Standards are useful, sometimes even essential. Standard sizes of shipping containers enable optimum ship loading/unloading. Standard railroad gauges and cars enable standard shipping containers to move from ship to train, and eventually even to tractor/trailer rigs to get products to consumers.
Designing and producing to standards can be challenging. Therefore the value of Best Practices.
Taking this to the realm of Industrial Internet of Things where data security, privacy and trustworthiness are essential, the Industrial Internet Consortium (IIC) has published the Data Protection Best Practices White Paper. I very much like these collaborative initiatives that help engineers solve real world problems.
Designed for stakeholders involved in cybersecurity, privacy and IIoT trustworthiness, the paper describes best practices that can be applied to protect various types of IIoT data and systems. The 33-page paper covers multiple adjacent and overlapping data protection domains, for example data security, data integrity, data privacy, and data residency.
I spoke with the lead authors and came away with a sense of the work involved. Following are some highlights.
Failure to apply appropriate data protection measures can lead to serious consequences for IIoT systems such as service disruptions that affect the bottom-line, serious industrial accidents and data leaks that can result in significant losses, heavy regulatory fines, loss of IP and negative impact on brand reputation.
“Protecting IIoT data during the lifecycle of systems is one of the critical foundations of trustworthy systems,” said Bassam Zarkout, Executive Vice President, IGnPower and one of the paper’s authors. “To be trustworthy, a system and its characteristics, namely security, safety, reliability, resiliency and privacy, must operate in conformance with business and legal requirements. Data protection is a key enabler for compliance with these requirements, especially when facing environmental disturbances, human errors, system faults and attacks.”
Categories of Data to be Protected
Data protection touches on all data and information in an organization. In a complex IIoT system, this includes operational data from things like sensors at a field site; system and configuration data like data exchanged with an IoT device; personal data that identifies individuals; and audit data that chronologically records system activities.
Different data protection mechanisms and approaches may be needed for data at rest (data stored at various times during its lifecycle), data in motion (data being shared or transmitted from one location to another), or data in use (data being processed).
“Security is the cornerstone of data protection. Securing an IIoT infrastructure requires a rigorous in-depth security strategy that protects data in the cloud, over the internet, and on devices,” said Niheer Patel, Product Manager, Real-Time Innovations (RTI) and one of the paper’s authors. “It also requires a team approach from manufacturing, to development, to deployment and operation of both IoT devices and infrastructure. This white paper covers the best practices for various data security mechanisms, such as authenticated encryption, key management, root of trust, access control, and audit and monitoring.”
“Data integrity is crucial in maintaining physical equipment protection, preventing safety incidents, and enabling operations data analysis. Data integrity can be violated intentionally by malicious actors or unintentionally due to corruption during communication or storage. Data integrity assurance is enforced via security mechanisms such as cryptographic controls for detection and prevention of integrity violations,” said Apurva Mohan, Industrial IoT Security Lead, Schlumberger and one of the paper’s authors.
Data integrity should be maintained for the entire lifecycle of the data from when it is generated, to its final destruction or archival. Actual data integrity protection mechanisms depend on the lifecycle phase of the data.
As a prime example of data privacy requirements, the paper focuses on the EU General Data Protection Regulation (GDPR), which grants data subjects a wide range of rights over their personal data. The paper describes how IIoT solutions can leverage data security best practices in key management, authentication and access control can empower GDPR-centric privacy processes.
The Data Protection Best Practices White Paper complements the IoT Security Maturity Model Practitioner’s Guide and builds on the concepts of the Industrial Internet Reference Architecture and Industrial Internet Security Framework.
The Data Protection Best Practices White Paper and a list of IIC members who contributed to it can be found on the IIC website
Last November I visited TÜV Rheinland where we were briefed on its progress on cybersecurity services. It is a well known testing and service agency in Europe with the same reputation in general as UL in the US. I once served on a UL Industry Advisory Group for one of its standards where I got a good view of the value of testing and certification as a value to companies as well as consumers.
TÜV Rheinland has announced expanded Customized Services coverage to North America, now making these services available worldwide. Featuring its Supply Chain Audit, TÜV Rheinland’s customized services enable companies to demonstrate they are good corporate citizens by showing transparency and responsibility regarding their business practices and employees, while reducing risk, increasing brand value and providing a competitive advantage in the market.
