Tag Archive for: Design

Posts

Cyber Security: Over 90% of IIoT Experts Express Concerns

Respondents to the 2017 Industrial Internet of Things Security Survey by Tripwire paint a pretty bleak picture of cyber security for the Industrial IoT (IIoT).  Among the more than 400 IT professionals responsible for securing their companies against IIoT-related threats, 96% said they expect to see an increase in cyber attacks in the coming year.  At the same time, less than 50% of them feel prepared for those attacks.

This is cause for concern, according to David Meltzer, chief technology officer at Tripwire, who said, Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don’t feel prepared to detect and stop cyber attacks against IIoT.

At the same time, 90% of these same IIoT experts expect the use of IIoT to increase.  They acknowledge that innovation must go forward, and that the benefits of the IIoT outweigh the costs.  Two out of three of them recognize the need to protect against cyber attacks, despite the fact that less than half of them feel prepared for attacks on insecure IIoT devices.

The Industrial Internet of Things ultimately delivers value to organizations, and that’s why we’re seeing an increase in deployments, said Meltzer.  Security can’t be an industry of ‘no’ in the face of innovation, and businesses can’t be effective without addressing risks. The apparent contradiction of known risks and continued deployment demonstrates that security and operations need to coordinate on these issues.

Meltzer points out that the consequences of insecure IoT implementations leading to a cyber attack are far more severe for industrial applications.  Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes, he said.  The concern for a cyber attack is no longer focused on loss of data, but safety and availability. Consider an energy utility as an example – cyber attacks could disrupt power supply for communities and potentially have impact to life and safety.

Here at Skkynet, we could not agree more. It was this kind of thinking that led us to develop our secure-by-design SkkyHub service. Those who understand the risks of the IIoT and the difficulty of securing it using conventional IT or OT approaches recognize the value of what we are doing. We invite every survey participant and anyone else who wants to get the most out of the IIoT to see for themselves how these concerns fall away when using an IIoT platform that is secure by design.

Top 10 IoT Technology Challenges for 2017 and 2018

Gartner, Inc., the IT research firm based in Stamford, Connecticut, recently published a forecast for the top ten IoT technology challenges for the coming two years.  The list covers a lot of ground, from hardware issues like optimizing device-level processors and network performance to such software considerations as developing analytics and IoT operating systems to abstract concepts like maintaining standards, ecosystems, and security.

“The IoT demands an extensive range of new technologies and skills that many organizations have yet to master,” said Nick Jones, Gartner vice president analyst. “A recurring theme in the IoT space is the immaturity of technologies and services and of the vendors providing them.”

Heading the list of needed expertise is security.  “Experienced IoT security specialists are scarce, and security solutions are currently fragmented and involve multiple vendors,” said Mr. Jones. “New threats will emerge through 2021 as hackers find new ways to attack IoT devices and protocols, so long-lived ‘things’ may need updatable hardware and software to adapt during their life span.”

To anyone considering the IoT, and particularly the Industrial IoT (IIoT) or Industrie 4.0, this should be a wake-up call.  As the recent power-grid hack in the Ukraine shows us, old-school approaches like VPNs will not be sufficient when an industrial system is exposed to the Internet. In the IoT environment, Skkynet’s secure by design approach ensures not only a fully integrated approach for the security issues that many are aware of today, but also a forward-looking approach that will meet future challenges.

Having taken security into consideration, there are other items on the list that we see as significant challenges, and for which we provide solutions.  Among these are:

  • IoT Device Management – Each device needs some way to manage software updates, do crash analysis and reporting, implement security, and more. This in turn needs some kind of bidirectional data flow such as provided by SkkyHub, along with a management system capable of working with huge numbers of devices.
  • Low-Power Network Support – Range, power and bandwidth restraints are among the constraints of IoT networks.  The data-centric architecture of SkkyHub and the Skkynet ETK ensure the most efficient use of available resources.
  • IoT Processors and Operating Systems – The tiny devices that will make up most of the IoT demand specialized hardware and software that combine the necessary capabilities of low power consumption, strong security, tiny footprint, and real-time response.  The Skkynet ETK was designed for specifically this kind of system, and can be modified to meet the requirements of virtually any operating system.
  • Event-Stream Processing – As data flows through the system, some IoT applications may need to process and/or analyze it in real time.  This ability, combined with edge processing in which some data aggregation or analysis might take place on the device itself, can enhance the value of an IoT system with little added cost.  Skkynet’s unique architecture provides this kind of capability as well.

