Another group validates standards for industrial communication including FDT and OPC UA.
FDT Group, an independent, international, not-for-profit standards association supporting the evolution of FDT technology (IEC 62453), announced that its Board of Directors voted unanimously to empower the emerging FDT IIoT Server (FITS) architecture with full platform independence. This decision strengthens the FITS architecture to support the diverse array of operating systems to meet industry-driven demands.
In addition to platform independence, key features of the FITS solution include native integration of the OPC Unified Architecture (OPC UA), as well as comprehensive Control and Web Services interfaces. With built-in security protecting valuable information and operating data, the FITS platform will enable cloud, enterprise, on-premise, and a single-user desktop deployment method meeting the needs of the process, hybrid and discrete manufacturing sectors.
“The FITS platform is the ‘game changer’ the automation industry has been anticipating,” said Glenn Schulz, managing director of FDT Group. “I’d like to thank our Architecture and Specification Working Group that worked behind the scenes investigating and prototyping the platform independence feature approved by our board.”
Schulz added, “The Architecture and Specification Working Group has been directed to immediately transition FDT Server Common Components to a pure .NET Core implementation, previously built on the Microsoft .NET Framework. This transition will result in a single FDT Server environment deployable on a Microsoft-, Linux-, or macOS-based operating system, which will empower the intelligent enterprise by bridging the current installed base with next-generation solutions supporting the IIoT and I4.0 era.”
The significant decision and direction allows nearly unlimited deployment and application scenarios. For example, cloud-based FDT Servers can enjoy the performance and cost benefits of a Linux operating system. Traditional control system vendors can offer the FDT Server embedded in their hardware, and machine builders can deploy a small Linux-based FDT Server offering a comprehensive preconfigured asset management system for their skid that can be securely accessed remotely or with smart phones or browsers.
MES applications can also incorporate an FDT Server to gain secure, direct access to production data and asset health and availability metrics through OPC UA. In addition, service providers can wrap services around an FDT Server delivered in an industrial hardened Linux box. The opportunities for cost savings and value creation goes on due to the highly flexible deployment options of the FITS standard.
Because of the security, scalability and the ease of deployment of an FDT Server, the solution will simplify entry into the IIoT marketplace as the only open platform standardized integration architecture providing a single interface with cloud-to-plant floor mobile access. The decision to migrate to platform independence will delay the launch of the FITS specification by approximately six months. With the launch planned for the latter half of 2019, alongside Common Components supporting the FITS standard, automation suppliers and service providers will immediately reap the benefits of a quick development and deployment strategy. Common Components create a library of FDT routines and will simplify compliant development of FITS-based solutions such as Servers, Device Type Managers (DTMs) and APPs.
Our schedules finally aligned and I was able to catch up with Ed Harrington, director of the Open Process Automation Forum for The Open Group. A few months ago I talked with Gary Freburger and Peter Martin of Schneider Electric’s process automation unit. We discussed the OPAF and what had been going on since the ARC Forum in Orlando last February.
OPAF has laid out an ambitious agenda moving automation toward an era of open connectivity and interoperability.
The original plan broached a couple of years ago at ARC Forum by representatives of ExxonMobil and Lockheed Martin was to prod suppliers into reducing the problem of upgrading systems in the field without the huge expense of rip-and-replace. Considerable industry jockeying ensued. Schneider Electric (Foxboro) eventually taking a leadership position in the effort with assistance from Yokogawa and to a degree Siemens. Other suppliers are watching and evaluating.
Smaller suppliers such as Inductive Automation have become involved along with some of the major automation systems suppliers.
The OPAF specification is really a standard of standards. The group wishes to build upon existing standards, assembling them in such a way as to advance the cause of open automation.
Harrington told me that so far this year, the group has published three items (that are open to the public). One is a business guide, The Open Process Automation Business Guide: Value Proposition and Business Case for the Open Process Automation Standard.
The industrial control systems that manufacturers use to automate their processes are critical to the company’s productivity and product quality. To increase the business contribution from control systems, manufacturers need:
1. Increases in operational benefits from improved capabilities
2. Improvements in cybersecurity compared to currently available systems
3. Reductions in the system’s capital and lifecycle costs
The organization has also published The Open Group Snapshot—Open Process Automation Technical Reference Model: Technical Architecture and a white paper Requirements for an Open Process Automation Standard.
