As we learn more and more about the symptoms and risks associated with COVID – 19 many companies have studied how their offerings can be used or adapted to cope and assist in the battle against this invisible enemy.
A thermal imaging camera can be an effective screening device for detecting individuals with an elevated skin temperature. This type of monitoring can provide useful information when used as a screening tool in high-traffic areas to help identify people with an elevated temperature compared to the general population. That individual can then be further screened using other body temperature measuring tools.
Although thermal imaging cameras are primarily designed for industrial and night vision uses, public health organizations have used FLIR cameras around the world at airports, seaports, office buildings and other mass gathering areas to provide rapid, efficient screening in high-traffic areas. FLIR thermal cameras are particularly well suited to this because they can provide a temperature reading of a person’s face in a matter of seconds.
How thermal imaging works
A thermal imaging camera produces infrared images or heat pictures that display small temperature differences. This allows thermal cameras to create and continually update a visual heat map of skin temperatures. In addition, FLIR thermal imaging cameras are sensitive devices capable of measuring small temperature differences.
Many of the FLIR thermal cameras that are appropriate for measuring skin temperatures also offer built-in functions like visual and sound alarms that can be set to go off when a certain temperature threshold is exceeded. The operator can then instantly decide whether the subject needs to be referred for further screening with additional temperature measurement tools.
Use in high-traffic areas, such as airports, as part of screening procedures.
As the thermal imaging camera produces images in near-realtime, the total evaluation process takes mere moments, making thermal imaging technology very useful for rapidly screening large numbers of people.
Measuring the temperature of the human body
It’s true that a person’s general skin temperature is typically not equal to the person’s core temperature. That doesn’t detract from the use of thermal cameras to detect elevated skin temperatures, however. Thermal cameras are useful in this role because the goal is not to measure absolute skin temperature, but to differentiate people who have an elevated skin temperature compared to others while also considering the environmental conditions of the location.
Some FLIR camera models offer an elevated skin temperature screening mode that is helpful in comparing the person being screened against the temperature of other people previously screened. When in Screening mode, the operator can save ten thermal images of faces that the camera automatically averages as a reference.
Hot spots in corner of the eyes
Sound and color alarms
All areas on the subject’s face that are hotter than a predefined temperature value can be displayed as a designated color on the thermal image. This built-in alarm allows users to make an immediate decision regarding whether the subject may need further screening with additional screening tools. In addition, some FLIR cameras are equipped with an audible alarm that can be activated to sound if the detected temperature exceeds a predefined value.
A small investment to enable high-traffic screening
Airports all over the world are using FLIR cameras and have applied this methodology to screen people entering and leaving a country. It is a quick, non-contact method that is safe for both the camera operator and the people being screened.
It’s been another busy year for hackers. According to the Central Statistics Office, nearly 1 in 5 (18 %) of Irish businesses experienced ICT-related incidents, 87 per cent of which resulted in the unavailability of ICT services, and 41% which resulted in either the destruction, corruption or disclosure of data.
Noel O’Grady, writer of this piece, is the head of Sungard Availability Services Ireland and has over 20 years of experience working with leading technology firms including HP, Vodafone and Dell in providing critical production and recovery services to enterprise-level organisations.
Last year saw a number of high-profile security incidents making the headlines. In April, 3,600 accounts belonging to former customers of Ulster Bank were compromised, resulting in some customers’ personal details being released. In July, the Football Association of Ireland confirmed that malware was discovered on its payroll server following an attempted hack on IT systems.
Entering a new decade, digital technologies will continue to permeate every aspect of modern life, and the security of IT systems will come under increasing scrutiny. This will be driven by two major consequences of today’s hyper-connected world. Firstly, the sheer number of systems and devices which have now become digitalised has vastly expanded the cybersecurity threat landscape, potentially multiplying vulnerabilities or points of entry for hackers. Simultaneously, consumers and businesses alike demand constant availability in the products and services they use, reducing the tolerance for periods of downtime.
As a result, the security of data is no less than a global issue on par with national security, economic stability and even the physical security of citizens. It is with this in mind that Data Privacy Day is observed on this day (28th January 2020), a global initiative which aims to spread awareness of the hugely fundamental role that cybersecurity plays.
GDPR works by penalising organisations with inadequate data protection through sizeable fines. While this has established an ethical framework from which European organisations can set out strategies for protecting personal data, one issue that is still often overseen is the result of an IT outage, which prevents businesses from keeping its services running. As a server or organisation’s infrastructure is down, data is then at risk to exposure and therefore a company is at risk of failing compliance. IT and business teams will need to locate and close any vulnerabilities in IT systems or business processes, and switch over to disaster recovery arrangements if they believe there has been a data corruption.
This is especially pertinent in Ireland, where, according to a spokesperson for the Department of Business, Enterprise and Innovation (DoBEI), “Data centre presence…raises our visibility internationally as a technology-rich, innovative economy.” A strategic European hub for many multi-national technology giants, Ireland is currently home to 54 data centres, with another 10 under construction and planning permission for a further 31. While this growth in Ireland’s data centre market is a huge advantage for the national economy, Irish businesses must also tread with caution as they shoulder the responsibility for the security and availability of the countless mission-critical applications and processes which rely on them.
An organisation’s speed and effectiveness of response will be greatly improved if it has at its fingertips the results of a Data Protection Impact Assessment (DPIA) that details all the personal data that an organisation collects, processes and stores, categorised by level of sensitivity. Data Privacy Day is a great opportunity to expose unknown risks that organisations face, but moving forward, it is vital that business leaders embed privacy into every operation. This is the only sustainable way to ensure compliance on an ongoing basis.
Leaders from Britain’s energy industry attended Copa Data’s zenon Energy Day 2018 at the Thames Valley Microsoft centre. The event, which was held on in April 2018, welcomed industry experts and energy suppliers to address the current challenges the sector is facing — renewable generation, substation automation, IoT and cyber security.
A welcome speech from the British MD od Copa Data , Martyn Williams, started a day encompassed a series of talks from industry experts. Speakers included Ian Banham, IoT Technical Sales Lead UK for Microsoft, Chris Dormer of systems integrator, Capula and Jürgen Resch, Copa Data Energy Industry Manager.
