Foxboro and Triconex looks to be on the path to health under Schneider Electric. Its annual user conference is this week in San Antonio. I‘d love to be there, but personally more important is “grandparent duty” that I’m on this week. So, I had the opportunity to talk with Gary Freburger, leader of the group, and Peter Martin, VP of marketing, to get an update and view of what I’ll be missing.
Gary Freburger began with the market rebounding due to current oil pricing. Business is starting to get strong. IA product line has done well and the process business also did well going up 6% in the first half of the year. He’s expecting majority of growth over the next two years. Schneider Electric is still investing around EcoStruxure system. Foxboro is continuing on the path they discussed with us at the last user conference—how to get more value from control systems going from “necessary evil” to value add in the eyes of customer executives. The strategy is to turn data and connectivity into a business driver. The goal is enabling better decisions and improving profitability.
Freburger discussed cooperating with OPAF for a comprehensive strategy. Then he dropped in an interesting tidbit—cooperation with AVEVA. I’ve wondered about how AVEVA with the inclusion of previous Schneider Electric software would work with the Foxboro side of things. He told me they now have and end-to-end relationship to improve time to market. He noted as oil prices dropped customers thought “what can I afford to do?” Now, all have reset expectations. As oil prices rebound, they have not changed expectations. Some interesting applications and strategies include AVEVA auto populate control system, digital twin of facility, operations feedback our systems to AVEVA’s, then customer asset management upgrade works easier.
Martin discussed how Schneider is trying to change the question—from how to do control to how do we help customers solve problems that impact business? He pointed out that they’ve been doing digitization for years. What’s new is how to drive this new approach. 40 years ago controls was a solution-driven business; then with digitization the industry went from solutions to technology-driven. The times now require a need to flip flop. Solutions oriented but with today’s portfolios taking it to a much higher level. The speed of industrial business has increased—what was stable, e.g. cost of electricity—is stable no longer. The speed means IT world can’t keep up. Built-in real-time accounting control helps plants go beyond control to profitability. Foxboro is still dedicated to taking the use of technology to the next level.
During the conference (while I am writing from the forests in southern Ohio while the grandkids are in bed), Schneider Electric announced the release of EcoStruxure Foxboro DCS Control Software 7.1.With expanded capabilities and an enhanced HMI, the updated software simplifies engineering and enhances the user experience, while expanding the ability of EcoStruxure Foxboro DCS to drive measurable operational profitability improvements, safely.
The EcoStruxure Foxboro DCS is an open, interoperable and future-proof process automation system that provides highly accurate and effective control over a manufacturing plant’s operational profitability. It is the only process control system that provides measurable operational profitability improvements and a future-proof architecture, enabling a measurable 100 percent ROI in less than one year.
EcoStruxure is Schneider Electric’s open, interoperable, IoT-enabled system architecture and platform. This includes Connected Products, Edge Control, and Apps, Analytics and Services. EcoStruxure has been deployed in 480,000+ sites, with the support of 20,000+ system integrators and developers, connecting over 1.6 million assets under management through 40+ digital services.
EcoStruxure Foxboro DCS Control Software 7.1 runs on Windows 10 and Windows Server 2016, to provide maximum flexibility while ensuring robust cybersecurity. When planning upgrades, Schneider Electric customers can mix Windows XP, Windows 7 and Windows 10 on the same system, allowing flexibility in scheduling and timing for upgrades. Customers can upgrade individual sections of the plant in any order, at any pace, to best accommodate plant production schedules. With Microsoft support for Windows 7 due to end in 2020, transitioning to Windows 10 allows EcoStruxure Foxboro DCS customers to benefit from the strongest operating system with the most up-to-date cybersecurity features.
Among other new and updated features, the continuously current EcoStruxure Foxboro DCS Control Software 7.1 now includes:
• EcoStruxure Field Device Expert that improves efficiency, safety and profitability, while considerably reducing time for startup and restarts. It includes:
◦ Intelligent Commissioning Wizard, to reduce commissioning time up to 75 percent by automating HART device commissioning and documentation processes.
