Industrial Automation. I guess sometimes it’s good and sometimes not. Tesla had difficulty ramping up production on its low-end vehicle. Elon Musk blamed automation for his problems. Well maybe it was vaguely automation. But maybe they tried automating too much, or they automated things they shouldn’t have. Maybe Rockwell Automation now has a place he can drive to to learn more about automating production.
While I was traveling, Rockwell Automation released some news. I had to seek clarification on some. Here are two interesting items.
The first piece of news concerned Rockwell Automation opening an 8,000 square-foot Electric Vehicle (EV) Innovation Center at 111 North Market Street in San Jose, California, within its Information Solutions development facility. The center will provide live manufacturing demonstrations, hands-on trials utilizing new technology and events showcasing collaboration with industry experts and Rockwell Automation partners.
Upon first glance I thought maybe it was getting into the EV business. Actually it is bringing its experience and products from “Detroit” building cars to Silicon Valley building cars—just with different power trains.
Utilizing augmented and virtual reality modeling, the EV Innovation Center provides automotive start-ups and established manufacturers an environment to learn new technologies and standards, enabling them to deliver electric vehicles to market faster, with less risk and at lower cost.
The Center features not only traditional Rockwell products, but also features partners such as its FactoryTalk InnovationSuite powered by PTC, Eagle Technologies’ battery pack assembly machine, and FANUC robot technologies.
Other partners featured include Hirata, a turnkey assembly line builder, provides an assembly cell that demonstrates electric drive unit assembly and testing; Emulate 3D, Rockwell Automation’s simulation software, helps to prototype and test machines before they’re built; teamtechnik performs functional testing to confirm performance before building the drive into the electric vehicle.
“With growing global consumer demand, electric vehicle companies are challenged to meet aggressive production timelines,” said John Kacsur, vice president, Automotive and Tire Industries, Rockwell Automation. “We established the Electric Vehicle Innovation Center to expand their possibilities and get their products to consumers quickly and at the lowest possible cost, while operating more efficiently.
The second Rockwell news concerns its partner Claroty and cybersecurity services. To help prevent incidents and combat the unpredictable threats that cause them, industrial companies around the world can now manage cyber risk in their operations using the Rockwell Automation Threat Detection Services powered by the Claroty threat detection platform.
“A scary aspect of security threats is what you don’t know about them – what techniques they’ll use, what attack vector they’ll leverage, what vulnerabilities they’ll exploit,” said Umair Masud, manager security services portfolio, Rockwell Automation. “Our Threat Detection Services combine our innate understanding of industrial automation with Claroty’s trusted OT network visibility. The services can give companies peace of mind by protecting not only one facility but their entire supply chain from unpredictable threats.”
The Threat Detection Services help safeguard connected operations in three key ways:
- Identify and Protect: Identifying all industrial control networked assets, and their vulnerabilities, to help companies know what to protect
- Detect: Monitoring networks for not only known threats but, more importantly, anomalous traffic or behaviors to alert companies of a security incident – possibly before it even happens
- Response and Recovery: Developing plans for containing, eradicating and recovering from attacks to keep operations running or more quickly return to a fully operational state
The Claroty threat detection platform creates an inventory of a user’s industrial network assets, monitors traffic between them and analyzes communications at their deepest level. Detected anomalies are reported to plant and security personnel with actionable insights.
“The Claroty platform, used within the Threat Detection Services, can accelerate a company’s journey to more connected and digitally driven operations,” said Amir Zilberstein, co-founder and CEO, Claroty. “Most critically, the platform can help companies detect and quickly respond to threats that bypass their security controls. But it can also give companies a deeper understanding of their industrial assets and improve their ability to keep operations running.”
Cyber Security got a shout-out during the Siemens Spotlight on Innovation forum in Orlando last week. Leo Simonovich, VP and Global Head, Industrial Cyber and Digital Security at Siemens Gas and Power, and Mike Wiacek, co-founder & CSO of Chronicle (an Alphabet company) took the stage discussing their newly signed cyber security agreement.
Key phrase—“customers can own their environment”. Perhaps the most interesting conversation I had during the networking event was with a Chronicle tech person who gave me a deep dive into the product. This is security unlike everything else I investigate in the OT realm. This isn’t a network monitoring app. Nor is it a device that acts as a firewall for industrial control devices. It builds a huge database and adds analytics (which is “in our DNA”). The solution has two parts—visibility and context. It bridges IT and OT worlds with the intent to “democratize security for the success of the digital economy”; that is, make it accessible to customers, simple, affordable, easy-to-use.
