Secure remote access in manufacturing.

24/07/2018
Jonathan Wilkins, marketing director of obsolete industrial parts supplier EU Automation, discusses secure remote access and the challenges it presents.

Whether you’re working from home, picking up e-mails on the go or away on business, it’s usually possible to remotely access you company’s network. Though easy to implement in many enterprises, complexity and security present hefty barriers to many industrial businesses

Industry 4.0 provides an opportunity for manufacturers to obtain detailed insights on production. Based on data from connected devices, plant managers can spot inefficiencies, reduce costs and minimise downtime. To do this effectively, it is useful to be able to access data and information remotely. However, this can present challenges in keeping operations secure.

Secure remote access is defined as the ability of an organisation’s users to access its non-public computing resources from locations other than the organisation’s facilities. It offers many benefits such as enabling the monitoring of multiple plants without travel or even staffing being necessary. As well as monitoring, maintenance or troubleshooting is possible from afar. According to data collected from experienced support engineers, an estimated 60 to 70 per cent of machine problems require a simple fix, such a software upgrade or minor parameter changes – which can be done remotely.

Remote access reduces the cost and time needed for maintenance and troubleshooting and can reduce downtime. For example, by using predictive analytics, component failures can be predicted in advance and a replacement part ordered from a reliable supplier, such as EU Automation. This streamlines the process for the maintenance technician, flagging an error instantly, even if they are not on site.

The challenges of remote access
There are still significant challenges to remote access of industrial control systems, including security, connectivity and complexity. Traditional remote-access includes virtual private networking (VPN) and remote desktop connection (RDC). These technologies are complex, expensive and lack the flexibility and intelligence manufacturers require.

Additional complexity added by traditional technologies can increase security vulnerabilities. Industrial control systems were not typically designed to be connected, and using a VPN connects the system to the IT network, increasing the attack surface. It also means if a hacker can access one point of the system, it can access it all. This was the case in attacks on the Ukrainian power grid and the US chain, Target.

To overcome these issues, manufacturers require a secure, flexible and scalable approach to managing machines remotely. One option that can achieve this is cloud-based access, which uses a remote gateway, a cloud server and a client software to flexibly access equipment from a remote location. In this way, legacy equipment can be connected to the cloud, so that it can be managed and analysed in real-time.

Most manufacturers find that the benefits of remote access can offer outweigh the investment and operational risks. To counteract them, businesses should put together a security approach to mitigate the additional risks remote access introduces. This often involves incorporating layers of security so that if one section is breached, the entire control system is not vulnerable.

When implementing remote access into an industrial control system, manufacturers must weigh up all available options. It’s crucial to ensure your system is as secure as possible to keep systems safe when accessed remotely, whether the user is working from home, on the go, or away on business.

@euautomation #PAuto #Industrie4

On the road with IoT.

18/05/2018

How the field service management sector is being changed by IoT

George Walker, managing director Novotek, explains how the Internet of Things (IoT) is changing field service. As more companies move to a predictive model of equipment maintenance, they are looking for ways to use connected devices to improve field service.

Before internet-connected devices were the norm, it was common for facilities managers and in-house maintenance staff to spend time on the phone with suppliers booking in a suitable time for repairs to be carried out. It might have taken hours, if not days, for an engineer to come out to the site — leading to potential downtime in the interim.

When the technician came to the site, they may have found that they didn’t have the right tools, the right parts, or even the specific knowledge to carry out the service needed. This would mean the same technician would have to go back, or a second technician would need to come out to complete the service.

Although this model has been the norm for many years, it is no longer feasible in a modern environment. Factors such as first-time fix rates, mean time to repair and overall efficiency are driving businesses to closely monitor resource allocation and the time spent on maintenance.

Field service management has traditionally been responsible for activities such as locating fleet vehicles, scheduling maintenance work-orders and dispatching personnel. However, the advent of the IoT means that much of this model is shifting to real-time, predictive maintenance and those companies that adapt their businesses will benefit the most from the resulting competitive advantage.

The number of connected IoT devices is set to surge in the next few years, going from 27 billion in 2017 to an estimated 125 billion in 2030, according to analysis firm IHS Markit. Sensors can not only help engineers to remotely diagnose problems in many instances, they can also help to remotely repair or prevent further damage to equipment.

However, hardware sensors are just the start. Better software will help businesses to truly realise the potential of IoT in field service management. Modern field servicing software needs to go beyond the basics and offer better wider integration with the company’s inventory, billing and enterprise resource planning (ERP) systems.

This is why we’ve partnered with the leading vendor in the industry to help our customers achieve better results. Novotek is the sole distributor of GE’s ServiceMax field servicing software in Britain and Ireland. ServiceMax creates solutions for the people who install, maintain and repair machines across dozens of industries, as the leading provider of complete end-to-end mobile and cloud-based technology.

