It is nice to be back. Like riding a bicycle, there was no relearning required getting back into the trade show routine. Only difference for me was I drove from home (now in the northwest Chicago suburbs) in a little over an hour rather than the 4-1/2 hours from western Ohio.
There were many exhibitors. Fabtech is a metal working show with the addition of an additive manufacturing section. The show filled most of the south hall of McCormick, a big chunk of the north hall, a little of the east hall main floor, and most of the second level of the east hall for the additive technology show and conference.
I’ll be posting press releases of relevant companies later. I’ll summarize the experience here.
I learned in the additive hall that there are three major players—Markforge (which actually had a booth in the south hall), Essentium (where I got a half-hour with the CEO), and Stratasys (probably the first one I knew about a few years ago). These companies provide materials, machines, and software. Each has a slightly different emphasis from the others. I had a sense that they are beginning to get connected—as in connected to the rest of manufacturing and to the enterprise.
One company showed micro products. Tolerances of parts has gotten very good. I ran across the beginnings of “Manufacturing-as-a-Service” ideas. These machines being digital can and do collect amazing amounts of data.
Robots were my focus in the Fabtech part of the show. Especially cobots, where I spent some time in the Universal Robotics booth. Much more later, but the new thing with cobots is welding. An application previously reserved for the big six-axis machines, many welding applications are perfect for the smaller cobot. One company building on to Universal Robotics’ cobot claimed it could bring in a cobot welding system in the morning and have it in production after lunch. I believe them. I have seen how easy these are to set up and get started.
A company called Simpac builds presses. It has developed an XR application for iPads and similar devices that lets a tech virtually walk through the press, see through an exploded view to find the recalcitrant part, and then find part numbers of replacement parts. They’ve used it as a run-off, buy-off tool in these Covid reduced travel days.
Enterprise software was represented. I talked with the Epicor people. Wiser Systems has a location tracking product with an internally developed wireless mesh network. And automation companies Beckhoff Automation and Bosch Rexroth were also there. More in a later post.
Traffic was decent through the show floor. I don’t think many exhibitors were greatly disappointed, but they would have liked more traffic. With the first time back and Covid reappearing, I’d consider the show a success. But Covid has impacted a conference I was slated to speak at which is now going virtual. Oh, well.
Mining is not my forte, but it is for ABB. The company has sent several updates to it mining process automation and electrification portfolio. If you are not thinking about where you can add electrification to your processes, you may be behind the curve.
The news in summary:
- eMine comprises a purposeful approach, method and integrated portfolio of electrification and digital systems designed to accelerate the decarbonization of the mining sector
- ABB is also piloting ABB Ability eMine FastCharge, the world’s fastest and only fully automated charging system for haul trucks, offering up to 600kW of power
- eMine can reduce diesel consumption by up to 90 percent while haul trucks are on an electric trolley system
ABB launched ABB Ability eMine, a portfolio of solutions that will help accelerate the move towards a zero-carbon mine. ABB also unveiled the piloting of the groundbreaking ABB AbilityeMine FastCharge, the world’s fastest and most powerful charging system, designed to interface with all makes of electric mining haul trucks.
eMinecomprises a portfolio of electrification technologies which makes the all-electric mine possible from mine to port and is integrated with digital applications and services to monitor and optimize energy usage. It can electrify any mining equipment across hoisting, grinding, hauling and material handling. From 2022, it will include new ABB AbilityeMine FastCharge which provides high-power electric charging for haul trucks and is currently in pilot phase. It also incorporates the ABB Ability eMine Trolley System which can reduce diesel consumption by up to 90 percent, significantly lowering energy costs and environmental impact.
“The global mining industry is undergoing one of the most significant and important transformations of our generation – and that is to become zero-carbon,” said Max Luedtke, Global Head of Mining at ABB. “ABB Ability eMine is an exciting milestone to help convert existing mining operations from fossil fuel energy to all-electric. Mines can become even more energy efficient with vastly reduced levels of CO₂ emissions, while at the same time staying competitive and ensuring high productivity.”
