Posts

White House Pushes for Security

Since the ransomware attack on the Colonial Pipeline last month, the US government has become more vocal on the need for industrial cybersecurity. A recent memo from the White House to corporate executives and business leaders across the country urges them to protect their companies against hackers. Among the action items is the need to segment networks, to isolate OT from IT.

“It’s critically important that your corporate business functions and manufacturing/production operations are separated,” the memo states, “and that you carefully filter and limit internet access to operational networks, identify links between these networks and develop workarounds or manual controls to ensure ICS networks can be isolated and continue operating if your corporate network is compromised.”

The memo says that although the government is leading the fight against cyber attacks of all kinds, the private sector is also expected to play their part. They are urged to back up data, update systems, and test response plans and implementations. The memo also listed five best practices from the president’s Improving the Nation’s Cybersecurity Executive Order, including:

  1. Multifactor authentication
  2. Endpoint detection
  3. Response to an incursion
  4. Encryption
  5. A capable security team
Isolate Control Networks

Most of the recommendations could apply to any system or network exposed to the Internet, but the White House also included one directly related to industrial systems: Segment your networks to protect operations. Industrial control system networks, it says, should be isolated so they can continue operating even when the management network is compromised.

This was the case with the Colonial Pipeline incident last month. Although the hack caused turmoil in the company and a week of problems for the whole East Coast of the US, it could have been much worse. If the hackers had been able to take control of the pipeline itself, we might have witnessed physical damage both to property and the environment.

To avoid such problems, isolating control networks is critical. This is best accomplished using a DMZ, a “demilitarized zone” that separates control systems from management systems. Using a DMZ ensures that there is no direct link between corporate networks and control networks, and that only known and authenticated actors can enter the system at all.

Skkynet recommends using a DMZ for OT/IT networking, and provides the software needed to seamlessly pass industrial data across a DMZ-enabled connection. Most industrial protocols require opening a firewall to access the data, but Skkynet’s patented DataHub architecture keeps all inbound firewall ports closed on both the control and corporate sides, while still allowing real-time, two-way data communication through the DMZ.

We are pleased to see support for securing industrial control systems coming from the White House and US government, as well as governments and agencies throughout the industrialized world. A more secure environment will keep costs down and production running smoothly by keeping hackers out of our control systems.

Industrial Product Servitization Via the IIoT

Now there’s a ten-dollar word for you: “servitization.” It has emerged from the trend of industrialized societies to move away from manufacturing-based economies towards service-based economies. Applying this trend to products, the term “servitization” was popularized by Tim Baines at Aston Business School, who sees a “product as a platform for delivering services.” IBM shifts its focus from selling computers to selling business services. Rolls Royce sells propulsion instead of jet engines. Alstom ties its railroad maintenance contracts not to reduced equipment failures, but to fewer “lost customer hours.” These are just a few examples of servitization—a transition from selling products to selling services.

In a recent article, Servitization for Industrial Products, Ralph Rio at ARC Advisory Group shows how the trend of servitization is now impacting the factory floor itself. As production machinery grows increasingly sophisticated, plant managers find their staff less able to maintain and repair it by themselves. They need more services from vendors. Machine builders and OEMs are providing more training, more extensive maintenance contracts, and better condition monitoring of the equipment they supply. “Services have become an inseparable component of the product,” Rio says.

Benefits

The benefits are significant. Predictive maintenance offered as a service means reduced stoppages due to equipment failure, and fewer but more efficient service calls when problems do arise. A growing trend is to provide condition monitoring services, which guide operators to run their machinery more effectively, increasing the lifespan of the equipment and improving output and product quality.

To be most effective, condition monitoring needs to run 24/7 in real time, ideally via a connection to the equipment vendor or supplier. Thus, the Industrial IoT is the logical choice for data communication. “To implement servitization, suppliers will need to adopt Industrial IoT for condition monitoring,” Rio predicts.

Two-way street

As we see it, this level of service works best as a two-way street. Data related to the condition of the machine flows to the supplier, while guidance and adjustments coming from the supplier can flow back the plant staff and equipment. This kind of feedback is invaluable for optimizing machine performance. A one-way IoT model that simply collects data for off-line analysis may not be adequate for many use cases. Technically more sophisticated, bidirectional data flow is useful in many condition monitoring scenarios, and thus has always been an option for Skkynet customers.

If the lessons of the past few decades are any indicator, the servitization trend will continue to grow, both among industrialized and emerging nations. And the Industrial IoT will almost certainly play an important role in providing data communications. As long as those communications are robust and secure, we can expect to see more and more IoT-based industrial product servitization, even though that term itself may never become a household word.

Skkynet Powers Industrial IoT Connectivity with Renesas RZ/N1D Microprocessor

Multiple industrial protocols available on the RZ/N1D microprocessor from Renesas will link directly to the SkkyHub IIoT service.

