Industrial Internet Consortium Releases Endpoint Security Best Practices White Paper

Industrial Internet Consortium Releases Endpoint Security Best Practices White Paper

Security comes first to mind whenever we begin discussing connecting things in an industrial setting. And, of course, nothing connects things like the Industrial Internet of Things (IIoT). One place we often fail to consider in our security planning is at the endpoint of the network. Organizations and companies have been providing valuable assistance to developers by releasing best practices white papers. Here is one from a leading Industrial Internet organization.

The Industrial Internet Consortium (IIC) announced publication of the Endpoint Security Best Practices white paper. It is a concise document that equipment manufacturers, critical infrastructure operators, integrators and others can reference to implement the countermeasures and controls they need to ensure the safety, security and reliability of IoT endpoint devices. Endpoints include edge devices such as sensors, actuators, pumps, flow meters, controllers and drives in industrial systems, embedded medical devices, electronic control units vehicle controls systems, as well as communications infrastructure and gateways.

“The number of attacks on industrial endpoints has grown rapidly in the last few years and has severe effects. Unreliable equipment can cause safety problems, customer dissatisfaction, liability and reduced profits,” said Steve Hanna, IIC white paper co-author, and Senior Principal, Infineon Technologies. “The Endpoint Security Best Practices white paper moves beyond general guidelines, providing specific recommendations by security level. Thus, equipment manufacturers, owners, operators and integrators are educated on how to apply existing best practices to achieve the needed security levels for their endpoints.”

The paper explores one of the six functional building blocks from the IIC Industrial Internet Security Framework (IISF): Endpoint Protection. The 13-page white paper distills key information about endpoint device security from industrial guidance and compliance frameworks, such as IEC 62443, NIST SP 800-53, and the IIC IISF.

Equipment manufacturers, industrial operators and integrators can use the Endpoint Security Best Practices document to understand how countermeasures or controls can be applied to achieve a particular security level (basic, enhanced, or critical) when building or upgrading industrial IoT endpoint systems, which they can determine through risk modeling and threat analysis.

“By describing best practices for implementing industrial security that are appropriate for agreed-upon security levels, we’re empowering industrial ecosystem participants to define and request the security they need,” said Dean Weber, IIC white paper co-author, and CTO, Mocana. “Integrators can build systems that meet customer security needs and equipment manufacturers can build products that provide necessary security features efficiently.”

While the white paper is primarily targeted at improving the security of new endpoints, the concepts can be used with legacy endpoints by employing gateways, network security, and security monitoring.

The full Endpoint Security Best Practices white paper and a list of IIC members who contributed can be found on the IIC website.

Comprehensive ICS Cyber Security Best Practices White Paper

Cyber security is on the mind of all of us. The Internet of Things, digital factory, Industry 4.0, and all of the new strategies for improving manufacturing and production efficiencies contain a common element. They all inherently contain connections that can possibly be attacked by cyber hackers.

We are all concerned with foreign government attacks that can blow up facilities, poison water supplies, and other doomsday scenarios we can imagine. However, most hackers are really after a pay day. A big pay day. They can hold your process—and your business—hostage until you fork over some cash.

I have had many interesting cybersecurity conversations with Albert Rooyakkers, founder and CEO of Bedrock Automation. He has built a powerful controller with security designed in from the chips on up. He’s been touting the “Open Secure Automation (OSA)” platform lately.

The company just released a new white paper on the cyber security vulnerabilities and defense of industrial control systems. The 20-page document, Securing Industrial Control Systems – Best Practices, covers the threat landscape and presents a holistic approach to defending it, including assessing risk, physical security, network security, workstation and server security, as well as the fundamentals of OSA.

I just read it and found it informative. You can download it here along with the previous three papers in the series.

“As we discuss cyber security with users of automation, we find that many are aware of the threat potential but are not sure if they are doing enough to protect themselves.  We saw the need for a technical paper that explains both the mindset and motives of an attacker, as well as the tools and technologies of defense. This paper defines the issues in a practical, holistic way while providing recommendations on how to begin and sustain best practices for cyber defense,” said Rooyakkers.

