by Gary Mintchell | Feb 18, 2015 | Automation, Industrial Computers, News, Operations Management, Security, Technology
There remains some unfinished business from the ARC Forum held last week in Orlando. Security as a key component of the Industrial Internet of Things was a recurring theme. Mentor Graphics held a press conference to highlight advances in embedded computing. Later, I met with Alan Grau, CEO of Icon Labs, to talk about security.
Building security directly into embedded control is a burgeoning trend. Expect to see more—and demand more from your suppliers—about building in security at the embedded level.
From the press release:
Icon Labs, a provider of embedded networking and security technology, has announced the integration of Icon Labs’ Floodgate security products with Mentor Graphics’ Nucleus RTOS and Mentor Embedded Linux. The integrated solution creates a secure platform for industrial automation and extends the Internet of Secure Things initiative into industrial control systems.
Icon Labs’ Internet of Secure Things Initiative defines a platform for developing secure, connected devices. The platform is designed to ensure that security is intrinsic to the architecture of the device itself and incorporates security management and visibility, device hardening, data protection and secure communications. These capabilities provide the foundation for the Industrial Internet of Secure Things. Natively securing the devices simplifies protection, audit, and compliance independent of the secure perimeter, reducing the need for expensive and complicated security appliances.
“Security is a top priority for our industrial automation and critical infrastructure clients. Partnering with Icon Labs allows us to provide an integrated solution that enables security and regulatory compliance,” stated Scot Morrison, general manager of Embedded Runtime Solutions, Mentor Graphics Embedded Systems Division. “Icon Labs Floodgate product family provides a comprehensive security platform for developing secure, embedded devices using Nucleus and Mentor Embedded Linux.”
The integration of Icon Labs’ Floodgate products and Mentor Graphics’ embedded OSes provides:
- Security policy management
- Event and command audit log reporting
- Integration with the McAfee ePolicy orchestrator (ePO)
- Integrated embedded firewall
- Firmware and data anti-tamper support
- Integrated solution on both Nucleus and Mentor Embedded Linux
“Today’s modern industrial automation devices and systems are complex connected devices charged with performing critical functions,” says Alan Grau, CEO of Icon Labs. “Including security in these devices is a critical design task. Security features must be considered early in the design process to ensure the device is protected from the advanced cyber-threats they will be facing now as well as attacks that will be created in the future. By partnering with Mentor Graphics, we are able to offer a solution in which critical security elements are integrated into the operating system, ensuring security is a foundational component of the device.”
by Gary Mintchell | Jan 30, 2015 | Automation, Industrial Computers, News, Process Control, Technology
National Instruments (NI)announced a collaboration with CERN, an intergovernmental research organization building the world’s largest and most advanced scientific instruments. The objective is to push the standardization of all CERN control systems to Linux 64-bit OSs, with goals to boost system performance, design cost-effective distributed embedded control systems and enlarge opportunities for small and medium enterprises with expertise in NI and open-source technologies.
NI has been working with the European Organization for Nuclear Research, more commonly known as CERN, since the early 1990s on applications that help explain what the universe is made of and how it began. Notable collaborations include the Large Hadron Collider collimation system, where applications developed with LabVIEW system design software control stepping motors on approximately 120 NI PXI systems, and the MedAustron ion beam cancer therapy center, for which CERN received three awards at NIWeek 2013. These common developments have resulted in valuable training for engineers in the fast-growing embedded systems market, and have led to long-term maintainable systems in mission-critical applications.
A recent collaboration between CERN and NI concentrated on CERN’s infrastructure improvement plans. Prior to the public release of LabVIEW support for 64-bit Linux, the Engineering Department (EN) Industrial Controls and Engineering (ICE) Group at CERN, acted as a lead user to help NI define and refine the software features needed to ensure CERN’s success in continuing to use NI tools. By working with CERN early on to learn about its upgrade requirements, NI was able to prioritize key deliverables and gain valuable feedback from CERN to increase the quality of support for 64-bit Linux.
“The EN-ICE Group appreciates the engagement of NI to develop 64-bit software for CERN in a collaborative way,” said Adriaan Rijllart, section leader of the EN-ICE Group. “This very successful initiative is paving the way for exemplary partnerships between fundamental research organizations and industry.”
Shelley Gretlein, director of platform software at NI said “NI is pleased to have advanced lead users like CERN apply their extensive Linux experience in helping NI continue to release leading-edge products.”
In 2014, LabVIEW 64-bit for Linux was officially released to the public. The support for this OS ensures that CERN, as well as a vast majority of other leading-edge research laboratories and projects around the world, can continue to benefit from the increased productivity of LabVIEW in an open and sustainable operational environment.
“NI values the significance and benefits of Linux and continues to invest in R&D to ensure the compatibility of customizable commercial off-the-shelf technologies with open-source platforms,” said Stefano Concezzi, vice president of the scientific research segment at NI.
