Posts

Security: Connected Car vs Connected Plant

/by

Over the last few weeks I have been reading articles on security breaches with the connected car; hackers remotely control a Jeep, VW hides a security flaw , researchers hack a Corvette. But these challenges are not as unique as car manufacturers would like you to believe, and they are absolutely avoidable.

The main issue at hand is that we as consumers see our car as an engine with four wheels and a few seats. We don’t think of our car as a production system; with hundreds of sensors, control panels and a visual HMI to display the information in an easy-to-understand screen. But that is exactly what your car is: a mobile automation platform, with a fully integrated supervisory control and data acquisition (SCADA) system, no different than the systems found on a traditional factory floor.

So why can’t we learn from the factory to build a secure car? For the same reason that industry is having challenges securing the plant. SCADA systems were first designed in the 70’s. At that time security was not the primary concern for factories, data acquisition was. Your modern SCADA system is designed around the same principles that were founded almost half a century ago; client-server architecture, where you request the information and the system will give it to you. Sensors connected to PLCs are not programmed to automatically give you values, they must be asked for their values, and once asked they will happily provide you with those values in milliseconds. The same holds true for your car, since the control systems in your vehicle are based on exactly the same principles as industrial automation.

In your typical plant, the SCADA network is protected from operations, and again protected from business planning systems. Since the plant does not require the Internet, its network does not need to be protected against unsecured access. In some cases, plants will allow access through proxy servers, firewalls, and the use of a VPN, all in place to secure the connection. To support this access, the plant must expose a port on a firewall to allow for incoming connections. The problem is that you’re vulnerable at your weakest point as was the case with the Target hack.

Today if you asked a nuclear power facility to attach a black box on their SCADA network which uses a cellular connection to monitor water flow, they would throw you out of the office. So why is the manufacturer of your car or your insurance company doing just that? That black box that you attach to your OBD-II port, the SIM card in your vehicle or your remote key are all potential attack surfaces; exposed ports with an IP address waiting to be hacked.

The only way to prevent a hacker is to remove all attack surfaces, and keep all inbound firewall ports closed, which requires a different approach. At Skkynet, that is exactly what we do. Skkynet’s SkkyHub is a secure end-to-end platform used to connect virtually any industrial or embedded data source, visualize the data, and monitor or control your process or system from afar. Secure by design, there are no Internet attack surfaces, no VPN’s, and yet it allows for bi-directional communications and supervisory control.

Since onboard car systems are so similar to industrial automation systems in this way, the solution for providing secure remote access on industrial systems applies to cars as well.   With today’s technology there is no reason to expose a plant, device, or a connected car to Internet attack. What manufacturers need to do is change the conversation. The plant, device, or car should publish the information, to which authorized individuals or devices should subscribe in order to receive the information. It is a simple change that addresses security: no open firewall ports, no attack surfaces.

Secure Remote Monitoring and Supervisory Control

/by
New technologies such as Software as a Service, the Internet of Things and cloud computing for industrial process temperature bring new challenges, but there are solutions.

Interest in using cloud computing — also known as Software as a Service (SaaS) — to provide remote access to industrial systems continues to rise. Vendors and company personnel alike point to potential productivity improvements and cost savings as well as convenience. Operators and plant engineers may want to receive alarms and adjust heating controls while moving around the plant. Managers would like to see production data in real time — not just in end-of-shift or daily reports. Hardware vendors could benefit from getting live readings from their installed equipment for maintenance and troubleshooting operations.

Some industrial processors are attempting to provide this kind of window into their production systems. Yet, many question the wisdom of opening up a plant’s mission-critical control network to the possibility of malicious attack or even misguided errors. With a proper understanding of what is at stake, what is being proposed and how it can best be implemented, you can better decide whether remote access to your production data could benefit your company.

Security First for Industrial Networks

When talking about remote access to plant data, the first concern is security. Any approach that exposes the control system to unauthorized entry should be off the table. One popular approach is to secure the network against any potential intruders and open it only to trusted parties. Connections into the plant typically originate from smartphones, tablets, laptops or desktop computers. These systems usually are running a human-machine interface (HMI), remote desktop application, database browser or other proprietary connector.