Preparing for renewables
Only 24 per cent of Britain’s electricity comes from renewable sources — a relatively low figure compared to some European countries. However, the percentage is growing. In 2000, Britain’s renewable capacity was 3,000 MW, and rose eleven-fold by the end of 2016 to 33,000 MW.
To prepare for the impending challenges for this market, Jürgen Resch’s presentation discussed how software can alleviate some of the common questions associated with renewable energy generation, including the growing demand for energy storage. “Energy storage is often used in combination with renewables because renewable energy is volatile and fluctuating,” explained Resch. “In Korea, the government is pumping $5 billion dollars into energy storage systems. In fact, every new building that is built in Korea gets an energy storage battery fitted into the basement.”
BMW’s battery storage farm in Leipzig (D) was also presented as an example. The facility, which uses COPA-DATA’s zenon as the main control centre system, uses 700 high-capacity used battery packs from BMW i3s and could also provide storage capacity for local wind energy generation.
Moving onto specific issued related to wind generation, Resch discussed the potential challenge of reporting in a sector reliant on unpredictable energy sources. “Reports are particularly important in the wind power industry,” he said. “Typically, owners of wind farms are investors and they want to see profits. Using software, like zenon Analyzer, operators can generate operational reports.
“These reports range from a basic table with the wind speeds, output of a turbine and its associated profit, or a more sophisticated report with an indication of the turbines performance against specific key performance indicators (KPIs).”
Best practice for substation automation
Following the morning’s keynote speeches on renewable energy, Chris Dormer of Capula, presented the audience with a real-life case study. The speech discussed how smart automation helped to address significant issues related to the critical assets of the National Grid’s substations, where Capula was contracted to refurbish the existing substation control system at New Cross.
“Like a lot of companies that have developed, grown and acquired assets over the years, energy providers tend to end up with a mass mixture of different types of technology, legacy equipment and various ways to handling data,” explained Dormer. “For projects like this, the first key evaluation factor is choosing control software with legacy communication. We need to ensure the software can talk to both old legacy equipment in substations as well as modern protocol communications, whilst also ensuring it was scalable and compliant.
“The National Grid will make large investments into IEC 61850 compatible equipment, therefore for this project, we needed an IEC 61850 solution. Any system we put in, we want to support it for the next 25 years. Everyone is talking about digital substations right now, but there are not that many of them out there. That said, we need to prepare and be ready.”
The case study, which was a collaborative project with COPA-DATA, was recognised at the UK Energy Innovation Awards 2017, where it was awarded the Best Innovation Contributing to Quality and Reliability of Electricity Supply.
“Our collaboration with COPA-DATA allows us to address modern energy challenges,” explained Mark Hardy, Managing Director of Capula upon winning the award last year. “It helps drive through the best value for energy customers.”
Cyber security – benefit or burden? “Raise your hand if you consider cyber security to be a benefit?” Mark Clemens, Technical Product Manager at Copa Data asked the audience during his keynote speech on cyber security. “Now, raise your hand if you consider it to be a burden?”
Clemens’ question provided interesting results. Numerous attendees kept their hands raised for both questions, giving an insight into the perception of cyber security for those operating in the energy industry — a necessary evil.
“A cyber-attack on our current infrastructure could be easy to execute,” continued Clemens. “95 per cent of communication protocols in automation systems don’t provide any security features. For those that do provide security, the mechanisms are often simply bolted-on.”
Clemens continued to explain how substation design can strengthen the security of these sites. He suggested that, despite living in the era of IoT, energy companies should limit the communication between devices to only those that are necessary. The first step he suggested was to establish a list of assets, including any temporary assets like vendor connections and portable devices.
“There are lots of entry points into a substation, not only through the firewall but through vendors and suppliers too. This doesn’t have to be intentional but could be the result of a mistake. For example, if an engineer is working in the substation and believe they are testing in simulation mode, but they are not, it could cause detrimental problems.”
Collaborating with Microsoft
The address of Microsoft’s UK IoT Technical Sales Lead, Ian Banham focused on the potential of cloud usage for energy companies. When asking attendees who had already invested in cloud usage, or planned on doing so, the audience proved to be a 50:50 split of cloud enthusiasts and sceptics.
“IoT is nothing new,” stated Ian Banham, IoT Technical Sales Lead at Microsoft. “There’s plenty of kit that does IoT that is over 20 years old, it just wasn’t called IoT then. That said, there’s not a great deal of value in simply gathering data, you’ve got to do something with that data to realise the value from it.
“The change in IoT is the way the technology has developed. That’s why we are encouraging our customers to work with companies like COPA-DATA. They have done the hard work for you because they have been through the process before.”
He explained how Microsoft’s cloud platform, Azure, could be integrated with COPA-DATA’s automation software, zenon. In fact, COPA-DATA’s partnership with Microsoft is award-winning, COPA-DATA having won Microsoft Partner of the Year in the IoT category in 2017.
Didier Giarratano, Marketing Cyber Security at Energy Digital Solutions/Energy, Schneider Electric discusses the challenge for utilities is to provide reliable energy delivery with a focus on efficiency and sustainable sources.
There’s an evolution taking place in the utilities industry to build a modern distribution automation grid. As the demand for digitised, connected and integrated operations increases across all industries, the challenge for utilities is to provide reliable energy delivery with a focus on efficiency and sustainable sources.
The pressing need to improve the uptime of critical power distribution infrastructure is forcing change. However, as power networks merge and become ‘smarter’, the benefits of improved connectivity also bring greater cybersecurity risks, threatening to impact progress.
Grid complexity in a new world of energy
Electrical distribution systems across Europe were originally built for centralised generation and passive loads – not for handling evolving levels of energy consumption or complexity. Yet, we are entering a new world of energy. One with more decentralised generation, intermittent renewable sources like solar and wind, a two-way flow of decarbonised energy, as well as an increasing engagement from demand-side consumers.
The grid is now moving to a more decentralised model, disrupting traditional power delivery and creating more opportunities for consumers and businesses to contribute back into the grid with renewables and other energy sources. As a result, the coming decades will see a new kind of energy consumer – that manages energy production and usage to drive cost, reliability, and sustainability tailored to their specific needs.