◦ Device Replacement Wizard to significantly reduce time and expertise to replace or commission HART devices, either individually or in bulk.
◦ Bundled HART DD library for increased security, faster device deployment, eradication of version mismatch and elimination of cybersecurity risks previously created by moving documents from the HART consortium web page into the system.
• New HMI Bulk Graphics Editor for increased operational efficiency and reliability by greatly reducing engineering hours and improving quality during testing. Use in major projects shows that replicating hundreds of displays with the new Bulk Graphics Editor saves months of man hours and improves quality by delivering highly predictable results. The Bulk Graphics Editor makes migrating from the classic FoxView HMI to the new Foxboro DCS Control HMI easier, requiring far fewer engineering hours, which reduces the time and cost to transition between technologies.
• Control Editors Activity Monitor for increased efficiency by improving communication, workflow and collaboration.
• Real-time asset health condition monitoring for increased reliability.
• Future-proof technology supporting the latest FTD 2.0 standard, which improves compatibility with digitized field devices from Schneider Electric and third-party vendors.
• New migration path, along with the new HMI Bulk Graphics Editor, simplifies the transition from existing FoxView HMI displays to the EcoStruxure Foxboro DCS Control Software 7.1 HMI platform for a continuously current and future-proof system. An upgrade migration path is available from previous Control Software Versions 5.x, 6.x and 7.0. After upgrading, users can tap into newer technologies that improve productivity, cybersecurity, efficiency and profitability.
Bedrock Automation, products built for security from the chips up, had a flurry of activity at the ARC Industry Forum in Orlando last week. It announced a firmware upgrade, OPC UA and partnerships for its SCADA product, and anomaly detection. Here’s a teaser—CEO and Founder Albert Rooyakkers pulled out a new piece of hardware. He didn’t have a release or specs for me, but watch for a new, lower cost, SCADA or gateway device hardened and built with security in mind from the chips up.
Bedrock and OPC UA
Bedrock Automation has published a concise, easy-to-deploy interface specification that enables users and application developers to take advantage of the security capabilities of OPC UA communications software. By following the simple procedures outlined in the Bedrock SCADA Security Platform Specification, developers can upgrade any OPC UA compliant client into a highly secure OPC UA channel, across which users can exchange data between plant floor operations and SCADA applications. Three leading SCADA software developers, Inductive Automation, ICONICS and TATSOFT, are committing and releasing support to the Bedrock interface specification.
“OPC UA provides unique cyber security advantages enabling open communications across numerous industrial devices and applications and providing the end-users options for integrating authentication keys protecting those communications. The most secure OPC level is to authenticate those keys against a known root of trust, which Bedrock supplies via a certificate authority (CA), validated against cryptographic keys built into its controller,” said Thomas J. Burke, OPC Foundation President and Executive Director, adding “Bedrock Automation is a clear leader in supporting the OPC UA standards, and provides information integration and communication that the end users have been demanding.
Bedrock designs and sources its own secure semiconductor components with encryption and authentication technologies embedded at the “birth” of their modules, assembled and tested by Bedrock in their cyber secure supply chain. The unique design then draws on the power and flexibility of public key infrastructure (PKI) and Transport Layer Security (TLS) standards similar to those used to secure ecommerce transactions and military and aerospace electronics. Bedrock Automation then uses those securely embedded keys as the basis for digital certificates that manage access and communication between SCADA applications and control systems. Bedrock Cybershield 3.0 firmware is the first control system to offer an embedded PKI for SCADA applications.
“Such a simple specification demonstrates that Open and Secure SCADA can be deployed today, and that an applications interface does not have to be thousands or even hundreds of pages. We are pleased to be working with innovative SCADA software providers such as Inductive Automation, ICONICS and TATSOFT, to help them and their customers take advantage of the secure communications capabilities of OPC UA and the intrinsic security of the Bedrock platform,” said Rooyakkers.
