I have known Eddie Habibi, founder and CEO of PAS (now PAS Global) for about 20 years. So I’ve followed the development of his company for that long. There was alarm management, and process safety, and process asset management. And the company grew at a typical pace for the market.
Then he went all-in on process control system cybersecurity. He accepted some investment money, hired some pros in the field, and combined security with what the company was already known for.
The results are in the latest press release from PAS Global LLC where it announced a 45% increase in term revenue year-over-year and increased market recognition of its solutions.
In March 2019, the company introduced an expanded Cyber Integrity offering with risk analytics for continuous operational technology (OT) endpoint security. Following this milestone, the company marked record growth in the adoption of this solution across multiple geographies and verticals including the United States, Europe, and the Middle East with leading organizations in the chemicals and oil & gas industries, in particular.
A Fortune 50 independent petroleum refiner was challenged with increasing cybersecurity risks as they deployed connected technology to achieve faster and more efficient production operations. PAS Cyber Integrity was deployed as the foundation for the refiner’s OT cybersecurity program to create an automated, comprehensive, evergreen OT asset inventory and to more quickly identify and remediate security vulnerabilities. What used to take the company months to assess “critical” or “high” ICS-CERT vulnerabilities can now be done in minutes across all refineries.
A global, integrated oil & gas company operating across five continents is pursuing digital transformation to grow its business, enter new markets, and compete more effectively. Underpinning this initiative is a cloud-based analytics platform. The team chartered with this program sought to leverage their multi-vendor industrial control system (ICS) data and ensure reliable data flows from field-level devices to their data lake. They sought a platform-independent solution that could not only deliver this data, but also provide a topological view of assets and site connections, monitor configuration baselines, and manage change. Additionally, the company’s cybersecurity team sought a solution that could provide comprehensive OT asset inventory and rapid vulnerability assessment capabilities. PAS Automation Integrity and Cyber Integrity were selected to address these needs.
A major electronic materials firm with operations in North America and Asia sought to establish an enterprise-wide cybersecurity program on an aggressive schedule to eliminate gaps in visibility and security controls. Cyber Integrity was selected to automatically build a detailed OT asset inventory for each site, identify patch levels across systems, and implement change management workflows. The company now has the inventory and configuration visibility it needs to support digitalization efforts including data lake, 5G, and artificial intelligence initiatives.
“Industrial organizations are increasing investment in cybersecurity solutions specifically built for OT not only to reduce their overall cyber risk but to ensure they can accelerate their digital transformation efforts safely,” said Eddie Habibi, Founder and CEO of PAS. “We are pleased to be working with a growing list of global companies who are leveraging PAS Cyber Integrity to give them the foundation they need for managing industrial cyber risk.”
The company also saw significant year-over-year growth in purchases of its operations management and process safety solution, PlantState Suite.
“Of equal importance is the work we do to help companies improve process safety through effective operations management,” Habibi added. “We are pleased to have been recognized once again as the market leader for both alarm management and safety lifecycle management. This is a testament to the hard work of the PAS team over many years and the confidence our customers place in our solutions.”
PAS cybersecurity and process safety management solutions are installed in more than 70 countries in over 1,450 industrial facilities for over 535 customers, including 13 of the top 15 chemical companies, 13 of the top 15 refining companies, 7 of the top 20 power generation companies, 4 of the top 5 pulp and paper companies, and 3 of the top 5 mining companies in the world.
Internet of Things installations along with industrial control systems constitute well known cybersecurity vulnerabilities within industrial plants and operations. CyberX, the IoT and industrial control system (ICS) security company, announced the availability of its “2020 Global IoT/ICS Risk Report” designed to sharpen awareness and knowledge of this critical area.
The data illustrates that IoT/ICS networks and unmanaged devices are soft targets for adversaries, increasing the risk of costly downtime, catastrophic safety and environmental incidents, and theft of sensitive intellectual property.
