by Gary Mintchell | Dec 21, 2015 | Data Management, News, Operations Management
PwC US does some interesting and relevant research for my areas of interest. Here are details of the latest.
After five years of anemic economic recovery, manufacturers continue to add inventory to their books much faster than GDP growth. In order to better manage inventory levels while still ensuring the right part is in the right place at the right time, manufacturers are increasingly relying on advanced information management solutions, according to a survey released by PwC US in collaboration with Manufacturers Alliance for Productivity and Innovation (MAPI).
Further, inventory turns – which indicate whether the supply chain is getting more efficient at moving goods from suppliers to customers – have declined steadily since 2011. PwC and MAPI surveyed senior executives from 75 global manufacturers (with U.S. headquarters) to better understand this decline in inventory performance and polled respondents on the effectiveness and benefits of using advanced inventory data management strategies to reduce inventory.
“Inventory is often considered by manufacturers to be the most valuable category of assets on their books; however, it can tie up large amounts of cash and diminish in value for a host of reasons,” said Stephen Pillsbury, principal in PwC’s U.S. industrial products practice. “As a result, it has become common practice for manufacturers to minimize inventory as much as possible without hurting customer service levels. While they continue to focus on managing inventory, they seem to have reached a point of diminishing returns and are now turning to advanced information management solutions to further reduce their inventory.”
Benefits of Effective Information Management
When it comes to enabling agility, responsiveness and operating flexibility, 37 percent of respondents reported that their core ERP system was either not very effective or ineffective. Conversely, the other respondents with effective ERP systems were quite bullish on the usefulness of their supply chain visibility (SCV) systems when it comes to replacing inventory and costs with actionable and timely data.
Interestingly, companies with ineffective ERP systems experienced an average annual margin erosion of 3.5 percent while those with effective systems in place experienced an average growth of 2 percent. Companies with both effective ERP and SCV systems had even higher margins at 2.4 percent. Put another way, we found a clear connection between strong margin performance and effective ERP implementations.
In regards to inventory turns, almost half of those surveyed said their supply chain system was effective or very effective while one third said their system was not very effective or ineffective at replacing inventory and costs with actionable and timely data. When comparing the two groups, the companies with effective SVC systems outperformed the ineffective ones by 30 percent.
“Information management systems matter because they get the right information to the right place at the right time in order to improve effectiveness,” said Cam Mackey, SVP, Operations and Partnerships, MAPI. “To that end, many companies have invested a great deal of time and money implementing ERP and SVC systems. Together, these platforms can provide manufacturers with detailed information including orders, lead times, stock quantities and locations. Effectively integrating these information systems enables manufacturers to do a better job of synchronizing supplier deliveries with production schedules and customer orders, resulting in improved customer service and less overall inventory.”
Improving Supply Chain Management
In an effort to improve supply chain management, many companies are embracing SCV systems – enabling companies to track and manage raw materials, work-in-process, and finished goods across the extended supply chain. When fully implemented, they provide extensive demand, planning, supply and inventory information throughout the supply chain, enabling users to optimally balance customer service levels with costs to serve. Of those surveyed, 70 percent reported having a SCV system in place.
As effective systems drive better margin growth and higher turns, companies are still experiencing inventory growth and supply chain issues. When asked about the factors having the biggest impact on supply chain visibility, uncertainty of supplier deliveries and unpredictable customer demand were among the responses most cited. While SCV systems are intended to link customer demand to production schedules and supplier orders/deliveries, respondents continue to cite problems with forecast accuracy.
Respondents also addressed their ability to maintain optimal inventory levels, listing lack of discipline in operating processes and practices, a high degree of product complexity or number of stock keeping units (SKUs), and poor forecasts from marketing/sales as having significant impact.
Many of the factors listed above are driven by management disciplines, not information systems. The management discipline that most strongly addresses these factors is integrated materials management (IMM), commonly enabled through sales, inventory, and operations planning. This discipline is focused on synchronizing sales forecasts with delivery commitments and material supplies and involves all of a company’s key functional stakeholders. According to Mackey, “While systems matter, the bottom line is that effective supply chain visibility all comes down to management discipline.”
