Data privacy!

28/01/2020

It’s been another busy year for hackers. According to the Central Statistics Office, nearly 1 in 5 (18 %) of Irish businesses experienced ICT-related incidents, 87 per cent of which resulted in the unavailability of ICT services, and 41% which resulted in either the destruction, corruption or disclosure of data.

Noel O’Grady, writer of this piece, is the head of Sungard Availability Services Ireland and has over 20 years of experience working with leading technology firms including HP, Vodafone and Dell in providing critical production and recovery services to enterprise-level organisations.

Last year saw a number of high-profile security incidents making the headlines. In April, 3,600 accounts belonging to former customers of Ulster Bank were compromised, resulting in some customers’ personal details being released. In July, the Football Association of Ireland confirmed that malware was discovered on its payroll server following an attempted hack on IT systems.

Entering a new decade, digital technologies will continue to permeate every aspect of modern life, and the security of IT systems will come under increasing scrutiny. This will be driven by two major consequences of today’s hyper-connected world. Firstly, the sheer number of systems and devices which have now become digitalised has vastly expanded the cybersecurity threat landscape, potentially multiplying vulnerabilities or points of entry for hackers. Simultaneously, consumers and businesses alike demand constant availability in the products and services they use, reducing the tolerance for periods of downtime.

As a result, the security of data is no less than a global issue on par with national security, economic stability and even the physical security of citizens. It is with this in mind that Data Privacy Day is observed on this day (28th January 2020), a global initiative which aims to spread awareness of the hugely fundamental role that cybersecurity plays.

One of the most important developments in the field of data privacy was the establishment of the General Data Protection Regulation (GDPR) in May 2018. Nearly two years on, it’s timely to review how the new regulatory environment has succeeded in achieving its goals, especially in the light that almost one in three European businesses are still not compliant.

Data Privacy Day 2020

GDPR works by penalising organisations with inadequate data protection through sizeable fines. While this has established an ethical framework from which European organisations can set out strategies for protecting personal data, one issue that is still often overseen is the result of an IT outage, which prevents businesses from keeping its services running. As a server or organisation’s infrastructure is down, data is then at risk to exposure and therefore a company is at risk of failing compliance. IT and business teams will need to locate and close any vulnerabilities in IT systems or business processes, and switch over to disaster recovery arrangements if they believe there has been a data corruption.

This is especially pertinent in Ireland, where, according to a spokesperson for the Department of Business, Enterprise and Innovation (DoBEI), “Data centre presence…raises our visibility internationally as a technology-rich, innovative economy.” A strategic European hub for many multi-national technology giants, Ireland is currently home to 54 data centres, with another 10 under construction and planning permission for a further 31. While this growth in Ireland’s data centre market is a huge advantage for the national economy, Irish businesses must also tread with caution as they shoulder the responsibility for the security and availability of the countless mission-critical applications and processes which rely on them.

An organisation’s speed and effectiveness of response will be greatly improved if it has at its fingertips the results of a Data Protection Impact Assessment (DPIA) that details all the personal data that an organisation collects, processes and stores, categorised by level of sensitivity. Data Privacy Day is a great opportunity to expose unknown risks that organisations face, but moving forward, it is vital that business leaders embed privacy into every operation. This is the only sustainable way to ensure compliance on an ongoing basis.

#Cybersecurity @SungardASUK @brands2life

Challenges facing energy industry sector.

21/05/2018

Leaders from Britain’s  energy industry attended Copa Data’s  zenon Energy Day 2018 at the Thames Valley Microsoft centre. The event, which was held on in April 2018, welcomed industry experts and energy suppliers to address the current challenges the sector is facing — renewable generation, substation automation, IoT and cyber security.

scamaill

A welcome speech from the British MD od Copa Data , Martyn Williams, started a day encompassed a series of talks from industry experts. Speakers included Ian Banham, IoT Technical Sales Lead UK for Microsoft, Chris Dormer of systems integrator, Capula and Jürgen Resch, Copa Data Energy Industry Manager.

Preparing for renewables
Only 24 per cent of Britain’s electricity comes from renewable sources — a relatively low figure compared to some European countries.  However, the percentage is growing. In 2000, Britain’s renewable capacity was 3,000 MW, and rose eleven-fold by the end of 2016 to 33,000 MW.

To prepare for the impending challenges for this market, Jürgen Resch’s presentation discussed how software can alleviate some of the common questions associated with renewable energy generation, including the growing demand for energy storage.
“Energy storage is often used in combination with renewables because renewable energy is volatile and fluctuating,” explained Resch. “In Korea, the government is pumping $5 billion dollars into energy storage systems. In fact, every new building that is built in Korea gets an energy storage battery fitted into the basement.”