Some of the top findings noted that these networks have outdated operating systems (71 percent of sites), use unencrypted passwords (64 percent) and lack automatic antivirus updates (66 percent).
Energy utilities and oil and gas firms, which are generally subject to stricter regulations, fared better than other sectors such as manufacturing, chemicals, pharmaceuticals, mining, transportation and building management systems (CCTV, HVAC, etc.).
Now in its third year, CyberX’s “Global IoT/ICS Risk Report” is based on analyzing real-world traffic from more than 1,800 production IoT/ICS networks across a range of sectors worldwide, making it a more accurate snapshot of the current state of IoT/ICS security than survey-based studies.
Including the data presented in previous reports, CyberX has now analyzed over 3,000 IoT/ICS networks worldwide using its patented M2M-aware behavioral analytics and non-invasive agentless monitoring technology.
Recommendations Focus on Prioritization and Compensating Controls
The report concludes with a practical seven step process for mitigating IoT/ICS cyber risk based on recommendations developed by NIST and Idaho National Labs (INL), a global authority on critical infrastructure and ICS security.
Experts agree that organizations can’t fully prevent determined attackers from compromising their networks. As a result, they recommend prioritizing vulnerability remediation for “crown jewel” assets — critical assets whose compromise would cause a major revenue or safety impact — while implementing compensating controls such as continuous monitoring and behavioral anomaly detection (BAD) to quickly spot intruders before they can cause real damage to operations.
“Our goal is to bring board-level awareness of the risk posed by easily-exploited vulnerabilities in IoT/ICS networks and unmanaged devices — along with practical recommendations about how to reduce it,” said Omer Schneider, CyberX CEO and co-founder.
“Today’s adversaries — ranging from nation-states to cybercriminals and hacktivists — are highly motivated and capable of compromising our most critical operational systems,” said Nir Giller, CyberX GM, CTO and co-founder. “It’s now incumbent on boards and management teams to recognize the risk and ensure appropriate security and governance processes are in place across all their facilities to address it.”
Summary of Key Findings
Broken Windows: Outdated Operating Systems. 62 percent of sites have unsupported Microsoft Windows boxes such as Windows XP and Windows 2000 that no longer receive regular security patches from Microsoft, making them especially vulnerable to ransomware and destructive malware. The figure rises to 71 percent with Windows 7 included, which reaches end-of-support status in January 2020.
Hiding in Plain Sight: Unencrypted Passwords. 64 percent of sites have unencrypted passwords traversing their networks, making it easy for adversaries to compromise additional systems simply by sniffing the network traffic.
Excessive Access: Remotely Accessible Devices. 54 percent of sites have devices that can be remotely accessed using standard management protocols such as RDP, SSH and VNC, enabling attackers to pivot undetected from initial footholds to other critical assets. For example, during the TRITON attack on the safety systems in a petrochemical facility, the adversary leveraged RDP to pivot from the IT network to the OT network in order to deploy its targeted zero-day malware.
Clear and Present Danger: Indicators of Threats. 22 percent of sites exhibited indicators of threats, including suspicious activity such as scan traffic, malicious DNS queries, abnormal HTTP headers, excessive number of connections between devices and malware such as LockerGoga and EternalBlue.
Not Minding the Gap: Direct Internet Connections. 27 percent of sites analyzed have a direct connection to the internet. Security professionals and bad actors alike know that it takes only one internet-connected device to provide a gateway into IoT/ICS networks for malware and targeted attacks, enabling the subsequent compromise of many more systems across the enterprise.
Stale Signatures: No Automatic Antivirus Updates: 66 percent of sites are not automatically updating Windows systems with the latest antivirus definitions. Antivirus is the very first layer of defense against known malware — and the lack of antivirus is one reason why CyberX routinely finds older malware such as WannaCry and Conficker in IoT/ICS networks.
I started out in a small shop. I had roles that encompassed purchasing, production/inventory control, manufacturing engineering, and even worked production when something needed done.
