Before the Industrial Internet Consortium changed its name (Industry IoT Consortium) I had two news items from it. The first is a Networking Framework publication and the second a definition for trustworthiness in cyber-physical systems. They both appear to be worthwhile additions to the state of the art.
IIC Defines Trustworthiness for Cyber-Physical Systems
The IIC has published IIoT Trustworthiness Framework Foundations. This foundational document explains the key concepts and benefits of trustworthiness in context, relating it to the real-world supply chain and offering model approaches. Trustworthiness is essential to government and commercial organizations with cyber-physical systems impacting the safety and well-being of people and the environment. These systems include industrial control systems and almost all systems that use digital technology to sense or affect the environment.
“Trustworthiness, and confidence in that trustworthiness, are an essential aspect of cyber-physical systems,” said Marcellus Buchheit, President & CEO, Wibu-Systems USA, a Co-Chair of the IIC Trustworthiness Task Group and one of the authors of the document. “Inattention to trustworthiness can lead to loss of human life, long-term environmental impacts, interruption of critical infrastructure, or other consequences such as disclosure of sensitive data, destruction of equipment, economic loss, and reputation damage,” continued Buchheit.
The IIoT Trustworthiness Framework Foundations document defines trustworthiness as a combination of security, safety, reliability, resilience, and privacy and the tradeoffs made among them in the face of environmental disturbances, human errors, system faults, and attacks. Ultimately, trustworthiness depends on the strategic intent and motivation of an organization, particularly its top management, to create and operate systems that inspire trust by partners, customers, and other stakeholders, including the community.
“Trustworthiness is the degree of confidence one has that a system performs as expected. It requires an understanding of the system, including interactions and emergent properties,” said Frederick Hirsch, Strategy Consultant, Upham Security, Co-Chair of the IIC Trustworthiness Task Group, and one of the authors of the foundational document. “In the digital world, trust and trustworthiness are achieved by understanding and addressing concerns related to the trustworthiness characteristics appropriately for the context of the entire system. Providing evidence of this can give others confidence.”
IIoT stakeholders will make different decisions and tradeoffs depending on the nature and or industry of the system. “Concerns in a factory are not the same as those for a hospital operating room,” said Bob Martin, Senior Principal Engineer, Cyber Solutions Innovation Center, The MITRE Corporation, Co-Chair of the IIC Trustworthiness Task Group, one of the authors of the document. “Designers must understand the many considerations involved in defining the appropriate trustworthiness implementation, including the supply chain, assembly, operation, and maintenance of a system.”
The IIoT Trustworthiness Framework Foundations document builds on the Industrial Internet of Things Security Framework (IISF). It is part of the IIC’s Industrial Internet Reference Architecture (IIRA), which provides an architectural framework of Industrial IoT Systems.
You can find IIoT Trustworthiness Framework Foundations and a list of IIC members who contributed to it here. Watch a short overview video. Register for the webinar, Ensuring Trustworthy Industrial Systems on September 1, 2021 at noon PST or 7:00 pm PST.
IIC Publishes IIoT Networking Framework
The IIC announced the Industrial Internet of Things Networking Framework (IINF) publication. The framework guides IIoT stakeholders on designing and developing the appropriate networking solutions to enable industrial IoT (IIoT) applications and stimulate industrial digital transformation. It details the requirements, technologies, standards, and solutions for networking that support diverse applications and deployments across a broad range of IIoT sectors and vertical industries.
“An underlying network is the foundation of any IIoT solution. It includes technologies at the network layer and below as well as related capabilities for management and security,” said David Lou, Co-chair, IIC Networking Task Group, Chief Researcher, Huawei Technologies, and one of the primary authors of the framework. “An underlying network enables the exchange of data and control and forms the basis of digital transformation across industries.”
The framework serves as a guideline and toolbox for IIoT networking solution stakeholders who design, develop, deploy, or operate the solutions and end-users in many industries trying to network their assets or products.