“The single biggest driver of excess inventory and unreliable delivery performance is inadequate material management practices. While SCV systems can greatly enhance IMM they cannot replace disciplined review and approval by critical management stakeholders. To make this task easier and more effective requires buy-in and coordination across key functions in the organization – even with the best technology in the world, it still comes back to management discipline,” Pillsbury said.
For more information, download the report here: Inventory Performance Today: Why is it Declining?
by Gary Mintchell | Dec 9, 2015 | Internet of Things, News
The Internet of Things (IoT), or specifically the Industrial Internet of Things (IIoT), is all the rage right now. All companies want to be seen to be developing it. Or using it. I’ve even seen some standards bodies ask how their standards reflect the Internet of Things.
There are some problems here. No one really knows what the Internet of Things is. Maybe because all the analysts (including me) are rushing to be the one to provide the definitive definition. I’ve been discussing “ecosystem” to describe the phenomenon in its entirety. Recently I saw another analyst also use the term.
Further, there are no standards. If you don’t know what it is, then there can be no standards. However, it is built upon standards. IP communications, for example.
Kepware Technologies is taking a stab at the situation. It announced Dec. 8 the launch of its IoT Alliance program. The alliance is composed of a strategic network of IoT solutions providers that are committed to growing the global IoT market potential and shaping the direction of industry through smart technology, thought leadership, and marketing initiatives. Alliance members will have access to proprietary technology from Kepware that enables their respective solutions to access industrial data from the industry’s communications platform, KEPServerEX.
“The IoT Alliance has the potential to be a disruptive force in the Industrial Automation market,” said Tony Paine, CEO, Kepware. “By collaborating closely with Kepware and fellow alliance members, we have the capability to release new, innovative, and proven solutions—reducing risk and accelerating time to market. This translates to tangible IoT solutions for our customers.”
Kepware offers IoT Alliance members a connected network of more than 40 technology partners, 80 system integrators, and 90 Kepware resellers operating in more than 100 countries. By establishing relationships between alliance members and existing partners, Kepware aims to introduce members to new markets and opportunities. Furthermore, the alliance offers members proprietary insight into Kepware’s product road map and creates a safe environment for interoperability and proof of concept testing.
Kepware recently released the IoT Gateway for KEPServerEX, which streams industrial data into Cloud and on-premise solutions for real-time analytics.
The initial Alliance partners are:
- Aizoon – sells Consulting Services in IT, Innovation for business, Engineering, Process and Organization, Cyber Security, IoT, Smart Factory
- Altizon – created an Enterprise Internet of Things (IoT) Platform with special focus on Manufacturing and CleanTech (Energy) Sectors
- DeviceLynk – embraces Industrial IoT technology by creating informative dashboards that are cloud based and capable of collecting and visualizing data from any connected device
- Falkonry – enables analysts to produce real-time condition predictions from complex sensor datasets
- Informatica – delivers enterprise data integration and management software powering analytics for big data and cloud
- IOT Technology Solutions – provides product management resources and customer teams that deliver the complete definition, architecture, design, coding, testing and deployment of an IoT platform, solution or product
- Mnubo – it’s SmartObjects service transforms ‘connected things’ into ‘smart objects’. Its focus is to help extract true value from sensor data by delivering advanced real-time analytics, strategic insights and enabling richer applications
- Perseus – provider of managed services for high-precision, high-speed, high-performance applications
- Splunk – operational intelligence platform that allows customers to search, monitor, analyze and visualize machine data
- ThingWorx – A PTC company providing connectivity solutions
by Gary Mintchell | Dec 7, 2015 | Automation, News, Security
SCADA devices and networks remain a prime target for cyber attacks. Everything I’ve written has approached cybersecurity from a different angle. This is the first solution that has come my way that uses a deception approach.
