by Gary Mintchell | Dec 7, 2015 | Automation, News, Security
SCADA devices and networks remain a prime target for cyber attacks. Everything I’ve written has approached cybersecurity from a different angle. This is the first solution that has come my way that uses a deception approach.
Attivo Networks announced Dec. 7, 2015 a release of its deception-based Attivo BOTsink solution that provides continuous threat detection on Industrial Control Systems (ICS) SCADA devices used to monitor and control most manufacturing operations as well as critical infrastructure such as natural gas, oil, water, and electric power distribution and transmission systems around the world. Cyberattacks on these targets can and have resulted in disruption of critical local, regional, and national government and commercial infrastructures. As a result, when they are breached, the impact on societies they serve stands to be catastrophic.
According to a study by the Pew Internet and American Life Project, 60 percent of the technology experts interviewed believe that a major cyberattack will happen. The damages to property and ensuing theft will amount tens of billions of dollars, and the loss of life will be significant.
Scalable SCADA protection
“We are proud to be the first in the industry to provide customers a globally scalable, deception-based threat detection solution for SCADA protection,” emphasizes Tushar Kothari, CEO of Attivo Networks. “Many of our customers from the energy industry have requested the extension of our Attivo Deception Platform into their production and manufacturing control networks so they can get real-time visibility and the ability to promptly identify and remediate infected devices. As one stated, ‘a breach on those networks can be catastrophic and Attivo wants to do everything we can to prevent a disaster or risk to lives.”
SCADA systems had originally been designed to monitor critical production processes without consideration to security consequences. Security had been generally handled by keeping the devices off the network and the Internet using “air gaps” where malware could only be transmitted by the thumb drives used by technicians. However, today vulnerable SCADA systems are increasingly being connected to the corporate IT infrastructure and Internet, making them easily accessible to a remote attacker.
Examples of this would be the Sandworm malware that attacked Telecommunications and Energy sectors, Havex malware that infected a SCADA system manufacturer, and BlackEnergy malware that attacks ICS products manufactured by GE, Siemens, and Advantech. These attacks primarily targeted the operational capabilities of these facilities. With the increased malicious and sophistication of malware, concerns are now escalating to fears of an irreversible disaster.
Situational awareness
“Industrial systems have increasingly come under scrutiny from both attackers and defenders,” said Chris Blask, Chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC). “Situational awareness is the focus of the ICS-ISAC and its membership, including the ability for asset owners to detect and respond to incidents on their systems.”
These devices generally have long lifecycles creating an exposed environment driven by equipment that is less hardened and patches made infrequently. Additionally, because of their critical functions, SCADA devices cannot be taken offline frequently or for any length of time. This, along with costs that can run into the millions for every hour the network is offline, has made patching very difficult, often as infrequent as once a year, leaving many industrial facilities open to attacks. These risks are quite large considering these devices are found everywhere in electrical facilities, food processing, manufacturing, on-board ships, transportations and more.
“Companies operating in critical infrastructures like energy, utilities, nuclear, oil and gas know that they are not only vulnerable to the same security issues faced by most enterprises, they have the added enticement as a rich target for cyber terrorism,” stated Tony Dao, Director Information Technology, Aspect Engineering Group. “They recognize that securing their industrial control processes is not only critical to them, but to the institutions they serve. A loss would not only have repercussions throughout their economic sector but throughout the entire economy.”
The vulnerabilities begin with the use of default passwords, hard-coded encryption keys, and a lack of firmware updates, which pave the way for attackers to gain access and take control of industrial devices. Traditional perimeter-based solutions are designed to detect attacks on these devices by looking for suspicious attack behavior based on known signature patterns. SCADA supervisory systems are computers running normal Windows operating systems and are susceptible to zero day attacks, in which there are no known signatures or software patches. Several vulnerabilities also exist in the standard and proprietary protocols within Logic Controllers. Popular protocols include MODBUS (supervision and control), DNP3 (Energy and Water), BACNET (Building Automation), and IPMI (Baseboard Management Control).
