For MQTT smarter is better: MQTT is the protocol of choice for many industrial communication tasks, but was not developed for IIoT in mind.
Tough times demand tough measures. A recent convergence of three disruptive forces on industrial automation calls for resilience, according to the report of a recent survey from Claroty, The Global State Of Industrial Cybersecurity 2021: Resilience Amid Disruption. These forces are: an increase in ransomware attacks, accelerated digital transformation, and a growing trend towards working remotely. What’s needed is more investment in improved technology and the hiring and training of staff, according to the majority of the 1,100 IT and OT (operations technology) security professionals interviewed.
The number of ransomware attacks sustained by industrial enterprises, and the costs involved, are staggering. A full 80% of the companies surveyed were hit, including a breach of their OT/ICS (industrial control systems) for more than half of them. Over 60% paid the ransom, with an average payment of around $500,000 USD, and over $5,000,000 for some. That doesn’t count the cost of lost production downtime, which for the companies surveyed ranges from tens of thousands to millions of dollars per hour.
At the same time, the need for networking industrial data is stronger than ever. Fully 90% of these companies report that they sped up adoption of digital transformation since the start of the pandemic, and don’t anticipate turning back. Adding to that, working remotely has become a new normal. Just 21% of the companies surveyed had their full staff working onsite in 2021, and only 27% expect to have everyone back working onsite after the pandemic.
Secure data communications are vital
Taken together these trends indicate a strong demand for secure data communications. Claroty, the industrial cyber security company that sponsored the survey, offers five technical and procedural recommendations. For data communications, the report said maintaining proper segmentation between OT and IT networks can be a highly effective defense against ransomware:
“There are many business processes and applications that need to communicate across the IT/OT boundary, so organizations need to ensure this is done in a secure way. Ensuring an organization’s OT network and assets are isolated from IT in a manner that aligns with segmentation best practices can be a highly effective means of stopping the lateral spread of ransomware and other malware from IT to OT.”
Responding to this need for network isolation, Skkynet offers a wide range of secure solutions for in-plant, OT/IT, and cloud connectivity. Industrial enterprises large and small have come to recognize the value of our secure-by-design approach that gives them full access to their production data while keeping their OT networks secure behind DMZs and fully closed firewalls. Skkynet’s software and services answer the call for resilience.
Companies using Skkynet software and services expect high security for their data communications. They know they can stop computer viruses by keeping all inbound firewall ports closed. Now, with the coronavirus looming large we must do pretty much the same thing in real life. We need to keep our distance and stay behind physical walls as much as possible. And yet work must go on. The data must get through. We need to work remotely, if possible.
The problem is, logging in remotely can be risky. Typically, you need to expose your servers via the web or a VPN―and that’s a risk that our industrial control customers cannot take. They need tighter security, to access to their process data without exposing the process servers and networks. Skkynet’s unique tunnelling technology provides this kind of secure access. It lets users securely push data from their plants to our SkkyHub service, where they can access it in real time, all without opening firewalls to the outside world.
A Helping Hand
We are now offering this service at no cost to help our customers weather the coronavirus storm. For the next three months any DataHub user can connect to SkkyHub free of charge. A simple tunnel connection provides a way to access data remotely, even through DMZs and proxies. The SkkyHub service includes a web-based interface, SkkyHub WebView, that lets people build dashboards to access their data and interact with their systems from home. Those who are new to WebView can quickly get up to speed, designing pages through its web interface. With SkkyHub, users can view and operate their control systems remotely as quickly and easily as being right in the control room.
Let’s face it. These are not easy times. Some factories have been forced to shut down, and restarting will be difficult, as Matthew Littlefield at LNS Research explains in this blog, Closing Factories is Hard, Re-Opening will be Harder. Remote access can alleviate these problems to some degree, but it must be reliable and above all, secure.