Through a unified approach that will leverage Chronicle’s Backstory platform and Siemens’ strength in industrial cyber security, the combined offering gives energy customers unparalleled visibility across information technology (IT) and operational technology (OT) to provide operational insights and confidentially act on threats.
The energy industry has historically been unable to centrally apply analytics to process data streams, cost-effectively store and secure data, and identify malicious threats within OT systems. Research conducted by Siemens and Ponemon Institute found that while 60 percent of energy companies want to leverage analytics, only 20 percent are utilizing any analytics to do security monitoring in the OT environment. Small and medium enterprises are particularly vulnerable to security breaches as they frequently do not have the internal expertise to manage and address increasingly sophisticated attacks.
“The innovative partnership between Siemens and Chronicle demonstrates a new frontier in applying the power of security analytics to critical infrastructure that is increasingly dependent on digital technology,” said Simonovich. “Cyber-attacks targeting energy companies have reached unprecedented speeds, and our cutting-edge managed service unlocks the analytics ecosystem offers a new level of protection from potential operational, business and safety losses.”
“Energy infrastructure is an obvious example of cyber-attacks affecting the physical world and directly impacting people’s lives,” said Ansh Patnaik, Chief Product Officer, Chronicle. “Backstory’s security telemetry processing capabilities, combined with Siemens’ deep expertise, gives customers new options for protecting their operations.”
The partnership between Siemens and Chronicle will help energy companies securely and cost-effectively leverage the cloud to store and categorize data, while applying analytics, artificial intelligence, and machine learning to OT systems that can identify patterns, anomalies, and cyber threats. Chronicle’s Backstory, a global security telemetry platform for investigation and threat hunting, will be the backbone of Siemens managed service for industrial cyber monitoring, including in both hybrid and cloud environments. This combined solution enables security across the industry’s operating environment – from energy exploration and extraction to power generation and delivery.
I booked a vacation several months ago that conflicted with Hannover Messe. I missed the usually chilly and damp north of Germany in favor of the definitely chilly and damp Pacific Northwest.
Many announcements from Hannover reached me anyway, though, so I’ll be going through a few this week. First up concerns using the new CIP Security protocol from ODVA. This one from Rockwell Automation.
This release talks about Rockwell’s developing solutions toward closing a cybersecurity opening within industrial automation communication.
“As the world’s leading company focused on combining industrial automation with digital technology, we’re uniquely positioned to help close security gaps in connected operations,” said Megan Samford, director of product security, Rockwell Automation. “Our new offerings with built-in security deliver the industry’s best available protection of control-level traffic. This can give users confidence that the integrity of their systems and their device-to-device communications are protected from day one.”
The Allen-Bradley ControlLogix EtherNet/IP communication module is among the first industrial devices to use the CIP Security protocol from ODVA. The protocol helps make sure only authorized devices are connected in industrial operations. It also helps prevent tampering or interference with communications between those devices. CIP Security is the first industrial automation protocol to support transport layer security (TLS), the most proven security standard available.
Also, the newly enhanced Allen-Bradley ControlLogix 5580 controller is the world’s first controller to be certified compliant with today’s most robust control system security standard, IEC 62443-4-2. The standard defines the technical security requirements for industrial automation and control system components. This certification builds on the 2018 certification of the Rockwell Automation Security Development Lifecycle (SDL) to the IEC 62443-4-1 standard.
I just had an opportunity to talk Industrial cybersecurity with two leaders of The Industrial Internet Consortium (IIC) (now incorporating OpenFog) who gave an overview of the new Security Maturity Model (SMM) Practitioner’s Guide. This document provides detailed actionable guidance enabling IoT stakeholders to assess and manage the security maturity of IoT systems.
Along with the publication of the SMM Practitioner’s Guide is an update to the IoT SMM: Description and Intended Use White Paper, which provides an introduction to the concepts and approach of the SMM. This white paper has been updated for consistency with the SMM Practitioner’s Guide, including revised diagrams and updated terminology.
As organizations connect their systems to the internet, they become vulnerable to new threats, and they are rightly concerned with security. Addressing these concerns requires investment, but determining investment focus and amount is a difficult business decision. The SMM helps by enabling a structured top-down approach toward setting goals as well as a means toward assessing the current security state, taking into account various specific practices. The SMM allows an organization to trade off investment against risk in a sensible manner.
Building on concepts identified in the groundbreaking IIC Industrial Internet Security Framework published in 2016, the SMM defines levels of security maturity for a company to achieve based on its security goals and objectives as well as its appetite for risk. Organizations may improve their security state by making continued security assessments and improvements over time, up to their required level.