TÜV Rheinland has been delivering Supply Chain Audit Services across the globe for many years, and is bringing these services to North America now as Corporate Social Responsibility (CSR) has become a more important part of companies’ business strategy. Increasingly consumers are holding brands accountable for not only how they create and deliver a safe product, but also for employee conditions and overall impact on the environment. With expanded supply chains, growing international production and trade connections, supply chain audits are a critical tool for ensuring compliance on a wide range of points including labor, safety, environment, social and ethics.
“Customers have countless options for procuring their goods. And especially when a customer enters a business relationship with a company that has a global supply chain, it is hard to ensure that the products are of high quality and have been manufactured under fair working conditions,” explained Frank Dorssers, Global Field Manager for Customized Services at TÜV Rheinland. “In these instances, supply chain or social audits create transparency and compel suppliers to disclose critical information, creating trust between the business, their partners and the customer.”
Audits vary in scope based on the sector and company, but often assess a company’s responsible sourcing practices across the supply chain and analyse compliance with Labor Laws, Environmental Sustainability, Business Ethics, as well as Health & Safety Management Systems. Specific risks by industry may also be addressed, such as hazardous chemical management in the printing and dyeing industry. Audit results provide actionable insights that companies can undertake to ensure their business practices meet the CSR and HSE (Health, Safety, Environment) goals they have set for themselves as well as mandates.
Things have been quiet on the OPC/UA and TSN front for about a year. I wrote a preliminary white paper a couple of years ago (link on my blog to download) based on a proposal brought by a number of German companies to OPC almost without warning. Since then, the group has succeeded in getting an official working group within OPC Foundation. But some companies have dropped interest in the project and others are notorious for lending public support while dragging their feet on adoption.
This press release from Moxa, a manufacturer of Ethernet infrastructure for industrial applications notes it is now supporting the Open Platform Communications Foundation’s (OPC’s new name, I guess) United Architecture Field Level Communications (OPC UA FLC) initiative. It says it will “lend its considerable expertise to the development of a unified infrastructure for Time-Sensitive Networking (TSN) technologies.”
Moxa says that the aim is to build an open, standards-based communication solution for the Industrial Internet of Things (IIoT) by extending the OPC UA machine-to-machine communication protocol from sensors in the field to IT systems or the cloud. Adopting one unified network infrastructure will provide vendors with independent end-to-end interoperability of their field level devices, such as sensors, actuators, controllers and cloud addresses, and enabling bilateral IIoT data communications between the factory floor and the cloud. With TSN as its foundation, the OPC UA FLC initiative meets emerging IIoT requirements for deterministic networking and real time communications over high-bandwidth, low-latency networks.
“We are proud to be part of this new initiative of the OPC Foundation. It is the first-ever joint undertaking by the leading players in the automation industry under the auspices of the OPC Foundation to build TSN technologies for future industrial automation systems based on a truly unified infrastructure,” said Andy Cheng, President of the Strategic Business Unit at Moxa. “Moxa has committed to collaborating with customers and key industry players to drive innovation, industry standards, proof of concepts, testbeds, and the successful implementation of advanced TSN technologies.”
“Moxa’s valuable knowledge and great portfolio of industrial switches for the vast OPC UA TSN ecosystem, covering all the way from sensors to the cloud, are very helpful for our market to realize a truly unified infrastructure for future automation networking,” said Stefan Schönegger, Vice President of Product Strategy & Innovation at B&R Industrial Automation, a fellow member of Moxa’s on the FLC Steering Committee.
Companies on the FLC Steering Committee include ABB, Beckhoff, Bosch Rexroth, B&R Industrial Automation, Cisco, Hilscher, Hirschmann, Huawei, Intel, Kalycito, KUKA, Mitsubishi Electric, Molex, Omron, Phoenix Contact, Pilz, Rockwell Automation, Schneider Electric, Siemens, TTTech, Wago, and Yokogawa. The FLC initiative has also gained support from the TSN testbeds of the Edge Computing Consortium (ECC), the Industrial Internet Consortium (IIC), and Labs Network Industry 4.0 (LNI 4.0) with regard to the FLC activities to adopt “One TSN”.
