Developing DHTP, the Ideal Protocol for IIoT

/by

Ever since the concept of the Industrial IoT (IIoT) became popular, people have been trying to find the ideal protocol for it.  After all, IIoT is something new.  As the “Internet of Things,” it clearly involves data travelling across the Internet.  But because it is also “Industrial”, it requires more than the common Internet protocols like FTP or HTTP to do the job.  The best choice for an IIoT protocol is one that has been designed from the ground up to fulfill both industrial and Internet requirements.

Here at Skkynet we use such a protocol every day—DHTP (DataHub Transfer Protocol).  From its inception over 20 years ago, DataHub technology involved connecting disparate systems in real time over a network and the Internet.  It all started back in the ’90s with a product called Cascade Connect that exchanged data between programs running on a QNX real-time operating system, and the InTouch HMI running in Windows.  Cascade Connect used two connectors, precursors of DataHub, one running in QNX and the other in Windows.  Each of these connected to programs running on their respective operating systems using standard industrial protocols, and they also connected to each other using TCP over a network.  The protocol they used to connect over TCP way back then has evolved into what we now call DHTP.

An Open Protocol

DHTP was made open from the start, with a published Cogent API.  Each subsequent Cogent product, such as Cascade DataHub, the Gamma scripting language, Cascade Historian, and so on were accessible through the Cogent API.  As the DataHub product evolved to become the OPC DataHub and then the Cogent DataHub, more commands were added, and the API was made available in Windows.  Today DHTP consists of the DataHub API and DataHub Command Set.

Meeting the Needs

Each step of this evolutionary process took place within an industrial context, in response to the needs of specific projects.  As our customers demanded more robust and secure data communication over TCP, we improved DHTP capabilities by adding SSL and other features.  Nowhere is that more obvious than the success of the Cogent DataHub for OPC tunnelling applications.  The DataHub DA Tunneller and DataHub UA Tunneller are unrivalled for their ability to connect OPC servers and clients across a network or the Internet.

Cloud and Embedded

As one of the first companies to recognize the value of industrial communications via the cloud, Skkynet enhanced DHTP with WebSocket capability for DataHub-to-SkkyHub connectivity.  DHTP’s unique, patented ability to support secure, outbound connections from industrial systems for bidirectional communication without opening any firewall ports is key to Skkynet’s secure-by-design architecture.  The introduction of the ETK for embedded systems a few years later completed the picture. DHTP is now the standard protocol used by DataHub, SkkyHub, and the ETK, the three core components of Skkynet’s IIoT products and services.

In our next blog we will explain in more detail why DHTP is the ideal protocol for the IIoT.  We will provide an overview of the criteria for effective IIoT data communications, and show how DHTP meets all of them.  As you learn more about DHTP, keep in mind that its success as an IIoT protocol is due to how it was developed—in the challenging environment where industrial and Internet communications meet.

IIoT Security: Attacks Grow More Likely, Users Unaware

/by

A few weeks ago hackers of industrial systems reached a new milestone. For the first time in history, someone was able to break into the safety shutdown system of a critical infrastructure facility. Roaming undetected through the system for an unknown amount of time, the hackers finally got stopped when they inadvertently put some controllers into a “fail-safe” mode that shut down other processes, which alerted plant staff that something was wrong.

The danger was not just in the safety mechanisms themselves, but for the whole plant. “Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks,” said cyber experts interviewed by Reuters.

Plan Ahead

That facility was lucky this time around. What about next time? What about the next plant? Rather than relying on luck, it is better to plan for the future. As attacks grow more likely, those systems that are secure by design, that offer zero attack surface, that are undetectable on the Internet, stand a much better chance. This has always been Skkynet’s approach, and as the threats increase, it makes more and more sense.

