Industrial Cybersecurity Solution Guards Against USB Device Attacks

Industrial Cybersecurity Solution Guards Against USB Device Attacks

If HMI SCADA absorbed about 40% of my ARC Industry Forum appointments, then industrial cybersecurity took up another 40%. Not all of them were the usual networking solutions, either.

This one, for example, comes from Honeywell. It announced the latest release of Secure Media Exchange (SMX), a cybersecurity solution to protect industrial operators against new and emerging Universal Serial Bus (USB) threats. SMX now includes patent pending capabilities to protect against a broad range of malicious USB device attacks, which disrupt operations through misuse of legitimate USB functions or unauthorized device actions.

These advanced protections complement additional SMX enhancements to malware detection, utilizing machine learning and artificial intelligence (AI) to improve detection by up to 40 percent above traditional anti-virus solutions according to a Honeywell study. Together, these updates to the SMX platform deliver comprehensive, enterprise-wide USB protection, visibility and control to meet the demanding physical requirements of industrial environments.

USB devices include flash drives and charging cables, as well as many other USB-attached devices. They represent a primary attack vector into industrial control system (ICS) environments, and existing security controls typically focus on the detection of malware on these USBs.

While important, research shows an emerging trend toward new categories of USB threats that manipulate the capabilities of the device standard to circumvent traditional security controls and directly attack ICS. Categorically, these malicious USB device attacks represent 75 percent of today’s known USB attack types, a clear indication of the shift toward new attack methodologies. Because these attacks can weaponize common USB peripherals — like keyboards, speakers — effective protection requires sophisticated device validation and authorization.

“Malicious USB attacks are increasingly sinister in their ability to emulate, exploit and manipulate USB devices, often causing damage and operational outages,” said Sam Wilson, global product marketing manager, Honeywell Industrial Cybersecurity. “Honeywell is the first to deliver a powerful industrial cybersecurity solution to protect against malicious USB device attacks, which represent the majority of USB threat types and advanced malware. And as USB usage increases and devices proliferate, human verification of device actions will continue to play an important role.”

SMX protection includes Honeywell’s Trusted Response User Substantiation Technology (TRUST), which introduces a human validation and authentication step to ensure that USB devices are what they claim to be. TRUST helps prevent unwanted or suspicious devices from introducing new threats into the industrial control environment. In the case of USB storage devices, additional layers of advanced malware detection technology are used to further protect against malware, including machine learning and AI to improve detection of increasingly complex malware, including zero days and evasive malware.

SMX helps customers make changes across people, process, and technology that will improve their industrial cybersecurity maturity. It trains USB users to look for potential issues as they plug in, while reinforcing plant check-in and check-out processes for plant managers. As a technical control, SMX continuous threat protection and its latest enhancements ensure that customers can check USBs anywhere to scale industrial cybersecurity with ease.

The latest SMX technology release includes a host of additional features including:

  • New Centralized Management: provides unmatched visibility of USB devices entering industrial control environments and centralized threat management across all SMX sites, for time-saving security management and simple-to-view insights unique to the customer’s environment.
  • New ICS Shield Integration: provides additional visibility into USB activity on protected end nodes, closing the loop between centralized management services and distributed protections inside the ICS, without violating industry best practices of zone segmentation.
  • Expanded SMX offering: provides multiple form factors to meet specific industrial needs, including portable SMX ST models for busy operational staff, and fully ruggedized models that meet industrial use cases including hazardous environments, military standard conditions and gloves-on worker situations.
More on HMI SCADA Manufacturing Software Advances

More on HMI SCADA Manufacturing Software Advances

The ARC Industry Forum witnessed even more HMI SCADA Manufacturing Software news last week in Orlando. Yesterday I discussed the re-write of Ignition 8 by Inductive Automation. Today two more items. Yes, there was room for improvement in this technology area.

  • AVEVA announced updates to (Wonderware) InTouch HMI, InTouch Edge HMI, System Platform, Historian, and AVEVA Insight products
  • GE Digital announced iFix 6.0 and discussed the new GE Digital

AVEVA Updates Monitoring, Control, and Information Management Portfolio

Company spokespeople said the updates are delivering edge-to-cloud integration and advanced visualisation tools, along with seamless access to advanced applications and powerful analytics. They also announced commercial flexibility with subscription.

