innovation without risk is like swimming without getting wet; it’s just not possible. The key lies in understanding these risks – they can be accepted to a certain degree, actively mitigated, or in some cases, transferred (think insurance policies or outsourcing certain aspects). Ignoring these risks is not an option. Doing so is akin to flirting with the dark side, where the consequences can be severe and far-reaching.

In this dynamic environment, the role of the industrial CISO is not just reactive; it’s increasingly proactive. This means anticipating potential security breaches and having robust strategies in place. It’s about understanding not just the technology, but also the human and process elements of cybersecurity. Training staff, developing a security-conscious culture, and keeping abreast of the latest threats and countermeasures are all part of this proactive stance.

The message here is straightforward and urgent: cybersecurity in manufacturing isn’t a passive or reactive task; it’s an active, ongoing process. This involves regular risk assessments, identifying and mitigating vulnerabilities, and implementing robust security controls. Equally important is fostering a cybersecurity-aware culture throughout the organization, ensuring everyone from top executives to factory floor workers understands their role in maintaining security.

Verusen Joins AWS ISV Accelerate Program

Amazon Web Services just keeps growing in our market space. In this news Verusen, supplier of MRO optimization and collaboration products, announced joining the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. 

The AWS ISV Accelerate Program enables Verusen to accelerate value for manufacturing customers by directly connecting with Verusen with the AWS Partner Network and Sales organizations. AWS provides Verusen with co-sell support and benefits to meet customer needs through collaboration with AWS field sellers globally. Co-selling provides better customer outcomes and ensures AWS and its partners’ mutual commitment. 

“Verusen is delivering industry-leading solutions to AWS customers worldwide, working with AWS Account Executives and Solutions Architects providing access to simplified transactions via AWS Marketplace,” said Scott Matthews, Verusen’s CEO. “Now, customers can achieve multiple benefits by accessing Verusen’s next-generation MRO optimization platform in AWS Marketplace.” 

Verusen’s inventory policy optimization, global material search, network and supplier collaboration, and data deduplication capabilities allow existing AWS customers to enhance their tech stack further to transform their end-to-end MRO materials management processes digitally. Manufacturers gain significant visibility to their entire MRO landscape through Verusen’s easy access to purpose-built MRO optimization solution utilizing cloud infrastructure. 

Edge Orchestration Leader ZEDEDA Secures $72M in Growth Capital

One of those specialty niche areas of modern compute architecture is technology to handle special needs of edge computing. ZEDEDA developed edge orchestration technology. I see that it is using some Gartner data to tie its fortunes to AI in the form of ML (machine learning). It is growing at enough pace to require additional capital funding. Emerson and Rockwell Automation are two companies in my market space that are invested in this area.

  • Smith Point Capital led the highly oversubscribed Series C round with strong participation from other new and existing investors
  • Funding accelerates ZEDEDA’s global expansion as demand for its product soars as enterprises accelerate adoption of orchestration and AI at the edge
  • Over the past year, ZEDEDA increased annual recurring revenue by more than 250% and increased nodes under management by more than 300%, including significant key enterprise success with more than 10 Fortune Global 500 accounts

ZEDEDA announced closing of $72 million in growth capital, with the Series C round led by Smith Point Capital, founded by former Salesforce Co-CEO Keith Block.

According to Gartner, “By 2027, 20% of large enterprises will have deployed an edge management and orchestration (EMO) solution, compared with fewer than 1% in 2023.” Simultaneously, the demand for AI and machine learning is also exploding. Gartner also predicts that “by 2026, at least 50% of edge computing deployments will involve machine learning (ML), compared with 5% in 2022,” further accelerating the large-scale deployment of edge workloads and increasing adoption of edge management and orchestration.

“This latest round of investment validates our leadership position as the preferred choice of large enterprises for their edge management and orchestration needs,” said Said Ouissal, ZEDEDA’s CEO and founder. “Our unique and innovative product is powering the explosive demand of ubiquitous edge computing, underpinning our customer’s AI and real-time data analytics initiatives. With this funding, we are well-positioned to further extend the cloud operational infrastructure model everywhere, to continue to delight our customers and to realize our vision of powering the next era of computing.”