“This is the first model of its kind to assess the maturity of organizations’ IoT systems in a way that includes governance, technology and system management,” said Stephen Mellor, CTO, IIC. “Other models address part of what is addressed by the SMM: they may address a particular industry, IoT but not security, or security but not IoT. The SMM covers all these aspects and points to parts of existing models, where appropriate, to recognize existing work and avoid duplication.”
The practitioner’s guide includes tables describing what must be done to reach a given security comprehensiveness for each security domain, subdomain and practice and can be extended to address specific industry or system scope needs. Following each table is an example using various industry use cases to demonstrate how an organization might use the table to pick a target state or to evaluate a current state.
One example is that of an automotive manufacturer considering the possible threats interfering with the operations of a vehicle key fob. The manufacturer sets its target maturity comprehensiveness level to “1” as it considers some IT threats, such as a Denial of Service attack that may prevent a driver from opening the car door using the key fob. Over time, as new threats emerge, the manufacturer realizes it needs additional threat modeling and enhanced practices so raises its target maturity comprehensiveness level to a higher level “2.”
The practitioner’s guide contains three case studies that show IoT stakeholders how to apply the process based on realistic assessments, showing how the SMM can be applied in practice. The case studies include a smarter data-driven bottling line, an automotive gateway supporting OTA updates and security cameras used in residential settings.
The IIC designed the Security Maturity Model to be extended for industry and system specific requirements. The IIC is collaborating with various industry groups to develop industry profiles that extend the model. Industry associations interested in developing profiles are encouraged to contact the IIC. Please send an email to [email protected]
For more information about the IIC SMM Practitioner’s Guide, IIC members have prepared a webinar “Get a True Sense of Security Maturity,” which will air on March 18th at 12:00 pm for 60 minutes. Use this PIN: 12374028
The full IIC Security Maturity Model Practitioner’s Guide and a list of IIC members who contributed can be found on the IIC website.
ARC’s annual Industry Forum gathering provided an opportunity rare these days of meeting with a wide variety of people and companies. Today’s post summarizes most of the rest of information gathered not previously published.
Interestingly, IIoT was not a major theme. Perhaps it underlies the other things. Most of the time we talked security and software. This round up involves Schneider Electric, Bedrock Automation, Bentley Systems, Siemens, and ioTium.
Profitable Safety for Industry
Schneider Electric has announced EcoStruxure Process Safety Advisor, an IIoT-based digital process safety platform and service that enables customers to visualize and analyze real-time hazardous events and risks to their enterprise-wide assets, operations and business performance.
Safety Advisor is built on Schneider Electric’s EcoStruxure SIF Manager application for tracking and validating safety instrumented function (SIF) performance over the life of a plant. It provides a single view into the health and status of the user’s safety instrumented functions, which helps to identify potential risks and their impact on operations performance.
It also identifies the need to take corrective action via easy-to-understand performance dashboards and leading indicators for safety health and then documents the entire process using an embedded SIF audit trail that supports safety compliance.
Safety Advisor enables customers to understand their risks within minutes, and then act decisively to drive better business results.
Albert Rooyakkers, Bedrock Automation CEO, pointed to advances with Bedrock’s offering including “Zero Cost Software”, having an OSA Proxy, using MQTT Sparkplug-B secure, Role-Based access control, and a partnership with SI firm Wood Group.
Wood’s automation and control group will deliver Bedrock Open Secure Automation (OSA) to its clients in energy and industrial markets. Wood has active membership in The Open Process Automation Forum, which is focused on the development of a standards-based, open, secure, interoperable process control architecture.
“This partnership centers on combining our diverse capabilities and innovative solutions in automation with Bedrock’s OSAtechnology to bring open and secure systems to our clients, advancing our position as a world leading automation providerand bringing greater cyber protection to our client’s projects,” said Jeff Shannon, Senior Manager of Strategy and Development in Wood’s automation and control group.
Planning and Design Assessment Solutions for Grid Modernization
Bentley Systems announced availability of OpenUtilities DER Planning & Design Assessment Solutions that provide decision support and cost-based models and simulations for Distributed Energy Resources (DER) integration.
In partnership with Siemens’ Digital Grid business unit, OpenUtilities Solutions for DER empowers electric utilities, electricity suppliers, and distribution network operators (DSO) with software applications to analyze, design, and evaluate DER interconnection requests through desktop and cloud-based services, while supporting the reliability and resilience of network operations.