With these capabilities available in a hybrid cloud model, customers can quickly bridge OT and IT requirements, create reusable industrial applications with rapid time to value, and drive operational efficiency with increased visibility across multiple levels of an organisation, in the discrete, process, hybrid and infrastructure industries.

AVEVA CEO Craig Hayman said, “AVEVA is committed to partnering with our customers to achieve maximum value from industrial digital transformation. We enable smarter decisions by creating innovative technology. The latest enhancements in our Monitoring, Control and Information Management portfolio, exemplified by the benefits delivered through the ADNOC Panorama initiative, perfectly illustrate how we are empowering our customers with edge-to-enterprise visibility.”

Abu Dhabi National Oil Company (ADNOC) was cited as an example use case. The Panorama Digital Command Centre enables ADNOC to monitor and optimise the performance of its assets and operations across 16 operating companies (OPCOs) from their Abu Dhabi headquarters. This includes oil and gas development and production, through to processing, petroleum and chemical products to transportation and distribution

H.E. Dr Sultan Al Jaber, ADNOC Group CEO, said, “The Panorama Digital Command Centre demonstrates how ADNOC is utilising cutting-edge technology to find new ways to optimise our assets, unlock value and drive efficiencies across the company. It provides a single access point to critical operational and performance information, facilitating smarter and faster decision-making and better enabling us to uncover new solutions.”

GE Digital Announces Updated iFix

GE Digital announced a new version of iFIX. Part of the Predix portfolio, the new iFIX 6.0 gives users the most informed view of the problem or task and secure visualization from anywhere at any time.

“We are excited to announce a number of powerful improvements to our iFIX offering,” said Matt Wells, Vice President of Product Management for GE Digital. “Building on our heritage as an industrial company, we are intimately familiar with the challenges our customers face every day. Industrial companies are looking for better ways to quickly build new SCADA applications, improve user performance and respond to changing needs while maintaining the security of the application. By leveraging standards such as OPCUA, integrated support for ISA alarm shelving, and enabling new web development tools, iFIX 6.0 allows organizations to rapidly build new applications while ensuring the stability and security of their operations and empowering operators to respond better to changing conditions in real time.”

iFIX 6.0 includes integrated support for ISA 18.2 standards for consistent alarm shelving and interface presentation, which enables operators to easily prioritize critical alarms to avoid spending unnecessary resources on less-pressing needs – helping plants to increase productivity by up to 70 percent. A new alarm summary grid allows operators to filter and focus on the critical alarms that matter, making it easier for immediate responders to review information and deal with the priority situation at hand.

Additionally, iFIX 6.0 now offers secure-by-design client connections with its new OPC Unified Architecture (UA) server – a machine-to-machine communications protocol for industrial automation. Incorporating the latest industrial interoperability standards ensures platform independence, meaning that iFIX 6.0 runs across a variety of hardware platforms and operating systems. Industrial organizations can now easily share data, alarms and events across supply chains with user authentication and encryption on iFIX 6.0.

“With iFIX, our operators are able to monitor system activity and respond immediately to any issues with full insights into what raised the alarm, helping us save time, reduce unnecessary downtime and meet compliance standards,” said Haley Lehman, Control Systems Technician, City of San Luis Obispo, Calif. “iFIX also allows us to get into the system from wherever we are, whether at home or out in the field. iFIX provides more reliable and readable information on demand, empowering plant operators to spend more time applying their expertise to the problem at hand and reducing the time spent navigating the system.”

iFIX 6.0 also provides new rapid application development features for HMI/SCADA, such as long tag names and descriptions – helping industrial users capture any hierarchy from their Programmable Logic Controllers (PLCs). Rapid application development significantly speeds the configuration and deployment of HMI/SCADA, reducing costs and saving time for automation systems integrators and in-house engineering teams.

