Shields Up Against Cyber Attacks Due to War in Ukraine

At the start of the Ukraine conflict, CISA issued a “Shields Up” alert to all critical infrastructure in an effort to stave off potential cyber attacks from Russia. 6 months later, the proverbial “shields” are still up but is the U.S. critical infrastructure more secure because of it?

I was wondering if I should have more security than I have being a manufacturing and industrial site. Indeed I saw a sharp peak of hits from Russia and Ukraine at the outset of the war. But it was only a blip. But what if I weren’t a media site but a critical infrastructure site?

Security information comes at me faster than to my friend Greg Hale who specializes on the subject at Industrial Safety and Security Source. Recently I talked with Ron Fabela, CTO of critical infrastructure cybersecurity firm, SynSaber. This company is working directly with operators across oil & gas, electric, water infrastructure and nuclear to maintain a “Shields Up” posture.

More than six months has passed since the initial flurry of war and increased cyber attacks in the US. I wondered what the state of “Shields Up” was these days. Have we kept up the urgency? Or have we learned to live with it?

Rob suggested that astute executives should have used the directives to get some much needed budget. He pointed out that one cannot sustain a high alert indefinitely. And that IT and security executives should not over hype the situation. Still, when attention is suddenly focused on a risk area, it makes sense to lay a plan and ask for budget to implement strategies. Plus, sometimes the government brings money with its directives, something that is always a big help.

Expanding on the topic, like its peers, SynSaber initiated a study to discover what reported Common Vulnerabilities and Exposures (CVEs) could tell us from the 681 CVEs reported via the Cybersecurity and Infrastructure Security Agency (CISA) ICS Advisories in the first half of 2022.

Breaking up the reported CVEs into remediation categories (i.e., can it be patched with software, a firmware update, or something more complex requiring protocol or whole system changes) or taking a look at attack vector requirements can provide critical insights for teams to assess these and future CVEs as they are reported.

We hope that by analyzing and counting these vulnerabilities with new methods, this context can be used by all industrial security teams to better understand and remediate future vulnerabilities.

Key Findings

● For the CVEs reported in 2022, 13% have no patch or remediation currently available from the vendor (and 34% require a firmware update)

● While 56% of the CVEs have been reported by the Original Equipment Manufacturer (OEM), 42% have been submitted by security vendors and independent researchers (remaining 2% were reported directly by an asset owner and a government CERT)

● 23% of the CVEs require local or physical access to the system in order to exploit

● Of the CVEs reported thus far in 2022, 41% can and should be prioritized and addressed first (with organization and vendor planning)

Emerson Helping Albioma Become a Fully Renewable Energy Provider

Sustainability continues its strong trend among industrial and manufacturing companies. This story concerns Emerson and Albioma regarding biomass.

Global technology and software company Emerson has been selected by Albioma, a French independent energy provider, to help transition its coal-fired Bois Rouge plant to 100% renewable energy. As part of Albioma’s wider mission to transition all of its existing fossil fuel plants to renewable energy, Emerson’s automation systems and software will enable the coal-fired power station to convert to biomass feedstock.

The multi-million-dollar project is the latest example of how Emerson technologies are helping customers accelerate their transition to more sustainable energy. The power plant, one of three that Albioma operates on Réunion Island in the Indian Ocean, will be converted to use 100% biomass wood pellets. The overhaul of the 108-megawatt facility will reduce greenhouse gas emissions by approximately 640,000 tons of CO2 equivalent per year, an 84% decrease in direct emissions compared to current operating levels.

The Bois Rouge plant consists of three generating units. Two units are already controlled by Emerson’s Ovation™ distributed control system, which will be modified for use with biomass feedstock, and the third unit will be replaced with a new Ovation system. The units will also be modernized with new turbine protection and health monitoring systems, safety systems for the boilers, and upgraded boiler control elements and instrumentation.