In another blog, Coronavirus Lessons for Industrial Cybersecurity: Quarantines, Sid Snitkin at ARC Advisory Group compares quarantines for coronavirus to securing industrial systems, and suggests, “Use DMZs, firewalls, zero-trust access control, anti-malware software, awareness training, and security hygiene to reduce the likelihood of an initial compromise.” He also recommends system segmentation to limit lateral movement of viruses, continuous device and system monitoring, and strengthening tools to prevent future attacks.
Doesn’t that sound a little like social distancing, washing hands, not travelling, and keeping our immune systems strong? The social structures we have developed throughout history and the technical systems we have built recently are not as different as we might imagine. They both can serve us well, but we need to protect them and keep them, like ourselves, in good health.
Digital twins. The term was coined only ten years ago, but the concept is rapidly becoming a must-have in the manufacturing sector. Last year a Gartner poll found that 62 percent of respondents expect to be using digital twin technology by the end of this year, although only 13 percent of them were actually using it at the time. A key factor in this sudden interest is that “digital twins are delivering business value and have become part of enterprise IoT and digital strategies.”
What exactly are digital twins, and why are they getting so much attention lately? A digital twin is made up of three basic components: a physical system, a virtual representation of it, and the data that flows between them. The physical system could be an individual device, a complex machine, a whole production line, or even an entire factory. The virtual representation can be as complex as necessary to represent the system. The data connection keeps the virtual twin as closely in sync as possible with the physical twin, often tracking and updating changes in real time.
The Value and Challenge of Data Integration
A digital twin operating in isolation is useful, but the real rewards come through making connections. Data integration between multiple sub-components of a digital twin, or between multiple digital twins, is key when advancing beyond simple pilot projects. “The ability to integrate digital twins with each other will be a differentiating factor in the future, as physical assets and equipment evolve,” says the Gartner report.
There are at least three types of relationships:
- Hierarchical, in which digital twins can be grouped together into increasingly complex assemblies, such as when the digital twins for several pieces of equipment are grouped into a larger digital twin for a whole production line.
- Associational, where a virtual twin for one system is connected to a virtual twin in another system, in the same way that their physical counterparts are interrelated, such as wind turbines connected to a power grid.
- Peer-to-peer, for similar or identical equipment or systems working together, like the engines of a jet airplane.
Making these connections is not always easy. A recent publication from the Industrial Internet Consortium (IIC), titled A Short Introduction to Digital Twins puts it this way, “Since the information comes from different sources, at different points in time and in different formats, establishing such relations in an automatic way is one of the major challenges in designing digital twins.”
The IIC article briefly discusses some of the technical aspects this kind of integration, such as:
- Connectivity, the necessary first step for data integration.
- Information synchronization keeps a virtual twin in sync with its physical twin, and among multiple connected twins, maintaining a history and/or real-time status, as required.
- APIs allow digital twins to interact with other components of a system, and possibly with other digital twins as well.
- Deployment between the edge and the cloud pushes data beyond the OT (Operations Technology) domain to the IT domain, that is, from the physical twin to the virtual twin.
- Interoperability between systems from different vendors may be necessary to gain a more complete picture of the total system functionality.
Another useful resource, Digital Twin Demystified from ARC Advisory Group, identifes data connectivity, collection, tracking volume & fidelity, and ensuring the quality of real-time data as being “key challenges associated with using real-time and operational data” in digital twins.
A Good Fit
Skkynet’s software and services are well-positioned to provide the kind of data integration that digital twins require. Most data on an industrial system is available to an OPC client like the DataHub, which ensures robust connectivity. Virtually any other connection to or between digital twins, such as from legacy hardware or custom software, is possible using the DataHub’s open APIs.
Real-time data mirroring between DataHubs can handle the synchronization needed for tight correlation between the physical and virtual systems. The secure-by-design architecture of DHTP provides a proven way to connect twins across insecure networks or the Internet, even through a DMZ, to ensure the highest level of security for both the physical twin on the OT side, as well as the virtual twin on the IT side.
