by Gary Mintchell | Jun 25, 2015 | Automation, Security
Honeywell Process Solutions and Intel Security announced during Honeywell User Group HUG 2015 a collaboration said to help bolster protection of critical industrial infrastructure and the Industrial Internet of Things.
Intel Security’s McAfee technologies will be integrated with Honeywell’s Industrial cyber Security Solutions.
“The threat of cyber attacks on industrial and critical infrastructure targets is growing rapidly and our customers are demanding effective cyber security to assist them in protecting their assets and people. Working with Intel Security expands our capabilities to enhance the availability, reliability, and safety of customers’ industrial control systems and plant operations,” said Jeff Zindel, global business leader for Honeywell’s Industrial Cyber Security Solutions group. “Our collaboration with Intel Security will enable integrated, validated solutions for our industrial process customers to more rapidly deploy and better protect their investment. This approach is critical to enable the productivity potential of Honeywell automation solutions and the Industrial Internet of Things.”
Initially, Honeywell will qualify Intel Security’s Application Whitelisting and Device Control with its own proprietary cyber security for its Experion Process Knowledge System, providing a fully vetted and qualified solution designed to increase security without sacrificing reliability. Honeywell is also offering Intel Security’s Enterprise Security Manager and Next Generation Firewall to its customers. The products will be supported by Honeywell’s Industrial Cyber Security Risk Manager, which provides a continuous evaluation of cyber security risks within industrial environments.
The McAfee Application Whitelisting maintains system integrity by allowing only authorized code to run. McAfee Device Control allows users to specify and categorize what data can and cannot be transferred to various plug-in devices.
by Gary Mintchell | Jun 22, 2015 | Internet of Things, Interoperability, Networking, News, Operations Management, Process Control
I have business related to an angel investment and too much other travel to attend this week’s Honeywell User Group in San Antonio and Siemens Summit in Las Vegas. Trying to get to both events was both expensive and too exhausting to attempt. I had one friend, at least, who was going to both. More power to Greg.
I’ll analyze from reports I see from those there and from press releases. I know that Honeywell Process Solutions anticipated one major security announcement at HUG, but I would have been gone had I decided to attend anyway.
Meanwhile, I’ve been writing about the Internet of Things, fieldbuses, and networks for some time. The ODVA reached out asking if I’d like an update on its process industry work with EtherNet/IP. Of course, was the reply. It has a stand at ACHEMA in Frankfurt (another place I could have gone…) and sent me this update that would be the centerpiece of its press conference there.
Along with Rockwell Automation’s entry into the process industry automation market, EtherNet/IP usage now must incorporate process industry standards to go along with factory automation (discrete industry) usage. Partner Endress + Hauser has been building out devices that are EtherNet/IP enabled. This is an interesting addition to process industry “fieldbus” market (I know, perhaps EtherNet/IP is not a “real” fieldbus, but it will be used like one).
This was ODVA’s first appearance at ACHEMA, where ODVA members and EtherNet/IP suppliers Endress+Hauser, Hirschmann, Krone, Rockwell Automation, Rosemount, Schneider Electric and Yokogawa have assembled a demonstration of EtherNet/IP to explain to visitors ODVA’s approach to the optimization of process integration. Illustrating typical process applications, such as clean-in-place, highlights of the demonstration include:
- Use of EtherNet/IP to connect best-in-class solutions and devices for process applications;
- Integration of traditional process networks, such as HART, Profibus PA and Fieldbus Foundation, into an EtherNet/IP network; and
- Movement of data between field devices, such as pressure sensors and flow meter, and plant asset management systems.
ODVA’s process initiative, launched in 2013, is intended to proliferate the adoption of EtherNet/IP in the process industries. Initial focus has been on the integration of field devices with industrial control systems and related diagnostic services, leading to a road map for adapting the technology to the full spectrum of process automation needs, including safety, explosion protection, long distances and comprehensive device management.
“EtherNet/IP is at the forefront of trends in convergence of information and communication technologies used in industrial automation. Although industrial Ethernet was first adopted in the discrete industries, today EtherNet/IP is widely adopted in hybrid industries and is spreading into process industries, said Katherine Voss, president and executive director of ODVA. “Because ACHEMA is an international forum for users in chemical engineering and the process industries as a whole, ODVA felt it would be helpful to the ACHEMA’s audience to broadly showcase to process users the opportunities for integration improvements, optimized network architecture and increased ROI that EtherNet/IP can afford.”
by Gary Mintchell | Jun 18, 2015 | Automation, Internet of Things, Networking, News, Operations Management, Security
The Cisco and Rockwell Automation partnership continues its step-by-step extension strengthening Rockwell’s “Connected Enterprise” strategy. This strategy builds on the foundation of EtherNet/IP and CIP (common industrial protocol). Now that all the magazines and newspapers and bloggers are writing about the Internet of Things and the Industrial Internet of Things, supplier communications managers cannot keep themselves from applying IoT to everything their companies do.
