SCADA security basics

344 Comments

1. April 13, 2015 at 7:54 am

   Tomi Engdahl says:

   Hacking oil and gas control systems: Understanding the cyber risk
   http://www.controleng.com/single-article/hacking-oil-and-gas-control-systems-understanding-the-cyber-risk/3512b2934c407b6d5923f5a518798453.html

   Cyber attacks are growing in number and intensity over the past decade. Companies in the oil and gas industry are high-profile targets and must take measures to protect themselves from hackers.

   Understanding the risks

   Successful hacks against financial institutions and various commercial entities have been well documented in the press for some time, and, as such, most people are well aware of them. Consequently, even the most technically savvy of us who use the Internet for banking and shopping do so with at least a little trepidation.

   Conversely, most of us are only vaguely aware of hacking activity against control systems—those systems that control almost every process in manufacturing and operations today. Control systems such as these are used in the oil and gas industry to monitor and control processes associated with the processing, storage, and movement of oil and gas products. It may surprise you to learn that attacks against control systems have been plentiful in recent years—sometimes with devastating consequences. A recent report released by the German Government: Federal Office of Information Security stated that, “A German steel factory suffered massive damage after hackers managed to access production networks, allowing them to tamper with the controls of a blast furnace, the government said in its annual IT security report.”

   Magnetrol

   The fact that hackers were able to successfully gain control of a blast furnace in a manufacturing plant may surprise some of you. I have spoken to quite a few people in the industry over the years who have explained to me that cyber security in control system environments is simply an enormous waste of time and resources. Furthermore, I am often told that cyber security is potentially damaging to control systems because it can negatively affect operational reliability.

   This type of thinking rests largely on the fundamentally flawed belief that cyber security is unnecessary in a particular control system environment because the system is “standalone. In other words, the system has no outside connectivity and therefore is not susceptible to outside attack. This mode of thinking is flawed for two reasons:

   1. Most control systems are connected in some way to the Internet-often indirectly through a business network.
   2. Even those systems that truly have no outside network connectivity are susceptible to compromise. Stuxnet is an excellent example.

   Russian security software vendor Kaspersky Lab published an in depth report that claims that Energetic Bear attacks have successfully compromised more than 2,800 victims
   Symantec went on to say that Energetic Bear attacks against control systems were successful to the extent that they, “…could have caused damage or disruption to energy supplies in affected countries” and that targets included “energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial control system equipment manufacturers.”

   Evidence indicates that Energetic Bear attacks were conducted using commonly known and easily executable attack methods against system vulnerabilities that were common knowledge. In many cases, the attackers used variants of the Havex Trojan—a well-known piece of malicious software. Metasploit—a free tool that requires almost no programming skill to operate was in frequent use as well.

   Malicious code associated with the Energetic Bear attack campaign was distributed using several primary methodologies including spear-phishing and waterholing attacks as well as compromised SCADA software updates.

   Reply
2. April 13, 2015 at 7:56 am

   Tomi Engdahl says:

   Cyber security lab offers real-time off process modeling for facilities
   http://www.controleng.com/single-article/cyber-security-lab-offers-real-time-off-process-modeling-for-facilities/d48d422b72a0d7c4622f2e0a3dc2d291.html

   Honeywell Process Solutions (HPS) opened its Industrial Cyber Security Lab to advance its development and testing of technologies and software to defend industrial facilities and operations, such as refineries and manufacturing plants, against cyber attacks.

   Knapp said that cyber security attacks boil down to only two types: insider-accidental and outsider-intentional attacks. An insider breach is generally an accident caused by one of the employees working at a facility. It can be as simple as clicking on a phishing link in an email or uploading a file from a corrupted flash drive or portable media device.

   In many cases, plants and other facilities are running legacy software such as Microsoft Windows XP, which is no longer supported by Microsoft and therefore does not receive software updates or security patches. The lab is designed to protect against these attacks by assuming a role of active defense, looking for suspicious activity on the network and putting a stop to it immediately.

   The cyber security lab offers full protection, system integration, cyber security, and management of said solutions.

   As cyber security is still a new and constantly evolving threat

   However, depending on the company or industry, the biggest threat often comes from the inside, from accidents and unaware employees.

   Reply
3. April 13, 2015 at 10:52 am

   Tomi Engdahl says:

   Artificial intelligence for control engineering
   http://www.controleng.com/single-article/artificial-intelligence-for-control-engineering/11461d91396166b8858768018c90f6f0.html

   Robotics, cars, and wheelchairs are among artificial intelligence beneficiaries, making control loops smarter, adaptive, and able to change behavior, hopefully for the better. University of Portsmouth researchers in the U.K. discuss how AI can help control engineering, in summary here. Below, see 7 AI-boosting breakthroughs, and online, see more examples, trends, explanations, and references in a 15-page article. Link to a 2013 article explaining how “Artificial intelligence tools can aid sensor systems.”

   Reply
4. April 17, 2015 at 2:28 pm

   Tomi Engdahl says:

   Protecting Industrial Automation Systems from Todays’ Cyber Threats
   https://www.automation.com/protecting-industrial-automation-systems-from-todays-cyber-threats

   Cyber-attacks on Industrial Automation Systems are not new. Hackers have been probing, and in many cases, penetrating these systems for many years. Many of these attacks against industrial automation systems were similar, or even the same as, the attacks used against corporate IT systems.

   Some of the capabilities that distinguish these threats from many previous threats include:

   Cyber tools that systematically penetrate and map air-gapped systems; and then report data to a remote command and control system
   Malware operating at the firmware level that enabled discovery of encryption keys, cracking of encryption algorithms, and that remains hidden in place even through a complete operating system reinstall
   Malware that replaced hard-drive firmware to create a secret storage area on a hard disk that could even survive drive reformatting

   The researchers also reported that some of this malware was first introduced as early as 2001 and has gone undetected until now.

   These findings raise some troubling questions for Industrial Automation engineers and security professionals. Chief among them is; are we doing enough to protect our systems?

   Cybersecurity investment: a neglected requirement

   Most companies are aware of the need for cybersecurity. Media coverage of cybersecurity incidents is front page news. In 2013, President Barack Obama issued an executive order mandating greater levels of cybersecurity within critical infrastructure and he recently held a cybersecurity summit in Silicon Valley to push for greater awareness and investment in cybersecurity. Many industries are developing security standards for specific vertical markets.

   Despite the growing awareness and government initiatives, investment in cybersecurity is still lagging.

   All too often, companies are looking at cybersecurity and asking “What is the ROI for investing in security”. That is simply the wrong question to ask. Given the threat, cybersecurity should be considered a critical requirement, just as safety has been. The critical infrastructure, manufacturing, automotive and other industries have invested billions into safety and need to spend that much, or more, on fighting against cyber-attacks.

   Building security into the device

   IIoT (Industrial Internet of Things) and Industrial Automation networks are made up of a wide range of device types- from small to large, from simple to complex – from simple sensors to sophisticated systems. These devices are very different from standard PCs or other consumer devices. Many are fixed function devices that have been designed specifically to perform a specialized task and use a Real Time operating system such as VxWorks, Nucleus, INTEGRITY or MQX, or a stripped down version of Linux.

   Historically, these devices have been built without robust security capabilities. Installing new security software on a legacy system in the field either requires a specialized upgrade process or in many cases, is simply not supported. Often, these devices are optimized to minimize memory usage and processing cycles, and simply do not have the resources available to support traditional security mechanisms.

   As a result, PC security solutions that can protect an IT network or computer system won’t protect the embedded devices found inside of many factory and automation systems. In fact, given the specialized nature of embedded systems, PC security solutions won’t even run on most embedded devices. A new approach is required.

   Security must be built into the device itself. Building protection into the device itself provides a critical security layer – the devices are no longer dependent upon the corporate firewall as their sole layer of security. In addition, the security can be customized to the needs of the device.

   Security Framework for Industrial Automation

   Building security into an embedded device is a complex process and it is critical to get it right. Developers whose products get hacked might never get a chance for a do-over.

   Securing legacy devices – the “bump-in-the-wire” solution

   In addition to considering security for new devices, there is also a need for security for the large installed base of legacy control devices and systems that were manufactured with inadequate security. Upgrading these devices to improve security requires the device manufacturer to develop a newer software or firmware version with improved security.

   Unfortunately, the upgrade process may be difficult, expensive or impossible. Some devices cannot be upgraded without being returned to the factory to be updated. In some cases the manufacturer may no longer support the device, or may even be out of business. Replacing these devices is often simply too expensive to be an option and newer devices may not yet be available with improved security.

   For legacy equipment and systems that cannot be easily or affordably replaced or upgraded, a “bump-in-the-wire” appliance solution can provide the required security. This type of solution can protect legacy devices that are otherwise unprotected.

   Summary

   Security can no longer be thought of as a “nice to have.” Investment in security cannot be viewed through the lens of ROI or competitive advantage.

   Reply
5. April 29, 2015 at 1:07 pm

   Tomi Engdahl says:

   Darktrace Launches SCADA Threat Detection Solution
   http://www.securityweek.com/darktrace-launches-scada-threat-detection-solution

   UK-based Darktrace, a cyber security startup that leverages machine learning and mathematics to detect threats, has launched a new solution designed to detect threats within Industrial Control Systems (ICS).

   Unveiled just weeks after announcing that it had raised $18 million in funding, the company said that its “Industrial Immune System” leverages Darktrace’s machine learning and mathematics in both operational technology (OT) and corporate environments to detect advanced cyber attacks and “subtle” insider threats targeting Industrial Control Systems, including SCADA (supervisory control and data acquisition) devices.

   Powered by technology developed at the University of Cambridge, and available as part of Darktrace’s flagship Enterprise Immune System, the company explains that its Industrial Immune System module works by analyzing the data flows within OT environments and creating a unique understanding of ‘self’ for every operator, workstation and automated system within a production network.

   “Like the human immune system, this technology has the core capability of learning what ‘normal behavior’ looks like, and constantly refines this understanding – meaning that it can detect subtle threats that have infiltrated the ICS.”

   “Nothing is fool-proof in the modern-day challenge of cyber security, especially when it comes to protecting complex SCADA systems,”

   Reply
6. April 29, 2015 at 3:05 pm

   Tomi Engdahl says:

   http://www.wurldtech.com/

   Whether you operate an oil refinery, a smart grid network, a municipal water system, or any other complex industrial control system, Wurldtech protects you from the threat of cyber attack. System operators and integrators benefit from Wurldtech’s products and services as we protect critical infrastructure ranging from SCADA / DCS control systems to smart meters.

   Reply
7. April 29, 2015 at 3:09 pm

   Tomi Engdahl says:

   http://www.iconlabs.com/

   Reply
8. April 30, 2015 at 2:34 pm

   Tomi Engdahl says:

   Enabling efficiency in continuous control
   http://www.controleng.com/single-article/enabling-efficiency-in-continuous-control/a63dce96940302286d2daa59a4ea62fe.html

   What state are your control systems in? The ISA 106 standard for continuous processes may help if these sound familiar:

   1. Start-up, run, and shutdown are repeatable and optimized.
   2. Abnormal situation management uses additional control strategies.
   3. Intelligent alarming is used based on mode of operation.
   4. Equipment, devices, and controllers are automatically enabled based on mode of operation.
   5. Redundant equipment (such as pumps) are automatically swapped.
   6. Operators run a process unit instead of individual devices.
   7. Start-up and shutdown (which may be infrequent) includes automatic sequencing of the plant (unit to unit).

   Oriental Motor

   ISA-TR106.00.01-2013—Procedure Automation for Continuous Process Operations—Models and Terminology, approved in August 2013, looks at what is state-based control and at loop-based control versus state-based control, and related topics.

   With most loop-based systems, the operator identifies the state, executes commands, and waits for next state. In contrast, a state-based control (SBC) system identifies the state of the process and executes commands. The operator is permitted predefined transitions, and the SBC defines next state.

   State-based control benefits

   Benefits include a more holistic view and efficient use of existing control assets. A typical loop-control framework requires two or three times the attention from the operator compared to a state-based architecture, Nazer suggested.