Moxa has participated in all these testbeds to showcase the interoperability of its TSN switches with the devices of other vendors in one standard Ethernet-based network infrastructure. This interoperability will be instrumental in the future of industrial automation by opening up new possibilities brought on by the IIoT and Industry 4.0.
The greater IT community makes abundant use of open source projects. These projects have proven great worth in operating systems, networking, and applications. The OT community, well, not so much. Maybe some. Microsoft and Dell Technologies, among many others, have donated millions of lines of code to open source projects.
However, the Internet of Things has proven to be one of the places where IT and OT can come together.
Meanwhile, The Eclipse Foundation has been a favorite of mine for probably 20 years. I remember downloading and playing with the Eclipse IDE for Java a long time ago. The foundation makes the news again this year announcing open source advancements in IoT.
It announced major milestones that make Eclipse IoT a leading collaboration of vendors working together to define an open, modular architecture to accelerate commercial IoT adoption. Similar to the early days of the Internet–where open source and vendor collaboration on standard building blocks brought the web to ubiquity–industry leaders including Bosch, Red Hat, Cloudera, and Eurotech are collaborating to standardize open source, modular IoT architecture components within the Eclipse IoT Working Group.
In 2011, the Eclipse IoT Working Group was launched with three projects aimed at reducing the complexity of developing Machine-to-Machine IoT solutions. Eclipse IoT quickly evolved as vendors signed up to collaborate on IoT’s end-to-end interoperability and performance challenges across key areas like constrained devices, device gateways, and scalable cloud platforms. Today the Eclipse IoT community has grown to 37 projects, 41 member companies, and 350 contributors who are building IoT solutions based on Eclipse IoT code.
In a recent case study, Bosch Software Innovations detailed the reasons why it decided in 2015 to participate in Eclipse IoT and the major advantages that open source community involvement has brought to its cloud-based IoT platform, the Bosch IoT Suite. Bosch today has more than 60 developers working on Eclipse IoT projects and has contributed around 1.5 million lines of code. The Bosch IoT Suite is based on the Eclipse Ditto, Eclipse hawkBit, Eclipse Hono, and Eclipse Vorto open source projects.
“We have accomplished so much since we began our open source strategy at Bosch,” added Caroline Buck, Product Owner, Bosch IoT Suite. “Open source development has enabled us to transform how we build software internally and it is making our organization a better product company. Any company that is serious about IoT should consider an ‘open source first’ strategy. If you are planning to do open source IoT, then Eclipse IoT is THE community we recommend.”
In a recent report–Eclipse Foundation’s Open Source IoT Activity Reaches Critical Mass–industry analyst firm 451 Research concluded: “It is time to take a look at what Eclipse IoT has to offer as organizations that choose vendor-specific (proprietary) alternatives to get started begin to run into challenges regarding scale, complexity or cost that has them interested in open source alternatives. While it is not necessarily easier to get an IoT project up and running using open source software, the long-term advantages once an IoT system reaches critical scale are clear–more predictable costs and avoidance of vendor lock-in–and they are driving enterprises to investigate open source options.”
“We are proud that Eclipse IoT is the open source community of choice for commercial-grade IoT innovation,” said Mike Milinkovich, Executive Director of the Eclipse Foundation. “Eclipse IoT projects are where industry leaders collaborate on developing the production-ready, interoperable, and flexible open source building blocks needed for the market adoption IoT. Our members are at the forefront of accelerating IoT innovation with the quality and sustainability that the Eclipse Foundation is known for.”
On Eclipse Foundation’s blog, Milinkovich described how–similar to the early trajectory of the commercial Internet, and the importance of the LAMP stack in particular–industrial IoT’s progress is being catalyzed by open source standards and interoperability that allow vendors to drive solutions forward while competing above the common infrastructure level. Eclipse IoT represents the largest open source community that’s driving these open, interoperable, and flexible components.
Eclipse IoT projects are broadly grouped under three categories of innovation critical for building an end-to-end IoT architecture:
- Constrained Devices — the set of libraries that can be deployed on a constrained embedded device to provide a complete IoT development stack.
- Edge Device Gateways — projects that provide capabilities to coordinate the connectivity of a group of sensors and actuators to each other and to external networks.