“We are celebrating 130 years in the mining industry and decades in the electrification of mining equipment,” added Mehrzad Ashnagaran, Global Product Line Manager, Electrification and Composite Plant. “Today we are extending our engineering capabilities and investment to electric transport, to bring new solutions to meet the growing demand of our customers. Besides the environmental benefits, fuel price volatility, making electricity more cost competitive, and legislation are driving the move to electric-powered mines. ABB not only understands these requirements, but we can also equip the industry to meet them.”
eMine FastCharge can serve as a cornerstone of the transition to fully electrified mines across the industry. This flexible and fully automated solution is being designed for the harshest environments, can be installed anywhere and can charge any electric truck without human intervention at up to 600kW, the highest power available on today’s market to minimize the downtime of mobile assets. Charging time will depend on the battery capacity onboard the haul truck and the operational profile, however in many instances a suitable state of charge could be reached within 15 minutes. With eMine, ABB is extending its capabilities to the electrification of mining trucks and technologies for the full mining process.
eMine provides integral design planning and thinking to maximize the value of electrification, helping to design the hauling process in the most optimized way with electrical solutions that match mine constraints and help meet production targets. ABB helps mine operators map their journey towards an all-electric mine from phasing out diesel to embedding a new mindset and new team skills. By fully integrating electrification and digital systems from the mine to the port, eMine further reduces overall costs and improves mine performance while significantly lowering environmental impact.
It seems as if everything can be as-a-Service these days, now even robotics. Formic Technologies launched recently with a simple value proposition: hire fully customized robots from top vendors at a low hourly rate and no upfront cost. To help small and medium-size manufacturers benefit from automation, Formic handles every aspect of a financing and deployment—from scoping, engineering, purchasing, implementation, and maintenance. The company also guarantees uptime, with customers paying nothing for system downtime.
Purchasing robotics can be expensive and a capital expense rather than an operational expense. This results in a barrier to entry for smaller manufacturers dissuading them from deploying automation altogether.
“We started Formic because we saw all that automation can do, and we wanted to provide a way for any manufacturer to easily adopt automation in a simple, risk-free, and on-demand way,” said Saman Farid, CEO and co-founder. “With Formic’s fundamentally different approach to financing and deployment, manufacturers can do more with automation without high costs or a lengthy and complicated purchasing and deployment process.”
Formic’s model was designed to systematically remove every barrier to entry, allowing manufacturers to deploy automation efficiently and cost effectively. Testing shows that Formic’s deployments are 50% faster than traditional approaches and save customers 42% on their operating expenses from the first day.
According to Farid, an engineer and robotics start-up investor who founded Formic with former Universal Robots salesperson Misa Ikhechi, a unique combination of products and services make Formic’s model possible:
- Systematized deployment processes
- In-house equipment financing
- Formic-designed solutions featuring products from leading robotic vendors such as Universal Robots, Fanuc, and ABB
“We came to the conclusion that what manufacturers needed was not any specific new technology, but a better way to access the technology that would best meet their needs,” Farid said. “Formic offers that access at a fraction of the cost or energy, as Formic takes on the heavy lifting.”
When AutomationDirect was PLCDirect and control platforms were developing with much technical development and innovation, I visited the company and its control developer in Knoxville, TN frequently. They were adding Ethernet and IT technologies. Great times. Then that part of the industry matured and AutomationDirect became a master electrical and automation distributor, while still keeping a foot in the automation development door.
This information came to me last week. Given all the interest in automation and sensor and OPC to the cloud, I thought this was interesting. AutomationDirect here discusses the PLC as an integral part of a cloud-based system. Good for them.
PLCs can now be directly integrated with cloud-based computing platforms, empowering end users and OEMs to quickly and easily add IIoT functionality to their systems.
Damon Purvis, PLC Product Manager at AutomationDirect, wrote an article for the August 2021 edition of Machine Design. The article is titled Modern PLCs Simplify Cloud-Based IIoT and it talks about how the newest BRX PLCs can securely connect directly to the leading cloud platforms from AWS, Microsoft, and others.
Industrial automation systems created by end users and OEMs have long had some IIoT data connectivity capabilities—but getting to this data and working with it has often been a chore, prohibitively expensive, or both.
Cloud computing options have eliminated many of these barriers, providing a cost-effective way to deploy and scale up IIoT projects. This is especially the case now that the BRX PLC can connect natively to cloud services, without requiring intermediate layers of processing.
Cybersecurity has been a frequent topic lately at The Manufacturing Connection. Bedrock Automation founders built on a secure chip set as a foundation for an Industrial Control System (ICS) that is secure in many ways. Founder and CEO Albert Rooyakkers has devoted hours explaining the details and nuances of the many ways the product is nearly invincible. (He would take issue with my qualifying word.) This case study offers a few details about a utility bolstering its defense with an upgrade to Bedrock control platform.
A Colorado utility is transitioning legacy PLCs and RTUs to the intrinsically secure Bedrock OSA (Open Secure Automation) platform. The transition is part of a multi-year automation upgrade plan, which utility management saw as an opportunity to deepen its cyber security protection while also modernizing its controls.