   Reply
9. April 30, 2015 at 2:35 pm

   Tomi Engdahl says:

   Proactive obsolescence management: Plan now or pay later
   http://www.controleng.com/single-article/proactive-obsolescence-management-plan-now-or-pay-later/0f71da13c24f37484413433f0960b7c9.html

   Skyrocketing costs of today’s industrial equipment coupled with the accelerated pace of technological change are creating expectations from customers that products will be supported far beyond the typical component lifecycle. Component obsolescence is inevitable and cannot be avoided.

   The impact on today’s capital equipment manufacturers is dramatically different than it was three to five years ago. Rapid advances in technology, along with requirements for interoperability and connectivity, are driving a greater degree of cost and complexity into the development and support of industrial equipment. Due to the “systems” nature of industrial equipment, replacing one part is no longer an option. The entire system must be considered and evaluated to determine a cost-effective approach for supporting and sustaining products over their lifecycle.

   Addressing obsolescence is too often done in a reactive or catch-up mode, rather than as a planned process. Of course, obsolescence is expected with custom electronics.

   For many companies in this industry, the natural reaction is to pull a few engineers from new development initiatives and assign them to obsolescence projects. However, is this the best use of the time and talents of these highly skilled resources? Probably not.

   Reply
10. April 30, 2015 at 2:36 pm

    Tomi Engdahl says:

    ‘The age of the control engineer is just dawning’
    http://www.controleng.com/single-article/the-age-of-the-control-engineer-is-just-dawning/0c36dd8d2bbbe536db7665665549658e.html

    Dr. Peter Martin of Schneider Electric talked about opportunities to apply control engineering skills beyond efficiency at the Schneider Electric Global Automation Conference.

    Martin said the control engineer is all about managing change, a subject fundamental to the use and technology around the Industrial Internet of Things (IIoT). “If something doesn’t change, you don’t have to control it. If it changes frequently, you have to control it,” Martin noted. “It’s a matter of applying real-time control theory to areas other than efficiency.” Among the areas Martin cited were:

    Reliability. “You can convert maintenance from a management problem to a control problem, and we’re really good at solving that problem,” Martin said.

    Profitability. “This is not a matter of going into the business systems,” Martin said. “It’s understanding what is in real-time control and what what needs to be done transactionally. The challenge is to think of our front line people not as a labor force, but to think of them as performance managers. Why don’t we allow them to make them decisions with the right information? What these people can do with the right information is astounding.”

    Security, safety and the environment. Martin said these all are issues that need to be considered as real-time control issues. “The problems we face are control problems. We are control engineers,” Martin told the audience. “Let’s apply your trade where company needs it to be applied. Let’s apply your trade where the world needs to be applied.”

    Reply
11. May 6, 2015 at 1:55 pm

    Tomi Engdahl says:

    UK rail comms are safer than mobes – for now – say infosec bods
    Industry told to harden systems to prevent future train smash carnage
    http://www.theregister.co.uk/2015/04/30/uk_rail_comms_safety_analysis/

    Analysis Last week’s warning that Britain’s railway systems could be susceptible to hacking has triggered a debate among security experts.

    Prof David Stupples of City University London made headlines last week with a warning that plans to replace the existing (aging) signalling system with the new European Rail Traffic Management System (ERTMS) could open up the network to potential attacks, particularly from disgruntled employees or other rogue insiders. “Major disruption” or even a “nasty accident” could ensue if miscreants were able to plant malware on the system, the computer scientist warned.

    The Station Agent

    ERTMS is made up of on-board train, trackside and GSM mobile telephony equipment. The system is intended to replace legacy trackside signalling and voice systems with a modern in-cab signalling and voice communications system, based on a European standard.

    The technology is designed to help lay the tracks towards faster, safer trains and more efficient use of the existing rail network. Similar technology is being adopted around the world and not just in Europe. UK testing has already begun ahead of a roll-out expected to take place over five years into the 2020s.

    Chris Day, ICS security researcher at security consultancy MWR Infosecurity, commented: “ERTMS has been rightly recognised by the UK government and railway operators as critical infrastructure that is potentially susceptible to computer attack and there are ongoing investigations and remedial actions to mitigate identified risks against ERTMS. The fact this process is already in progress prior to the system being deployed in the UK is an important, proactive step forward in Industrial Control System (ICS) security management.”

    “This will benefit both rail users and operators, as security issues are cheaper and more likely to be fixed if they are discovered prior to a systems deployment,” he added.

    “Exploiting ICS will require a different approach and toolset to successfully execute attacks,” Day explained. “Just as security researchers and black hat hackers retooled to attack mobile devices in the early 2000′s, there will need to be a similar retooling period before we see a dramatic increase in ICS exploitation.”

    “Unlike the mobile sector, there is currently a lack [the sort of] commonality between different ICS vendors which would facilitate widespread ICS exploitation. However, this appears to be changing, as ICS vendors are also slowly converging on delivering products using the ARM architecture and Commercial Off The Shelf (COTS) software to reduce the development costs of ICS equipment and remain competitive. The use of COTS technologies without appropriate security hardening remains a high-risk security weakness for ICS,” Day concluded.

    Countries need to address the problem of cyber-criminal activity, not only on transport systems, but on critical infrastructure as a whole, according to Kaspersky Lab.

    Attacks against industry control and traffic management systems are becoming more than the staple of Hollywood hacker movies, according to Emm, who said isolated incidents of real attacks are already occurring.

    “We’re already seeing examples of cyber-criminals exploiting new technology. For example, in Moscow, speed cameras and traffic monitoring systems were infected with an unidentified Trojan which stopped authorities catching traffic offenders. A seemingly minor attack, which had huge effects on function and revenue collection.

    Security should be built into systems from the onset rather than added as an afterthought, according to Emm.

    “We should view the recent warning as a wake-up call, not only for the transport industry, but for critical infrastructure as a whole.”

    Reply
12. May 8, 2015 at 10:14 am

    Tomi Engdahl says:

    Cyber security lab offers real-time off process modeling for facilities
    http://www.controleng.com/single-article/cyber-security-lab-offers-real-time-off-process-modeling-for-facilities/1ec4b79dc4f95c98b6bbb44589dcfff5.html

    Honeywell Process Solutions (HPS) opened its Industrial Cyber Security Lab to advance its development and testing of technologies and software to defend industrial facilities and operations, such as refineries and manufacturing plants, against cyber attacks.

    Reply
13. May 8, 2015 at 10:15 am

    Tomi Engdahl says:

    Advance network security, support system monitoring
    http://www.controleng.com/single-article/advance-network-security-support-system-monitoring/d3aac1b93404c2a5995503167fb43c41.html

    Cyber security: Applications can improve power reliability and reduce energy costs by advancing network security and supporting system monitoring. Allowing network access raises cyber security concerns. Five defense-in-depth measures can help.

    “Defense in depth” is a strategy to establish variable barriers across multiple levels in the organization to secure the ICS. These barriers include electronic countermeasures such as:

    1. Establish firewalls to add stringent and multifaceted rules for communication between various network segments and zones in the ICS network.
    2 . Create demilitarized zones from the established firewall by grouping critical components and isolating them from the traditional business IT network.
    3. Deploy intrusion detection and prevention systems that focus on identifying possible incidents in an ICS network.
    4. Establish well-documented and continuously reviewed policies, procedures, standards, and guidelines regarding IC network security.
    5. Implement continuous assessment and security training to ensure the security of the ICS and the safety of the people who depend on it.

    Reply
14. May 8, 2015 at 10:19 am

    Tomi Engdahl says:

    Security in automation: Smartphone might be the greatest threat
    http://www.controleng.com/single-article/security-in-automation-smartphone-might-be-the-greatest-threat/a2832ec148cdfc6c98b64785b396592e.html

    Smartphones have made access to information easy and thus increase security risk for critical information. It requires constant and holistic attention to understand the patterns of attacks and raise awareness with organizations.

    Attack precedents and patterns

    A certain pattern can be identified from both of these attacks, which are quite similar in execution. For example, in case of the Dragonfly, Symantec outlines three phases of the attack:

    1. “The first phase of Dragonfly’s attacks consisted of the group sending malware in phishing emails to personnel in target firms.
    2. In the second phase, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in the energy sector in order to redirect them to websites hosting an exploit kit. The exploit kit in turn delivered malware to the victim’s computer.
    3. The third phase of the campaign was the Trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers.”

    Guy walks into his workplace—with a smartphone!

    The diagram outlines one of the many attack scenarios where a smartphone infected by a dedicated hacker can cause damage to the enterprise systems. Courtesy: Intech Process AutomationAnd amidst this chaos, imagine an oil and gas (or for that matter, any industrial) employee walking into his work place with a smartphone in his hand!

    One can’t deny the utility of these marvels of technology. Smartphones have become prolific in industrial enterprises, and with the constant flow of data, staying up to date with critical information has become significant. With the advent of emerging mega-trends in the industry like industrial Internet, digital oilfield, and Internet of Things (IoT), more and more data is being generated and floated by instruments rather than people. Solutions providers have now begun to furnish customized mobile applications that give instant access to energy, production, and related critical information and analytics where real-time and historical data, KPIs, alarms, trends, scorecards, and GEO SCADA visualization is made available on almost all platforms.

    So in essence, smartphones are no different from the personal computer, and that magnifies the threat in comparison to a PC. All the work-related tasks that you can perform on a PC can be performed easily on a smartphone. There is no difference between the two for the user. And there is no difference between the two for the attacker. The higher frequency of accessing and sending information from a smartphone (as compared to a PC), and the disregard for security measures on the smartphone from the user as well as the enterprise, makes the smartphone an ideal target for the attackers to infiltrate your enterprise and threaten your systems.

    o ensure better security, adopt a strategy composed of the following key elements:

    1. The right policies: Ask yourself whether your organization has the right policy (or a policy at all) that provides guidelines to employees about smartphone usage. Are your employees aware of the threat to their smartphones and, consequently, to your enterprise’s systems?
    2. The right plans: What is your strategy to implement the policy and ensure that the implementation is consistent throughout? Is your smartphone security plan designed to protect and support the technologies of today and the future?
    3. The right products: Do you have the right products to implement your smartphone security plan? Can they provide the desired level of security, performance, and quality of service that you desire?
    4. The right processes: How will you manage your smartphone security infrastructure and ensure constant monitoring, testing, and adaptation?
    5. The right people: Do you have the right people who have the skill set that forms a strategic fit between your policies and plans and your products and processes?

    Smartphone security remains a tricky issue for organizations. Attackers can only be battled by instigating an organization-wide cultural drive that promotes smartphone security consciousness, responsibility, and responsiveness. It requires constant and holistic attention because hackers are relentlessly following where the money and information are.

    Reply
15. May 8, 2015 at 10:21 am

    Tomi Engdahl says:

    Validation among insecurities
    http://www.controleng.com/single-article/validation-among-insecurities/9b60eb2efad86aeb80a125d5092771f0.html

    Network security: Implement a secure patch management approach for industrial controls. Today’s industrial control system (ICS) threats can target outdated systems or careless errors on the network. Securing connected machines in the industrial sector has complexities that differ from protecting a business datacenter.

    Cyber security risk: Operations, reputation
    Patching ICS vulnerabilities
    Do-it-yourself patch management
    Validated patch management
    Failed patch strategies
    Securing connected machines

    Key concepts

    Industrial control systems (ICS) need a different approach to patch management than IT systems.
    Cyber security risk assessment should include cost of operational downtime and to reputation.
    A validated patch management system while managing outdated hardware and software can be part of a proactive lifecycle management plan to avoid costly forced downtime.

    Reply
16. May 8, 2015 at 10:25 am

    Tomi Engdahl says:

    Wireless security: Port-based security, EAP, AKM
    http://www.controleng.com/single-article/wireless-security-port-based-security-eap-akm/edad8ac45ba2c02d5cb9303f534ca08e.html

    Tutorial on cyber security for wireless networks: Authentication and key management (AKM) is the term used to describe the process of IEEE 802.1X/EAP authentication and subsequent encryption key generation and is a major component of extensible authentication protocols (EAP) and IEEE 802.1X. Each time a client associates or re-associates, the entire AKM process must occur, which results in an extremely secure and robust wireless network. Learn the 4-way authentication handshake.

    Reply
17. June 25, 2015 at 10:59 am

    Tomi Engdahl says:

    Rugged, Factory-friendly Panel PCs Clear a Path for Industry 4.0
    http://rtcmagazine.com/articles/view/110544

    Intuitive interfaces advance data capture and access from field to factory floor in often hostile environments. The touch screen Panel PCs that enable these functions must meet demanding standards to remain functional.