The rise of distributed energy is increasing grid complexity. It is evolving the industry from a traditional value chain to a more collaborative environment. One where customers dynamically interface with the distribution grid and energy suppliers, as well as the wider energy market. Technology and business models will need to evolve for the power industry to survive and thrive.
The new grid will be considerably more digitised, more flexible and dynamic. It will be increasingly connected, with greater requirements for performance in a world where electricity makes up a higher share of the overall energy mix. There will be new actors involved in the power ecosystem such as transmission system operators (TSOs), distribution system operators (DSOs), distributed generation operators, aggregators and prosumers.
Regulation and compliancy
Cyber security deployment focuses on meeting standards and regulation compliancy. This approach benefits the industry by increasing awareness of the risks and challenges associated with a cyberattack. As the electrical grid evolves in complexity, with the additions of distributed energy resource integration and feeder automation, a new approach is required – one that is oriented towards risk management.
Currently, utility stakeholders are applying cyber security processes learned from their IT peers, which is putting them at risk. Within the substation environment, proprietary devices once dedicated to specialised applications are now vulnerable. Sensitive information available online that describes how these devices work, can be accessed by anyone, including those with malicious intent.
With the right skills, malicious actors can hack a utility and damage systems that control the grid. In doing so, they also risk the economy and security of a country or region served by that grid.
Regulators have anticipated the need for a structured cyber security approach. In the U.S. the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) requirements set out what is needed to secure North America’s electric system. The European Programme for Critical Infrastructure Protection (EPCIP) does much the same in Europe. We face new and complex attacks every day, some of which are organised by state actors, which is leading to a reconsideration of these and the overall security approach for the industry.
Developing competencies and cross-functional teams for IT-OT integration
These differences in approach mean that cybersecurity solutions and expertise geared toward the IT world are often inappropriate for operational technology (OT) applications. Sophisticated attacks today are able to leverage cooperating services, like IT and telecommunications. As utilities experience the convergence of IT and OT, it becomes necessary to develop cross-functional teams to address the unique challenges of securing technology that spans both worlds.
Protecting against cyber threats now requires greater cross-domain activity where engineers, IT managers and security managers are required to share their expertise to identify the potential issues and attacks affecting their systems
A continuous process: assess, design, implement and manage
Cybersecurity experts agree that standards by themselves will not bring the appropriate security level. It’s not a matter of having ‘achieved’ a cyber secure state. Adequate protection from cyber threats requires a comprehensive set of measures, processes, technical means and an adapted organisation.
It is important for utilities to think about how organisational cybersecurity strategies will evolve over time. This is about staying current with known threats in a planned and iterative manner. Ensuring a strong defence against cyberattacks is a continuous process and requires an ongoing effort and a recurring annual investment. Cybersecurity is about people, processes and technology. Utilities need to deploy a complete programme consisting of proper organisation, processes and procedures to take full advantage of cybersecurity protection technologies.
To establish and maintain cyber secure systems, utilities can follow a four-point approach:
1. Conduct a risk assessment
The first step involves conducting a comprehensive risk assessment based on internal and external threats. By doing so, OT specialists and other utility stakeholders can understand where the largest vulnerabilities lie, as well as document the creation of security policy and risk migration
2. Design a security policy and processes
A utility’s cybersecurity policy provides a formal set of rules to be followed. These should be led by the International Organisation for Standardisation (ISO) and International Electrotechnical Commision (IEC)’s family of standards (ISO27k) providing best practice recommendations on information security management. The purpose of a utility’s policy is to inform employees, contractors, and other authorised users of their obligations regarding protection of technology and information assets. It describes the list of assets that must be protected, identifies threats to those assets, describes authorised users’ responsibilities and associated access privileges, and describes unauthorised actions and resulting accountability for the violation of the security policy. Well-designed security processes are also important. As system security baselines change to address emerging vulnerabilities, cybersecurity system processes must be reviewed and updated regularly to follow this evolution. One key to maintaining and effective security baseline is to conduct a review once or twice a year
3. Execute projects that implement the risk mitigation plan
Select cybersecurity technology that is based on international standards, to ensure appropriate security policy and proposed risk mitigation actions can be followed. A ‘secure by design’ approach that is based on international standards like IEC 62351 and IEEE 1686 can help further reduce risk when securing system components
4. Manage the security programme
Effectively managing cybersecurity programmes requires not only taking into account the previous three points, but also the management of information and communication asset lifecycles. To do that, it’s important to maintain accurate and living documentation about asset firmware, operating systems and configurations. It also requires a comprehensive understanding of technology upgrade and obsolescence schedules, in conjunction with full awareness of known vulnerabilities and existing patches. Cybersecurity management also requires that certain events trigger assessments, such as certain points in asset life cycles or detected threats
For utilities, security is everyone’s business. Politicians and the public are more and more aware that national security depends on local utilities being robust too. Mitigating risk and anticipating attack vulnerabilities on utility grids and systems is not just about installing technology. Utilities must also implement organisational processes to meet the challenges of a decentralised grid. This means regular assessment and continuous improvement of their cybersecurity and physical security process to safeguard our new world of energy.
Jonathan Wilkins, marketing director of obsolete industrial parts supplier, EU Automation discusses three cyber security pitfalls that industry should prepare for – the weaponisation of everyday devices, older attacks, such as Heartbleed and Shellshock and vulnerabilities in industrial control systems.
IBM X-Force® Research 2016 Cyber Security Intelligence Index
In 2016, IBM reported that manufacturing was the second most cyber-attacked industry. With new strains of ransomware and other vulnerabilities created every week, what should manufacturers look out for in new year?
‘Weaponisation’ of everyday devices
The advantages of accessing data from smart devices include condition monitoring, predictive analytics and predictive maintenance, all of which can save manufacturers money.
However, recent attacks proved that these connected devices can quickly become weapons, programmed to attack the heart of any business and shut down facilities. In a recent distributed denial of service (DDOS) attack, everyday devices were used to bring down some of the most visited websites in the world, including Twitter, Reddit and AirBNB.
Such incidents raise a clear alarm signal that manufacturers should run their production line on a separate, highly secure network. For manufacturers that use connected devices, cyber security is even more important, so they should conduct regular cyber security audits and ensure security protocols are in place and up-to-date.
