Security: Connected Car vs Connected Plant

/by

Over the last few weeks I have been reading articles on security breaches with the connected car; hackers remotely control a Jeep, VW hides a security flaw , researchers hack a Corvette. But these challenges are not as unique as car manufacturers would like you to believe, and they are absolutely avoidable.

The main issue at hand is that we as consumers see our car as an engine with four wheels and a few seats. We don’t think of our car as a production system; with hundreds of sensors, control panels and a visual HMI to display the information in an easy-to-understand screen. But that is exactly what your car is: a mobile automation platform, with a fully integrated supervisory control and data acquisition (SCADA) system, no different than the systems found on a traditional factory floor.

So why can’t we learn from the factory to build a secure car? For the same reason that industry is having challenges securing the plant. SCADA systems were first designed in the 70’s. At that time security was not the primary concern for factories, data acquisition was. Your modern SCADA system is designed around the same principles that were founded almost half a century ago; client-server architecture, where you request the information and the system will give it to you. Sensors connected to PLCs are not programmed to automatically give you values, they must be asked for their values, and once asked they will happily provide you with those values in milliseconds. The same holds true for your car, since the control systems in your vehicle are based on exactly the same principles as industrial automation.

In your typical plant, the SCADA network is protected from operations, and again protected from business planning systems. Since the plant does not require the Internet, its network does not need to be protected against unsecured access. In some cases, plants will allow access through proxy servers, firewalls, and the use of a VPN, all in place to secure the connection. To support this access, the plant must expose a port on a firewall to allow for incoming connections. The problem is that you’re vulnerable at your weakest point as was the case with the Target hack.

Today if you asked a nuclear power facility to attach a black box on their SCADA network which uses a cellular connection to monitor water flow, they would throw you out of the office. So why is the manufacturer of your car or your insurance company doing just that? That black box that you attach to your OBD-II port, the SIM card in your vehicle or your remote key are all potential attack surfaces; exposed ports with an IP address waiting to be hacked.

The only way to prevent a hacker is to remove all attack surfaces, and keep all inbound firewall ports closed, which requires a different approach. At Skkynet, that is exactly what we do. Skkynet’s SkkyHub is a secure end-to-end platform used to connect virtually any industrial or embedded data source, visualize the data, and monitor or control your process or system from afar. Secure by design, there are no Internet attack surfaces, no VPN’s, and yet it allows for bi-directional communications and supervisory control.

Since onboard car systems are so similar to industrial automation systems in this way, the solution for providing secure remote access on industrial systems applies to cars as well.   With today’s technology there is no reason to expose a plant, device, or a connected car to Internet attack. What manufacturers need to do is change the conversation. The plant, device, or car should publish the information, to which authorized individuals or devices should subscribe in order to receive the information. It is a simple change that addresses security: no open firewall ports, no attack surfaces.

Bridging the IT Resource Gap

/by

An interesting study has recently come out of the UK that points to a broad gap between the IT requirements of a large number of companies, and their available resources to meet the needs. What’s more, the top priorities for the coming years include cloud computing, big data, mobile computing, and security. Altogether, these findings suggest there may be significant potential for Skkynet’s SkkyHub service to bridge the IT resource gap.

The report, Digital Leaders Survey from BCS, The Chartered Institute for IT in the UK, presents the results of surveys circulated among BCS members, clients, and non-member companies, addressed specifically to CIOs, digital leaders, IT managers, and CEOs. Among the key findings are:

  • For the next 12 months, the 3 top IT concerns will be mobile computing, security, and cloud computing.
  • For the coming 3 to 5 years, the concerns are similar: security, cloud computing, and big data.
  • When asked what concern most keeps them awake at night, the overwhelming response was security–how to implement the various technologies in a secure way.
  • Close to 90% of the companies surveyed felt they do not have the resources needed to meet these priorities. About half of them said their existing workforce needs to upgrade their IT skills, or they require more manpower, or both.       Over a third said they could use a bigger budget.

Keeping it Secure

Maintaining security at all phases of implementation of cloud and mobile computing is high on everyone’s list. Mission critical industrial systems must not be compromised in any way, or it could mean significant damage to infrastructure and possibly even human life. Financial systems risk ruin if data confidentiality is breached. No major corporation is immune from attack. Just look at the recent chaos at Sony Picture Entertainment resulting from a breaches in security.