“IIoT applications span a range of industrial sectors as well as business, usage, deployment, and performance perspectives,” said Jan Holler, Co-chair IIC Networking Task Group, Research Fellow, Ericsson, and one of the primary authors of the framework. “The IINF helps organizations sort through numerous networking technologies to ensure interoperability across industry sectors. It answers the fundamental question, ‘How do I design, deploy, and operate a successful networking solution for my industrial IoT applications?'”
The IINF includes use cases from several industrial sectors, including smart factories, mining, oil & gas, and smart grid, to illustrate the diversity of networking considerations. Networking technologies and standards are covered in-depth to help organizations address their concerns and technical requirements. Finally, the IINF includes best practices for IT architectural blueprints.
Remember Time Sensitive Networking (TSN)? A couple of years ago touted as a breakthrough Ethernet technology useful for many things including audio-visual and industrial. Then things went a little quiet. Some people I knew bailed out. Last week the Avnu Alliance announced leading network component companies have joined together to advance TSN interoperability.
Avnu Alliance, the industry consortium driving open, standards-based deterministic networking, announces a new initiative to drive alignment on TSN interoperability in the network ecosystem. In the Silicon Validation Task Group, silicon and IP companies including Analog Devices, Intel, Keysight Technologies, Microchip, NXP Semiconductors, Texas Instruments, and TTTech will work together to ensure that the TSN features of various profiles interoperate.
Avnu has a history of providing a successful framework for industry stakeholders to collaborate to advance TSN. This task group will allow competitors to work together to develop a testing ecosystem for silicon and IP products’ TSN capabilities at the component (and supporting software) level. Group members will collaborate on activities such as developing test plans, creating validation tools, and hosting plugfests.
The members of the Silicon Validation Task Group have come together in recognition of the fact that interoperability is required at the silicon level to enable specialization further up the stack. TSN applications span markets including ProAV, automotive, industrial manufacturing, and aerospace. Base interoperability at the component level facilitates device interoperability across various applications and profiles, including IEEE/IEC 60802 for industrial and IEEE 802.1BA for ProAV as well as future profiles that are in development.
“As an active developer of TSN technology innovation at the silicon and system level for many years, NXP is pleased to work with our counterparts in the Silicon Validation Task Group to help craft a common set of standards for TSN,” said Jeff Steinheider, senior director and general manager, industrial edge, at NXP. “This collaboration and the associated standards will help developers take advantage of TSN’s full potential across the spectrum of related applications.”
“We consider an open, cross-industry standard like TSN as an essential basis for successful industrial automation projects. Interoperability at the silicon level ensures that customers have more choice and flexibility when digitalizing their production. As more companies and industries start using TSN, the huge benefits of interoperability increase – we can already see that in the plastics industry where the EUROMAP 79 standard specifies using TSN as the networking technology for injection molding machines,” says Thomas Berndorfer, member of the executive board, TTTech Industrial.
“Software, applications and profiles can all be tailored to specific use cases, but they need a stable network foundation to build on top of,” says Greg Schlechter, president of the Avnu Alliance. “The Silicon Validation Task Group includes key market players who can identify what TSN interoperability means for basic network components, and how we can get interoperable products to market.”
The Silicon Validation Task Group’s efforts will allow silicon vendors to achieve better economies of scale for TSN products. By providing a roadmap to verify base TSN capabilities in a common way independently from profile or application, the Silicon Validation Task Group will enable silicon providers to develop products for a broad customer base.
“Ethernet’s universal success is centered around standards-based, interoperable silicon,” says Tom Weingartner, product marketing director for the industrial Ethernet technology group at Analog Devices. “As silicon providers, we are coming together to ensure this next generation of Ethernet with TSN is equally successful across the spectrum of silicon solutions.”
Interoperability at the silicon level gives TSN the flexibility for technological advancements from one market to cross-pollinate to others. TSN capabilities developed for industrial applications could eventually be adopted by ProAV, for example, or real time media distribution methods created for ProAV could benefit Industry 4.0. This cycle of innovation has been key to Ethernet’s expansion beyond its original applications. As TSN becomes simply another capability of the standard network ecosystem silicon components should support capabilities coming online across industries.