The first half of the paper covers conventional cyber security practices that apply to all industrial control systems. It provides an assessment of the threats, including drive-by attacks, advanced persistent threats (APTs), espionage, process attacks, and ransomware. It also looks at assessing the related risks, with an introduction to Process Hazards Analysis (PHA) and Hazards and Operability (HAZOP) methodologies used to identify malfunctions that might harm people, the process, or the environment.

To assist with risk assessment, the paper provides an overview of conventional protection practices. This includes network segmentation, firewalls, and DMZs; managing workstations, servers, end-users, and applications; and implementing active defense measures, including security event monitoring and management.

The second part of the paper is devoted to more recent techniques, based on the application of intrinsic cyber security advances that have been applied in military, aerospace, and ecommerce, and are now being used to protect industrial control systems. These create a hardware end-point root of trust that combines advanced cryptography, digital signing techniques, an industrial certificate authority, and public key infrastructure (PKIs) built into the control system to create an infrastructure for user defense.

The paper also presents the features of the Bedrock Open Secure Automation platform, which embraces the best practices discussed and details the process by which they can be applied to legacy and new systems.

Industrial Internet Consortium Gaining Momentum With Partners and Testbed

Industrial Internet Consortium Gaining Momentum With Partners and Testbed

The Industrial Internet Consortium (IIC) has been incredibly active over the past month. While I’ve been traveling, news releases and interview opportunities have been pouring in.

In brief:

  • IIC and Avnu Alliance Liaison
  • IIC and the EdgeX Foundry Announce Liaison
  • IIC Develops Smart Factory Machine Learning for Predictive Maintenance Testbed
  • IIC Publishes Edge Computing Edition of Journal of Innovation

Related:

See my white paper on OPC UA and TSN. I wrote this following interviews at Hannover for the OPC Foundation and subsequent travels to see people. I think this is a powerful combination for the future.

Why it’s important:

These news items when viewed collectively show momentum for what is happening with the Industrial Internet—or as some say the Industrial Internet of Things. These technologies are soon to be powerful business drivers for a new age of manufacturing.

The News:

Liaison with Avnu Alliance

The Industrial Internet Consortium (IIC) and Avnu Alliance (Avnu) have agreed to a liaison to work together to advance deployment and interoperability of devices with Time Sensitive Networking (TSN) open standards.

Under the agreement, the IIC and Avnu will work together to align efforts to maximize interoperability, portability, security and privacy for the industrial Internet. Joint activities between the IIC and the Avnu will include:

  • Identifying and sharing IIoT best practices
  • Realizing interoperability by harmonizing architecture and other elements
  • Collaborating on standardization

“Both Avnu and the IIC are well aligned to pursue the advancement of the IIoT. An example of this is Avnu’s participation in the IIC TSN testbed where members have an opportunity to try their equipment and software on the testbed infrastructure. This provides the participants with the ability to discover what’s working and what is not and provide feedback that helps speed market adoption,” said Gary Stuebing, IIC liaison to Avnu. “The lessons learned in our TSN testbed fuel the ability of both of our organizations. TSN could open up critical control applications such as robot control, drive control and vision systems.”

“Our liaison agreement and work with the IIC TSN Testbed demonstrates real-world applications and solutions with TSN and helps to accelerate readiness for the market. The testbed stands as a showcase for the value that TSN standards and ecosystem of manufacturing applications and products bring to the market, including the ability for IIoT to incorporate high-performance and latency-sensitive applications,” said Todd Walter, Avnu Alliance Industrial Segment Chair. “Our collaboration with IIC and the work coming out of the TSN Testbed is already having a direct impact on suppliers and manufacturers who see the technology as a value add for their system structure.”

Avnu and IIC are meeting for a TSN Testbed plugfest later this month to evaluate and trial TSN device conformance tests that are being developed as a baseline certification in the industrial market.

Avnu creates comprehensive certification tests and programs to ensure interoperability of networked devices. The foundational technology enables deterministic synchronized networking based on IEEE Audio Video Bridging (AVB) / Time Sensitive Networking (TSN) base standards. The Alliance, in conjunction with other complementary standards bodies and alliances, provides a united network foundation for use in professional AV, automotive, industrial control and consumer segments.

