IoT and Control Systems Soft Targets for Cyber Hackers

IoT and Control Systems Soft Targets for Cyber Hackers

Internet of Things installations along with industrial control systems constitute well known cybersecurity vulnerabilities within industrial plants and operations. CyberX, the IoT and industrial control system (ICS) security company, announced the availability of its “2020 Global IoT/ICS Risk Report” designed to sharpen awareness and knowledge of this critical area.

The data illustrates that IoT/ICS networks and unmanaged devices are soft targets for adversaries, increasing the risk of costly downtime, catastrophic safety and environmental incidents, and theft of sensitive intellectual property.

Some of the top findings noted that these networks have outdated operating systems (71 percent of sites), use unencrypted passwords (64 percent) and lack automatic antivirus updates (66 percent).

Energy utilities and oil and gas firms, which are generally subject to stricter regulations, fared better than other sectors such as manufacturing, chemicals, pharmaceuticals, mining, transportation and building management systems (CCTV, HVAC, etc.).

Now in its third year, CyberX’s “Global IoT/ICS Risk Report” is based on analyzing real-world traffic from more than 1,800 production IoT/ICS networks across a range of sectors worldwide, making it a more accurate snapshot of the current state of IoT/ICS security than survey-based studies.

Including the data presented in previous reports, CyberX has now analyzed over 3,000 IoT/ICS networks worldwide using its patented M2M-aware behavioral analytics and non-invasive agentless monitoring technology.

Recommendations Focus on Prioritization and Compensating Controls

The report concludes with a practical seven step process for mitigating IoT/ICS cyber risk based on recommendations developed by NIST and Idaho National Labs (INL), a global authority on critical infrastructure and ICS security.

Experts agree that organizations can’t fully prevent determined attackers from compromising their networks. As a result, they recommend prioritizing vulnerability remediation for “crown jewel” assets — critical assets whose compromise would cause a major revenue or safety impact — while implementing compensating controls such as continuous monitoring and behavioral anomaly detection (BAD) to quickly spot intruders before they can cause real damage to operations.

“Our goal is to bring board-level awareness of the risk posed by easily-exploited vulnerabilities in IoT/ICS networks and unmanaged devices — along with practical recommendations about how to reduce it,” said Omer Schneider, CyberX CEO and co-founder.

“Today’s adversaries — ranging from nation-states to cybercriminals and hacktivists — are highly motivated and capable of compromising our most critical operational systems,” said Nir Giller, CyberX GM, CTO and co-founder. “It’s now incumbent on boards and management teams to recognize the risk and ensure appropriate security and governance processes are in place across all their facilities to address it.”

Summary of Key Findings

  • Broken Windows: Outdated Operating Systems. 62 percent of sites have unsupported Microsoft Windows boxes such as Windows XP and Windows 2000 that no longer receive regular security patches from Microsoft, making them especially vulnerable to ransomware and destructive malware. The figure rises to 71 percent with Windows 7 included, which reaches end-of-support status in January 2020.
  • Hiding in Plain Sight: Unencrypted Passwords. 64 percent of sites have unencrypted passwords traversing their networks, making it easy for adversaries to compromise additional systems simply by sniffing the network traffic.
  • Excessive Access: Remotely Accessible Devices. 54 percent of sites have devices that can be remotely accessed using standard management protocols such as RDP, SSH and VNC, enabling attackers to pivot undetected from initial footholds to other critical assets. For example, during the TRITON attack on the safety systems in a petrochemical facility, the adversary leveraged RDP to pivot from the IT network to the OT network in order to deploy its targeted zero-day malware.
  • Clear and Present Danger: Indicators of Threats. 22 percent of sites exhibited indicators of threats, including suspicious activity such as scan traffic, malicious DNS queries, abnormal HTTP headers, excessive number of connections between devices and malware such as LockerGoga and EternalBlue.
  • Not Minding the Gap: Direct Internet Connections. 27 percent of sites analyzed have a direct connection to the internet. Security professionals and bad actors alike know that it takes only one internet-connected device to provide a gateway into IoT/ICS networks for malware and targeted attacks, enabling the subsequent compromise of many more systems across the enterprise.
  • Stale Signatures: No Automatic Antivirus Updates: 66 percent of sites are not automatically updating Windows systems with the latest antivirus definitions. Antivirus is the very first layer of defense against known malware — and the lack of antivirus is one reason why CyberX routinely finds older malware such as WannaCry and Conficker in IoT/ICS networks.
Fluke Takes IoT Measurements To The Cloud

Fluke Takes IoT Measurements To The Cloud

Fluke has drunk the Internet of Things kool-aid. It has taken a portfolio of measurement products and technology and connected them. I’ve followed it for a few years. It has recently announced an expansion of its cloud-based monitoring platform.