The two companies have issued two press releases recently. One concerns enhanced training couched in the strategy of bringing IT and OT together (the once and future kingdom). The other relates to extensions and additions to the partners’ reference architecture.
First, let’s see how many buzz words a marketing manager can fit into one sentence:
“The expansion of the Industrial Internet of Things (IoT) and convergence of operations technology (OT) and information technology (IT) systems into The Connected Enterprise raises questions of who within industrial organizations should design and oversee unified network infrastructures. Rockwell Automation, in collaboration with its Strategic Alliance partner Cisco, is helping address this workforce challenge with the new training and certification offerings.”
Last year, the companies jointly rolled out the Managing Industrial Networks with Cisco Networking Technologies (IMINS) training course and Cisco Industrial Networking Specialist certification. This first-of-its-kind course provided foundational skills needed to manage and administer networked, industrial control systems.
This year, Rockwell Automation and Cisco are unveiling the five-day, hands-on Managing Industrial Networks for Manufacturing with Cisco Technologies (IMINS2) course and CCNA Industrial certification exam. The course offers deeper analysis of EtherNet/IP architectures with industrial protocols, wireless and security technologies implementation, and advanced troubleshooting. The CCNA Industrial certification ensures that OT and IT professionals have the skillset needed to design, manage and operate converged industrial networks.
Pathways to Certification
Students who successfully complete the Industrial Networking Specialist and CCNA Industrial certification exams will earn CCNA Industrial certification. Alternatively, IT and OT professionals that already have their CCNA Routing & Switching or Cisco Certified Entry Networking Technician (CCENT) certification can enroll directly in IMINS2 and take the CCNA Industrial certification exam to receive CCNA Industrial certification. Once completed, the certification is valid for three years.
Participants in the IMINS and IMINS2 courses will receive exam vouchers for the Industrial Networking Specialist and CCNA Industrial certification exams, respectively, as part of course tuition. This offer is only available through courses offered and delivered by Rockwell Automation. The CCNA Industrial certification exam can be taken at one of any Pearson VUE testing centers located in more than 165 countries.
IMINS courses are offered on an ongoing basis. The enrollment schedule for IMINS2 will be posted in June, with classes beginning in July. As the leader in OT/IT skills development, Rockwell Automation will continue to invest in The Connected Enterprise and IoT training curriculum to address emerging skills requirements.
Converged Plantwide Ethernet Architectures (CPwE)
As industrial markets evolve to unlock the promise of the Internet of Things (IoT), Rockwell Automation and Cisco are announcing new additions to their Converged Plantwide Ethernet (CPwE) architectures to help operations technology (OT) and information technology (IT) professionals address constantly changing security practices. The latest CPwE security expansions, featuring technology from both companies, include design guidance and validated architectures to help build a more secure network across the plant and enterprise.
The Industrial IoT is elevating the need for highly flexible, secure connectivity between things, machines, work flows, databases and people, enabling new models of policy-based plant-floor access. Through these new connections, machine data on the plant floor can be analyzed and applied to determine optimal operation and supply-chain work flows for improved efficiencies and cost savings. A securely connected environment also enables organizations to mitigate risk with policy compliance, and protects intellectual property with secure sharing between global stakeholders.
Core to the new validated architectures is a focus on enabling OT and IT professionals to utilize security policies and procedures by forming multiple layers of defense. A defense-in-depth approach helps manufacturers by establishing processes and policies that identify and contain evolving threats in industrial automation and control systems. The new CPwE architectures leverage open industry standards, such as IEC 62443, and provide recommendations for more securely sharing data across an industrial demilitarized zone, as well as enforcing policies that control access to the plantwide wired or wireless network.
Rockwell Automation and Cisco have created resources to help manufacturers efficiently deploy security solutions. Each new guide is accompanied by a white paper summarizing the key design principles, as follows:
The Industrial Demilitarized Zone Design and Implementation Guide and white paper provide guidance to users on securely sharing data from the plant floor through the enterprise.
The Identity Services Design and Implementation Guide and white paper introduce an approach to security policy enforcement that tightly controls access by anyone inside the plant, whether they’re trying to connect via wired or wireless access.
This announcement further extends the commitment by Rockwell Automation and Cisco to be one of the most valuable resources in the industry for helping manufacturers improve business performance by bridging the gap between plant-floor industrial automation and higher-level information systems.
by Gary Mintchell | Apr 8, 2015 | Automation, News, Organizations, Security
Honeywell Process Solutions (HPS) recently held a press conference to announce it has opened the Honeywell Industrial Cyber Security Lab to advance its development and testing of new technologies and software to defend industrial facilities and operations such as refineries and manufacturing plants from cyber attacks.