BMW’s battery storage farm in Leipzig (D) was also presented as an example. The facility, which uses COPA-DATA’s zenon as the main control centre system, uses 700 high-capacity used battery packs from BMW i3s and could also provide storage capacity for local wind energy generation.

Moving onto specific issued related to wind generation, Resch discussed the potential challenge of reporting in a sector reliant on unpredictable energy sources.
“Reports are particularly important in the wind power industry,” he said. “Typically, owners of wind farms are investors and they want to see profits. Using software, like zenon Analyzer, operators can generate operational reports.

“These reports range from a basic table with the wind speeds, output of a turbine and its associated profit, or a more sophisticated report with an indication of the turbines performance against specific key performance indicators (KPIs).”

Best practice for substation automation
Following the morning’s keynote speeches on renewable energy, Chris Dormer of Capula, presented the audience with a real-life case study. The speech discussed how smart automation helped to address significant issues related to the critical assets of the National Grid’s substations, where Capula was contracted to refurbish the existing substation control system at New Cross.

substn“Like a lot of companies that have developed, grown and acquired assets over the years, energy providers tend to end up with a mass mixture of different types of technology, legacy equipment and various ways to handling data,” explained Dormer. “For projects like this, the first key evaluation factor is choosing control software with legacy communication. We need to ensure the software can talk to both old legacy equipment in substations as well as modern protocol communications, whilst also ensuring it was scalable and compliant.

“The National Grid will make large investments into IEC 61850 compatible equipment, therefore for this project, we needed an IEC 61850 solution. Any system we put in, we want to support it for the next 25 years. Everyone is talking about digital substations right now, but there are not that many of them out there. That said, we need to prepare and be ready.”

The case study, which was a collaborative project with COPA-DATA, was recognised at the UK Energy Innovation Awards 2017, where it was awarded the Best Innovation Contributing to Quality and Reliability of Electricity Supply.

“Our collaboration with COPA-DATA allows us to address modern energy challenges,” explained Mark Hardy, Managing Director of Capula upon winning the award last year. “It helps drive through the best value for energy customers.”

Cyber security – benefit or burden?
“Raise your hand if you consider cyber security to be a benefit?” Mark Clemens, Technical Product Manager at Copa Data asked the audience during his keynote speech on cyber security. “Now, raise your hand if you consider it to be a burden?”

substn2Clemens’ question provided interesting results. Numerous attendees kept their hands raised for both questions, giving an insight into the perception of cyber security for those operating in the energy industry — a necessary evil.

“A cyber-attack on our current infrastructure could be easy to execute,” continued Clemens. “95 per cent of communication protocols in automation systems don’t provide any security features. For those that do provide security, the mechanisms are often simply bolted-on.”

Clemens continued to explain how substation design can strengthen the security of these sites. He suggested that, despite living in the era of IoT, energy companies should limit the communication between devices to only those that are necessary. The first step he suggested was to establish a list of assets, including any temporary assets like vendor connections and portable devices.

“There are lots of entry points into a substation, not only through the firewall but through vendors and suppliers too. This doesn’t have to be intentional but could be the result of a mistake. For example, if an engineer is working in the substation and believe they are testing in simulation mode, but they are not, it could cause detrimental problems.”

Collaborating with Microsoft
The address of Microsoft’s UK IoT Technical Sales Lead, Ian Banham focused on the potential of cloud usage for energy companies. When asking attendees who had already invested in cloud usage, or planned on doing so, the audience proved to be a 50:50 split of cloud enthusiasts and sceptics.

“IoT is nothing new,” stated Ian Banham, IoT Technical Sales Lead at Microsoft. “There’s plenty of kit that does IoT that is over 20 years old, it just wasn’t called IoT then. That said, there’s not a great deal of value in simply gathering data, you’ve got to do something with that data to realise the value from it.

“The change in IoT is the way the technology has developed. That’s why we are encouraging our customers to work with companies like COPA-DATA. They have done the hard work for you because they have been through the process before.”

He explained how Microsoft’s cloud platform, Azure, could be integrated with COPA-DATA’s automation software, zenon. In fact, COPA-DATA’s partnership with Microsoft is award-winning, COPA-DATA having won Microsoft Partner of the Year in the IoT category in 2017.

@copadata #PAuto @Azure #Cloud #IoT


Understanding risk: cybersecurity for the modern grid.

23/08/2017
Didier Giarratano, Marketing Cyber Security at Energy Digital Solutions/Energy, Schneider Electric discusses the challenge for utilities is to provide reliable energy delivery with a focus on efficiency and sustainable sources.

