by Gary Mintchell | Mar 24, 2016 | Automation, Internet of Things, Interoperability, Operations Management
Owner/Operators do see great benefits to standards for system-of-systems interoperability. Getting there is the problem.
Aaron Crews talked about what Emerson is doing along the lines I’ve been discussing. Tim Sowell of Schneider Electric Software hasn’t commented (that’s OK), but I’ve been looking at his blog posts and commenting for a while. He has been addressing some of these issues from another point of view. I’m interested in what the rest of the technology development community is working on.
Let’s take the idea of what various suppliers are working on and raise our point of view to that of an enterprise solutions architect. These professionals are concerned about what individual suppliers are doing, of course, but they also must make all of this work together for the common good.
Up until now, they must depend upon expensive integrators to piece all the parts together. So maybe they find custom ways to tie together Intergraph, SAP, Maximo, Emerson (just to pull a few suppliers out of the air) so that appropriate solutions can be devised for specific problems. And maybe they are still paying high rates for the integration while the integrator hires low cost engineering from India or other countries.
When the owner/operators see their benefits and decide to act, then useful interoperability standards can be written, approved, and implemented in such a way to benefit all parties.
Standards Driving Products
I think back to the early OMAC work of the late 90s. Here a few large end users wanted to drive down the cost of machine controllers that they felt were higher than the value they were getting. They wanted to develop a specification for a generic, commodity PLC. No supplier was interested. (Are we surprised?) In the end the customers didn’t drive enough value proposition to drive a new controller. (I was told behind the scenes that they did succeed in getting the major supplier to drop prices and everything else was forgotten.)
Another OMAC drive for an industry standard was PackML—a markup language for packaging machines. This one was closer to working. It did not try to dictate the inside of the control, but it merely provided an industry standard way of interfacing with the machine. That part was successful. However, two problems ensued. A major consumer products company put it in the spec, but that did not guarantee that purchasing would open up bidding to other suppliers. Smaller control companies hoped that following the spec would level the playing field and allow them to compete against the majors. In the end, nothing much changed—except machine interface did become more standardized from machine to machine greatly aiding training and workforce deployment problems for CPG manufacturers.
These experiences make me pay close attention to the ExxonMobil / Lockheed Martin quest for a “commodity” DCS system. Will this idea work this time? Will there be a standard specification for a commodity DCS?
Owner/Operator Driven Interoperability
I say all that to address the real problem—buy in by owner/operators and end users. if they drive compliance to the standard, then change will happen.
Satish commented again yesterday, “I could see active participation of consultants and vendors than that of the real end users. Being a voluntary activity, my personal reading is standards are more influenced by organizations who expect to reap benefit out of it by investing on them. Adoption of standard could fine tune it better and match it to the real use but it takes much longer! The challenge is : How to ensure end user problems are in the top of the list for developing / updating a standard?”
He is exactly right. The OpenO&M and MIMOSA work that I have been referencing is build upon several ISO standard, but, importantly, has been pushed by several large owner/operators who project immense savings (millions of dollars) by implementing the ecosystem. I have published an executive summary white paper of the project that you can download. A more detailed view is in process.
I like Jake Brodsky’s comment, “I often refer to IoT as ‘SCADA in drag.’ ” Check out his entire comment on yesterday’s post. I’d be most interested in following up on his comment about mistakes SCADA people made and learned from that the IoT people could learn. That would be interesting.
by Gary Mintchell | Feb 24, 2016 | Automation, News, Security
This partnership enhances both OT and IT cyber security for industrial smart manufacturing networks. 
SCADAfence, a pioneer in securing industrial networks in smart manufacturing industries, announced Feb. 24 an alliance with Check Point Software Technologies Ltd. This collaboration mitigates the inherent risks for manufacturers, such as operational downtime, process manipulation and theft of intellectual property, that can come with connecting operation technology (OT) networks with traditional information technology (IT) networks, in the pharmaceutical, chemical, automotive and food & beverage industries.
“We are excited to join forces with Check Point to provide manufacturers with a holistic solution that effectively protects IT/OT environments,” said Yoni Shohet, Co-founder and CEO of SCADAfence. “Together, we have developed a platform that strikes the perfect balance between security and availability by ensuring operational continuity while maximizing the pace of manufacturing.”