Bedrock Automation also announced the availability of Cybershield 3.0, a major firmware upgrade with advancements that make it easier for end users and developers to build control applications that are both open and secure. Among the six major innovations facilitated by the Cybershield 3.0 upgrade are the first public key infrastructure (PKI) built into an OPC UA server for SCADA applications; an industrial Certificate Authority (CA) for user key management; virtual crypto key locks for the controller; and a Secure Proxy server capability that can protect legacy controls systems of other vendors.
“Cybershield 3.0 is one of the most significant steps forward since the release of our Bedrock OSA platform. We now support leading SCADA companies in integrating their OPC UA client to our open security and key management tools. In addition, we start our march to converge IT cyber detection technologies into real-time OT automation with our integrated Anomaly Detection (AD) tools built into every controller. We are delivering secure SCADA and AD as intrinsic and zero-cost advancements, focused acutely on ease of use and reductions in lifecycle costs,” said Bedrock founder and CEO Albert Rooyakkers.
Bedrock Cybershield 3.0 includes the following capabilities:
1) Secure Open SCADA with OPC UA. The cryptographic keys built into all the Bedrock system electronics, provide the root of trust for the Bedrock Certificate Authority (CA) that verifies the reliability of OPC UA-managed communications between SCADA and PLCs or other industrial control systems.
2) Open Certificate Authority (CA) for SCADA. This advanced SaaS key and certificate management tool is not only FREE to our customers but is simple to deploy with our Secure SCADA Interface Specification. Leading SCADA providers, including Inductive Automation, ICONICS and Tatsoft, are committing to and releasing support to this interface specification.
3) Intrusion detection. Even though the Bedrock control system has protection built into its core, users still need to know when system security is challenged. Cybershield 3.0 comes standard with intrinsic Anomaly Detection (AD) functionality that continuously monitors the controller’s network and system time to detect intrusions and anomalous behavior and report it to both SCADA and enterprise database applications for trending, alarming and historizing anomalous cyber activity.
4) Quickly Secure Legacy Automation with Secure SCADA. Companies can now use Bedrock security to help integrate open standard communications protocols with legacy PLC and DCS systems from other vendors. A Bedrock secure controller module acts as a gateway between SCADA platform workstation and the legacy controllers.
5) Cryptographic key locking. Cybershield 3.0 also includes a cryptographic controller engineering key lock that permits only users with the required credentials to change the mode of the controller.
6) Achilles and EMP compliance on power supplies. Bedrock Automation is certifying its standalone power supply and standalone uninterruptible lithium power supply to both MiL-STD-461-G, the military standard for advanced EMP hardening, and Achilles Level 2 certification, augmenting the EMP and Achilles certification achieved for its control system modules last year.
“Today’s increasingly connected environment drives the process industries to search for automation solutions that deliver the benefits of open communications with ‘baked in’ cybersecurity. By extending its secure automation technology to third-party software providers, Bedrock Automation addresses this key pain point of future automation requirements. ARC believes the intrinsic and no-cost approach of Bedrock’s cybersecurity strategy is the quintessential component missing in control systems, today,” writes ARC analyst Mark Sen Gupta in his recent report, Bedrock Automation’s Open Secure Automation a “Win” with End Users
Bedrock Open Secure Automation (OSATM) firmware will include intrinsic Anomaly Detection (AD). Bedrock OSA AD will be available as standard integrated functionality that continuously monitors the controller’s network and system time to detect intrusions and anomalous behavior.