NI and CERN are committed to accelerating scientific innovation and discovery. “The vision of NI and CERN overlap very much. That vision is to improve society with our technologies,” said Johannes Gutleber, a CERN staff member and senior scientist.
by Gary Mintchell | Dec 29, 2014 | Industrial Computers, Manufacturing IT, Networking, Operations Management, Security, Technology
During media interviews (more accurately mini-presentations) in November at Rockwell Automation’s media/analyst day “Automation Perspectives,” Sr. VP and CTO Sujeet Chand met with us individually along with several managers from Cisco Systems to discuss cyber security. This marks at least the third year where Chand’s role was to explain the Cisco/Rockwell relationship.
I’ve been thinking about the presentation for the past couple of weeks (OK, except for during Christmas). When they broached the idea of cyber security, I jumped to a conclusion about how thinking about security would lead engineers to more thoroughly thinking about their overall network leading to overall improvement in manufacturing.
What they seemed to be actually saying was much less than that. The message seems to have been about engineers should actually begin thinking about their network architecture.
Suddenly it dawned on me what the problem was that they were trying to solve. Automation engineers are evidently just cobbling together Ethernet networks in their processes and factories with no thought of network cyber security. But they will start—and buy some Cisco/Rockwell managed switches and security services. (Sorry, I don’t mean for that sound cynical. What they do is sell products and services to help their customers succeed.)
There has been NO thought to cyber security!?
They evidently thought that even with the several years of intense media coverage of security holes in SCADA and other processes engineers were still not taking security into account.
If that is true, then we truly need the new generation of computer/networking/security-savvy engineers (millennials?) now.
Thinking ahead
I know that one of my problems is jumping ahead. Companies will show me a new product, and I’ll immediately start thinking of all the uses and potential additions.
Any engineer who has not been building in some defense in depth and getting help from IT about security policies needs to be trained or replaced. We’ve known about this for at least five years.
Going back to re-engineer (or engineer intentionally for the first time) the factory network, should lead to significant improvements in the automation system, information flow, and ultimately manufacturing profits.
by Gary Mintchell | Dec 16, 2014 | Automation, Industrial Computers, Interoperability, Manufacturing IT, Operations Management, Software
OK, the title of this post is also the title of Schneider Electric Software Vice President Tim Sowell’s blog. I follow his blog closely. He offers deep thinking about operations management applications and the drivers, requirements and needs that affect their development.
In his latest post, he’s reflecting on both year-end planning and the evolution of what we have been calling MES.
He begins by noticing, “The labels we have used for years for products, spaces, and roles no longer mean the same thing. We rapidly find ourselves setting up a glossary of labels and what they will mean in 2020-25 in order to gain alignment.”
He starts with the label “MES”, but my involvement with the space goes back to 1977 and something called MRP II. So the evolution began before that, but it started to come together in 1990. “The label ‘MES’ was first introduced in 1990 to refer to a point application at a single site (typically Quality Management). Over the next 20 years, more functionality was added to MES to keep pace with Automation trends.”
MES Platforms, Schneider Electric Software
The next evolution Sowell dates from 2010-2015. There is the introduction of the term MOM which came from the work of ISA 95. Sowell also quotes the definition from Gartner Group in 2012, “For many, MES is no longer a point application, but a platform that serves a dual purpose: integrating multiple business processes within a site and across the manufacturing network, and creating an enterprise manufacturing execution capability.”
Looking at today and tomorrow, “As the industrial computing paradigm shifts to the Internet, the platform is now being leveraged for other assets distributed across the interconnected value chain while extending the rich optimization functionality via new applications to get more productivity in areas outside of manufacturing.”
The problems increasing gained complexity as the requirements moved from a single machine or line went to many lines in one plant to standards to compare across the lines of many plants. “It was then that I realized in the meetings internally I could not use the word MES generically and needed to become specific.”
Sowell rightly concludes, “It is much easier to avoid labels and define the situation scenario / role, and start the meeting or strategy session laying out the landscape for discussion, gain alignment on the ‘desired outcome’ and destination first, it makes it easier!!!!”
by Gary Mintchell | Dec 15, 2014 | Automation, Industrial Computers, Security, Technology
I have seen several industrial control systems entrants into the North American market. All thought they’d knock off market-leader Rockwell Automation. Several are still around. They have build nice businesses. They have not displaced Rockwell as the dominant PLC in the market.
But…Is there a vulnerability?
I recently heard from Bob Honor. I’ve known him for years. The last I had talked with him, he was given the unenviable task of organizing a sales force to sell MES solutions for Rockwell.
He has left Rockwell to co-found a new Industrial Control Systems (ICS) supplier. This platform is designed from the ground up as a secure platform. Rethinking the entire ICS paradigm, the Bedrock Automation team has built what it is calling a “new epoch of industrial automation.”
If you go to the Website and sign up for the email newsletter, I believe you will get a link to download a whitepaper that goes into some depth to explain the new design.