Fluke Connect reliability platform now offers cloud-based condition monitoring.

Monitoring plant equipment is crucial to avoiding costly downtime, but it is often too expensive, impractical, or complicated to capture performance data from all critical assets. The latest addition to the Fluke Connect reliability platform, Fluke Condition Monitoring, solves these problems with a new system of rugged voltage, current, temperature, and power sensors that can be moved from asset to asset or left in place for continuous monitoring. With Fluke Condition Monitoring, maintenance teams get a practical, scalable system that delivers the continuous data and alarms they need to prevent equipment downtime without costly equipment retrofits or specialized training.

“Adding Condition Monitoring to Fluke Connect revolutionizes maintenance workflows,” said Paul de la Port, President, Industrial Group, Fluke Corporation. “One system now manages the entire process — from equipment inspection and monitoring to setting alarm thresholds and assigning repairs. Certain types of plant equipment have fallen outside monitoring until now; the ROI just wasn’t there to retrofit with permanent sensors. The Fluke Condition Monitoring setup is so flexible and easy to install that technicians can put it wherever they need additional eyes on their equipment. And the new sensors funnel data into the same Fluke Connect reliability platform as all of our other connected test tools. With this system, technicians collect more data and engineers analyze more data in less time, with less work.”

Fluke Condition Monitoring consists of wireless sensors and a gateway that receives signals from the sensors from up to 30 feet away and works seamlessly with trusted, award-winning Fluke technologies, such as iFlex current probes, current clamps, temperature sensors and three-phase power monitoring.

Maintenance technicians can set the system up and begin monitoring in a matter of minutes, with the sensors transmitting measurements to the cloud as frequently as one measurement per second. Equipment data and alarm notifications are viewed through the Fluke Connect platform on a smartphone or web browser.

With this addition, the Fluke Connect reliability platform now compiles measurements from both the Fluke Condition Monitoring sensors and Fluke Connect wireless tools along with a history of work orders to create a comprehensive view of equipment health. The wireless, cloud-based solution overcomes legacy system silos and IT conflicts, works on any equipment type and helps teams stay effective while monitoring issues in different locations.

“The 3500 FC Series sensors operating with Fluke’s already well-established IIoT platform, Connect, create a strong value proposition for manufacturers, which seek to benefit from IIoT insights without a rip-and-replace greenfield buy,” said Christian Renaud, Research Director of 451 Research’s Internet of Things practice. “Products that are quick and easy to install and provide simple-to-determine ROI metrics should appeal to manufacturers.” 451 Research is focused on the business of enterprise IT innovation within emerging technology segments and provides timely insight to end user, service provider, vendor and investor organizations worldwide.

Production Operational Continuity

Production Operational Continuity

The overriding benefit we provide to enterprise business as operators of producing plants is production operational continuity—maximum output, greatest efficiency, best product margin.

Too often we get so wrapped up in our technology discussions that we forget the objectives. It’s not all about technology. It is all about using the appropriate technology to help build better businesses that serve customers well.

Editors face another problem writing articles about the industry. Marketing communications professionals delight in lining up interviews with appropriate people in their companies. The person interviewed has a story to tell. But most editors (I guess, I wasn’t one) have the theme and outline of the story already in mind, and they also have limited space. Therefore, they are looking for quotes they can pull out to support their theses, while the actual quote may only be a paragraph gleaned from a 30-45 minute interview.

So, Tim Sowell of Schneider Electric recently talked about an interview:

Basically the editor wanted to understand about “big data” being applied in a particular industry, again it was someone with a technology concept the market is throwing about vs really understanding the business / operational challenge the industry is facing.

