by Gary Mintchell | Apr 10, 2017 | Automation, Security
Cyber Security is always the “elephant in the room” at Industrial Internet of Things (IIoT) and Industrial Control Systems (ICS) conferences.
The latest edition of the ARC Industry Forum in Orlando featured many cyber security firms. Most were monitoring network traffic for anomalies. Some look at other aspects of the system. More firms are pivoting from other emphases into a cyber security firm.
Here are two news items attacking cyber security from totally different angles. One from the enterprise; the other from the lowest level user.
Manage Cyber Security Risks
Deloitte, the enterprise consulting company, announced plans to expand its cyber risk platform for end-to-end industrial control systems (ICS) and operational technologies (OT) security with next generation technology enabled by Dragos, a cybersecurity company focusing on securing ICS and OT networks.
The tactic Deloitte is taking is to monitor emerging cyber threats. Deloitte Risk and Financial Advisory Cyber Risk Services’ end-to-end ICS offering, enabled by Dragos technology, uses a combination of innovative cyber security products and services. This combination brings hunting and reconnaissance capabilities that now allow organizations to look beyond internal data to threat documentation found in external databases. Beyond securing ICS and OT systems, this combination of cyber risk services and technologies can provide a more complete picture of an organization’s ICS and OT threat landscape through active monitoring that can better inform scenario planning and response.
“Assessing the cyber risks of our clients’ ICS and OT, we see that many organizations are often unprepared for the magnitude of the impact to operational technology and industrial control systems environments” said Ed Powers, principal, Deloitte & Touche LLP, and U.S. leader for Deloitte Risk and Financial Advisory Cyber Risk Services. “A decision to include OT and ICS as a part of a broader cyber risk management program can improve a company’s understanding of the potential damage resulting from a cyberattack and can bolster the efficacy of its cyber risk mitigation strategy.”
The Dragos Platform, Threat Operations Center, and intelligence team form an ecosystem of technology, people, and intelligence to safeguard industrial networks. The Dragos Platform is designed for industrial networks and provides visibility into the environment, detection of threats through behavioral analytics, and the automation of workflows including incident response data collection and analysis.
“There have been pockets of excellence around the community in industrial security leading practices. But the world is facing a more connected infrastructure and a more aggressive threat than we’ve seen in years past,” said Robert M. Lee, chief executive officer, Dragos. “Now is an important time to get the solution correct and that’s what the Dragos and Deloitte cooperation represents.”
Protecting From USB Device Hacks
We all know about Stuxnet and how it was spread using malware in USB sticks. Well, here is an interesting tactic and new product from Honeywell.
Honeywell Process Solutions (HPS) announced Secure Media Exchange (SMX) to protect facilities against current and emerging USB-borne threats, without the need for complex procedures or restrictions that impact operations or industrial personnel.
Malware spread through USB devices – used by employees and contractors to patch, update and exchange data with onsite control and computer systems – is a key risk for industrial control systems. It was the second leading threat to these systems in 2016, according to BSI publications, and uncontrolled USBs have taken power plants offline, downed turbine control workstations, and caused raw sewage floods, among other industrial accidents.
“Industrial operators often have hundreds or thousands of employees and dozens of contractors on site every day,” said Eric Knapp, Cyber Security chief engineer, HPS. “Many, if not most, of those rely on USB-removable media to get their jobs done. Plants need solutions that let people work efficiently, but also don’t compromise cyber security and, with it, industrial safety.”
Currently, many plants either ban USBs, which is difficult to enforce and significantly reduces productivity, or rely on traditional IT malware scanning solutions, which are difficult to maintain in an industrial control facility and provide limited protection. These solutions fail to protect process control networks against the latest threats, and offer no means to address targeted or zero-day attacks.
“SMX is a great example of Honeywell’s major investments in new industrial cyber security technologies, products, services, and research which further strengthen our ability to secure and protect industrial assets, operations and people,” said Jeff Zindel, vice president and general manager, Honeywell Industrial Cyber Security. “With the continued increase in cyber threats around the world, Honeywell’s industrial cyber security expertise and innovation are needed more than ever for smart industry, IIoT and critical infrastructure protection.”