Don’t forget the oldies
According to the 2016 Manufacturing Report, manufacturers are more susceptible to older attacks, such as Heartbleed and Shellshock. These are serious vulnerabilities found in the OpenSSL cryptographic that allows attackers to eavesdrop on communications and steal data directly from users.
Industrial computer systems generally aren’t updated or replaced as often as consumer technology, which means that some still have the original OpenSSL software installed. A fixed version of the programme has since been released, meaning that manufacturers can avoid this type of attack by simply updating their system.
Keeping industrial control
Manufacturers understand the need to protect their networks and corporate systems from attacks, but their industrial control systems also pose a risk. If an attacker deploys ransomware to lock down manufacturing computers, it could cause long periods of downtime, loss of production and scrap of products that are being made when the attack happens.
This is particularly true in the era of Industry 4.0, where devices are connected and processes are automated. One of the most effective means of safeguarding automated production systems is cell protection. This form of defence is especially effective against man-in-the-middle attacks, whereby the attacker has the ability to monitor, alter and inject messages in a communications system.
In its report, IBM also stated that cyber security awareness in the manufacturing industry is lower than other sectors. The truth is that any company can be the target of a cyber attack. The only way to avoid a cyber security breach is by planning ahead and preparing for the unexpected.
Ray Dooley, Product Manager Industrial Control at Schneider Electric Ireland examines the importance of maintaining security as we progress through Industry 4.o.
Ray Dooley, Schneider Electric Ireland
A technical evolution has taken place, which has made cyber threats more potent than at any other time in our history. As businesses seek to embrace Industry 4.0, cybersecurity protection must be a top priority for Industrial Control Systems (ICS). These attacks are financially crippling, reduce production and business innovation, and cost lives.
In years gone by, legacy ICS were developed with proprietary technology and were isolated from the outside world, so physical perimeter security was deemed adequate and cyber security was not relevant. However, today the rise of digital manufacturing means many control systems use open or standardised technologies to both reduce costs and improve performance, employing direct communications between control and business systems. Companies must now be proactive to secure their systems online as well as offline.
This exposes vulnerabilities previously thought to affect only office and business computers, so cyber attacks now come from both inside and outside of the industrial control system network. The problem here is that a successful cyber attack on the ICS domain can have a fundamentally more severe impact than a similar incident in the IT domain.
The proliferation of cyber threats has prompted asset owners in industrial environments to search for security solutions that can protect their assets and prevent potentially significant monetary loss and brand erosion. While some industries, such as financial services, have made progress in minimising the risk of cyber attacks, the barriers to improving cybersecurity remain high. More open and collaborative networks have made systems more vulnerable to attack. Furthermore, end user awareness and appreciation of the level of risk is inadequate across most industries outside critical infrastructure environments.
Uncertainty in the regulatory landscape also remains a significant restraint. With the increased use of commercial off-the-shelf IT solutions in industrial environments, control system availability is vulnerable to malware targeted at commercial systems. Inadequate expertise in industrial IT networks is a sector-wide challenge. Against this backdrop, organisations need to partner with a solutions provider who understands the unique characteristics and challenges of the industrial environment and is committed to security.
Assess the risks
A Defence-in-Depth approach is recommended. This starts with risk assessment – the process of analysing and documenting the environment and related systems to identify, and prioritise potential threats. The assessment examines the possible threats from internal sources, such as disgruntled employees and contractors and external sources such as hackers and vandals. It also examines the potential threats to continuity of operation and assesses the value and vulnerability of assets such as proprietary recipes and other intellectual properties, processes, and financial data. Organisations can use the outcome of this assessment to prioritise cybersecurity resource investments.
Develop a security plan Existing security products and technologies can only go part way to securing an automation solution. They must be deployed in conjunction with a security plan. A well designed security plan coupled with diligent maintenance and oversight is essential to securing modern automation systems and networks. As the cybersecurity landscape evolves, users should continuously reassess their security policies and revisit the defence-in-depth approach to mitigate against any future attacks. Cyber attacks on critical manufacturers in the US alone have increased by 20 per cent, so it’s imperative that security plans are up to date.
Upskilling the workforce There are increasingly fewer skilled operators in today’s plants, as the older, expert workforce moves into retirement. So the Fourth Industrial Revolution presents a golden opportunity for manufacturing to bridge the gap and bolster the workforce, putting real-time status and diagnostic information at their disposal. At the same time, however, this workforce needs to be raised with the cybersecurity know-how to cope with modern threats.
In this regard, training is crucial to any defence-in-depth campaign and the development of a security conscious culture. There are two phases to such a programme: raising general awareness of policy and procedure, and job-specific classes. Both should be ongoing with update sessions given regularly, only then will employees and organisations see the benefit.
Global industry is well on the road to a game-changing Fourth Industrial Revolution. It is not some hyped up notion years away from reality. It’s already here and has its origins in technologies and functionalities developed by visionary automation suppliers more than 15 years ago. Improvements in efficiency and profitability, increased innovation, and better management of safety, performance and environmental impact are just some of the benefits of an Internet of Things-enabled industrial environment. However, without an effective cybersecurity programme at its heart, ICS professionals will not be able to take advantage of the new technologies at their disposal for fear of the next breach.
Last year, a Radware report stated more than 90 per cent of companies surveyed had experienced some sort of cyber attack. However, the term internet of zombies describes a more advanced kind of attack. Here, Jonathan Wilkins of EU Automation discusses the internet of zombies and how companies can prepare for the outbreak.
Since Dawn of the Dead was first released in 1978, the possibility of a viral outbreak that will turn us all into night crawling, flesh-eating zombies has become a worry for many and a very prolific Hollywood theme. While it’s unlikely this will ever happen, industry has recently started facing an epidemic across IT systems that companies should be aware of. The internet of zombies won’t result in the end of civilisation, but it does put your company’s confidential information at risk.
The term internet of zombies, was coined by cyber security solutions provider, Radware in its Global Application and Network Security Report 2015-16. The concept refers to the rise of an advanced type of Distributed Denial of Service (DDoS) attack, named Advanced Persistent Denial of Service (APDoS). This type of attack uses short bursts of high volume attacks in random intervals, spanning a time frame of several weeks.