The results speak for themselves. In a recent survey of ServiceMax customers in March 2018, technicians and engineers were 19 per cent more productive, service costs went down by 9 per cent and service revenue increased by 10 per cent. In addition to this, customers saw contract renewals increase by 11 per cent, mean time-to-repair decrease 13 per cent and equipment uptime improve by 9 per cent — leading to customers being 11 per cent more satisfied. Overall, compliance incidents dropped by 13 per cent.

By sending the right technician to the right job, at the right time, you avoid situations where some technicians are overloaded, while others have white space in their schedules. Using an app that works across devices, technicians can request jobs from anywhere. Each service level agreement (SLA) is easily managed and field service reports are easily produced.

What was science fiction a mere five years ago is now reality. A machine on a customer site can send an alert to the service team warning them of an imminent failure and potential downtime. Technicians can then be proactively dispatched to site with the right parts to carry out urgent repairs and mitigate costly downtime.

IoT has already drastically changed other sectors of the industrial landscape and is now making waves in the field service management sector. Whether you’re a utility business, a healthcare provider or even a telecoms business, it’s about time you looked at how IoT will change field servicing for you.

@Novotek #PAuto #IIoT @StoneJunctionPR


Helping provide reliable flood protection in Switzerland.

11/04/2018

Extreme weather is becoming increasingly common throughout the world, making flooding a growing threat. Flood defence measures have traditionally been based on mechanical equipment, but innovative automation technology can now be used to provide greater protection for people and the local environment. AWA – the Office for Water and Waste in the Swiss canton of Berne – is using this latest technology to regulate water levels at the region’s Brienzersee, Thuner and Bielersee lakes, 24 hours a day, 365 days a year.

“Water level regulation must protect people from flooding and prevent damage – ideally in an economically justifiable way,” said Dr Bernhard Wehren, head of maritime regulation at AWA. “Some of our important control operations are particularly time-critical, but until recently, we relied on dataloggers that only sent the different measurements we require every few hours or so. Now, thanks to the new state-of-the-art technology we have implemented, this happens in real time. It is therefore very important that the data communications technology supports this by reliably meeting all the challenges and requirements of our unique mission-critical communications infrastructure.”

Modernising facilities
To help provide the most reliable flood protection, AWA decided to modernise its water regulation facilities for the lakes, encompassing four historic locks, the large Port of Bruggweir and accompanying hydropower plant, and a flood relief tunnel. Due to the increasing demand for the availability of more data, AWA also decided to upgrade all the measurement stations with state-of-the-art technology. The measurement stations play a crucial role in regulating water levels in the lakes.

When developing a plan to modernise the equipment, great attention was paid to both operational safety and system redundancy. There was a need to address the obsolete electrical engineering at Port of Brugg. This would include the conversion of all existing drives and the renewal of the energy supply, a large part of the cabling and the control and monitoring elements for the five weirs. Regulation and control technology also needed attention. Not only was there a need for redundancy in the event of a device failure or a line interruption, but also in case of communication disruptions, such as interruptions to the internet connection.

BKW Energie AG was appointed as the technical service provider and after a thorough review of suitable data communications technology companies, they chose Westermo to provide its robust networking solutions for the project.

Fast communication performance
“Crucial to the selection of Westermo was that their products met our high standards and requirements for the project. This included fast communication performance, multiple routing ports per device, high MTBF periods, extended temperature ranges and very low power consumption,” said Rénald Marmet, project engineer at BKW Energie. “Another factor was the operation and parameterisation of the networking hardware via the WeOS operating system. Also, the extremely efficient and time-saving update capability provided by the WeConfig network management software, which enables the central configuration and management of all Westermo devices.”

The main control network incorporates the AWA control centre in the capital, Berne,and further control centres at the water locks, Thun and Interlaken, each with one SCADA server and redundant controller. The control centres connect to 29 substations (measuring points). Eight SCADA clients access these servers. There is also a SCADA server located in the hydropower plant, providing BKW employees with access. The hydropower plant part is monitored by the BKW control centre in Mühleberg.

Westermo networking technology allows all data to be transferred in real-time between the participating sites. Should an emergency arise, this enables those responsible to take the appropriate measures immediately to ensure the best possible protection against flooding. Also, maintenance and software updates for all the installed Westermo networking devices can be performed easily and quickly with just a few mouse clicks.

In total, Westermo provided thirty of its RFIR-227 Industrial Routing Switches, twenty-seven VDSL Routers, twenty-fiveMRD-4554G Mobile Routers, thirty-five Lynx 210-F2G Managed Ethernet Switches with Routing Capability, thirty-six L110-F2G Industrial Layer -2 Ethernet Switches, and over eighty 100 Mbps and 1 Gbps SFP fibre optic transceivers via multimode and single-mode fibre for distances up to 80km.