In fact, the industrial world is largely unprepared for these kinds of attacks. Having evolved for decades cut off from the Internet, until recently there has been little need to change. And a surprising number of users seem unwilling to acknowledge the risks. According to a recent article in ARS Technica, hundreds of companies across Europe are running a popular model of Siemens PLC (Programmable logic controller) with TCP port 102 open to the Internet. “It’s an open goal,” commented security researcher Kevin Beaumont.

Government Mandates

The situation has attracted the attention of governments, who realize the need to protect critical infrastructure for the sake of their citizens. The United Kingdom has issued a new directive authorizing regulators to inspect cyber security precautions taken by energy, transport, water and health companies, reports the BBC. The National Cyber Security Centre has published guidelines, and companies that fail to comply are liable for fines of up to 17 million pounds. “We want our essential services and infrastructure to be primed and ready to tackle cyber-attacks and be resilient against major disruption to services,” said Margot James, Minister for Digital.

IT to OT Challenges

What has brought all of this into focus over the past few years has been the increased awareness of a need for process data outside of the production facility. Companies are recognizing the value of the data in their OT (operational technology) systems, and want to integrate it into their IT systems to help cut costs and improve overall efficiency for the company as a whole. What they may not realize is that the tools of IT were not designed for the world of OT, and the security practices of OT are not adequate for the Internet.

The WannaCry virus that affected many companies worldwide last year is a case in point. Companies using VPNs to protect their IT-to-OT connections found out first-hand that a VPN merely extends the security perimeter of the plant out into an insecure world. A breach in an employee email can expose the whole plant to the threat of a shutdown. “WannaCry is the personification of why computers on the corporate networks should not be directly connected to OT networks,” according to Gartner Analyst Barika Pace in a recent report, Why IIoT Security Leaders Should Worry About Cyberattacks Like WannaCry, January 30, 2018. “It is also the reflection of the inevitable convergence of IT and OT. Based on your risk tolerance and operational process, segmentation, where possible, is still critical.”

Segment Your Systems

By segmentation, Pace means dividing networks into security zones, and maintaining security between each zone through the use of firewalls, DMZs, data diodes and other similar technologies to ensure that if one system gets hacked, it cannot affect others. Segmentation is part of a secure-by-design approach that Skkynet endorses and provides. Our software and services offer a way to connect IT and OT systems through DMZs or the cloud without opening any outbound firewall ports.

A Siemens PLC in this kind of segmented system could be accessed by authorized parties, and exchange data in both directions, without opening TCP port 102 to the Internet. Managers of critical infrastructure that implement this secure-by-design approach to segmentation are not only ready for government inspection, they have taken the best precaution against those who would intrude, hack, and attack their mission-critical systems.

As attacks on critical infrastructure become more likely, users must become aware, and prepare. The acknowledged benefits of IIoT need not entail unnecessary risk—securing an industrial system can be done, and done well. A big step is to segment your OT system though a secure-by-design approach, such as that offered by Skkynet.

Digital Transformation – Challenges and Opportunities

/by

We’ve seen a lot of commentaries lately from industry experts and gurus saying how the Industrial IoT and related digital technologies are driving change in the industrial sector.  Referred to as “digital transformation,” many analysts are suggesting that this kind of change is coming to the industrial world in a big way.  Certainly our customers are gaining significant value from it.

Digital transformation is all around us.  Social institutions and commercial sectors across the board have experienced it, and are still going through it.  Publishing is moving from paper to websites, e-books, and email.  The concept of money has been transformed by debit cards, online banking and bitcoin.  The face of retail has been disrupted by EBay, Amazon, and other online stores.  Even intimate, interpersonal and family relationships are being pulled into new shapes by smart phones, chat, and social media.

Opportunities for Industry

Now digital transformation is expanding from the intangible and social realms into the down-to-earth fields of mining, drilling, energy, and manufacturing―converting raw materials into physical products. Although the inputs, processes and outputs are physical, the information and data associated with them is abstract, and can be digitized.  And as we’ve seen in the domestic and consumer sectors, switching over to digital saves time and money.  There are big opportunities for those who can make the switch.

