Will Low Oil & Gas Prices Prod an IIoT Embrace?

There’s no doubt about it, oil prices have dropped over the past couple of years. Even if you don’t follow the news or the markets, you can tell by prices at the pump. Now averaging below $50 per barrel, the price of oil is a far cry from its heady climb to $140 per barrel in 2008, or even the $80 – $100 prices from 2010 to 2014.

As good as this news is to anyone who drives a car or takes the occasional flight, as helpful as it might be to ease pressure on the economy as a whole, oil and gas companies have had to scramble to cut costs. That’s OK for the short term, according to Craig Resnick at the ARC Advisory Group, but medium to long term they need to find a new and different way of working. And this, he says, means embracing the Industrial IoT.

In a recent blog, The Oil and Gas Industry “New Normal” Pricing Justifies Greater IIoT Investment, Resnick said, “To increase capital efficiency and profitability; reduce marginal costs; minimize downtime; improve health, safety and environmental conditions; and capture the knowledge of the retiring workforce and productivity gains hidden in data and workflow silos; the oil & gas industry must embrace IIoT and digital transformation fully, from assets to the oil field; and from design to process and operations.”

Whew! That’s quite a list of benefits. And look how deeply it needs to penetrate the industry. To achieve that level of integration, as Resnick points out later in the article, success in IIoT is impossible without a corresponding convergence of IT and OT. Done well, this combination results in a complete end-to-end solution that connects the sophisticated data processing and analytical experience of IT to the hard data coming from production machinery—be it legacy equipment that has been hammering away for decades or newly installed systems with the latest digital technologies.

Resnick’s vision of a full embrace of IIoT may seem far-fetched to old-timers, indeed to anyone who was responsible for designing industrial automation systems 20 or even 10 years ago. But “new normal” pricing in the oil & gas sector has set the bar to a point where people have to pull themselves out of their old mindsets. The rewards are tempting—the benefits of IIoT may bring the industry into a new era of prosperity. Who knows? Five or ten years from now people may wonder how anyone was able to turn a profit without it.

At Skkynet, the shift to IIoT has been fast-paced, and yet still somehow evolutionary. Sure, there are technical challenges, and security is a real issue. But whenever we step back from our work and take a look at what we are creating, we realize that it really can, in the words of Resnick, “support end-to-end process excellence, with enterprise integration and visibility that leverages existing systems and the strengths of industrial products.”

Who Owns the Factory?

My local Toyota dealer owns my car.  My name may appear on the ownership papers, but I know better.  The dealership tells me when I’m due for maintenance, what each thing will cost, and why it’s important to repair or replace it.  Sometimes I think they care more about my car than I do.  Of course, they get paid for this service, but it is also in their best interest to keep my car running in tip-top shape, because a satisfied customer is a repeat customer.

It wasn’t always this way.  In younger days when money was scarce and time was free, and I could do anything I put my mind to, I got a few books and set about doing my own car repairs.  After some trial and error, I was able to do normal maintenance, and even undertake a few more complicated repairs like change a radiator core or rebuild a carburetor.  But over the years cars have gotten more complex, and time has become more valuable.  Now I’m more than happy to turn the whole project over to the experts.  As far as I’m concerned, the dealership owns the car.

Who owns the project?

Seems like factories may be going in the same direction.  To get the most out of “smart” manufacturing, the IIoT, and Industrie 4.0, factory owners and operators are relying more and more on outside expertise.  System integrators are stepping in to fill the gap, and some of them are realizing that they can provide the most value to their customers by taking ownership.  Maybe not the factory itself, but the projects they implement.  The question, “Who owns the project?” really boils down to, “Who takes responsibility for it?”

Robert Lowe, co-founder and CEO of Loman Control Systems Inc., a certified member of the Control System Integrators Association (CSIA), recently suggested this idea in an Automation World blog, End-User Asset ‘Owned’ by a System Integrator. He sees a need for system integrators to take on more responsibility by supporting their clients “beyond the project.”  He proposes a new acronym, SIaaS, for System Integration as a Service.  Providing “service and support for maintenance, machine monitoring, machine performance, process performance, reporting, technology upgrades, cybersecurity and so forth” frees the end-user to “focus on making its product and not be dependent on inside resources for sustainable performance.”

Lowe goes on to explain how system integrators are in a unique position to partner with companies on a project they have completed, because they understand well how it works.  Not only did they build it, but they have more experience monitoring, maintaining, and upgrading similar systems.  Rather than finding, training, and maintaining specialized staff to keep the system running, the plant owner can keep his or her people focused on the bigger picture of getting their product out the door.  And the system integrator who owns the asset will ensure that it performs well, because a satisfied customer is a repeat customer.