In 2015, more than 90 per cent of companies surveyed by Radware experienced a cyber attack. Half of these were victims of an APDoS – up from 27 per cent in 2014. The report by Radware suggested 60 per cent of its customers were prepared for a traditional attack, but not an APDoS.
Typically, APDoS attacks display five key properties: advanced reconnaissance, tactical execution, explicit motivation, large computing capacity and simultaneous multi-layer attacks over extended periods. The attacks are more likely to be perpetrated by well-resourced and exceptionally skilled hackers that have access to substantial commercial grade computing equipment.
Hackers use virtual smoke screens to divert attention, leaving systems vulnerable to further attacks that are more damaging, such as extortion and theft of customer data. While the financial services sector is most likely to be targeted, almost anyone can fall victim to the highly effective attacks.
This type of attack is becoming increasingly common in retail and healthcare, where data is considered to be up to 50 per cent more valuable. As IT systems across different sectors become more automated, cyber security specialists are predicting these persistent attacks will happen even more frequently.
Businesses need to find new ways to fight the internet of zombies and can prepare for the outbreak by ensuring they’re equipped to make decisions quickly at the first sign of a hack. Combining several layers of virtual protection with skilled professionals should be the first line of defence for information security.
Paying for additional capacity when developing a website can make the process costly; so many companies scale their system to match a predictable peak. However, in an APDoS attack, sites can experience ten or 20 times more traffic than their usual maximum so it makes sense to allow a healthy margin of error when developing a system.
Having a response plan in place will also improve the chances of restoring a system before any major damage is done. The plan should include preparing contact lists and procedures in advance, analysing the incident as it happens, performing the mitigation steps and undergoinga thorough investigation to record the lessons learned.
It’s likely that zombie films will be as popular as ever in 2016, with another instalment of Resident Evil on the cards. Let’s make sure that the internet of zombies doesn’t rear its head as well by preparing ourselves for the outbreak of APDoS that’s heading our way.
Emerson User Group EMEA in Brussels, Belgium – 12th – 14th April 2016
“Seems to me that #EMrex is focusing not so much on new technologies, though important, but looking closer at how we do things.”our tweet on day one.
Brussels looked lovely on the morning that the Emerson User Group meeting opened. There was little to suggest the trauma that the city had faced just a few short weeks previously as delegates strolled through the sun-lit streets to the conference centre. The security however was markedly tighter as we entered the building however with strict adherence to the best security practices. However once inside the building things were as normal.
Speaking with the organisers it promised to be a bumper event, stretched as it was over three days examining all aspects of automation, experiences, applications and of course exciting new products and concepts. The attendance was slightly down on the last time in Stuttgart, some were reluctant to travel, others were unable to make it due to the inability of the severely damaged to adhere to a normal service. Those who attended were in part in broad agreement with the message penned by Emerson’s Travis Hesketh – Standing up for Brussels. Indeed the User Group very quickly confirmed after these terrible events that they were going ahead with #EMrex. At several of the social events at the periphery, like the evening reception for publishers and journalists the people who suffered were remembered.
The venue was a modern conference and the one hundred or so presentations and industry forums were stretched over about six floors including an exhibition floor and at the very top of the building was a cyber café and a wonderful panoramic hall with the breathtaking view (featured at the top of this page from a tweet by Emerson’s social media guru – Jim Cahill)
But on to the the meeting!
Peter Iles-Smith of GlaxoSmithKline opened proceedings as chair of the Users Exchange Board. He welcomed the over two thousand delegates from so many countries through out the EMEA who travelled for the event.
Steve Sonnenberg, President Emerson Process Management (pictured right) and Roel VanDoren, their President in Europe, in a joint presentation entitled “New Reality, New Opportunity” addressed the changes and challenges facing companies in the 21st Century. They did not talk about products or applications but on ways of doing things. Indeed during the presentation we tweeted: “Emerson’s approach – yes equipment, but more importantly perhaps is attitude or culture.”
Nobody does business the way they it was done even twenty years ago, when the internet was a baby and nobody imagined never mind thought possible social media platforms like twitter, yet in many cases industry is way behind in adapting to change. Possibilities are there which were inconceivable a short time ago and these need to be harnessed for the good of humanity.
Research into these possibilities, new technologies are leading to changes especially the importance of planning including all stakeholders at the earliest opportunity. This thinking is leading to an innovative technology and engineering-based approach for improved capital efficiency such as their Project Certaintyapproach which aims to tackle complexity by decoupling the dependencies suppliers have on each other, eliminating bottlenecks and allowing concurrent work streams. In a word it aims to transform capital investment and releasing the frightening amounts of money currently being lost in big and not so big projects.
And these figures are frightening. If the type of approach spoken of here is adopted savings of up to €400 Billion (yes BILLION) would be released to invest in, for instance, production, reliability, safety, energy, training, security and innovation.
So what is involved?
Xavier Marchant, (right), Emerson’s Vice President Process Systems and Solutions in Europe, gave dramatic examples of the possible savings in labour and materials. For instance the decision to use smart junction boxes in a large project could save both money and space (95% in control room space). Spare parts are another area where there is phenomenal waste. He quoted a spokesman from a International Energy and Chemical Company, “On our last construction project we overspent on maintenance spares to the tune of €50,000,000…we just wrote it off….because we did not have a robust spares analysis process.” Reduce the complexity by the involvement of stake holders at the start of planning for a project and allowing them to develop it side by side. One simple idea is to separate software from hardware in the development. The “old way” is to tie them together from the start whereas this way the software can be developed using virtual systems and then later on when the actual operation is seen to work in the virtual world (he called it virtual FAT – Factory Acceptance Test) it may be introduced to the real or concrete world – or “late binding” as he called it.
Virtual FAT has far less chance of harming one than the real thing?
He quoted François Davin of Sanofi “Emerson’s Remote Virtual Office allowed us to collaborate with experts and resources from multiple sites to conduct our Factory Acceptance Test (FAT). The result was less travel and site disturbance to our operations. Also, more operators could participate remotely which improved the new automation system adoption.”
We were introduced to the concept of quartile performance and their site Top Quartile Performance is a exposé of how they view this as a concept and how it is influencing their thinking as a group.
