Advice for Managing and Assessing Trustworthiness for IIoT

Advice for Managing and Assessing Trustworthiness for IIoT

The spread of connected devices with the resultant flow of data throughout the industrial enterprise spurs concern for security and trustworthiness of that data. The Industrial Internet Consortium (IIC) and its members recognize this problem / challenge.

I normally have a conversation with the authors of the IIC papers to get a context and sense of all the work involved in their development. In this particular case, I ran out of time. Many of you know that I am up to my eyes in soccer activities at this time of year. I just finished leading a class of new referees while I am at one of my peak times for assigning referees to games. Sometimes, I just don’t have enough hours. I bet you have never felt that…

So, IIC has published the Managing and Assessing Trustworthiness for IIoT in Practice white paper. The paper serves as an introductory guide to trustworthiness in IIoT, which is driven by the convergence of IT with OT, and includes a definition of trustworthiness, examples and a best-practice approach to managing trustworthiness in IIoT systems.

Confidence is essential to business, including confidence that the consequences of decisions and processes are acceptable and that business information is handled properly. The advent of IIoT means that confidence is also now required in technologies, physical components, and systems in addition to confidence in individuals, organizations and processes.

“The fact is that it is possible to have ‘too much’ trustworthiness,” said Jim Morrish, co-Chair of the IIC Business Strategy and Solution Lifecycle Working Group. “Trustworthiness costs, in terms of the costs of devices and associated software, and also often in terms of user experience and functionality. A trustworthiness solution for a nuclear processing plant would be an unnecessary hindrance to the day-to-day operations of a peanut butter manufacturer.”

The white paper’s best-practice approach to managing trustworthiness is comprised of four phases: baselining the system, analyzing potential trustworthiness events, implementing trustworthiness targets and governance, and iterating and maintaining the resulting trustworthiness model.

“This whitepaper demonstrates that trustworthiness is more than just another academic phrase to describe expectations of stakeholders, operators and users of an IIoT system,” said Marcellus Buchheit, President and CEO of Wibu-Systems USA, cofounder of Wibu-Systems AG in Germany and co-chair of the IIC Trustworthiness Task Group. “This paper presents several models that show how trustworthiness can be practically used in business decisions to increase trust in an IIoT system under the impact of business reality and constraints.”

The white paper also highlights that trustworthiness is not a static concept. “An IIoT system must address trustworthiness requirements throughout the lifecycle of the system. This means that industrial IoT trustworthiness is not a project with a finite start and a finite end. It is a journey that must be powered by an established program,” said Bassam Zarkout, founder of IGnPower and co-author of the paper.

“Security is already recognized as one of the most important considerations when designing an IIoT system,” said Frederick Hirsch who is a Standards Manager at Fujitsu, and also co-chair of the IIC Trustworthiness Task Group. “This white paper expands on that thinking by recognizing that safety, privacy, reliability and resilience need to be considered in conjunction with security to establish trust that IIoT systems will not only be functional but also will not harm people, the environment or society.”

The white paper discusses a live example of an IIoT system analysed from a trustworthiness perspective. Fujitsu’s Factory Operation Visibility & Intelligence (FOVI) system (and IIC testbed) has the primary goal of bringing more visibility of operations to plant managers in near-real time. The goal is to reduce human errors, bring more predictability to product assembly and delivery, and optimize production all while ensuring a sufficient level of trustworthiness.

“FOVI highlights how the different aspects of trustworthiness can impact business performance,” said Jacques Durand, Director of Engineering and Standards at Fujitsu, co-Chair of the IIC Business Strategy and Solution Lifecycle Working Group and also a member of the IIC Steering Committee. “For instance slowing down a production line can reduce costs associated with stress on machinery and machine operators, but such a course of action may also adversely impact productivity or lead time. In the white paper we highlight the need to understand trade-offs and to use metrics in a data-driven and intelligent manner.”

The Managing and Assessing Trustworthiness for IIoT in Practice white paper sets the stage for further work that the IIC will undertake focusing on trustworthiness.

The full IIC Managing and Assessing Trustworthiness for IIoT in Practice white paper and a list of IIC members who contributed can be found on the IIC website.

Data Protection Best Practices White Paper

Data Protection Best Practices White Paper

Standards are useful, sometimes even essential. Standard sizes of shipping containers enable optimum ship loading/unloading. Standard railroad gauges and cars enable standard shipping containers to move from ship to train, and eventually even to tractor/trailer rigs to get products to consumers. 

Designing and producing to standards can be challenging. Therefore the value of Best Practices.