Skkynet supports system integrators who want to provide their expertise as a service.  On the one hand, our technical solutions—DataHub, SkkyHub, and ETK—are all available “as a Service”. More significantly, research and experience have shown that many IoT projects run into unexpected difficulties.  Rather than expending the resources to build and maintain a secure and reliable IIoT system on their own, plant management and system integrators can hand that responsibility over to those with the expertise, and cut their costs as well.

Industrial Speed IIoT

What does “real time” really mean in an industrial system?  And what does “real time” mean for the Industrial IoT?  For some people, updating their data within 5 seconds counts as real time.  For them, getting data updates once per second is blazingly fast.  For us, data updates for the IIoT should be as close to network latencies as possible, typically no more than a few milliseconds.

What does that look like?  Check it out.  We’ve created a SkkyHub demo page for industrial speed IIoT.  This simple demo shows how you can aggregate data from multiple data sources, visualize the data, and more importantly witness real-time Industrial IoT.

In the blue box, as you hover your mouse over the gray dot, it moves.  If you or a friend open the same page on a second browser or a phone and swap IDs, you’ll see a black dot for each other’s mouse (or finger, if it’s on a phone).  Select All, and when all other users move their mouse or finger, you’ll see their black dots move on your page and vice versa. You are participating in the IIoT, in real time.

How close to real time? You can see for yourself the latency of the SkkyHub system.  Just enter and submit your own ID.  Now when you move your mouse or finger around, you get a momentary glimpse of a black dot, shadowing each movement.  The black dot is generated by a round-trip data feed from SkkyHub.  The amount of time it takes for it to catch up to the gray dot is the latency of the data travelling round trip from your browser or phone to SkkyHub running in the cloud, and back.

Why is this useful?  The demo shows that the IIoT can be as responsive as most human operators need it to be.  There is no need to wait a few seconds for each action to have an effect.  This is most valuable for supervisory control, where an operator or manager may need to change a setting in an HMI.  The instant feedback of the SkkyHub service gives assurance to the operator that the system has picked up the change, and has responded accordingly.

At a machine-to-machine level, this kind of industrial speed, along with the ability to sustain multiple simultaneous connections, ensures that internal system activities are well coordinated.  A change in one machine or device propagates in real time to any or all connected devices.  This keeps the logic of the system intact, and ensures the smoothest possible performance.

When this kind of performance is coupled with a secure-by-design architecture and the ability to connect seamlessly to virtually any existing industrial system, then we feel confident in calling it Industrial IoT that works.

DoublePulsar – Worse Than WannaCry

In a world still reeling from the recent WannaCry attacks, who wants to hear about something even worse?  Nobody, really.  And yet, according to a recent article in the New York Times, A Cyberattack ‘the World Isn’t Ready For’, the worse may be yet to come—and we’d better be prepared.

Reporting on conversations with security expert Mr. Ben-Oni of IDT Corporation in Newark, NJ, the Times said that thousands of systems worldwide have been infected with a virus that was stolen from the NSA at the same time as the WannaCry virus.  The difference is that this second cyber weapon, DoublePulsar, can enter a system without being detected by any current anti-virus software. It then inserts diabolical tools into the very kernel of the operating system, leaving an open “back door” for the hacker to do whatever they want with the computer, such as tracking activities or stealing user credentials.

“The world is burning about WannaCry, but this is a nuclear bomb compared to WannaCry,” Ben-Oni said. “This is different. It’s a lot worse. It steals credentials. You can’t catch it, and it’s happening right under our noses.”

The concern is that DoublePulsar can remain hidden, providing a platform from which hackers can launch attacks at any time.  It may already be running on systems in hospitals, utility companies, power infrastructure, transportation networks, and more.  Ben-Oni had secured IDT’s system with three full sets of firewalls, antivirus software, and intrusion detection systems.  And still the company was successfully attacked, through the home modem of a contractor.

Closing the Door on DoublePulsar

Severity of the threat aside, this scenario points out once again the inherent weakness of relying on a VPN to secure an Industrial IoT system.  Had that contractor been connecting to a power plant, an oil pipeline, or a manufacturing plant over a VPN, it is likely that DoublePulsar could have installed itself throughout the system.  As we have explained in our white paper Access Your Data, Not Your Network, this is because a VPN expands the plant’s security perimeter to include any outside user who accesses it.

This threat of attack underscores the importance of the secure-by-design architecture that Skkynet’s software and services embody.  By keeping all firewalls closed, a cyber weapon like DoublePulsar cannot penetrate an industrial system, even if it should happen to infect a contractor or employee.  SkkyHub provides this kind of secure remote access to data from industrial systems, without using a VPN.