There’s an evolution taking place in the utilities industry to build a modern distribution automation grid. As the demand for digitised, connected and integrated operations increases across all industries, the challenge for utilities is to provide reliable energy delivery with a focus on efficiency and sustainable sources.

The pressing need to improve the uptime of critical power distribution infrastructure is forcing change. However, as power networks merge and become ‘smarter’, the benefits of improved connectivity also bring greater cybersecurity risks, threatening to impact progress.

Grid complexity in a new world of energy
Electrical distribution systems across Europe were originally built for centralised generation and passive loads – not for handling evolving levels of energy consumption or complexity. Yet, we are entering a new world of energy. One with more decentralised generation, intermittent renewable sources like solar and wind, a two-way flow of decarbonised energy, as well as an increasing engagement from demand-side consumers.

The grid is now moving to a more decentralised model, disrupting traditional power delivery and creating more opportunities for consumers and businesses to contribute back into the grid with renewables and other energy sources. As a result, the coming decades will see a new kind of energy consumer – that manages energy production and usage to drive cost, reliability, and sustainability tailored to their specific needs.

The rise of distributed energy is increasing grid complexity. It is evolving the industry from a traditional value chain to a more collaborative environment. One where customers dynamically interface with the distribution grid and energy suppliers, as well as the wider energy market. Technology and business models will need to evolve for the power industry to survive and thrive.

The new grid will be considerably more digitised, more flexible and dynamic. It will be increasingly connected, with greater requirements for performance in a world where electricity makes up a higher share of the overall energy mix. There will be new actors involved in the power ecosystem such as transmission system operators (TSOs), distribution system operators (DSOs), distributed generation operators, aggregators and prosumers.

Regulation and compliancy
Cyber security deployment focuses on meeting standards and regulation compliancy. This approach benefits the industry by increasing awareness of the risks and challenges associated with a cyberattack. As the electrical grid evolves in complexity, with the additions of distributed energy resource integration and feeder automation, a new approach is required – one that is oriented towards risk management.

Currently, utility stakeholders are applying cyber security processes learned from their IT peers, which is putting them at risk. Within the substation environment, proprietary devices once dedicated to specialised applications are now vulnerable. Sensitive information available online that describes how these devices work, can be accessed by anyone, including those with malicious intent.

With the right skills, malicious actors can hack a utility and damage systems that control the grid. In doing so, they also risk the economy and security of a country or region served by that grid.

Regulators have anticipated the need for a structured cyber security approach. In the U.S. the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) requirements set out what is needed to secure North America’s electric system. The European Programme for Critical Infrastructure Protection (EPCIP) does much the same in Europe. We face new and complex attacks every day, some of which are organised by state actors, which is leading to a reconsideration of these and the overall security approach for the industry.

Developing competencies and cross-functional teams for IT-OT integration

Due to the shift towards open communication platforms, such as Ethernet and IP, systems that manage critical infrastructure have become increasingly vulnerable. As operators of critical utility infrastructure investigate how to secure their systems, they often look to more mature cybersecurity practices. However, the IT approach to cybersecurity is not always appropriate with the operational constraints utilities are facing.

These differences in approach mean that cybersecurity solutions and expertise geared toward the IT world are often inappropriate for operational technology (OT) applications. Sophisticated attacks today are able to leverage cooperating services, like IT and telecommunications. As utilities experience the convergence of IT and OT, it becomes necessary to develop cross-functional teams to address the unique challenges of securing technology that spans both worlds.

Protecting against cyber threats now requires greater cross-domain activity where engineers, IT managers and security managers are required to share their expertise to identify the potential issues and attacks affecting their systems

A continuous process: assess, design, implement and manage
Cybersecurity experts agree that standards by themselves will not bring the appropriate security level. It’s not a matter of having ‘achieved’ a cyber secure state. Adequate protection from cyber threats requires a comprehensive set of measures, processes, technical means and an adapted organisation.

It is important for utilities to think about how organisational cybersecurity strategies will evolve over time. This is about staying current with known threats in a planned and iterative manner. Ensuring a strong defence against cyberattacks is a continuous process and requires an ongoing effort and a recurring annual investment. Cybersecurity is about people, processes and technology. Utilities need to deploy a complete programme consisting of proper organisation, processes and procedures to take full advantage of cybersecurity protection technologies.