“Ensuring interoperability at the silicon level makes it possible for product designers to focus on value-added system design,” says Douglas Anderson, product marketing manager for Microchip Technology’s USB and networking business unit.
“We see potential for TSN across several of our markets,” says Dieter Cohrs, real time capability manager, Internet of Things group, Intel. “This effort of the component industry working together to further interoperability, starting at the silicon level will help the overall ecosystem in all of the markets using TSN.”
“Having a reliable network foundation is a real asset to product development,” says Marc Chutczer, vice president of research and development for Meyer Sound. “We can’t predict every future requirement, but access to interoperable silicon will speed up development time and will broaden the reach of Avnu-based interoperable solutions.”
This announcement signals the beginning of what may be the “killer app” for 5G cellular. Or, it may be just another network in your tool box. Orange and Nokia announced the deployment of a 4G/5G private network combined with network slicing at Schneider Electric’s plant in Le Vaudreuil, France. Network slicing is a key feature for the management of end-to-end 4G/5G quality-of-service and security of industrial processes, operations and applications in Industry 4.0.
Nokia has been selected by Orange to build a sliced 4G/5G private network for a modern industrial environment, providing reliable, scalable and sustainable connectivity solutions for industrial use cases.
Nokia’s slicing solution supports existing LTE, 5G Standalone (5G SA) and 5G Non Standalone (5G NSA) devices and also includes domain controller software in RAN, core and transport layers to enable full slice connectivity. The slice continuity between LTE and 5G NR allows Orange and Schneider Electric to operate a state-of-the-art indoor network in an industrial setting. With this solution, both partners continue to implement and test the management of the different priorities, performance, and security capabilities adapted to their innovative use cases, while optimizing network resources.
As a global network-native digital services company with dual expertise of both an operator and end-to-end integrator, Orange Business Services offers its industrial customers a complete portfolio: Mobile Private Networks (MPN) built on private infrastructures, virtual MPNs on the public network and hybrid MPNs combining private and public infrastructures. The choice of architecture is made to best meet the security, performance and resiliency requirements of the business customers’ use cases both on and off the industrial campuses, as well as to optimize costs.
Arnaud Vamparys, Senior Vice President Radio Networks at Orange Innovation and 5G Champion, said: “Thanks to Nokia’s advanced slicing technology, Orange is able to further explore with Schneider Electric the power of scalable private 4G/5G connectivity applied to industrial uses.”
Tommi Uitto, President of Mobile Networks at Nokia, said: “With Nokia’s network slicing solution, Communication Service Providers and Enterprises can enjoy first to market advantage through the early launch of new slicing services, for all end-users equipped with 4G or 5G devices. As a long time innovation partner, Nokia is delighted to achieve this first with Orange in an industrial manufacturing environment.”
Chris Grove, security strategist for industrial control systems (ICS) for Nozomi Networks Labs, recently talked with me about the latest research they’ve conducted. The important takeaways concern the rise of ransomware, increased targeting of industrial control systems, and (surprisingly to me) vulnerability of networked security cameras.
The report finds attacks are driven largely by the emergence of Ransomware as a Service (RaaS) gangs that are cashing in on critical infrastructure organizations. Analysis of rising ICS vulnerabilities found critical manufacturing vulnerabilities was the most susceptible industry while a deep dive into IoT security cameras highlights how quickly the attack surface is expanding.
“Colonial Pipeline, JBS and the latest Kaseya software supply chain attack are painful lessons that the threat of ransom attacks is real,” said Nozomi Networks Co-founder and CTO Moreno Carullo. “Security professional must be armed with network security and visibility solutions that incorporate real time threat intelligence and make it possible to quickly respond with actionable recommendations and plans. Understanding how these criminal organizations work and anticipating future vulnerabilities is critical as they defend against this unfortunate new normal.”