In most cases, the plant engineering staff or IT department can grant client access to the network via a virtual private network (VPN), so authorized users can get the data they need. However, a typical VPN connection provides link-layer integration between network participants. This means that once on a network, an outsider has access to all other systems on the network. Thus, the company must either fully trust each person who comes is granted access to the network, or the company must task the IT manager with securing and protecting the resources within the network.

It would be unwise to risk giving visitors full access to everything that a VPN exposes. Using a VPN this way is a little like having a visitor come into your plant. Suppose a service technician arrives at the gate saying he needs to check a piece of equipment. You could just tell the guard to check his credentials, and if he checks out, give him a hardhat, directions and send him in. That is the limited-security approach. A better way would be to provide a guide to ensure that the technician finds his destination, does his work and leaves with only the information he came to get. It takes more effort and planning, but if you are going to allow someone to enter the premises, such effort is necessary to ensure security.

Better than VPN

An even better approach is to only allow access to the data itself. Consider this: the user of the data — be it vendor, customer or even corporate manager — does not need access to the whole network. Instead, they just need the data. So, rather than allowing a client to log on via a VPN connection while the IT manager works to secure confidential areas of the network from the inside, wouldn’t it be better to provide access to the data outside of the network altogether?

To continue our analogy, this would be like the guard handing the service technician exactly the data he need he arrived at the gate. There is no need to open the gate and no need to let him into the plant. In fact, the service company, vendor or other authorized party could request the data be sent to their own location, so they do not even have to go to the plant in the first place. This approach to remote monitoring is far more secure.

Is such a scenario realistic? Yes, if you use the right technology in the right way. For example, WebSocket is a protocol that supports communication over TCP, similar to HTML. But unlike HTML, once a WebSocket connection is established, client and server can exchange data indefinitely. The protocol also supports SSL encryption, a well-tested security protocol. Thus, WebSocket technology can be used to open and maintain a secure data tunnel over TCP from a plant to a cloud server without opening any ports in any firewalls. Once the tunnel connection is established, data can flow bi-directionally.

Isolating the Industrial Process Data

Such a data-centric approach to remote monitoring and supervisory control has several benefits. One key advantage is that the process can run in complete isolation from the remote client. Low-level control — and, in fact, all systems within the plant — remain completely invisible to the remote clients. The only point of contact for the remote client is the selected data set being streamed from the plant, and that data resides in the cloud.

While nobody seriously imagines making low-level control changes over a cloud connection, a solution based on WebSocket technology could allow both read-only and read/write client connections for those applications where remote changes are deemed acceptable. Authorized personnel then would have the ability to effect change in plant processes for diagnostic or maintenance purposes via a secure connection. This approach would not require any open firewall ports, so the plant remains invisible to the Internet.

Regardless of the intended use of the data, a correctly provisioned WebSocket connection to the cloud provides the process isolation needed to provide access to data without jeopardizing your in-plant systems.

Any Data Protocols

Another advantage to this approach is that it can be protocol-agnostic. Ideally, the system would carry only the raw data over TCP in a simple format: name, value and timestamp for each change in value. The connector would convert the plant protocol, such as OPC or Modbus, to a simple data feed to the cloud. Requiring a minimum of bandwidth and system resources, the data would flow in real time to all registered clients.

Each client, in turn, can convert the data into whatever format is most convenient and appropriate for their application. Options include spreadsheets, databases, web pages or custom programs.

Better yet, this approach to remote monitoring is not necessarily limited to in-plant connections. Custom-developed WebSocket connectors small enough to fit on embedded devices such as temperature sensors or flowmeters could be placed at remote locations any distance from the plant. Then, by wired or cellular connections to the Internet, the devices would connect directly to the cloud via WebSocket tunnels, without going through the traditional SCADA system, if need be. Such high-performance connectivity would support secure, real-time M2M communications and meet essential requirements of the industrial Internet of Things (IoT).