Harrington also told me to expect an announcement of further work at next week’s Open Group Quarterly Meeting in Singapore.
I have seen a number of these initiatives in my career. Few succeed in entirety. However, the thinking that goes into this work always moves industry forward. I don’t know if we’ll ever see a truly OPAF control system. Anything that brings more rationality to the market keeping in minds the goals of OPAF will do much for helping manufacturers and producers improve performance. And that’s what it’s all about.
Simulators are great training tools. It sure beats flying 777s around for your annual pilot recert. Gaming technology has become so good along with many other technologies, that operators of process plants and machinery should be well trained to respond appropriately to any emergency.
Georgia Institute of Technology sent this information about an advancement in simulation for operator training. Good stuff.
A simulator that comes complete with a virtual explosion could help the operators of chemical processing plants – and other industrial facilities – learn to detect attacks by hackers bent on causing mayhem. The simulator will also help students and researchers understand better the security issues of industrial control systems.
This flow chart shows data flows within a simulated chemical processing facility.
Facilities such as electric power networks, manufacturing operations and water purification plants are among the potential targets for malicious actors because they use programmable logic controllers (PLCs) to open and close valves, redirect electricity flows and manage large pieces of machinery. Efforts are underway to secure these facilities, and helping operators become more skilled at detecting potential attacks is a key part of improving security.
Screen captures show a simulated explosion in a chemical processing plant precipitated by a cyberattack on the system.
“The goal is to give operators, researchers and students experience with attacking systems, detecting attacks and also seeing the consequences of manipulating the physical processes in these systems,” said Raheem Beyah, the Motorola Foundation Professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. “This system allows operators to learn what kinds of things will happen. Our goal is to make sure the good guys get this experience so they can respond appropriately.”
Details of the simulator were presented August 8 at Black Hat USA 2018, and August 13 at the 2018 USENIX Workshop on Advances in Security Education. The simulator was developed in part by Atlanta security startup company Fortiphyd Logic, and supported by the Georgia Research Alliance.
The simulated chemical processing plant, known as the Graphical Realism Framework for Industrial Control Simulations (GRFICS), allows users to play the roles of both attackers and defenders – with separate views provided. The attackers might take control of valves in the plant to build up pressure in a reaction vessel to cause an explosion. The defenders have to watch for signs of attack and make sure security systems remain operational.
Screen capture shows a chemical processing plant in which critical parameters are rising due to false process data and control commands injected by an attacker.
Of great concern is the “man-in-the-middle” attack in which a bad actor breaks into the facility’s control system – and also takes control of the sensors and instruments that provide feedback to the operators. By gaining control of sensors and valve position indicators, the attacker could send false readings that would reassure the operators – while the damage proceeded.
“The pressure and reactant levels could be made to seem normal to the operators, while the pressure is building toward a dangerous point,” Beyah said. Though the readings may appear normal, however, a knowledgeable operator might still detect clues that the system has been attacked. “The more the operators know the process, the harder it will be to fool them,” he said.
The GRFICS system was built using an existing chemical processing plant simulator, as well as a 3D video gaming engine running on Linux virtual machines. At its heart is the software that runs PLCs, which can be changed out to represent different types of controllers appropriate to a range of facilities. The human-machine interface can also be altered as needed to show a realistic operator control panel monitoring reaction parameters and valve controller positions.
“This is a complete virtual network, so you can set up your own entry detection rules and play on the defensive side to see whether or not your defenses are detecting the attacks,” said David Formby, a Georgia Tech postdoctoral researcher who has launched Fortiphyd Logic with Beyah to develop industrial control security products. “We provide access to simulated physical systems that allow students and operators to repeatedly study different parameters and scenarios.”
GRFICS is currently available as an open source, free download for use by classes or individuals. It runs on a laptop, but because of heavy use of graphics, requires considerable processing power and memory. An online version is planned, and future versions will simulate the electric power grid, water and wastewater treatment facilities, manufacturing facilities and other users of PLCs.
Formby hopes GRFICS will expand the number of people who have experience with the security of industrial control systems.
“We want to open this space up to more people,” he said. “It’s very difficult now to find people who have the right experience. We haven’t seen many attacks on these systems yet, but that’s not because they are secure. The barrier for people who want to work in the cyber-physical security space is high right now, and we want to lower that.”
Beyah and Formby have been working for several years to increase awareness of the vulnerabilities inherent in industrial control systems. While the community still has more to do, Beyah is encouraged.