So it was that one day I was trimming parts from a vacuum-formed plastic sheet using a bandsaw. Probably illegal today, may have been back then for all I know. Occasionally I would catch my mind drifting away. A guitar player, I’d pause and count fingers just to be sure.
Humans want jobs. But jobs that don’t challenge creativity and problem-solving but are only tedious, repetitive, mind-numbing can lead to tragedy.
A major reason robots gained such wide use especially in automotive manufacturing was that very problem along with removing humans from unsafe environments. Use robots when the task is dirty, dull, or dangerous.
The new breed of collaborative robots, or cobots, help expand robot’s usage into new areas of industry.
For example, this partnership just announced between Phillips Corp. and Universal Robots for loading and unloading CNC machines. Phillips Corporation, the largest global distributor of Haas CNC machines, offers a fast track to spindle uptime using Universal’s cobots.
“Having an expensive machine sit idle and missing out on orders due to lack of staffing is every manufacturer’s nightmare,” says Stu Shepherd, Regional Sales Director for the Americas division of Universal Robots (UR) that has already sold more than 1,000 UR cobots for tending Haas CNC machines. “This partnership between the largest distributor of the leading CNC brand and the leading collaborative robot brand offers a huge advantage for manufacturers, helping them solve staffing issues and stay competitive. We expect this new partnership to fast-track cobots in this sector, with significant advantages for manufacturers.”
With 9 offices representing 12 states throughout the South and Mid-Atlantic regions, Phillips Corporation boasts an installed base of more than 19,000 Haas CNC machines. “There is tremendous potential both for retrofitting existing installations with UR cobots and for getting through the door to new customers, offering turn-key solutions,” says president of Phillips Corporation’s commercial division, Michael Garner, who is also the chairman of Haas Automation’s North American distributor council. “We see a significant demand for cobots, which address labor shortages and also support manufacturers who need flexible automation tools they can operate without safety caging,” adds the Phillips president, stressing the UR cobots’ ease of programming. “There is no hardwiring or complex coding involved in getting a Universal Robot to communicate with a Haas machine since UR has solutions like the VersaBuilt software that facilitates two-way communication between the UR cobot and the CNC.”
VersaBuilt’s Haas CNC Integration Kit is a simple yet powerful interface that enables UR cobots to easily execute any machining program stored on the Haas CNC directly through the cobot’s own teach pendant, maintaining all Haas safety interlock features. Versabuilt is available through the UR+ platform, a showroom of products all certified to integrate seamlessly with UR cobots.
More than 60 different Haas models can be automated Universal Robots’ cobot arms. UR’s Stu Shepherd emphasizes how fast integration also means fast ROI. “Machine tending applications have consistently delivered an ROI of less than a year, sometimes even paying themselves back in a few months. A Haas-UR solution offered with Phillips’ CNC expertise and application know-how will help further improve that payback time.
It’s not the technology; it’s what you do with it. Here are companies (and their engineers) who have done some cool projects with HMI/SCADA software. Inductive Automation has selected the recipients of its Ignition Firebrand Awards for 2018. The announcements were made at the Ignition Community Conference (ICC) in September.
The Ignition Firebrand Awards recognize system integrators and industrial organizations that use the Ignition software platform to create innovative new projects. Ignition by Inductive Automation is an industrial application platform with tools for the rapid development of solutions in human-machine interface (HMI), supervisory control and data acquisition (SCADA), manufacturing execution systems (MES), and the Industrial Internet of Things (IIoT). Ignition is used in virtually every industry, in more than 100 countries.
The Ignition Firebrand Awards are presented every year at ICC. The award-winning projects are selected from the ICC Discover Gallery, which features the best 15 Ignition projects submitted by integrators and industrial organizations.