While combining OT and IT environments reduces costs and improves productivity for smart manufacturing companies, connecting the two environments opens OT networks to an array of risks, from malicious malware to non-malicious human error. The integration of SCADAfence’s solution and Check Point’s security solutions for IT and OT creates a comprehensive, risk-free security solution for entire industrial networks and provides security administrators with a single pane of glass for IT and OT security incidents.
With SCADAfence’s passive, non-intrusive solution, administrators and operators have visibility of day-to-day industrial operations and real-time detection of cyber-attacks. Smart manufacturers can also leverage the technology to improve their planning of IT/OT network separation, and internal OT segmentation within industrial networks.
“Check Point’s ICS/SCADA cyber security solutions provide advanced threat prevention paired with ruggedized appliance options and comprehensive protocol support with full visibility and granular control of SCADA traffic in order to ensure vital industrial assets are never compromised,” said Alon Kantor, vice president of business development, Check Point. “We are pleased to have SCADAfence join us in offering an augmented solution to help keep customers one step ahead in securing these critical infrastructure and industrial control organizations”
by Gary Mintchell | Jan 7, 2016 | Automation, Technology
Raspberry PI is an intriguing small, inexpensive computing platform. I’ve seen a number of really cool projects on various tech blogs and video podcasts. I figure there must be a number of engineers figuring out how to implement these devices to reduce cost and complexity.
Use of Linux in industrial automation has never reached any sort of critical mass. I started following it somewhere around 1999 and even started to write about Linux in automation for a Linux magazine about that time. But Microsoft Windows won (remember the 1999 ARC Forum in Orlando when the Sun guys promoting Java as an OS packed up and headed out?), and Linux has been sort of peripheral.
I keep expecting something to happen. We have moved to the cloud in a big way for many applications including HMI/SCADA. Maybe we’ll see more in the near future.
HMI for IoT and Raspberry PI and Linux
Betting on that is Tatsoft. It has released its FactoryStudio Industrial IoT (IIoT) HMI for Raspberry PI and Linux.
FactoryStudio delivers real-time information with a set of fully-integrated modules in a unified and intuitive engineering user interface. With FactoryStudio, projects can scale from local embedded devices and mobile applications up to very large, distributed, high performance fault-tolerant systems. It provides an Application Development Platform to allow easy creation of solutions for the device level itself, with Graphical real-time displays, communication protocols to PLC’s, data logging, alarm engine, local SQL storage and C#/VB.NET scripting. Those embedded applications can easily communicate with remote FactoryStudio applications on the cloud, or on premises, accessing and consolidating distributed information.
The FactoryStudio platform can also work as the presentation layer and data gateway to historian systems, such as OSIsoft PI, Prediktor APIS, and ERP systems such as SAP, or directly connect with the SQL enterprise databases.
“The development tools are the same whether you are deploying projects to Microsoft Windows computers running .NET Framework, Linux operating system with the Mono Framework and Raspberry PI devices. For Raspberry PI, we also included easy access to onboard I/O in addition to all other HMI features.” explains Marcos (Marc) Taccolini, Tatsoft LLC CTO.
This release complements the FactoryStudio multi-platform solutions that already have runtimes for Windows Compact Framework and iOS devices. According Dave Hellyer, Sr VP Marketing, “Tatsoft believes that we can use the intersection of people, data and intelligent machines to have a far-reaching impact on the productivity, efficiency and operations of industries around the world.”
by Gary Mintchell | Dec 7, 2015 | Automation, News, Security
SCADA devices and networks remain a prime target for cyber attacks. Everything I’ve written has approached cybersecurity from a different angle. This is the first solution that has come my way that uses a deception approach.
Attivo Networks announced Dec. 7, 2015 a release of its deception-based Attivo BOTsink solution that provides continuous threat detection on Industrial Control Systems (ICS) SCADA devices used to monitor and control most manufacturing operations as well as critical infrastructure such as natural gas, oil, water, and electric power distribution and transmission systems around the world. Cyberattacks on these targets can and have resulted in disruption of critical local, regional, and national government and commercial infrastructures. As a result, when they are breached, the impact on societies they serve stands to be catastrophic.