Honeywell’s SMX was developed by the company’s cyber security experts based on field experience across global industrial sites and feedback from Honeywell User Group customers. Honeywell has one of the largest industrial cyber security research capabilities in the process industry, including an advanced cyber security lab near Atlanta. Honeywell also partners with cyber security leaders, including Microsoft, Intel Security and Palo Alto Networks, among others, to develop new, highly-effective industrial threat detection techniques.
Contractors “check-in” their USB drive by plugging it into an SMX Intelligence Gateway. The ruggedized industrial device analyzes files using a variety of techniques included with Honeywell’s Advanced Threat Intelligence Exchange (ATIX), a secure, hybrid-cloud threat analysis service.
SMX Client Software installed on plant Windows devices provides another layer of protection, controlling which USB devices are allowed to connect, preventing unverified USB removable media drives from being mounted, and stopping unverified files from being accessed. SMX also logs USB device connectivity and file access, providing a valuable audit capability.
“For most plants, the proliferation of removable media and USB devices is unavoidable, but the security risks they bring don’t have to be,” said Knapp. “We know our customers have limited resources to maintain another system, so Honeywell manages SMX for them. SMX never connects to our customers’ process control networks. From a system administration perspective, it’s like it’s not even there.”
Managed and maintained directly by Honeywell, SMX provides the easy and secure solution to USB security in industrial plants. It helps prevent the spread of malware through removable media; stops unverified files being read by Windows hosts; and, through the private ATIX connection, provides continually updated threat information and advanced analytics to help detect advanced, targeted, and zero-day malware.
by Gary Mintchell | Apr 4, 2017 | Automation, News
Wow, this one surprised me, although I’ve been pondering the automation landscape for a long time. There are two things. One is that you never know when the owners of a “mittlestand” type of company are ready to sell. The other is that ABB has been aggressively divesting rather than acquiring.
The telling comment in the press release, though, goes to the heart of what I’ve been saying about fellow European electrical and automation giant, Schneider Electric. Both have their sites set on Siemens.
Now the problem is the typical one–and a huge one. How do they integrate the companies? All three of the large European companies have had problems integrating acquisitions. We’ll look for things such as executive flight and sales growth. Will customers flock to rival Beckhoff Automation for a pure automation play. The larger pure automation play–Rockwell Automation–seems to have conceded Europe–at least for the time being.
I don’t like just republishing press releases, but in this case (since I woke up three hours after the live press conference was held), you have my analysis. Here is what ABB says:
ABB to acquire B&R
Shaping leadership in industrial automation
- Acquisition of B&R (Bernecker + Rainer Industrie-Elektronik GmbH) will close ABB’s historic gap in machine and factory automation
- Creating a uniquely comprehensive automation portfolio for customers globally
- B&R is a proven innovation leader in Programmable Logic Controllers (PLC), Industrial PCs (IPC) and servo motion-based machine and factory automation
- B&R delivered a revenue CAGR of 11% over last two decades and annual sales of >$600 million in the highly attractive $20 billion machine and factory automation market segment
- B&R’s software and Internet of Things (IoT) solutions further strengthen ABB’s digital offering, ABB Ability™
- Clear commitment to B&R’s growth strategy, mid-term sales ambition of >$1 billion
- Continuity of B&R’s management, founders support integration phase as advisors
- B&R’s headquarters in Eggelsberg, Austria, to become ABB’s global center for machine and factory automation
- Transaction funded in cash, operational EPS accretive in year one, closing expected in summer 2017
- Purchase price not disclosed, multiple in line with peer valuations
ABB announced on April 4, 2017 the acquisition of B&R, the largest independent provider focused on product- and software-based, open-architecture solutions for machine and factory automation worldwide. B&R, founded in 1979 by Erwin Bernecker and Josef Rainer is headquartered in Eggelsberg, Austria, employs more than 3,000 people, including about 1,000 R&D and application engineers. It operates across 70 countries, generating sales of more than $600 million (2015/16) in the $20 billion machine and factory automation market segment. The combination will result in an unmatched, comprehensive offering for customers of industrial automation, by pairing B&R’s innovative products, software and solutions for modern machine and factory automation with ABB’s world-leading offering in robotics, process automation, digitalization and electrification.