- IoT Cloud Platform — projects that deliver the highly scalable, multi-cloud software infrastructure and services required to manage and integrate devices and their data. These technologies support deployment flexibility for running IoT workloads at the edge, on any of the leading cloud platforms (e.g. Amazon Web services, Microsoft Azure, Google Cloud), or in enterprise data centers. These projects also facilitate the interoperability of Eclipse IoT-based solutions with existing enterprise applications and other IoT solutions.
In addition to the Bosch IoT Suite, Eclipse IoT technologies are powering production-ready, commercial IoT offerings from other leading vendors. Eurotech’s award-winning Everyware IoT integrated IoT portfolio is based on Eclipse IoT projects. Everyware Software Framework is an enterprise-ready IoT edge framework based on Eclipse Kura, a Java/OSGi middleware for IoT gateways. Everyware Cloud, an enterprise-ready edition of Eclipse Kapua, offers an open, modular, and microservices-based IoT cloud platform.
“The market adoption of new business models is driving the demand for more agile, secure, and flexible solutions based on open standards and open source technologies. This trend contributed to Eurotech’s decision, in 2012, to become a founding member of the Eclipse IoT Working Group hosted by the Eclipse Foundation”, said Giuseppe Surace, Chief Product and Marketing Officer at Eurotech. “The Eclipse Foundation is the place where industry leaders collaborate to deliver innovative and extensible tools, frameworks, and runtime components for an open development environment. Within Eclipse IoT, Eurotech is working with Cloudera, Red Hat, and others to develop key IoT runtimes and other enabling technologies that will deliver an integrated, end-to-end open IoT architecture. Eurotech was the original contributor to the Eclipse Kura and Eclipse Kapua projects within the IoT Working Group. Our core objective is to ensure that when customers are ready to deploy IoT, the solutions will be there.”
IoT ecosystem leaders join Eclipse IoT to take advantage of the following opportunities:
- Participate in industry collaborations to develop common open IoT platforms for Industrial IoT, Industry 4.0, Smart Home, Edge Computing, and more.
- Ensure the quality and sustainability of an end-to-end enterprise IoT architecture fully based on open source and open standards
- Play a role in defining Eclipse IoT strategic priorities
- Gain insights into the Eclipse IoT technology roadmap and direction
- Benchmark and learn best practices from peers for leveraging open IoT technologies to accelerate product development and improve time-to-revenue
Learn more about joining the Eclipse IoT or participating in any of its projects.
I’ve added a new podcast–184 Standards are Important for Manufacturers. Without standards, shipping by ship, train, and truck would be chaotic. Just so, developing manufacturing standards such as OPC, FDT, EDDL, ISA88, and ISA95 has had great benefit to manufacturers and producers. The Open Process Automation Forum, part of The Open Group, consists of users and developers of technology hoping to build a standard of standards lowering total cost of ownership and total cost of upgrading.
Industrial Control Systems Cyber Security Through Trusted Systems
The week following Thanksgiving, I participated in a press tour with Siemens visiting a number of locations in Munich, Germany and following into Nuremberg for a day at SPS/IPC/Drives. I have posted a few things already and you can check out my Twitter stream.
Three weeks of travel plus my wife’s surgery (elective, she’s doing well with Nurse/Cook Gary sort of looking after her) took a toll on catching up with writing and email. Excuses aside, following are some additional thoughts from the trip.
If company executives and engineers cannot trust data coming from the IoT system, then digitalization and its many benefits will not be implemented. It’s in this spirit that Siemens launched the Charter of Trust earlier this year at the at the Munich Security Conference. Since then, several more global companies saw the value of the Charter of Trust, and signed on.
The Charter of Trust then begins with these three goals:
- protecting the data and assets of individuals and businesses;
- preventing damage to people, businesses, and infrastructures;
- building a reliable basis for trust in a connected and digital world.
We were introduced to several companies who have joined the Charter of Trust, visiting their sites, and discussing various aspects of cyber security.
Harry Brian, Business Development Manager, Industry Security Services, Siemens, gave us a Siemens background. “As we see attacks in the wild that are specifically crafted for PLCs and safety systems, no one can ignore the relevance and the urgency,” he told us. In addition, companies also must comply with numerous industrial security regulations and standards all over the world. “Help lies in a concept called defense in depth and is to be found in the IEC 62443 – the standard for IT security for Industrial Automation and Control Systems. Siemens has been addressing the cyber challenge for decades and is employing innovation and technology for anomaly detection and vulnerability monitoring and reporting with MindSphere.”