“We believe edge computing represents one of the next great waves of digital transformation given its unique ability to address the many challenges presented by an increasingly connected world, creating new category-leading companies like ZEDEDA,” said Keith Block, CEO and founder of Smith Point Capital. “Said and his team have a big vision and have already solved critical pain points around deploying workloads at scale for several enterprise verticals. As they’ve built the industry-leading solution to power the edge, we are thrilled to lead the Series C round and help accelerate their position as the market leader for edge management and orchestration.”

With this latest round of funding, ZEDEDA continues to draw significant investment interest and, despite a current tight funding market, has now raised over $127 million in total since its founding. Hillman Company, LDV Partners, Endeavor Catalyst Fund and Forward Investments (DEWA) joined Smith Point Capital as new investors in the company. In addition, ZEDEDA saw strong support from returning investors in this round, including Lux Capital, Almaz Capital, Coast Range Capital, Juniper Networks, Emerson Ventures, Chevron Technology Ventures, 5G Open Innovation Lab, Rockwell Automation and Porsche Ventures.

“Emerson customers rely on us to optimize their operations, and our DeltaV Distributed Control System is the foundation for this, providing intelligent control of all plant activities,” said Claudio Fayad, vice president of technology, process systems and solutions at Emerson. “We have standardized on ZEDEDA as a critical part of our solution, enabling us to extend DeltaV to the distributed edge and provide AI-based data analysis for real-time support for automated decision-making.”

“Our customers’ demand for real-time control, visualization, and closed-loop process and asset optimization applications at the edge remains robust,” said Arvind Rao, vice president of Industry Solutions at Rockwell Automation. “With our strategic partnership with ZEDEDA, we are able to offer industry-leading, centralized edge management solutions that deliver value across the lifecycle of our customer’s applications, significantly reducing their total cost of ownership.”

The growth capital investment emphasizes ZEDEDA’s remarkable business performance and growth over the past year. Annual recurring revenue increased more than 250% year-over-year, and the key metric of nodes under management increased by more than 300%, with 12 Global and Fortune 500 customers, capping another year of extreme growth and success. One notable example includes one of the largest global automobile manufacturers, which has standardized on ZEDEDA to modernize 70,000 dealerships, manufacturing facilities and service centers across 153 countries.

Mental Health App with Cybersecurity Implications

Did you know that your new Apple watch can measure stress levels and offer ways to manage them? This was the pitch from the PR agency to get me to talk with MetaBrain Labs. Many PR agencies send press releases capitalizing on whatever the latest media frenzy watches. Many are too over the top for my focus. Mental health is a media frenzy–it is also a very real problem. People suffering from depression, anxiety, grief, and more often are told the closes appointment with a therapist is six months away. An app sounds good, I’m sure.

With 35.5% of people already leveraging apps and other forms of technology to address emotional or mental struggles, according to a survey conducted by MetaBrain Labs that spanned across the US, Canada and Europe, this technology is a great way for people to jump into the developing sector of mental health technology.

However, being able to measure stress is only part of addressing the problem of stress management.

“While the new Apple Watch measures stress levels and offers ways to manage them, it doesn’t address the underlying causes of stress. The MetaBrain chatbot and wearable, on the other hand, guides a conversation with your unconscious mind, akin to the way a coach would, through a series of strategic questions. This process employs deception detection via the chatbot wearable to workaround cognitive resistance, to pinpoint the specific mindsets responsible for generating stress, facilitating their transformation into positive ones,” explains Alexandrea Day, Founder & CEO of MetaBrain Labs.

I had an opportunity to interview Day. I brought along an assistant, my daughter who is a licensed therapist. Too often these psychological devices and “fixes” lay in the realm of quacks and get-rich-quick schemes. Following much probing about the background of the app and device and potential uses, my daughter said that Day’s work coordinates well with Cognitive Behavior Therapy and other approved therapies. I felt better about writing about this.

