Security comes first to mind whenever we begin discussing connecting things in an industrial setting. And, of course, nothing connects things like the Industrial Internet of Things (IIoT). One place we often fail to consider in our security planning is at the endpoint of the network. Organizations and companies have been providing valuable assistance to developers by releasing best practices white papers. Here is one from a leading Industrial Internet organization.
The Industrial Internet Consortium (IIC) announced publication of the Endpoint Security Best Practices white paper. It is a concise document that equipment manufacturers, critical infrastructure operators, integrators and others can reference to implement the countermeasures and controls they need to ensure the safety, security and reliability of IoT endpoint devices. Endpoints include edge devices such as sensors, actuators, pumps, flow meters, controllers and drives in industrial systems, embedded medical devices, electronic control units vehicle controls systems, as well as communications infrastructure and gateways.
“The number of attacks on industrial endpoints has grown rapidly in the last few years and has severe effects. Unreliable equipment can cause safety problems, customer dissatisfaction, liability and reduced profits,” said Steve Hanna, IIC white paper co-author, and Senior Principal, Infineon Technologies. “The Endpoint Security Best Practices white paper moves beyond general guidelines, providing specific recommendations by security level. Thus, equipment manufacturers, owners, operators and integrators are educated on how to apply existing best practices to achieve the needed security levels for their endpoints.”
The paper explores one of the six functional building blocks from the IIC Industrial Internet Security Framework (IISF): Endpoint Protection. The 13-page white paper distills key information about endpoint device security from industrial guidance and compliance frameworks, such as IEC 62443, NIST SP 800-53, and the IIC IISF.
Equipment manufacturers, industrial operators and integrators can use the Endpoint Security Best Practices document to understand how countermeasures or controls can be applied to achieve a particular security level (basic, enhanced, or critical) when building or upgrading industrial IoT endpoint systems, which they can determine through risk modeling and threat analysis.
“By describing best practices for implementing industrial security that are appropriate for agreed-upon security levels, we’re empowering industrial ecosystem participants to define and request the security they need,” said Dean Weber, IIC white paper co-author, and CTO, Mocana. “Integrators can build systems that meet customer security needs and equipment manufacturers can build products that provide necessary security features efficiently.”
While the white paper is primarily targeted at improving the security of new endpoints, the concepts can be used with legacy endpoints by employing gateways, network security, and security monitoring.
The full Endpoint Security Best Practices white paper and a list of IIC members who contributed can be found on the IIC website.
Let me try to summarize a number of other news items gleaned from the ARC Forum featuring edge computing, IIoT Platforms, and technology. When ARC’s Paul Miller told me it would be the best ever, he turned out not to be exaggerating. More people, more news.
Stratus Technologies, known for years for secure servers, released an edge computing device. Interest in computing at the edge of the network has blossomed lately, with many companies releasing products. Lots of choices for users.
Integration Objects, firmly within another important trend, introduced an Industrial Internet of Things (IIoT) Platform. I’m beginning to see articles about users latching on to these platforms rather than building their own ad hoc connections among IoT devices and applications.
UL discussed standards with me during the show. The company known for developing safety standards and then testing for compliance has developed also a security standard. And it tests to it for compliance.
HIMA is another company combining safety and security technologies. There is so much in common between the two–especially thought processes and planning.
Yokogawa has extended and rebranded its process automation offering, now called Synaptic Business Automation. Among other things, it has refined the dashboard into a “karaoke” style.
Bentley Systems discussed the combining of engineering design tools with digital photography and other digital technologies to better represent the engineering and design of a plant. This is the most cutting edge technology I saw during the week, but I cannot do it justice in a paragraph. I encourage a tour of the Website.
Dell EMS Internet of Things (IoT) group assembled a mini supply chain as its booth at the user conference Dell EMS World in Las Vegas in May. At the October Dell EMS World in Austin, these were put together as an ice cream factory and distribution, and the booth featured an ice cream machine. I sure could have used an ice cream by the time I got through all the exhibits.
The Dell IoT Gateway was the common denominator of the exhibit tying everything together.
The first station features construction. Here are a couple of guys trying out the DAQRI augmented reality helmets. I had the opportunity to try these in Hannover. A really cool application of AR.