The iFIX 6.0 high performance HMI is based on ISA 101 standards, further improving safety and performance with more effective operator graphics. Users can access their iFIX high performance HMI screens in a native HTML5 format, supporting operators from any location and on any device. This also provides a more intuitive user experience which can help reduce operator errors and improve response time to events and incidents.

Like all products in the Predix portfolio, iFIX 6.0 provides immediate value on its own, or can be deployed alongside other Predix products to drive additional outcomes across a customer’s entire asset or system lifecycle. From data ingestion and processing at the edge to process and throughput improvements to broad fleet-wide optimization, the ecosystem of GE Digital solutions provides simple, accessible options for businesses at all phases of their digital transformation journey, regardless of maturity or vertical.

In December 2018, GE announced plans to establish a new, independent company focused on building a comprehensive Industrial Internet of Things (IIoT) software portfolio. The GE-owned company will bring together GE Digital’s core software business – including the iFIX offering – with GE Power Digital and Grid Software Solutions and will start with $1.2 billion in annual software revenue. Based on proven domain expertise and with more than 20,000 customers globally, the new company will provide a complete, end-to-end digital offering that will enable customers to go from generating insights to driving outcomes.

www.ge.com/digital

HMI SCADA Manufacturing Software Sees Improvement

HMI SCADA Manufacturing Software Sees Improvement

A long-time friend from the manufacturing software market asked what I had seen at ARC Industry Forum. Advances in HMI SCADA manufacturing software, I told her. Oh, I figured that was such a mature category that there couldn’t be anything new, she replied.

Inductive Automation used its very visible presence at a press conference and breakfast to promote the changes hinted at during the Ignition Community Conference last September. Principally it announced the Public Beta of Ignition 8.

Ignition was built from the ground up as database-centric and IT-friendly. It now is used by more than 1,900 integrators. Chief Strategy Officer Don Pearson told us that it is found in 48% of the Fortune 100 companies in one way or another.

The three major upgrade areas in Ignition 8 focus on Expanded architectures (for enterprise), Security, and Mobility.

Key information points include:

  • Easier for large groups to work together
  • Added inheritance—flexibility and dynamic
  • Re-engineered tag system—customers have not been limited in number of tags they use so they use so many it is slowing the system, the revised system has made things much faster
  • Security—always a focus, but time to evolve, compatible with federated identity structure, 2FA, single sign on, and the like.
  • Mobile—developed Ignition Perspective, a tool for building mobile HMI, built in security, flexibility, functionality, based on HTML 5 and CSS 3.
  • Source control—compatible with Git and GitHub for development and deployment

In other news, Inductive Automation and FreeWave Technologies, a leader in long-range wireless radios and edge computing platforms, are providing increased data visibility and a more reliable data network for industrial IoT customers with remote assets.

Ignition Edge MQTT, an edge-of-network software solution from Inductive Automation and Cirrus Link Solutions, can run on FreeWave’s hardened, C1D2 ZumIQ Edge Computer and the ZumLink IQ Intelligent Edge Radio to flawlessly perform edge-based data collection using various industrial protocols and data publishing using MQTT.

This publish/subscribe, or pub/sub, architecture provides granular data to anyone on the network and the proven ruggedness of the Zum platform provides a reliable home for applications that place analytics and intelligence alongside remote assets. As a result, the ZumLink IQ is an all-in-one solution that provides both secure data transmission over long distances and application deployment.

“This collaboration with FreeWave will provide real benefits to users,” said Don Pearson, chief strategy officer for Inductive Automation. “Today’s industrial users are certainly on a quest for more data, and edge computing is a big part of satisfying that demand.”

“The ZumLink hardware platform is a perfect example of why we developed the Ignition Edge MQTT product,” said Arlen Nipper, CTO and president of Cirrus Link Solutions, a leading innovator of pervasive computing technologies, and co-inventor of the MQTT messaging transport. “Having a modular platform with tools that are already SCADA/OT-aware is extremely important in any digital transformation journey. Having a mature set of tools on the Ignition platform that can run on ZumLink solves numerous migration strategy issues.”