    The industrial landscape and its production systems are in transformation, becoming smarter, more flexible and connected as part of the Internet of Things (IoT). More than just Internet-enabled, intelligent industrial systems are sharing data in real-time and moving the world closer to Industry 4.0, a concept coined by a Germany-based group of experts in science and industry. Industry 4.0 represents the next industrial revolution, preceded by three disruptive leaps in industrial processing; first came steam power and mechanization through machine tools, next electricity fueled new techniques in mass production, and most recently advances in electronics and IT have accelerated the industry by enabling automation.

    Reply
18. July 3, 2015 at 12:15 pm

    Tomi Engdahl says:

    Security 4.0
    -
    Security by Separation
    Making Industrial Control Systems More Secure
    http://files.iccmedia.com/events/iotcon15/pdf/leopold/12h15_sysgo.pdf

    Reply
19. July 8, 2015 at 8:48 am

    Tomi Engdahl says:

    This is why control system security is important. This case it does not seem to be caused by cyber-attack, but anyways a warning what can happen:

    Who’s Murdering Thousands of Chickens in South Carolina?
    http://www.bloomberg.com/news/features/2015-06-02/who-s-murdering-thousands-of-chickens-in-south-carolina-

    Somebody turned the fans off on 300,000 chickens to suffocate them—somebody who knows exactly how the industry works

    Nguyen’s farm wasn’t the only one hit that night. Three others also had their control systems sabotaged, killing the birds inside. Over the next week about 320,000 chickens died in attacks on farms throughout Clarendon County, in what appears to be the largest crime against industrial poultry farms in U.S. history. All the birds were owned by Pilgrim’s, which pays Nguyen and other farmers to raise the animals.

    attacker used different methods

    Whoever disabled the alarms understood the farmers’ different systems, so no one was notified.

    On the night of Feb. 20, two more farms were attacked. On one, the attacker tampered with controls at four chicken houses

    Reply
20. July 24, 2015 at 7:17 am

    Tomi Engdahl says:

    This Little Amiga Still Runs School District’s HVAC
    http://hackaday.com/2015/07/23/this-little-amiga-still-runs-school-districts-hvac/

    It’s the rare tech worker that manages a decade in any one job these days – employee loyalty is just so 1980s. But when you started your career in that fabled age, some of the cultural values might have rubbed off on you. Apparently that’s the case for an Amiga 2000 that’s been on the job since the late ’80s, keeping the heat and AC running at Grand Rapids Public Schools (YouTube video link.)

    The local news story is predictably short on details and pushes the editorial edge into breathless indignation that taxpayer dollars have somehow been misspent. We just don’t see it that way. “If it ain’t broke, don’t fix it,” is somewhat anathema to the hacker ethos. After all, there’s no better time to “fix” something than when it’s working properly and you can tell if you’ve done something wrong. But keeping an important system running with duct tape and wire ties is also part of the hacker way

    1980s computer controls GRPS heat and AC
    https://www.youtube.com/watch?v=oLERL4_SveI

    Reply
21. September 4, 2015 at 5:58 am

    Tomi Engdahl says:

    High to severe control system threat levels
    http://www.controleng.com/single-article/high-to-severe-control-system-threat-levels/75eb37f86fa052b904ae837dd4ba4ecd.html

    One in four respondents to the Control Engineering 2015 Cyber Security Study identified a high cyber security threat to their control system. Four additional findings from the study related to threats to control systems are below.

    Vulnerable system components: The most vulnerable system components within respondents’ companies are computer assets (55%), connections to other internal systems (50%), network devices (49%), and wireless communication devices and protocols used in the automation system (46%).

    Vulnerability assessments: Thirty-seven percent of respondents reported that their companies have performed some type of vulnerability assessment within the past 3 months. The average facility has checked their vulnerabilities within the past 5 months.

    Cyber-related incidents: Fifty-three percent of respondents have experienced at least one malicious cyber attack on their control system networks and/or cyber assets—that they were aware of-within the past 24 months, with 24% being aware of five or more attacks. Thirty-two percent of these incidents were accidental infections, 14% were targeted in nature, and 50% were both accidental and targeted.

    Identifying cyber incidents: Seven in 10 respondents said that they were alerted about recent cyber incidents by members of their internal organization, while 24% were disclosed by a third-party assessment, and 6% were notified by the government or other outside party.

    Reply
22. September 10, 2015 at 8:24 am

    Tomi Engdahl says:

    Multi-Protocol Industrial Ethernet Detection w/PRU-ICSS for Industrial Automation Reference Design
    http://www.ti.com/tool/TIDEP0032?CMP=AFC-conv_eeWebRefDes

    Industrial Ethernet for Industrial Automation exist in more than 30 industrial standards. Some of the well-established real-time Ethernet protocols, like EtherCAT, EtherNet/IP, PROFINET, Sercos III and PowerLink require dedicated MAC hardware support in terms of FPGA or ASICs. The Programmable Real-time Unit inside the Industrial Communication Subsystem (PRU-ICSS), which exists as HW block inside the Sitara processors family, replaces FPGA or ASICS by a single chip solution. A firmware in the PRU-ICSS allows detecting the type of Industrial Ethernet protocol and loading the appropriate industrial application during run-time into Sitara processor.

    Reply
23. September 10, 2015 at 8:30 am

    Tomi Engdahl says:

    Arduino/Raspberry Pi open-source formats meet industrial controls – in distribution
    http://www.edn-europe.com/en/arduino/raspberry-pi-open-source-formats-meet-industrial-controls-in-distribution.html?cmp_id=7&news_id=10007051&vID=1327#.VfE-8JdLZ4A

    RS Components has the Industrial Shields brand of PLCs (programmable logic controllers and panel PCs; the range builds on Arduino, Hummingboard and Raspberry Pi boards to deliver open-source advantages on ready-to-use, approved hardware.

    In the past few years the flexibility of open-source development boards has eased the design process for electronic engineers, enabling faster prototyping for cutting-edge applications, especially in the Internet of Things (IoT) space. “Our new distribution agreement with Industrial Shields brings this flexibility to industrial engineers with a series of ready-to-install open-source industrial products,”

    The Industrial Shields PLCs and panel PCs are based on the most popular open-source developments boards, such as Arduino, Raspberry Pi and Hummingboards, and can be programmed exactly in the same way. This unique characteristic allows engineers to go from prototype to industrialisation using the same flexible programming code.

    The PLC portfolio comprises ARDBOX compact PLCs based on the Arduino Leonardo board, and M-DUINO Ethernet PLCs based on the Arduino Mega board. All operate from a supply voltage of 12-24V DC, and can be programmed and monitored via the Arduino IDE platform. ARDBOX compact PLCs are available in two different versions with up to 20 I/Os giving a choice of digital, analogue and relay outputs. The M-DUINO series offers five different versions with up to 58 I/Os. All units support I²C communication allowing I/O expansion by connecting multiple units together. USB, RS232 and RS485 communication ports are also provided.

    The panel PCs are open-source programmable 10.1-inch capacitive touchscreens, available in three different versions. HummTOUCH Android and HummTOUCH Linux give a choice of popular operating systems running on the Hummingboard ARM-based single-board computer. TOUCHBERRY Pi, based on the Raspberry Pi, runs the Raspbian Linux operating system. All the usual communication ports including Ethernet, USB, SPI Serial TTL and I²C are provided, and the units can be programmed via the USB port using the Arduino IDE that is based on Processing.

    Reply
24. September 11, 2015 at 10:44 am

    Tomi Engdahl says:

    A better way to install automation in classified areas
    http://www.controleng.com/single-article/a-better-way-to-install-automation-in-classified-areas/ffd1161f00d27108cae4f02e12344b63.html

    Instead of employing protection methods, it’s often better to move automation systems to less hazardous areas and to use components rated for use in these locations.

    Classified areas are often found in industrial plants due to the presence of hazardous gases and dust. When automation components are installed in these areas, certain rules, regulations, and design standards must be followed to ensure safety.

    It’s useful to look at these three protection methods before examining an alternative way for installing automation components in classified areas.

    Explosion-proof approaches

    Explosion-proof enclosures and conduit systems protect automation components in hazardous areas through two methods. First, they are sealed to limit the amount of gas or dust that can enter the enclosure or conduit system. Second, they must have the structural integrity to contain an explosion so it doesn’t propagate throughout the classified area.
    This method of protection has been in use for many decades and is thus well understood by many engineers, designers, and plant maintenance personnel.
    But compared to the standard National Electrical Manufacturers Association (NEMA) 4 enclosures, explosion-proof enclosures are very expensive, quite large, and very heavy
    Any operator interface components must be rated for use in the area, which precludes the use of any type of graphical interface in a Division 1 area. Graphical interfaces can be mounted inside the enclosure and viewed through a window, but this limits visibility.
    Great care must be taken during installation of the enclosures and conduit systems to make sure proper sealing is preserved
    regular inspections of explosion-proof enclosures and conduit systems are required

    Purging problems

    Another method for installing automation components in hazardous areas is to purge enclosures with compressed air or an inert gas. Purge systems don’t allow hazardous gases or dusts to enter an enclosure because the interior is always under positive pressure.
    Depending on the type of purge system, this method allows standard enclosures and unrated automation components to be used in Division 1 and Division 2 areas. But purge systems can be quite expensive

    Limitations of IS options

    Intrinsically safe (IS) systems can be safely installed in Division 1 and 2 hazardous areas because the components and wiring systems cannot release sufficient energy to ignite gas or dust in the area. Unlike explosion-proof or purge systems, this method of protection permits many types of maintenance during normal operation.
    Many common automation components, such as programmable logic controllers (PLCs) and motor drives, aren’t available with an IS rating.
    The design of IS systems requires a high level of engineering expertise

    As related in the above sections, all three of the leading protection methods require detailed design and often considerable expense for system purchase and installation.

    Reply
25. September 24, 2015 at 8:43 am

    Tomi Engdahl says:

    SCADA Vulnerability on the Rise
    http://www.eetimes.com/document.asp?doc_id=1327785&

    Industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, are increasingly at risk of cyber-attack, recent security reports have revealed. Both the capabilities to attack such systems and the number of attacks recorded are on the rise. And the rise of the Industrial Internet of Things (IIoT) will only make things worse.

    The recent report Up and to the Right from threat intelligence company Recorded Future, shows the number of reported security vulnerabilities for ICS systems has grown steadily since 2011 (post STUXNET) and shows no sign of slowing. At the same time, as reported by researchers and industry watchers, the number of “exploits” available for those vulnerabilities has also grown, the report said.

    In its annual Threat Report for 2015, Dell Security reported that the number of reported attacks on SCADA systems worldwide had doubled last year, from 163,228 in 2013 to 675,186 in 2014. Nearly a quarter of these exploited buffer overflow vulnerabilities. The actual number may be much higher, however, as many SCADA attacks go unreported, the report adds, noting that companies are only required to report data breaches that involve personal or payment information.

    Web Data Reveals ICS Vulnerabilities Increasing Over Time
    https://www.recordedfuture.com/ics-scada-report/

    What we found was a worrying trend of ICS exploits available and ready to be exploited.

    Reply
26. September 24, 2015 at 9:07 am

    Tomi Engdahl says:

    The message to take from these security reports is that it’s time for the whole ICS industry to step up to the challenge of security. Things to do, according to Ahlberg, include:

    Put reporting mechanisms in place to detect faults and attack attempts
    Become more friendly to security researchers who are trying to identify vulnerabilities so that they can be closed
    Figure out and implement patching systems that will continue to improve security on systems in the field indefinitely. “If a system is once installed and you don’t touch it again,” said Ahlberg, “it becomes incredibly vulnerable over time.”

    Source: http://www.eetimes.com/document.asp?doc_id=1327785&page_number=2

    Reply
27. October 9, 2015 at 12:54 pm

    Tomi Engdahl says:

    Middle managers can be cyber security threats
    http://www.controleng.com/single-article/middle-managers-can-be-cyber-security-threats/3700165a7056a637111b15836bd4adac.html

    Middle managers sometimes are an obstacle when it comes to implementing and promoting security within their realm. The idea of middle managers bottlenecking the security culture and program is a huge obstacle to overcome.