To ensure the project is completed within the available timeframe – a critical requirement of Albioma – Emerson will provide its Project Certainty methodologies, digital technologies and software expertise. In addition to delivering local engineering support for the project, Emerson will provide its Remote Virtual Office (RVO) collaboration platform – a secure virtual engineering and testing environment that will enable Albioma to access Emerson’s resources and ongoing support to reduce project risk and costs.

Hydrogen and Biofuel Production Improvements

Technology pundits have extolled hydrogen as an energy source that makes sense from environmental and sustainable points-of-view for many years. Emerson recently hosted an online conference focused on what it is doing to help customers develop hydrogen production. We are finally on the cusp of a breakthrough. One problem hydrogen shares with electricity is dirty generation. Emerson and customers are working to solve the tech and economics of green hydrogen production.

While we are talking sustainability, please check out The Carbon Almanac. Hundreds of volunteers from around the world have worked on this practical guide to doing something about global warming and environmental dangers.

I’m going to summarize three sustainability initiatives from Emerson that I have collected for a few weeks.

  • Toyota Hydrogen Production
  • Green Hydrogen Production
  • Biofuel Production in Finland

Automation Technology for Toyota Australia’s Hydrogen Production and Refueling Plant

Emerson and Toyota Australia have collaborated to transform part of Toyota Australia’s operations into a commercial-grade hydrogen production, storage and refueling plant. The project, supported by the Australian Renewable Energy Agency (ARENA), adopts Emerson’s automation expertise to provide the control system that helps Toyota Australia demonstrate the technical and economic feasibility of manufacturing hydrogen fuels, including the use of renewable solar energy.

  • DeltaV distributed control system gathers data from the plant’s complex equipment
  • DeltaV systems control operations and help ensure safe operations 
  • Edge control technology from PACSystems will further reduce cost and complexity of integrating third-party systems
  • Rosemount flame detectors will help keep personnel and operations safe

Emerson to Help Accelerate Green Hydrogen Production

The PosHYdon project is a pilot that aims to validate the integration of offshore wind power and offshore natural gas and hydrogen production at sea—generating renewable fuels by harnessing a green energy source. The Neptune Energy-operated platform Q13a-A in the Dutch North Sea will host the project, which will provide insight into electrolyzer efficiency from a variable power supply and the cost of installing and maintaining a green hydrogen production plant on an offshore platform.

Green electricity will be used to simulate the fluctuating supply from wind turbines and power the production process, which will convert sea water into demineralized water and then safely produce hydrogen via electrolysis. The hydrogen is then blended with the natural gas and transported to the coast, via the existing gas pipeline, and fed into the national gas grid. The 1 MW electrolyzer is expected to produce up to three tons of hydrogen per week.

Emerson’s DeltaV distributed control system, DeltaV safety instrumented system and DeltaV Live operator interface software will manage the desalination and electrolyzer units, gas blending and balance of plant equipment.

PosHYdon is being developed by consortium partners Nexstep, TNO, Neptune Energy, Gasunie, Noordgastransport, NOGAT, DEME Offshore, TAQA, Eneco, Nel Hydrogen, InVesta, Hatenboer, Iv-Offshore & Energy and Emerson. The project has been awarded a €3.6 million grant from The Netherlands Enterprise Agency (RVO) under the agency’s Demonstration Energy and Climate Innovation scheme, which invests in renewable energy developments, including hydrogen pilots.

Animated video with English subtitles.

 

Optimize Fintoil Biorefinery Operations for More Efficient, Sustainable Production

Fintoil, together with Neste Engineering Solutions, has selected Emerson’s automation software and technologies to maximize the operational performance of its biorefinery being constructed in the port of Hamina-Kotka, Finland. The plant will be the third-largest crude tall oil (CTO) biorefinery in the world and produce advanced biofuel and biochemical feedstocks that help lower emissions and reduce reliance on fossil-based fuels. 

The plant will refine CTO, a by-product of the wood pulping process, to produce a sustainable feedstock for renewable second-generation diesel, as well as rosin, sterol pitch and turpentine used in the chemicals, foodstuffs and pharmaceuticals industries. These CTO derivatives have a carbon footprint up to 90% smaller than their fossil-based equivalents. 