“Like most other public utilities, we must adapt to an ever-changing world and that includes cyber security. We’ve always had robust physical security and required usernames and passwords for access to critical systems and controls, but we saw the world around us changing quickly. Many of today’s automation technologies are not as secure as they could be because they were developed long before security was a major issue in the industry. Most of the security added to them was an afterthought,” said Shay Geisler, I&C Administrator for Colorado’s East Cherry Creek Valley (ECCV) Water & Sanitation District.
ECCV’s legacy control architecture involved SCADA software that is housed on a dedicated Windows desktop or server along with a communications driver, in this case, an OPC Server that speaks to the PLCs via legacy protocols. Each ECCV upgrade target was using two PLCs to concentrate field data for use by the plant SCADA system, which had also been upgraded to a more secure version.
“We knew security could not be limited to the SCADA software only. There were too many downstream systems and assets that, if left untouched, would present a huge vulnerability. We determined that the vast majority of these potential vulnerabilities could be solved by addressing the PLC and SCADA communications system,” said Geisler.
Securing SCADA and control networks
Geisler and his team concluded that the most secure and cost-effective approach would be to connect the SCADA network and control networks with a secure communications channel. Fully implementing this, however, would have required ripping and replacing their entire system immediately, which would have been costly and required significant disruption. Instead, working with automation supplier Process Control Dynamics and system consultant RSI Company, they adopted a phased-in approach using secure Bedrock OSA Remote control units as proxy servers to enable transition ultimately to a full Bedrock platform.
“We are slowly upgrading the remote sites that have been serviced by legacy data concentrators, one-by-one as we convert each to use the secure Bedrock controller. The new controllers at the remote sites bypass the legacy concentrators and now report directly to the Bedrock proxy. Once all sites are converted, we will remove the legacy concentrators,” said Russ Ropken, with RSI Company, the system integrator who developed the architecture that enabled the seamless transition.
The ultimate result is secure, certificated communications from the SCADA software down to the Remote PLCs/RTU. The Bedrock OSA Remote proxy units will switch over to a peer-to-peer network of infinitely scalable secure Bedrock control units connected by an encrypted radio network.
ECCV already has field data running through 12 of its target sites, with some 74 left to go. For more details, including the architecture of each phase, download the case history here.
This reminds me of other technologies I’ve seen transition from few users to industry standard seemingly overnight. This latest survey from Nozomi Networks and SANS Institute finds industrial organizations are leveraging the cloud as they mature cybersecurity defenses and prioritize control system reliability. However, threats remain high and are growing in severity. In response, a growing majority of organizations have significantly matured their security postures since the last SANS OT/ICS survey in 2019. From the report: In spite of the progress, almost half (48%) don’t know whether their organizations had been compromised. The Nozomi Networks-sponsored survey echoes Nozomi Networks’ own experiences with customers worldwide.
“It’s concerning to see that nearly half of this year’s survey respondents don’t know if they’ve been attacked when visibility and detection solutions are readily available to provide that awareness,” said Nozomi Networks Co-founder and CPO Andrea Carcano. “Threats may be increasing in severity, but new technologies and frameworks for defeating them are available and the survey found that more organizations are proactively using them. Still, there’s work to be done. We encourage others to adopt a post-breach mindset pre-breach and strengthen their security and operational resiliency before an attack.”
Cyber threats to OT environments continue to rise and threat severity is at an all-time high.
- Most respondents (69.8%) rated the risk to their OT environment as high or severe (up from 51.2% in 2019).
- Ransomware and financially motivated cybercrimes topped the list of threat vectors (54.2%) followed by nation-state sponsored cyberattacks (43.1%). Unprotected devices and things added to the network came in third (cited by 31.3% of survey respondents).
- Of the 15% of survey respondents who indicated they had experienced a breach in the last 12 months, a concerning 18.4% said the engineering workstation was an initial infection vector.
- Nearly half of all respondents (48%) did not know whether their organizations had been compromised and only 12% were confident that they hadn’t had an incident.
- In general, external connections are the dominant access vector (49%) with remote access services identified as the most prevalent reported initial access vector for incidents (36.7%).
This year’s survey found most organizations are taking ICS threats seriously and making solid progress in maturing their security postures to address them. Over the last two years organizations have improved monitoring and threat intelligence capabilities. They are moving away from traditional indicator-based defense capabilities and moving toward threat hunting and hypothesis-based security models. They’re also focusing on data loss prevention.
- 47% say their control system security budget increased over the past two years.
- Almost 70% have a monitoring program in place for OT security.
- 51% say they are now detecting compromises within the first 24 hours of an incident. The majority say they move from detection to containment within 6 to 24 hours.