    Middle managers may or may not be aware of the increased need for security, but they are an obstacle when it comes to implementing and promoting security within their realm. While the thought may seem to not make sense at first, it makes perfect sense where a middle manager’s compensation and performance objectives—whether it is a process line, an entire plant or anything in between—focus on performance. With pure performance objectives strictly in mind, security will often go by the wayside.

    The CISO said his biggest problem is middle managers. Not the workers in the trenches, but middle managers.

    “I have seen this with other clients where even higher-ups (e.g. VP’s) in Engineering, Operations or even IT may not be onboard with an OT cyber security program,” Cusimano said. “For such a program to be successful it requires support from all three. Not surprisingly, the battles are more about company politics than anything else.”

    Reply
28. October 9, 2015 at 12:55 pm

    Tomi Engdahl says:

    Protecting network assets for improved cyber security
    http://www.controleng.com/single-article/protecting-network-assets-for-improved-cyber-security/4b43c9b92c1da3dfea49776d13e60c37.html

    Asset management is a major concern for workers in the oil and gas industry as the possibility of cyber security attacks remains a constant threat. Understanding the risks and the challenges will go a long way to making on and off-shore networks more secure.

    In today’s “new normal” environment, advanced persistent threats (APTs) are designed to target the control systems of critical infrastructure with frequency and ease. The motivations range from financial gain, physical damage, and operational disruption, or a combination of all three. Adversaries such as cyber terrorists and nation-states are seeking the most opportunistic targets to meet their objectives.

    For the past 15 years, cyber security and risk management professionals have warned of the oil and gas industry being a prime target for cyber attack, yet evidence of events was few and far between. Recently, however, incidents around the world have brought legitimacy to this proposition, and, as a result, the oil and gas industry is on high alert.

    If you were to ask an engineer or operator of industrial oil and gas facilities, refineries, and pipelines about their cyber security concerns, asset management is, and has been, at the very top of the list. Whether or not the engineer or operator is formally trained in cyber security or he or she has inherited this newfound burden of responsibility, maintaining the integrity and availability of assets are now part of everyone’s commission.

    Understanding the risks: Upstream, downstream, and everywhere in between

    Nodes, or connection points to the process control network, are prevalent onshore and offshore and present a variety of complicated risks to asset management. Both downstream and upstream, the presence of physical security is often impressive; however, the cyber security risks are high as a result of large numbers of employees and visitors with direct access to operations and networks. Insufficient training and skills of on-site personnel also often complicate the risk exponentially.

    Under today’s threat landscape, asset management is most susceptible to cyber attack in the midstream—the pipelines, transportation vessels, and storage facilities that are central to the oil and gas production ecosystem

    Seeing adversaries before they attack

    Figure 2: Situational awareness’ proactivity is an effective mitigation tactic to preempt attacks against industrial control systems before such attacks cause a disruption. Courtesy: NexDefenseThe stability of process control networks opens the door for utility deployment that can improve the security of networks as well as give early warnings of potential problems that may be occurring—such as misconfiguration or unauthorized access. For example, the introduction of a new device on the process control network should be infrequent enough to alert an operator immediately, so that he or she can confirm its authenticity or begin remediation. Other early warning signs that any engineer or operator can look for include:

    Devices that disconnect and reconnect to networks
    New communications between devices
    Whether or not devices match those identified on the inventory or tag list
    Unauthorized messages (Microsoft Windows update pop-ups, etc.)
    The presence of firmware updates downloaded to controllers or programmable logic controllers (PLCs).

    Gaining situational awareness includes:

    Identification of assets and protocols on a network—Much like building an inventory list, identifying assets and protocols allows operators and engineers to see all devices communicating on a network in real time.
    Deep packet inspection—Deep packet inspection simplifies information gathering of protocols and validates communication between devices. It’s the most seamless way to identify ICS specific malware before it penetrates.
    Asset anomaly detection—Asset anomaly detection identifies abnormalities in communications by measuring them up against a baseline of approved communications.

    Reply
29. October 16, 2015 at 1:46 pm

    Tomi Engdahl says:

    Changes in Control System Standards Ease Procurement: IEC 62443-2-4 Updates
    http://www.securityweek.com/changes-control-system-standards-ease-procurement-iec-62443-2-4-updates

    The need to protect your infrastructure and services from disruption is a critical priority, especially considering increasing connectivity prevalent in industrial environments. To build OT resilience, asset owners oftentimes engage with specialized consultants. These OT security researchers, testers, certification groups and consultants can work together to fulfill a holistic risk mitigation strategy.

    Recent changes to international standards in the industrial security arena are helping operators consistently procure and manage control systems security expertise. Understanding these changes and how they can apply to your situation is useful as you evolve your operational technology (OT) security posture.

    Nearly a year ago, I mentioned that with the ratification of IEC 62443, both industrial operators and suppliers would have better methods to more efficiently invest in such security expertise. Since then, updates to this international industrial controls standard have been published to move systems integration work forward.

    What critical infrastructure standard has changed and how might I benefit?

    The existing standard, IEC 62443, is focused on industrial automation and control systems security (IACS). The new section, Part 2-4 (IEC 62443-2-4) has added security program requirements for IACS service providers.

    By working from specifications identified in this standard, operator organizations can better clarify what work areas they need to scope for industrial automation and control systems security improvements.

    Specifically, IEC 62443-2-4 defines a standard set of security services (capabilities) for integration and maintenance activities, thus allowing asset owners to select those most appropriate for their sites. As a result, they can ask their integrators and maintenance contractors for standard requirements. Vendors can tailor their service offerings around these standard activities, rather than customizing their offerings specifically for each customer.

    Is this a cyber security standard?

    IEC 62443 standards are specific to industrial automation control systems, which are operational technology (OT) systems as opposed to IT systems. By hardening OT environments, risks such as unauthorized access to control systems, false commands to operating equipment, and read/write of proprietary device data can be minimized.

    What kind of systems or equipment does IEC 62443-2-4 address?

    IEC 62443-2-4 addresses the processes and activities used to install (integrate) and maintain industrial control systems and their components. These components can include workstations, controllers, and network devices.

    Is this applicable to my organization? Who does this standard affect?

    Anyone running critical services is likely to need hardened security to prevent disruption from attacks, accidents, and nation-state incidents. IEC 62443 provides standardization to help with critical infrastructure security, and IEC 62443-2-4 offers specific guidance to integrators and maintenance contractors.

    Specifically, IEC 62443-2-4 is written for integrators and maintenance contractors performing industrial automation control systems security work.

    What should operators do with this standard?

    Operators should first review this standard
    Subsequently, they should implement security hardening work

    What is my next step for adhering to this standard?

    While IEC 62443-2-4 provides the “what” for addressing critical infrastructure security, by defining and standardizing integration and maintenance capabilities, your organization still needs to determine the “how and why” to define your own security program.

    Reply
30. November 16, 2015 at 9:59 am

    Tomi Engdahl says:

    Radiflow Launches New Intrusion Detection System for ICS/SCADA Networks
    http://www.securityweek.com/radiflow-launches-new-intrusion-detection-system-icsscada-networks

    Radiflow, a maker of Industrial Control System (ICS) network security solutions, has introduced a new Intrusion Detection System (IDS) designed specifically for Operational Technology (OT) networks.

    Although isolated from the Internet, in recent years several vulnerabilities have been detected in ICS/SCADA networks due to changes in infrastructure companies’ (electric and water utilities, oil and gas) operational processes, Radiflow said.

    “The threat to ICS networks is posed by motivated groups such as governments and elite hackers–all while the attack surface is high, and operators’ capabilities to effectively detect and react to ICS cyber incident are low,” noted Yehonatan Kfir, CTO, Radiflow. “This gap, between attacker and defender, poses a significant risk to the ICS process.”

    Radiflow’s SCADA IDS is server-based software that analyzes OT network traffic and can be deployed both at the control center and at remote sites without any network intervention, the company said.

    iSID combines SCADA/ICS modeling and Anomaly detection and receives a parallel (mirrored) stream of all network traffic which it analyzes to generate and display a network topology model, and serve as a baseline for detecting exceptions indicating unauthorized traffic.

    “Many of our U.S. customers have brought up the same two issues: managing maintenance processes and mapping the network traffic within their substations,”

    Reply
31. November 16, 2015 at 12:46 pm

    Tomi Engdahl says:

    Six steps to choose between PLC and DCS for process industries
    http://www.controleng.com/single-article/six-steps-to-choose-between-plc-and-dcs-for-process-industries/371966174aae11e3c5810f1a833994d9.html

    Cover story on controllers: Learn how to choose between PLC and DCS. Though PLC and DCS technologies were invented to serve different industrial processes, the last 15 years have seen a massive merger of functionalities between both worlds. Both can serve some of the same application domains, and the overlap makes the controller selection confusing. A step-by-step “technology selection process” can help plant designers and system buyers identify which automation technology would best fit a particular plant application.

    In striving for larger market share and to conquer new areas of applications, manufacturers of programmable logic controllers (PLCs) are promoting an idea that the combination of PLC and supervisory control and data acquisition (SCADA) can deliver the same functionality that a distributed control system (DCS) provides. PLC and SCADA can replace DCS because of:

    Increasing memory size and processing speed of central processing units (CPUs) that allow for more regulatory control loops to be handled
    Providing higher reliability and availability, implementing redundancy on various levels that almost matches DCS redundancy
    Adding functionality of shared variables database between PLC and SCADA, which allows for a unified engineering environment for logic and the human-machine interface (HMI) in some cases.

    On the other hand, DCS manufacturers are pushing back to protect their market share, specifically in the petrochemicals industries, where they basically ruled, while trying to expand into less-sophisticated process industries that usually represent the playground for PLCs, such as water and wastewater treatment. DCS manufacturers are:

    Raising the bar for process control features provided by adding advanced process control techniques, such as neural networks, adaptive tuning, or model predictive control (MPC)
    Increasing discrete control functionalities, by complying with the IEC 61131-3 standard for programming languages, same as PLCs
    Significantly adjusting hardware pricing to match that of high-end PLCs.

    While actions by both groups of manufacturers led to the creation of interchangeability between both technologies up to a certain level, both systems cannot serve every application.

    Step 1: Does the process require implementation of advanced process control (APC)?
    Step 2: How many regulatory control loops does the process include?
    Step 3: Does the nature of the process require an operator control room?
    Step 4: Is high-speed discrete control required?
    Step 5: Does the process require frequent modifications?
    Step 6: Does the plant employ staff capable of modifying the system?

    Justify controller purchases

    Shady Yehia is the Founder and Author of The Control Blog. He is the Instrumentation, Control, and Automation Proposals & Engineering manager in a process technology integration company based in Qatar and operates in the EMEA region. Courtesy: Shady YehiaWhile DCS and PLC technologies are growing in lots of similarities in the recent years, thorough analysis for each individual process application requirement usually shows the areas where one automation technology would fail to satisfy all the process current or future requirements and where the other technology would prevail. Such analysis typically leads to highly informed and greatly justified selection decision between the two technologies.

    Reply
32. November 16, 2015 at 12:52 pm

    Tomi Engdahl says:

    The changing drivers of DCS development
    http://www.controleng.com/single-article/the-changing-drivers-of-dcs-development/95b598dbc64112561ca18ca3eb583694.html

    Now that distributed control system (DCS) technology is moving into middle age, the nature of what users want from it is evolving. Enough maturity may avoid a mid-life crisis.

    That industrial citizen, the distributed control system (DCS), has reached the age where it needs to take stock of its accomplishments so far and decide what’s next. Born around 1975, this technology is certainly mature and has many years to go before retirement. Let’s reflect on its life so far.

    Forty years ago, more or less, this technology was launched as several automation original equipment manufacturers (OEMs) brought out similar platforms at roughly the same time.

    The systems were purposely built around proprietary hardware and software, using hard-wired input/output (I/O) field devices. Operators got their information on monochrome cathode ray tube (CRT) displays using keyboards and maybe proprietary tablets. What seems now to be hopelessly outmoded was, at the time, the height of adaptability.

    For as crude as the computer software was at the time, the DCS’s number crunching capability was pretty sophisticated.