Emerson will apply its Project Certainty methodology, which digitalizes project execution and uses practices such as remote testing of equipment. Emerson consultancy services will advise on the implementation of cybersecurity best practices.

Construction of the facility is expected to be completed in 2022. The expected annual capacity of 200,000 tons will create a 400,000-ton reduction in carbon dioxide emissions, which is roughly 1% of Finland’s total emissions.

ABB Unveils View of Future of Process Automation

“In more than 25 years in the automation and energy business, I have never experienced more exciting times, albeit with more existential challenges,” says Peter Terwiesch, President, ABB Process Automation. Terwiesch spoke with me several times back when he was CTO of ABB process automation. He has always had marvelous insight into technology trends and process applications.

Terwiesch states the current state of process control spot on. I’ve watched the momentum of the Open Group building over the past few years. Could it suffer the same fate as its predecessor OMAC? Or could enough suppliers adopt significant parts of the “standard of standards” that we see the long awaited (by users) revolution toward open and interoperable and upgradable technology?

During my travel marathon in May/June, I had learned of Honeywell’s new direction with process control adding a level of open to a proprietary platform. Versions of openness including updates of the work of the Open Process Automation Forum were discussed at the ARC Industry Forum that I reported on podcast 242, Hype Curve. Schneider Electric (along with many smaller companies) has been stirring up news with its push toward open automation called Universal Automation.

Just at that time, ABB released a white paper on the future of process automation from Terwiesch. While at ARC, I had an opportunity to talk with Bernhard Eschermann, CTO Process Automation to make sure I understood the direction.

Following are some highlights from ABB.

  • At the core of controlling and supervising complex processes, the DCS will continue to provide the essentials needed for safe and reliable operations, while evolving its functionality to serve the needs of accelerating digital transformation and energy transition. It will combine an ability to scale and serve new market conditions by adapting to new technologies, including the provision of standard interfaces for third-party connectivity.
  • ABB foresees a modular automation architecture that will evolve to address customer needs, becoming more open, interoperable and flexible, while maintaining the same high level of reliability, availability, safety and security to which users have grown accustomed.
  • The DCS of the future will be embedded in a digitally-enabled environment that facilitates enterprise-wide secure connectivity and collaboration among people, systems and equipment.
  • New business models will be feasible through readily downloadable application subscription services.
  • Machine learning and artificial intelligence will speed issue resolution and promote remote, autonomous operations that keep people out of harm’s way and mitigate against human-induced error.

“With the DCS of tomorrow, we will accelerate innovation while maintaining the reliability and continuity for which we are known,” said Peter Terwiesch, President, ABB Process Automation. “This white paper is a blueprint for automation systems that will future-proof industries for decades to come. Many of the industries we serve are energy and material intensive, and strive toward more sustainable production. As they increasingly integrate renewables into their energy mix, we will provide the automation with which to do it.”

From the white paper:

  • ABB will separate automation into an evergreen robust core served by a modular architecture, prioritizing real-time response; with an extended, digitally enabled environment that securely connects to IoT, and enhances the collaboration of people, systems, and equipment.
  • Consistent with the Open Process Automation Forum’s vision of independent software modules with defined communication interfaces, the future Process Automation Systems core and extended system environments will be virtual, modular domains with cyber secure interfaces based on industry-standard OPC UA information models and communications.
  • These containerized modules will be automatically orchestrated in accordance with their performance and security expectations. This moves enforcement of authentication and authorization from the network perimeter toward a zero-trust approach at the core where components will be required to digitally prove their identity and originality, as well as their authorization for specific tasks, in order to properly deal with the evolving threat landscape.

Mixed Reality Simulator and Updated Process Automation from Honeywell

Honeywell User Group landed in Orlando two weeks ago. Meanwhile, I’ve had several meetings with Honeywell again this week, also in Orlando, at the annual ARC Industry Forum. Two additional items have popped up this week. One relates to worker enhancement and the other fleshes out additional details of the updated Experion PKS process automation system. This topic was broached last week, but there’s a little bit more.