Through the acquisition, ABB expands its leadership in industrial automation and will be uniquely positioned to seize growth opportunities resulting from the Fourth Industrial Revolution. In addition, ABB takes a major step in expanding its digital offering by combining its industry-leading portfolio of digital solutions, ABB Ability, with B&R’s strong application and software platforms, its large installed base, customer access and tailored automation solutions.
“B&R is a gem in the world of machine and factory automation and this combination is a once-in-a-lifetime opportunity. This transaction marks a true milestone for ABB, as B&R will close the historic gap within ABB’s automation offering. This is a perfect fit and will make us the only industrial automation provider offering customers the entire spectrum of technology and software solutions around measurement, control, actuation, robotics, digitalization and electrification,” said ABB CEO Ulrich Spiesshofer. “This acquisition perfectly delivers on our Next Level strategy. With our unique digital offering and our installed base of more than 70 million connected devices, 70,000 control systems and now more than 3 million automated machines and 27,000 factory installations around the world, we enable our combined global customer base to seize the huge opportunities of the Fourth Industrial Revolution.”
“This combination offers fantastic opportunities for B&R, its customers and employees. We are convinced that ABB offers the best platform for the next chapter of our growth story. ABB’s global presence, digital offering and complementary portfolio will be key for us to further accelerate our pace of innovation and growth,” said Josef Rainer, co-founder of B&R.
“This is a strong signal for our employees as our operations in Eggelsberg will become ABB’s global center for machine and factory automation,” said Erwin Bernecker, co-founder of B&R. “The most important thing to me is that the companies and their people fit so well together and that our founding location will play such a key role.”
Complementary strengths
With the acquisition, ABB will expand its industrial automation offering by integrating B&R’s innovative products in PLC, Industrial PCs and servo motion as well as its software and solution suite. ABB will offer its customers a uniquely comprehensive, open-architecture automation portfolio.
B&R has grown successfully with a revenue CAGR of 11 % over the last two decades. Revenues more than quintupled since 2000 to more than $600 million (2015/16). The company has a rapidly growing global customer base of more than 4,000 machine manufacturers, a proven track record in automation software and solutions and unrivaled application expertise for customers in the machine and factory automation market segment.
Both companies have complementary portfolios. ABB is a leading provider of solutions serving customers in utilities, industry and transport & infrastructure. B&R is a leading solution provider in the automation of machines and factories for industries such as plastics, packaging, food and beverage. The joint commitment to open architecture increases customer choice and flexibility facilitating connectivity in increasingly digitalized industries.
Substantial investments in innovation
Innovation is at the heart of both companies. B&R invests more than 10 percent of its sales in R&D and employs more than 1,000 people in R&D and application engineering. ABB spends $1.5 billion annually on R&D and employs some 30,000 technologists and engineering specialists. Going forward, ABB and B&R will continue to invest considerably in R&D.
Automation of machines and factories is a key driver of the Fourth Industrial Revolution and the IoT. ABB will continue B&R’s strong solution-based business model and build on its deep domain expertise to develop new software-based services and solutions for end-to-end digitalization. ABB’s industry-leading digital offering, ABB Ability, will now capitalize on the large installed base, application and solution know-how, simulation software expertise and advanced engineering tools of B&R.
Proven integration approach
On closing of the transaction, B&R will become part of ABB’s Industrial Automation division as a new global business unit – Machine & Factory Automation – headed by the current Managing Director, Hans Wimmer. Both companies consider B&R’s management and employees as a key driver of future growth and the business integration together with their counterparts from ABB. The co-founders of B&R, Erwin Bernecker and Josef Rainer, will act as advisors during the integration phase to ensure continuity.
The integration will be growth-focused and live by the “best-of-both-worlds” principle, with ABB adding its own PLC and servo drive activities to the offering of the new business unit in a phased approach. ABB underlines its clear commitment to continuing the B&R growth story by articulating a mid-term sales ambition to exceed $1 billion.
ABB is committed to further investing in the expansion of B&R’s operations and to building on the company’s successful business model and brand. B&R’s headquarters in Eggelsberg will become ABB’s global center for machine and factory automation.