    Over the years, DCSs evolved in many ways, but some of the basic underlying concepts remained static. Some of those improvements include:

    Operator interaction with human-machine interfaces (HMIs) grew more sophisticated as graphic capabilities got better and a greater sense of how operators access information grew.
    Operator interaction spawned studies of how operators work in abnormal situations, further improving operator effectiveness.
    I/O supporting field devices added digital mechanisms to increase the amount of information available.
    Asset management platforms helped improve reliability by making the connection with maintenance more direct.
    Open off-the-shelf hardware replaced proprietary equipment, although to many, this proved to be a mixed blessing.
    Alarm management became an industry in its own right.
    Support grew more sophisticated for integration with larger enterprise networks to allow information transfer, but with it came the whole new issue of cyber security.
    Procedural automation, still a relatively new development, has taken a growing role in helping operators get through startups, shutdowns, and other situations where safety incidents can happen.

    In spite of all these improvements, the mechanisms for designing and implementing a system didn’t really change:

    Field devices were still hard-wired to the DCS I/O through junction boxes and marshalling cabinets.
    Each of these had its own terminals, meaning there could easily be 15 points where wires were terminated, introducing points where communication could be lost.
    Field devices only could communicate with the controller to which they were connected.
    New capabilities added to controllers and field devices often served only to make them more complex and difficult to configure.
    Programming was written largely from scratch and could not be implemented until the hardware was installed because it had to reflect the final configuration.

    Over the years projects and their resulting DCSs became more complex and more expensive. The costs of large projects grew higher, and companies often saw their new plant waiting to start up, delayed by final adjustments to the automation platform

    Automation engineers found themselves in the crosshairs when their systems were the last thing standing in the way of startup and realizing revenue.

    The customers said, “There has to be a better way.”

    “For us it started about five years ago with electronic marshalling,” said Roger Freeman, vice president of Emerson Process Management’s project management office. “That was followed by virtualization of the entire DCS, not just the workstations, but the controllers and I/O controllers, so that the whole engineering side could be done independently of the hardware platform. The whole thing became more flexible at a lower cost.”

    The key realization, made by Emerson and others, was that the process of designing and implementing a DCS was far too linear. Main steps had to take place in a serial fashion, each waiting for completion of the one previous.

    “The whole idea of LEAP [Honeywell's lean project management program] is to separate functional design from physical design and bind them at the very end,”

    Field wiring and I/O were major contributors to the problem because they had to be configured for the specific site

    With more hardware standardization, more elements of the DCS could be designed at the same time.

    The change in approach has changed the way customers and vendors discuss projects. Questions now are not so much whether the system can control the process. That aspect is taken for granted. Discussions now center on many of the newer capabilities along with purchase cost, lifecycle cost, complexity, speed of deployment, stability, adaptability, and longevity. Companies want predictable installation or upgrade projects because so much hinges on maintaining production.

    “The pressure on time with a brownfield project is stronger in many ways than it is with a greenfield project,”

    Flexibility for the future

    One truly universal aspect of this discussion is longevity. While most computer-based equipment has a lifespan of a few years, control systems are measured in decades. Any company installing a new system has to be thinking out 20 years or more, with both the vendor and user considering the implications of decisions on that basis. Adaptability and flexibility need to be included because nobody really knows what changes might need to be made years down the road.

    “We used to have a very defined mental model about the control system, and there was not a lot of ambiguity,” Fayad recalled. “Now you can do so many things and in so many different ways. You can bring I/O on a bus, hard-wired, wireless, or hybrid. The tools were only about control, now they’re about control, operations performance, maintenance, project efficiency, so we have to help people understand those differences and what they mean to work processes. Users want these operational benefits without facing risk.”

    Key concepts:

    After 40 years, key DCS design elements have not changed significantly.
    Customers are driving DCS vendors to develop more standardized designs for more predictable project execution.

    Reply
33. November 17, 2015 at 9:57 am

    Tomi Engdahl says:

    Automation enterprises invest in cloud technologies
    http://www.controleng.com/single-article/automation-enterprises-invest-in-cloud-technologies/1eeb4626e331ab287a6ceff170dadefa.html

    Facing new demands from manufacturers and the latest developments in the Internet of Things, enterprises in industrial automation begin to invest in cloud technology.

    With the popularization of cloud storage technology in commercial fields, consumers are accustomed to enjoying information in the cloud in smart phones, tablet PCs, and laptops. The cloud provides flexible and convenient information transmission. It works like an invisible USB with unlimited capacity.

    Just like commercial fields, the recognition of the cloud by the manufacturing industry is also quietly changing. The industry went from having doubts and concerns over safety of using a cloud platform to realizing value in cloud-based asset management, historical data analysis, industrial business flow optimization, remote real-time access, better energy efficiency management, more cost cutting, and efficiency improvements.

    IDC, a market research organization, said the global cloud-computing infrastructure grew by 25.1% and reached $6.3 billion in first-quarter 2015. The expenditure of private cloud and the expenditure of public cloud grew by 24.4% and 25.5% respectively, year over year.

    Relevant data from the China Ministry of Industry and Information Technology indicated that the fastest growing information technology service industry of China in the first half of 2015 was service business with cloud and big data as representatives. The growth rate reached 22.1%. It was undoubtedly a new blue ocean as far as “new normality” of China’s economy was concerned.

    Facing the new demands from manufacturing users, leading enterprises in industrial automation also are giving increasing attention to cloud services. As a promoter of the concept of Industrial Internet of Things (IIoT), GE formally declared a plan to enter into the cloud service market through the Predix cloud, an industrial Internet cloud platform exclusively developed for Predix. It is said to be the first cloud solution developed and designed exclusively for collection and analysis of industrial data.

    “All technologies for construction of a cloud platform are basically mature in terms of content. The challenges are information security and depth of industrial application,”

    Today, industrial enterprises are starting to adopt cloud technologies for big-data-based intelligent manufacturing through data sharing, assets management, remote monitoring, and information analysis.

    Reply
34. November 17, 2015 at 10:06 am

    Tomi Engdahl says:

    Connectivity, security, mobility: Integrating modern controls
    http://www.controleng.com/single-article/connectivity-security-mobility-integrating-modern-controls/2138fa1832f404089ed9b8def6fee6b5.html

    OPC Unified Architecture (OPC UA) when built into automation software eases integration with other systems and enhances security for a better expansion of Industrial Internet of Things (IIoT) and Industry 4.0 concepts.

    Modern automation and control systems should implement the latest advances in communications connectivity, security, and mobility to keep pace with the latest innovations in Industrie 4.0 and the Internet of Things (IoT). The latest human-machine interface (HMI) and supervisory control and data acquisition (SCADA) and building automation software includes universal connectivity with a wide variety of data sources including OPC, BACnet, and SNMP, databases and Web services, and enhanced compatibility with OPC Unified Architecture (OPC UA).

    For example, OPC UA clients can now securely access:

    Data from any IoT device or equipment
    Registers and data from programmable logic controllers (PLCs) or distributed control systems (DCS)
    Equipment maintenance records and work orders from maintenance management systems
    Energy data from any metering system
    Incoming order data from any enterprise resource planning (ERP) system.

    In addition to communications connectivity, one of the most critical aspects of a modern automation system is its security. In the past, security was almost taken for granted or assumed to be there. But due to an increasing number of highly visible breaches in recent years, corporations now have a renewed focus on making sure that their systems adhere to the strictest security standards. OPC UA server/client interactions meet these requirements in different ways including user authentication, security certificates, and data encryption. Security upgrades incorporate the latest advances made by the OPC Foundation to ensure secure, IoT-friendly OPC UA communications.

    Today’s mobile solutions should also adhere to universal connectivity, with ability to connect to OPC UA, BACnet, SNMP, Modbus TCP/IP, and Web services and be able tap into the Industrial Internet of Things (IIoT). Mobile HMI and dashboard software also can integrate with OPC UA technology. With such connectivity, mobile apps enable operators, field service workers, managers, executives, and others to securely visualize, analyze, and store data from a multitude of geographically dispersed asset

    Reply
35. November 17, 2015 at 10:11 am

    Tomi Engdahl says:

    Inspiring cyber-physical security into design
    Visualizing the relevance of cyber-physical systems in applications provides background for why new approaches to security are required.
    http://www.controleng.com/single-article/inspiring-cyber-physical-security-into-design/47923fd71a277e8abedeb06f34fd7beb.html

    It wasn’t that long ago when a well-known industrial control system (ICS) security professional was feeling down because of the influx of IT security people invading the industrial sector.

    “There are just too many people in here now that don’t know a PLC [programmable logic controller] from a solenoid trying to offer advice to people who want to do the right thing. But these people don’t know how to separate fact from fiction,” the pro said.

    While the IT-OT schism remains an immediate cause for concern, after attending the mainly IT-centric Blackhat USA 2015 security conference a couple of weeks ago, it appears the IT side of the house wants to start understanding the importance and differences of what industrial security is all about. The level of importance for securing the critical infrastructure keeps rising every day, and the more intelligence the IT environment gets about the OT side, the better off all manufacturing automation companies will be. After all, IT does have an excellent track record for security, and they have been at it for quite a while, albeit from a different angle.

    Yes, IT security professionals need to know the importance of availability. They need to know the system cannot go down for a couple of hours to work on a few things. They have to stay up and running for years at a time in some cases.

    Then there was a talk on how to break into a chemical plant.

    Marina Krotofil, senior security consultant at the European Network for Cyber Security, gave a talk before a packed room titled, “Rocking the Pocketbook: Hacking Chemical Plants for Competition and Extortion.” The interesting thing is Krotofil gave a quick basics course on the manufacturing automation industry and the importance of keeping systems up and running because of the dangerous possibilities of a successful hack.

    Understanding the future of cyber-physical systems security will pay off in terms of keeping a plant safe, Krotofil said.

    Another talk focused on Globalstar satellite transmissions used to monitor water pipelines and drilling applications for oil and gas that can end up compromised to alter messages.

    “Hackers can inject data into systems. These are 20-year-old systems built before security was thought of,” said Colby Moore, a security researcher at Synack. Sound familiar?

    In these old systems, “There is no encryption and everything is done in plain text,” Moore said. “That may have been the case years ago, but there is no excuse today.”

    From oil and gas devices to tracking fleets to consumer products, there are millions of devices deployed, Moore said.

    Another talk focused on Shamoon, the brutal attack that took down 35,000 computers at oil giant Saudi Aramco in 2012.

    Kubecka, who gave the Shamoon talk titled, “How to Implement IT Security after a Meltdown,” really focused on the IT side, but also understood the differences between IT and OT.

    “What IT doesn’t understand is a power plant can’t do a quick reboot to start the system,” she said. “ICS was separated (during the attack), and that was fantastic.”

    While Saudi Aramco’s production did not suffer from the attack, the aftermath was a problem for the entire country.

    Are IT and OT on the same page? No way. But they are in the same book. That is a positive that came out of the conference.

    Reply
36. November 17, 2015 at 10:15 am

    Tomi Engdahl says:

    The coming changes to standard Ethernet: Extra answers from the webcast
    https://www.controleng.com/single-article/the-coming-changes-to-standard-ethernet-extra-answers-from-the-webcast/7879c25203fe2c2c3fd15cef3f04d935.html

    Todd Walter, National Instruments, AVnu Alliance Industrial segment chair and board of directors, answered additional questions after the Sept. 30 webcast, “The Coming Changes to Standard Ethernet: Industrial IoT Convergence with the Control System.” Learn more about TSN, IIoT, and standardization.

    Question: What has changed between AVB and TSN?

    Walter: Standard Ethernet continues to expand its range, functionality and applications with the Audio Video Bridging (AVB) standard evolving into Time Sensitive Networking (TSN) to enable next generation control systems. TSN builds upon the AVB specifications to expand the range, functionality, and applications of the standard. TSN is the new name for the same IEEE 802.1 task group that developed AVB. The new capabilities of TSN provide the industrial community with the ability to use standard Ethernet to support highly reliable and precise synchronized networking appropriate for industrial control.

    TSN promises through standard silicon to converge the previously disparate technologies needed for standard Ethernet communication, for deterministic high speed data transfer, and for high accuracy time synchronization. These developments will allow convergence of low latency control traffic and standard Ethernet traffic on the same network for demanding applications like multi-axis motion control.

    Question: Why so much buzz about industry 4.0 and industrial IoT, isn’t this stuff us automation people have been doing for a long time? a) Is this truly something new? b) What will make industrial IoT really viable from a customer benefit perspective?