“In the simplest analogy, we are the ‘I’ in ‘IoT,’ and Inductive Automation’s holistic approach to delivering automation solutions is not like any other software provider in the marketplace today,” said Kirk Byles, CEO, Freewave Technologies. “Our joint focus on enabling industrial customers with data platforms that can transform their operations while improving productivity and reducing operating costs is of paramount importance to both our companies’ missions. It’s a unique hand-in-glove type of relationship and it has many automation integrators excited about the endless opportunities that can be created from our partnership.”

SCADA Control From Mobile Phones

SCADA Control From Mobile Phones

Advances continue in the venerable HMI/SCADA space. I got to see a preview of the new Ignition 8 from Inductive Automation [disclaimer: it is a sponsor, but they don’t pay for content] at the Ignition Community Conference in September featuring enhance mobile utility. The public beta version is now available. Full product to be released in April.

A key part of the Ignition 8 release is the Ignition Perspective Module, a pure-web, fully mobile solution. It provides full SCADA control from mobile phones, and drag-and-drop capabilities for designing mobile-responsive screens that are ideal for mobile devices.

Applications built with the Ignition Perspective Module adapt to fit any size screen, from cellphone to desktop. It will also enable users to leverage a phone’s GPS, camera, Bluetooth, orientation-sensing, and more. It runs in any web browser with HTML5, and requires no plug-ins. Perspective will allow people to enhance their SCADA systems in new and creative ways.

Ignition 8 also features capabilities for building enterprise-scale architectures. A faster tag system aids very large deployments, such as those with a million tags or more. Improved concurrent design allows projects to move faster. Project inheritance allows corporate standards to be used in addition to local modifications. And Ignition 8 was built with cybersecurity as a key pillar. It supports industry-leading encryption protocols, uses two-factor authentication, and also includes single sign-on.

More than 1,000 people have participated in the private Beta test for Ignition 8, and the response has been very positive. “Ignition 8 is a game-changer, a fundamental shift in how SCADA applications are developed and deployed,” said Bob Hastie, senior control systems engineer for Able-Baker Automation, Inc. “We — and our largest Ignition client — are very impressed with what we’ve seen in this release. Inductive Automation continues to deliver on its mantra of ‘Dream It, Do It.’”

“Our team is very excited to roll out Perspective to our largest Ignition user,” said J. C. Harrison, director of systems engineering for Roeslein & Associates, Inc. “We have successfully tested the Beta against live, true, plant-floor data. We (and our customer) are ready!”

“Ignition 8 builds on the industry-altering changes we’ve come to expect from Inductive Automation, and the Perspective Module pushes the envelope further by bringing Ignition natively to your browser,” said Dave Griffith, sales & marketing manager for Corso Systems. “These changes make it easier to develop and implement solutions more rapidly and efficiently than ever.”

“SugarCreek is looking forward to using the Ignition Perspective Module to combine the power of Ignition with HTML5,” said Dan Stauft, director of operational technology for SugarCreek. “We have been using the Beta and can’t wait for the official release!”

The Beta version of Ignition 8 is available at demo.inductiveautomation.com, Google Play, and the Apple App Store.

CPQ Stands At Center of Industry Digitalization

CPQ Stands At Center of Industry Digitalization

The point of manufacturing is to design and make a product then deliver the right product to the customer. Sometimes we just churn out a large quantity and hope they will sell. Sometimes we configure to order or “mass customize” products.

For example, I once had a job where I reported to the Vice President of product development for a manufacturing company. Two of us reported to him. The other guy headed the engineering teams for all of our standard products. I had a small team and we did special projects. One task was to help sales people go through complex specs and configure our product to meet the specs. My technology was a 4-column accounting ledger, pencil, and Singer adding machine.

I bet I made mistakes.

Frederic Laziou, CEO of Tacton, a Swedish company with a product in the CPQ space, just talked with me about what’s happening with his company and the technology.

CPQ stands for Configure Price Quote recognized by Gartner with Tacton firmly situated in Gartner’s Magic Quadrant in CPQ.

A SaaS company born in the cloud from a research institute in Sweden, Tacton used AI plus search research to become a product search engine. Among CPQ companies, Tacton is unique as a niche player in manufacturing with key domain knowledge in manufacturing.