By supporting the most popular industrial communications protocols, and through secure, real-time data mirroring, Skkynet software and services are often used to build fully integrated systems out of components from different vendors. A recent example of this is in the TANAP project in which DataHub software was used to integrate OPC A&E (Alarm and Event) data from ABB systems with other suppliers, effectively creating a virtual digital twin of the entire 1800 km pipeline.
Digital twinning can be seen as one aspect of the whole area of digital transformation in industry. As companies move towards digitizing their operations, the ability to create a virtual twin of each component, machine, production line, or plant, and connecting that twin to their IT systems will put better control of production into the hands of managers and executives, leading to greater efficiencies. The success of this undertaking, at every step of the way, depends on secure data integration among the digital twins.
Hardware/software combination provides secure access to industrial data, vendor-neutral connectivity, and support for main industrial protocols.
Mississauga, Ontario, September 16, 2019 – Skkynet Cloud Systems, Inc. (“Skkynet” or “the Company”) (OTCQB: SKKY), a global leader in real-time data communication for industrial systems, is pleased to announce a cooperative agreement with Siemens Mobility GmbH to provide a highly secure Industrial IoT hardware and software combination. Siemens Mobility’s Data Capture Unit (DCU) ensures one-way data flow will be connected to industrial and corporate software using Skkynet’s DataHub real-time middleware, allowing secure access to plant data by corporate IT staff and cloud services in real time.
“Through digitalization, Siemens Mobility is providing transportation operators with intelligent infrastructure and this collaboration will expand our ability to bring secure connectivity to critical systems across industrial sectors,” said Andre Rodenbeck, CEO Mobility Management, Siemens Mobility. “We see value for and need within the Industrial IoT market to mitigate the risk of connectivity to the cloud as well as IT Networks.”
“This agreement couples the best features of both products,” said Harry Forbes, Research Director at ARC Advisory Group. “The Skkynet DataHub software has been designed to enable outbound data flow with no changes to corporate firewalls. Together with the Siemens DCU data diode functionality, the combination provides real-time asset data with security from both hardware and software.”
The Data Capture Unit (DCU) from Siemens Mobility is a small, reliable and cost-effective hardware implementation of data diode technology designed for Industrial Internet connectivity. It is designed to eliminate any direct wired (optical or copper) physical connections. This allows the DCU to meet all major cybersecurity regulations for critical infrastructure and to operate in rugged environmental conditions (industrial and transportation). Typically located on the edge of the network, the DCU provides boundary protection for the Operations Technology (OT) network, and a secure bridge when connected to the Information Technology (IT) network.
The DataHub from Skkynet has been extensively tested by Siemens Mobility to act as a secure and easy-to-configure One-Way Gateway (OWG) for the DCU. The DataHub software collects and filters data on the OT side, supporting protocols OPC UA, OPC DA, OPC A&E, and Modbus. The data is then sent via the DCU to a second DataHub on the IT side, which pushes it along by TCP or ODBC to IT applications, or by MQTT to Siemens’ IoT platform MindSphere or other cloud services. The DataHub’s secure-by-design architecture is fully compatible with the DCU’s one-way model, and allows industrial protocols like OPC UA and others to function seamlessly with the DCU.
“This collaboration offers industrial users in all sectors—healthcare, energy, oil & gas, and transportation to name a few—a highly secure and cost-effective Internet gateway,” said Paul Thomas, President of Skkynet. “Equally effective for both new and legacy systems, it allows virtually any company to easily make secure connections to the Industrial IoT.”
Working together, the DCU and DataHub provide a secure OT – IT bridge and vendor-neutral connectivity, supporting main industrial protocols. The DCU ensures the highest safety and security level for the protected assets, while the DataHub enables real-time secure connectivity across a wide range of protocols on both sides of the connection. Both the hardware and software have been proven in the field for many years and are used in thousands of applications in virtually all industrial sectors.