    Walter: The IoT covers a very large set of applications and markets. To help clarify, I find it useful to sub-divide the discussion into consumer IoT and Industrial IoT (IIoT). For the IIoT or Industry 4.0, there is currently a lot of development and a lot of deployment. Industrial processes have been interconnected with embedded decision making for decades.

    The IIoT is giving engineers who are building and maintaining these systems a greater variety of options and better data visibility when they are maintaining the processes. We are seeing the fastest adoption in areas of industrial monitoring where new options for sensing and data analytics can help with predictive maintenance. We are also seeing investment in new control applications for power grid, micro-grid, and smart city infrastructure.

    With pending new capabilities for standard Ethernet, we are expecting IIoT adoption for control applications to ramp up quickly. Developments to standard Ethernet will create a common foundation that will impact numerous applications and markets ranging from machine control and asset monitoring to outfitting test cells and vehicle control.

    Question: Is there a trend to standardization of industrial Ethernet? a) How to simplify IoT connectivity b) How to achieve full standardization for interconnectivity of parts? c) Ecosystem: There will be a need for application software to handle schedule distribution, establishing redundant paths, etc., and where will this ecosystem come from?

    Walter: Many industries have invested heavily in the creation of protocols and standards for their applications. Many of these focus on vertically specific features such as data encapsulation and device profiles which may be difficult to merge into one universal standard. For instance, it would be technically challenging to fully merge the capabilities of a power grid protocol such as IEC 61850 with the streaming and performance of the GigE Vision standard.

    AVnu Alliance’s expectation and hope for IIoT is that we will create a common foundation for data transport and secure connection between devices that thin application protocols can run on top. This type of layered approach, with common infrastructure and shared services, is how the IT industry is built today, and it provides both high coexistence/interoperability and mechanisms for optimization and innovation.

    The AVnu Alliance is a community working hand-in-hand with standards organizations like IEEE 802 to create an interoperable ecosystem for low-latency, time-synchronized applications, and it is the only community consortium driving the expansion of AVB and TSN standards. This community includes traditional IT vendors, automation suppliers, silicon suppliers, and software tool vendors. As new capabilities are built into standard Ethernet we are focused on providing standard mechanisms for configuration, data transport, and time synchronization. The member companies are participating in AVnu so they can assure an interoperable ecosystem.

    Reply
37. December 21, 2015 at 5:12 pm

    Tomi Engdahl says:

    Iranian hackers targeted New York dam, had a quick nosy around
    US has highest number of industrial-control systems online, says security bods
    http://www.theregister.co.uk/2015/12/21/iranian_hackers_target_new_york_dam/

    Iranian hackers penetrated the online control system of a New York dame in 2013, according to reports, and poked around inside the system.

    The Wall Street Journal reported that hackers gained access to the dam through a cellular modem, according to an unclassified Homeland Security summary of the case.

    Two sources said the summary refers to the Bowman Avenue Dam, a small facility 20 miles outside of New York. They said the hackers didn’t take control of the dam but probed the system, citing people familiar with the matter.

    The Department of Homeland Security has declined to comment on the incident.

    The analysts detected a machine that was crawling the internet for vulnerable US industrial-control systems. The hackers appeared to be focusing on certain internet addresses, according to the people.

    The US has the highest number of industrial-control systems connected to the internet in the world, with 57,000 systems, according to researchers at Shodan.

    Iranian Hackers Infiltrated New York Dam in 2013
    Cyberspies had access to control system of small structure near Rye in 2013, sparking concerns that reached to the White House
    http://www.wsj.com/articles/iranian-hackers-infiltrated-new-york-dam-in-2013-1450662559?mod=WSJ_TechWSJD_NeedToKnow

    Reply
38. January 15, 2016 at 9:43 am

    Tomi Engdahl says:

    Microsoft Windows XP Embedded ends extended support
    Ask Control Engineering: Extended support for Microsoft Windows XP Embedded has ended; what should I do?
    http://www.controleng.com/single-article/microsoft-windows-xp-embedded-ends-extended-support/b8a8e891e850a9d011c656a0c92348ee.html

    Ask Control Engineering: Since Microsoft has ended extended support for Microsoft Windows XP Embedded support as of Jan. 12, what should I do, if anything?

    Answer: Since Microsoft is no longer offering support for its 15-year-old operating system, Microsoft Windows XP Embedded, so those who have procrastinated now have additional concerns and risks to address.

    “What’s worse,” said one manufacturing IT expert, “is to not even know if you have any XP systems running.”

    warns that users still using Microsoft Windows XP Embedded systems in their facilities will be running into several additional security risks. Finding compatible software will be very difficult and this, in turn, will make the systems more vulnerable to cyber security attacks. Brandl explains that running a complete system inventory will at least make it clear if there’s a potential support problem.

    The long goodbye to Microsoft Windows XP Embedded
    http://en.ofweek.com/news/The-long-goodbye-to-Microsoft-Windows-XP-Embedded-38178

    There are those that get work done early, those that get it done on time, and those that procrastinate until every task is an emergency. Those still using Microsoft Windows XP Embedded in their industrial environments will fall into the latter category because Microsoft’s extended support for Windows XP Embedded ends on January 12, 2016. The 15-year-old operating system will no longer be supported or updated, no matter how much users clamor or beg.

    Companies still using Microsoft Windows XP Embedded systems in their facilities will be running into several additional risks. For example, it will be difficult to find compatible hardware and software, and it will be difficult, if not impossible, to get updates to the applications currently running, which will make the systems more vulnerable. If there are Microsoft Windows XP systems running and they can’t be replaced, then take measures to reduce potential risks. What is worse is to not even know if you have any XP systems running.

    It is vital to complete a software and IT hardware inventory of the entire facility, which includes far more than just the production systems. It is important to also consider your laboratory systems, maintenance systems, warehouse systems, tank farm systems, HVAC systems, physical security systems, document management systems, planning systems, and development systems. Without a complete inventory, “hidden” systems under employee’s desks, which are performing critical functions, might go unnoticed. For example, is the scheduling department still using a XP-based tool, or worse: a DOS-based tool; is the laboratory using XP-based test equipment; are the automated material movement systems running XP-based configuration and maintenance software; or is the security department using an XP-based badge scanning system

    At the very minimum, a complete system inventory will make it clear if there’s a potential support problem.

    The worst situation is to have high risk and obsolete systems where there are no readily available replacements.

    In these situations, the first step is to virtualize the hardware, which at least removes the risk of a hardware failure and provides backups in case of software failures. Second, the systems should be isolated from other networks through demilitarized zones (DMZs), firewalls, or physical separation. It is likely the Microsoft Windows XP system will be running vulnerable browsers, databases, applications, and drivers, which makes isolation even more vital. However, virtualization and isolation are only temporary fixes to give the manager time to implement long-term solutions.

    For machines that cannot be upgraded, what needs to change now that Microsoft Windows XP support has ended?
    Ask Control Engineering sought advice from industrial software developers related to the end of Microsoft Windows XP support. Here, Beckhoff Automation provides answers related to Microsoft Windows XP obsolescence.
    http://www.controleng.com/single-article/for-machines-that-cannot-be-upgraded-what-needs-to-change-now-that-microsoft-windows-xp-support-has-ended/ca31607ec0c97a6267c25dec3762cfeb.html

    Ask Control Engineering: For manufacturers that may not be able to upgrade certain machines or systems past Microsoft Windows XP, what should change now that Microsoft Windows XP support has ended? Answers for related questions below are provided by Debra Lee, software specialist, Beckhoff Automation.

    A. Now that support from Microsoft for Windows XP has ended, machines with this operating system (OS) will no longer be able to get OS updates, including security updates. Naturally, best practices dictate that machines be kept up to date with the latest security updates. However, most of these machines are not connected to the Internet, and those that are generally are not used for surfing the Internet nor do they open files or attachments in software applications such as e-mail, both of which are notorious for the spread of viruses and malware. It is important to note as well that many machines are actually running Windows XP Embedded. Support for Windows XP Embedded is still active and does not end until Jan. 12, 2016.

    Q. If customers cannot upgrade, what should change, if anything, on April 9?

    A. If a security audit finds that access to the machine is secured and there is no Internet connectivity or e-mail “read” access with file download capability on the machine, nothing necessarily needs to change today even if a machine has devices with Windows XP OS on it. If the security audit finds a potential hazard in these areas, however, action may need to be taken to remove the access points, or if that is not possible for some reason, upgrade the device(s) on the machine. Of course, users should remember that Windows XP Embedded support is still active and will continue to be active until the beginning of 2016.

    Reply
39. January 15, 2016 at 12:49 pm

    Tomi Engdahl says:

    Making control system standards work
    http://www.controleng.com/single-article/making-control-system-standards-work/ce9e316a763d915e883337b881f5ee71.html

    Understanding a company’s operational technology (OT) security posture and the developments from IEC 62443-2-4 have added security program requirements and benefits for industrial automation and control systems (IACS) security and are key in protecting a company’s infrastructure.

    Changes to international standards in the industrial security arena are helping operators consistently procure and manage control systems security expertise. Understanding these changes and how they can apply to your situation is useful in evolving a company’s operational technology (OT) security posture.

    The need to protect your infrastructure and services from disruption is a critical priority, especially considering increasing connectivity prevalent in industrial environments. To build OT resilience, asset owners oftentimes engage with specialized consultants. These OT security researchers, testers, certification groups, and consultants can work together to fulfill a holistic risk mitigation strategy.

    Nearly a year ago, with the ratification of IEC 62443, industrial operators and suppliers had better methods to more efficiently invest in such security expertise. Since then, updates to this international industrial controls standard were published to move systems integration work forward.

    Here are some common questions about IEC 62443-2-4 along with a perspective based on experience in working with standards bodies and operators who want to improve operational security

    What critical infrastructure has changed and how might I benefit?

    The existing standard, IEC 62443, focuses on industrial automation and control systems security (IACS). The new section, part 2-4 (IEC 62443-2-4) added security program requirements for IACS service providers. By working from specifications identified in this standard, operators can better clarify what work areas they need to scope for industrial automation and control systems security improvements. With these standards to draw from, organizations can potentially avoid “one-off” costs or variations in bids as they pursue critical infrastructure security expertise.

    Specifically, IEC 62443-2-4 defines a standard set of security services (capabilities) for integration and maintenance activities, thus allowing asset owners to select those most appropriate for their sites. As a result, they can ask their integrators and maintenance contractors for standard requirements. Vendors can tailor their service offerings around these standard activities, rather than customizing their offerings specifically for each customer.

    Is IEC 62443 a cyber security standard?

    IEC 62443 standards are specific to industrial automation control systems, which are OT systems as opposed to IT systems. By hardening OT environments, risks such as unauthorized access to control systems, false commands to operating equipment, and read/write of proprietary device data can be minimized.

    What kind of systems or equipment does IEC 62443-2-4 address?

    IEC 62443-2-4 addresses the processes and activities used to install (integrate) and maintain industrial control systems and their components. These components can include workstations, controllers, and network devices.

    Is this applicable to my organization? Who does this standard affect?

    Anyone running critical services is likely to need hardened security to prevent disruption from attacks, accidents, and nation-state incidents. IEC 62443 provides standardization to help with critical infrastructure security, and IEC 62443-2-4 offers specific guidance to integrators and maintenance contractors. Specifically, IEC 62443-2-4 is written for integrators and maintenance contractors performing industrial automation control systems security work. It also applies to those asset owners who choose to do their own integration and maintenance.

    Reply
40. January 15, 2016 at 12:52 pm

    Tomi Engdahl says:

    Engineering ethics and software concerns
    http://www.controleng.com/single-article/engineering-ethics-and-software-concerns/a6e1941a5446d4a883f868f892869c3d.html

    Virtual machines can solve many problems while keeping operations flowing smoothly, but when companies are duplicating software via virtual machines, this brings up some ethical issues that need to be addressed.

    I was at Wright when I first heard about VMWare and virtual machines. While multiple versions of RSLogix5000 can be installed on a computer at the same time, the same is not true of Allen-Bradley’s human-machine interface (HMI) software, FactoryTalk Studio. In order to install the newest version, the old version has to be uninstalled. This creates a problem when you need to support old customers while designing for new ones.