To establish and maintain cyber secure systems, utilities can follow a four-point approach:

1. Conduct a risk assessment
The first step involves conducting a comprehensive risk assessment based on internal and external threats. By doing so, OT specialists and other utility stakeholders can understand where the largest vulnerabilities lie, as well as document the creation of security policy and risk migration

2. Design a security policy and processes
A utility’s cybersecurity policy provides a formal set of rules to be followed. These should be led by the International Organisation for Standardisation (ISO) and International Electrotechnical Commision (IEC)’s family of standards (ISO27k) providing best practice recommendations on information security management. The purpose of a utility’s policy is to inform employees, contractors, and other authorised users of their obligations regarding protection of technology and information assets. It describes the list of assets that must be protected, identifies threats to those assets, describes authorised users’ responsibilities and associated access privileges, and describes unauthorised actions and resulting accountability for the violation of the security policy. Well-designed security processes are also important. As system security baselines change to address emerging vulnerabilities, cybersecurity system processes must be reviewed and updated regularly to follow this evolution. One key to maintaining and effective security baseline is to conduct a review once or twice a year

3. Execute projects that implement the risk mitigation plan
Select cybersecurity technology that is based on international standards, to ensure appropriate security policy and proposed risk mitigation actions can be followed. A ‘secure by design’ approach that is based on international standards like IEC 62351 and IEEE 1686 can help further reduce risk when securing system components

4. Manage the security programme
Effectively managing cybersecurity programmes requires not only taking into account the previous three points, but also the management of information and communication asset lifecycles. To do that, it’s important to maintain accurate and living documentation about asset firmware, operating systems and configurations. It also requires a comprehensive understanding of technology upgrade and obsolescence schedules, in conjunction with full awareness of known vulnerabilities and existing patches. Cybersecurity management also requires that certain events trigger assessments, such as certain points in asset life cycles or detected threats

For utilities, security is everyone’s business. Politicians and the public are more and more aware that national security depends on local utilities being robust too. Mitigating risk and anticipating attack vulnerabilities on utility grids and systems is not just about installing technology. Utilities must also implement organisational processes to meet the challenges of a decentralised grid. This means regular assessment and continuous improvement of their cybersecurity and physical security process to safeguard our new world of energy.

@SchneiderElec #PAuto #Power

Cybersecurity pitfalls!

09/03/2017

Jonathan Wilkins, marketing director of obsolete industrial parts supplier, EU Automation discusses three cyber security pitfalls that industry should prepare for – the weaponisation of everyday devices, older attacks, such as Heartbleed and Shellshock and vulnerabilities in industrial control systems.

IBM X-Force® Research
2016 Cyber Security Intelligence Index

In 2016, IBM reported that manufacturing was the second most cyber-attacked industry. With new strains of ransomware and other vulnerabilities created every week, what should manufacturers look out for in new year?

‘Weaponisation’ of everyday devices
The advantages of accessing data from smart devices include condition monitoring, predictive analytics and predictive maintenance, all of which can save manufacturers money.

However, recent attacks proved that these connected devices can quickly become weapons, programmed to attack the heart of any business and shut down facilities. In a recent distributed denial of service (DDOS) attack, everyday devices were used to bring down some of the most visited websites in the world, including Twitter, Reddit and AirBNB.

Such incidents raise a clear alarm signal that manufacturers should run their production line on a separate, highly secure network. For manufacturers that use connected devices, cyber security is even more important, so they should conduct regular cyber security audits and ensure security protocols are in place and up-to-date.

Don’t forget the oldies
According to the 2016 Manufacturing Report, manufacturers are more susceptible to older attacks, such as Heartbleed and Shellshock. These are serious vulnerabilities found in the OpenSSL cryptographic that allows attackers to eavesdrop on communications and steal data directly from users.

Industrial computer systems generally aren’t updated or replaced as often as consumer technology, which means that some still have the original OpenSSL software installed. A fixed version of the programme has since been released, meaning that manufacturers can avoid this type of attack by simply updating their system.

Keeping industrial control
Manufacturers understand the need to protect their networks and corporate systems from attacks, but their industrial control systems also pose a risk. If an attacker deploys ransomware to lock down manufacturing computers, it could cause long periods of downtime, loss of production and scrap of products that are being made when the attack happens.

This is particularly true in the era of Industry 4.0, where devices are connected and processes are automated. One of the most effective means of safeguarding automated production systems is cell protection. This form of defence is especially effective against man-in-the-middle attacks, whereby the attacker has the ability to monitor, alter and inject messages in a communications system.

In its report, IBM also stated that cyber security awareness in the manufacturing industry is lower than other sectors. The truth is that any company can be the target of a cyber attack. The only way to avoid a cyber security breach is by planning ahead and preparing for the unexpected.

#PAuto @StoneJunctionPR @IBMSecurity

Cybersecurity at the heart of the Fourth Industrial Revolution.