Nozomi Networks’ latest “OT/IoT Security Report,” gives cybersecurity professionals an overview of the OT and IoT threats analyzed by Nozomi Networks Labs security research team. The report found:
- Ransomware attacks rose 116% between January and May of 2021.
- Average ransom grew 43% to $220,298 – with payments expected to reach $20 billion this year
- Analysis of DarkSide, REvil and Ryuk highlight the growing dominance of RaaS models
- REvil set a new record for ransom demands, surpassing $50 million – the infamous RaaS also successfully executed a supply chain attack – tactics typically only seen from sophisticated nation-state actors.
- ICS-CERT vulnerabilities increased 44% in the first half of 2021
- Vulnerabilities in the critical manufacturing sector rose 148%
- The top 3 industries affected included critical manufacturing, a grouping identified as multiple industries, and the energy sector
- Software supply chain-related vulnerabilities continue to surface – as do medical device vulnerabilities
- With more than a billion CCTV cameras expected to be in production globally this year, insecure IoT security cameras are a growing concern. The report includes an analysis of the Verkada breach and security vulnerabilities in Reolink cameras and ThroughTek software – discovered by Nozomi Networks Labs.
“As industrial organizations embrace digital transformation those with a wait and see mindset are learning the hard way that they weren’t prepared for an attack,” said Nozomi Networks CEO Edgard Capdevielle. “Threats may be on the rise, but technologies and practices to defeat them are available now. We encourage organizations to adopt a post-breach mindset pre-breach and strengthen their security and operational resiliency before it’s too late.”
Security of networks and compute platforms will continue to be news for quite some time. After all, Putin didn’t agree to terminate all hacking emanating from Russia (surprise). But according to my firewall statistics, I’m hacked from a large number of geographic sites, and I’m just a blog site! This news came to me. Typical of security news, there are superlatives and claims that I have not been able to verify. The gist is that there is an attempt to bring OT and IT together in a secure network.
Tenable.ot showcased in Deloitte’s Smart Factory at Wichita initiative, providing its industry-leading capabilities for securing today’s modern OT environments
Tenable Inc. the Cyber Exposure company, announced a strategic collaboration with Deloitte to accelerate and secure smart manufacturing across Fortune 500 environments. Tenable and Deloitte have developed and implemented industrial-grade security solutions to help organizations understand, manage, and reduce cyber risk in their manufacturing environments around the world.
According to a smart factory study from Deloitte and Manufacturers Alliance for Productivity and Innovation, eighty-six percent of manufacturers believe smart factories will be the main driver of competitiveness in the next five years. These modern environments represent a massive business opportunity, but they also contribute to an expansive and converged attack surface of legacy information technology (IT) and new operational technology (OT). Increasingly, boards of directors and executives consider OT security a top business priority and risk. As such, smart factories require strategic, risk-based vulnerability management to defend and secure mission- and safety-critical systems.
Deloitte’s ecosystem for smart manufacturing provides organizations with greater speed, scale and security over their digital transformation initiatives. By deploying Tenable.ot — the industry’s first unified solution for securing IT/OT environments — as part of a secure-by-design model, joint customers benefit from unmatched visibility and control over their converged industrial environments, with advanced threat detection and mitigation to identify weak points before an attack ever occurs.
“Make no mistake, industrial environments run the global economy. They build, power and protect the world around us. Ensuring these smart factories are secure by design is paramount,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “Strategic cybersecurity must be foundational to all smart factory initiatives. Without it, you’re building on pillars of sand. Securing modern, converged environments requires unified visibility across both IT and OT assets. We’re very excited to collaborate with Deloitte to do just that for customers around the world.”
In addition to the existing deployments around the world, Tenable.ot will also be showcased in Deloitte’s Smart Factory @ Wichita initiative — a 60,000-square-foot immersive experience equipped with the latest smart factory advancements — designed to demonstrate how manufacturers can embrace digital transformation in a secure, scalable way. In the facility opening this fall, joint customers will experience the power of a unified, risk-based view of their IT and OT environments, arming them with the visibility, security and control required to secure Industry 4.0.
