Bedrock Automation, products built for security from the chips up, had a flurry of activity at the ARC Industry Forum in Orlando last week. It announced a firmware upgrade, OPC UA and partnerships for its SCADA product, and anomaly detection. Here’s a teaser—CEO and Founder Albert Rooyakkers pulled out a new piece of hardware. He didn’t have a release or specs for me, but watch for a new, lower cost, SCADA or gateway device hardened and built with security in mind from the chips up.
Bedrock and OPC UA
Bedrock Automation has published a concise, easy-to-deploy interface specification that enables users and application developers to take advantage of the security capabilities of OPC UA communications software. By following the simple procedures outlined in the Bedrock SCADA Security Platform Specification, developers can upgrade any OPC UA compliant client into a highly secure OPC UA channel, across which users can exchange data between plant floor operations and SCADA applications. Three leading SCADA software developers, Inductive Automation, ICONICS and TATSOFT, are committing and releasing support to the Bedrock interface specification.
“OPC UA provides unique cyber security advantages enabling open communications across numerous industrial devices and applications and providing the end-users options for integrating authentication keys protecting those communications. The most secure OPC level is to authenticate those keys against a known root of trust, which Bedrock supplies via a certificate authority (CA), validated against cryptographic keys built into its controller,” said Thomas J. Burke, OPC Foundation President and Executive Director, adding “Bedrock Automation is a clear leader in supporting the OPC UA standards, and provides information integration and communication that the end users have been demanding.
Bedrock designs and sources its own secure semiconductor components with encryption and authentication technologies embedded at the “birth” of their modules, assembled and tested by Bedrock in their cyber secure supply chain. The unique design then draws on the power and flexibility of public key infrastructure (PKI) and Transport Layer Security (TLS) standards similar to those used to secure ecommerce transactions and military and aerospace electronics. Bedrock Automation then uses those securely embedded keys as the basis for digital certificates that manage access and communication between SCADA applications and control systems. Bedrock Cybershield 3.0 firmware is the first control system to offer an embedded PKI for SCADA applications.
“Such a simple specification demonstrates that Open and Secure SCADA can be deployed today, and that an applications interface does not have to be thousands or even hundreds of pages. We are pleased to be working with innovative SCADA software providers such as Inductive Automation, ICONICS and TATSOFT, to help them and their customers take advantage of the secure communications capabilities of OPC UA and the intrinsic security of the Bedrock platform,” said Rooyakkers.
Bedrock Automation also announced the availability of Cybershield 3.0, a major firmware upgrade with advancements that make it easier for end users and developers to build control applications that are both open and secure. Among the six major innovations facilitated by the Cybershield 3.0 upgrade are the first public key infrastructure (PKI) built into an OPC UA server for SCADA applications; an industrial Certificate Authority (CA) for user key management; virtual crypto key locks for the controller; and a Secure Proxy server capability that can protect legacy controls systems of other vendors.
“Cybershield 3.0 is one of the most significant steps forward since the release of our Bedrock OSA platform. We now support leading SCADA companies in integrating their OPC UA client to our open security and key management tools. In addition, we start our march to converge IT cyber detection technologies into real-time OT automation with our integrated Anomaly Detection (AD) tools built into every controller. We are delivering secure SCADA and AD as intrinsic and zero-cost advancements, focused acutely on ease of use and reductions in lifecycle costs,” said Bedrock founder and CEO Albert Rooyakkers.
Bedrock Cybershield 3.0 includes the following capabilities:
1) Secure Open SCADA with OPC UA. The cryptographic keys built into all the Bedrock system electronics, provide the root of trust for the Bedrock Certificate Authority (CA) that verifies the reliability of OPC UA-managed communications between SCADA and PLCs or other industrial control systems.
2) Open Certificate Authority (CA) for SCADA. This advanced SaaS key and certificate management tool is not only FREE to our customers but is simple to deploy with our Secure SCADA Interface Specification. Leading SCADA providers, including Inductive Automation, ICONICS and Tatsoft, are committing to and releasing support to this interface specification.
3) Intrusion detection. Even though the Bedrock control system has protection built into its core, users still need to know when system security is challenged. Cybershield 3.0 comes standard with intrinsic Anomaly Detection (AD) functionality that continuously monitors the controller’s network and system time to detect intrusions and anomalous behavior and report it to both SCADA and enterprise database applications for trending, alarming and historizing anomalous cyber activity.