08/02/2017
Ray Dooley, Product Manager Industrial Control at Schneider Electric Ireland examines the importance of maintaining security as we progress through Industry 4.o.
Ray Dooley, Schneider Electric Ireland

Ray Dooley, Schneider Electric Ireland

A technical evolution has taken place, which has made cyber threats more potent than at any other time in our history. As businesses seek to embrace Industry 4.0, cybersecurity protection must be a top priority for Industrial Control Systems (ICS). These attacks are financially crippling, reduce production and business innovation, and cost lives.

In years gone by, legacy ICS were developed with proprietary technology and were isolated from the outside world, so physical perimeter security was deemed adequate and cyber security was not relevant. However, today the rise of digital manufacturing means many control systems use open or standardised technologies to both reduce costs and improve performance, employing direct communications between control and business systems. Companies must now be proactive to secure their systems online as well as offline.

This exposes vulnerabilities previously thought to affect only office and business computers, so cyber attacks now come from both inside and outside of the industrial control system network. The problem here is that a successful cyber attack on the ICS domain can have a fundamentally more severe impact than a similar incident in the IT domain.

The proliferation of cyber threats has prompted asset owners in industrial environments to search for security solutions that can protect their assets and prevent potentially significant monetary loss and brand erosion. While some industries, such as financial services, have made progress in minimising the risk of cyber attacks, the barriers to improving cybersecurity remain high. More open and collaborative networks have made systems more vulnerable to attack. Furthermore, end user awareness and appreciation of the level of risk is inadequate across most industries outside critical infrastructure environments.

Uncertainty in the regulatory landscape also remains a significant restraint. With the increased use of commercial off-the-shelf IT solutions in industrial environments, control system availability is vulnerable to malware targeted at commercial systems. Inadequate expertise in industrial IT networks is a sector-wide challenge. Against this backdrop, organisations need to partner with a solutions provider who understands the unique characteristics and challenges of the industrial environment and is committed to security.

Assess the risks
A Defence-in-Depth approach is recommended. This starts with risk assessment – the process of analysing and documenting the environment and related systems to identify, and prioritise potential threats. The assessment examines the possible threats from internal sources, such as disgruntled employees and contractors and external sources such as hackers and vandals. It also examines the potential threats to continuity of operation and assesses the value and vulnerability of assets such as proprietary recipes and other intellectual properties, processes, and financial data. Organisations can use the outcome of this assessment to prioritise cybersecurity resource investments.

Develop a security plan
Existing security products and technologies can only go part way to securing an automation solution. They must be deployed in conjunction with a security plan. A well designed security plan coupled with diligent maintenance and oversight is essential to securing modern automation systems and networks. As the cybersecurity landscape evolves, users should continuously reassess their security policies and revisit the defence-in-depth approach to mitigate against any future attacks. Cyber attacks on critical manufacturers in the US alone have increased by 20 per cent, so it’s imperative that security plans are up to date.

Upskilling the workforce
There are increasingly fewer skilled operators in today’s plants, as the older, expert workforce moves into retirement. So the Fourth Industrial Revolution presents a golden opportunity for manufacturing to bridge the gap and bolster the workforce, putting real-time status and diagnostic information at their disposal. At the same time, however, this workforce needs to be raised with the cybersecurity know-how to cope with modern threats.

In this regard, training is crucial to any defence-in-depth campaign and the development of a security conscious culture. There are two phases to such a programme: raising general awareness of policy and procedure, and job-specific classes. Both should be ongoing with update sessions given regularly, only then will employees and organisations see the benefit.

Global industry is well on the road to a game-changing Fourth Industrial Revolution. It is not some hyped up notion years away from reality. It’s already here and has its origins in technologies and functionalities developed by visionary automation suppliers more than 15 years ago. Improvements in efficiency and profitability, increased innovation, and better management of safety, performance and environmental impact are just some of the benefits of an Internet of Things-enabled industrial environment. However, without an effective cybersecurity programme at its heart, ICS professionals will not be able to take advantage of the new technologies at their disposal for fear of the next breach.

@SchneiderElec #Pauto #Industrie40


The internet of zombies.

27/06/2016
Last year, a Radware report stated more than 90 per cent of companies surveyed had experienced some sort of cyber attack. However, the term internet of zombies describes a more advanced kind of attack. Here, Jonathan Wilkins of EU Automation discusses the internet of zombies and how companies can prepare for the outbreak. 