Greater network redundancy
The three control centres all have two firewall routers connecting them to the internet providers and enabling them to receive or set up the IPsec and OpenVPN tunnels. There are also two redundant Siemens Simatic S7-400controllers installed in a demilitarized zone (DMZ) and a WinCC SCADA server connected to the local network. The AWA SCADA station has the same design, but without the control functionality.

BKW took care not only to create network redundancy, but also to set up redundant routes to the internet providers. The VDSL routers use the service provider Swisscom, and the MRD-455 4G mobile radio routers are equipped with SIM-cards from Sunrise. The heart of the main network – the three control centres and the AWA control centre- are linked by IPsec-VPN Tunnels and Generic Routing Encapsulation(GRE) and form the automation backbone via Open Shortest Path First(OSPF) technology.

The result of this is that even should there be simultaneous connection failure to an internet provider in one location and the other provider at another station, or the total failure of one provider, communication between all centres, the connected remote stations and the remote access by BKW or AWA is still possible.

For increased safety, the external zones are segmented further. The service technicians can connect to the control centres through an OpenVPN tunnel and have access to all measuring stations on the network.

There are two different types of measuring stations. The high availability station consists of two completely separate networks. Each PLC is installed ‘behind’ a Westermo Lynx 210 device, which acts as a firewall and establishes the connection to the control centre via an OpenVPN tunnel. The redundant internet access is provided either via a VDSL router, which is connected to Swisscom, or a MRD-455 with Sunrise as the provider. A ‘standard’ station has only one PLC with a Lynx 210 acting as a firewall router and building the VPN tunnels in parallel via the two internet routers.

Security requirements
As well as network redundancy, security was also part of the requirements to guarantee high communication availability. The network implemented by BKW and Westermo provides the necessary security in accordance with recommendations found in the BDEW whitepaper and IEC-62443 standard. The outstations not only form their own zone, but other areas are also segmented where necessary. The network for the SCADA servers in the control centres is also decoupled from the backbone using two VRRP routers.

The flood defence system now has one of the most modern data communication systems in Switzerland. Explaining why this is so important to AWA, Dr Bernhard Wehren said: “Protection against flooding must be guaranteed at all times. Depending on the meteorological or hydrological situation, the availability of the required measured values is critical. Because access to the measuring stations in the extensive regions of the canton is generally very time-consuming, network device failures and communication interruption must be kept to a minimum. It is therefore extremely important that all components of our communication systems meet the highest standards, offer extreme reliability and can be upgraded to meet new requirements.”

“We were able to simplify processes, make them secure, redundant and transparent for the engineering department via VPN connections. This contributes significantly to the simple, safe and efficient maintenance of the system,” Rénald Marmet said. “Thanks to the extensive cooperation with Westermo network engineers, we were able to create the ideal solution that meets all requirements and was delivered on time. Westermo’s reliable networking technologies have given AWA and BKW the opportunity to build individual data communication solutions for critical industrial applications, while providing scalable, future-proof applications. The solution also offers all involved a high degree of investment security.”

#Switzerland. @Westermo @bkw #Environment #PAuto

Connecting, communicating and creating in Netherlands.

14/03/2018

The country of the Netherlands is where the Rhine enters the sea. It is a country which has physically built itself out of the inhospitable North Sea. Often called Holland – which is the name of one (actually two) of its provinces – it even more confusingly for the English speaking world inhabited by the Dutch speaking Dutch. If you really want to know more about Holl.. er sorry, The Netherlands watch the video at the bottom of this piece.

Although not officially the capital of The Netherlands, Amsterdam is, The Hague is the seat of Government and official residence of the King. It was selected by the Emerson User Group as the venue for their European, Middle East & African assembly, refereed to as #EMrex on twitter. These assemblies – can we say celebrations? – occur every two years. The last was held in Brussels, the capital of the neighbouring Kingdom of the Belgians and of the European Union. An sccount of happenings there are in our postin “All change at Brussel Centraal.” (18/4/2016)

Lots of pictures from the event!

The size of this event was in marked contrast to the Brussels meet which was overshadowed by the terrible terrorist attacks in that city only three weeks earlier which presented transport difficulties. This time there were over one thousand six hundred delegates filling the huge hall of the Hague Convention Centre.

Another difference referred to in many of the discussions both formal and informal were the two great uncertainties effecting all businesses and industries – the possibility of a trade war with the USA under its current administration and nearer home the aftermath of the BREXIT decision – the exit of the British from the largest economic bloc on the planet. Many developments have been put on the long finger pending clarification on these issues.

Mary Peterson welcomes delegates

Why are we here?
This event continued in the vein of previous meetings. The emphasis continuing to move to perhaps a more philosophical and certainly a more holistic view of how the automation sector can help industry. This was made clear in the introductory welcome by Novartis’s Mary Peterson, Chair of the User Group, when she posed the question, “Why are we here?”