Changes and Challenges

However you look at it, change is on the horizon for industrial process control systems. The current state of the art for networked control systems was made possible by dramatic technical breakthroughs in the 80s and 90s. Many industry experts say that we are now on the verge of similar breakthroughs in remote monitoring and supervisory control. Whether they call it cloud computing, Software as a Service (SaaS), Industry 4.0 or the Industrial Internet of Things (IIoT), most will agree that the biggest challenge right now is security.

New technology provides new capabilities, and it also presents new demands that may challenge our way of thinking. Accessing data from a plant or remote sensor halfway across the world needs a different approach to security than our current models were designed for. Yet, there is no need to remain attached to the status quo if it does not truly meet the needs. These are engineering problems, and there are engineering solutions.

Bob McIlvride is the director of communications with Skkynet Cloud Systems Inc., Mississauga, Ontario, Canada. Skkynet provides secure cloud-service remote monitoring services and can be reached at 888-628-2028 or visit the website at http://skkynet.com.

Click here for original article

Skkynet and BellChild Launch iBRESS Secure Micro Cloud Service

/by

BellChild’s iBRESS real-time remote monitoring service for Japan’s industrial sector uses Skkynet’s secure data communication technology.

Mississauga, Ontario, June 15, 2015 – Skkynet Cloud Systems, Inc. (“Skkynet” or “the Company”) (OTCQB:SKKY), a global leader in real-time cloud information systems, announces jointly with BellChild Ltd. of Osaka, Japan, the launch of the iBRESS™ Secure Cloud Micro Service. A partnership agreement between Skkynet and BellChild allows BellChild to offer real-time connectivity to remote monitoring systems within their proven BEAM™ cloud services environment without programming, as well as provide flexible data connectivity and a variety of data process solutions.

“This new service is the result of months of successful collaboration,” said Paul Thomas, President of Skkynet. “BellChild is deeply committed to providing robust, secure data communications services, and the iBRESS Secure Cloud Micro Service leverages that expertise with Skkynet’s secure data communication platform.”

“The iBRESS Secure Cloud Micro Service combines Skkynet’s real-time data-handling capabilities for industrial systems with our BEAM™ (BellChild Express ASP Maker) platform for financial applications,” said Mr. Yoshikuni Fujita, President of BellChild. “The resulting system is secure, robust and flexible enough to support industrial cloud-based systems.”

The iBRESS Secure Micro Cloud Service can transmit mission-critical sensor data over a public cloud in real time, while conforming with or exceeding the most stringent security requirements in the industry. It can meet the individual needs of a wide range of corporate users, and provide flexible solutions for individuals and groups of clients in the financial or industrial sectors.

iBRESS is the outcome of a joint effort of the ThunderCloud™ Alliance, established in December, 2013 by TOA Musendenki, Nissin Systems, BellChild, NiC, KOBATA Gauge, and Skkynet, with a focus on providing sensor-to-cloud data connectivity in real time. Skkynet will continue to collaborate with BellChild and other ThunderCloud Alliance partners to add new services to iBRESS, as well as other projects.

About BellChild Ltd.

BellChild is a system integration company focusing on secure system development, robust infrastructure development, and advanced operations capabilities. BellChild’s BEAM platform provides highly secure cloud services for the financial sector. The company develops and maintains secure servers used to support high-speed financial transactions, which also can be used to provide a robust and secure platform to support industrial cloud-based systems. http://www.bell-c.co.jp/

About Skkynet Cloud Systems, Inc.:

Skkynet Cloud Systems, Inc. (OTCQB:SKKY) is a global leader in real-time cloud information systems. The Skkynet Connected Systems platform includes the award-winning SkkyHub™ service, DataHub®, WebView™, and embedded toolkit software. The platform enables real-time data connectivity for industrial, embedded, and financial systems, with no programming required. Skkynet’s platform is uniquely positioned for the “Internet of Things” and “Industry 4.0” because unlike the traditional approach for networked systems, SkkyHub is secure-by-design. Customers include Microsoft, Siemens, Metso, ABB, Honeywell, IBM, GE, Statoil, Goodyear, BASF, Cadbury Chocolate, and the Bank of Canada. For more information, see http://skkynet.com.