Since Dawn of the Dead was first released in 1978, the possibility of a viral outbreak that will turn us all into night crawling, flesh-eating zombies has become a worry for many and a very prolific Hollywood theme. While it’s unlikely this will ever happen, industry has recently started facing an epidemic across IT systems that companies should be aware of. The internet of zombies won’t result in the end of civilisation, but it does put your company’s confidential information at risk. 

Internet_ZombiesThe term internet of zombies, was coined by cyber security solutions provider, Radware in its Global Application and Network Security Report 2015-16. The concept refers to the rise of an advanced type of Distributed Denial of Service (DDoS) attack, named Advanced Persistent Denial of Service (APDoS). This type of attack uses short bursts of high volume attacks in random intervals, spanning a time frame of several weeks.

In 2015, more than 90 per cent of companies surveyed by Radware experienced a cyber attack. Half of these were victims of an APDoS – up from 27 per cent in 2014.  The report by Radware suggested 60 per cent of its customers were prepared for a traditional attack, but not an APDoS.

Typically, APDoS attacks display five key properties: advanced reconnaissance, tactical execution, explicit motivation, large computing capacity and simultaneous multi-layer attacks over extended periods. The attacks are more likely to be perpetrated by well-resourced and exceptionally skilled hackers that have access to substantial commercial grade computing equipment.

Hackers use virtual smoke screens to divert attention, leaving systems vulnerable to further attacks that are more damaging, such as extortion and theft of customer data.  While the financial services sector is most likely to be targeted, almost anyone can fall victim to the highly effective attacks.

This type of attack is becoming increasingly common in retail and healthcare, where data is considered to be up to 50 per cent more valuable. As IT systems across different sectors become more automated, cyber security specialists are predicting these persistent attacks will happen even more frequently.

Businesses need to find new ways to fight the internet of zombies and can prepare for the outbreak by ensuring they’re equipped to make decisions quickly at the first sign of a hack. Combining several layers of virtual protection with skilled professionals should be the first line of defence for information security.

Paying for additional capacity when developing a website can make the process costly; so many companies scale their system to match a predictable peak. However, in an APDoS attack, sites can experience ten or 20 times more traffic than their usual maximum so it makes sense to allow a healthy margin of error when developing a system.

Having a response plan in place will also improve the chances of restoring a system before any major damage is done. The plan should include preparing contact lists and procedures in advance, analysing the incident as it happens, performing the mitigation steps and undergoinga thorough investigation to record the lessons learned.

It’s likely that zombie films will be as popular as ever in 2016, with another instalment of Resident Evil on the cards. Let’s make sure that the internet of zombies doesn’t rear its head as well by preparing ourselves for the outbreak of APDoS that’s heading our way.

@euautomation #PAuto #Cybersecurity @StoneJunctionPR

#EmrEX: All change at Brussell Centraal.

18/04/2016
Emerson User Group EMEA in Brussels, Belgium – 12th – 14th April 2016

“Seems to me that #EMrex is focusing not so much on new technologies, though important, but looking closer at how we do things.”  our tweet on day one.
Cfrpq9-UUAE8qVi

Brussels looked lovely on the morning that the Emerson User Group meeting opened. There was little to suggest the trauma that the city had faced just a few short weeks previously as delegates strolled through the sun-lit streets to the conference centre. The security however was markedly tighter as we entered the building however with strict adherence to the best security practices. However once inside the building things were as normal.

 Emerson Exchange Brussels – The Videos!

Other Reports (as they appear)
• Operational Excellence at Emerson Exchange Brussels (Emerson’s Stuart Turner – 20/4/2016).
• Nick Denbow ‘s travel travails: My worst week as an air traveller!  (30/4/2016)

Speaking with the organisers it promised to be a bumper event, stretched as it was over three days examining all aspects of automation, experiences, applications and of course exciting new products and concepts. The attendance was slightly down on the last time in Stuttgart, some were reluctant to travel, others were unable to make it due to the inability of the severely damaged to adhere to a normal service. Those who attended were in part in broad agreement with the message penned by Emerson’s Travis Hesketh – Standing up for Brussels. Indeed the User Group very quickly confirmed after these terrible events that they were going ahead with #EMrex. At several of the social events at the periphery, like the evening reception for publishers and journalists the people who suffered were remembered.

The venue was a modern conference and the one hundred or so presentations and industry forums were stretched over about six floors including an exhibition floor and at the very top of the building was a cyber café and a wonderful panoramic hall with the breathtaking view (featured at the top of this page from a tweet by Emerson’s social media guru – Jim Cahill)

But on to the the meeting!

Peter Iles-Smith of GlaxoSmithKline opened proceedings as chair of the Users Exchange Board. He welcomed the over two thousand delegates from so many countries through out the EMEA who travelled for the event.