“This is a conference for users by users.” she said. It is a place to discuss users’ practical experiences; continuing our profissional development; learning best practice and proven solutions and technology roadmaps. But above all it presented an opportunity to connect with industry leaders, users and of course Emerson experts.

For other or more detailed information on happenings and/or offerings revealed at this event.
News Releases

and on Twitter #EmrEx

The emphasis is on the totality of services and packages not on individual boxes. Emerson’s European President Roel Van Doren was next to address the assembly. We should know our plant but be unafraid to use expertese and knowledge to keep it fit for purpose. Monitor the plant constantly, analyse what is required and then act. This means seeing how the latest advances might improve production. This means harnessing the “new technologies.” In passing he drew our attention that Emerson had been recognised earlier this year as ‘Industrial IoT Company of the Year’ by IoT Breakthrough.

The path is digital
A very striking presentation was given by Dirk Reineld, Senior VP Indirect Procurement with BASF. He brought us to the top of Rome’s Via de Conciliazione on 19th April 2005. We saw the huge crowd looking towards the centre balcony as the election of a new pope was announced. He then moved forward to the 13th March in 2013, the same place but what a difference in such a short time. This time it seemed that everybody had a mobile phone held to take photographs of the announcement of the election of Francis. All we could see was a sea of little screens. He used this to emphasize a point “We are underestimating what is happening & its speed.” This is not helped by a natural conservatism among plant engineers. Change is happening and we either embrace it or get left behind. It is becoming more and more clear that in front of us “the path is digital!” He presented some useful examples of digitalisation and collaboration at BASF.

PRESENTATIONS

Registered delegates have access to slides from the main presentation programme. These slides are available for download via the Emerson Exchange 365 community (EE365).

Emerson Exchange 365 is separate from the Emerson Exchange website that presenters & delegates used before Exchange in The Hague. So, to verify your attendance at this year’s conference, you must provide the email you used to register for Exchange in The Hague. If you are not already a member of EE365 you will be required to join.

To access the presentations, visit The Hague 2018 and follow the prompts. The first prompt will ask you to join or sign in.

Something in this particular EmrEx emphasised how things are moving and those unprepared for the change. Among some of the press people and others there was disappointment expressed that there was not a printed programme as in previous years. This correspondent is used to going away into a corner and combing through the printed agenda and selecting the most relevant sessions to attend. This was all available on line through the “Emerson Exchange Web App.” This was heralded as a “a great preshow planning tool.” All we had to do was enter a link into our our web-browser on our phones and away you went. Yes this is the way to go certainly and although I am inclined to be adventurous in using social media etc I and some (if not many) others found this a step too far to early. It was not clear that a printed version of the programme would not be available and the first hour of a conference is not the best time to make oneself au fait with a new app.

Having said that while many of the journos took notes using pencil and paper they were not adverse to taking photos of the presentation slades so they could not be said to qualify as complete luddites!

Terrific progress but…

Rewards of efficiency
This event was being held at the same time as CERAWeek 2018 in which Emerson was an important participant. Some Emerson executives thus made the trans Atlantic journey to make presentations. One of those was Mike Train, Emerson’s Executive President who delivered his talk with no apparent ill effects. In effect he was asking a question. “Just how effective is progress?” Yes, we HAVE made phenomenal progress in the last 30 years. “Modern automation has made plants more efficient, reliable and safer, but, the ‘Efficiency Era’ is reaching diminishing returns….Productivity seems to be stagnation while the workforce is stretched.”

He postulated five essential competancies for digital transformation.

  1. Automated workflows: Eliminate repetitive tasks and streamline standard operations.
  2. Decision support: Leverage analytics and embedded exportise.
  3. Mobility: Secure on-demand access to information and expertese.
  4. Change management: Accelerate the adoption of operational best practices.
  5. Workforce upskilling: Enable workers to acquire knowledge and experience faster.

Making the future!

Making the future
The next speaker was Roberta Pacciani, C&P Manager Integrated Gas and Upstream Technology with Shell. She is also President of the Women’s Network at Shell Netherlands. She spoke on leveraging the best available talent to solve future challenges. I suppose that we would have classified this as a feminist talk but of course it isn’t. As the presenter said it is not so much a feminist issue as a people issue. “Closing the gender gap in engineering and technology makes the future.”  This was a useful presentation (and in this correspondent’s experience unusual) and hopefully will be helpful in changing perceptions and preconceptions in STEM and our own particular sector.

As partof EmrEX there is an exhibition, demonstration area. Delegates may see innovative technologies applied to their plant environment. They meet with experts about topics such as getting their assets IIoT ready or how to use a Digital Twin to increase performance and explore options to prepare their plant for the future. As a guide – printed as well as on-line – the produced a Metro-like guide.
Using this we could embark on a journey through products, services and solutions where Emerson together with their partners could help solve operational and project challenges.