Of course all these changes would be impossible without the availability and enthusiastic embracing of the so-called “new” technologies. Peter Zornio (right), Emerson’s irrepressible Chief Strategic Officer, gave us an insight into these and how the company is using these and its co-operative involvement with the pioneers in these , the Internet of Everything(CISCO), Industrial Internet (GE), Smart Planet (IBM) and The Internet of Things (Microsoft). These technologies, and others embryonic or not even conceived of are guiding the current and future development of technology used in the manufacturing and processing sectors.
Keynotes: The Emerson User Exchanges whether in the USA or EMEA always have exciting and inspirational keynote speakers each day. This event was no exception. Jack Uldrich, a futurist spoke about future-proofing business. The majority of businesses are not ready for what is happening in the real world or for the speed at which it is happening.
Another of these speakers Prof Jan Rotmans who spoke about change. He maintains that we are not living through an “era of change” as a “change of era!” Many of us are in the old era, our mobile phone is just that, we read newspapers, buy books in bookshops. Our kids live on their mobile phones, they are their liveline. We are “old-fashioned” our kids are “cool!” Change is disruptive and the old ways are totally unable to cope. The old top-down certainties are dissolving and the “common man” is taking charge, sometimes violently. Chaos is the name of the game.
Finally a veteran at EmrEX, David Beckman, brought all the thoughts and ideas of New Reality, New Opportunity together. In view of Rotmans’ talk earlier the title he chose was more than relevant as he introduced delegates to the “Worst Case Scenario Survival Handbook.” Although he prepared us for worst case scenarios he described real opportunities for industrial automation.
Presentations. The various threads were divided into five headings or sectors, Business & Projects; Operate Safely, Securely and Legally; Process Optimisation; Maintenance & Reliabilitym and, Control System Applications & Migrations and were held through each of the days.
Forums: There were also Industry Forums with panels and general discussions on the various specialities e.g. Life Sciences or Refining & Petrochemicals. These were opportunities for participants to learn and exchange information and experiences with each other.
Training: There were also training sessions and other sessions (called Roadmaps) on Emerson products and possible future developments.
Solutions EXPO: Of course no event is complete without actually seeing product and EmrEX is no exception. The floor was divided under the same zone headings as the threads of presentations above. (See sketch on left).
There were several unique exhibits. One was the Operations Centre of the Future. This was an imaginative presentation of a plant with a H.A.L. like computer responding (or not) to commands or requests from the operatives. It featured a drone delivery of spare parts and a really effective alarm situation which featured a realistic vibration of the floor. Of course the real message is that though it is the future most of the technology used is possible today.
Of course the Project Certainty concept featured prominently in the Business & Projects area and we were show possible scenarios. They had also rather bravely set up a wall where delegates could post what they consider are the features that should be addressed in projects. This should help “to focus ruthlessly on what’s directly relevent to a company strategy.”
Of course there were actual instruments on display to examine and handle.
Notable was this industry first, the Rosemount X-well system, a wireless transmitter, accurately measuring process temperature without need for thermowell. Accurate process temperature measurement is possible without requiring any intrusions or penetrations into the process, allowing for quicker and easier installation along with simplified long-term maintenance. Users do not have to design, size or maintain thermowells. Wake Frequency Calculations are eliminated, as well as time spent determining material compatibility, the right insertion length and the necessary profile.
Also the new Emerson Wireless Pressure Gauge created quite buzz among delgates. Th“This new gauge design fundamentally will change how customers use pressure gauges by helping them make better business decisions!” It is another industry first. Does this signal the end of the Bourdon Tube?
Energy management is of course critical in all processes. It is effected not only by cost factors but also by legislation driven by concerns on pollution and global warming. Here Emerson demonstrated some prototypes of monitoring and control equipment not yet available. They emphasised savings on space occupied and of course ease of use by operatives.
Another very popular item was on the Maintenance & Reliability Zone. Here was an opportunity to experience the immersive training simulator. A goggle like apparatus was placed on the head and using a game-like hand piece the engineer is able to travel through a plant and see where various problems may be without any danger to him or her. It is a fascinating experience and one really feels that one is travelling through the plant rather than sitting or standing in a control room or office. In this picture we see Emerson’s Chief Blogger, Surface Dweller, Head of Social Media enter the virtual world for real! We can confirm that he returned to real reality afterwards.
Around the periphery of the EXPO were the booths of companies which compliment the Emerson offering – what they call their complementary and strategic partners.
There was also a section dedicated to history featuring milestones in science and automation over the years. It was a demonstration of change in the past. What will feature in future shows? The new opportunities taking advantage of the new realities of the past.
Always a major highlight of the Emerson User Group events is waht the call the “Networking Event.” This year was rather unique in that it was a visit to the Museum of Fine Arts and the Magritte Museum. This was an unique opportunity to see the best of Belgian painters – creativity of a different type than that extolled during the day sessions. Artists such as the Brueghels, Rubens, Jordaens and Magritte were enjoyed during this evening. Food and beverages were served – Belgium is famous for its beers of course but it also has its own cuisine and of course it’s chocolate is to die for.
This years event, despite the unexpected difficulties, was on a par, indeed because of these difficulties had perhaps more user participation than previous ones. There were many exciting things to see, concepts to understands and friends with which to share experiences. And of course fun with a capital F.
Look at this and tell me people weren’t enjoying themselves! (Twitter pic @Julian_Annison)
Emerson’s Travis Hesketh and Nick Taylor appreciating (?) art.
The videos here give an impression of each day: Day One
• We have written about our travelling experiences to and from Brussels in our personnel blog (Sa Bhaile: (“Home” in Irish). These were relatively smooth if labourious but there is indeed no comparison to the experiences of Nick Denbow of ProcessingTalk which he outlines on their blog: My worst week as an air traveller!
ISA’s first international symposium outside of North America is adjudged a success.
From the time it was firsted mooted for Ireland in 2015 the planning for the 3rd ISA Food & Pharmaceutical Symposium was embraced with enthusiasm by the local Ireland Section. This was in Philadelphia early in 2015 and since then the ISA’s Food & Pharma Division under the able directorship of Canadian Andre Michel has ploughed forward overcoming setbacks and the not inconsiderable distances between North America and the capital of Munster. Chair of the symposium and former Ireland Section President, Dave O’Brien directed a strong committee charged with ensuring the this, the first such international symposium organised by the ISA outside of North America would be a resounding success.