Jonas Berge, Director of Applied Technology at Emerson Automation Solutions wrote in a recent blog, “There is great opportunity for plant improvement and a great opportunity to sell the digital hardware and software, and to provide the associated services.”  He points out how digital transformation based on the IIoT opens opportunities in many areas, such as equipment monitoring, energy efficiency, and compliance with regulatory standards.

Ralph Rio, Vice President Enterprise Software at ARC Advisory Group, suggests that there are three areas for digital transformation in the enterprise:

  • Re-engineering can be done on current processes by digitizing them.
  • New services become possible as a result of digitizing processes.
  • New business opportunities arise from a digitally transformed plant or company.

For example, a production machine may have a vibration sensor that lights a flashing red alarm on an operator’s control panel when irregular motion is detected.  The machine manufacturer might decide to re-engineer by digitizing the alarm, allowing it to display in a SCADA system or HMI.  By connecting to the digital data via the IIoT, the machine manufacturer can offer a new servicemonitoring their equipment and sending status reports in real time to their customers.  They may also realize a new business opportunity by offering the work that the machine does as a service, rather than selling the machine outright.

Top Two Concerns: Security and ROI

According to Greg Gorbach, also a Vice President at ARC, there are opportunities in many areas, from additive manufacturing, edge processing and advanced analytics to smart products and factories.  And yet, there are challenges as well.  He points to a recent ARC survey that shows the top two concerns: security and ROI.  Security comprises issues like cybersecurity, data security, privacy, and confidentiality.  Taken together these are considered the top hurdle looming in the path towards digital transformation.

The other top concern is ROI, Return on Investment.  As we mentioned previously, the forecast for 2018 is that companies are starting to move from pilots and exploratory trials into finding solid business cases for IIoT.  Scaling up a system from a few test devices to dozens or hundreds has proven to be quite a challenge.  Companies are implementing technologies that were not designed from the ground up to handle large quantities of data, or a multitude of incoming connections.  Also, how to expand the vision from simple re-engineering project to new services and new business opportunities is not always obvious.

In addressing both of these concerns, security and ROI for the IIoT, Skkynet has a solid track record.  Our secure-by-design approach is unparalleled in the industry, and our flexible hybrid cloud solutions open a number of opportunities for digital transformation at all levels of a business. We plan to start sharing some of our success stories later this year.  Would you like yours to be one of them?  Contact us.

Wider Adoption of IIoT Forecast for 2018

/by

With the New Year upon us, now is the time to look back at 2017 to see how far we’ve come, and look ahead to see what’s on the horizon.  After sifting through a number of predictions, it seems that most of the pundits agree that the forecast is good.  The Industrial IoT continues to grow steadily in popularity, as it becomes one of the leading application spaces for the IoT.

“There’s no question the industrial side of IoT is growing rapidly,” said Bret Greenstein, VP of IBM’s Watson IoT Consumer Business.  “In a way, it’s kind of supercharging manufacturing operators and people who do maintenance on machines by providing real-time data and real-time insights.”

“It’s clear that the internet of things is transforming the business world in every industry,” says Andrew Morawski, President and Country Chairman of Vodafone Americas. “As the technology has evolved over time, adoption among businesses has skyrocketed.”

Finding business cases

As part of this growth, the forecast is to see companies begin to apply the knowledge they have gained from small-scale test implementations and pilots to build solid use cases for IIoT technology.  “The focus is shifting from what the IoT could do to what it does, how it fits in business goals and how it generates value,” said J-P De Clerck, technology analyst at i-SCOOP.  We have seen this among our customers here at Skkynet, and we plan to share some of their experiences and use cases later this year.

Edge computing becoming a necessity

Most analysts foresee growth of edge computing as part of an overall IIoT solution.  As we explain in a recent Tech Talk, edge computing means doing some data processing directly on an IoT sensor or device, as close as possible to the physical system, to reduce bandwidth and processing on cloud systems. Daniel Newman, a Forbes contributor says, “Edge networking will be less of a trend and more of a necessity, as companies seek to cut costs and reduce network usage.” He sees IT companies like Cisco and Dell supporting the move to edge computing in IIoT hardware, as well as the industrial providers that you would expect, such as GE and ABB.