Deception technology
Attivo Networks takes a different approach to detecting cyber attacks on ICS- SCADA devices. Instead of relying on signatures or known attack patterns, Attivo uses deception technology to lure the attackers to a BOTsink engagement device. Customers have the flexibility to install their own Open Platform Communications (OPC) software while running popular protocols and PLC devices on the BOTsink solution making it indistinguishable from production SCADA devices. This provides real-time detection of BOTs and advanced persistent threats (APTs) that are conducting reconnaissance to mount their attacks on critical facility and energy networks. Additionally, BOTsink forensics capture information including new device connections, issued commands and connection termination, enabling administrators to study the attacker’s tools, techniques, and information on infected devices that need remediation.
The Attivo SCADA solution is provided through a custom software image that runs on its BOTsink appliance or virtual machine. SCADA BOTsink deployment and management are provided through the Attivo Central Manager, which provides global central device management and threat intelligence dashboards and reporting.
“To a significant degree, the growing security problems impacting industrial control systems have originated from the fact that ICSs are increasingly less and less isolated from outside networks and systems, and ICSs are now more susceptible and vulnerable to attacks,” comments Ruggero Contu, Research Director at Gartner in his Market Trends: Industrial Control System Security, 2015 report. “At the heart of this change is the demand to integrate enterprise IT systems to operational technology, and for remote connectivity.”
Check out this whiter paper. Dynamic Deception for Industrial Automation and Control Systems
by Gary Mintchell | Nov 25, 2015 | Automation, Security, Technology
Bedrock Automation extends to the industrial Ethernet domain its commitment to deliver “Simple, Scalable and Secure” automation. The SIO4.E Ethernet I/O module plugs into the Bedrock pinless electromagnetic backplane to receive Bedrock’s patented Black Fabric cyber security protection.
Each of the module’s five I/O channels is independently software configurable. The initial library of Ethernet protocols includes EtherNet/IP. Modbus TCP, OPC UA, and Profinet are slated for future releases on firmware updates. All channels also deliver Power over Ethernet (PoE).
Ethernet as a real-time control variable
Tightly coupling Ethernet into the process control and I/O network enables deployment of a wide range of edge device and enterprise data into real-time control logic, much in the same way an engineer incorporates more typical process sensor and actuator data. This results in real-time communication channels for the exchange of data between OT production and IT enterprise systems.
“Unlike an Ethernet switch traditionally sitting at Purdue levels 3 to 5 with the operations and business networks, the SIO4.E module delivers Ethernet as secure I/O at levels 0 and 1 with the sensor, actuator and process control logic. This collapses the legacy hierarchical ICS model into a simplified and inherently more secure automation architecture. Equally empowering is the deployment of OPC UA on any of the SIO4.E Ethernet I/O channels, opening up a world of opportunity and innovation while reducing all aspects of software lifecycle cost. This is the way of the future,” says Bedrock CTO and Engineering VP, Albert Rooyakkers.
Securing Ethernet I/O
Ethernet is becoming widely adopted for open industrial control system (ICS) applications because it builds on proven, high-speed stacks that have been enhanced for use on industrial devices such as robots, PLCs, sensors, CNCs and other industrial machines. Bedrock secures Ethernet I/O in many ways, including by connecting the FIPS compliant anti-tamper SIO4.E I/O module on a pinless electromagnetic backplane, embedding authentication logic, true random number generation (TRNG) and cryptographic keys into the semiconductor hardware, and by isolating information flow within each channel by way of separation kernel functionality in a secure real-time operating system (RTOS).
“Robust ICS cyber security is just part of the tremendous value that the new Bedrock module brings to process automation,” says Bedrock Automation President Bob Honor. “The fact that each channel can be software configured adds new levels of flexibility and scalability. No other I/O module allows process engineers to program so much communications capability into one system component. We are especially excited about the positive impact for ICS users. That user experience is increasingly configurable and Bedrock uniquely offers the tools and platform to shape it securely to their advantage.”