Apple’s stress identification technology or other forms and apps that allow users to practice mindfulness can help people find temporary relief, but MetaBrain is working to get to the root of stress to help guide people and reverse self-defeating behaviors and mindsets that are holding them back and causing stress in their lives.

Day continues, “Merely identifying stress through devices like the Apple Watch doesn’t put an end to it. Mindfulness may provide temporary relief, but it often resurfaces with new triggers. The MetaBrain chatbot and wearable aim to break this cycle by guiding users through a structured session to identify and reverse self-defeating mindsets. This process is swift, and consistent reinforcement over two weeks ensures lasting change.”

MetaBrain Labs, led by the pioneering Neurotech Innovator and CEO, Alexandrea Day harnesses the power of their patent-pending Brain-Computer Interface (BCI) technology to explore and retrain the unconscious mind. This helps individuals unlock and shift hidden mindsets, facilitating rapid behavioral change for a profoundly better life in as little as two weeks. The process, rooted in Adaptive theory and used by Cognitive-Behavioral Therapy (CBT) spans its use across all human endeavors from improving a golf score to becoming a mindful parent or a better public speaker.

This device will be useful as an aid with a professional therapist to boost mental health of their clients. It can also be used for cybersecurity vulnerability prevention.

Siemens Generative AI and Predictive Maintenance

Generative artificial intelligence (AI) popularized by ChatGPT is this year’s big buzz in industrial technology. Predictive maintenance seems to be one logical place where finding more powerful computation can be supportive.

Siemens has worked with Microsoft closely for decades. It has also recently acquired Senseye. Here is news about using GenerativeAI for enhancing a predictive maintenance solution.

In short:

  • Enhancing proven machine learning capabilities with generative AI creates a robust, comprehensive predictive maintenance solution that leverages the strengths of both.
  • Using a conversational user interface, manufacturers can take proactive actions easily, saving both time and resources.
  • New generative AI functionality in Senseye Predictive Maintenance makes predictive maintenance conversational.

Siemens is releasing a new generative artificial intelligence (AI) functionality into its predictive maintenance solution – Senseye Predictive Maintenance. This advance makes predictive maintenance more conversational and intuitive. Through this new release of Senseye Predictive Maintenance with generative AI functionality, Siemens will make human-machine interactions and predictive maintenance faster and more efficient by enhancing proven machine learning capabilities with generative AI.

Senseye Predictive Maintenance uses artificial intelligence and machine learning to automatically generate machine and maintenance worker behavior models to direct users’ attention and expertise to where it’s needed most. Building on this proven foundation, now a generative AI functionality is being introduced that will help customers bring existing knowledge from all of their machines and systems out and select the right course of action to help boost efficiency of maintenance workers.

Currently, machine and maintenance data are analyzed by machine learning algorithms, and the platform presents notifications to users within static, self-contained cases. With little configuration, the conversational user interface (UI) in Senseye Predictive Maintenance will bring a new level of flexibility and collaboration to the table. It facilitates a conversation between the user, AI, and maintenance experts: This interactive dialogue streamlines the decision-making process, making it more efficient and effective.

 In the app, generative AI can scan and group cases, even in multiple languages, and seek similar past cases and their solutions to provide context for current issues. It’s also capable of processing data from different maintenance software. For added security, all information is processed within a private cloud environment, safeguarded against external access. Additionally, this data will not be used to train any external generative AI. Data doesn’t need to be high-quality for the generative AI to turn it into actionable insights: With little to configure, it also factors in concise maintenance protocols and notes on previous cases to help increase internal customer knowledge. By better contextualizing information at hand, the app is able to derive a prescriptive maintenance strategy.

The new generative AI functionality in the Software-as-a-Service (SaaS) solution Senseye Predictive Maintenance will be available starting this spring for all Senseye users. The combination of generative AI and machine learning creates a robust, comprehensive predictive maintenance solution that leverages the strengths of both.

HighByte Releases Industrial DataOps Solution with Native Connectivity to the Snowflake Data Cloud

A couple of IT companies introduced DataOps to me about ten years ago. I thought this looked like a ripe opportunity for the industrial market. Shortly thereafter I ran into a group of former Kepware people who had formed just such a company—HighByte. I then had an opportunity to talk with the Snowflake people at the Ignition Customer Community meeting last September. This Data Cloud company has some interesting technology. This news relates to a relationship and interoperability service.