“Preventing control system intrusion is fundamental to holistic cyber security. In addition, users need to know when the system security is being challenged. This is the role of anomaly detection. At no additional cost or complexity for the user, Bedrock’s AD delivers additional assurance that no one is tampering with your automation,” said Rooyakkers. Bedrock Anomaly Detection includes the following functionality:
• Dynamic Port Connection Monitoring, which records all attempts to connect any controller or communication point and captures identifying information on the intruder
• Network Port Scanning, which detects if hackers are scanning for open ports that might provide access to the control network
• System Time Monitoring, which detects attepts to manipulate log files to conceal malicious activity
• Cryptographic Controller Engineering Key Lock, which permits only users with valid user credentials to change the configuration and operation mode of the controller and records all access
• Intrusion Event Logging, which records all detected anomalies and reports them to SCADA software through OPC UA and standard database access for historian, alarming, and trending functions. Additionally, a tri-color status LED on the faceplate of Bedrock Controllers provides indication locally whenever an intrusion is detected.
Here is an interesting idea in the manufacturing services meets social media area. Let me know if you use this and how it worked. Volt480, which is dedicated to helping manufacturers recover faster during downtime, announced a new app that quickly connects plant managers with locally available service providers including automation system integrators and industrial electricians through an on-demand marketplace. The Volt480 app also uses machine learning to help solve problems faster.
The value proposition: When equipment fails due to this technology, companies can lose on average $40,000 an hour. The Volt480 app reduces downtime by quickly locating specialized technicians to troubleshoot and repair complex, interconnected systems that are sometimes mixed with obsolete technologies. The service also helps streamline the burdensome procurement process to quickly order and pay for emergency services.
“Volt480 was developed to help plant managers recover from downtime in half the time and half the cost,” said Volt480 Chief Executive Officer Bhavnesh Patel. “Because we know that every minute counts when production systems fail, we connect you immediately to a highly-skilled expert near you through our on-demand platform. Our real-time filtering algorithm enables manufacturers to find the right resource with the right skills right away.”
How it works
Volt480 combines an on-demand, crowd-sourced services platform with machine learning technology that collects data on the problem and solution across a wide variety of production equipment and technologies. This knowledge enables the company to build machine-learning models to address future failures.
Customers use the app to locate and connect with service providers who are knowledgeable and experienced with their equipment. Service providers set their own rates, and Volt480 processes the payment through the service, saving customers from working through the traditional PO/invoicing process.
Manufacturers then have an opportunity to rate their experience with the service provider, which can be viewed by other potential customers.
“When manufacturing equipment breaks down and production stops, every moment counts. Plant managers don’t have time to research the equipment and match it with a service provider that may or may not be familiar with the system, especially with older or obsolete automation control systems,” said Jim Keighley, former vice president of engineering for Kraft Foods. “With Volt480 at their fingertips, they can quickly browse for local/regional service providers, see ratings, prices, profiles, distance from their facility and contact them in an instant. And payment is easily handled via credit card.”
Volt480 also opens doors for service providers, helping systems integrators, control engineers and automation engineers build their businesses through a new network of potential customers.
“By registering my services with Volt480, I can be introduced to hundreds of potential customers,” said Richard Morales, a controls technician with Tornado Automation. “And I have the potential to be paid faster and with less effort than the traditional PO/invoicing process.”
“The machine learning capabilities of the Volt480 app will help speed the repair process, getting our clients back to work faster and our technicians on to their next assignment,” said Jeff Lea, CEO of Real Time Automation.
Volt480 is being rolled out as a pilot program for small-to-midsize manufacturers in Texas. The app is available through the Apple App Store and Google Play. After completing the pilot launch, the program will be offered to more than 16,000 food manufacturers in California and Texas.
Acquisitions are a big reason explaining growth and innovation in big companies. Not that long ago Emerson acquired partner Mynah Technologies. Today I see that it acquired ProSys. These are both good acquisitions. Emerson has a better than average success with acquisitions. ProSys is a good fit. Congratulations.
Emerson announced it has acquired ProSys Inc., a global supplier of software and services that increase production and safety for the chemical, oil and gas, pulp and paper, and refining industries. By building intuitive processes for plant operators, these solutions make everything from everyday operations to responding during abnormal situations easier.