4) Quickly Secure Legacy Automation with Secure SCADA. Companies can now use Bedrock security to help integrate open standard communications protocols with legacy PLC and DCS systems from other vendors. A Bedrock secure controller module acts as a gateway between SCADA platform workstation and the legacy controllers.
5) Cryptographic key locking. Cybershield 3.0 also includes a cryptographic controller engineering key lock that permits only users with the required credentials to change the mode of the controller.
6) Achilles and EMP compliance on power supplies. Bedrock Automation is certifying its standalone power supply and standalone uninterruptible lithium power supply to both MiL-STD-461-G, the military standard for advanced EMP hardening, and Achilles Level 2 certification, augmenting the EMP and Achilles certification achieved for its control system modules last year.
“Today’s increasingly connected environment drives the process industries to search for automation solutions that deliver the benefits of open communications with ‘baked in’ cybersecurity. By extending its secure automation technology to third-party software providers, Bedrock Automation addresses this key pain point of future automation requirements. ARC believes the intrinsic and no-cost approach of Bedrock’s cybersecurity strategy is the quintessential component missing in control systems, today,” writes ARC analyst Mark Sen Gupta in his recent report, Bedrock Automation’s Open Secure Automation a “Win” with End Users
Bedrock Open Secure Automation (OSATM) firmware will include intrinsic Anomaly Detection (AD). Bedrock OSA AD will be available as standard integrated functionality that continuously monitors the controller’s network and system time to detect intrusions and anomalous behavior.
“Preventing control system intrusion is fundamental to holistic cyber security. In addition, users need to know when the system security is being challenged. This is the role of anomaly detection. At no additional cost or complexity for the user, Bedrock’s AD delivers additional assurance that no one is tampering with your automation,” said Rooyakkers. Bedrock Anomaly Detection includes the following functionality:
• Dynamic Port Connection Monitoring, which records all attempts to connect any controller or communication point and captures identifying information on the intruder
• Network Port Scanning, which detects if hackers are scanning for open ports that might provide access to the control network
• System Time Monitoring, which detects attepts to manipulate log files to conceal malicious activity
• Cryptographic Controller Engineering Key Lock, which permits only users with valid user credentials to change the configuration and operation mode of the controller and records all access
• Intrusion Event Logging, which records all detected anomalies and reports them to SCADA software through OPC UA and standard database access for historian, alarming, and trending functions. Additionally, a tri-color status LED on the faceplate of Bedrock Controllers provides indication locally whenever an intrusion is detected.
I was so busy during the ARC Advisory Group Industry Forum last week, that I just couldn’t find time to write coherently. The keyword was digital supplemented by embedded, edge, IIoT, security, and transformation.
The Forum attracted perhaps not only its largest attendance but also its largest attendance of end users. The things that appeal to me are those that fit into the Industrial Internet of Things the most. Here are two related new product releases. The first one involves embedding HMI/SCADA software and the second involves using that embedded software in addition to many other technologies for an edge device.
First is the announcement from Inductive Automation concerning the creation of its Ignition Onboard program. The program involves device manufacturers embedding Ignition and Ignition Edge software in the devices they manufacture.
The program includes Ignition Onboard and Ignition Edge Onboard. Ignition by Inductive Automation is an industrial application platform with tools for building solutions in human-machine interface (HMI), supervisory control and data acquisition (SCADA), and the Industrial Internet of Things (IIoT). Ignition Edge is a line of lightweight, limited, low-cost Ignition software products which empower solutions designed for edge-of-network use.
“Device manufacturers have joined Ignition Onboard in response to their customers’ demands for an all-in-one solution that contains hardware and software at a reasonable price,” said Don Pearson, chief strategy officer for Inductive Automation. “These are companies that understand the importance of building a strong IIoT, and we’re very happy to be collaborating with them.”
The other announcement came from Opto 22. This is a significant advance in edge devices for industrial and SCADA applications.
The new groov EPIC system from Opto 22 combines I/O, control, data processing, and visualization into one secure, maintainable, edge-of-network industrial system. groov EPIC lets engineers and developers focus on delivering value, not on triaging loosely connected components.
“We are a company of engineers inspired and driven to create products that unleash our customers’ imaginations,” says Mark Engman, Opto 22 CEO. “groov EPIC is a culmination of that mission, a response to industry requests to more wholly integrate IT and OT technologies, simplify development and deployment, and provide a platform for long-term growth now and well into the future.”