Clearly, any cloud, mobile, or big data services offered must be secure. And as this is a relatively new area of IT, old approaches to security may not be sufficient. Industrial and financial cloud applications represent a special case, as their security requirements are higher than most, and yet they also require high-speed data throughput, as close to Internet latencies as possible.

This is why SkkyHub has attracted such interest in these markets. Secure by design, it takes a unique approach to security that requires no additional hardware or VPN, and yet opens no firewalls, leaving no attack surface exposed to the Internet. Data can flow through the system at speeds approaching real time, making it an ideal solution for industrial and financial cloud systems.

Doing More with Less

Valuable as it may be, a secure, mobile-friendly cloud and big data service may not be snapped up so quickly if there is no way to bring it on board. According to the survey, the vast majority of companies don’t have the budget or personnel to carry this off.

Wait, did I read that correctly? Aren’t we talking cloud systems? Isn’t one of the main draws of cloud computing cost savings? You shift your costs from capital expenses to operating expenses. No up-front investment, no amortization calculations. Just pay as you go.

And doesn’t a good SaaS solution reduce the need for highly qualified programmers? The purpose is to leave the specialty programming of data communication and connectivity to the experts, freeing up your people to do your work. So where is the problem?

Our vision at Skkynet is that with cloud computing you should be able to do more with less. The service should provide end-to-end connectivity with no programming required. Just sign up, configure, and start working with your live data. It should work transparently beside your existing systems, providing you and any other authorized user with secure access to the data you need. Software as a service should reduce your dependence on in-house IT resources, while saving you money.

We invite the respondents to the BCS Digital Leaders Survey, and anyone else, to try out SkkyHub and see. SkkyHub addresses the key issue of security, and bridges the IT resource gap by providing real-time software as a service in a way that is affordable and easy to implement.

Early Adopters Win Digital Dividends

/by

Does the early bird really get the worm? According to a recent Harvard Business Review report they do, if that bird is an early adopter of technology. The report from HBR Analytic Services titled, The Digital Dividend – First Mover Advantage, states that according to their survey, companies that adopt the newest technologies are more likely to grow their revenue and improve their market position.

Executives, top-level and mid-level managers from hundreds of medium- and large-sized companies in the USA and around the world responded to the survey. Each company self-categorized its corporate posture as “IT pioneer” (34%), “follower” (35%), or “cautious” (30%). Each participant was questioned on the degree of adoption in their company of what the report calls the “Big Five” technologies: mobile computing, social media and networking, cloud computing, advanced analytics, and machine-to-machine (M2M) communications.

The results show that early adopters of technology experience the most growth. Overall, the IT pioneer companies grew twice as much as the followers, and three times as much as the cautious. Linking this growth to the adoption of new technologies, the report states that over half of the IT pioneers had made technology-powered changes to their business models or to the products and services they sell. On the other hand, less than a third of the followers implemented such changes, and only about one-tenth of the cautious did the same.

A Holistic Solution

Tony Recine, Chief Marketing Officer of Verizon Enterprise Solutions, the company that sponsored the report, made this comment: “The value of these new technologies lies not in what they can achieve on their own, but in their combined power as a holistic solution.”

Indeed. That is our vision as well. Each one of the “Big Five” technologies has significant value, and combining them offers a huge advantage to any early adopter ready to move quickly ahead of his peers. For example, linking machines to other machines, passing their data to the cloud, running real-time analytics on it, and putting the results into the hands of any user with a smart phone is no longer a futuristic vision, but reality. Consider the following scenarios.

1) A machine operator on the factory floor in Germany gets an alarm on his tablet PC. As he walks towards the problem area, he runs live analysis on the data coming in from the system, comparing it to historical data, and doing an archive search on similar scenarios. He also checks with his colleages at branch plants in the UK and Canada, and looks at how their systems are performing at that time. Based on all these inputs, he can make a more informed decision about how to respond to the alarm.

2) Every few seconds each panel on a large, interconnected installation of solar arrays sends details about cloud cover and other local weather conditions, as well as the amount of power generated at that moment. This data is pooled and analyzed by big-data applications to determine the cost and output of any part of the system in real time. Management and customers can view up-to-the-second output trends and statistics for their area in a web browser or phone.

3) A water resources management company relays pump-station and tank-level data from small local utility companies to remote agricultural facilities using that water for irrigation. Farm managers and utility executives alike are given access to the relevant data for their systems, allowing them to monitor the entire supply and usage matrix, and collaborate on adjustments in real time, when necessary.