Here’s the introduction to the paper, “This white paper is the first in a series to outline a new epoch of industrial automation. All aspects of control system reliability, security and lifecycle cost have been rethought from first principles. The result is a new ICS platform we call Open Secure Automation. OSA delivers a user-centric renaissance of improved reliability, embedded security and lower cost.”
There are many interesting ideas in the platform and design. Perhaps I can get Bob or an engineer on the phone for a podcast interview after the first of the year. [Note: At no time did he tell me he was displacing Rockwell.]
Other competitors were (or thought they were) better, faster, cheaper at the same game.
Bedrock is attempting to change the game. Check it out and send me your thoughts. Is this enough of a game changer to disrupt the industry? For sure, I’ll be keeping an eye on developments.
by Gary Mintchell | Dec 9, 2014 | Automation, Industrial Computers, Internet of Things, Networking, Operations Management, Technology
Advantech announced at its Embedded World Partner Conference (WPC) that it would collaborate with Microsoft to build Asia’s first IoT WISE-Cloud (Wireless IoT Solutions Embedded, WISE) platform. Advantech and Microsoft will jointly develop solutions and products intended for the Internet of Things (IoT) with the aim of establishing a cloud application model.
Chaney Ho, Advantech President, said that in recent years, the applications for IoT have been widely established in people’s daily lives and work. Advantech not only established “Enabling an Intelligent Planet” as its corporate vision in 2012, it has been fully engaged in the development of Smart City and IoT technology from the beginning. In the course of its evolution, Advantech found that the embedded board is at the core IoT and so the development of all types of intelligent systems could naturally be realized for a diverse range of fields.”
Chaney further stated that Advantech is deepening its concept of the traditional IoT 3I (Instrumented, Interconnected and Intelligent) concept to develop an IoT cloud platform called WISE-Cloud by using comprehensive wireless networking technology. Moreover, in order to fully perceive the information collected (data) and then convert it into service and effectively apply it to business intelligence, Advantech collaborated with Microsoft at the Platform as a Service (PaaS) layer through the use of Advantech’s SusiAccess and Microsoft Azure.
Miller Chang, vice president of Advantech Embedded Core Computing Group stated, “WISE-Cloud cooperation by Advantech and Microsoft not only enhances enterprise management efficiency but also integrates various cloud service applications. In addition, there will be synergy through the various integrated cloud services, especially when used in business intelligence after data analysis.”
“Big data analytics and machine learning have created more possibilities for business application. Microsoft Azure provides computing and analysis service in the context of the Internet of Things and enables the IoT industry to move toward the intelligent industry via machine learning,” said Roan Kang, General Manager of M&O, Microsoft Taiwan. “The strategic alliance between Advantech and Microsoft Taiwan allows Advantech to use Microsoft Azure cloud platform to process comprehensive data gathered from SUSIAccess solutions. Moreover, by introducing machine learning as a service, Advantech can leverage the IoT to enable smart, value-added business applications, creating more business opportunities. This collaboration not only demonstrates that the combination of the IoT and cloud computing has reached a new milestone but creates a synergistic effect for both parties. Microsoft will provide consulting services to help the establishment of the WISE-Cloud platform while joining hands with Advantech to expand the global reach of the IoT application.”
Steve Teixeira, Director of Microsoft Program Management IoT Operating System Group, said: “Embracing IoT enables business to become truly data-driven in their decision making. Businesses can gain enormous new insights by ingesting device telemetry into the cloud, combining it with other relevant enterprise and industry data sets, and feeding it all into a rich analytics pipeline. As companies mature in their mastery of IoT, we them transition from operational efficiency gains through improved insights to competitive advantage through predictive analytics to business transformation by discovering new revenue opportunities in IoT.”
Enabling Technologies
Networking, especially Ethernet, is a backbone technology platform for the IoT. Advantech also plays in that market recently unveiling its ProView series of SCADA manageable Ethernet switches which are the convergence switches for process control and IT networking management.
The ProView range of switches use Modbus/TCP to communicate with the SCADA software and SNMP that communicates with the NMS (Networking Management System) at the same time, thereby allowing full read control over the devices either from control engineers or for IT administrator.
The ProView series of Ethernet switches come with fast Ethernet or Gigabit Ethernet and a variety of ports. The port-based QoS VIP port for deterministic data transmission allow the priority ports to control the data traffic for process control by tightening delay/jitter times. This is especially useful for process control networking such as I/O scanning data will be sent out ahead of other traffic (even if it has been received after the other traffic) through prioritization applied by VIP port connected to embedded computing.
To further enhance the benefits of the ProView series Ethernet switches, the highest quality components are used to enable an operating temperature range of -40 to 75°C along with EMS Level-3 protection to repel electromagnetic interface for industrial resistance therefore the ProView series of Ethernet switches are able to provide industrial grade reliability in the harshest of environments.