Safe Harbor:

This news release contains “forward-looking statements” as that term is defined in the United States Securities Act of 1933, as amended and the Securities Exchange Act of 1934, as amended. Statements in this press release that are not purely historical are forward-looking statements, including beliefs, plans, expectations or intentions regarding the future, and results of new business opportunities. Actual results could differ from those projected in any forward-looking statements due to numerous factors, such as the inherent uncertainties associated with new business opportunities and development stage companies. We assume no obligation to update the forward-looking statements. Although we believe that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that they will prove to be accurate. Investors should refer to the risk factors disclosure outlined in our annual report on Form 10-K for the most recent fiscal year, our quarterly reports on Form 10-Q and other periodic reports filed from time-to-time with the Securities and Exchange Commission.

Skkynet Software Now Available on NetComm Wireless 3G Routers

/by

Skkynet’s Embedded Toolkit enables any device connected to a NetComm Wireless NTC-6200 3G M2M router to be linked to SkkyHub™.

Mississauga, Ontario, April 29, 2015 – Skkynet Cloud Systems, Inc. (“Skkynet” or “the Company”) (OTCQB:SKKY), a global leader in real-time cloud information systems, announces that through collaboration with NetComm Wireless, Skkynet’s Embedded Toolkit (ETK) is now available for installation on NetComm’s NTC-6200 series of gateways for wireless M2M connectivity, enabling industrial automation engineers and managers to establish secure, real-time connections between remote devices and existing control systems, using Skkynet’s SkkyHub™ service.

“Combining NetComm’s NTC-6200 platform with Skkynet’s SkkyHub Service means remote devices in virtually any location can now connect directly and securely to the cloud, enabling real-time monitoring, control, networking, and big data collection at a far lower total cost of ownership (TCO) than previously thought possible,” said Paul Thomas, President of Skkynet. “We are pleased to have the opportunity to work with NetComm Wireless to provide their customers and ours with this high-value solution.”

The NTC-6200 series of wireless routers connects to worldwide 3G networks at speeds of up to 14.4Mbps. With no dependence on a landline, they can be deployed in any location to allow remote access, monitoring and control of connected devices. Featuring Ethernet, serial (RS232/422/485), USB 2.0 and Modbus TCP connectivity, the NTC-6200 series can interface with a diverse range of equipment used in a wide variety of vertical applications. Optional features include PoE (Power over Ethernet), Zigbee support, a built-in GPS, and 3 multipurpose I/O ports.

SkkyHub provides secure, end-to-end bidirectional connectivity between the NTC-6200 series routers and end users at all levels, from operators and plant engineers to managers, analysts, and customers. The service is capable of handling over 50,000 data changes per second per client, at speeds just a few milliseconds over Internet latency. Secure by design, it requires no VPN, no open firewall ports, no special programming, and no additional hardware.

The SkkyHub service will be demonstrated at the Control System Integrators Association (CSIA) Annual Executive Conference in Washington DC, April 29 – May 2. The end-to-end solution offered by connecting NTC-6200 routers to SkkyHub addresses in a practical way many of the key questions to be raised in the conference agenda regarding innovation and improvement on the state of the art for industrial automation.

About NetComm Wireless

NetComm Wireless Limited (ASX: NTC) is a leading developer of innovative broadband products sold globally to telecommunications carriers, core network providers and system integrators. For over 32 years NetComm has developed a portfolio of world first data communication products, and is a respected global provider of 3G and 4G wireless devices servicing the major telecommunications carrier, Machine-to-Machine (M2M) and Rural Broadband markets. NetComm’s products are designed to meet the growing needs of today’s diverse home, business and industrial broadband applications and designed to optimise the performance of global network advancements. Headquartered in Sydney, Australia, NetComm has offices in the US, Canada, UK, New Zealand, Middle East and Japan. For more information, see http://www.netcommwireless.com.

About Skkynet Cloud Systems, Inc.:

Skkynet Cloud Systems, Inc. (OTCQB:SKKY) is a global leader in real-time cloud information systems. The Skkynet Connected Systems platform includes the award-winning SkkyHub™ service, DataHub®, WebView™, and embedded toolkit software. The platform enables real-time data connectivity for industrial, embedded, and financial systems, with no programming required. Skkynet’s platform is uniquely positioned for the “Internet of Things” and “Industry 4.0” because unlike the traditional approach for networked systems, SkkyHub is secure-by-design. Customers include Microsoft, Siemens, Metso, ABB, Honeywell, IBM, GE, Statoil, Goodyear, BASF, Cadbury Chocolate, and the Bank of Canada. For more information, see http://skkynet.com.