But Sowell pointed to his recent theme about business needs:

  • Operational Continuity: Maintaining their producing plants at the maximum output, with greatest efficiency, and best product margin
  • Agility: to supply the market with the correct product at the right quality, and right price and the right time in an every dynamic market
  • Asset Management/ Utilization: This is both fixed, mobile capital assets (non breathing assets, such as plants, trucks, ships) and the human assets (breathing assets).

I have been writing a long white paper focusing on these issues from an interoperable standards point of view. We’re looking especially at the lifecycle of critical assets. These observations from Sowell reflect the trends we’re experiencing.

We find that, as globalization increases, the buying and selling of capital assets increasingly happen, introducing of challenge of  how do incorporate existing systems, automation, and practices into your overall value chain to provide the above “Operational Continuity” and “Agility”. Same when the asset is sold how you disengage it cleanly especially with IP in the products and process. Combine this with the dynamic Human Asset landscape where human assets are moving regularly between plants and locations. Causing on a site not to have the required experience to make decisions, but people are in a role of having to make the decisions. YES the asset world for both capital assets and human assets is shifting form traditional stability in both classes for the last 20 years to one of both dynamic.

He makes a crucial point. The importance of tying lifecycle asset management to operational continuity.

What are you doing with asset management?

IoT Plus Predictive Maintenance Equals Business Sense

IoT Plus Predictive Maintenance Equals Business Sense

Dell Predictive Maintenance IoTPredictive maintenance benefits more from implementation of the Internet of Things than perhaps any other function at this early stage of wide-spread adoption.

 

 

 

I have written on this topic several times over the past couple of years.

Predictive Condition-Based Maintenance

IoT Testbed For Condition Monitoring To Predictive Maintenance

Use Of Internet of Things Enhances Preventive Maintenance

10 Myths About Predictive Analytics (SAP)

A foulup at Starbucks, Preventive Maintenance Prevents Production

Cloud Platforms For Internet of Things

Predictive or Condition-Based

The asset management community has not made it easy for us generalists with its terminology and definitions. Searching for predictive maintenance (PdM) often serves up results for condition-based maintenance. I am not going to attempt a final definition, but I found something that made sense on the OSIsoft Website. “PdM defines methods to predict or diagnose problems in a piece of equipment based on trending of test results. These methods use non-intrusive testing techniques to measure and compute equipment performance trends.”

Condition-based maintenance (CBM) is a methodology that combines predictive and preventive maintenance with real-time monitoring. PdM uses CBM systems to detect fault sources well in advance of failure, making maintenance a proactive process. CBM accurately detects the current state of mechanical systems and predicts the systems’ ability to perform without failure.

Business Risk

The Aberdeen Group, Report: Building the Business Case for the Executive, December 2013, found that 40 percent of 149 manufacturing executives identified failure of critical assets as the top risk they face.

How do we mitigate this risk? Predictive maintenance and condition-based maintenance are methodologies that help. One thing that makes these strategies work is data. With sufficient data along with a model of the asset’s condition at operational efficiency, reliability engineers can begin to predict failures before they happen.

Just like your car, productive assets pick the worst time to fail. This unplanned downtime is exceedingly expensive. Using predictive technologies, managers can plan for shutdowns at an appropriate time. The right parts can be on hand, labor lined up, production schedules adjusted, all because everything can be planned.

I’ve been talking with Dell often since October when I attended Dell World and it unveiled its Internet of Things initiative.

The interesting thing about Dell compared to almost everyone else I cover is that they approach the IT/OT convergence issue from the IT side rather than the OT side.

Dell’s first IoT product is something I think we’ll see more of–analytics at the edge combined with gateway technology that can bring disparate sources of data together, massage them, send them off to the cloud for further analytics, storage, and visualization. Dell’s current partners are SAP for predictive maintenance and Statistica for analytics.

Expect to see more of these partnerships evolve. In some cases, such as PTC, we are seeing acquisitions to add IoT capability. On the other hand, larger companies who do not have enough in common overall to merge will forge partnerships to offer complete solutions to customers.

We see some of this through the rise of Industrial Internet and IP organizations.

Collecting, moving, analyzing, and displaying data is becoming a big and important business. Customer executives will come to appreciate the work as their companies gain efficiency–and profits.