Pricing and availability
The Bedrock SIO4.E Ethernet I/O module is available at a price of $2000, about the same as a traditional Ethernet IP card. But unlike a typical Ethernet card, the five channel SIO4.E is cyber secure, software configurable for multiple protocols, and has more bandwidth, higher computing power and additional performance advantages.
by Gary Mintchell | Nov 10, 2015 | Automation, Industrial Computers, Internet of Things, Networking, News
When we wish to bring new technologies into industrial applications–especially connectivity ones, devices known as gateways bridge the gap from old to new.
For example, when we were moving toward a variety of industrial wireless protocols and some analysts and engineers were concerned about a multiplicity of connectivity points and networks, I told them that gateways would be a solution on the path to complete integration. I guess I learned that in the 80s when my first resource for computing connectivity problems was a great catalog from “Black Box.”
I wrote previously about Dell’s announced Internet of Things Gateway. Two additional ones have hit my Inbox.
First–Mentor Graphics
Mentor Graphics Corporation announced the availability of the embedded industry’s first [note: marketing people are never shy] customizable edge-to-cloud IoT solution that enables companies to get to market quickly while reducing risk, cost, and development cycles. The Mentor IoT solution comprises a customizable IoT gateway System Design Kit (SysDK), a cloud backend, and runtime solutions on which to build a wide array of IoT edge devices. It enables the most demanding IoT requirements with support from 8-bit microcontrollers to the latest 64-bit microprocessors, and deployments of 100,000+ gateways each supporting dozens of edge devices.
Customizable Gateway Reference Design
Mentor Graphics provides a feature-rich hardware and software gateway platform that can be used as-is or customized in both hardware and software to meet specific gateway requirements, including compatibility with legacy and new IoT deployments. The Gateway SysDK reference hardware utilizes the ARM Cortex-A9 based i.MX 6 series applications processor from Freescale Semiconductor.
The base reference software includes a rich Linux BSP with full support for the reference board. To support secure convergence, the Mentor Gateway SysDK can be customized to include secure gateway partitions using ARM TrustZone, which enables secure applications such as certificate management and secure remote firmware upgrades. The integration of cloud middleware supports the functionality provided from the cloud backend. By leveraging the Gateway SysDK, customers can move from concept to production in as little as eight weeks.
Connected and Secure from Edge to Enterprise
The Mentor Graphics end-to-end IoT solution includes support for a comprehensive set of physical connections complemented by a breadth of IoT and cloud protocols for wired and wireless edge device aggregation, and secure communication between the cloud backend, gateway, and edge devices. End-to-end security is provided for data communications, access control, software execution, and intrusion detection. Security integration with enterprise IT infrastructure is provided by Icon Labs’ Floodgate for McAfee ePO.
Second, Advantech
Advantech’s Industrial Automation Group announced the UNO-1252G industrial computer designed to act as a gateway for industrial applications. As small as a micro-sized PLC, the UNO-1252G is only 10cm high and DIN-rail mountable. It comes with a low power Intel Quark processor which only uses 10 watts but powerful enough to perform data transmission and sensing in IoT gateway applications.
Gateway computers are useful because they help to connect legacy devices to the IoT without needing to replace the entire infrastructure. This small, economic UNO-1252G is ideal for this purpose since it has an array of integrated I/O ports and the ability to expand even further by using a choice of iDoor modules which is Advantech’s new modular way of adding versatile functionality to choose functions that are needed without purchasing devices that have excess cost or functions that are not needed. iDoor modules can be used to add additional cards such as Wi-Fi and GPS making the UNO-1252G ideal for use in remote locations.
The UNO-1252G includes one GB SD card to run a Yocto Project Linux distribution. The Yocto Project is an open source Linux distribution which allows the development of applications using an SDK. The UNO-1252G supports Advantech software applications such as SUSIAccess for remote control and monitoring. Also, two 10/100 LAN ports, a mPCIe card slot, five LED indicators for power, battery, SD card, COM ports and three programmable indicators to assign your own functions.
by Gary Mintchell | Nov 9, 2015 | Automation, News, Technology
My grandson was asking about why can’t we build a better light bulb and design better batteries. He’s eight. If he keeps asking the big questions, he’ll have a good future.