This kind of scenario, and many more, are possible. The technology is here. Secure access to in-house, remote, and M2M data via the cloud, redistributed to qualified users anywhere, is what the Secure Cloud Service is all about. Now it’s just a question of who adopts it, and when. And as we have learned from this latest Harvard Business Review report, early adopters tend to win.

BYOD Impacts the Factory Floor

/by

The growing worldwide trend for workers to “bring your own device” (BYOD) to work has impacted the industrial space, according an IHS Technology survey.

The past few years have witnessed a remarkable growth in the popularity of smart phones and tablet computers. The Pew Research Center’s Mobile Technology Fact Sheet reported that by January 2014 58% of adults in the USA owned a smartphone, and 42% of them had a tablet computer.  A Nielsen Company report says that people in the UK used their smartphones nearly twice as much by the end of 2013 as they did in the beginning of that year.

With such broad usage of smartphones and tablets, it is not surprising that people expect to bring that power and convenience into the workplace. Indeed, this is rapidly becoming the case, as reported in the 2nd Annual State of BYOD Report issued last year by Good Technology.  According to their survey, 95% enterprises either support BYOD in the workplace, or are at some stage in planning or considering it.

These worldwide trends are resonating in the industrial space, according to Toby Colquhoun and Tom Moore at IHS Technology.  In a recent article, Mobile devices spread to the factory floor, they share the results of an IHS global survey of companies in the manufacturing and energy sectors.  Of the companies surveyed, almost half of them (46%) are currently allowing their employees to use smartphones and tablets at work, and another 11% plan to adopt such technologies within the next three years.

Integration of smartphones and tablets into the company network adds a potential new point of vulnerability for hackers/malware to exploit.

To clarify, this is not actually BYOD in most cases.  You won’t find many factory workers monitoring mission-critical systems on their personal cell phones.  Typically, companies that allow smartphones and tablets on the shop floor issue them to the personnel, preconfigured for the data they are authorized to access.  The investment in equipment is offset by the advantages of this portable technology for monitoring processes from anywhere in the plant, responding quickly to alarms, and in some cases doing supervisory control.

But not everyone sees it this way.  About 7% of the participating companies that are currently using mobile devices plan to discontine this kind of program within the next three years, and another 20% surveyed responded that that they have no plans to adopt the technology over that time period.  The reasons for this reluctance include device performance in an industrial setting, as well as concerns for the security of the data.

“Integration of smartphones and tablets into the company network adds a potential new point of vulnerability for hackers/malware to exploit,” states the report.  It also mentions concerns related to human error and carelessness, which can be addressed by company policy.  But the report does not mention how companies can protect their vital data from exposure to the Internet.

To ensure the success of BYOD in the industrial sector, security questions must be resolved. The approach of Skkynet’s Secure Cloud Service™ addresses these questions in a unique way. Details about the service will be shared in a Skkynet white paper to be published soon. Put briefly, the traditional architecture for industrial networking was not designed for access via the public Internet, because it requires opening the firewall into the production system. With the proper design, as implemented in the Secure Cloud Service, BYOD is not only possible in the industrial space, it can be secure, quick, and convenient. As this kind of high quality service becomes widely adopted over the next few years, we can expect to witness some remarkable changes taking place on the factory floor.

The Industrial-Strength Real-Time Enterprise

/by

For many years in business and industry there has been a gap between the top floor and the shop floor, between management and production, between the white collars and the blue collars. This gap has carried over in the approach to computing, where office systems crunch numbers in relational databases and churn out monthly reports, while production systems provide real time monitoring and control. Now, however, it seems that this gap may be closing. Visionaries are forecasting the coming of the real-time enterprise.

In a keynote address to the ISA Automation Week in Nashville, reported by Walt Boyes in Control Magazine, Dr. Peter Martin, Vice President of Invensys, said that one of the forces driving industry is a move from transactional business to real-time business. He also said that enterprises need to augment reporting-based systems with real-time performance measurement. And he predicted that the technology developed by industrial automation systems will drive that change.

Why is such change necessary? With their focus on historical analysis of data, office systems have always had the luxury of time. Software developers concentrated on building elaborate relations between disparate data sets, providing intricate and complex models of the enterprise. But these models were inevitably snapshots of the past. The recent past, true, but still the past. This is no longer sufficient to keep pace with the demands of business in the 21st century.