Steve_SonnenbergSteve Sonnenberg, President Emerson Process Management (pictured right) and Roel VanDoren, their President in Europe, in a joint presentation entitled “New Reality, New Opportunity” addressed the changes and challenges facing companies in the 21st Century. They did not talk about products or applications but on ways of doing things. Indeed during the presentation we tweeted: “Emerson’s approach – yes equipment, but more importantly perhaps is attitude or culture.”

Nobody does business the way they it was done even twenty years ago, when the internet was a baby and nobody imagined never mind thought possible social media platforms like twitter,  yet in many cases industry is way behind in adapting to change. Possibilities are there which were inconceivable a short time ago and these need to be harnessed for the good of humanity.

Research into these possibilities, new technologies are leading to changes especially the importance of planning including all stakeholders at the earliest opportunity. This thinking is leading to an innovative technology and engineering-based approach for improved capital efficiency such as their Project Certainty approach  which aims to tackle complexity by decoupling the dependencies suppliers have on each other, eliminating bottlenecks and allowing concurrent work streams. In a word it aims to transform capital investment and releasing the frightening amounts of money currently being lost in big and not so big projects.

And these figures are frightening. If the type of approach spoken of here is adopted savings of up to €400 Billion (yes BILLION) would be released to invest in, for instance,  production, reliability, safety, energy, training, security and innovation.

So what is involved?

Xavier_MarchantXavier Marchant, (right), Emerson’s Vice President Process Systems and Solutions in Europe, gave dramatic examples of the possible savings in labour and materials. For instance the decision to use smart junction boxes in a large project could save both money and space (95% in control room space). Spare parts are another area where there is phenomenal waste. He quoted a spokesman from a International Energy and Chemical Company, “On our last construction project we overspent on maintenance spares to the tune of €50,000,000…we just wrote it off….because we did not have a robust spares analysis process.” Reduce the complexity by the involvement of stake holders at the start of planning for a project and allowing them to develop it side by side. One simple idea is to separate software from hardware in the development. The “old way” is to tie them together from the start whereas this way the software can be developed using virtual systems and then later on when the actual operation is seen to work in the virtual world (he called it virtual FAT – Factory Acceptance Test) it may be introduced to the real or concrete world – or “late binding” as he called it.

vFAT
Virtual FAT has far less chance of harming one than the real thing?

He quoted  François Davin of Sanofi “Emerson’s Remote Virtual Office allowed us to collaborate with experts and resources from multiple sites to conduct our Factory Acceptance Test (FAT). The result was less travel and site disturbance to our operations. Also, more operators could participate remotely which improved the new automation system adoption.”

We were introduced to the concept of  quartile performance and their site Top Quartile Performance is a exposé of how they view this as a concept and how it is influencing their thinking as a group.

Peter_Zornio

Of course all these changes would be impossible without the availability and enthusiastic embracing of the so-called “new” technologies. Peter Zornio (right), Emerson’s irrepressible Chief Strategic Officer, gave us an insight into these and how the company is using these and its co-operative involvement with the pioneers in these , the Internet of Everything(CISCO),  Industrial Internet (GE), Smart Planet (IBM) and The Internet of Things (Microsoft). These technologies, and others embryonic or not even conceived of are guiding  the current and future development of technology used in the manufacturing and processing sectors.

Keynotes: The Emerson User Exchanges whether in the USA or EMEA always have exciting and inspirational keynote speakers each day. This event was no exception. Jack Uldrich, a futurist spoke about future-proofing business. The majority of businesses are not ready for what is happening in the real world or for the speed at which it is happening.

Another of these speakers Prof Jan Rotmans who spoke about change. He maintains that we are not living through an “era of change” as a “change of era!” Many of us are in the old era, our mobile phone is just that, we read newspapers, buy books in bookshops. Our kids live on their mobile phones, they are their liveline. We are “old-fashioned” our kids are “cool!” Change is disruptive and the old ways are totally unable to cope. The old top-down certainties are dissolving and the “common man” is taking charge, sometimes violently. Chaos is the name of the game.

Finally a veteran at EmrEX, David Beckman, brought all the thoughts and ideas of New Reality, New Opportunity together. In view of Rotmans’ talk earlier the title he chose was more than relevant as he introduced delegates to the “Worst Case Scenario Survival Handbook.” Although he prepared us for worst case scenarios he described real opportunities for industrial automation.

Presentations. The various threads were divided into five headings or sectors, Business & Projects; Operate Safely, Securely and Legally; Process Optimisation; Maintenance & Reliabilitym and, Control System Applications & Migrations and were held through each of the days.