According to Gartner, and in our experience, these are some of the technical hurdles facing the designers and implementers of the IoT for the coming years.  As IoT technology continues to advance and mature, we can expect other challenges to appear, and we look forward to meeting those as well.

Security Framework for Industrial IoT Built on Trust

Ultimately, it comes down to trust.  When someone hears about the Industrial IoT, and asks, “What about security?” what they probably mean is, “Should I trust it?”  Without trust, things get complicated, bog down, and sometimes stop moving altogether.  Without trust it’s difficult to build anything—a team, a business, or a family.  And among other things, trust depends on security.

Recently the Industrial Internet Consortium (IIC) published a paper titled Industrial Internet of Things Volume G4: Security Framework, that outlines a comprehensive security framework for the Industrial IoT (IIoT).  In the introduction, the paper outlines five key system characteristics that build trust: security, safety, reliability, resilience and privacy.  The IIC paper then describes how these characteristics must be infused into the IIoT for industrial users to trust it.

It says, “A typical Industrial Internet of Things (IIoT) system is a complex assembly of system elements. The trustworthiness of the system depends on trust in all of these elements, how they are integrated and how they interact with each other. Permeation of trust is the hierarchical flow of trust within a system from its overall usage to all its components.”

Trust is fundamental to the Security Framework

The idea is that for trust to permeate through the IIoT system—for the users to trust it—the system must be trustworthy from the ground up.  First, the components or building blocks of the system must be trusted.  Next, the system builders need to both trust these components, as well as put them together in a trustworthy way.  When all is checked, tested, and functioning well at these two levels, and the system meets the specifications of the system users, then the users will begin to trust the system.  Trust will permeate down from the users to the system builders, and ultimately to the components and those who supply them.

Skkynet’s secure-by-design approach to the IIoT follows this model.  At the level of components, our software and services have been installed in hundreds of mission-critical systems.  The system integrators who work with these components trust them, because they have seen how they perform.  Using DataHub® and SkkyHub™, they have been able to deliver highly-trusted, well performing systems.  Plant managers and owners are satisfied with these systems, and have extended their trust to the system integrators, as well as to the software and services.

How the IIC’s Security Framework applies specifically to Skkynet’s SkkyHub, DataHub, and ETK is well beyond the scope of one blog—more needs to be said, and is coming soon.  The Security Framework concepts are familiar to us, as we have been incorporating them for years in the secure-by-design approach we take in developing our software and services.  We are pleased that the IIC has published this paper, and consider it a valuable resource for gaining a better understanding about security and the Industrial IoT.

Will Time-Sensitive Networking (TSN) Improve the IIoT?

Is current Internet technology sufficient for the needs of Industry 4.0 or the IIoT?  Or could it be better?  How can we enhance Ethernet to improve real-time data communications? These are the kinds of issues that some key players in Industrial IoT plan to address by developing the world’s first time-sensitive networking (TSN) infrastructure.

TSN has been defined as “a set of IEEE 802 standards designed to enhance Ethernet networking to support latency-sensitive applications that require deterministic network performance,” according to Mike Baciodore in a recent article in Control Design titled “How time-sensitive networking enables the IIoT

Put simply, the goal of TSN is to provide the IoT with the same kind of real-time performance that is now limited to individual machines like cars and airplanes, or to distributed control systems in industrial applications.  The Industrial Internet Consortium (IIC), along with Intel, National Instruments, Bosch Rexroth, Cisco, Schneider Electric and others have joined forces to achieve this goal, to enable a truly real-time IoT.