Taking this to the realm of Industrial Internet of Things where data security, privacy and trustworthiness are essential, the Industrial Internet Consortium (IIC) has published the Data Protection Best Practices White Paper. I very much like these collaborative initiatives that help engineers solve real world problems.

Designed for stakeholders involved in cybersecurity, privacy and IIoT trustworthiness, the paper describes best practices that can be applied to protect various types of IIoT data and systems. The 33-page paper covers multiple adjacent and overlapping data protection domains, for example data security, data integrity, data privacy, and data residency.

I spoke with the lead authors and came away with a sense of the work involved. Following are some highlights.

Failure to apply appropriate data protection measures can lead to serious consequences for IIoT systems such as service disruptions that affect the bottom-line, serious industrial accidents and data leaks that can result in significant losses, heavy regulatory fines, loss of IP and negative impact on brand reputation.

“Protecting IIoT data during the lifecycle of systems is one of the critical foundations of trustworthy systems,” said Bassam Zarkout, Executive Vice President, IGnPower and one of the paper’s authors. “To be trustworthy, a system and its characteristics, namely security, safety, reliability, resiliency and privacy, must operate in conformance with business and legal requirements. Data protection is a key enabler for compliance with these requirements, especially when facing environmental disturbances, human errors, system faults and attacks.”

Categories of Data to be Protected

Data protection touches on all data and information in an organization. In a complex IIoT system, this includes operational data from things like sensors at a field site; system and configuration data like data exchanged with an IoT device; personal data that identifies individuals; and audit data that chronologically records system activities.

Different data protection mechanisms and approaches may be needed for data at rest (data stored at various times during its lifecycle), data in motion (data being shared or transmitted from one location to another), or data in use (data being processed).

Data Security

“Security is the cornerstone of data protection. Securing an IIoT infrastructure requires a rigorous in-depth security strategy that protects data in the cloud, over the internet, and on devices,” said Niheer Patel, Product Manager, Real-Time Innovations (RTI) and one of the paper’s authors. “It also requires a team approach from manufacturing, to development, to deployment and operation of both IoT devices and infrastructure. This white paper covers the best practices for various data security mechanisms, such as authenticated encryption, key management, root of trust, access control, and audit and monitoring.”

Data Integrity

“Data integrity is crucial in maintaining physical equipment protection, preventing safety incidents, and enabling operations data analysis. Data integrity can be violated intentionally by malicious actors or unintentionally due to corruption during communication or storage. Data integrity assurance is enforced via security mechanisms such as cryptographic controls for detection and prevention of integrity violations,” said Apurva Mohan, Industrial IoT Security Lead, Schlumberger and one of the paper’s authors.

Data integrity should be maintained for the entire lifecycle of the data from when it is generated, to its final destruction or archival. Actual data integrity protection mechanisms depend on the lifecycle phase of the data.

Data Privacy

As a prime example of data privacy requirements, the paper focuses on the EU General Data Protection Regulation (GDPR), which grants data subjects a wide range of rights over their personal data. The paper describes how IIoT solutions can leverage data security best practices in key management, authentication and access control can empower GDPR-centric privacy processes.

The Data Protection Best Practices White Paper complements the IoT Security Maturity Model Practitioner’s Guide and builds on the concepts of the Industrial Internet Reference Architecture and Industrial Internet Security Framework.

The Data Protection Best Practices White Paper and a list of IIC members who contributed to it can be found on the IIC website 

Industrial Internet of Things Maturity Assessment Explorer

Industrial Internet of Things Maturity Assessment Explorer

I’ve been off for most of the past week celebrating Independence Day and family birthdays. For those of you in the US, I hope you had a restful time off and enjoyed some fireworks displays. And now, back to what’s happening in the industrial world.

The Industrial Internet of Things (IIoT) comprises far more than just the simple connecting of devices back to a database in a server. It’s integral to digitalization. Applying abundance thinking to the system, clearly IIoT plays a key role for successful business transformation.

The Industrial Internet Consortium (IIC) has produced the IIoT Maturity Assessment, a web-based tool included in the IIC Resource Hub that enables users to better understand their enterprise IIoT maturity. The IIoT Maturity Assessment helps organizations become best-practice adopters of IIoT by guiding business managers through a range of questions about the adoption, usage and governance of IIoT within their organizations.

“The IIoT market has grown quickly and many businesses planned strategy while in the midst of execution and need to step back and assess their true IIoT maturity,” said Jim Morrish, Co-Chair of the IIC’s Business Strategy and Solution Lifecycle Working Group and co-author of the IIoT Maturity Assessment tool. “The IIoT Maturity Assessment will help companies get a baseline for their maturity right now and assess it in regular intervals to track their progress.”