I told him that there would always be problems to solve, that’s why we would need engineers and scientists. He asked, what kind of questions. I told him about the need to develop robots that could work with people. This technology will become increasingly useful to help an aging population cope with physical limitations. It will also help production when we (shortly) face a declining workforce.
I like to point to the work of Rethink Robotics. It recently announced that its Sawyer robot, the company’s second smart, collaborative robot designed for a wide range of factory environments, is available for purchase and is being deployed by manufacturers across the globe. Announced in March, Sawyer is a single-arm, high-performance robot created to handle machine tending, circuit board testing and other precise tasks that have been difficult to automate with existing robots.
Weighing only 19 kilograms (42 pounds), Sawyer features a 4kg (8.8 lbs.) payload, with seven degrees of freedom and a 1260mm reach that can maneuver into the tight spaces and varied alignments of work cells designed for humans. Its high resolution force sensing, embedded at each joint, enables Rethink Robotics’ compliant motion control, which allows the robot to “feel” its way into fixtures or machines, even when parts or positions vary. This characteristic enables a repeatability that is unique to the robotics industry, and allows Sawyer to work effectively in semi-structured environments on tasks requiring 0.1mm of tolerance.
Sawyer offers a unique combination of features that distinguish it from other conventional and collaborative robots, including compliant motion control, embedded vision with a built-in Cognex camera and Rethink’s Robot Positioning System, a component of the proprietary and industry-leading Intera software platform. Powering both Sawyer and Rethink’s first collaborative robot, Baxter, the Intera system makes deploying the robots far easier than typical industrial robots. While traditional robots typically take an average of 200 hours to program and deploy, Sawyer can be deployed in under two hours and can easily be trained by typical factory technicians – not roboticists.
Sawyer is purpose-designed for enterprise-level deployments, with a useful life of 35,000 hours of operation. The robot is IP54-rated, making it ideal for harsh factory environments. Since its introduction, Sawyer has been field tested extensively at leading manufacturers’ sites around the world, and is currently being deployed on production lines in many of those facilities.
The process improves the efficiency of the product line while allowing GE’s employees to handle the more dexterous and cognitive work needed to complete the task.
General Electric has been testing Sawyer over the past month and will deploy their first robot in a GE Lighting plant in Hendersonville, North Carolina. A prime example of true human-robot collaboration, Sawyer will be on a production line positioning parts into a light fixture as a GE employee completes the assembly. The process improves the efficiency of the product line while allowing GE’s employees to handle the more dexterous and cognitive work needed to complete the task.
“The ability to deploy a smart, collaborative robot like Sawyer provides a significant flexibility advantage to our production team, while still meeting our world class quality, precision and speed standards,” said Kelley Brooks, global advanced manufacturing & engineering leader at GE Lighting. “Utilizing this technology is an integral part of our Brilliant Factory initiative to connect all parts of the supply chain from product design, to engineering, to the factory floor and beyond in order to deliver customized LED solutions for our customers.”
Sawyer is also set to be deployed in Steelcase Inc.’s (NYSE: SCS) Grand Rapids factory, where it will work in tandem with the company’s welding machine. Sawyer will work to pick and place parts in pairs of two, enabling a completely autonomous welding process. The robot’s small footprint, long reach and higher payload capacity make it ideal for the Steelcase team. In addition to handling changes in parts and lines seamlessly, Sawyer’s IP54 rating allows the robot to work in manufacturing environments with liquids and particle hazards present.
“Having already deployed several Baxter robots successfully, we’ve seen the value that collaborative robots bring to the factory floor,” said Edward Vander Bilt, leader of innovation at Steelcase. “These robots are the game-changers of modern manufacturing, and Rethink Robotics is leading the evolving relationship between humans and machines that allow each to do what they do best.”
Sawyer is a significant addition to the company’s smart, collaborative robot family, which also includes the groundbreaking Baxter robot that defined the category of safe, interactive, affordable automation. Sawyer is available for purchase in manufacturing environments throughout North America, Europe and Asia-Pacific.