 

Agreement with EdgeX Foundry

The Industrial Internet Consortium and EdgeX Foundry, an open-source project building a common interoperability framework to facilitate an ecosystem for IoT edge computing, announced they have agreed to a liaison.

Under the agreement, the IIC and the EdgeX Foundry will work together to align efforts to maximize interoperability, portability, security and privacy for the industrial Internet.

Joint activities between the IIC and the EdgeX Foundry will include:

  • Identifying and sharing best practices
  • Collaborating on test beds and experimental projects
  • Working toward interoperability by harmonizing architecture and other elements
  • Collaborating on common elements
  • Periodically hosting joint seminars

“We are excited about working with EdgeX Foundry,” James Clardy, IIC liaison to EdgeX Foundry. “And we look forward to leveraging the experiences of the IIC to help further accelerate the adoption of the industrial Internet.”

“EdgeX Foundry’s primary goal is to simplify and accelerate Industrial IoT by delivering a unified edge computing platform supported by an ecosystem of solutions providers,” said Philip DesAutels, senior director of IoT for The Linux Foundation. “Formalizing this liaison relationship with the IIC is fundamental to unlocking business value at scale. Together, we will provide better best practices that will drive the unification of the industrial IoT.”

Hosted by The Linux Foundation, EdgeX Foundry has an ecosystem of more than 60 vendors and offers all interested developers or companies the opportunity to collaborate on IoT solutions built using existing connectivity standards combined with their own proprietary innovations. For more information, visit

 

Smart Factory Machine Learning for Predictive Maintenance Testbed

The Industrial Internet Consortium announced the Smart Factory Machine Learning for Predictive Maintenance Testbed. The testbed is led by two companies, Plethora IIoT, a company, designing and developing cutting-edge answers for Industry 4.0, and Xilinx, the leading provider of All Programmable technology.

This innovative testbed explores machine-learning techniques and evaluates algorithmic approaches for time-critical predictive maintenance.  This knowledge leads to actionable insight enabling companies to move away from traditional preventative maintenance to predictive maintenance, which minimizes unplanned downtime and optimizes system operation.  This would ultimately help manufacturers increase availability, improve energy efficiency and extend the lifespan of high-volume CNC manufacturing production systems.

“Testbeds are the major focus and activity of the IIC and its members. We provide the opportunity for both small and large companies to collaborate and help solve problems that will drive the adoption of IoT applications in many industries”, said IIC Executive Director Dr. Richard Mark Soley. “The smart factory of the future will require advanced analytics, like those this testbed aims to provide, to identify system degradation before system failure. This type of machine learning and predictive maintenance could extend beyond the manufacturing floor to have a broader impact to other industrial applications.”

“Downtime costs some manufacturers as much as $22k per minute. Therefore, unexpected failures are one of the main players in maintenance costs because of their negative impact due to reactive and unplanned maintenance action. Being able to predict system degradation before failure has a strong positive impact on machine availability: increasing productivity and decreasing downtime, breakdowns and maintenance costs,” said Plethora IIoT Team Leader Javier Diaz.  “We’re excited to lead this testbed with Xilinx and work alongside some of the leading players in IIoT technologies. This is a unique opportunity to test together machine learning technologies with those involved in the testbed at different development levels starting from the lab through production environments, where a real deployment solution is utilized. As a result, from these experiences, we can significantly reduce the time-to-market of Plethora IIoT solutions oriented to maximize smart factory competitiveness.”

”Xilinx is committed to providing the Industrial IoT industry with our latest All Programmable SoC and MPSoC platforms – ideal for sensor fusion, real-time, high-performance processing, and machine learning from the edge to the cloud,” stated Dan Isaacs, Director of Corporate Strategic Marketing and Market Development for IIoT and Machine Learning at Xilinx. “The combination of these highly configurable capabilities drives the intelligence of the smart factory.”

Additional IIC member companies participating in this testbed are: Bosch, Microsoft, National Instruments, RTI, System View, GlobalSign, Aicas, Thingswise, Titanium Industrial Security, and iVeia. They provide technologies to enable the Smart Factory Machine Learning testbed, including:

  • Factory automation
  • OT and IT security
  • Edge to cloud machine learning and analytics
  • Time-sensitive networking (TSN)
  • Data acquisition
  • Smart sensor technology
  • Design implementation
  • Embedded programmable SoC technology
  • Secure authentication

 

Journal of Innovation

The Industrial Internet Consortium (IIC) has published the fifth edition of the Journal of Innovation with a focus on edge computing. The Journal of Innovation highlights the innovative ideas, approaches, products, and services emerging within the Industrial Internet, such as smart cities, artificial intelligence, the smart factory, and edge computing.