TSN is Good News for Skkynet

This collaboration to develop TSN comes as good news to us here at Skkynet.  Since we currently provide secure, bidirectional, supervisory control capabilities over TCP, we understand how much more effective our software and services will be when supported by TSN.

With TSN, our latencies of a few ms over Internet speeds would be reduced to simply a few ms.  Data dynamics would be better preserved, and system behavior more deterministic.  This effort to develop TSN validates our thinking that the IIoT works best with low-latency, high-speed networking.  Unlike those who operate on the assumption that web communication technology (REST) is the way forward, the TSN approach means that networked data communications can approximate or equal in-plant speeds and latencies.

Several participants and commentators on the TSN project point out that typical cloud architectures are not ideal counterparts for TSN.  Something fundamentally different is required.  Putting their individual ideas and suggestions together, what they envision for an architecture is remarkably close to what Skkynet currently provides.  It should be secure by design, fully integrate edge computing, and keep the system running without interruption during any network outages.  Above all, it must provide secure, selective access to any process data, in real time.

“One of the cool concepts out there is that people will want to have a cyberphysical representation of the equipment in the cloud,” said Paul Didier, solutions architect manager at Cisco. “That doesn’t mean the physical plant will be controlled in the cloud. Optimization and maintenance can be done in the cloud and will filter its way back to the machine.”

Our recent case study showcasing DataHub and SkkyHub technology illustrates this “cyberphysical representation.”  During the deployment and test of a mineral processing system, developers thousands of miles away monitored the machine logic and tweaked the system in real time. “It was as if we were sitting beside them in the control room,” said one of the team, “and through live monitoring, we were able to continue developing the application, thanks to the real-time connectivity.”

It’s a small step from this to machine control, and time-sensitive networking will be a welcome technology in that direction.  To the Industrial Internet Consortium (IIC) and everyone else involved in this project, we say keep up the great work!  We’re ready to put TSN to good use when it becomes available.

Connecting the Worlds of IT and OT

Ever since the dawn of computing for commerce and industry, there has been a wide gap between the world of IT (Information Technology) and OT (Operations Technology).  Most of us are more familiar with IT—crunching numbers for financial applications, building databases for personnel records and corporate assets, and printing out sales reports, monthly earnings, and year-end statements.  The world of OT is more remote and esoteric—hidden behind firewalls and DMZs, sometimes on completely independent networks, mission-critical systems oversee the real-time processes that control a company’s production equipment and machinery.

Now, with the advent of Industry 4.0 and the Industrial IoT, these two worlds are being brought together.  In a recent article, The Internet of Things: Bridging the OT/IT divide, John Pepper, CEO and Founder of Managed 24/7, makes the case that the business value of operational data will be lost unless IT and OT learn to co-operate.  He said, “Unless organisations actively bridge the gap between OT and IT, the real operational benefits of the digital business will be lost.”

A risk of losing the prize

According to their research, companies are jumping on the IoT bandwagon and increasing their number of networked devices, but due to a lack of an overall policy to bridge the IT/OT gap, there is a real risk of losing the prize.  Critical OT information that has been unknown in the past is now becoming available, but only to those who know how to connect to it, and are willing to do so.

“Indeed, while the vast majority of new control systems used in buildings and factories – from water pumps to energy systems – include an Ethernet connection,” says Pepper, “few organisations are actively using this real-time insight to support CxO decision-making.”

Pepper’s call for deeper integration between the real-time data flowing through the OT world and the analytical capabilities of the IT world is a need that Skkynet was created to meet.  The predictive technologies that Pepper recommends can be realized and fully supported by Skkynet’s Industrial IoT technologies.  The vision of end-to-end monitoring and self-healing technologies that Pepper shares can become reality when we effectively connect the two worlds of IT and OT.

Top Performance for Industrial IoT

T he Industrial IoT is different from the regular IoT. Mission-critical industrial systems are not like consumer or business IT applications. Performance is crucial. Most IT systems are built around a relational database, a repository of data that clients can add to or access, where a response time of a second or two is acceptable. IT data is typically sent across a network via HTML or XML, which adds complexity to the raw data, and consumes bandwidth. Although fine for office or home use, these technologies are not sufficient for the Industrial IoT.