Security remains a fundamental challenge

There is one thing that pretty much every analyst and pundit agrees on: security is still a challenge.  Various ideas are being discussed.  One commentator suggested that companies making large investments in IIoT have gained or eventually will gain the expertise and resources needed to meet the challenge.  Others suggest that an altogether new model might be necessary.  “We have reached a point in the evolution of IoT when we need to re-think the types of security we are putting in place,” said P.K. Agarwal, Dean of Northeastern University’s Silicon Valley in a recent Network World article. “Have we truly addressed the unique security challenges of IoT, or have we just patched existing security models into IoT with hope that it is sufficient?”

As we see it, patching up existing models is not the answer.  Providing secure access to industrial data in real time over the Internet is not something that traditional industrial systems were designed to do.  As more and more IIoT implementations come online, and as companies search for robust systems that can scale up to meet their production needs, we believe they will come to that realization as well.  Our forecast for 2018 is that an increasing number of those companies will begin to realize the value of an IIoT system that is secure by design.

What Drives Industry in 2017?

/by

It’s big. It’s by far the biggest industrial automation show in Germany, in Europe, and possibly in the world. It’s SPS IPC Drives. “SPS” is German for PLC (Programmable Logic Controller), “IPC” stands for Industrial Process Control, and “Drives” are tools that control the speed of machinery. It comprises a dozen exhibition halls, each one practically a trade show in itself, filled with gigantic, colorful booths displaying robots, machines, and control system components. It’s where thousands of engineers, system integrators, machine builders and parts vendors gather for a massive show-and-tell featuring the latest and greatest—sensors, actuators, controllers, software, services and more.

The Cogent/Skkynet display was part of the OPC Foundation exhibit at the show, in the communications technologies hall. We had a demo of our completely integrated solution for Industrial IoT data communication and OPC UA (Unified Architecture), from embedded devices with ETK, to the factory floor with DataHub, to our SkkyHub service running in the cloud. We attracted plenty of interest, particularly for our ability to access data from inside a plant without opening any firewall ports, and using no VPNs.

Other exhibits featured IoT, and a few had working demos similar to ours, showing how they could put data from a sensor into the cloud. But there were significant differences. Most of them did not have bidirectional communication, and all of them had to make compromises on security and robust connectivity.

Data Communication must be Secure…

The two technologies most frequently mentioned for data communications were OPC UA and MQTT. Most users are finding out that OPC UA by itself cannot serve as an IIoT protocol, because like every industrial protocol, it functions on a client-server basis. An OPC UA client outside the plant needs an open firewall port at the plant to connect to an OPC UA server inside. This is inherently insecure, since any hacker could also enter the plant through that open firewall port. To surmount this obstacle, a number of companies have turned to the MQTT messaging protocol. Its publish/subscibe architecture allows it to make outbound connections. That does keep firewall ports closed, but MQTT is not suitable for IIoT for other reasons. Notably, it cannot guarantee data consistency.

… and Robust

Funnily enough, when you bring this up, people catch on quickly. I walked around the show and talked to people who had IIoT on their posters and brochures, who were demonstrating IIoT devices, and offering IIoT cloud services. Companies large and small, including some of the biggest names in the industry, are using or promoting MQTT or its close cousin, AMQP. And yet when I pointed out to them how MQTT is unable to guarantee consistent data, they soon understood. Everyone acknowledged that if an MQTT connection from a data source is broken, the data user will not know that his or her data may no longer be valid. “Isn’t that a problem? Couldn’t it be dangerous?” I would ask. “Yes,” they would admit, “but there isn’t any other way.”