“After announcing Sawyer in March, the worldwide demand we have seen for the robot has been overwhelming,” said Rethink Robotics President and Chief Executive Officer Scott Eckert. “Manufacturers around the globe understand that Sawyer opens the door for a wealth of new applications and opportunities to improve their business, and they are eager to get it onto their production floors.”
by Gary Mintchell | Nov 4, 2015 | Internet of Things, News, Operations Management, Software
The famous Internet of Things would be just so many useless streams of bits without a place to store them before analysis can be done. Therefore, the importance of the Cloud. Microsoft has jumped in big time with its Azure Cloud.
Early last month, Microsoft held AzureCon and announced new solutions spanning containers, security, infrastructure and the Internet of Things (IoT) that enable organizations of all sizes to transform their business in today’s mobile-first, cloud-first world.
“We live in a connected world, and the intelligent cloud is powering it all,” said Scott Guthrie, executive vice president of Microsoft’s Cloud + Enterprise Division. “As data and devices continue to proliferate, there is vast opportunity for businesses to tap into their data to make their applications more intelligent. Through our offerings across applications, data and IoT, and cloud infrastructure, we are enabling companies to innovate more easily and rapidly, using the tools and platforms they know and love.”
Innovation through choice and simplicity
Applications are at the heart of business growth and transformation, and containerization is an increasingly popular way to maximize application value. Furthering its commitment to container technology and extending customer choice, Microsoft announced a new Azure Container Service that will combine the openness of Apache Mesos and Docker with the hyper-scale of Azure for container orchestration and management. With the service, organizations using Azure will now be able to easily deploy and configure Mesos to cluster and schedule Dockerized applications across multiple virtual hosts. Unlike many other container services in market today, this offering is based on open source to enable customer choice across the ecosystem and will support Windows Server containers in the future. The service will be available for preview by the end of the year.
Internet of Things and big data
The intelligent cloud is powered by data. Microsoft announced that its Azure IoT Suite is now available for customers to purchase. The Azure IoT Suite integrates with a company’s existing processes, devices and systems to build and scale IoT projects across their business using preconfigured solutions. In addition, Microsoft announced the new Microsoft Azure Certified for IoT program, an ecosystem of partners whose offerings have been tested and certified so businesses can take their next IoT project from testing to production, more quickly. Current partners include BeagleBone, Freescale Intel Corporation, Raspberry Pi, Resin.io, Seeed Technology Inc., and Texas Instruments Inc.
Microsoft also announced the expansion of Azure Data Lake. This includes Azure Data Lake Analytics, Azure Data Lake Store, a new programming language U-SQL, and Azure HDInsight general availability on Linux.
Intelligent infrastructure
Security is often cited as a top concern when moving to the cloud. Microsoft announced Azure Security Center, a new integrated experience that gives customers visibility and control of the security of their Azure resources without impeding agility, and helps customers stay ahead of threats even as they evolve.
This service integrates with security solutions from companies such as Barracuda, Checkpoint, Cisco Systems Inc., CloudFlare, F5 Networks, Imperva, Incapsula and Trend Micro Inc. In addition to enabling integrated security, monitoring and policy management, Azure Security Center also provides recommendations. By analyzing information gathered from customers’ deployments and comparing with global threat intelligence aggregated by Microsoft, the service introduces ability to detect threats while taking the guesswork out of cloud security. Azure Security Center will be broadly available for Azure customers by the end of the year.
Finally, continuing investments to deliver industry-leading compute capacity, Microsoft is announcing the N-series, a new family of Azure Virtual Machines (VMs) powered by NVIDIA GPUs. GPUs have long been used for compute and graphics-intensive workloads. Microsoft is the first hyper-scale provider to announce VMs featuring NVIDIA Grid 2.0 technology and the industry-leading Tesla Accelerated Computing Platform for professional graphics applications, deep learning, high-performance computing and more. A preview will be available in a few months.
Microsoft announced the Azure Compute Pre-Purchase Plan, a new pricing program designed for customers with steady state, predictable workloads on Azure. With this new offer, customers who pre-purchase Azure compute for one year can realize cost savings of up to 63 percent. This plan will be available globally starting Dec. 1.