And it was.
Venues were assessed, speakers recruited and the various minutiae associated with organising an international event were discussed, duties asigned and problems solved over many late night transatlantic telephone conferences. Using the experience of the ISA staff in North Carolina and the many years experience of organising table-top events and conferences in Ireland by the Ireland Section a very creditable event was staged at the Rochestown Park Hotel. With some justification the Symposium Chair could state before the event started “We have assembled a truly outstanding program this year, featuring some of the world’s most accomplished experts in serialization, process optimization, cyber security and alarm management to name a few. These experts will speak on the vital issues affecting food and drug manufacturers and distributors. We are delighted to have the opportunity to bring this event to Ireland for its first time outside of the United States!” Indeed upwards of 200 registrands attended the two day event and it was notable that the bulk of these stayed until the final sessions were completed.
ISA President Jim Keaveney (3rd from right) with some of the speakers ath the FPID Symposium
Technology and Innovation for 2020 Global Demands Two fluent keynote speakers, Paul McKenzie, Senior Vice President, Global Biologics Manufacturing & Technical Operations at Biogen (who addressed “Driving Change Thru Innovation & Standards”) and Dr Peter Martin, VP and Edison Master, Schneider Electric Company (Innovation and a Future Perspective on Automation and Control) may be said to have set the tone. The event was also graced with the presence of ISA Internationa President for 2016 Mr Jim Keaveney.
We will highlight a few of the sessions here!
The important subject of serialization which affects all level of the pharmaceutical business especially in view of deadlines in the USA and the EU. From an overview of the need and the technology to a deep dive into the user requirements, this session provided the latest information on the world requirements and helping provide the solution needed in each facility. Speakers, as in most sessions, were drawn from standard, vendor and user organisations as well as state enforcement agencies.
Track & Trace:
In the parallel Food thread of the symposium the role of track and trace technologies were examined. Product safety, output quality, variability and uniqueness of customer requirements manufacturers are facing increasing demands on the traceability of raw materials, real-time status of manufactured goods and tracking genealogy of products throughout the value chain from single line to the multiple sites of global manufacturers. The evolution of data systems and technologies being offered means greater benefits for Industry and presenters Vision ID and Crest will show these solutions and the advantage of modernization.
Both threads came together for much of the event mirroring the similarity of many of the technologies and requirements of each sector.
Digitalization in industry shows what bringing the worlds of automation and digitalization together provides true and advanced paperless manufacturing with more complex devices and interconnected data systems. This is an enabler to integrated operations within industry. Using MES as a core concept to create a Digital Plant and optimized solutions with data driven services was explained. And a practicale example of a plant was discussed showing the journey to paperless manufacturing and a real pharmaceutical strategy of integrating automated and manual operations.
Eric Cosman makes a point!
Of course this is one of the key topics in automation in this day and age. Without implementing the proper preventative measures, an industrial cyber-attack can contribute to equipment failure, production loss or regulatory violations, with possible negative impacts on the environment or public welfare. Incidents of attacks on these critical network infrastructure and control systems highlight vulnerabilities in the essential infrastructure of society, such as the smart grid, which may become more of a focus for cybercriminals in the future. As well as threats from external sources steps ought to be taken to protect control and automation systems from internal threats which can cripple a company for days or months. This session highlighted the nature of these threats, how systems and infrastructure can be protected, and methods to minimize attacks on businesses.
Automation Challenges for a Greenfield Biotech Facility:
These were outlined in this session in the pharmaceutical thread. Recent advances in biotechnology are helping prepare for society’s most pressing challenges. As a result, the biotech industry has seen extensive growth and considerable investment over the last number of years. Automation of Biotech plants has become increasingly important and is seen as a key differentiator for modern biotech facilities. Repeatable, data rich and reliable operations are an expectation in bringing products to market faster, monitor and predict performance and ensure right first time delivery. This session provided the most topical trends in automation of biotech facilities and demonstrated how current best practices make the difference and deliver greater value to businesses.
Process Optimization and Rationalization:
Meanwhile in the Food & Beverage thread incremental automation improvement keeps competitiveness strong. Corporate control system standardization leads to constant demand for increases in production and quality.
Industry 4.0 (Digital Factory: Automate to Survive):
Networking between sessions
The fourth industrial revolution is happening! This session asked how Global Industry and Ireland are positioned. What did this mean to Manufacturer’s and Industry as a whole? The use of data-driven technologies, the Internet of things (IoT) and Cyber-Physical Systems all integrate intelligently in a modern manufacturing facility. Enterprise Ireland and the IDA headlined this topic along with the ICMR (Irish Centre for Manufacturing Research) and vendors Rockwell and Siemens.
OEE and Automation Lifecycle: Plant lifecycle and Operational Equipment Effectiveness
Worldwide today many of the over 60 Billion Euro spend in installed control systems are reaching the end of their useful life. However, some of these controls, operational since the 80’s and 90’s, invested significantly in developing their intellectual property and much of what was good then is still good now. Of course some aspects still need to evolve with the times. This requires funding, time and talent. For quite some time now there has been a skilled automation shortage at many companies leading organizations to outsourcing, partnerships and collaboration with SME’s to help manage the institutional knowledge of their installed control systems. With corporate leadership sensitive to return to shareholders, plant renovation approval hurdle rates are usually high when it comes to refreshing these control systems. In many manufacturing facilities, engineers and production managers have been asked to cut costs and yet still advance productivity. To solve this dilemma, many world class facilities continue to focus on driving improvements through the use of automation and information technology. Some are finding that using existing assets in conjunction with focused enhancement efforts can take advantage of both worlds. Here we were shown great examples of where innovation and such experiences are helping to create real value for automatio modernization.
And of course no matter how sophisticated systems are Alarms are always require and neccessary. DCSs, SCADA systems, PLCs, or Safety Systems use alarms. Ineffective alarm management systems are contributing factors to many major process accidents and so this was an importan session to end the symposium.
The social aspect of this event was not forgotton and following a wine reception there was a evening of networking with music at the end of the first day.