Production Operational Continuity

Wireless, Enhanced Sensing Lead Emerson Product Announcements

This is another long post—and it is a summary—running through many of the new products introduced to the press and analysts durning Emerson Exchange 2015. If any of these whet your appetite, visit the Emerson Process Website for more information.

Another place to catch up on happenings at the conference is Jim Cahill’s Emerson Process Experts blog. He also has been introducing readers to highlighted sessions.

Machinery protection

CSI 6500 ATG protection system, a stand-alone machinery protection solution that allows users to cost-effectively introduce prediction monitoring of critical assets from the same system. Predictive intelligence is a key component to increasing availability and improving the reliability of plant assets.

These multi-functional cards can be easily reconfigured for a wide range of measurements, including the impacting or peak-to-peak data used in Emerson’s unique PeakVue technology. In addition to monitoring the start-up and coastdown of critical turbo machinery for safe operation, users will be able to utilize PeakVue technology to identify the earliest indications of developing faults in gearboxes and bearings.

With the CSI 6500 ATG, it is no longer necessary to return to the control room or open cabinets in the field to view or analyze data. The CSI 6500 ATG can be networked over wired or wireless Ethernet to deliver asset health information to authorized users through a PC or phone application.

To facilitate easy system integration with third party systems, CSI 6500 ATG is the first protection system to include a secure embedded OPC UA server.

Gas ultrasonic flow meter

A new Daniel gas ultrasonic flow meter platform elevates its well-proven British Gas design by providing two meters and transmitters in a single body to help natural gas operators and pipelines improve reliability and efficiency. Designed to maximize capital budgets by permitting two completely independent measurements with the installation of just a single flowmeter, the new 3415 (four-path + one-path) and 3416 (four-path + two-path) gas ultrasonic flow meters combine a four-path fiscal meter with an additional check meter, while the new 3417 (four-path + four-path) meter provides two fiscal meters for full redundancy and equal accuracy within one meter body. This two-in-one redundant design delivers continuous on-line verification of custody transfer measurement integrity, device health and process conditions, and improves fiscal metering confidence while ensuring regulatory compliance.

Both Daniel 3415 and 3416 gas ultrasonic meters measure flow using four horizontal chordal paths in addition to a reflective path dedicated to verification of the primary measurement, enabling improved metering insight, more informed decision making and simplified flow meter verification. For enhanced immunity to pipe wall contamination, the 3416 meter is equipped with an additional vertical reflective path to detect liquid or very thin layers of contamination at the bottom of the meter that otherwise remain completely hidden in a direct-path meter design. This allows reliable monitoring of process changes before they affect measurement, thus reducing calibration frequency and enabling maintenance to be condition-based instead of calendar-based.

Electric actuator control

DCMlink Software, a unified electric actuator control, monitoring and diagnostics platform, will allow, for the first time, Emerson customers to diagnose, configure, and monitor all electric actuators from a central location independent of protocol, actuator or host system. The software extends the useful life of field assets by providing actuator data gathering, condition monitoring, events log and prioritization of actuator alarms in a unified and consistent user interface. Actuator configuration includes custom characterization, as well as the ability to import and export historical configuration profiles.

Whether it is viewing value torque profile, live trending data or actionable alarms straight from the actuator, plant operators will be able to access detailed monitoring and diagnostics data, allowing them to take action before a fault occurs. DCMlink offers advanced control and diagnostics, including torque profile curves, initiating partial stroke test or emergency shut down and alarms in NE-107 format. Current communications support included Modbus, TCP-IP, and Bluetooth.

DeltaV v13

Version 13 (v13) of the DeltaV distributed control system (DCS) new features focus on integration, advanced alarm management, and security with an overarching design that improves ease of use and minimizes the need for specialized expertise.

DeltaV v13 delivers technologies to bring sources together for easy operator access and use. These technologies include an Ethernet I/O card (EIOC) for integrating Ethernet-based subsystems and devices, including a direct interface with smart motor control centers and substations. It improves the factory acceptance testing (FAT) experience by providing enhanced safety instrumented system simulation capabilities and easy-to-use virtualization environment.

The new DeltaV Alarm Mosaic has an intuitive alarm display that enables operators to more quickly identify, analyze, and respond correctly to the root cause of an abnormal process condition. The new release also provides trend display optimizations for better visibility of process changes.