“Several years ago, we talked to a lot of process control engineers as part of the NSF’s I-Corps program,” he said. “It was clear that for many of these folks then, security was not a major concern. But we’ve seen changes, and lots of people are now taking system security seriously.”
Foxboro and Triconex looks to be on the path to health under Schneider Electric. Its annual user conference is this week in San Antonio. I‘d love to be there, but personally more important is “grandparent duty” that I’m on this week. So, I had the opportunity to talk with Gary Freburger, leader of the group, and Peter Martin, VP of marketing, to get an update and view of what I’ll be missing.
Gary Freburger began with the market rebounding due to current oil pricing. Business is starting to get strong. IA product line has done well and the process business also did well going up 6% in the first half of the year. He’s expecting majority of growth over the next two years. Schneider Electric is still investing around EcoStruxure system. Foxboro is continuing on the path they discussed with us at the last user conference—how to get more value from control systems going from “necessary evil” to value add in the eyes of customer executives. The strategy is to turn data and connectivity into a business driver. The goal is enabling better decisions and improving profitability.
Freburger discussed cooperating with OPAF for a comprehensive strategy. Then he dropped in an interesting tidbit—cooperation with AVEVA. I’ve wondered about how AVEVA with the inclusion of previous Schneider Electric software would work with the Foxboro side of things. He told me they now have and end-to-end relationship to improve time to market. He noted as oil prices dropped customers thought “what can I afford to do?” Now, all have reset expectations. As oil prices rebound, they have not changed expectations. Some interesting applications and strategies include AVEVA auto populate control system, digital twin of facility, operations feedback our systems to AVEVA’s, then customer asset management upgrade works easier.
Martin discussed how Schneider is trying to change the question—from how to do control to how do we help customers solve problems that impact business? He pointed out that they’ve been doing digitization for years. What’s new is how to drive this new approach. 40 years ago controls was a solution-driven business; then with digitization the industry went from solutions to technology-driven. The times now require a need to flip flop. Solutions oriented but with today’s portfolios taking it to a much higher level. The speed of industrial business has increased—what was stable, e.g. cost of electricity—is stable no longer. The speed means IT world can’t keep up. Built-in real-time accounting control helps plants go beyond control to profitability. Foxboro is still dedicated to taking the use of technology to the next level.
During the conference (while I am writing from the forests in southern Ohio while the grandkids are in bed), Schneider Electric announced the release of EcoStruxure Foxboro DCS Control Software 7.1.With expanded capabilities and an enhanced HMI, the updated software simplifies engineering and enhances the user experience, while expanding the ability of EcoStruxure Foxboro DCS to drive measurable operational profitability improvements, safely.
The EcoStruxure Foxboro DCS is an open, interoperable and future-proof process automation system that provides highly accurate and effective control over a manufacturing plant’s operational profitability. It is the only process control system that provides measurable operational profitability improvements and a future-proof architecture, enabling a measurable 100 percent ROI in less than one year.
EcoStruxure is Schneider Electric’s open, interoperable, IoT-enabled system architecture and platform. This includes Connected Products, Edge Control, and Apps, Analytics and Services. EcoStruxure has been deployed in 480,000+ sites, with the support of 20,000+ system integrators and developers, connecting over 1.6 million assets under management through 40+ digital services.
EcoStruxure Foxboro DCS Control Software 7.1 runs on Windows 10 and Windows Server 2016, to provide maximum flexibility while ensuring robust cybersecurity. When planning upgrades, Schneider Electric customers can mix Windows XP, Windows 7 and Windows 10 on the same system, allowing flexibility in scheduling and timing for upgrades. Customers can upgrade individual sections of the plant in any order, at any pace, to best accommodate plant production schedules. With Microsoft support for Windows 7 due to end in 2020, transitioning to Windows 10 allows EcoStruxure Foxboro DCS customers to benefit from the strongest operating system with the most up-to-date cybersecurity features.
Among other new and updated features, the continuously current EcoStruxure Foxboro DCS Control Software 7.1 now includes:
• EcoStruxure Field Device Expert that improves efficiency, safety and profitability, while considerably reducing time for startup and restarts. It includes:
◦ Intelligent Commissioning Wizard, to reduce commissioning time up to 75 percent by automating HART device commissioning and documentation processes.
◦ Device Replacement Wizard to significantly reduce time and expertise to replace or commission HART devices, either individually or in bulk.