They are looking at a combination of the construction (see the red “steel” framework) and drawings that show the layout of electrical conduit, HVAC ducting, and other details. As a construction worker, they can get a feel of where things go, as well as spot interferences the designer missed.
This station showed product on its way to market through sensing and communication from Nokia.
Below is a layout of the Emerson process manufacturing system.
They brought actual pipe, pump, motor, instruments, wirelessHART communication. No, it didn’t make ice cream.
This station featured IMS Evolve–an application that brings sensor data into the cloud and provides track and trace, as well as other analytics, assuring the safety of the food product through the supply chain from the point of view of proper temperature.
Don’t forget security! Here is a photo of a physical security video system from V5.
The Dell Gateway is an edge device capable of accumulating data from the disparate sources, performing storage and analysis at the edge then sending information to the cloud for further analysis. It seems that everywhere I go, the “edge” is the place where innovation is centered right now. This simple demo showed the power of the edge.
OPC UA was everywhere in the Digital Factory and automation areas of Hannover Fair 2017. Not only was the expanded OPC Foundation stand busy, an “OPC Wall” at the Microsoft stand was constantly packed. Microsoft executives took attendees on a digital path using OPC UA from the factory to the Azure cloud.
Spokespeople pointed out that OPC UA was crucial to a solution that was open, secure, and agnostic. While waiting for the finalization of OPC UA pub/sub (publish / subscribe), they wrote a transport in JSON and AMQP to get there.
The OPC Foundation announced an open-source implementation of the OPC UA technology, available on GitHub to truly enable the OPC community successful adoption of OPC UA across all markets and all platforms.
Microsoft contributed a huge amount of lines of code to this open source effort.
OPC UA is the set of standards for multivendor multiplatform secure reliable interoperability for moving /information from the embedded world to the cloud. The testimonial to the standards is a complete reference implementation that is now been posted as an open-source implementation, replacing the original OPC Foundation .NET deliverables that were developed and maintained for the last 10 years.
The original OPC Foundation .NET OPC UA reference implementation has been available to OPC Foundation members and last year was provided as an open-source implementation on GitHub. This version was targeted and limited to Microsoft Windows only.
The new OPC Foundation reference stack, based on the new .NET Standard Library technology, was developed and optimized by Microsoft to serve as the complete platform-independent infrastructure, from the embedded world to the cloud. This new version is enabled on the following supported platforms: Various Linux distributions, iOS, Android, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Phone, HoloLens and the Azure cloud.
One of the important features of the .Net Standard stack is the expansion of the security features to meet the needs of the Industrial Internet of Things (IIoT) applications, as well as the requirements of “Plattform Industrie 4.0”.
Additional benefits of the OPC UA .Net Standard Stack include:
- The .Net Standard stack is cross platform specifically enabling OPC UA applications.
- The .Net Standard API portability strategy is all about developing once and running everywhere: No need to special-case OS-specific functionality.
- The architecture of the .Net Standard stack focuses on managed code, which translates to rapid application development.
- Microsoft deliberately enabled the creation of NuGet packages, which allows suppliers to quickly integrate OPC UA support into their application with a few simple clicks.
- The .Net Standard stack includes increased security inclusive of support for SHA512.
- The .Net Standard stack enable support for cross-platform UI design tools through Xamarin.
- Microsoft has provided, in conjunction with the OPC Foundation, an extremely rich set of sample applications, inclusive of reference clients, reference servers, an aggregation server, an OPC classic wrapper and a web application to quickly display OPC UA telemetry data sent to the cloud.
- Microsoft has also provided, in conjunction with the OPC Foundation complete samples demonstrating Azure connectivity leveraging the OPC UA publish/subscribe technology (the specification of which is currently being finalized).
Microsoft’s Sam George, Director of Microsoft Azure IoT said “OPC UA has truly established itself as the interoperability standard for Industrial IoT. We are honored to work with the OPC Foundation on the continued evolution of the standard. The response from the Industrial IoT community to our .Net Standard reference stack contribution has been very positive.”