    A virtual machine solves this problem; an entire hard drive can be cloned along with its software installations. This allows several different operating systems to be installed on the same computer. The user can start up VMWare, open the old version of software, and modify customer’s programs in their original version.

    As I travel around the country and talk to a lot of different people in the controls industry I realize that a lot of people use virtual machines for their programming software. Sometimes it’s because they can’t run old software on a 64-bit operating system, or maybe because the software doesn’t play well with other software on the same machine.

    I recently installed VMWare on a Microsoft Windows 7 machine so that I can run my old DVT software (Microsoft Windows XP) on my laptop that has Camtasia installed on it. Since the DVT software was free, there are no licensing issues associated with that. VMWare, VirtualBox, and Microsoft Windows VirtualPC are also free (for the basic versions) so no problem there, either.

    The operating system (OS) itself is another story. Microsoft Windows charges for all of their operating systems, but if you are duplicating one off of an existing machine you own you are bypassing their fee. In my case, since the laptop I am cloning is about 10 years old, and I don’t use it, I think I’m OK.

    However, it’s easy to create a new virtual machine and pass it around on a USB stick, and I know of a few cases where that is standard procedure. In this case, very expensive licensed software along with the OS can propagate freely.

    For a while, Allen-Bradley and Siemens have been ahead of the license duplication issue by requiring activation of each instance online. Cloning an OS is a different issue, though. I don’t see how they can ever prevent piracy outside of requiring users of their software to go online and validate after each power-up. This is not practical for most programmers in the field, so I don’t see that ever happening.

    Reply
41. January 15, 2016 at 2:33 pm

    Tomi Engdahl says:

    Securing a wireless application
    http://www.controleng.com/single-article/securing-a-wireless-application/3b6559f5017e8773396d0cba486163e7.htm

    Industrial wireless applications are being used by leading manufacturers and operators to improve availability and reduce costs, and there are plenty of protection techniques such as defense-in-depth to keep a network from being compromised by a security breach.

    Industrial wireless applications are seeing more and more action by leading manufacturers and operators to improve availability and reduce costs. In theory, that sounds great, but it is worth considering how difficult it is to make sure these industrial networks are secure before using them in a facility.

    The good news is the best practices, technologies, and products currently available make implementing wireless applications securely straightforward for engineering teams. Wireless applications are no different than wired applications when it comes to an essential industrial control system (ICS) security best practice-defense-in-depth (DiD). DiD is a holistic approach built on three core concepts:

    1. Multiple layers of defense: A variety of security solutions end up used so if an attacker bypasses one area, another can provide the needed defense.
    2. Differentiated layers of defense: Each security layer is slightly different so an attacker can′t automatically get through all layers of defense.
    3. Threat-specific layers of defense: Each defense is for the specific context and threat, allowing protection based on the behavior and context of the systems using these protocols.

    Whether a threat is an accidental internal incident or a deliberate external attack, a DiD approach will detect, isolate, and control it. The wireless defense strategies outlined work together to provide the layers of protection needed to make sure the user’s wireless local area network (WLAN) is secure.

    Protection technique #1

    A challenge with WLAN transmission paths is they can broadcast outside a company’s property boundaries.

    Industry cooperation has led to standards such as IEEE 802.11i/WPA2 that protect the confidentiality and integrity of wireless data. All current products on the market must comply with these standards, ensuring control system communications are authentic, and attackers cannot extract sensitive data.

    In regard to WPA2, be sure to implement its Enterprise mode for strong device authentication. Unlike personal networks, WPA2 (Enterprise mode) provides different keys for different devices, with the keys managed in a central database such as RADIUS. Lost or stolen devices can be disconnected from the network simply by removing their information from the database.

    Furthermore, with WPA2 (Enterprise mode), individual devices can be assigned to different virtual LANs (VLANs) so devices with different roles can be clearly differentiated.

    Protection technique #2

    Another aspect of wireless communications you want to protect are management frames

    Protected management frames (PMF) are useful because they are designed to protect against forgery by extending the mechanism for authentication and encryption present in WPA2 to management frames. By using products with the PMF capability, it is impossible for misused management functions to attack a network.

    Protection technique #3

    Even the most effective WLAN encryption doesn’t offer protection when a security incident originates inside the network. But, by selectively limiting communication to only what is required to run the industrial application, additional barriers are established that are designed to limit the impact of internal attacks.

    This type of limitation is another defense-in-depth mechanism that considerably increases the all-around security of a network. Other strategies for limiting communication within the network include:

    Protect WLAN data by implementing a configurable Layer 2 firewall at the Ethernet level. To do this you need to make sure you are using Access Points with a built-in Layer 2 firewall. The best ones can filter routed and bridged traffic as well as packet-filter traffic between WLAN clients.
    Apply stateful deep-packet inspection (DPI) to secure protocols. After the Layer 2 firewall rules are applied, the DPI firewall inspects the content of the contained messages and applies more detailed rules. For example, a Modbus DPI firewall can determine if the Modbus message is a read or a write message and then drop all write messages. Good DPI firewalls can also “sanity check” traffic for strangely formatted messages or unusual behaviors.

    DPI firewalls are often used to protect zones of equipment with similar security requirements as per ISA IEC 62443 or to protect equipment critical to the process. Be aware that DPI is sometimes known by other terms, such as content inspection or protocol whitelisting, and it is not a widely available capability.

    Reply
42. January 19, 2016 at 11:15 am

    Tomi Engdahl says:

    SCADA “Selfies” a Big Give Away To Hackers
    http://it.slashdot.org/story/16/01/19/0310229/scada-selfies-a-big-give-away-to-hackers

    The world’s governments are on notice that their critical infrastructure is vulnerable after an apparent cyberattack darkened 80,000 households in three regions of Ukraine last month. But on the question of safeguarding utilities, operators of power plants, water treatment facilities, and other industrial operations might do well to worry more about Instagram than hackers, according to a report by Christian Science Monitor Passcode. Speaking at a gathering of industrial control systems experts last week, Sean McBride of the firm iSight Partners said that social media oversharing is wellspring of information that could be useful to attackers interested in compromising critical infrastructure. Among the valuable information he’s found online: workplace selfies on Instagram and Facebook that reveal details of supervisory control and data acquisition, or SCADA, systems.

    “No SCADA selfies!” said Mr. McBride at the S4 Conference in Miami Thursday. “Don’t make an adversary’s job easier.” iSight has found examples of SCADA selfies at sensitive facilities and warns that such photos may unwittingly reveal critical information that operators would prefer to keep secret.

    Worried about cyberattacks on US power grid? Stop taking selfies at work
    http://www.csmonitor.com/World/Passcode/2016/0115/Worried-about-cyberattacks-on-US-power-grid-Stop-taking-selfies-at-work?cmpid=TW

    Experts warn that malicious hackers gain valuable insight when companies and employees reveal too much information on the Web – especially when they work at sensitive facilities.

    The world’s governments are on notice that their critical infrastructure is vulnerable after an apparent cyberattack darkened 80,000 households in three regions of Ukraine last month.

    Social media oversharing is wellspring of information that could be useful to attackers interested in compromising critical infrastructure, said Sean McBride, senior threat intelligence analyst at iSight Partners. Among the valuable information he’s found online: workplace selfies on Instagram and Facebook that reveal details of supervisory control and data acquisition, or SCADA, systems.

    iSight has found numerous examples of SCADA selfies at sensitive facilities and warns that such photos may unwittingly reveal critical information that operators would prefer to keep secret. The firm’s researchers have also discovered panoramic pictures of control room and video walk-throughs of facilities.

    In addition to posting videos and photos on the Web, corporate websites can divulge valuable information to adversaries. For instance, organization charts or lists of employees with contact information accessible via the utility website are valuable sources of information for would-be attackers, says McBride.

    These kinds of easily accessible images have aided critical infrastructure attacks in the past.

    In 2011, industrial control systems expert Ralph Langner used an image of a SCADA control system monitor in one of the photos to match the configuration of the Natanz centrifuges to configuration information in the Stuxnet malicious software created to hobble the facility.

    Today, McBride said that he and fellow researchers have used open-source information from media, government, and private sources to identify 15 facilities in the US that are critical to the operation of the electric grid.

    McBride suggested that critical infrastructure operators think like hackers before posting photos online: “Ask yourself, ‘What do my adversaries know about me and the organizations I support.’ “

    Reply
43. January 19, 2016 at 12:09 pm

    Tomi Engdahl says:

    Advantech authentication forgets the authentication part
    Industrial gateways also carry a debugging backdoor
    http://www.theregister.co.uk/2016/01/19/advantech_authentication_forgets_the_authentication_part/

    Advantech’s EKI series of Modbus-to-TCP/IP gateways have a critical authentication bug, according to HD Moore of Rapid7.

    Back in December, Moore made a bunch of disclosures about the same product (including Shellshock and Heartbleed exposure).

    His latest discovery is that the EKI’s Dropbear SSH daemon isn’t authenticating users.

    “As of the 1.98 version of the firmware, The Dropbear daemon included had been heavily modified. As a result, it does not actually enforce authentication. During testing, any user is able to able to bypass authentication by using any public key and password”, the company writes.

    Advantech has since patched the two bugs
    http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-T2M6NY&Doc_Source=Download

    Reply
44. January 21, 2016 at 2:21 pm

    Tomi Engdahl says:

    Securing a wireless application
    http://www.controleng.com/single-article/securing-a-wireless-application/3b6559f5017e8773396d0cba486163e7.html

    Industrial wireless applications are being used by leading manufacturers and operators to improve availability and reduce costs, and there are plenty of protection techniques such as defense-in-depth to keep a network from being compromised by a security breach.

    Industrial wireless applications are seeing more and more action by leading manufacturers and operators to improve availability and reduce costs. In theory, that sounds great, but it is worth considering how difficult it is to make sure these industrial networks are secure before using them in a facility.

    The good news is the best practices, technologies, and products currently available make implementing wireless applications securely straightforward for engineering teams. Wireless applications are no different than wired applications when it comes to an essential industrial control system (ICS) security best practice-defense-in-depth (DiD). DiD is a holistic approach built on three core concepts:

    1. Multiple layers of defense: A variety of security solutions end up used so if an attacker bypasses one area, another can provide the needed defense.
    2. Differentiated layers of defense: Each security layer is slightly different so an attacker can′t automatically get through all layers of defense.
    3. Threat-specific layers of defense: Each defense is for the specific context and threat, allowing protection based on the behavior and context of the systems using these protocols.

    Whether a threat is an accidental internal incident or a deliberate external attack, a DiD approach will detect, isolate, and control it.

    A challenge with WLAN transmission paths is they can broadcast outside a company’s property boundaries. Thus attackers don′t need direct, physical access to an industrial network in order to interfere with its operation and capture critical and confidential information.

    Industry cooperation has led to standards such as IEEE 802.11i/WPA2 that protect the confidentiality and integrity of wireless data. All current products on the market must comply with these standards, ensuring control system communications are authentic, and attackers cannot extract sensitive data.

    In regard to WPA2, be sure to implement its Enterprise mode for strong device authentication.

    Protected management frames (PMF) are useful because they are designed to protect against forgery by extending the mechanism for authentication and encryption present in WPA2 to management frames.

    Even the most effective WLAN encryption doesn’t offer protection when a security incident originates inside the network. But, by selectively limiting communication to only what is required to run the industrial application, additional barriers are established that are designed to limit the impact of internal attacks.

    This type of limitation is another defense-in-depth mechanism that considerably increases the all-around security of a network. Other strategies for limiting communication within the network include:

    Protect WLAN data by implementing a configurable Layer 2 firewall at the Ethernet level. To do this you need to make sure you are using Access Points with a built-in Layer 2 firewall. The best ones can filter routed and bridged traffic as well as packet-filter traffic between WLAN clients.
    Apply stateful deep-packet inspection (DPI) to secure protocols. After the Layer 2 firewall rules are applied, the DPI firewall inspects the content of the contained messages and applies more detailed rules. For example, a Modbus DPI firewall can determine if the Modbus message is a read or a write message and then drop all write messages. Good DPI firewalls can also “sanity check” traffic for strangely formatted messages or unusual behaviors.