◦ Bundled HART DD library for increased security, faster device deployment, eradication of version mismatch and elimination of cybersecurity risks previously created by moving documents from the HART consortium web page into the system.
• New HMI Bulk Graphics Editor for increased operational efficiency and reliability by greatly reducing engineering hours and improving quality during testing. Use in major projects shows that replicating hundreds of displays with the new Bulk Graphics Editor saves months of man hours and improves quality by delivering highly predictable results. The Bulk Graphics Editor makes migrating from the classic FoxView HMI to the new Foxboro DCS Control HMI easier, requiring far fewer engineering hours, which reduces the time and cost to transition between technologies.
• Control Editors Activity Monitor for increased efficiency by improving communication, workflow and collaboration.
• Real-time asset health condition monitoring for increased reliability.
• Future-proof technology supporting the latest FTD 2.0 standard, which improves compatibility with digitized field devices from Schneider Electric and third-party vendors.
• New migration path, along with the new HMI Bulk Graphics Editor, simplifies the transition from existing FoxView HMI displays to the EcoStruxure Foxboro DCS Control Software 7.1 HMI platform for a continuously current and future-proof system. An upgrade migration path is available from previous Control Software Versions 5.x, 6.x and 7.0. After upgrading, users can tap into newer technologies that improve productivity, cybersecurity, efficiency and profitability.
Critical infrastructure control systems have been under cyber attack for years. Need we mention Stuxnet, the attack that brought the issue to the public eye? Pressure has been mounting on controls, automation, and IoT suppliers to protect a nation’s assets.
Siemens and eight partners signed a joint charter for greater cybersecurity at a recent Munich conference.
- Ten action areas for greater cybersecurity
- Call for dedicated government ministries and chief information security officers
- Independent certification for critical infrastructures and solutions in the Internet of Things
The Charter of Trust calls for binding rules and standards to build trust in cybersecurity and further advance digitalization. In addition to Siemens and the Munich Security Conference (MSC), the companies Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom are signing the Charter. The initiative is further welcomed by Canadian foreign minister and G7 representative Chrystia Freeland as well as witnessed by Elżbieta Bieńkowska, the EU Commissioner for Internal Market, Industry, Entrepreneurship and Small and Medium-sized Enterprises.
“Confidence that the security of data and networked systems is guaranteed is a key element of the digital transformation,” said Siemens President and CEO Joe Kaeser. “That’s why we have to make the digital world more secure and more trustworthy. It’s high time we acted – not just individually but jointly with strong partners who are leaders in their markets. We hope more partners will join us to further strengthen our initiative.”
The Charter delineates 10 action areas in cybersecurity where governments and businesses must both become active. It calls for responsibility for cybersecurity to be assumed at the highest levels of government and business, with the introduction of a dedicated ministry in governments and a chief information security officer at companies. It also calls for companies to establish mandatory, independent third-party certification for critical infrastructure and solutions – above all, where dangerous situations can arise, such as with autonomous vehicles or the robots of tomorrow, which will interact directly with humans during production processes. In the future, security and data protection functions are to be preconfigured as a part of technologies, and cybersecurity regulations are to be incorporated into free trade agreements. The Charter’s signatories also call for greater efforts to foster an understanding of cybersecurity through training and continuing education as well as international initiatives.
“Secure digital networks are the critical infrastructure underpinning our interconnected world,” said Canadian foreign minister Chrystia Freeland. “Canada welcomes the efforts of these key industry players to help create a safer cyberspace. Cybersecurity will certainly be a focus of Canada’s G7 presidency year.” The matter is also a top priority for the Munich Security Conference. “Governments must take a leadership role when it comes to the transaction rules in cyberspace,” said Wolfgang Ischinger, Chairman of the Munich Security Conference. “But the companies that are in the forefront of envisioning and designing the future of cyberspace must develop and implement the standards. That’s why the Charter is so important. Together with our partners, we want to advance the topic and help define its content,” he added.
According to the ENISA Threat Landscape Report, cybersecurity attacks caused damage totaling more than €560 billion worldwide in 2016 alone. For some European countries, the damage was equivalent to 1.6 percent of the gross domestic product. And in a digitalized world, the threats to cybersecurity are steadily growing: According to Gartner, 8.4 billion networked devices were in use in 2017 – a 31-percent increase over 2016. By 2020, the figure is expected to reach 20.4 billion.