“Once again, we had a lot of variety with the Firebrand Award winners this year,” said Don Pearson, chief strategy officer for Inductive Automation. “Many industries were represented — automotive, oil & gas, food & beverage, water/wastewater, and more. It was great to see quality projects in all kinds of settings.”
“It’s inspiring to see the creative applications people are building on top of the Ignition platform,” said Travis Cox, co-director of sales engineering for Inductive Automation. “Every year, people create some really interesting projects, and this year was no exception.”
These Ignition Firebrand Award winners demonstrated the versatility and power of Ignition:
Brown Engineers (Little Rock, Ark.) took a unique approach to improving the filter backwash process for a water treatment plant at the City of Hot Springs. Brown used the Ignition SCADA platform to dramatically improve the automatic backwash, conserve water, improve water quality, and initiate collection of filter data needed to extend regulatory run-time limits. See the video here.
ECS Solutions (Evansville, Ind.) and Blentech Corporation (Santa Rosa, Calif.) partnered on a project that brought a unified platform to JTM Food Group’s new state-of-the-art plant in Harrison, Ohio. The result was a SCADA system that included the full spectrum of process automation. The Ignition application includes material management, formulation control, batch processing, and process control. See the video here.
Open Automation SRL (Santa Fe, Argentina) improved operations for a Cargill-owned animal nutrition plant. The project used Ignition to increase efficiency, productivity, and traceability without increasing labor. Greater access to data, less paper, and improved product quality were just a few of the benefits. See the video here.
Roeslein & Associates (St. Louis, Mo.) helped global automotive supplier Dana Incorporated increase productivity by 30 percent at some of its sites. The project provided real-time statistical analysis and visualization of machine data to enable better and faster decision-making. The flexible solution can be leveraged by Dana in numerous additional plants. See the video here.
Tamaki Control (Auckland, New Zealand) created a comprehensive clean-in-place scheduling system for the largest yogurt-manufacturing facility in the world: the Chobani plant in Twin Falls, Idaho. The solution increased visualization and made it much easier for operators to share information. It can also be leveraged for other uses at Chobani plants. See the video here.
Weisz Bolivia SRL (Buenos Aires, Argentina) solved weather-related data-communication problems for the largest offshore oil operation in Argentina. Results included better access to data, easier reporting to a government agency, and streamlined processes. See the video here.
Information on all 15 Discover Gallery projects can be found here.
Beckhoff Automation had a sizable booth at Pack Expo this week. Much to my surprise, when I asked about whether there was something new (I don’t expect new product introductions in automation at Pack Expo) the answer was yes. Well, I had a glimpse at Hannover in April.
The AMP8000 servo system has an innovative design where the integrated drive is placed on the end of the servo motor rather than the usual side. This design allows for maximum heat dissipation from the motor. They were able to package the drive and motor that only added 75 mm to the length of the motor.
By combining a servo drive and servomotor into one device, the AMP8000 system reduces overall packaging machine footprint and space requirements inside control cabinets and enclosures. A single coupling module can operate up to five drives using the EtherCAT P One Cable Automation solution that supplies industrial-grade power and EtherCAT industrial Ethernet communication.
Requiring Requiring no alterations to the existing machines, the AMP8000 boasts power ratings from 0.61 to 1.23 kW and standstill torque ratings from 2.00 to 4.8 Nm at an F4 flange size or power ratings from 1.02 to 1.78 kW and standstill torque ratings from 4.10 to 9.7 Nm with an F5 flange. The servo drive system also represents the Beckhoff commitment to promoting safety technology in all areas via integrated STO and SS1 safety functions.
TwinCAT software updates have added a number of important tools for packaging machine builders and end users, including expanded data processing through TwinCAT Analytics and HTML5-enabled TwinCAT HMI for industrial displays and mobile devices. In addition, TwinCAT Motion Designer supplies additional tools to commission entire motor, drive and mechanical systems in software, whether integrated into the TwinCAT 3 platform or used as a stand-alone motion system engineering tool.