Attivo Networks announced Dec. 7, 2015 a release of its deception-based Attivo BOTsink solution that provides continuous threat detection on Industrial Control Systems (ICS) SCADA devices used to monitor and control most manufacturing operations as well as critical infrastructure such as natural gas, oil, water, and electric power distribution and transmission systems around the world. Cyberattacks on these targets can and have resulted in disruption of critical local, regional, and national government and commercial infrastructures. As a result, when they are breached, the impact on societies they serve stands to be catastrophic.
According to a study by the Pew Internet and American Life Project, 60 percent of the technology experts interviewed believe that a major cyberattack will happen. The damages to property and ensuing theft will amount tens of billions of dollars, and the loss of life will be significant.
Scalable SCADA protection
“We are proud to be the first in the industry to provide customers a globally scalable, deception-based threat detection solution for SCADA protection,” emphasizes Tushar Kothari, CEO of Attivo Networks. “Many of our customers from the energy industry have requested the extension of our Attivo Deception Platform into their production and manufacturing control networks so they can get real-time visibility and the ability to promptly identify and remediate infected devices. As one stated, ‘a breach on those networks can be catastrophic and Attivo wants to do everything we can to prevent a disaster or risk to lives.”
SCADA systems had originally been designed to monitor critical production processes without consideration to security consequences. Security had been generally handled by keeping the devices off the network and the Internet using “air gaps” where malware could only be transmitted by the thumb drives used by technicians. However, today vulnerable SCADA systems are increasingly being connected to the corporate IT infrastructure and Internet, making them easily accessible to a remote attacker.
Examples of this would be the Sandworm malware that attacked Telecommunications and Energy sectors, Havex malware that infected a SCADA system manufacturer, and BlackEnergy malware that attacks ICS products manufactured by GE, Siemens, and Advantech. These attacks primarily targeted the operational capabilities of these facilities. With the increased malicious and sophistication of malware, concerns are now escalating to fears of an irreversible disaster.
Situational awareness
“Industrial systems have increasingly come under scrutiny from both attackers and defenders,” said Chris Blask, Chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC). “Situational awareness is the focus of the ICS-ISAC and its membership, including the ability for asset owners to detect and respond to incidents on their systems.”
These devices generally have long lifecycles creating an exposed environment driven by equipment that is less hardened and patches made infrequently. Additionally, because of their critical functions, SCADA devices cannot be taken offline frequently or for any length of time. This, along with costs that can run into the millions for every hour the network is offline, has made patching very difficult, often as infrequent as once a year, leaving many industrial facilities open to attacks. These risks are quite large considering these devices are found everywhere in electrical facilities, food processing, manufacturing, on-board ships, transportations and more.
“Companies operating in critical infrastructures like energy, utilities, nuclear, oil and gas know that they are not only vulnerable to the same security issues faced by most enterprises, they have the added enticement as a rich target for cyber terrorism,” stated Tony Dao, Director Information Technology, Aspect Engineering Group. “They recognize that securing their industrial control processes is not only critical to them, but to the institutions they serve. A loss would not only have repercussions throughout their economic sector but throughout the entire economy.”
The vulnerabilities begin with the use of default passwords, hard-coded encryption keys, and a lack of firmware updates, which pave the way for attackers to gain access and take control of industrial devices. Traditional perimeter-based solutions are designed to detect attacks on these devices by looking for suspicious attack behavior based on known signature patterns. SCADA supervisory systems are computers running normal Windows operating systems and are susceptible to zero day attacks, in which there are no known signatures or software patches. Several vulnerabilities also exist in the standard and proprietary protocols within Logic Controllers. Popular protocols include MODBUS (supervision and control), DNP3 (Energy and Water), BACNET (Building Automation), and IPMI (Baseboard Management Control).
Deception technology
Attivo Networks takes a different approach to detecting cyber attacks on ICS- SCADA devices. Instead of relying on signatures or known attack patterns, Attivo uses deception technology to lure the attackers to a BOTsink engagement device. Customers have the flexibility to install their own Open Platform Communications (OPC) software while running popular protocols and PLC devices on the BOTsink solution making it indistinguishable from production SCADA devices. This provides real-time detection of BOTs and advanced persistent threats (APTs) that are conducting reconnaissance to mount their attacks on critical facility and energy networks. Additionally, BOTsink forensics capture information including new device connections, issued commands and connection termination, enabling administrators to study the attacker’s tools, techniques, and information on infected devices that need remediation.