Combining reimagined intelligent I/O with an embedded Linux real-time controller, gateway functions, and an integrated display, groov EPIC offers field-proven industrial hardware design with a modern software ensemble, to produce the results that visionary engineers want today.
Connecting legacy systems, controlling processes and automating machines, subscribing to web services and creating mashups, acquiring and publishing data, visualizing that data wherever it is needed, and mobilizing operators—all of these are now within reach. In addition, groov EPIC simplifies commissioning and wiring and helps engineers develop rapidly and deploy quickly.
“The groov EPIC system incorporates in one unit everything needed to connect and control field and operational devices and data, through on-premises IT databases, spreadsheets and other software, to cloud storage and services—and back again,” says Benson Hougland, Opto 22 vice president of Marketing & Product Strategy. “This ability to easily exchange data and use it where needed opens opportunities automation engineers have not had until now. This is a truly new system that builds on the past but looks fundamentally to the future of our industry.”
The main point of discussion between Benson and me lately is whether Sparkplug (from the developer of MQTT) is adequate for IoT applications. He favors the lightweight (technical, not pejorative) protocol or I tend to favor OPC UA over MQTT as a better overall solution due to its interoperability. But that’s OK. He and I have had these technical discussions for almost 20 years now. I love pushback, and I think Benson does as well. It raises the energy level.
IoT Platforms are all the rage. All God’s children need a platform, it seems. Most larger companies have a platform. Oh, and all promise it’s “open” to everyone’s connections. Then there is open source—check out Dell, the Linux Foundation, and others who have developed the EdgeX Foundry.
Now we have an Asian developed one—mostly Japanese along with Taiwan-based Advantech—called the Edgecross Consortium. Edgecross evidently refers to a focus on edge computing and cross vendor.
I received the first notice from Advantech who announced it has partnered with Mitsubishi Electric, Omron, NEC, IBM Japan, and Oracle Japan to establish the “Edgecross Consortium” to overcome boundaries between companies and industries in order to realize collaboration between factory automation and IT. The objective is to create new value centered on edge computing.
The Consortium news release states, “In this way, it will contribute to the promotion of IoT, for which demand is increasing on a global scale, as well as Society 5.0, proposed by the Japanese government, and activities of Connected Industries, which tie in to Society 5.0.”
Initial activities of the Consortium will begin with the development of specifications for the Edgecross open software platform and promoting its dissemination for edge computing from Japan to harmonize with FA and IT. This initial work will include providing avenues for supporting companies to cooperate and collaborate beyond the framework of companies and industries. The Consortium will aim to expand applications for various industries in addition to initiating activities in the global arena in the future.
I should note here that in America and Europe, we generally refer to bringing OT and IT together (rather than FA).
The date of founding is scheduled for November 29, 2017, and an exhibition is planned at the System Control Fair 2017, to be held on the same day.
Overview of Edgecross
An open software platform of edge computing area from Japan built by consortium members beyond the boundaries of companies and industries to realize collaboration with FA and IT.
Real-time diagnosis and feedback
Realizing real-time feedback to the production site by analyzing and diagnosing the data at location close to the production sites
Creating models from production sites
Data can be easily utilized by people or by applications by layering and abstracting the Big data of the production sites
Utilization of various applications in the edge computing area
IT applications can be easily applied to FA application
Applications may be selected from an extensive lineup depending on the situation
System construction completed in the edge computing area are available
Collecting all types of data at the production site
Enable data collection from all equipment and devices regardless of vendor or network
Smooth coordination with FA and IT systems
Realizing supply chain and engineering chain optimization by seamless data coordination with IT systems including the cloud
Operates on industrial PCs
Mountable on various manufacturer’s industrial PCs (IPCs)
Here are a couple of executive quotes about the news.
“Partnering with leading global companies in accelerating our global business in Industry 4.0 is Advantech’s key strategy,” stated Allan Yang, CTO of Advantech. “Advantech joined the Mitsubishi [email protected] Alliance this April to foster business opportunities for smart manufacturing in Asia through co-marketing and co-exhibition. Joining the Edgecross Consortium is our next big step to expand global collaboration and business in Industry 4.0. We are very proud to be a part of Edgecross Consortium with these leading global companies; we are looking forward to collaborating with consortium members to develop Industry 4.0 products and solutions to enhance our customer experience.”