- 9% have conducted a security audit of their OT/control systems or networks in the past year and almost a third (29.5%) have now implemented a continual assessment program.
- 50% say they have vendor-provided ICS-specific threat intelligence feeds and there is less reliance (36%) on IT threat intelligence providers.
- OT SOC adoption is up by a sharp 11% from 2019 to 2021, re-emphasizing the focus away from traditional indicator-based defense capabilities and more toward a threat hunting and hypothesis-based security model.
- Data loss prevention technologies also saw a sharp increase in deployment (11%).
- As process reliability becomes a top concern, 34% say they’re implementing zero-trust principles and an additional 31% say they plan to.
ICS is Getting Cloudy
Adoption of cloud-native technologies and services transformed the IT industry. This year’s survey found similar impacts are also beginning to be felt in the OT environment.
- 1% of all survey respondents indicate they are using some cloud-based services for OT/ICS systems.
- Almost all (91%) are using cloud technologies to directly support ICS operations (combining remote monitoring configuration and analysis; cloud services supporting OT; and remote control/logic).
- All respondents using cloud technologies are using cloud services for at least one type of cybersecurity function (company NOC/SOC, business continuity and MSSP support).
- Respondents consider cloud assets relatively secure, with only 13% of responses classifying them as risky.
To learn more about the latest trends in OT/ICS cybersecurity:
• Download A SANS 2021 Survey: OT/ICS Cybersecurity
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)
• Here are a few responses to questions about the report:
1 What were the most surprising things you found in the report?
Chris Grove – Technology Evangelist – Nozomi Networks
Positive: It was a pleasant surprise to see that a large group of respondents (40.1%) have embraced cloud-base services. It’s a trend that Nozomi Networks has seen in the field and one that we have responded to with our own cloud-based security offerings. As Industrial and critical infrastructure organizations embrace IoT and converge their OT and IT efforts, they must be able to protect thousands of devices quickly and cost-effectively from threats in real-time and ensure ongoing operational resilience. Cloud-based technologies make that possible. It’s also encouraging to see the majority are confident in the security of their cloud assets. We believe ICS organizations will continue to adopt cloud technologies and the adoption of cloud-base security solutions will grow significantly over the next few years.
Negative: It’s alarming to see that detection and response is still a significant issue for organizations. In fact, the problem seems to have grown since the previous survey (48% of survey participants did not know whether they’d had an incident vs. 42% in 2019). Solutions are available to address this problem and adopting them should be a top priority.
Mark Bristow – Author – A SANS 2021 Survey: OT/ICS Cybersecurity
I found three things particularly striking in the report results.
● The level of adoption of cloud technologies for operational outcomes was striking. Two years ago, cloud adoption was not being seriously discussed and now 49% are using it.
● Incident visibility and confidence is not high. 48% of respondents could not attest that they didn’t have an incident. A further 90% of these incidents had some level of operational impact.
● 18% of incidents involved the engineering workstation. This is a critical piece of equipment and having this involved in so many incidents is troubling.
2 What are three things you think ICS operators need to focus on moving forward to protect themselves?
Chris Grove, Nozomi Networks: Considering Ransomware is such a pervasive issue; it might be a first concern for many operators. Starting off with some tabletop exercises, operators would be able to identify areas where improvements can be made. Typically, one area that gets highlighted is the need for a systematic risk assessment that details likely points of entry and identifies ways to harden the target. Sometimes this is in the form of patching, network segmentation, policies, procedures, etc. In almost all cases, increased visibility makes everything easier to manage. From having a detailed asset inventory, to monitoring network traffic patterns, to inspecting traffic for attacks or operational anomalies…. visibility is a crucial component of successfully defending operations. Finally, the third and final thing that operators should consider is Consequence Reduction. As part of a post-Breach mindset, operators should consider the fact that eventually the attackers will breach the perimeter, and one should be prepared for that day. How do we limit the blast radius of the attack? How do we hold them at bay, and subsequently eradicate them from the system? How do we carefully maintain, safely shutdown, or restore operations potentially affected by the breach? These are tough questions to be asked before that day comes.
Mark Bristow, SANS:
· It’s great that we now have monitoring programs in place, but we are still mostly looking at the IT aspects of our OT environments. We need to be correlating our IT and OT security telemetry as well as process data to truly understand potential impacts to safety and operations.
· Focus on fundamentals. Too many respondents do not have a formal program for asset identification and inventory. Without this foundational step, further security investments may be invalid or misplaced.
· Ransomware is a huge risk, but it’s not one that is specifically targeting ICS. A malicious actor who is specifically targeting your ICS environment will not be as blunt or noisy as ransomware is, and we are struggling to defend against ransomware.