Skkynet Cloud Systems, Inc. (OTCQB: SKKY) is a global leader in real-time cloud information systems. The Skkynet Connected Systems platform includes the award-winning SkkyHub™ service, DataHub® middleware, and Embedded Toolkit (ETK) software. The platform enables real-time data connectivity for industrial, embedded, and financial systems, with no programming required. Skkynet’s platform is uniquely positioned for the “Internet of Things” and “Industry 4.0” because unlike the traditional approach for networked systems, SkkyHub is secure-by-design. For more information, see https://skkynet.com.
This news release contains “forward-looking statements” as that term is defined in the United States Securities Act of 1933, as amended and the Securities Exchange Act of 1934, as amended. Statements in this press release that are not purely historical are forward-looking statements, including beliefs, plans, expectations or intentions regarding the future, and results of new business opportunities. Actual results could differ from those projected in any forward-looking statements due to numerous factors, such as the inherent uncertainties associated with new business opportunities and development stage companies. Skkynet assumes no obligation to update the forward-looking statements. Although Skkynet believes that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that they will prove to be accurate. Investors should refer to the risk factors disclosure outlined in Skkynet’s annual report on Form 10-K for the most recent fiscal year, quarterly reports on Form 10-Q and other periodic reports filed from time-to-time with the U.S. Securities and Exchange Commission.
All statements, information and recommendations in this document and on any provided material are believed to be accurate but are presented without warranty of any kind, expressed or implied. This is solely for informational purposes and Siemens does not warrant or represent that they will satisfy the specific requirements of any project. The information in this document may contain specifications or general descriptions related to technical possibilities of individual products which may not be available in certain cases (e.g. due to product changes). Siemens does not represent that the documents are complete regarding the planning steps that need to be taken for any project, or that they represent customer-specific solutions. They are only intended to provide basic information for typical applications. User waives and releases any rights of recovery against Siemens that it may have related to its use of these documents and agrees that Siemens shall not be liable for any form of loss, damage, claim or expense, irrespective of origin, including negligent acts or omissions, even if Siemens have been advised of the possibility of such damages.
Sustainable energy can be profitable. That, in a nutshell, is the finding of a GreenBiz Research survey presented in the 2019 Corporate Energy & Sustainability Progress Report from Schneider Electric. And an important key to those profits is sharing data.
“Companies agree that sharing data is important, with those that share the most seeing significant benefit,” the report said. This importance of data sharing stands out in the context of the overall report findings, which are broken up into 5 main topics:
- Funding: Executives that demonstrate ROI (return on investment) and provide strong leadership can overcome perceived obstacles, such as insufficient capital.
- Data: The challenge is to ensure the quality of collected data, and to share it effectively.
- Goals: Setting public targets or goals for energy conservation and sustainability drives motivation and success.
- Energy: Strategic sourcing optimizes usage, yielding significant cost savings in a volatile energy landscape.
- Technology: Energy efficiency and renewables, based on data-driven technologies, are a leading source of ROI.
Ultimately, for a sustainable energy project to succeed, it must provide a solid return on investment. This report affirms the experience of our customers in wind and solar that the better the quality of their data, and the more they are able to share it, the higher their ROI.
For example, a wind farm doesn’t operate in isolation. In addition to the electrical power it sends to the grid, each wind turbine also sends data for its rotor speed, operating state, power output, and more out to control engineers and automated systems to optimize performance. This data can also be integrated with other data arriving in real time. Weather and climate conditions can be introduced, along with real-time market pricing, to generate live, real-time cost/benefit analyses.
Seeking ways to share data
Sharing data like this takes both cooperation and technology. The various players involved have to agree on what to share and how. Reviewing last year’s survey, the report noted that “respondents indicated that 80% of their companies had energy and sustainability data collection projects underway.” And this year “the research finds that more companies are now seeking the most efficient ways to share the data that has been collected.”
We are pleased to see this growing level of awareness of the need for data sharing. At the same time, we actively encourage executives, managers and engineers who are looking for more efficiency in their data sharing practices to consider our approach. It could be just what they need to boost the ROI of their sustainable energy projects.