Yoshikazu Miyata, Executive Officer and Group President of Factory Automation Systems at Mitsubishi Electric, gave the following statement regarding the new partnership, “The consortium welcomes Advantech as a key member. We are happy to work with Advantech, a worldwide leading innovator for Edge computing and IoT solutions. We are looking forward to co-creating with Advantech to provide innovative IoT solutions to customers.”
While I am trying to finish a longer post on my Dell EMC experience from last week and all my Hannover experience, I’ll follow up on a conversation I had last week with Dell EMC’s Kevin Terwilliger about the embedded PC market.
He has written a blog post from his visit to Embedded World in Germany. The Embedded Computing market always seemed a little strange to me. In part because huge VME and PCI (and CompactPCI) chassis computers were alongside SOC (what I think of as “embedded”) and other chip and board level computing.
Check out his blog. I posted a comment.
After attending Embedded World last month in Germany it was clearer to me than ever before – the embedded PC industry is not dissimilar to the desktop PC industry 30 years ago. When Dell entered the PC market back in 1984 and in the years shortly following, there were 430 PC companies who were each trying to compete based on some level of unique customization they could offer. Dell turned all this upside down with their direct configure to order model.
Good point. I would just add (again, check his blog) that part of the consolidation was technology-driven. CPUs became much more powerful and memory became more plentiful and cheaper. This meant that the PC itself could do much more without add-on cards and peripherals. Customization became firmware and software driven. You could buy one box and make it what you wanted (to a degree).
Dell’s embedded offering could be a foreboding of such a change in the embedded market. What do you think?
One under-the-radar trend in industrial automation and software is the development of a marketplace. Several companies have one type of marketplace or another. I think it’s going to prove to be a powerful concept. Here is a take on it from Advantech.
Advantech, a leader of the global industrial computing market, launches the WISE-PaaS Marketplace, an online software shopping website that features exclusive software services provided by Advantech and its partners. The WISE-PaaS Marketplace provides diverse WISE-PaaS IoT application software, including WebAccess/SCADA, WebAccess/HMI, WebAccess/IVS, WebAccess/IMM, WebAccess/NMS, online IoT cloud services, and IoT security services. The WISE-PaaS Marketplace is a sharing platform to integrate with IoT solutions developed by solution partners to provide the building blocks for customers to upgrade existing business systems to Industrial IoT and Industry 4.0 quickly and easily.
Share Success, Grow Business, and Innovate Services
The Wise-PaaS Marketplace is aimed at diverse solution offerings that provide cloud infrastructure services, security services, integrated WISE-PaaS IoT software services, and domain-focused applications for simple and rapid deployment. The WISE-PaaS Marketplace is a value-sharing platform/ecosystem that enables customers to market unique IoT applications and services, increase business opportunities and growth, and maximize returns under the profit-sharing system.
Ongoing Innovation for Future IoT Trends
Customers can subscribe software services via Wise-PaaS Marketplace with WISE-points included in the WISE-PaaS VIP membership packages to access numerous IoT solutions and create IoT innovations for future IoT trends.
Bedrock Automation has built a good automation platform with built-in security and toughness. I’ve been watching to see just how disruptive it might be in the market. In this announcement, it is showing further growth in its go-to-market strategy of working with integrators. It has signed a memorandum of agreement with Jacobs Engineering Group Inc., one of the world’s largest and most diverse providers of full-spectrum technical, professional and construction services. Under the agreement, the companies will pursue selected projects with automation system requirements for potential implementation of the Bedrock Open Secure Automation (OSA) system.
“Our clients are increasingly concerned about both cyber security and advanced automation and we have been creating innovative service packages to meet these needs. Bedrock Automation has excellent experience and superior designs in this area. I am impressed with their comprehensive background and knowledge in the industrial DCS and PLC arena,” said Jacobs’ Mission Solutions Chief Technology Officer Dr. Tommy Gardner.
The Bedrock control system is known for its patented Black Fabric Cybershield architecture, which provides an intrinsic cyber secure automation platform to protect user hardware, software and applications. Unlike other conventional industrial control systems, Bedrock was designed from a clean sheet of paper with advanced components and architecture to be simple, scalable and secure.
“Jacobs is taking a leadership role in integrating the next generation of information and automation technologies for its clients,” added Bedrock Automation President Bob Honor. “We see this as a tremendous opportunity to bring our technology and our vision of holistic cyber security to a much larger audience. We look forward to an exciting and mutually beneficial relationship with Jacobs.”