According to a study by the Pew Internet and American Life Project, 60 percent of the technology experts interviewed believe that a major cyberattack will happen. The damages to property and ensuing theft will amount tens of billions of dollars, and the loss of life will be significant.
Scalable SCADA protection
“We are proud to be the first in the industry to provide customers a globally scalable, deception-based threat detection solution for SCADA protection,” emphasizes Tushar Kothari, CEO of Attivo Networks. “Many of our customers from the energy industry have requested the extension of our Attivo Deception Platform into their production and manufacturing control networks so they can get real-time visibility and the ability to promptly identify and remediate infected devices. As one stated, ‘a breach on those networks can be catastrophic and Attivo wants to do everything we can to prevent a disaster or risk to lives.”
SCADA systems had originally been designed to monitor critical production processes without consideration to security consequences. Security had been generally handled by keeping the devices off the network and the Internet using “air gaps” where malware could only be transmitted by the thumb drives used by technicians. However, today vulnerable SCADA systems are increasingly being connected to the corporate IT infrastructure and Internet, making them easily accessible to a remote attacker.
Examples of this would be the Sandworm malware that attacked Telecommunications and Energy sectors, Havex malware that infected a SCADA system manufacturer, and BlackEnergy malware that attacks ICS products manufactured by GE, Siemens, and Advantech. These attacks primarily targeted the operational capabilities of these facilities. With the increased malicious and sophistication of malware, concerns are now escalating to fears of an irreversible disaster.
Situational awareness
“Industrial systems have increasingly come under scrutiny from both attackers and defenders,” said Chris Blask, Chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC). “Situational awareness is the focus of the ICS-ISAC and its membership, including the ability for asset owners to detect and respond to incidents on their systems.”
These devices generally have long lifecycles creating an exposed environment driven by equipment that is less hardened and patches made infrequently. Additionally, because of their critical functions, SCADA devices cannot be taken offline frequently or for any length of time. This, along with costs that can run into the millions for every hour the network is offline, has made patching very difficult, often as infrequent as once a year, leaving many industrial facilities open to attacks. These risks are quite large considering these devices are found everywhere in electrical facilities, food processing, manufacturing, on-board ships, transportations and more.
“Companies operating in critical infrastructures like energy, utilities, nuclear, oil and gas know that they are not only vulnerable to the same security issues faced by most enterprises, they have the added enticement as a rich target for cyber terrorism,” stated Tony Dao, Director Information Technology, Aspect Engineering Group. “They recognize that securing their industrial control processes is not only critical to them, but to the institutions they serve. A loss would not only have repercussions throughout their economic sector but throughout the entire economy.”
The vulnerabilities begin with the use of default passwords, hard-coded encryption keys, and a lack of firmware updates, which pave the way for attackers to gain access and take control of industrial devices. Traditional perimeter-based solutions are designed to detect attacks on these devices by looking for suspicious attack behavior based on known signature patterns. SCADA supervisory systems are computers running normal Windows operating systems and are susceptible to zero day attacks, in which there are no known signatures or software patches. Several vulnerabilities also exist in the standard and proprietary protocols within Logic Controllers. Popular protocols include MODBUS (supervision and control), DNP3 (Energy and Water), BACNET (Building Automation), and IPMI (Baseboard Management Control).
Deception technology
Attivo Networks takes a different approach to detecting cyber attacks on ICS- SCADA devices. Instead of relying on signatures or known attack patterns, Attivo uses deception technology to lure the attackers to a BOTsink engagement device. Customers have the flexibility to install their own Open Platform Communications (OPC) software while running popular protocols and PLC devices on the BOTsink solution making it indistinguishable from production SCADA devices. This provides real-time detection of BOTs and advanced persistent threats (APTs) that are conducting reconnaissance to mount their attacks on critical facility and energy networks. Additionally, BOTsink forensics capture information including new device connections, issued commands and connection termination, enabling administrators to study the attacker’s tools, techniques, and information on infected devices that need remediation.
The Attivo SCADA solution is provided through a custom software image that runs on its BOTsink appliance or virtual machine. SCADA BOTsink deployment and management are provided through the Attivo Central Manager, which provides global central device management and threat intelligence dashboards and reporting.