One of the most popular exhibits was the digital workforce experience. Here we visited a plant and were transported magically to former times to see just how different plant management is now and particularly with the help of wireless and digitisation.

It happened!

One of the good things about this sort of event is the opportunity to meet friends for the first time though social media. Sometimes one does not know they are attending unless the tweet something. Thus I realised that an Emerson engineer was present and so I went looking for him in the expos area. This it was that Aaron Crews from Austin (TX US) and I met for the first time after knowing each other through twitter & facebook for a frightening ten years. Another of these virtual friends, Jim Cahill, says, “It hasn’t happened without a picture!” So here is that picture.

The following morning there were a series of automation forum dedicated to various sectors. The Life-Sciences Forum was one which was very well attended.  Ireland is of course a leader in this sector and we hope to have a specific item on this in the near future. Emerson have invested heavily in the national support services as we reported recently.

Each evening there were social events which provided further opportunities for networking. One of these was a visit to the iconic Louwman Transport Museum where reside possibly the largest collections of road vehicles from sedan chairs through the earliest motor cars up to the sleekest modern examples. These are all contained in a beautiful building. The display was very effectively presented and one didn’t have to be a petrol-head – and believe me there were some among the attendance – to appreciate it.

It is impossible to fully report an event like this in detail. One can follow it on twitter as it happens of course. And there will be copies of many of the presentations and videos of some of the sessions on the website.

The Emerson User Group Exchange – Americas will continue “spurring innovation” in San Antonio (TX USA) from 1st to 5th October 2018. It looks exciting too.

We promised at the top of this blog an exposé of the country often called Holland in English –


So now you know!

@EMR_Automation #Emrex #Pauto

Robust and reliable data communications support in Czech mining enterprise.

27/02/2018

In times of increasing digitisation of industrial processes, the importance of robust and reliable data communications is becoming more evident. The communication network is often critical to operations and failure to get data from A to B can have serious impact on production. Data networks supporting monitoring and control systems within mining applications require a special kind of robustness. Not only do the operating conditions include fluctuating temperatures, dust and dirt, but there is also constant vibration, which is extremely tough on network devices and cables.

The Vršany Lom brown coal surface quarry is using Westermo Lynx Switches and Wolverine Ethernet extenders to make up its entire data communications network.

The sheer size of an open-pit mine makes it difficult to maintain a data network and the need to constantly move mining equipment puts a considerable stress on the network cables.

Monitoring from the control room.

At Vršany Lom, one of the largest mines in the Czech Republic, all of these challenges have been overcome with the implementation of robust industrial networking technology from Westermo. Vršany Lom is a brown coal surface quarry located in the North Bohemian coal basin near the town of Most. The site is mined by Vršanská uhelná a.s., which is a part of the Sev.en group, a major European mining company responsible for the largest coal reserves in the Czech Republic.

Over the course of an eight-year period, Marek Hudský, chief technical engineer at Vršanská uhelná a.s., has strived to create the perfect monitoring and control system and supporting data communications network.

“The communications network is my responsibility and something I have designed, built and improved over many years,” explains Marek. “The continuous improvements have made a massive impact to overall production. The average time to transport the coal from the mine to the collection site has been reduced from 25 minutes to less than four minutes. On an annual basis this adds up to an extra month’s worth of production.

Control of the bucket wheel excavator is performed by the operator, but the communications network enables operation to be monitored from the central control room.

“This significant improvement has been achieved by reducing network downtime, which previously was very common and required many hours of maintenance. Today, interruptions to production due to network issues are rare.”

The Vršany Lom open-pit quarry covers an enormous area and mining takes place at several locations simultaneously. The coal is extracted using large bucket wheel excavators and loaded onto kilometer long conveyor belts that transport it to the collection site. Some sections of the conveyors are permanently positioned, whilst others are moved as the digging location changes.

Conveyor belts stretching out over many kilometers transport coal to a central collection point. The data communication cables are installed along the conveyors, connecting monitoring and control equipment for the excavators and conveyors to the control room.

The entire network is now running entirely on Westermo WeOS-powered devices, consisting of 60 Westermo Lynx switches and 40 Wolverine Ethernet extenders. The data communication equipment and cabling are installed along the conveyor belts. This connects several hundred sensors that provide critical operational data to the central SCADA system, which helps to ensure safe and effective mining. Fibre optic cables are located inside the permanent conveyors, with the Lynx switches installed in substations at set points along the conveyor belts. The fibre network is configured in a ring topology with Westermo’s FRNT super-fast ring reconfiguration protocol providing network reconfiguration times of less than 20 ms.