“Adding ProSys’ differentiated technologies and expertise allows us to help our customers improve plant performance, safety and profitability by optimizing their human and automation resources,” said Mike Train, executive president, Emerson Automation Solutions. “With ProSys, we can provide innovative control and operator performance capabilities to make control room operators far more effective.”
ProSys’ portfolio includes solutions that help operators manage alarms critical to plant production and safety, and efficiently handle changing plant states. In addition, ProSys provides modern, high performance and intuitive graphics for better operator communications.
ProSys complements Emerson’s May 2017 acquisition of MYNAH Technologies, which provides dynamic simulation and operator training software. Together, these technologies embed expertise to help operators navigate plant systems safely and efficiently, and prepare customers to accommodate the changing state and age of the industrial workforce.
“Our specialization in software and services that increase operator performance builds on Emerson’s market leadership in automation control systems,” said Dustin Beebe, president and CEO at ProSys. “By working together as one, we can provide even more operational and financial value to customers.”
Beebe will join Emerson Automation Solutions as vice president, control and operator performance.
The ProSys software portfolio supports Emerson’s Operational Certainty program designed to help industrial companies achieve Top Quartile performance in areas of safety, reliability, and production.
Terms of the acquisition were not disclosed.
Cyber security is on the mind of all of us. The Internet of Things, digital factory, Industry 4.0, and all of the new strategies for improving manufacturing and production efficiencies contain a common element. They all inherently contain connections that can possibly be attacked by cyber hackers.
We are all concerned with foreign government attacks that can blow up facilities, poison water supplies, and other doomsday scenarios we can imagine. However, most hackers are really after a pay day. A big pay day. They can hold your process—and your business—hostage until you fork over some cash.
I have had many interesting cybersecurity conversations with Albert Rooyakkers, founder and CEO of Bedrock Automation. He has built a powerful controller with security designed in from the chips on up. He’s been touting the “Open Secure Automation (OSA)” platform lately.
The company just released a new white paper on the cyber security vulnerabilities and defense of industrial control systems. The 20-page document, Securing Industrial Control Systems – Best Practices, covers the threat landscape and presents a holistic approach to defending it, including assessing risk, physical security, network security, workstation and server security, as well as the fundamentals of OSA.
I just read it and found it informative. You can download it here along with the previous three papers in the series.
“As we discuss cyber security with users of automation, we find that many are aware of the threat potential but are not sure if they are doing enough to protect themselves. We saw the need for a technical paper that explains both the mindset and motives of an attacker, as well as the tools and technologies of defense. This paper defines the issues in a practical, holistic way while providing recommendations on how to begin and sustain best practices for cyber defense,” said Rooyakkers.
The first half of the paper covers conventional cyber security practices that apply to all industrial control systems. It provides an assessment of the threats, including drive-by attacks, advanced persistent threats (APTs), espionage, process attacks, and ransomware. It also looks at assessing the related risks, with an introduction to Process Hazards Analysis (PHA) and Hazards and Operability (HAZOP) methodologies used to identify malfunctions that might harm people, the process, or the environment.
To assist with risk assessment, the paper provides an overview of conventional protection practices. This includes network segmentation, firewalls, and DMZs; managing workstations, servers, end-users, and applications; and implementing active defense measures, including security event monitoring and management.
The second part of the paper is devoted to more recent techniques, based on the application of intrinsic cyber security advances that have been applied in military, aerospace, and ecommerce, and are now being used to protect industrial control systems. These create a hardware end-point root of trust that combines advanced cryptography, digital signing techniques, an industrial certificate authority, and public key infrastructure (PKIs) built into the control system to create an infrastructure for user defense.
The paper also presents the features of the Bedrock Open Secure Automation platform, which embraces the best practices discussed and details the process by which they can be applied to legacy and new systems.