This framework of four main dimensions and their corresponding strands will spur your thinking into broader areas beyond predictive maintenance or cost reduction programs.

The framework:

Business Strategy

  • Market context
  • Strategic context
  • Business model innovation and refinement
  • IoT Foundations

Business Solution Lifecycle

  • Interface to business strategy
  • Solution design
  • Project team structuring
  • Project management
  • In service monitoring and feedback

Technology

  • Technology strategy
  • Reference architecture and standards
  • Platforms stack
  • Data location transparency

Security

  • Governance
  • Enablement
  • Hardening

“There’s a real difference between using IIoT to streamline processes and using it to create new revenue streams or make better business decisions,” said Ian Hughes, Senior Analyst, Internet of Things, 451 Research. “A tool like this can be a real eye opener for an organization wanting to transform their business to remain competitive and increase profits.”

The IIoT Maturity Assessment considers 63 individual capabilities, each with five levels of maturity within the above framework. For example, under strategic context, a maturity level can range from a limited number of key individuals having stepped up to IIoT ownership to full ownership of IIoT within an organization. The IIoT Maturity Assessment provides feedback about the level of maturity and highlights areas that may require development.

The final outputs provided to users also provide links to the IIC Body of Knowledge for reference and to help improve their maturity. This includes collaborative resources developed by industry leaders from the IIC membership, including IIC foundational documents (Industrial Internet Reference Architecture, Industrial Internet Security Framework, Industrial Internet Connectivity Framework, Business Strategy and Innovation Framework, Industrial Internet of Things Analytics Framework, and Vocabulary Technical Report) and other IIC documents and tools.

The IIoT Maturity Assessment is available in three levels of analysis: Quick, Standard (both open to everyone) and Detailed (IIC members only).

Data Protection Best Practices White Paper

SPS Drives Trade Fair in Nuremberg Automation News

I will only be at SPS for a few hours this year to check in with old friends and see some of the latest automation goodies. But I’m glad to be there at all. Thank you to Siemens who is sponsoring a press tour that includes a couple of days of intense cybersecurity briefings and workshops.

Oh, and a trip to Allianz Stadium to see the technology and a Bayern Munchen football match.

Some early SPS news:

  • Avnu Alliance Demonstrates New Conformance Test Reference Tool
  • OPC Foundation promises much news plus addition of Rockwell Automation

OPC Foundation

OPC Foundation has sent a couple of emails inviting us to a press briefing at SPS promising much news. I won’t be in Nuremberg on Tuesday, but I’ll catch up with Stefan and Tom for sure on Wednesday.

The mating dance has ended after a few months. Rockwell Automation has rejoined the OPC Foundation and gained a board seat. OPC Foundation has elected Juergen Weinhofer, vice president of common architecture and technology for Rockwell Automation, to its board of directors. Note that Weinhofer is also the Rockwell delegate to the ODVA board.

Weinhofer’s election to the board extends Rockwell Automation’s engagement in the technical work of the OPC Foundation and its technical advisory council.

“OPC UA has become the dominant open protocol for machine-to-software and machine-to-cloud solutions, and it is becoming critical for companies deploying a Connected Enterprise,” Weinhofer said. “I look forward to helping the OPC Foundation become a leader in machine-to-machine applications and helping OPC UA users unlock more value from their production systems.”

This quote is from the OPC news release. We should note that “Connected Enterprise” (capitalized) is the Rockwell Automation theme. I also note while parsing the comment that Rockwell is still firmly fixed in the factory floor area where Weinhofer specifically states “become a leader in machine-to-machine applications.”

“Rockwell Automation is a proven leader in industry standardization and open information technologies,” said Stefan Hoppe, president of the OPC Foundation. “I welcome not just Juergen’s business and political skills on the board but also the increased technical and commercial contribution that the wider Rockwell Automation team will also bring to the foundation.”

Avnu Alliance

Avnu Alliance, an industry consortium enabling open, standards-based deterministic networking, will exhibit at SPS IPC Drives in the University Stuttgart ISW booth. Avnu Alliance, alongside ISW and Industrial Internet Consortium (IIC), will showcase the role of conformance test plans, testbeds and test reference tools in ensuring an interoperable ecosystem of Time Sensitive Networking (TSN) devices.

“We are in cooperation with IIC, IEEE, IEC and others in creating an interoperable ecosystem through a common network foundation that stems from industry open standards and testing,” said Todd Walter, Avnu Alliance Industrial Segment Chair. “The market will continue to require multiple application layer protocols for networked industrial systems. The Avnu Alliance charter is to enable interoperability at the network layer, to ensure ‘One TSN.’ We are the organization focused on providing TSN test plans and reference test architectures to anyone in the industry that wants to test for TSN compatibility.”