The solutions generate an electrical digital twin for utilities – a GIS digital twin that enables owner/operators to more efficiently model the grid for decentralized energy without compromising safety and reliability. Digital twins can provide huge efficiencies in grid operations by streamlining DER interconnection applications with optimized workflows to better assess operational impacts, long-term strategic scenarios and investment decisions.
OpenUtilities Design Optioneering advances OpenUtilities Analysis one step further with cost-based decision support for planning and designing complex utility networks with DER. The application provides the ability to analyze both planned and existing infrastructure, optimize equipment sizing, and estimate materials and labor costs for DER projects. This helps utilities minimize design construction costs associated with DER and streamline the DER interconnection process with detailed cost estimation included with the impact analysis studies.
Finally, I talked with Ron Victor of ioTium. The product consists of a soft node on, for example, a Dell Gateway device providing baked-in security. It runs as server in cloud enabling easier deployment.
ioTium’s IoT network isolates IT and OT network and data, preventing IT traffic from touching OT traffic and thus eliminating the possibility of backdoor threats. Further, ioTium isolates data streams from different sub-systems, preventing a compromise on one sub-system from affecting any other sub-system.
ioTium’s virtualized edge platform enables deployment, update and upgrade of edge services across thousands of remote sites in one click from the cloud, making analytics, DPI, machine learning, encryption, compression and more possible closer to the data source.
If HMI SCADA absorbed about 40% of my ARC Industry Forum appointments, then industrial cybersecurity took up another 40%. Not all of them were the usual networking solutions, either.
This one, for example, comes from Honeywell. It announced the latest release of Secure Media Exchange (SMX), a cybersecurity solution to protect industrial operators against new and emerging Universal Serial Bus (USB) threats. SMX now includes patent pending capabilities to protect against a broad range of malicious USB device attacks, which disrupt operations through misuse of legitimate USB functions or unauthorized device actions.
These advanced protections complement additional SMX enhancements to malware detection, utilizing machine learning and artificial intelligence (AI) to improve detection by up to 40 percent above traditional anti-virus solutions according to a Honeywell study. Together, these updates to the SMX platform deliver comprehensive, enterprise-wide USB protection, visibility and control to meet the demanding physical requirements of industrial environments.
USB devices include flash drives and charging cables, as well as many other USB-attached devices. They represent a primary attack vector into industrial control system (ICS) environments, and existing security controls typically focus on the detection of malware on these USBs.
While important, research shows an emerging trend toward new categories of USB threats that manipulate the capabilities of the device standard to circumvent traditional security controls and directly attack ICS. Categorically, these malicious USB device attacks represent 75 percent of today’s known USB attack types, a clear indication of the shift toward new attack methodologies. Because these attacks can weaponize common USB peripherals — like keyboards, speakers — effective protection requires sophisticated device validation and authorization.
“Malicious USB attacks are increasingly sinister in their ability to emulate, exploit and manipulate USB devices, often causing damage and operational outages,” said Sam Wilson, global product marketing manager, Honeywell Industrial Cybersecurity. “Honeywell is the first to deliver a powerful industrial cybersecurity solution to protect against malicious USB device attacks, which represent the majority of USB threat types and advanced malware. And as USB usage increases and devices proliferate, human verification of device actions will continue to play an important role.”
SMX protection includes Honeywell’s Trusted Response User Substantiation Technology (TRUST), which introduces a human validation and authentication step to ensure that USB devices are what they claim to be. TRUST helps prevent unwanted or suspicious devices from introducing new threats into the industrial control environment. In the case of USB storage devices, additional layers of advanced malware detection technology are used to further protect against malware, including machine learning and AI to improve detection of increasingly complex malware, including zero days and evasive malware.
SMX helps customers make changes across people, process, and technology that will improve their industrial cybersecurity maturity. It trains USB users to look for potential issues as they plug in, while reinforcing plant check-in and check-out processes for plant managers. As a technical control, SMX continuous threat protection and its latest enhancements ensure that customers can check USBs anywhere to scale industrial cybersecurity with ease.
The latest SMX technology release includes a host of additional features including:
- New Centralized Management: provides unmatched visibility of USB devices entering industrial control environments and centralized threat management across all SMX sites, for time-saving security management and simple-to-view insights unique to the customer’s environment.
- New ICS Shield Integration: provides additional visibility into USB activity on protected end nodes, closing the loop between centralized management services and distributed protections inside the ICS, without violating industry best practices of zone segmentation.
- Expanded SMX offering: provides multiple form factors to meet specific industrial needs, including portable SMX ST models for busy operational staff, and fully ruggedized models that meet industrial use cases including hazardous environments, military standard conditions and gloves-on worker situations.