CPQ would have made my job from the late 70s easier, more accurate, and better documented. Good stuff.

Laziou states Tacton has presence in Europe, Japan, and North America. There is a common thread—they cannot compete on price. Mass customization or individualizations helps companies compete.

The company was seeking to deepen its North American presence, niche player in these areas:

  • Machinery
  • Production lines
  • Power Generation (Dresser/Siemens)
  • Medical Technology (Siemens and GE)
  • Heavy commercial vehicles
  • Fluid and air flow

30-40% of that business is in the US. In order to sustain leadership, need to be closer to the customer and partners, therefore have US headquarters. It established an office in the Chicago area. Two additional reasons for the Chicago location include direct flights to Stockholm and a wealth of necessary talent in manufacturing, software, and sales and marketing.

Putting Tacton in context of Industry 4.0, it puts customer in the center of the customer’s digitization.

Laziou says that as more people are bringing consumer technology into the business context, Tacton developed AR to enhance customer engagement. Not to mention that AR addresses big pain point—errors in quotes.

To fuel the expansion and drive increased sales, the company is making a $12 million investment over the next three years to establish joint headquarters in Chicago

In conjunction with its expansion and investment in the U.S. market, Tacton is also announcing new capabilities in its cloud-based CPQ platform. The new features include augmented reality (AR)-powered visualization and expanded integration with Salesforce that makes it even easier for manufacturers to design, configure and sell complex products.

Founded in 1998, Tacton CPQ software and design automation solutions help the world’s largest manufacturers, such as Bosch, Siemens and Caterpillar to manage the complexities traditionally associated with producing customized and configured products that meet strict customer requirements.

For example, the Industrial Power division at Siemens uses Tacton’s sales configuration software to slash the time it takes to prepare price quotes and simplify product configuration of custom solutions. It used to take Siemens eight weeks to produce a custom quote for its gas turbine units, With Tacton’s CPQ, the sales team now produces the same quote in a matter of minutes, without requiring any help from product specialists.

“The beauty of the Tacton Configurator is that it will guide the sales representative and get the product configuration for an accurate price quote each time. It now takes us only five minutes to generate a complete budget offer including pricing. This saves us tremendous amounts of time and money,” said Siemens Senior Engineer CRM process & IT Development Jan Nilsson.

Tacton CPQ now includes visual product configuration, including real time, interactive 3D drag-and-drop functionality. Sales engineers can interact directly with a sophisticated configuration tool, powered by AR to visualize the configuration within the actual environment.

The new capabilities extend Tacton’s integration with Salesforce to boost sales with features including needs-based configuration. Salesforce Sales Cloud customers can now connect to the full power of Tacton CPQ leveraging its best-in-class AI-driven configurator for the manufacturing industry. Tacton CPQ for Salesforce features automated CAD drawing and engineer-to-order (ETO) processes with out-of-the-box integration to all leading CAD solutions, integration with SAP ERP and Variant Configurator (SAP LO-VC) and open APIs that enable full integration with the existing IT stack.

“We experienced significant customer adoption for Tacton CPQ solutions among European manufacturers over the last two years, making it the ideal time to meet a similar demand in the United States,” said Frederic Laziou, CEO of Tacton. “By continuing to add breakthrough enhancements like AR-powered visual configuration to our CPQ solution, we can drive even greater efficiency for manufacturers, making it even simpler and faster to sell complex products.”

The Year of IT and OT

The Year of IT and OT

We should be so beyond talk of The IT/OT convergence.

This has not been a technology issue for years. If anything it is an organization and personal issue.

Executives continue to view their organizations as constructed of a variety of separate domains. This is often because there are all these SVPs running around who need an organization to lead. So, one has operations, another IT, another design, another marketing, and so forth.

When senior management wakes up to the fact that technology has broken the barriers long ago, maybe they can get their organizations to follow suit.

This year we should be talking about how all technology is meant to serve leaders and managers who are trying to build safe, productive, profitable companies.

The story should be about benefits of using technology; not about pitting one against another.

Follow this blog

Get every new post delivered right to your inbox.