Another Way

Finding out that there is another way opened a few eyes. People coming to our booth and those we met throughout the show were surprised and pleased to find out that there actually is a way to maintain a secure, robust connection for IIoT. There is no need to open any firewall ports or to use a VPN, and yet you can guarantee consistency of the data between the server and the client. All you need is the right technology, secure by design. Our task for the coming months is to continue sharing this message with the 1500+ exhibitors and 70,000+ visitors at SPS IPC Drives, along with anyone else who wants to connect industrial process control systems to the IoT.

Some Notable Industrial IoT Applications

/by

After years of riding high on the Gartner Hype Cycle, Industrial IoT (IIoT) is beginning to take shape in various ways.  Early adopters tend to be large companies who have identified specific applications in which IoT connectivity provides an immediate advantage.  The Internet of Things Institute recently named Top 20 Industrial IoT Applications, giving an overview of the best of what is happening.  All of these are interesting, and we’d like share our thoughts on a few that you may not have heard of elsewhere.

Compressed Air as a Service

The Kaeser Kompressoren company in Germany has been manufacturing and selling air compressors for almost 100 years.  Lately they have adopted an IIoT perspective, and have changed their business model.  Now they provide compressed air as a service.  Instead of selling their equipment, they install it at a customer site and sell its ability to compress air.

Among other things, this requires a mental shift when calculating where their revenues come from.  Previously, when the customer owned the machinery, Kaeser could make money on repair services.  Now that Kaeser owns the equipment, repairs have become a cost center, and it is in their interest to keep those costs as low as possible.  Since they they started working under this business model, the company has been using IIoT technologies to sustain a healthy predictive maintenance (PdM) program.  The cost savings revert directly to Kaeser.

This ability to adapt, to transform business models and capitalize on the Industrial IoT applications will set the leaders apart from the followers in the next few years as the IIoT moves from hype to reality.

Keeping Track of Tools

How many screws does it take to build a commercial airliner?  How tightly must each one be turned?  What’s the right tool for the job, and how should it be calibrated?  A joint IIoT project between Bosch, Cisco, National Instruments, and Tech Mahindra coordinated through the Industrial Internet Consortium is demonstrating the value of the IIoT in answering those questions.

At a testbed location that simulates aircraft assembly, Bosch cordless screwdrivers are connected wirelessly via National Instruments technology and send identification data about themselves, as well as torque data about the screw they are tightening, to a central database.  Their exact physical location is calculated using a triangulation technology from Cisco.  An integration program from a Tech Mahindra program uses the screwdriver’s location data to look up the amount of torque specified for that screw at that location, and configures the screwdriver accordingly.  When the operator moves to a different location on the aircraft body to drive other types of screws, the screwdriver gets reconfigured automatically and precisely.

These four companies working together highlight the value of cooperation in developing Industrial IoT applications, especially at the beginning stages.  Many successful early adopters have emphasized the value of partnerships and collaboration.  Those who take a do-it-yourself approach often find the IoT more complicated to implement than expected.

Automated Mining and Haulage Systems

The largest private railroad in Australia with over 1,700 kilometres of track is owned and operated by the Rio Tinto mining company.  Using IIoT technologies, the company is now running unmanned, autonomous trains along this line, hauling iron ore from mines in the Pilbara region to ports along the north coast.  The pilot project will be expanded to full service next year, as the world’s first fully-autonomous heavy haul, long distance railway system.

This initiative is just one of several IIoT-related initiatives that Rio Tinto is developing.  They are also pioneering in the operation of autonomous trucks and drilling systems for their mines, and are even looking at self-navigating ships to cut the cost of delivering their products worldwide.

Not every company is in Rio Tinto’s position, but their broad vision, wide range of IoT applications, and obvious success can be an inspiration for all of us.  The message is clear: Industrial IoT is not only possible, it is profitable.  Learning from these examples, anyone venturing into this space needs to consider the opportunities and challenges unique to their industry and company, learn how and when to work with others, and then start taking action to gain the maximum benefit from Industrial IoT.