If you have not explored the utility of DataOps, check out HighByte and also Snowflake.

HighByte announced in February 2024 the release of HighByte Intelligence Hub version 3.3 that offers new and improved interoperability with industry-leading cloud services, including the Snowflake Data Cloud and AWS IoT SiteWise. The latest release introduces two new native connectors for Snowflake supporting a broad set of use cases for industrial enterprises. 

The first new connector, Snowflake Streaming, utilizes the Snowflake Snowpipe Streaming API. This interface enables direct publishing to Snowflake tables without the need for staging files or third-party applications. This significantly reduces the compute, latency, and cost of frequently moving telemetry events into Snowflake. The second new connector, Snowflake SQL, enables HighByte Intelligence Hub users to directly query Snowflake tables. Rather than merely publishing to Snowflake, the Intelligence Hub can operationalize insights and context derived through the Snowflake Manufacturing Data Cloud by making this data available for industrial devices and applications. 

HighByte Intelligence Hub is an Industrial DataOps solution that contextualizes and standardizes raw industrial data at the edge, delivering usable information to cloud service partners. Receiving consistent, usable industrial data accelerates adoption and scale of these cloud services, helping industrial companies orchestrate digital transformation projects across their enterprise. The Intelligence Hub gives operational technology (OT) domain experts a no-code application to curate and contextualize industrial data according to standard data models.

Intelligence Hub version 3.3 also introduces tighter integration with AWS IoT SiteWise. The Intelligence Hub’s modeling engine and the IoT SiteWise connector have been refined and enhanced for working with hierarchical asset structures. These improvements simplify the user experience, reduce effort, and provide a single, no-code approach for composing and delivering asset-model hierarchies to IoT SiteWise as well as hydrating them with industrial data. 

HPE to acquire Juniper Networks to accelerate AI-driven innovation

Hewlett Packard Enterprise (HPE) influencer group first contacted me in the mid-2010s through the Aruba networking group. I was the independent industrial IoT writer at the time. The scope broadened for a time, then they closed the influencer group a couple of years ago. But I’ve maintained a bit of a connection to HPE networking, as well as its software and high-end hardware groups.

I’m not an analyst of this part of the market, but I’d have to say this is not a surprising acquisition. HPE has been pretty aggressive under CEO Antonio Neri. They usually do pretty well at integrating acquisitions. This acquisition of Juniper Networks should be a boost.

From the news release in brief:

  • Highly complementary combination enhances secure, unified, cloud and AI-native networking to drive innovation from edge to cloud to exascale
  • Accelerates long-term revenue growth and expands gross and operating margin; Expected to be accretive to non-GAAP EPS and free cash flow in year 1, post close
  • Advances HPE’s portfolio mix shift toward higher-growth solutions and strengthens high-margin networking business 

Hewlett Packard Enterprise and Juniper Networks, a leader in AI-native networks, announced January 9 that the companies have entered a definitive agreement under which HPE will acquire Juniper in an all-cash transaction for $40.00 per share, representing an equity value of approximately $14 billion.

The combination of HPE and Juniper advances HPE’s portfolio mix shift toward higher-growth solutions and strengthens its high-margin networking business, accelerating HPE’s sustainable profitable growth strategy. The transaction is expected to be accretive to non-GAAP EPS and free cash flow in the first year post close.

The acquisition is expected to double HPE’s networking business, creating a new networking leader with a comprehensive portfolio that presents customers and partners with a compelling new choice to drive business value.

Combining HPE and Juniper’s complementary portfolios supercharges HPE’s edge-to-cloud strategy with an ability to lead in an AI-native environment based on a foundational cloud-native architecture. 

Upon completion of the transaction, Juniper CEO Rami Rahim will lead the combined HPE networking business, reporting to HPE President and CEO Antonio Neri.

Follow this blog

Get a weekly email of all new posts.