Forums: There were also Industry Forums with panels and general discussions on the various specialities e.g. Life Sciences or Refining & Petrochemicals. These were opportunities for participants to learn and exchange information and experiences with each other.

Training: There were also training  sessions and other sessions (called Roadmaps) on Emerson products and possible future developments.

projcertExpo

ExpoEmrEx16274Solutions EXPO: Of course no event is complete without actually seeing product and EmrEX is no exception. The floor was divided under the same zone headings as the threads of presentations above. (See sketch on left).

There were several unique exhibits. One was the Operations Centre of the Future. This was an imaginative presentation of a plant with a H.A.L. like computer responding (or not) to commands or requests from the operatives. It featured a drone delivery of spare parts and a really effective alarm situation which featured a realistic vibration of the floor. Of course the real message is that though it is the future most of the technology used is possible today.

Of course the Project Certainty concept featured prominently in the Business & Projects area and we were show possible scenarios. They had also rather bravely set up a wall where delegates could post what they consider are the features that should be addressed in projects. This should help “to focus ruthlessly on what’s directly relevent to a company strategy.”

Of course there were actual instruments on display to examine and handle.

Ind1stNotable was this industry first, the Rosemount X-well system, a wireless transmitter, accurately measuring process temperature without need for thermowell. Accurate process temperature measurement is possible without requiring any intrusions or penetrations into the process, allowing for quicker and easier installation along with simplified long-term maintenance. Users do not have to design, size or maintain thermowells. Wake Frequency Calculations are eliminated, as well as time spent determining material compatibility, the right insertion length and the necessary profile.

pressure_gaugeAlso the new Emerson Wireless Pressure Gauge created quite buzz among delgates. Th“This new gauge design fundamentally will change how customers use pressure gauges by helping them make better business decisions!”  It is another industry first. Does this signal the end of the Bourdon Tube?

Energy management is of course critical in all processes. It is effected not only by cost factors but also by legislation driven by concerns on pollution and global warming. Here Emerson demonstrated some prototypes of monitoring and control equipment not yet available. They emphasised savings on space occupied and of course ease of use by operatives.

Jim_CahillAnother very popular item was on the Maintenance & Reliability Zone. Here was an opportunity to experience the immersive training simulator. A goggle like apparatus was placed on the head and using a game-like hand piece the engineer is able to travel through a plant and see where various problems may be without any danger to him or her. It is a fascinating experience and one really feels that one is travelling through the plant rather than sitting or standing in a control room or office.  In this picture we see Emerson’s Chief Blogger, Surface Dweller, Head of Social Media enter the virtual world for real! We can confirm that he returned to real reality afterwards.

Around the periphery of the EXPO were the booths of companies which compliment the Emerson offering – what they call their complementary and strategic partners.

history-passageThere was also a section dedicated to history featuring milestones in science and automation over the years. It was a demonstration of change in the past. What will feature in future shows? The new opportunities taking advantage of the new realities of the past.

Always a major highlight of the Emerson User Group events is waht the call the “Networking Event.” This year was rather unique in that it was a visit to the Museum of Fine Arts and the Magritte Museum. This was an unique opportunity to see the best of Belgian painters – creativity of a different type than that extolled during the day sessions. Artists such as the Brueghels, Rubens, Jordaens and Magritte were enjoyed during this evening. Food and beverages were served – Belgium is famous for its beers of course but it also has its own cuisine and of course it’s chocolate is to die for.

This years event, despite the unexpected difficulties, was on a par, indeed because of these difficulties had perhaps more user participation than previous ones. There were many exciting things to see, concepts to understands and friends with which to share experiences.  And of course fun with a capital F.

Look at this and tell me people weren’t enjoying themselves! (Twitter pic ‏@Julian_Annison)

CgARbxJWQAAV7Vc

Emerson’s Travis Hesketh and Nick Taylor appreciating (?) art.


Our unedited photos from the conferenceon the Read-out Facebook page.

Follow on twitter #EmrEX

The videos here give an impression of each day:
Day One


Day Two


Day Three

• We have written about our travelling experiences to and from Brussels in our personnel blog (Sa Bhaile: (“Home” in Irish). These were relatively smooth if labourious but there is indeed no comparison to the experiences of Nick Denbow of ProcessingTalk which he outlines on their blog: My worst week as an air traveller! 


Previous EmrEX EMEA Events.
2014: Stuttgart: Revving up in Stuttgart!
2012: Duesseldorf: Automation returns to Düsseldorf!

All our reports on EmrEX Events (including North America).


#EMrex #PAuto @EmersonExchange @EmersonProcess #PAuto #IoT