The Attivo SCADA solution is provided through a custom software image that runs on its BOTsink appliance or virtual machine. SCADA BOTsink deployment and management are provided through the Attivo Central Manager, which provides global central device management and threat intelligence dashboards and reporting.
“To a significant degree, the growing security problems impacting industrial control systems have originated from the fact that ICSs are increasingly less and less isolated from outside networks and systems, and ICSs are now more susceptible and vulnerable to attacks,” comments Ruggero Contu, Research Director at Gartner in his Market Trends: Industrial Control System Security, 2015 report. “At the heart of this change is the demand to integrate enterprise IT systems to operational technology, and for remote connectivity.”
Check out this whiter paper. Dynamic Deception for Industrial Automation and Control Systems
by Gary Mintchell | Dec 5, 2015 | Automation, Internet of Things, Networking, Operations Management, Standards
Katherine Voss, president and executive director of ODVA
ODVA announced several enhancements to its EtherNet/IP and CIP specifications during the SPS IPC Drives Trade Fair in Nuremberg. The first relates to cybersecurity. The second involves time-sensitive networking.
ODVA announced that it has achieved a milestone with the pending publication of a new volume in its specifications specifically dedicated to cybersecurity. This body of work will be released under the name of CIP Security and will join the family of distinctive CIP services which includes CIP Safety, CIP Energy, CIP Sync, and CIP Motion. CIP Security will be initially applicable to EtherNet/IP.
Because EtherNet/IP relies on commercial-off-the-shelf (COTS) technologies for Ethernet and the Internet, users have been able to deploy traditional defense-in-depth techniques in EtherNet/IP systems for some time, explained by ODVA as early as 2011 in its publication “Securing EtherNet/IP Networks.” CIP Security will help users take additional steps to protect their industrial control systems with industry-proven techniques for securing transport of messages between EtherNet/IP devices and systems and thus reduce their exposure to cybersecurity threats.
The initial release of CIP Security includes mechanisms to address spoofing of identity, tampering with data and disclosing of information. Mechanisms supported in the initial release of CIP Security include device authorization, integrity of message transport and confidentiality of messages. To support these mechanisms, ODVA has adapted encryption standards from the Internet Engineering Task Force (IETF) for encryption based on Transport Layer Security (TLS), Data Transport Layer Security (DTLS) and authentication based on the X.509v3 standard for certificate handling. Details of ODVA’s initial implementation of CIP Security and outlook for the future were presented in a technical paper at ODVA’s 2015 Industry Conference and 17th Annual Meeting of Members.
“The publication of the volume dedicated to cybersecurity in The EtherNet/IP Specification is the next step in providing users with methods to help them manage threats and vulnerabilities in EtherNet/IP systems,” said Katherine Voss, ODVA president and executive director. “Following this publication will be the realization of the mechanisms provided by CIP Security in ODVA CONFORMANT EtherNet/IP products.”
ODVA’s focus on cybersecurity is not only a function of increased emphasis on cybersecurity for industrial control systems but also because of the widespread adoption of EtherNet/IP in broad range of applications from manufacturing to critical infrastructure. As a result of the breadth of applications, the next edition of The EtherNet/IP Specification will expand support for IEC 62439-3 “Industrial communication networks – high availability automation networks – part 3” to include High Availability Seamless Redundancy (HSR) in addition to Parallel Redundancy Protocol (PRP). HSR is commonly used in electrical substation automation as specified in IEC-61850. Other high reliability techniques supported in The EtherNet/IP Specification include Rapid Spanning Tree (RSTP) and Device Level Ring (DLR).