Growing IIoT Security Risks

As the Industrial Internet of Things (IIoT) grows, the security risks grow as well, according to a recent article by Jeff Dorsch in Semiconductor Engineering. According to his sources, the use of the IIoT is expanding both in the amount of new implementations, as well as how the data is being used. In addition to the traditional SCADA-like applications of machine-to-machine (M2M) connectivity, monitoring, and remote connectivity applications, it seems that more and more the IIoT is being used to power a data-driven approach to increasing production efficiency. Using big data tools and technologies, companies can employ better and more sophisticated analytics on industrial process data, thereby enhancing operational performance based on real-time data.

With the increase in use of the IIoT comes a corresponding increase in the potential for risk.  Looking at big picture, Robert Lee, CEO of Dragos, and a national cybersecurity fellow at New America commented, “There are two larger problems that have to be dealt with. First, there are not enough security experts. There are about 500 people in the United States with security expertise in industrial control systems. There are only about 1,000 worldwide. And second, most people don’t understand the threats that are out there because they never existed in the industrial space.”

Both of these problems are real, and need to be addressed.  And is often the case in issues of security, the human factor is closely intertwined with both. On the one hand, there is a crying need for security experts world wide, and on the other hand the man on the street, or in our case factory floor, control room, or corporate office, needs to quickly get up to speed on the unique security risks and challenges of providing data from live production systems over the Internet.

Addressing the Problems

As we see it, correctly addressing the second problem can help mitigate the first one.  When we understand deeply the nature of the Internet, as well as how the industrial space may be particularly vulnerable to security threats from it, then we are in a position to build security directly into control system design.  A secure-by-design approach provides a platform on which a secure IIoT system can run.

Like any well-designed tool, from electric cars to smart phones, the system should be easy to use.  When the platform on which a system runs is secure by design, it should not require someone with security expertise to run it.  The expertise is designed-in.  Of course, the human factor is always there.  Users will need to keep their guard up—properly handling passwords, restricting physical access, and adhering to company policies.  But they should also have confidence in knowing that security has been designed into system they are working on.

Thus, the most effective use of our world’s limited security manpower and resources is to focus them on understanding the unique security challenges of the IIoT, and then on designing industrial systems that address these challenges. This has been our approach at Skkynet, and we find it satisfying to be able to provide a secure IIoT platform that anyone can use.  We are confident that through this approach, as the IIoT continues to grow, the security risks will actually diminish for our users.

Cisco Study Shows Most IoT Projects Unsuccessful

One of the big take-aways from the annual Internet of Things World Forum (IoTWF) held in London last week were the results of a new Cisco study that only about 1/3 of the IoT projects were considered completely successful, technically.  Financially the success rate was even worse—just 15%—according to the business executives surveyed.  The study was conducted among over 1,300 executives in medium and large size companies in the manufacturing, energy, health care, transportation, and similar sectors. The findings suggest several reasons for low IoT project completion rates, and more important, point to specific remedies.

Unexpected Difficulties

As we have seen in the past, one of the primary reasons for project failure or lackluster results for IoT projects has been that those initiating the project were not aware at the outset how difficult implementation would be.  This is illustrated in the Cisco study results, where cost overruns and the need to extend timelines to completion were common.  Many respondents noted that they lacked the necessary internal IoT expertise.  As a result, over half of the IoT initiatives didn’t make it past the Proof of Concept phase, and of those that did, many ended up with poor IoT integration and/or low quality of data.

Need for Partnerships

These results underlined, according to the majority of survey respondents, the need for IoT partnerships.  At every stage of the project, from planning and design, through implementation and deployment, and during the management and maintenance phases, those organizations that engaged with IoT partners were more successful.  This applied to general areas of technical consulting and support, as well as specific aspects such as data analytics.

Commenting on this kind of relationship, the final report stated: “Our study found that the most successful organizations engage the IoT partner ecosystem at every stage, implying that strong partnerships throughout the process can smooth out the learning curve.”

Learning from Failure

The good news in all of this is that companies are willing and able to learn from mistakes.  Most survey respondents are optimistic for the future of the IoT, and they see its potential.  Over sixty percent believe that they “have barely begun to scratch the surface of what IoT technologies can do for their businesses.”

Among the participants who have completed projects, most said that they are using data from the IoT to improve their business.  Two out of three of them have seen the greatest benefits in improved customer satisfaction, more efficient operations, and better quality of products and/or services.  The most unexpected benefit was improved profitability for the company.

These results corroborate our experience.  The companies that we partner with report a much higher success rate than most of those participating in the Cisco study.  We agree with the finding that “strong partnerships throughout the process can smooth out the learning curve,” and we take seriously the challenge of removing the difficulties that may crop up when embarking on an IoT project.