According to the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), reported cyber incidents on industrial targets in 2014 continue to increase and are up more than 25 percent since 2011. ICS-CERT’s latest report also said that in 40 percent of incidents that were reported, experts did not know how hackers intruded the system because of a lack of detection and monitoring capabilities.
Similar concerns were reflected in a global survey on cyber security conducted by Ipsos Public Affairs in September 2014 on behalf of Honeywell. In that survey, more than 75 percent of respondents from 10 countries said they were fearful that cyber criminals could disrupt major sectors of the economy, and identified the oil and gas, chemicals and power industries as particularly vulnerable.
For more than a decade, Honeywell has developed and provided proprietary cyber protection software and technology for its leading process automation solutions, including Experion process controls, which are used at hundreds of industrial sites such as refineries, chemical plants, gas processing units, power plants, mines and mills around the world. During that time, the Honeywell Industrial Cyber Security group has delivered more than 1,000 industrial cyber security projects globally.
“We have a successful history of providing cyber defense solutions for our industrial customers and this new cyber lab expands our capabilities,” said Jeff Zindel, global business leader for Cyber Security, HPS. “We will be able to validate new solutions faster in a variety of scenarios and increase our customers’ defenses against the growing threat of cyber attacks.”
The new Honeywell Industrial Cyber Security Lab, located in Duluth, Ga., includes a model of a complete process control network that Honeywell cyber security experts will leverage for proprietary research, hands-on training, and to develop, test and certify industrial cyber security solutions. This lab will help accelerate development time of new cyber protection technologies and speed availability to customers.
In addition to its new lab, Honeywell’s Industrial Cyber Security group has also added a number of cyber security experts to increase the bench strength of its development and business teams.
“Many of our customers have come to us looking for cyber security solutions to defend their industrial facilities, operations and people from damage, disruption and misuse,” said Zindel. “They understand the very real threat that is out there, and they want to be more proactive in guarding against it. Honeywell is building on its leading industrial cyber security expertise and experience with this new research and development lab as well as adding highly-regarded cyber security experts around the globe to support our customers’ growing needs.”
As an aside, only because I notice these little anomaly things, I wanted to attend the virtual press conference using my iPad. I couldn’t. The streaming technology used Flash technology. Flash is not a secure technology. And, Apple iOS does not support Flash. <sigh>
by Gary Mintchell | Feb 18, 2015 | Automation, Industrial Computers, News, Operations Management, Security, Technology
There remains some unfinished business from the ARC Forum held last week in Orlando. Security as a key component of the Industrial Internet of Things was a recurring theme. Mentor Graphics held a press conference to highlight advances in embedded computing. Later, I met with Alan Grau, CEO of Icon Labs, to talk about security.
Building security directly into embedded control is a burgeoning trend. Expect to see more—and demand more from your suppliers—about building in security at the embedded level.
From the press release:
Icon Labs, a provider of embedded networking and security technology, has announced the integration of Icon Labs’ Floodgate security products with Mentor Graphics’ Nucleus RTOS and Mentor Embedded Linux. The integrated solution creates a secure platform for industrial automation and extends the Internet of Secure Things initiative into industrial control systems.
Icon Labs’ Internet of Secure Things Initiative defines a platform for developing secure, connected devices. The platform is designed to ensure that security is intrinsic to the architecture of the device itself and incorporates security management and visibility, device hardening, data protection and secure communications. These capabilities provide the foundation for the Industrial Internet of Secure Things. Natively securing the devices simplifies protection, audit, and compliance independent of the secure perimeter, reducing the need for expensive and complicated security appliances.
“Security is a top priority for our industrial automation and critical infrastructure clients. Partnering with Icon Labs allows us to provide an integrated solution that enables security and regulatory compliance,” stated Scot Morrison, general manager of Embedded Runtime Solutions, Mentor Graphics Embedded Systems Division. “Icon Labs Floodgate product family provides a comprehensive security platform for developing secure, embedded devices using Nucleus and Mentor Embedded Linux.”
The integration of Icon Labs’ Floodgate products and Mentor Graphics’ embedded OSes provides:
- Security policy management
- Event and command audit log reporting
- Integration with the McAfee ePolicy orchestrator (ePO)
- Integrated embedded firewall
- Firmware and data anti-tamper support
- Integrated solution on both Nucleus and Mentor Embedded Linux
“Today’s modern industrial automation devices and systems are complex connected devices charged with performing critical functions,” says Alan Grau, CEO of Icon Labs. “Including security in these devices is a critical design task. Security features must be considered early in the design process to ensure the device is protected from the advanced cyber-threats they will be facing now as well as attacks that will be created in the future. By partnering with Mentor Graphics, we are able to offer a solution in which critical security elements are integrated into the operating system, ensuring security is a foundational component of the device.”