As such, Avnu serves to support Fieldbus organizations by providing its TSN conformance tests and procedures to ensure those organizations’ interoperability in the wider Ethernet system.

Leveraging the industry-defined requirements for TSN network interoperability, Avnu ensures there is a universal set of test plans for conformance to guarantee interoperability at the network layer. Avnu has developed a baseline test plan in the industrial market that ensures industrial devices, whether end device, infrastructure component or silicon, conform to the relevant IEEE standards, as well as the industrial automation profile being defined by IEC/IEEE 60802 Joint Project working group.

Starting with Time Synchronization, or 802.1AS as the foundation for all TSN devices, Avnu released the first set of test plans at SPS IPC Drives in 2017. Avnu will soon publish additional conformance test plans for end devices, such as enhancements for scheduled traffic.

At SPS IPC Drives 2018, Avnu Alliance will show a new proof-of-concept (POC) Conformance Test Reference Design that offers a single, streamlined way for vendors to test TSN interoperability. The POC Conformance Test Reference Design is designed to automatically test TSN devices for compliance to 802.1AS. The demonstration features a Linux open-source test tool created by ISW in partnership with Avnu. This tool would also allow other protocol organizations to test application stacks on top of a TSN network in a streamlined way enabling one-stop certification at any test house.

Industrial Internet of Things Easier to Access and More Secure

One of the most important technologies for successful implementation of an Industrial Internet of Things program involves moving more computing and storage power to the edge.

GE has been in the news more often than it would like over the past year—my broker just called and in our discussion I mentioned writing an article about GE and he groaned.

However, GE Digital despite rumors to the contrary still lives and released some new products. One is an edge solution and the other an on-prem server solution.

Predix Edge aims at simplifying edge-to-cloud computing. GE Digital also introduced its Predix Private Cloud (PPC) solution, an on-premises deployment of the Predix platform, which gives customers the privacy, security, data sovereignty, and data isolation provided by a private cloud infrastructure.

“More than 70 percent of industrial companies are stuck in pilot purgatory – that is, they are either still at the start or unable to further advance their IIoT initiatives,” said Eddie Amos, Corporate VP, Platform & Industrial Applications, GE Digital. “Companies often face unexpected complexities in the solution design or integration, steep costs or security vulnerabilities. The custom, one-off solutions that tend to grow out of pilot projects further burden companies with ongoing maintenance, patching and upgrading over time. Realizing the full impact of IIoT requires moving beyond the pilot stage with scalable, interoperable solutions – and GE Digital helps lead them through that journey.”

The offerings GE Digital unveiled help companies bridge this gap – and offer businesses flexibility when and where they operate.

Predix Edge securely captures, processes, and analyzes data that can be managed locally or pushed to the cloud, executing the most demanding workloads at the edge and producing insights in near real time. With new functionality to help businesses accelerate the IIoT, Predix Edge provides:

Simple deployment and management capabilities out of the box, allowing users to remotely monitor and manage all their edge devices and heterogenous industrial data from a centralized management console.

Rapid time to value by supporting edge application development for almost all programming languages – such as Java, C++, Go and Python – and coming pre-integrated for use with GE Digital’s leading industrial apps like Asset Performance Management (APM) and Operations Performance Management (OPM).

Support for data storage and analysis online, offline or with intermittent connectivity in remote environments, such as offshore oil rigs or disconnected use cases where internet connectivity is never available. Predix Edge then transfers key data back to the cloud when re-connected.

Edge-to-cloud security and compliance to protect data and operations. The hardened, embedded edge operating system helps manage connected devices and remotely deploy patches, giving users the ability to control security at a deeper level.

Low latency application deployment closer to the originating data, to enable companies with limited connectivity, regulatory requirements or other constraints a way to accelerate time to value.

Processing data and applying analytics close to the device can dramatically reduce downtime, optimize maintenance schedules, and add operational value, all while reducing network and cloud costs. Predix Edge and the Predix platform work seamlessly together to provide distributed IIoT processing and analytics where they’re needed most.

To further help simplify the IIoT process, GE Digital also unveiled Predix Private Cloud (PPC), an on-premises deployment of the Predix platform and portfolio, that offers companies maximum levels of security and privacy.

Already commercially available, PPC enables IIoT connectivity, data, analytics and applications – such as Predix applications or custom applications – to be hosted on-premises, providing customers with multiple ways to deploy the Predix platform. The on-premises offering helps companies operating in high data volume scenarios access data securely in near real time and also manage edge and disconnected environments. PPC is specifically designed to meet privacy, security, data sovereignty anddata isolation requirements based on a customer’s industry, region or country.