Austria benefits as technology and business hub
With this acquisition, ABB becomes the largest industrial automation player in Austria. ABB has operated in Austria for more than 100 years. With the strong future role, B&R and its headquarters in Austria will play as part of ABB, Austria, particularly Upper Austria, will benefit. The planned expansion of the R&D and production activities in Eggelsberg and Gilgenberg will strengthen Austria’s high-tech industrial landscape.
Transaction financials
The transaction multiple is in line with peer valuations. The parties agreed not to disclose the purchase price. ABB will finance the acquisition in cash. The transaction is expected to be operationally EPS accretive in the first year, and is expected to add significant synergies of about 8% of B&R’s stand-alone revenue in year four. The transaction is expected to close in summer 2017, subject to customary regulatory clearances.
by Gary Mintchell | Feb 20, 2017 | Automation, News, Operations Management, Process Control, Software, Standards
Open Process Automation and IT/OT Convergence. Thursday, the last day of the ARC Forum, is not always all that well attended. The 2017 edition witnessed two sessions that held the attention of the later departing attendees. These two attracted a reasonably good attendance.
I didn’t do the IT/OT one, but I had great interest in the Open Process Automation Forum (Open DCS?).
This was my 20th ARC Forum. My first Forum featured another open control series of meetings on Thursday morning—The Open Modular Architecture Controller group. That group of engineers and managers sought to specify a PLC based upon the computing standards of the time. The culmination of that effort was a CompactPCI chassis cobbled together by an entrepreneur. It was not picked up. Meanwhile OMAC pivoted when end user companies principally P&G and Nestle moved the focus to packaging machines. The goal became machines that used standard states and HMI in order to reduce training time for operators as they moved from machine to machine.
ExxonMobil appeared at the Forum last year with an idea. It wished to reduce the cost to deploy and eventually upgrade its control systems. It had worked with Lockheed Martin to devise a plan from the avionics industry (FACE).
This session at the Forum updated attendees with progress. It has formed under The Open Group as the Open Process Automation Forum. Although driven by ExxonMobil initially, the goal is to form a broad alliance of owner/operators, end users, systems integrators, and suppliers developing this new automation platform.
Many people at the conference relate this effort to the old OMAC work. They see the end game as a customer trying to drive down the cost of the system. Especially a customer who faces two problems: the immediate problem of upgrading old technology; the long range cost of upgrading technology to newer levels.
Another way to view this initiative is more altruistic in the sense of driving disruptive change in the market for all users using standards.
I am conflicted in trying to understand the dynamics of the situation. As a proponent of standards, I applaud the effort to find ways to implement standards and interoperability. Interoperability has been proven in many industries as a driver for business growth. The idea of decoupling hardware and software holds great promise for future upgrades.
But if, in effect, the customers simply wish to drive automation components and software to commodity level, then I see problems. Such ideas have killed entire industries in the past.
I also look at the old PC technology when there many players developing cards for the PC bus to add on to an “IBM PC.” But over time, technology enabled chip manufacturers to incorporate all those features into the main CPU and the industry returned to basically a single source for a computer.
Predictions? I’m not making any right now. However…
This process is now more than a year old, and yet, the theme of the Forum in Orlando was a plea for participation. There were few other owner/operators. Even though almost all major suppliers have signed on, only two (Schneider Electric and Yokogawa) appear to be active. The leaders have put forth an ambitious timing plan. The group is going to have to build a critical mass of participants quickly.
One more point. There is an age-old tension between an end-user wishing to reduce procurement costs by being able to competitively bid everything. However that means that someone must assemble all the components. On the other hand, end user companies also like partnerships with suppliers for joint development and better service.
By decoupling end user from supplier, something or someone must fill the gap. That would be the system integrator, I guess.
There are many questions.
Without further comment, I’ll leave you with the Open Process Automation Forum’s Vision Statement.
Composed of a broad group of end users, product suppliers, systems integrators, and academics, the Forum will create a technologically appropriate open process automation architecture and specifications along with business guidance for its adoption and use.