On the flip side, production systems never had time to spare. Developers of these systems had to find ways to collect, analyze, and interact with data in real time, to respond to changes in the system within seconds or even milliseconds, often with no human intervention. The data-handling capabilities of these systems typically included low latency as an integral part of the design. Here is a valuable resource that is only recently being discovered and brought into play in the upper echelons of the company.RTEnterpriseChart

In his talk, Martin summarized the situation in a simple chart. In the left column the CFO has access to monthly financial reports. On the right, the whole enterprise is managed based on these reports. But at the production level, the work needs to be managed on a daily basis, at least. And resources need real-time control. However, there is no corresponding real-time accounting taking place at either of these two lower levels.

Martin foresees this gap being filled sooner or later. Those who can use the real-time data coming from the factory floor will be able to run real-time analysis on it as it flows through their system. This live analysis will greatly empower and improve their resource control and production management.

As we see it, this new approach can be readily implemented using secure cloud services with real-time data handling capabilities. The approach calls for a way to connect the various production facilities, run real-time analytics on the data, and then stream the results to the people who need to make decisions, or indeed, to systems that are programmed to decide automatically. This is what a real-time cloud service can do.

Dr. Peter Martin says that automation is the key to a better world. He sees it solving big problems, even world hunger for example, as long as the gap between the top floor and the shop floor closes. “We cannot be plant-centric or enterprise-centric any more,” he said. “We need to measurably improve the profit of business. Technology and talent together define our future, and the future is very bright.”

The IoT Pulls Industrial Computing to the Edge

/by

As Internet of Things (IoT) platforms become reality, more and more people are beginning to feel its impact.  Bill Lydon, Editor of Automation.com, recently coined a new phrase: the “Manufacturing Internet of Things”, or MIoT.  He points out that much of the ground work for the IoT was actually laid by the industrial community, which has been working with remote data acquisition and connecting machines to machines (M2M) for decades.  He sees the MIoT as the driving force for a quantum leap in the quality of the manufacturing infrastructure, coupled with a broader reach.

In an article titled Manufacturing Internet of Things (MIOT), Lydon defines the MIoT as the result of applying the technology of computers and the Internet to boost productivity.  He points out that although we have seen a steady growth of these two technologies in the industrial arena, things are beginning to move more quickly, which will have a clear positive impact.  He writes: “The application of the MIoT concept will ultimately improve manufacturing performance and enable better integration with business systems.”

For years, one of the big successes in manufacturing/business integration has been in the area of planning.  Resource planning (RP) software has evolved from tracking materials (MRP) to the whole manufacturing process (MRPII), and has become integrated into the entire enterprise (ERP).  At the same time, manufacturing execution systems (MES) have also played a role in optimizing production through coordinating resources, handling orders, and scheduling production, often filling the gaps between ERP and the SCADA (Supervisory Control and Data Access) systems used in the manufacturing process itself.

Traditionally all of these systems, SCADA, MES, and ERP have functioned based on a central server model, where inputs from the field or shop floor would be collected, integrated, processed, and fed to connected systems or end users.  Over time, as connectivity and computing power increased, these systems have grown more capable and faster, approaching real-time response in some instances.

A New Architectural Map
Now, according to Lydon, new changes from the IoT are expanding computing capabilities from the center to the edges, redrawing the architectural map of computer-assisted manufacturing.  On the one hand is a steady increase in computing power within devices: sensors, motors, cameras, and so on, providing them with control, data processing and communications capabilities.  On the other hand, user tablets and mobile phones now offer more computing power than NASA used to land a man on the moon.

This new computing power on the edges of the system is accelerating a trend towards distributed computing in manufacturing.  Adding to this, says Lydon, is the advent of distributed databases and parallel processing.  The result is that “this technology can be used to streamline, collapse, and create systems architectures that are more cost effective, responsive, and effective.”

One Additional Piece
What’s missing from this description?  From our perspective at least, a key player in the IoT is the cloud.  The flexibility and reach of cloud-based systems make them ideal for integrating the larger scales and wider distribution of edge computing.  Of course, to be most effective, cloud-enhanced manufacturing systems would be best served by real-time responsiveness and robust security.  These are issues that must be taken seriously, and the pioneers and innovators in the MIoT who acknowledge them will keep their eyes open, staying alert for new opportunities as they become available.

For those wondering about how or when to get involved, Lydon concludes with practical advice: those who adopt too early may suffer growing pains; those who adopt too late might get left behind.  But those who find the sweet spot between those extremes will be the fortunate.  In any event, he says, “My view is that the creative and innovative application of automation is essential for manufacturing companies to survive.”