Safe Harbor:

This news release contains “forward-looking statements” as that term is defined in the United States Securities Act of 1933, as amended and the Securities Exchange Act of 1934, as amended. Statements in this press release that are not purely historical are forward-looking statements, including beliefs, plans, expectations or intentions regarding the future, and results of new business opportunities. Actual results could differ from those projected in any forward-looking statements due to numerous factors, such as the inherent uncertainties associated with new business opportunities and development stage companies. We assume no obligation to update the forward-looking statements. Although we believe that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that they will prove to be accurate. Investors should refer to the risk factors disclosure outlined in our annual report on Form 10-K for the most recent fiscal year, our quarterly reports on Form 10-Q and other periodic reports filed from time-to-time with the Securities and Exchange Commission.

Skkynet to Exhibit Cloud Solutions in Upcoming Executive Conferences

/by

Key decision-makers in manufacturing and control system integration will see SkkyHub™ in action.

Mississauga, Ontario, April 13, 2015 – Skkynet Cloud Systems, Inc. (“Skkynet” or “the Company”) (OTCQB:SKKY), a global leader in real-time cloud information systems, will present and demonstrate its SkkyHub™ service at the North American Manufacturing Excellence Summit on April 13-14 in Chicago, and at the Control System Integrators Association 2015 Executive Conference on April 29-May 2 in Washington D.C.

“These two conferences attract a broad cross-section of the key decision-makers in manufacturing and industrial automation,” said Paul Thomas, President of Skkynet. “Top executives from well-known manufacturers and leading system integration firms, as well as plant managers, supply chain leaders and OPEX executives will have an opportunity to see close up how Skkynet’s SkkyHub performs, and try it out for themselves.”

High on the agenda of both conferences is innovation and improvement on the state of the art for industrial automation. Keynotes and workshop subjects range from “Strategic Manufacturing” and “Lean & OPEX” to “The Future of Automation: Meeting the World’s Greatest Challenges.” Skkynet’s contribution to this conversation is to demonstrate a secure, robust, end-to-end solution for connecting plant systems to the cloud and interacting with them in real time, with no programming necessary. Support for both in-plant and field device connections allows plant engineers and system integrators to bridge the gap between industrial control systems and the Internet of Things (IoT).

Skkynet’s SkkyHub service allows industrial and embedded systems to securely network live data in real time from any location. Secure by design, it requires no VPN, no open firewall ports, no special programming, and no additional hardware. It enables bidirectional supervisory control, integration, and sharing of data with multiple users, and real-time access to selected data sets in a web browser. The service is capable of handling over 50,000 data changes per second per client, at speeds just a few milliseconds over Internet latency.

About Skkynet Cloud Systems, Inc.:

Skkynet Cloud Systems, Inc. (OTCQB:SKKY) is a global leader in real-time cloud information systems. The Skkynet Connected Systems platform includes the award-winning SkkyHub™ service, DataHub®, WebView™, and embedded toolkit software. The platform enables real-time data connectivity for industrial, embedded, and financial systems, with no programming required. Skkynet’s platform is uniquely positioned for the “Internet of Things” and “Industry 4.0” because unlike the traditional approach for networked systems, SkkyHub is secure-by-design. Customers include Microsoft, Siemens, Metso, ABB, Honeywell, IBM, GE, Statoil, Goodyear, BASF, Cadbury Chocolate, and the Bank of Canada. For more information, see http://skkynet.com.