“The Smart Factory at Wichita is designed to explore the full range of innovation with Industry 4.0 technologies and maintaining cybersecurity is a critical piece to the manufacturing life cycle,” said Stephen Laaper, principal, Deloitte Consulting LLP. “With Tenable onboard as a builder sponsor, clients walking through the doors of the Smart Factory will have the ability to experience a secure industrial environment and can take solace in knowing critical organizational data is protected by a top leader in the industry.”
Last year’s edition of Apple’s Worldwide Developer Conference (WWDC) was filled with hype about AT&T and 5G network. Pundits received 5G-enabled iPhones and were less than impressed with the speed boost. This year’s WWDC was devoid of 5G hype. My response to the hype was that a little faster speed for iPhones was the least of 5G benefits. Despite the hype from other areas, I believe that before long industry will be building out 5G without extra thought. Sort of like 15 years ago when we suddenly went from talking about the potential of Ethernet in manufacturing to simply accepting it as the best solution for many networking applications.
This news from Betacom shows how we’ll slowly build out the tech until suddenly it’s everywhere.
Wireless pioneer Betacom, longtime design and deployment partner for the world’s leading telecommunication companies including AT&T, T-Mobile, and Verizon, has introduced the industry’s first fully managed private 5G network service. US enterprises now have access to cost-effective, high-performance 5G networks designed, deployed, and managed by one of the most trusted names in wireless networking.
Network design, deployment, and management for the new service — which provides similar cost to and higher reliability, performance, and security than Wi-Fi — is conducted by Betacom through its world-class Network Operations Center (NOC), hosted on Microsoft Azure. BEnterprise customers own their networks and maintain local control of their data.
Private 5G Services Accelerating
In recent months, private 5G networks have become increasingly prevalent, especially with the advent of new shared-spectrum connectivity options that expand enterprise access to wireless networks. In fact, industry experts agree that private 5G networks offer a more secure and higher performance environment than other networking options such as Wi-Fi or even Wi-Fi 6.
A recent survey from TECHnalysis Research shows that 53% of US enterprises are planning to add private wireless networks — more than will be expanding Wi-Fi or upgrading to Wi-Fi 6. As Bob O’Donnell, president & chief analyst at TECHnalysis Research said, “Clearly, the buzz around 5G has created enough excitement and interest for the technology that IT managers and other tech leaders at companies of all sizes are eager to leverage it. Generally speaking, 5G and cellular networks in general are seen as having better security than unlicensed networks and, in some cases, lower latency, which can be critical for things like manufacturing environments.”
Long History of Wireless Innovation
Unlike others in the emerging Private 5G market, Betacom has a long and successful history of wireless deployments in mid-to-large enterprises leveraging carrier-class equipment and expertise to meet users’ most pressing connectivity needs. Having completed more than 800 design and deployment projects, Betacom inspires confidence among those who have worked closely with the company in the past.
“Today’s announcement is the culmination of years of planning, testing and collaboration with our telecommunications partners and their customers, all of whom clearly see mutual benefits in the addition of the first fully-managed Private 5G network service to the growing number of stand-alone offerings in the market today,” said Johan Bjorklund, CEO of Betacom. “Our long experience in this market, our unmatched national presence and the technological advancements represented by our cloud native NOC that delivers full services and security all give us and our customers significant advantages in realizing the promise of 5G, owned by them and operated by us. We look forward to leading the way in this exciting new space.”
Betacom offers the first fully managed private 5G network, building on its long history as the primary outdoor and indoor DAS vendor to AT&T, T-Mobile, and Verizon. Founded in 1991 and headquartered in Bellevue, Wash., the company has offices in Seattle, Portland, San Francisco, Los Angeles, San Diego, Phoenix, Boston, Charlotte, Jacksonville, Orlando, Tampa, Miami, Mobile, New Orleans, Dallas, Austin, San Antonio, and Houston. Its private 5G wireless service is the first managed service of its kind in the United States.