“The fibre network works flawlessly. The switches and cables have been in operation for quite a while now and have required very little maintenance,” explains Marek. “The real challenge is the data communication closer to the actual mining. This is where operating conditions are really tough due to continuous vibration and electromagnetic interference from the machines. Also, because the equipment needs to be constantly moved this exposes the cabling to constant wear and tear.

“We have been familiar with Westermo technology since the days of short haul modems. We knew they produced high quality products and when first introduced to the Wolverine Ethernet Extender we were immediately interested. At that point we were using a custom-made communication device, which was not really suitable for a tough mining environment. It caused regular network downtime, maintenance and production standstills, which was a completely unsustainable situation.”

“The first thing that appealed to me about the Wolverine was that was able to provide reliable data communication over regular twisted pair copper cables,” said Marek. “We use copper cables because they can withstand a lot more abuse than fibre before failing, however, when the digging location changes cabling is often bent, cut and sliced, which can reduce the quality of signal. . Despite this we are still able to achieve reliable data communication thanks to the Wolverine device which enables reliable communication even if the copper cabling is not in pristine condition. Secondly, the device had the robust characteristics that are needed to operate reliably in this type of environment. Finally, the Wolverine offered a lot of functionality, such as super-fast ring reconfiguration, LLDP and SNMP that enabled both a very technically advanced and very robust network solution.

“It has been quite a long process of continued improvement to get to where we are right now with the network in terms of functionality and reliability. Last year, I replaced the remaining legacy devices. We are now running the network entirely using Westermo WeOS-powered products and I am very pleased with the overall performance.

“We have always looked for that next improvement that will further strengthen the resilience of the monitoring and control system. By selecting Westermo products and utilising the WeOS operating system to its full capacity, Vršanská uhelná will now see many years of robust and trouble-free data communications.”

@Westermo #PAuto

Understanding risk: cybersecurity for the modern grid.

23/08/2017
Didier Giarratano, Marketing Cyber Security at Energy Digital Solutions/Energy, Schneider Electric discusses the challenge for utilities is to provide reliable energy delivery with a focus on efficiency and sustainable sources.

There’s an evolution taking place in the utilities industry to build a modern distribution automation grid. As the demand for digitised, connected and integrated operations increases across all industries, the challenge for utilities is to provide reliable energy delivery with a focus on efficiency and sustainable sources.

The pressing need to improve the uptime of critical power distribution infrastructure is forcing change. However, as power networks merge and become ‘smarter’, the benefits of improved connectivity also bring greater cybersecurity risks, threatening to impact progress.

Grid complexity in a new world of energy
Electrical distribution systems across Europe were originally built for centralised generation and passive loads – not for handling evolving levels of energy consumption or complexity. Yet, we are entering a new world of energy. One with more decentralised generation, intermittent renewable sources like solar and wind, a two-way flow of decarbonised energy, as well as an increasing engagement from demand-side consumers.

The grid is now moving to a more decentralised model, disrupting traditional power delivery and creating more opportunities for consumers and businesses to contribute back into the grid with renewables and other energy sources. As a result, the coming decades will see a new kind of energy consumer – that manages energy production and usage to drive cost, reliability, and sustainability tailored to their specific needs.

The rise of distributed energy is increasing grid complexity. It is evolving the industry from a traditional value chain to a more collaborative environment. One where customers dynamically interface with the distribution grid and energy suppliers, as well as the wider energy market. Technology and business models will need to evolve for the power industry to survive and thrive.

The new grid will be considerably more digitised, more flexible and dynamic. It will be increasingly connected, with greater requirements for performance in a world where electricity makes up a higher share of the overall energy mix. There will be new actors involved in the power ecosystem such as transmission system operators (TSOs), distribution system operators (DSOs), distributed generation operators, aggregators and prosumers.

Regulation and compliancy
Cyber security deployment focuses on meeting standards and regulation compliancy. This approach benefits the industry by increasing awareness of the risks and challenges associated with a cyberattack. As the electrical grid evolves in complexity, with the additions of distributed energy resource integration and feeder automation, a new approach is required – one that is oriented towards risk management.

Currently, utility stakeholders are applying cyber security processes learned from their IT peers, which is putting them at risk. Within the substation environment, proprietary devices once dedicated to specialised applications are now vulnerable. Sensitive information available online that describes how these devices work, can be accessed by anyone, including those with malicious intent.

With the right skills, malicious actors can hack a utility and damage systems that control the grid. In doing so, they also risk the economy and security of a country or region served by that grid.

Regulators have anticipated the need for a structured cyber security approach. In the U.S. the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) requirements set out what is needed to secure North America’s electric system. The European Programme for Critical Infrastructure Protection (EPCIP) does much the same in Europe. We face new and complex attacks every day, some of which are organised by state actors, which is leading to a reconsideration of these and the overall security approach for the industry.