Mississauga, Ontario, October 25, 2017 – Skkynet Cloud Systems, Inc. (“Skkynet” or “the Company”) (OTCQB: SKKY), a global leader in real-time cloud information systems, is pleased to announce that Skkynet’s ETK (Embedded Toolkit) for the Renesas RZ/N1D Arm®-based microprocessor (MPU) will support the C2C Industrial Network Protocol Stack to provide a secure, real-time gateway for industrial protocols such as Modbus, Profinet, CANopen, and OPC UA to the Industrial IoT.  This hardware and software combination is being showcased at Arm® TechCon, October 25 – 26 in Santa Clara, CA.

“Plant engineers and system integrators can connect their mission-critical plant automation systems to the Industrial IoT with no loss of performance or security,” said Paul Thomas, President of Skkynet. “Connecting the RZ/N1D to the Cogent DataHub running in the plant, or to SkkyHub running on the cloud, provides seamless and secure access to plant data from anywhere in the world.”

“The Renesas RZ/N1D real-time IIoT gateway shifts the focus from IT data models to the real-time requirements of dedicated machine control systems,” said Wil Florentino, Senior Manager, Product Marketing, Industrial Automation Segment at Renesas Electronics America.  “This demo shows secure, real-time, end-to-end connectivity from a factory floor system up to enterprise clients to provide real-time, on-premise and cloud connectivity.”

The RZ/N1D is a scalable and proven ARM®-based microprocessor that can be used in a variety of applications with the Cortex®-A7 Dual core and a high-speed, high-capacity memory interface.  A built-in, connected Cortex®-M3 processor will provide an Industrial Network Protocol Stack with support for Modbus, Ethernet/IP, Profinet, DeviceNet, and CANopen industrial protocols.  The RZ/N1D implements up to five Ethernet ports and the latest redundancy protocol, so it is optimized especially for industrial network equipment such as PLCs and network switches.

The Skkynet Embedded Toolkit (ETK) allows embedded devices to make a secure connection to OPC UA clients, the Cogent DataHub, or SkkyHub.  The Cogent DataHub fully integrates OPC UA and other industrial protocols to support OPC networking, OPC server-server bridging, aggregation, data logging, redundancy, and web-based HMI. Skkynet’s SkkyHub service connects to the ETK and the Cogent DataHub to securely network live data in real time from any location. It enables bidirectional IoT-based supervisory control, integration and sharing of data with multiple users. Secure by design, the service requires no VPN, no open firewall ports, no special programming, and no additional hardware.

About Skkynet

Skkynet Cloud Systems, Inc. (OTCQB: SKKY) is a global leader in real-time cloud information systems. The Skkynet Connected Systems platform includes the award-winning SkkyHub™ service, DataHub®, WebView™, and Embedded Toolkit (ETK) software. The platform enables real-time data connectivity for industrial, embedded, and financial systems, with no programming required. Skkynet’s platform is uniquely positioned for the “Internet of Things” and “Industry 4.0” because unlike the traditional approach for networked systems, SkkyHub is secure-by-design. For more information, see https://skkynet.com.

Safe Harbor

This news release contains “forward-looking statements” as that term is defined in the United States Securities Act of 1933, as amended and the Securities Exchange Act of 1934, as amended. Statements in this press release that are not purely historical are forward-looking statements, including beliefs, plans, expectations or intentions regarding the future, and results of new business opportunities. Actual results could differ from those projected in any forward-looking statements due to numerous factors, such as the inherent uncertainties associated with new business opportunities and development stage companies. Skkynet assumes no obligation to update the forward-looking statements. Although Skkynet believes that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that they will prove to be accurate. Investors should refer to the risk factors disclosure outlined in Skkynet’s annual report on Form 10-K for the most recent fiscal year, quarterly reports on Form 10-Q and other periodic reports filed from time-to-time with the U.S. Securities and Exchange Commission.

Industrial Speed IIoT

What does “real time” really mean in an industrial system?  And what does “real time” mean for the Industrial IoT?  For some people, updating their data within 5 seconds counts as real time.  For them, getting data updates once per second is blazingly fast.  For us, data updates for the IIoT should be as close to network latencies as possible, typically no more than a few milliseconds.

What does that look like?  Check it out.  We’ve created a SkkyHub demo page for industrial speed IIoT.  This simple demo shows how you can aggregate data from multiple data sources, visualize the data, and more importantly witness real-time Industrial IoT.

In the blue box, as you hover your mouse over the gray dot, it moves.  If you or a friend open the same page on a second browser or a phone and swap IDs, you’ll see a black dot for each other’s mouse (or finger, if it’s on a phone).  Select All, and when all other users move their mouse or finger, you’ll see their black dots move on your page and vice versa. You are participating in the IIoT, in real time.

How close to real time? You can see for yourself the latency of the SkkyHub system.  Just enter and submit your own ID.  Now when you move your mouse or finger around, you get a momentary glimpse of a black dot, shadowing each movement.  The black dot is generated by a round-trip data feed from SkkyHub.  The amount of time it takes for it to catch up to the gray dot is the latency of the data travelling round trip from your browser or phone to SkkyHub running in the cloud, and back.