On the Wednesday, although the symposium itself was finished there were two formal all day training courses. These covered, Introduction to Industrial Automation Security and the ANSI/ISA-62443 Standards (IC32C – Leader Eric Cosman, OIT Concepts ), and Introduction to the Management of Alarm Systems (IC39C – Leader Nick Sands, DuP0nt). These, and other, ISA courses are regularly held in North America and the Ireland Section occasionally arranges for them in Ireland.
All in all the Ireland Section and its members may feel very proud in looking back on a very well organised and informative event which in an email from one of the attendees, “Thank you all, It was the best symposium I attended in the last 10 years!”
Irish/German co-operation in new technologies creating a paradigm shift in the planning of safety for current and future manufacturing systems.
Presence detection is a critical element in the basis of safety for many pharmaceutical and bio pharmaceutical processes. Detecting presence of workers prior to start-up and during operation of machinery and processes is an effective means of injury prevention. Likewise product can be protected from human contamination using collaborative robots allied with relevant 3-D presence detection. The pharmaceutical sector has always had to deploy sophisticated processes and technology in its manufacturing environment while maintaining the highest safety standards.
This is an approach which responds positively to the need for worker safety while minimising production disruption. Process components such as centrifuges and barrel mixers pose a significant risk to workers because of high speed rotational action or agitation. Likewise transportation of storage units such as intermediate bulk containers and the use of automated wrapping and palletising machinery create the need for effective safeguarding. 3D sensing systems provide many advantages through the introduction of barrier-free safeguarding.
SafetyEYE, a 3-D virtual detection system, provides a comprehensive protection zone around such machinery. Developed jointly by the Pilz Software Research and Development team in Cork (IRL) and the Product Development division in Ostfildern (D), the company considers SafetyEYE as an example of new technologies creating a paradigm shift in the planning of safety for current and future manufacturing systems.
Bob Seward, chair of the IOSH Desmond-South Munster Branch, said: “The development of this innovative SafetyEYE technology will make a significant difference in terms of protecting people at work while they operate around machinery danger zones. Our members were very impressed with SafetyEYE and what it can achieve in terms of accident prevention and safeguarding workers.”
The world’s first 3D zone monitoring system SafetyEYE comprises a three-camera sensing device, an analysis unit and programmable control capability.
The sensing unit creates the image data of the zone to be protected and the stereoscopic cameras allow for precise distance and depth perception. Adjusting the height of the camera device allows for varying zone dimensions and areas of coverage. The image data is processed by the analysis unit to detect any intrusion of the defined 3-D protection zone and is relayed to the programmable safety and control system (PSS) for activation of the appropriate safety response.
The avoidance of an obstacle-course of physical guards has obvious advantages for increased freedom of interaction and ergonomics between machinery and humans without compromising safety for both. Because of the highly configurable software a wide range of detection zones can be designed either using pre-defined geometric forms or bespoke shapes. These zones can then be assigned various safety-related actuations with reference to the risk from an audio-visual warning to shut-down.
SafetyEYE can be used to prevent start-up of machinery when persons are in a danger zone or provide warnings and if necessary activate a shutdown if an operator enters a danger zone while such plant is running. The system can be configured to signal a warning as the worker enters the perimeter of the defined safety zone and as he continues further into the zone initiate further safety actions. The machine can remain in this suspended state while the worker completes his task. Once the worker has cleared the area the machine’s activities can resume in accordance with the worker’s egress from the safety zone. This incremental reactive capability allows for minimum downtime and so optimal productivity is maintained. For workers who only encroach on the outer points of the safety zone the triggered warning will uphold the safety integrity of the work space without limiting operation. Likewise, the system can be configured to allow for pre-defined spaces within the protection zone to be breached without shut down. This is especially useful for supervisory personnel who need to access control components which lie within the safety zone. Again they may complete their task safely without the need to disrupt the manufacturing process.
To achieve the same level of safety in such a scenario as this, a whole range of other safety measures may have to be deployed, such as guard-doors, with the physical and visual restrictions these solutions will impose. Safety for workers venturing beyond these guards would then require optical sensors which operate two-dimensionally along a plane and may require a multiplicity of sensors to provide comprehensive monitoring. This mix of solutions can present significant cost implications and their static single-plane positioning will raise costly design challenges. As SafetyEYE is positioned above the manufacturing area it does not present any physical or visual obstruction and it is also far less likely to be interfered with than other ground-level safety measures which are always more vulnerable to intentional or accidental interference. The 3-D zonal capability means that one sensor unit can provide far more safety coverage than the planar sensors. Such imaging-based devices also have a recording functionality so that safety zone breaches can be recorded or production activity monitored to feed into productivity metrics.
These attributes were acknowledged by Bob Seward of the IOSH when presenting Pilz with the award. “With the introduction of this certified technology, safety can no longer be seen as a barrier to work, slowing work down or stopping work. It can be truly integrated in the work system.”
Pilz Ireland managing director John McAuliffe said: “Pilz were honoured to receive this award. The area of safety in which we work is constantly changing and Pilz need to be innovative in order to provide our customers with solutions that achieve safety in lean manufacturing environments.” Providing services from risk assessment, safety design and safety training to customers all over the world the company views continuous development of processes and products, such as SafetyEYE, as vital in meeting the constantly evolving demands of the modern manufacturing environment.
The Association for Packaging and Processing Technologies (PMMI) estimates that 34% of primary pharmaceutical operations in North America by 2018 will be carried out by robots, compared with 21% in 2013. This increasing automation, along with the rapid growth of collaborative robots across all sectors, is heralding a new era of human-robot interaction in manufacturing.
SafetyEYE is especially effective in ensuring the safe deployment of collaborative robots which are ideal for handling materials and ingredients in a decontaminated environment but which require some level of interaction with operators who need to approach to carry out supervisory, control or intervention tasks.
Such are the potential production efficiencies brought about by collaborative robotics in the bulk pharmaceutical manufacturing sector that Health and Safety managers, engineers and suppliers will need to align their safety strategy in line with this new industrial environment.
As with all new technologies care and due process must be exercised in the integration with other plant and machinery. Structured risk assessment considering the specific hazards leading to intelligent safety concepts are the key to successful adoption of such new technologies. Pilz is pioneering safe automation with the continuous development of its services and products, such as SafetyEYE, ensuring that its customers can anticipate the safety challenges presented by industry developments such as collaborative robots.