Developing competencies and cross-functional teams for IT-OT integration

Due to the shift towards open communication platforms, such as Ethernet and IP, systems that manage critical infrastructure have become increasingly vulnerable. As operators of critical utility infrastructure investigate how to secure their systems, they often look to more mature cybersecurity practices. However, the IT approach to cybersecurity is not always appropriate with the operational constraints utilities are facing.

These differences in approach mean that cybersecurity solutions and expertise geared toward the IT world are often inappropriate for operational technology (OT) applications. Sophisticated attacks today are able to leverage cooperating services, like IT and telecommunications. As utilities experience the convergence of IT and OT, it becomes necessary to develop cross-functional teams to address the unique challenges of securing technology that spans both worlds.

Protecting against cyber threats now requires greater cross-domain activity where engineers, IT managers and security managers are required to share their expertise to identify the potential issues and attacks affecting their systems

A continuous process: assess, design, implement and manage
Cybersecurity experts agree that standards by themselves will not bring the appropriate security level. It’s not a matter of having ‘achieved’ a cyber secure state. Adequate protection from cyber threats requires a comprehensive set of measures, processes, technical means and an adapted organisation.

It is important for utilities to think about how organisational cybersecurity strategies will evolve over time. This is about staying current with known threats in a planned and iterative manner. Ensuring a strong defence against cyberattacks is a continuous process and requires an ongoing effort and a recurring annual investment. Cybersecurity is about people, processes and technology. Utilities need to deploy a complete programme consisting of proper organisation, processes and procedures to take full advantage of cybersecurity protection technologies.

To establish and maintain cyber secure systems, utilities can follow a four-point approach:

1. Conduct a risk assessment
The first step involves conducting a comprehensive risk assessment based on internal and external threats. By doing so, OT specialists and other utility stakeholders can understand where the largest vulnerabilities lie, as well as document the creation of security policy and risk migration

2. Design a security policy and processes
A utility’s cybersecurity policy provides a formal set of rules to be followed. These should be led by the International Organisation for Standardisation (ISO) and International Electrotechnical Commision (IEC)’s family of standards (ISO27k) providing best practice recommendations on information security management. The purpose of a utility’s policy is to inform employees, contractors, and other authorised users of their obligations regarding protection of technology and information assets. It describes the list of assets that must be protected, identifies threats to those assets, describes authorised users’ responsibilities and associated access privileges, and describes unauthorised actions and resulting accountability for the violation of the security policy. Well-designed security processes are also important. As system security baselines change to address emerging vulnerabilities, cybersecurity system processes must be reviewed and updated regularly to follow this evolution. One key to maintaining and effective security baseline is to conduct a review once or twice a year

3. Execute projects that implement the risk mitigation plan
Select cybersecurity technology that is based on international standards, to ensure appropriate security policy and proposed risk mitigation actions can be followed. A ‘secure by design’ approach that is based on international standards like IEC 62351 and IEEE 1686 can help further reduce risk when securing system components

4. Manage the security programme
Effectively managing cybersecurity programmes requires not only taking into account the previous three points, but also the management of information and communication asset lifecycles. To do that, it’s important to maintain accurate and living documentation about asset firmware, operating systems and configurations. It also requires a comprehensive understanding of technology upgrade and obsolescence schedules, in conjunction with full awareness of known vulnerabilities and existing patches. Cybersecurity management also requires that certain events trigger assessments, such as certain points in asset life cycles or detected threats

For utilities, security is everyone’s business. Politicians and the public are more and more aware that national security depends on local utilities being robust too. Mitigating risk and anticipating attack vulnerabilities on utility grids and systems is not just about installing technology. Utilities must also implement organisational processes to meet the challenges of a decentralised grid. This means regular assessment and continuous improvement of their cybersecurity and physical security process to safeguard our new world of energy.

@SchneiderElec #PAuto #Power

Sink or swim? Drowning under too much info!

16/06/2017

Rachel Cooper, category marketing manager – field services with Schneider Electric on managing the Big Data Flood.

The Internet of Things (IoT) is constantly in the news. That’s understandable since forecasts anticipate that there will soon be tens of billions of connected devices, helping the IoT sector to generate more than £7.5 trillion worth of economic activity worldwide. In fact, according to McKinsey Global, the IoT economic impact on factories, retail settings, work sites, offices and homes could total as much as £3.55 trillion by 2025.

Oil refinery control room screen

One area where the IoT is driving development is in smart buildings. Today’s more complex buildings are generating vast quantities of data, but building management systems (BMS) are not leveraging that data as much as they could, and are not always capturing the right data to make useful decisions. With 42 per cent of the world’s energy consumed by buildings, facility managers face escalating demand for environmentally friendly, high-performance buildings that are efficient and sustainable.  The data collected can help them to achieve this.