Other ODVA Industrial Networking News
One area of focus will be the adaptation of certain emerging standards for Time-Sensitive Networking (TSN) to EtherNet/IP. In particular, ODVA will create enhancements to The EtherNet/IP Specification for frame preemption and stream reservation based on the standards being defined in the IEEE-802.1 projects. ODVA’s adaptation of TSN technologies is a straightforward evolution of the EtherNet/IP technology, which relies on commercial-off-the-shelf (COTS) technologies for Ethernet and the Internet to solve demanding applications in industrial automation. Users of EtherNet/IP will be able to realize performance improvements in systems using EtherNet/IP by as much as two orders of magnitude by combining TSN with existing standards already included in The EtherNet/IP Specification, such as Quality of Service, Gigabit Ethernet and CIP Sync — ODVA’s adaptation of IEEE-1588.
To complement the adoption of EtherNet/IP in a diverse range of industries and applications, ODVA is expanding CIP to include data models to facilitate the exchange of application information within EtherNet/IP systems and between EtherNet/IP systems and supervisory systems which may or may not use EtherNet/IP. One application area where specification enhancements are underway is the adaptation of the recommendations in NAMUR NE-107 “Self-monitoring and Diagnosis of Field Devices“ to the data format and access methods needed to retrieve such process data from EtherNet/IP field devices. Another application area where enhancements to the ODVA specifications are expected in 2016 is the inclusion of a machine data model and services for machine-to-supervisory communications. By instantiating standards for application data models for process field devices and machinery, EtherNet/IP will provide yet another way for users to decrease their reliance on proprietary implementations by using vendor-independent standards designed for multi-vendor interoperablity.
ODVA is now expanding The EtherNet/IP Specification to include standards for the integration of data between EtherNet/IP and HART and IO-Link. Joining the already-published integration of data between EtherNet/IP and Modbus-TCP, these standards will allow users to accelerate their progress towards a converged network architecture.
“Because EtherNet/IP is based on commercial-off-the-shelf technologies and uses widely accepted standards from the Ethernet and Internet, EtherNet/IP is now a major industry catalyst for the realization of the Industrial Internet of Things,” said Katherine Voss, ODVA president and executive director. “The enhancements to EtherNet/IP that are underway for 2016 are at the forefront of innovations that are driving the future of industrial automation toward the fourth industrial revolution.”
by Gary Mintchell | Dec 4, 2015 | Operations Management
Early in my career management decided that I would be a good candidate to learn cost accounting. I never had that position, but I went deep into manufacturing cost.
That is why I like to keep up with the area. Several years ago John Jackiw at a MESA meeting recommended I contact the Resource Consumption Accounting Institute and Larry White, the executive director. Larry wrote columns for me during my time at Automation World. One of his columns was the most read on the Website for years.
Here is a column from the latest newsletter. If you’re interested in a deeper dive, RCAI’s monthly Webcast is next Friday, Dec. 12, at 12:00 EST for 30 minutes.
From Larry White:
As I attend professional accounting activities on local, national, and international levels, I get no arguments against my statements that traditional financial accounting, the supporting general ledger structure, and the internal and external financial reports that result do a poor job of providing cost information for internal decision support. So I’ve taken to asking the question: If you aren’t doing great costing, what information compensates for the shortfall?
The most frequent answer I get is “nothing”. If I can extend the inquiry, I ask a series of questions to see if I can figure out how the organization compensates. My usual inquiry path is:
- Does the company has a large gross margin and, therefore, is revenue information really sufficient for decision making? I seldom get a “yes” answer.
- Is the operations area of the organization aggressively focusing on process improvement and creating efficiencies? The typical answer is “to some extent”.
- Is there a strong organizational focus on the cash flow impacts of improvement and other decisions? Again, I get “to some extent”.
- Do you have a particularly strong budgeting and planning process, insightful budget performance reviews, and ongoing evaluation and analysis activities? The answer is usually “not particularly”.
The conclusion is that most organizations muddle through with the costing they have. They address decisions as special situations, requiring a special analysis, or use existing cost information and historical decision precedents. Most say they really don’t know how to put in place something better and don’t think executive management would support the effort.
If you are reading this, you know solid approaches exist for creating integrated internal and cost information. What’s your experience with how companies compensate for low quality cost information and what activities or other information are used to compensate?
Don’t hesitate to send me your comments or questions pertaining to any RCA related topic.