Honeywell Enhances Immersive Field Simulator

Manas Dutta met with me to discuss this simulator product. Mixed reality experiences have often been explained as training applications—and indeed that is a great use. However, Dutta also explained that design engineers can also use the technology to visualize the physical plant. They can see where a scaffolding may need to be erected or where there may be interferences. This is most useful in the usual use case where engineering is done remotely.

Honeywell announced a new version of its Immersive Field Simulator (IFS) offering, a virtual reality (VR) and mixed-reality-based training tool that incorporates a digital twin of physical plant operations to provide targeted, on-demand, skill-based training for workers. With IFS technology, plants can simulate scenarios such as primary failure and switchovers, and cable and power supply failures, that train and test personnel on their skills.

The new version of IFS – R120 – incorporates a simulation engine that enables customers to build field operator training lessons without having to link to a larger panel operator simulator. This provides more flexibility in how they conduct training and alleviates the need to pull multiple operators off shift for sessions. In addition, it reduces the solution’s footprint and allows it to be more accessible for impromptu training or refresher courses.

Furthermore, IFS R120 can facilitate an open platform communications connection to any panel operator simulator that a customer may have.

“Megatrends such as the aging workforce and increased complexity of technology are putting even more pressure on industrial companies and their training programs,” said Pramesh Maheshwari, vice president and general manager, Lifecycle Solutions and Services, Honeywell Process Solutions. “More than ever, they need training and development solutions that empower workers to improve plant performance, uptime, reliability and safety.

He continued: “One of the best ways to do this is by simulating real-world environments and rare but critical plant operation and maintenance scenarios to enable safe, hands-on learning away from the hazards of a plant. This version of Immersive Field Simulator offers increased flexibility to meet any site’s operator training requirements.

IFS R120 will be available at the end of 2022.

Experion PKS Release 520.2 For Next Generation Process Control

Joe Bastone sat down with me at ARC Industry Forum to talk about the next gen process control from Honeywell. As he discussed the “Hive” technology and new features, his excitement and passion for the product was abundant.

However as I’ve discussed previously, an interesting sub-story is that the product contains many of the features requested by ExxonMobil and other end users that has led to the development of the Open Process Automation Forum and standards, but no mention of OPAF is ever made. This story will continue to develop. For sure, significant advances have come to process control.

Honeywell announced Release 520.2 (R520.2) of its Experion Process Knowledge System (PKS), introducing new process automation features and functionality to end users across the industrial sector. 

At the center of R520.2 is Experion PKS Control Highly Integrated Virtual Environment (Control HIVE) functionality, which enables users to integrate individual controllers and have them act as a cluster of shared compute resources. This functionality, combined with the capability to optimize control system resources and input/output modules, significantly reduces the complexity and capital expenditure associated with automation projects and control systems.

Control HIVE also reduces unplanned downtime and shutdowns through unlimited availability and redundancy; provides longevity; and simplifies lifecycle management and support through streamlined maintenance and upgrade activities. Furthermore, Control HIVE provides an open, scalable control platform that can accommodate other types of applications, reducing the complexity of integrating, operating and maintaining third party systems and packages.

Experion PKS R520.2 also expands the functionality of Control HIVE, which allows automation projects to be deployed in a more flexible and resilient manner by decoupling control system elements that are traditionally engineered, configured and deployed in a hierarchal manner. 

Rounding out the updates is side-by-side support for Honeywell’s C300PM and EHPM controllers, which provides more flexibility for migrations; unit operations controller enhancements for Life Sciences, Pulp and Paper, and other vertical end users; PROFINET S2 redundancy; and materials requirement planning support for increased availability and simplified device replacement.

“Building on the foundation forged by Experion PKS R520.1, this new version of Experion PKS incorporates ground-breaking technologies and capabilities that effectively establish the necessary requirements for the next generation of process control,” said Joe Bastone, director of offering management for Experion PKS, Honeywell Process Solutions. “Implementation of R520.2 can truly transform a user’s current installed base, leveraging existing investments while solidifying their operations for a digitalized future.”