However, many facility managers lack the time and resources to investigate the convenient methods that can help them to turn the flood of IoT and other sensor data they’re exposed to, into actionable insights

Forced to do more with less 
Reduced budgets force building owners to manage sophisticated building systems with fewer resources. This issue is further aggravated by older systems becoming inefficient over time. Even when there is sufficient budget, it is increasingly difficult and time-consuming to hire, develop, and retain staff with the skills and knowledge to take advantage of BMS capabilities.

Facility managers also face challenges maintaining existing equipment performance. Components can break or fall out of calibration, and general wear and tear often leads to a marked decline in a building’s operational efficiency. Changes in building use and occupancy can contribute to indoor air-quality problems, uncomfortable environments, and higher overall energy costs. These changes begin immediately after construction is complete.

Owners often undertake recommissioning projects to fine-tune their buildings. Such work is intended to bring the facility back to its best possible operation level. However, recommissioning is often done as a reactive measure, and traditional maintenance may not identify all areas of energy waste. Operational inefficiencies that are not obvious, or that do not result in occupant discomfort, may go undetected.

Upskilling the current workforce
Many tools have come onto the market over the past decade to help employees get a better understanding of their facilities and assist them in their day-to-day operations and long-term planning. This can include anything from dashboards and automated analytics platforms to machine-learning optimisation engines. However, much like the sophisticated BMS platforms available today, for each tool you deploy, more investment is needed in time for training. In fact, research shows that lacking training is evident with roughly only 20 per cent of facility managers using 80 per cent of capabilities available to them within their BMS. The remaining 80 per cent use a very limited amount (20 per cent) of the potential functionality in their system.

With personnel turnover and competing facility-management responsibilities, many facilities are left without staff who have the time to learn the full capabilities of these tools. Of course, outsourcing different functions is one way to overcome these issues. However, vendors must be managed closely to ensure efficacy, and to ensure that outsourcing costs do not accrue significantly as third parties spend more time on-site.

In tech we trust
Technology has become an important part of building management, as BMS play an ever bigger role in how facility managers perform their jobs and operate buildings. Newer technologies like data visualisation dashboards let facility managers view building performance metrics in a single window, helping them to spot trends and gather insights. By visualising data in terms of graphs, charts, and conversion to different equivalents – for example, kWh to pound cost or kWh to carbon footprint, an experienced building operator can manually identify areas of concern for closer inspection.

Yet, while dashboards can be helpful in determining building behaviour, the data is often complex and challenging to interpret. In fact, even if building staff have the time and skills to review and understand the data, dashboard information alone tells only part of the building performance story. Facility managers can identify where inefficiencies exist but usually not why. This requires additional troubleshooting and investigation. Therefore, dashboards are most effective for simple monitoring in environments where there are plenty of trained staff to perform troubleshooting and identify the root causes of issues.

Analytics is the answer 
To gain more from a BMS deployment, many facility managers are turning to data analytics software to interpret large volumes of BMS data. Best-in-class software automatically trends energy and equipment use, identifies faults, provides root-cause analysis, and prioritises opportunities for improvement based on cost, comfort and maintenance impact. This software complements BMS dashboards because it takes the additional step of interpreting the data – showing not just where but why inefficiencies occur. Engineers can then convert this intelligence into “actionable information” for troubleshooting and preventative maintenance, as well as for solving more complicated operational challenges. 

Using this software, facility managers can proactively optimise and commission building operations more effectively than with a BMS alone. It enables them to understand why a building is or isn’t operating efficiently so that they can introduce permanent solutions rather than temporary fixes. For instance, with data analytics, facility managers can proactively identify operational problems such as equipment that needs to be repaired or replaced. Moreover, it can do this before critical failure and before it has an impact on the building occupants. Repairs can be scheduled before an emergency arises, eliminating costly short-notice or out-of-hours replacement and avoiding failure and downtime. With this proactive approach, equipment becomes more reliable, the cost of replacement and repair can be much lower, and occupants are assured of optimal comfort. In fact, by following best practice, they can even reduce HVAC energy costs by up to 30%.

The Future
Smart, connected technology has taken us beyond the human ability to manage what can amount to hundreds of thousands of data points in large buildings. Efficient operations require a proactive response. Analytics solutions effectively manage the new state of information overload created by a digital world and filter out what’s not valuable to you. For example, they can provide insight on how to fix problems when they are first observed, before total failure. This predictive maintenance approach means capital assets can be preserved and significant energy savings can be made. The advent of IoT means that we must shift our approach to facility management in order to deliver against the financial, wellbeing and sustainability targets of today’s facilities. By investing in a sophisticated BMS, users can uncover which data to ignore and which to act upon. After all, data for data’s sake is useless. Being able to use a building’s performance data to augment operational efficiency, increase occupant comfort, and improve overall energy consumption so that the financial well-being of buildings can be sustained, is of paramount importance.

@SchneiderElec #PAuto #IoT