SCADA

OpenEnterprise v3.2 release adds a native interface to the AMS Device Manager asset management software, enabling users to remotely manage and maintain HART and WirelessHART devices in wide-area SCADA networks.

OpenEnterprise v3.2 together with AMS Device Manager allows asset owners to extend the reach of their predictive maintenance capability out to their remote assets, providing a powerful and proactive method of diagnosing potential device problems remotely. This results in reduced trips to the field and helps to avoid unplanned process shutdowns, improving safety, reliability, and profitability.

The native interface of OpenEnterprise v3.2 to AMS Device Manager enables the collection of wired and wireless HART digital device data over low bandwidth wide-area SCADA networks from Emerson ROC, FloBoss, and ControlWave RTUs without adding the additional complexity and expense of external HART multiplexers. Support for AMS Device Manager SNAP-ON applications, OpenEnterprise SCADA server redundancy, multiple deployment options, and data collection for up to 10,000 HART devices ensures flexibility and scalability for a wide range of remote oil and gas applications.

Machinery health in PowerGen

Emerson now offers its power generation and water/wastewater industry customers native machinery health monitoring and protection capability within the Ovation distributed control system.
Ovation Machinery Health Monitor leverages the Ovation platform through a high-performance I/O module dedicated to machinery health functions. Simply install by inserting the module into a spare I/O slot.

With the Ovation Machinery Health Monitor, operators receive alerts from a single set of common plant HMIs and no longer need to manually check machinery functions through a separate system.
The Ovation Machinery Health Monitor also reduces the risk of cyber attack by eliminating links to standalone systems and isolating process information – all of which can help facilities meet NERC CIP and other security regulations.

Silica sensing

Costly damage to turbine blades caused by silica deposition can occur due to a poorly monitored steam purity program. The new Rosemount 2056 Silica Analyzer provides continuous accurate measurements of silica in process streams with a range of 0.5 ppb to 5000 ppb. The 2056’s usability features make it one of the easiest -to-use and high performing analyzers.

Harsh duty pressure sensing

Rosemount 3051S Thermal Range Expander with new UltraTherm 805 oil fill fluid enables pressure measurements by direct-mounting a diaphragm seal system to processes that reach up to 410°C (770°F) without requiring the challenging impulse piping or heat tracing used in traditional connection technology. In applications where ambient temperatures drop below ideal operating conditions, system response time becomes slow, resulting in delayed process pressure readings. Traditionally, this problem is solved by using heat tracing which is costly, maintenance intensive, and difficult to install. By using the new thermal range expander dual fill fluid seal, the Rosemount 3051S can reliably measure pressure at extremely high process and low ambient temperatures.

The Rosemount 3051S Electronic Remote Sensors (ERS) System now has safety certification. The ERS System calculates differential pressure through a digital architecture — and is now suitable for SIL 2 and 3 applications.

Rosemount 3051S High Static Differential Pressure Transmitter provides reliable flow measurement in high pressure applications with capabilities up to 15,000 psi (1034 bar). The transmitter’s SuperModule platform and coplanar design reduce potential leak points by 50 percent compared to traditional designs, ensuring the highest differential pressure measurement accuracy, field reliability and safety.

Corrosion monitoring

The Roxar Corrosion Monitoring system, consisting of wireless-based probes, will provide refineries with flexible, responsive, integrated and highly accurate corrosion monitoring.

Combined with the Emerson’s non-intrusive Field Signature Method (FSM) technology, a non-intrusive system for monitoring internal corrosion at the pipewall, refinery operators will be able to access more comprehensive corrosion information and corrosion rates, leading to improved operator insight and control over assets.

The system will also help identify and track opportunity/high TAN crudes and their corrosive elements. Such crudes are less expensive but more corrosive than others with the new system enabling the maximum amount of such crudes to be blended into the mix without increasing corrosion risk.

Wireless pressure gauge

Emerson Process Management has introduced the industry’s first WirelessHART pressure gauge. The Rosemount Wireless Pressure Gauge enables remote collection of field data.

The Wireless Pressure Gauge eliminates mechanical gauge common weak points by removing the components that inhibit the device from reporting/displaying pressure and providing up to a 10-year life, which reduces maintenance cost and time. The large 4.5-inch gauge face provides easy field visibility.