- This will result in a standards-based open, secure, and interoperable process automation architecture and instances thereof that have the following characteristics:
Easily integrates best-in-class components to provide timely access to leading edge performance
- Employs an adaptive intrinsic security model
- Enables the procurement and modular interaction of certified conformant components into systems that are fit-for-purpose for the end users’ needs
- Is commercially available and applicable to multiple industry sectors
- Protects suppliers’ Intellectual Property within conformant components
- Enables portability and preservation of end users’ application software
- Significantly reduces the difficulty of future replacements and reduces the lifecycle cost of systems
by Gary Mintchell | Nov 15, 2016 | Automation, Security
Cyber protection takes on a number of forms. Most everything involves “defense in depth” strategies. I just talked with an Israeli company started by former security agents who has found a different vulnerability and counteracts it. This is the first of three press releases I’ve been sitting on for release today. I guess Nov. 15 is a magic day in the PR world.
APERIO Systems emerged from stealth mode, launching the industry’s first technology that detects artificial manipulations of industrial process data, enabling operators to take real-time corrective action without service disruption to industrial control systems (ICS). From the rate of gas flow at a petroleum refinery, to the temperature and spin rates of turbines in a power plant, or the chlorine level of water supply networks, APERIO Systems’ proprietary Data Forgery Protection (DFP) technology delivers the last line of defense in protecting critical SCADA systems against insider and external threats.
APERIO Systems, already deployed at several sites across EMEA, secured seed funding from a consortium of private investors, including prominent cybersecurity veterans Doron Bergerbest-Eilon, Liran Tancman, and Shlomi Boutnaru. Bergerbest-Eilon is renowned for his role in establishing the agency charged with protecting all critical infrastructure in the State of Israel and is the former director of the security and protection division of the Israel Security Agency (ISA). He is currently the founder, president and CEO of ASERO Worldwide, a security consulting firm. Tancman and Boutnaru, who played key roles in building Israel’s cybersecurity capabilities, founded predictive cybersecurity startup CyActive, which was acquired by PayPal in 2015.
“Current solutions focus on keeping hackers outside critical systems, but attacks like the one that took down the power grid in Ukraine clearly show that sophisticated attackers will eventually penetrate these systems,” said Bergerbest-Eilon. “Once attackers breach a system, they must blind the operators and protection mechanisms by falsifying data in order to inflict severe and long-lasting damage. This entirely new category of Data Forgery Protection (DFP) is the key to keeping our critical infrastructure safe from attacks.”
Industrial control systems (ICS) are generally outdated from a cybersecurity perspective, vulnerable and difficult to patch because mission critical systems cannot be taken offline. While the threat to ICS is growing, critical systems security products on the market today are intrusive, hard to maintain, costly to integrate, and often produce vague and unactionable alerts, which cannot be acted upon by critical utility control rooms.
“Think of APERIO Systems as a polygraph for process data — it detects when your system is lying to you,” said Yevgeni Nogin, CEO of APERIO Systems. “With the unrelenting tenacity of cybercriminals, critical infrastructure breaches are inevitable. By guaranteeing the authenticity and integrity of operational data, APERIO Systems ensures that operators always know what’s really going on, enabling them to react quickly to a breach and take corrective action — making the critical systems resilient to the most dangerous of attacks.”
APERIO Systems’ advanced proprietary algorithms search for the data’s unique fingerprints and validate its authenticity. Any mismatches generate an alert and APERIO Systems pinpoints the attacked equipment and forged process data. Using a sophisticated combination of physics and state-of-the-art machine learning techniques, APERIO Systems reconstructs the real values of the forged operational data and reverts it to its original state in real time — establishing unprecedented operational resilience.
How APERIO Systems Protects
Both internal and external attackers can penetrate the most critical infrastructures, causing severe and long lasting damage. In order to do so, they must hide their malicious activity and deceive plant operators by forging the reported values of critical devices — remaining undetected and preventing timely corrective action. APERIO Systems’ Data Forgery Protection technology immediately exposes forged system readings to safeguard critical control systems and allow quick and effective remediation.
- APERIO Systems provides:
Data Forgery Protection (DFP): Validates integrity and authenticity of reported signals to provide operators with true state awareness, enabling them to take corrective action in real time.
- Process Continuity: Enables trust in the most critical data and provides resilience when attacked.
- Operational Alerts: Fast, actionable, specific and accurate alerts integrate cybersecurity into operational emergency procedures, allowing operators to mitigate permanent damage.