    Reply
45. January 21, 2016 at 2:25 pm

    Tomi Engdahl says:

    The case for open standard wireless networks
    http://www.controleng.com/single-article/the-case-for-open-standard-wireless-networks/62e1cb978b500cb397c9eb2f9863f056.html

    Proprietary wireless systems and local area networks (LANs), while still in use, are being whittled away in spite of the time and expense many companies have invested into them in favor of open standard wireless networks.

    There are several standalone, proprietary wireless systems that are being aggressively marketed in the face of increasing standardization. At the risk of editorializing, these wireless systems are having a somewhat negative effect on the adoption and proliferation of more useful (and less costly) open standard systems. The marketing hype associated with these systems is driven purely by short-term profit, however, with no real concern for the lingering effects of the negative impacts they are having on the decision to implement open standard WLANs.

    Typically, as was the case with proprietary wired networks, the software and hardware required for a proprietary WLAN is very expensive to purchase, implement, and maintain. These wireless systems also require specialized talent that doesn’t necessarily have useful technical skills outside of the particular system being used. Eventually, a sharp technician will develop cross-platform skills to increase his marketability, but by that time things may have changed radically. In the meanwhile, both the vendor and the client have invested huge sums of money and an excess of valuable time to support a system with a relatively short life cycle. This is a very narrow and wasteful approach that is, again, driven by profit rather than the promotion and development of the technology.

    Implementation of proprietary systems puts the client in a difficult position: His expert has gone to bat for the system and can’t back out. For the vendor, it is a gift that continues to give—the poor client is locked into a system that requires some very expensive care and feeding and usually will not perform all of its required functions without regular and expensive upgrades and patches, not to mention costly and specialized labor.

    To their credit, vendors of proprietary WLANs did a great job in capitalizing on a need that was based upon the very commendable motives of reducing costs and enhancing utility; however, implementation produced the opposite result. It was a classic “bait and switch”

    This may be heresy, but open standard wireless, particularly IEEE 802.11 and 802.15.4, is extremely useful and cost effective—and requires substantially less resources to acquire and implement. There is no further need to use proprietary solutions that work in older frequency spectra such as 900 MHz. With the release of IEEE 802.11ah in 2016, the 900 MHz spectrum will be made incredibly useful again and allow thousands of embedded sensors to communicate using open standard technology. This will effectively obsolete the existing proprietary wireless systems operating in that spectrum. There will be no need for proprietary transmitters and receivers that employ vendor-specific configuration and coding, drivers, and management software.

    The cost for open standard wireless network interfaces will shortly make proprietary equipment superfluous, just as we saw with wired systems.

    As was the case with wired networks some 30 years ago, clients and users will migrate away from proprietary, closed systems after realizing the economy and utility of open standard systems. The damage being done now by the failure of the various proprietary implementations to provide economical solutions and reliable performance is of particular concern. Those who have already bought into these systems will be very reluctant to admit that it was a mistake, and this will only prolong the error. “Buyer’s remorse” will engender undeserved mistrust and negative attitudes towards a truly useful technology. For example, Ethernet is now the de facto wired standard worldwide, but that only happened after several false starts. Attempts by manufacturers to impose the use of proprietary network buses have met with limited success. This will also be the initial case with wireless technology, but over time, mistakes will be overcome and forgotten.

    Reply
46. January 27, 2016 at 10:01 am

    Tomi Engdahl says:

    Industrial cyber security: It’s best to learn from the mistakes of others
    http://www.controleng.com/single-article/industrial-cyber-security-its-best-to-learn-from-the-mistakes-of-others/64c3434199164edff9107ae996450968.html

    Engineering and IT Insight: When we don’t learn from past mistakes, we are forced to repeat them, and true to form, it has happened again. An outsourced IT department–unaware of the manufacturing elements of IT–recently shutdown production in a multi-billion dollar manufacturing company.

    Outsourcing IT security is a fairly common practice; few companies can afford the army of specialists required to maintain a secure environment and protect against attacks. An outsourced IT department—unaware of the manufacturing elements of IT—recently shutdown production in a multi-billion dollar manufacturing company.

    One part of the security contract was to perform regular network security scans to look for rogue and illicit devices and unprotected ports. The IT security group did not communicate the test schedule to the company, and, mysteriously, every week, the manufacturing systems at multiple sites would shut down. Programmable logic controllers (PLCs) would mysteriously stop and require reboots or even program reloads, connected devices would reset themselves, and it took hours to get everything running again. The shutdowns occurred after normal business working hours, but manufacturing ran around the clock, so the control department was called in after hours to fix the problem.

    The sites thought they had a local problem, but couldn’t determine the cause. Finally, one site noticed a network storm before the shutdown

    The shutdown sites did not have implemented separate business and manufacturing systems through a demilitarized zone (DMZ). It is an IT network that sits between business/corporate networks and real-time control networks. There is no direct connection through the DMZ, and all communication is routed through servers and databases. There is a firewall on each side of the DMZ and sometimes a separate user domain within it.

    The network storm hit all of the PLCs and embedded devices with more network traffic than they could handle on those sites that had not setup a DMZ to protect the control systems. Some of the PLCs and embedded devices were more than 10 years old and were not designed to handle network storms

    Devices, networks, no rules

    The corporate IT response, when confronted with the problem, responded with: “Well, what are you going to do to protect against these types of attacks?” This pointed out the problem: there were no formal policies or rules for the division of responsibilities between the IT organization and the control department. The IT organization “owned” the networks and switches; the control department “owned” the end devices. The control networks were not considered part of the control systems by IT but were by the control department. The control department had no way to fix the problem, and the IT department had no way to fix the embedded devices. There was corporate guidance for separation of networks but no monitoring of compliance.

    The lesson to be learned is that corporate policies and rules for the separation of control and IT networks through DMZs are necessary, along with the need for procedures and checks to monitor sites for compliance. This company was lucky—no personnel were injured, no equipment was damaged, and they learned their lesson before a real attack happened. However, the lesson only cost millions of dollars.

    Avoid a million-dollar lesson

    Reply
47. January 27, 2016 at 10:08 am

    Tomi Engdahl says:

    The three R’s: Repair, replace, or retrofit
    http://www.controleng.com/single-article/the-three-rs-repair-replace-or-retrofit/d5144069fe3a799f57656cdcadb1094f.html

    Deciding whether to repair, replace, or retrofit an asset within a plant depends on business goals and operation and maintenance requirements of each asset in a facility.

    A key factor in determining the performance of any plant or facility is a thoroughly designed system that includes effectively monitoring operations and maintenance requirements, which play a critical role in sustainable production, process availability, and plant reliability.

    Plants and facilities aren’t different from humans in the sense that they are made up of numerous assets (organs) where each has its own criticality, requirements, and constraints and must all work together to ensure sustained operation. Just as human fitness depends on lifestyle choices and receiving medical attention when faced with health issues, ensuring optimal performance in facilities depends on business goals and operation and maintenance requirements of each asset in a facility

    When dealing with maintenance of any asset, the decision will come down to one of the three R’s: repair, replace, or retrofit. Choosing which option is best depends on a number of factors such as business goals, criticality to process, and the asset’s lifecycle relative to the project’s lifecycle.

    Typical assets include production systems, generators, compressors, pumps, and control systems that automate and integrate all these assets for efficient operations. Each asset has unique maintenance requirements and criticality to facility operations.

    The decision to repair, replace, or retrofit is based on a needs analysis of equipment function and its failure case. This analysis usually needs to be done on a case-by-case basis.

    IEC61508—Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems—defines the mean-time-to-repair (MTTR) as the total time it takes to repair starting from time of failure to its subsequent startup, taking into account the travel time, location, spares holding, service contracts, environmental constraints, etc.

    Ongoing optimization of older assets significantly reduces the cost and personal safety risks in the continuous presence of personnel on site. These activities are managed by initiating and executing retrofit projects.

    An example is a facility from an offshore project that had been running for 30 years and could not afford an overhaul because of the end user’s production constraints.

    Reply
48. January 28, 2016 at 10:53 am

    Tomi Engdahl says:

    The IoT Library: For Industrial Man-Machine Interfaces, Keep It Simple
    http://www.eetimes.com/author.asp?section_id=36&doc_id=1328781&

    One trick for easing the interface between human and machine is to match the complexity of the part you use to the complexity of the job in hand.

    The complex connection between man and machine is the domain of modern industrial control, otherwise known as the science of how to communicate with machines—home of the man-machine interface challenge.

    Machine communication input devices are ubiquitous: toggle switches, rotary switches, thumbwheels, slider and rotary potentiometers; simple navigation joysticks, and potentiometer-based joysticks. Buzzers, bells, lights and sounders help us monitor machines with our eyes and ears.

    Security has also emerged as a top industrial control design theme. It’s a topic that inspired NIST’s Guide to Industrial Control Systems Security, a how-to guide to securing industrial control systems. It covers supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC).

    The NIST document provides an overview of ICS and typical system topologies, and it identifies typical threats and vulnerabilities to these systems and provides recommended security countermeasures to mitigate the associated risks. It’s all a matter of good design and developing a thorough understanding of all aspects of the man-machine interface

    Switches, for example, seem pretty straightforward, but the switch you use for an emergency machine stop must be specially engineered for high reliability.

    Guide to Industrial Control Systems (ICS) Security
    Supervisory Control and Data Acquisition (SCADA) Systems,
    Distributed Control Systems (DCS),
    and Other Control System Configurations such as Programmable Logic Controllers (PLC)
    http://csrc.nist.gov/publications/drafts/800-82r2/sp800_82_r2_second_draft.pdf

    Reply
49. February 11, 2016 at 9:10 am

    Tomi Engdahl says:

    Siemens SIMATIC Controllers Vulnerable to DoS Attacks
    http://www.securityweek.com/siemens-simatic-controllers-vulnerable-dos-attacks

    Siemens has released a firmware update for its SIMATIC S7-1500 programmable logic controller (PLC) to address two vulnerabilities, including a high severity issue that can be exploited for denial-of-service (DoS) attacks.

    According to advisories published this week by Siemens and ICS-CERT, the flawed SIMATIC S7-1500 CPU family is used worldwide in industrial environments in the critical manufacturing, chemical, and food and beverages sectors.

    The security holes can only be exploited by an attacker who has network access to the vulnerable devices, Siemens said.

    The flaws were reported to Siemens by France-based security firms Lexfo and Amossys via the country’s National Agency for Computer Security (ANSSI).

    This is the second security update released by Siemens in 2016.

    Reply
50. February 11, 2016 at 2:19 pm

    Tomi Engdahl says:

    Remote support update advice and best practices
    http://www.controleng.com/single-article/remote-support-update-advice-and-best-practices/d1483116245ccb71ca17e687ba1cae6f.html

    When a controls programmer has make a live update to an already running process, it is best to follow strict procedures and best practices to mitigate risks and ensure success when making these changes.

    Every controls programmer has made a simple mistake that has produced unexpected and sometimes comical results. In other situations, however, these errors can cost time, money, or even pose a significant safety risk. It is always best practice to test all programs prior to implementing on a live system, but occasionally it is necessary to make a live update to an already running process. Whether updates are remote or local, all have a certain level of risk. It is best to follow strict procedures and best practices to mitigate risks and ensure success when making these changes.

    HPS International

    The first step in making changes is to evaluate the scope and impact this this may have to the process. Is the person making the updates going to be remote or on site? Will changes be made or affect the programmable logic control (PLC), human-machine interface (HMI), servers, network configuration, or other vital areas to the facility? Upon completion, will anything need to be restarted? Will any essential pieces of equipment be affected? What are the expected results? All possibilities need to be considered and communicated to plant managers, operators, and maintenance personnel. Once a scope is properly defined, the next step is to begin outlining the tasks to complete.

    It is important to list out all the activities to be performed to ensure nothing is missed. Outline every detailed change sequentially and have a colleague or manager proofread the list. Each item should include an estimated time of completion. If the timeframe is strict, it will be important to stay on schedule for each task. If the timing slips, have a contingency plan for recovery.

    The first item should be creating a backup of the original system. If needed, a plan should be in place to revert back to the original program or setting. A backup may also be useful to verify changes in the future.

    Timing can have a major impact on whether performing these tasks are a success or a major failure. Ideally, a plant or process will be shut down temporarily to allow modifications and thorough testing. If the system is running, wait for better conditions. Be sure to ask about shift changes. Troubleshooting remotely can be difficult when the customer is preparing to leave or performing a turnover.

    Reply