We stopped at NXP’s office in Munich. NXP has signed on to the Charter of Trust. The first discussion dove into autonomous driving, the convergence of AI and IoT, with Lars Reger, Automotive Chief Technology Officer and Wolfgang Steinbauer, VP, Head of the NXP Innovation Center Crypto and Security.
“The paradigm shift that comes with the convergence of AI and the IoT, will be even greater than the one we have witnessed with the introduction of the personal computer or the mobile phone,” they told us. “Effective security, based on the guiding principles of security and privacy by design, will be crucial to mitigate against the risks that come with it. Cybersecurity and data privacy aspects are paramount to generate trust, particularly so in critical future applications in smart traffic and autonomous driving. People, organizations and entire societies will support this transformation only if the security of their data and networked systems can be ensured.”
The Charter of Trust, they noted, defines what it means to trust along with security levels.
We stopped next in our tour of Munich at TÜV Süd, and a discussion with Andy Schweiger, Cybersecurity section Chief Executive Officer. For Americans not familiar with the organization, it is somewhat analogous to UL.
The news here is that TÜV Süd is developing a cyber security consulting practice and has been on a hiring spree adding to its staff.
The next stop was a tour of the IBM Watson IoT Center. Here IBM brings together developers, consultants, researchers and designers to drive state-of-the-art collaborative innovation with SMEs and start-ups, government, schools and universities and investors.
Speakers stressed the importance of involving governments in industrial cyber security work. Supply chains require careful consideration establishing risk-based rule for protection across all IIoT layers with clearly defined and mandatory requirements. There are many avenues for intrusions. They brought up the case of a hacker getting into a system through a smart lightbulb.
Finally came a tour of Allianz Stadium, home of the Bayern Munich Football Club where Siemens has a strong technology partnership.
The partnership includes energy, building infrastructure, mobility and security.
Fire prevention: Allianz Arena has a maximum protection against fire. Numerous fire detectors and sprinkler heads are located throughout the stadium: 4,600 fire detectors, 1 sprinkler head per 4 visitors (about 140 times more than fire-fighters per inhabitant in a German city), 3 water reservoirs with a total volume of 1,200 m3 in each sprinkler and hydrant centre.
Energy Management: Energy supply (introduction via screen inside the stadium) – new video wall quadruples the energy consumption in comparison to previous video wall. Supply through two transformer stations of the Stadtwerke Munich (municipal utilities) (capacity about 12 MW), peek-capacity on a match-day is about6 MW, which equals the consumption of a smaller town. Plans include a complete microgrid solution by Siemens, from power generation and storage through distribution, including monitoring.
Traffic Control: Siemens solutions (camera-system for the surveillance of traffic routes) around suburban traffic vehicles and traffic telematics ensure that all fans reach the stadium safely and on-time. Siemens traffic management systems regulate the flow of traffic on the motorways near the stadium. Video surveillance: Siemens security concepts and technologies are optimally adapted to the large visitor flow in the Arena. A video system with 90 cameras, records images that can be used by law enforcement.
Every professional soccer stadium has an experienced greenkeeper who cares for the sacred turf. And now, for the first time, the greenkeeper at the Allianz Arena will be assisted by an application. It’s being made possible by MindSphere, the open IoT operating system, and software developers at evosoft. The FC Bayern Greenkeeper App will now assist the greenkeeper and give the grass a voice. Sensors gather data and send it to MindSphere. The MindSphere application then evaluates the data and converts it into action recommendations. Water more. Expose the grass to stronger or longer light. Start the lawn heating or turn it down.These kinds of recommendations require a huge amount of data: light, temperature, humidity, the lawn’s salt content, wind, the chlorophyll content of the blades of grass. All this data is supplied by sensors installed on the field by the Dutch stadium lighting expert SGL, allowing its customers to monitor the lighting of their lawn. Current weather data and forecasts are also fed into the system. The data from the playing field is delivered to the collector box once per minute. MindSphere evaluates the data, formulates action recommendations, and converts both into clear diagrams. The greenkeeper keeps an eye on the turf via a smartphone – and he’s immediately provided with specific action recommendations.