In a typical industrial system, the data flows in real time. It moves from a sensor, device, or process through the system, often combining with other data along the way, and may end up in an operator’s control panel, another machine or device, or special-purpose data historian. As plant or field conditions change, the data arrives in real time, and the system or operator must react. A robotic arm or other device can send hundreds of data changes per second. Tiny, millisecond fluctuations in the data set can have significant effects or trigger alarms, and often each minute detail needs to be accessed in a trend chart or historical database.

Achieving this kind of performance on the Industrial IoT demands an exceptional approach to data communication.

  • A real-time, in-memory database keeps the data moving. The data needs to flow quickly and effortlessly through the system, and an in-memory database is needed to support these rapid value changes. A relational database, the familiar workhorse of the IT world, is not built for this specialized task. It takes too long to write records, process queries, and retrieve information. Thus, an in-memory, flat-file database, is a good choice, allowing for higher data throughput.
  • High-speed data integration connects any data source with any user. A key task of the in-memory database is to integrate all sources of incoming data. If all communication is data-centric (see below), then every data source can be pooled together into a single, universal data set. This design keeps the data handling as simple as possible, allowing any authorized user to connect to any specified combination of data inputs in real time.
  • Publish/subscribe beats polling. In a publish/subscribe, event-driven model, a user makes a one-time request to connect to a data source, then gets updates whenever they occur. By contrast, polling sends regular, timed requests for data. This wastes resources when data changes are infrequent, because multiple requests might return with the same value. At the same time, polling is also inaccurate during rapid change, because a burst of several value changes may occur between polling cycles, and will be completely lost.
  • High-speed “push” data sources are most effective. The data should be pushed out to the system, and then pushed to the user. In addition to being a better security model, this approach is also more efficient. To “pull” data from a source requires polling, which takes longer and uses too much bandwidth, because each data update requires two messages: a request and a reply. Push technology only requires one message, which is more efficient, consumes less bandwidth, and also enables machine-to-machine communication.
  • Data-centric, not web-centric, design gives the best performance on the cloud. Transcoding data at the source takes time, and requires resources on the device which many smaller sensors may not have. By keeping the data in its simplest format, with no HTML or XML code, the lowest possible latency can be achieved. The raw data flows from the source, through the cloud, to the user as quickly as possible. When it arrives it can be converted to other formats, such as HTML, XML, SQL, etc. Different users, such as web browsers, databases, spreadsheets, and machine-to-machine systems can access a single data source at the point of its arrival, reducing the volume of data flow in the system.

Skkynet’s implementation

Following these principles, Skkynet’s SkkyHub™ and DataHub® provide in-plant or IoT networking speeds of just a few milliseconds over network latency, with a throughput of up to 50,000+ data changes per second. Their high level of performance is achieved by combining real-time, in-memory database technology with publish/subscribe, pushed data collection and a data-centric approach to communication.

The “Hub” technology in DataHub and SkkyHub is a real-time, in-memory, flat-file database, used in hundreds of mission-critical systems worldwide for over 15 years. Designed from the ground up for industrial data communications, the DataHub and ETK work by converting all incoming data into a simple, internal, raw-data format. This raw data can be integrated and transmitted at very high speeds.

At the plant level, the DataHub collects, integrates and redistributes process data in real time. Selected sets of data can be passed seamlessly to the IoT simply by connecting the DataHub or ETK to SkkyHub. At the cloud level, SkkyHub provides the same real-time data collection, integration, and distribution. IoT performance now approaches the actual network propagation speeds of the Internet, with virtually no added latency.

Quite honestly, we shouldn’t expect the typical IoT platform to provide this level of performance. Few, if any, were designed for the Industrial IoT. It should come as no surprise that a concept as disruptive as “Industrial Internet of Things” may require new approaches for proper implementation. And in addition to performance, industrial applications have unique security and compatibility requirements. When choosing a solid, robust platform for Industrial IoT, these are all critical factors to consider.