Safe Harbor:

This news release contains “forward-looking statements” as that term is defined in the United States Securities Act of 1933, as amended and the Securities Exchange Act of 1934, as amended. Statements in this press release that are not purely historical are forward-looking statements, including beliefs, plans, expectations or intentions regarding the future, and results of new business opportunities. Actual results could differ from those projected in any forward-looking statements due to numerous factors, such as the inherent uncertainties associated with new business opportunities and development stage companies. We assume no obligation to update the forward-looking statements. Although we believe that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that they will prove to be accurate. Investors should refer to the risk factors disclosure outlined in our annual report on Form 10-K for the most recent fiscal year, our quarterly reports on Form 10-Q and other periodic reports filed from time-to-time with the Securities and Exchange Commission.

Skkynet’s SkkyHub Now Supports Modbus

/by

Data from devices using the Modbus protocol can now be made available in spreadsheets, databases, web browsers, or the Internet of Things (IoT).

Mississauga, Ontario, February 23, 2015 – Skkynet Cloud Systems, Inc. (“Skkynet” or “the Company”) (OTCQB:SKKY), a global leader in real-time cloud information systems, is pleased to announce that its SkkyHub™ service now supports Modbus, the world’s most widely used industrial network protocol. Data from any Modbus TCP slave device can now be viewed in a web browser, sent to big data analytics, logged to a database, fed to a spreadsheet, or connected to virtually any location on the IoT through SkkyHub.

“This is a significant advance in security and efficiency for the Industrial Internet of Things,” said Paul Thomas, President of Skkynet. “Management, engineering staff, and analytical teams can now conveniently access data from virtually any Modbus device, whether tucked away on the shop floor or installed somewhere out in the field.”

Data from Modbus devices is typically accessed by plant operators and engineers in conjunction with costly, complex, industrial SCADA systems. Adding the Modbus protocol to SkkyHub now offers a secure, efficient, and low-cost option for any authorized user to monitor and interact with Modbus-enabled equipment using off-the-shelf software like a web browser, database, or spreadsheet. This approach is particularly well-suited to mobile networks because it supports bandwidth-constrained networks, instantly propagating values as they change, with no polling overhead.

“Most people don’t believe SkkyHub is even possible at any price point.” says Thomas, “That is, until they spend 10 minutes trying our service.”

Security for each Modbus device is ensured through Skkynet’s unique outbound-only system architecture, which keeps all firewalls closed and does not expose any device or plant to the Internet. All connected devices are isolated from each other, such that even if someone gains unauthorized physical access to a connected device, they cannot detect any other device on the system.

Skkynet’s SkkyHub allows industrial and embedded systems to securely network live data in real time from any location. Secure by design, it requires no VPN, no open firewall ports, no special programming, and no additional hardware. It enables bidirectional supervisory control, integration, and sharing of data with multiple users, and real-time access to selected data sets in a web browser. The service is capable of handling over 50,000 data changes per second per client, at speeds just a few milliseconds over Internet latency.

About Skkynet Cloud Systems, Inc.:

Skkynet Cloud Systems, Inc. (OTCQB:SKKY) is a global leader in real-time cloud information systems. The Skkynet Connected Systems platform includes the award-winning SkkyHub™ service, DataHub®, WebView™, and embedded toolkit software. The platform enables real-time data connectivity for industrial, embedded, and financial systems, with no programming required. Skkynet’s platform is uniquely positioned for the “Internet of Things” and “Industry 4.0” because unlike the traditional approach for networked systems, SkkyHub is secure-by-design. Customers include Microsoft, Siemens, Metso, ABB, Honeywell, IBM, GE, Statoil, Goodyear, BASF, Cadbury Chocolate, and the Bank of Canada. For more information, see http://skkynet.com.

Safe Harbor:

This news release contains “forward-looking statements” as that term is defined in the United States Securities Act of 1933, as amended and the Securities Exchange Act of 1934, as amended. Statements in this press release that are not purely historical are forward-looking statements, including beliefs, plans, expectations or intentions regarding the future, and results of new business opportunities. Actual results could differ from those projected in any forward-looking statements due to numerous factors, such as the inherent uncertainties associated with new business opportunities and development stage companies. We assume no obligation to update the forward-looking statements. Although we believe that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that they will prove to be accurate. Investors should refer to the risk factors disclosure outlined in our annual report on Form 10-K for the most recent fiscal year, our quarterly reports on Form 10-Q and other periodic reports filed from time-to-time with the Securities and Exchange Commission.