Edge computing promises to bring real-time intelligence to industrial machines at the edge of the network, where data can be processed closer to its source. Edge computing provides businesses with a cost-effective means to transmit and analyze large quantities of data in real-time, enabling them to reduce unplanned downtime, improve worker safety and enhance asset performance.

“The Journal of Innovation brings together innovators and thought leaders across the IoT spectrum. In this issue, our experts share their insights on edge computing as a key enabling technology poised to transform the IIoT,” said Mark Crawford, co-chair of the IIC Thought Leadership Task Group and Standards Strategist, SAP Strategic IP Initiatives. “Edge computing is not a new concept, but as IIoT transforms business processes, the need to use data closer to its source, whether that be from a wind turbine, a deep-water well’s blowout preventer, or an autonomous car, is paramount.”

The Edge Computing edition of the Journal of Innovation includes articles contributed by leaders at IIC member companies including:

  • Where is the Edge of the Edge of Industrial IoT? · Pieter van Schalkwyk XMPro
  • Device Ecosystem at the Edge – Manufacturing Scenario · Sujata Tilak, Ascent Intellimation Pvt. Ltd.
  • Edge Intelligence: The Central Cloud is Dead – Long Live the Edge Cloud · Yun Chao Hu, Huawei Technologies Duesseldorf GmbH
  • Outcomes, Insights, and Best Practices from IIC Testbeds: Microgrid Testbed · Brett Burger, National Instruments · Joseph Fontaine, Industrial Internet Consortium
  • A Knowledge Graph Driven Approach for Edge Analytics · Narendra Anand, Accenture Technology Labs · Colin Puri, Accenture Technology Labs
  • Industrial IoT Edge Architecture for Machine and Deep Learning · Chanchal Chatterjee, Teradata Inc. · Salim AbiEzzi, VMWare Inc.
  • A Practical and Theoretical Guide to Using the Industrial Internet Connectivity Framework · Stan Schneider, PhD. Real-Time Innovations, Inc. · Rajive Joshi, PhD. Real-Time Innovations, Inc.
Predictive Notifications Improve Production

Predictive Notifications Improve Production

I have been writing on notifications in a personal sense. Here is an application of predictive notifications in manufacturing/production industry from ABB.

A new white paper that shows how predictive maintenance and notification technology can be combined to enable services that predict events that affect production, and then accelerate actions to avoid or exploit the events in order to produce higher equipment availability, more stable process performance and better product quality.

Predictive Notifications

The white paper, entitled, “Are You on Track? How Predictive Notification Keeps Production on Track,” notes that though notifications are all around us (think smart phones with notifications for appointments, social media, software updates, sports scores, stock prices etc.), they haven’t yet entered the realm of industrial production. The paper proposes that the reason is because most notifications tell what has already happened. But combining notification technology with predictive maintenance technology can create a solution in which notifications become part of the daily industrial plant work practice.

“We have long provided control technology that triggers alarms for certain scenarios,” said Dan Duncan, Vice President, Sales and Operations for ABB Process Automation Service. “And we also deliver services that can automatically identify, categorize and prioritize maintenance issues that should be addressed. Both of these technological developments have made a huge impact on global industrial production.

“But what has been missing from our toolset is a simple way to take what is identified, categorized and prioritized by these advanced services technologies, and quickly and efficiently put an action into the hands of someone who can actually do something about it now,” Duncan said. “This white paper represents our thinking on how this can be accomplished by industrial producers everywhere.

“We expect it to have a significant beneficial effect on improving production efficiencies,” he said.

The paper covers predictive maintenance technology, problems with historical predictive approach and how to resolve those problems. The paper further identifies the value that can be produced by predictive notification technologies, and outlines a path to implementing a predictive notification program, including step-by-step guidance on how to get there.

Follow this blog

Get a weekly email of all new posts.