OPC Foundation’s President Thomas J. Burke said, “The Microsoft commitment to open standards, and specifically to the OPC Foundation is absolutely amazing. Microsoft is clearly a pioneer and a leader in developing and bringing to market the best technology that truly enables multivendor information integration and interoperability. It has been a pleasure to work with the Microsoft development team, and how they are enabling so many of the suppliers to have seamless connectivity to the Azure cloud, through their development and commitment providing an open-source implementation of the OPC UA technology”.
Stefan Hoppe, OPC Foundation’s Vice President said, “Microsoft is the strongest open-source contributor to the OPC Foundation’s industrial interoperability standard, OPC UA. Microsoft’s integration of the OPC UA code with Microsoft Azure IoT as well as Windows IoT allows companies to bring millions of devices and apps to the public cloud and manage them with one single application, no matter if the devices run on Windows, Linux, iOS or Android. Using this OPC UA implementation, IT and Manufacturing will merge seamlessly”.
Siemens’ Thomas Hahn said: “As a founding member, Siemens has supported the OPC Foundation for years. For us, open connectivity – from shop floor to the cloud – is a must. We therefore appreciate the availability of OPC UA technology as open source!”
The OPC Foundation will continue to develop, maintain and extend this new .NET technology as the new OPC Foundation endorsed open-source .NET reference implementation. Some of these significant new features to be added include the publish/subscribe extensions as well as support for important IoT protocols like AMQP and MQTT.
Interoperability, standardization, and collaboration were the key words for OPC Foundation in 2016. Tom Burke, OPC Foundation President, recently recapped a busy 2016 for the Foundation. Adoption of OPC UA has been gaining momentum in the market. Collaboration with other groups is growing. And the technology is finally beginning to show significant use beyond industrial automation.
Burke says, “It has been a very exciting year. We have seen record growth in adoption of the OPC UA technology across multiple domains and vertical markets. The OPC Foundation policy of being truly open has expanded the reach of the OPC technology. The specifications are available to everyone, the technology is open sourced, and now we have opened up our certification labs to non-members.”
The OPC Foundation byline since the beginning has been recognized as the “The Interoperability Standard for Industrial Automation.” With the significant international membership growth and adoption of the OPC UA technology across multiple vertical markets the byline of the OPC Foundation has been ratified as “The Industrial Interoperability Standard.” This byline recognizes the case that OPC is no longer just for automation.
OPC UA specifications and technology are actively being deployed across global boundaries supplying the key infrastructure for everything related to the Internet of Everything (IIoT, Industrie 4.0, China 2025, IIC, M2M…); inclusive of:
- numerous testbeds with the OPC UA technology being standardized in the Industrial Internet Consortium (IIC)
- being recognized as the communication and information modeling standard for Industrie 4.0
- OPC UA being finalized as a Chinese National Standard
In May 2016, BSI (German Federal Office for Information Security) conducted a thorough security analysis of OPC UA and found it exceeded the security requirements for Industrie 4.0.
Collaboration with numerous organizations beyond industrial automation is the strategy and path forward to allow information integration from the embedded world to the cloud.
New members and new products are emerging as end users are looking for information solutions for IIoT, and the OPC UA technology is well-positioned to address the needs of the Internet of Everything.
Numerous organizations continue to partner with the OPC Foundation and/or develop companion specifications for their respective information models to seamlessly plug into OPC UA.
Organizations announcing releases of their companion specifications in 2016 for the OPC UA technology included:
• VDMA: Injection Molding (status: release candidate)
• VDMA: Vision Cameras (status: in foundation)
• VDMA: Robotics, starting with the help of KUKA (status: in preparation)
VDMA is very active standardizing on OPC UA information models and expects to rollout a multitude of additional information models in 2017, leveraging OPC UA information integration communication as it’s strategy for seamless information integration and interoperability.
Board of Directors
Board members are elected as individuals for a two-year term. Elected to new 2-year terms were: Russ Agrusa, (ICONICS), Veronika Schmid-Lutz (SAP), Stefan Hoppe (Beckhoff) (also VP of OPC Foundation), and Matthias Damm (Ascolab). Also on the OPC Foundation Board of Directors are Thomas Burke (OPC Foundation), Thomas Hahn (Siemens) (also VP of OPC Foundation), Matt Vasey (Microsoft), and Ziad Kaakani (Honeywell) (also Treasurer of OPC Foundation), and Shinji Oda (Yokogawa).