Why is this useful?  The demo shows that the IIoT can be as responsive as most human operators need it to be.  There is no need to wait a few seconds for each action to have an effect.  This is most valuable for supervisory control, where an operator or manager may need to change a setting in an HMI.  The instant feedback of the SkkyHub service gives assurance to the operator that the system has picked up the change, and has responded accordingly.

At a machine-to-machine level, this kind of industrial speed, along with the ability to sustain multiple simultaneous connections, ensures that internal system activities are well coordinated.  A change in one machine or device propagates in real time to any or all connected devices.  This keeps the logic of the system intact, and ensures the smoothest possible performance.

When this kind of performance is coupled with a secure-by-design architecture and the ability to connect seamlessly to virtually any existing industrial system, then we feel confident in calling it Industrial IoT that works.

Industrial Analytics: Predictive and Prescriptive

A few blogs back we looked at growing interest in extracting value from IoT data through industrial analytics.  This interest has not sprouted up overnight.  Since the beginning of computer-assisted control systems, plant engineers and managers have been using their increasingly powerful and sophisticated tools to gather data, and then use the data to improve their processes.

For much of that time, the idea was to collect data in a database, and then at the end of the month or quarter, run various analytical tools on the data to see where the problems and bottlenecks were, and what could be changed.  This approach had some value, but it is essentially a reactive model.  Today, there is a general trend underway to go beyond simple reaction like this, and move towards the ability to predict problems, and if possible prescribe a solution.  In a recent blog, Blurred Lines Between Predictive and Prescriptive Analytics Mike Guilfoyle at ARC Advisory Group explains the value of each of these approaches to analytics, as well as their differences.

He breaks down this kind of pro-active analysis into three parts: performance, predictive and prescriptive, distinguished as follows:

  • Performance describes what is happening or has happened, and is the starting point of all analytics, reactive or pro-active.  The focus here is on current or past performance.
  • Predictive looks forward to what is most probable to happen, given the current conditions, using Big Data, machine learning, and other IT tools.
  • Prescriptive uses all of the above inputs, and adds to that a knowledge base and decision-making algorithms to prescribe what action can or should be taken.  In some instances, the system might actually even carry out the action, which is referred to as “closed-loop control.”

Guilfoyle goes on to identify some of important differences between predictive and presciptive analytics.  In fact, he will be leading a session on analytics best practices at the ARC Industry Forum this week.  You may not be able to attend, but his article is a good introduction.

In any case, the trend towards predictive and prescriptive analytics and any kind of closed-loop control based on such approaches highlights the need for secure, real-time access to plant data.  It is yet another example of the closing gap between OT and IT, and is an unmistakable benefit of the Industrial IoT.

The View from SPS IPC Drives 2016

The leading show in Europe for industrial automation, the must-go event on everyone’s list, SPS IPC Drives in Nurenberg, was another roaring success this year.  The 1,600 exhibits in 14 separate pavilion halls attracted over 60,000 industrial engineers, managers, and executives from Germany, the rest of Europe, and the world.  This year Skkynet participated jointly with the OPC Foundation, introducing the latest Beta version of the Cogent DataHub that supports the OPC UA protocol, along with a new Camera feature and a next-generation Excel product.

“Everyone we met was talking about OPC UA,” said Xavier Mesrobian, VP of Sales and Marketing for Skkynet, who was responsible for the Skkynet display and demo.  “They were intrigued to see how we have incorporated OPC UA into the DataHub.  With its existing ability for integrating data protocols, the DataHub becomes a highly versatile OPC UA client, able to serve as an OPC UA/Classic gateway, connect to databases and Excel, put data on the web, send emails, and much more.

“OPC UA is seen as the leading protocol for secure data communications within the plant and on a protected network.  Outside the plant, connecting to corporate offices or between facilities, and for other IoT and Industrie 4.0 scenarios, the common wisdom here at SPS IPC Drives is that using a VPN is sufficient for providing security.  We had a number of opportunities to explain why this is not so.  Most of the people I talked to were not aware that a VPN doesn’t really provide the level of security needed for an industrial system.  They were surprised and pleased to find out about our secure-by-design approach.”

“This was my impression as well,” said Paul Thomas, President of Skkynet.  “My sense is that security (by design) is still largely ignored.  Most of the people I spoke to at this year’s SPS IPC Drives show rarely mentioned security.  And when they did, they would say, essentially, ‘Oh, we use a VPN, so we are secure’.

“But some people understand the deeper questions.  I had a good conversation over a beer one evening with Professor Stephan Simons from the Automation and Control Technology department of the Hochschule Darmstadt University of Applied Sciences in Darmstadt, Germany.  He said that within the next year or two the great majority of control vendors will come to the realization that security has been massively overlooked. He was excited to find out that we have a tested and working solution available now, and wanted to know more about it.”

This experience at the SPS IPC Drives show confirms what we at Skkynet have been hearing from a number of different sources.  Security requirements for Industrial IoT and Industrie 4.0 have been largely downplayed or overlooked in the excitement of connecting up remote locations and gaining access to live production data from the shop floor.  As the need for IoT security is better understood—whether through education, experience, or mishap—the value of a secure-by-design system will become more obvious.