- Accurate and Relevant: Alerts operators only when the reported process state does not reflect the plant’s real situation — providing an extremely low false alert rate.
- Minimized Risk: Passive and non-intrusive system minimizes operational risks, as well as installation and maintenance costs.
- Counters Insider Threats: Protects the plant’s process continuity from both external and internal actors.
APERIO Systems is led by a veteran executive team with roots in the elite units of the Israel Defense Forces (IDF), as well as top cybersecurity and industrial companies:
- Yevgeni Nogin, CEO — a graduate of the elite “Talpiot” IDF military academy served over nine years in elite intelligence and R&D units of the IDF, and brings expertise in SCADA systems security.
- Michael Shalyt, VP Product — a graduate of the “Psagot” IDF academic program and served as leading researcher and team leader in the elite 8200 unit. Prior to joining APERIO Systems, he led the malware research team at Check Point.
- Itay Baruchi, Head of Algorithms — served as director of Industrial MRI, where he worked closely with several of the biggest oil and gas drilling companies. Before that, he founded and served as CTO of Pythagoras Solar.
- Charles Tresser, Chief Scientific Officer — a world renowned expert in dynamical systems. Tresser is one of the world’s leading experts in chaos theory and formerly Director of Research at IBM and France’s National Center for Scientific Research (CNRS).
by Gary Mintchell | May 27, 2016 | Automation, News
The 2016 edition of Schneider Electric’s Foxboro/Triconex/Modicon user group meeting attracted a fair number of people. This is amazing given that advanced notice wasn’t very advanced.
It’s always great catching up with some of the industry’s thought leaders, as well as getting a glimpse of new and coming products. Among the themes that came across strongly included “security by design” and focus on customer’s assets not just control and automation.
The acquisition has turned out pretty much as I thought it would. Schneider Electric has brought financial stability and investment in research and development. Organization stability is getting there, but people are still moving around a little. The only surprise I had was Schneider’s view of software. I figured that since Schneider Electric had very little history with software that it might shop the division. In fact, the Aveva reverse acquisition (or whatever) seemed to prove the point. Yet, hallway conversations universally pointed to a different reality. Schneider senior management sees great possibility for its new software assets. Since one of its competitors just renamed its upcoming event by removing the word “software”, I find this a significant competitive move.
Different Project Ideas
In an interesting twist, the opening keynote was given by a customer—Sandy Vasser of ExxonMobil. Vasser had presented his vision at the ARC Forum in Orlando in February, so I had an idea what was coming—a challenge to Schneider Electric, and indeed all suppliers. The oil & gas industry faces many challenges and it is time to think differently about traditional automation practices and technologies. The key is lowering the cost of projects and time to first oil.
A new approach is required:
Reduce customization
- push customization to the software, use standard hardware
- eliminate the need for project specifications
- eliminate the need for the infrstructure to support customized solutions
Reduce complexity simplify designs
- reduce the component count and the number of divergent systems
- take full advantage of the capability of the installed systems
- reduce the number and simplify interfaces
Eliminate simplify or automate processes
Mitigate the effects of dependencies
Reduce the amount of automatically generate documentation
Take managed risks accept some compromises
Develop and enable trust with our suppliers and our contractors
Key enablers:
- Smart configurable I/O in standard field junction boxes
- Virtualization (runtime and engineering) completely separate hardware so can test software without hardware
- Customization pushed from hardware to software
- Autodetect/Autointerrogate/Autoconfigure/Autoenable/Autodocument I/O
New challenges for our key suppliers
- control systems age in place
- system architectures made simple
- systems consist of building blocks that can be easily upgraded to current technologies
- upgrades or repairs will not be intrusive, disruptive, or unnecessarily costly
- rip and replace will never be necessary
- control system selection for a facility will be for life; fully supported and sustained
We have heard Vasser’s challenge before. But this reinforcement shows how serious ExxonMobil is about moving project planning and implementation to a new level. Faster time to start up and greatly reduced cost. The challenge for suppliers such as Schneider Electric is to bring what the customer wants and still make money. If the customer drives the supplier to a point where profits are just not there, then innovation will cease. But a good challenge from a supplier can spur innovation. We’ll see.