Honeywell Introduces A “Unified Process Control Platform”

I still have thoughts to wrap up from HUG while compiling news from Hannover plus many other news items due to Hannover or ARC or Automate shows. Not to mention many other projects ongoing. Plus I received my second Covid booster vaccine this morning. No reactions so far just like with the hundred (it seems) other inoculations I’ve taken over the past few months.

First, an introduction. During Honeywell Process Solutions CTO Jason Urso’s keynote, he described a new control platform and future that sounded very much like the Open Process Automation work of decoupling hardware and software, using modularity, the latest networking, open protocols, and the like—except he never mentioned OPAF. A couple of colleagues and myself found this intriguing.

I will pause and let your imagination go to work for a minute.

Here is the news of the C300PM controller that HPS calls a “unified process control system” that  is “flexible and cost effective.”

In short:

• Solution protects existing intellectual property while modernizing current infrastructure

• Provides modern best-in-class control technology in a familiar HPM hardware form

The new controller enables seamless technology evolution for customers seeking to utilize the features of the state-of-the-art C300 process controller while retaining a familiar hardware package.

Addressing the key pain point of OPAF’s instigator, ExxonMobil, Honeywell states, “In today’s competitive environment, an effective strategy of control technology upgrades can help manufacturers reduce asset ownership costs, increase production rates, manage risks, extend the life and performance of systems and improve responses to changing customer demands.”

“The C300PM is intended for industrial operations employing the proven Enhanced High-Performance Process Manager (EPHM), which integrates the control environment of the legacy TotalPlant™ Solution (TPS) and TDC 2000/3000 systems,” said Pramesh Maheshwari, vice president & general manager, Honeywell Process Solutions, Lifecycle Support Services. “The C300PM is ideal for customers who have asked for the EHPM to have the same functionality as the best-in-class C300 when developing their control migration plans, as well as users with a mixture of EHPMs and C300s who want to unify their controller platform.”

With the C300PM, companies undertaking plant renovations or unit expansions can upgrade their controller installed base with a solution that provides a common engineering environment and eliminates the need to completely replace existing hardware.

The C300PM employs Honeywell’s deterministic Control Execution Environment (CEE) to execute control strategies on a constant and predictable schedule. The CEE is loaded into the C300PM controller, providing the execution platform for a set of automatic control, logic, data acquisition and calculation function blocks.

By modernizing to the C300PM, EHPM users no longer need to obtain an additional controller to obtain the same level of performance as the C300 controller in demanding applications such as blending and batch processing. They can take advantage of increased processing speed for their critical control loops. Peer-to-peer communications between different generations of controllers help to optimize overall system performance. In addition, the C300PM utilizes Honeywell’s Custom Algorithm Block (CAB) functionality, which leverages user-defined algorithms and data structures to greatly reduce the effort required to create complex control strategies.

The C300PM also incorporates the Experion PKS I/O Highly Integrated Virtual Environment (IO HIVE). This technology provides a fault-tolerant, high-speed field network allowing the controller to communicate with distributed Honeywell Universal I/O (UIO) and Series C I/O. The controller also supports many leading industrial communication protocols, including Peer Control Data Interface (PCDI), Profinet, EtherNet/IP, OneWireless, FOUNDATION Fieldbus, and Profibus.

Insert another pause. During the time that I haven’t been briefed much from Honeywell, it has become platform agnostic. No more battling our wireless versus theirs or our fieldbus versus theirs. All for the good!

With Honeywell’s assistance, EHPM users can take advantage of a familiar migration technique to C300PM, which allows them to preserve their valuable legacy systems without having to deal with issues such as rewiring, system reconfiguration and graphics migration. Migration can be completed without the need for a shutdown to install new controllers. Conversely, plants that have not installed the EHPM can go directly from the High-Performance Process Manager (HPM) to the powerful and robust features of the C300PM as part of a simple on-process migration.