“To a significant degree, the growing security problems impacting industrial control systems have originated from the fact that ICSs are increasingly less and less isolated from outside networks and systems, and ICSs are now more susceptible and vulnerable to attacks,” comments Ruggero Contu, Research Director at Gartner in his Market Trends: Industrial Control System Security, 2015 report. “At the heart of this change is the demand to integrate enterprise IT systems to operational technology, and for remote connectivity.”
Check out this whiter paper. Dynamic Deception for Industrial Automation and Control Systems
by Gary Mintchell | Nov 30, 2015 | Automation, News, Operations Management, Organizations, Standards
New power generation technologies will only optimize when high capacity storage becomes reality. You never know when or where you might learn about advances.
Consider this example of always remaining open toward gaining new knowledge and contacts. My wife and I were at breakfast in a Napa Valley Bed and Breakfast on vacation last September. We began a conversation with another couple about our age regarding which winery tours might be best.
The man asked me what I did. “Write about industrial technology and applications.” You might be interested in this, he replied. Turns out he was an electrical power utility general manager and had become involved with a standards initiative–MESA. No, not the MESA (MES Association) that I’m involved with. This one develops standards for connecting to energy storage. This area holds immense importance for the future of the power grid.
Storage Standards Association
So he shared some contact information and connected me with the association. I’ve talked with people there and am sharing some information from the Website to introduce this important initiative. Expect more in the future.
(All of this information comes from the Website.)
Why MESA?
Grid-connected energy storage promises large potential benefits. And yet, before safe, affordable energy storage can deliver on its promise, electric utility customers and their suppliers must solve significant problems. Many of these problems boil down to lack of standardization.
Standards are required for any technology to be deployed at scale. The personal computer industry grew from few to millions of units per year, while dramatically improving price-performance, based on standards for its software and hardware components. Like other industries, the energy storage industry needs to organize for scale, based on a cohesive industry vision and technology standards.
MESA Standards clear barriers to growth in energy storage. By making standard connections between components possible, MESA frees utilities and vendors to focus on delivering more cost-effective electricity to more people.
Today’s Problem
Current utility-grade energy storage systems (ESS) are project-specific, one-off solutions, built using proprietary components that are not modular or interoperable. Connecting these proprietary systems with key utility control software such as SCADA platforms is cumbersome and time-consuming.
Before an ESS can function, the batteries, power converters, and software that make up the ESS must be intelligently “plugged into” each other and the electrical system. Then the ESS as a whole must be intelligently plugged into the utility’s existing information and operations technology. Without established standards, components and systems offer their own proprietary connectors, and the process of plugging them together must be repeated for each new project.
Time, Money, Safety
Connecting the proprietary pieces can result in a motley collection of custom interfaces, or “kludges,” designed to address vendor-specific hardware. Creating such systems is a complex process that comes with its own heavy baggage:
- High project costs, and decreased reliability and safety.
- Component vendors tempted to stretch their expertise and offer a complete ESS solution, losing focus on their own core competency. Instead of developing innovative, best-of-breed components—such as a better, cheaper battery—these vendors simply re-invent yet another proprietary wheel.
- One-off, proprietary solutions that are inflexible, not easily scaled, and have limited operational control. The utility customer becomes dependent on a single ESS supplier, with few options to upgrade, expand or re-purpose their energy storage investment.
Despite willing buyers (electric utilities) and willing sellers (battery, power converter, and software suppliers), market growth is limited. Significant opportunities – for example, the potential for broad deployment of standardized ESS configurations at many utility substations – are beyond the industry’s reach in its current form.
To fully enable broad deployment of grid-connected storage, and grow the market for all, standards are required to address these limitations.
The MESA Solution
Modular Energy Storage Architecture (MESA) is an open, non-proprietary set of specifications and standards developed by an industry consortium of electric utilities and technology suppliers. Through standardization, MESA accelerates interoperability, scalability, safety, quality, availability, and affordability in energy storage components and systems.
Key MESA Goals:
- Standardize communications and connections, which will accelerate interoperability and scalability.
- Give electric utilities more choice by enabling multi-vendor, component-based ESS.
- Reduce project-specific engineering costs, enabling a more robust energy storage market.
- Enable technology suppliers to focus on their core competency, facilitating quality, safety, and cost-effectiveness.
- Reduce training costs and improve safety for field staff through standardized procedures for safety and efficiency.
