Automation industry veterans are IoT pioneers and didn’t know it!

Keith Blodorn, Director of Program Management at ProSoft Technology advises what to consider when starting your industrial internet of things journey

Do you consider yourself an Internet of Things Engineer? You should! Think about what the Internet of Things really means. According to Wikipedia, the Internet of Things “is the network of physical objects or ‘things’ embedded with electronics, software, sensors, and connectivity to enable objects to exchange data with the manufacturer, operator and/or other connected devices…” As an automation industry veteran, that sounds really familiar. We have been connecting intelligent devices to control networks for decades. We’re pioneers!

Acoustic coupler!

So, then, what’s all the fuss about? Looking through automation-oriented magazines and websites, the Internet of Things seems to be all anyone talks about. In the industrial world people call it the “Industrial Internet of Things” or “Industry 4.0” or any number of other names. But fundamentally, what is so different between this new-fangled buzzword and connecting a motor overload relay to a plant communications network like we were doing twenty years ago?

On one hand, these are basically the same idea. The Industrial Internet of Things (IIoT) is about intelligent devices like overloads, photo eyes, variable frequency drives, or PLCs providing data that we use to make our processes more efficient. IIoT is a name for a trend that has been going on in manufacturing and process control for years – remember “shop floor to top floor”? IIoT is about gathering more data from more intelligent things, and using powerful analytical tools to find and eliminate waste.

Remote Monitoring and Equipment Access
I know, we’ve been connecting to PLCs remotely for as long as most of us can remember! In the old days, remote access meant installing a serial modem connected to a dedicated phone line, so the machines we made remote access-capable were limited to the most critical operations.

What’s changed in the IIoT world is the proliferation of wireless connectivity, especially cellular networks and wireless LAN. By some estimates, 85 percent of the world’s population will be covered by high-speed cellular data networks by 2017. This has had several effects that change how we should approach remote access and equipment monitoring. First, it’s becoming feasible to gather a LOT more data from remote machines. Since 2008, the average cost per MB of cellular data has dropped 98 percent, from $0.46 per MB to just $0.01 per MB. Now, all that data that we used to deem not important enough to transmit can be made available from our remote sites.

Second, as consumer demand has driven rapid development of Internet- based user interfaces, these same technologies are making remote access to industrial equipment, and especially to process data, more accessible for more people throughout the organization.

Finally, machine builders and control engineers responsible for widely dispersed global operations can build reliable connectivity into their systems without the need for custom infrastructure and integration at the end site. Cellular technology that works on networks worldwide allows these engineers to design their system around a standard remote connection, and reasonably expect that connection to work wherever the machine ends up. For mobile equipment, access is available just about anywhere the equipment goes.

Machine and Process Control
IIoT technology is not just about cellular connections to remote machines. We are seeing new networking approaches to the old requirements of connecting sensors, operator interfaces, controllers and ERP systems that take advantage of the networking technology of today’s Internet. Major automation vendors like Rockwell Automation® and Schneider Electric® have been offering industrial Ethernet connectivity for PLCs and related devices for more than a decade. Industrial Ethernet protocols like ODVA’s EtherNet/IP provide the kind of performance required for automation systems, while also enabling interoperability with the massive Internet Protocol-based network infrastructure found in virtually every organization.

In many industrial applications, moving equipment presents a major challenge for communication to the sensors, actuators, and controls on that equipment. Many products exist to try to solve this problem, from slip rings to flexible cable trays to festoons.

However, these hard-wired solutions add cost and complexity while increasing the maintenance requirements for the machine. Meanwhile, we roam around our offices and homes with continuous connection to the Internet – no festoons in sight! Today’s automation engineers are taking advantage of the Internet Protocol-based industrial technologies to design more reliable networks for moving equipment.

Asset Mobility
One area of automation where IIoT technology is creating new opportunities involves taking the network connection anywhere in the plant. Old systems offered only so many places to “plug in.” Operators had to run the machine from one place – the operator panel. Maintenance had to jot down measurements and observations to enter into the maintenance management system when they got back to the shop. Control engineers could only program PLCs by plugging into the PLC, or to the PLC’s physical network through a proprietary adapter.

In a world where I can set my home thermostat while walking through an airport, we don’t have to live like this! Automation systems are now benefiting from the same “network everywhere” mindset as our home and office environment.

Things to Consider

Keith Blodorn – the author

The Industrial Internet of Things opens up some interesting new possibilities for automation, so you should begin planning how you can get your system “IIoT Ready.” The good news is that you likely have many pieces in place already – intelligent field devices, industrial networks, perhaps even some Internet Protocol-based infrastructure. Here is some food for thought as you consider how your system can fit into this new world of connected machines.

• Network Migration – While many of your field devices are likely already on a network, it is probably not an Internet Protocol-based network. Not to worry! As you see the need to move device data up to higher-level systems, you won’t need to scrap that tried-and-true device network. Gateway devices and in-rack protocol interfaces in your controller allow you to easily connect those older networks to the IP-based applications that need that device data. Serving up data from smart devices adds value to your operation, but it doesn’t necessarily require changing everything that is already there.

• Cybersecurity – While the interoperability of the IIoT brings great benefits, it also opens up new risks that we need to address. In reality, many automation systems are already “connected,” so cybersecurity should already be on your mind. It is important to understand what equipment can be accessed by whom, what connections are necessary and not necessary, and how data that’s transmitted outside the boundaries of your organization’s network is protected.

• Start Small – Vendors everywhere have grand visions for what the IIoT can do for manufacturers. But remember, you don’t need to dive in head first to get benefits from IIoT. Look for applications in your industry that make sense, and give them a try. One of the best parts of the IIoT concept is its scalability – Internet-based applications can just as easily serve one deployment as one million. Pick an interesting application, and run a pilot in a small area. There’s no better way to learn about a new technology than by giving it a go.

• Get Help – Most importantly, work with vendors you can trust. When it comes to industrial networking, ProSoft Technology® has been helping engineers get different equipment all talking the same language for more than 25 years. We can help you navigate your IIoT course, from connecting older Modbus® and PROFIBUS® networks to enabling remote equipment connectivity via cellular networks. When you’re ready to start the next phase of your IIoT journey, we’re here to help make it happen!

So much geek at NIWeek! A virtual attendee reports virtually!

Engineers are the future. Keep inspiring another generation!

David Bocanegra – “EV3 software is awsome…”

We have never been able to manage to get to NI Week, which is held annually in Austin Texas, more than 4000 miles away from Ireland as the crow flies. However we have been able to attend vicariously, via twitter, the live-streaming of keynotes and the blogs and releases issued during and immediately afterwards.

It has sometimes been said that in one way it is better to watch the twitter feeds than actually being there! It can certainly be as demanding on time and looking at a computer screen can be pretty exhausting. Indeed with the advance of hand-held units, iPads and phones, which can be connected all the time, the quantity, if not always the quality, of tweets was fairly intense. Of course its great disadvantage is the inability to provide the experience of face to face social intercourse, (nor the sometimes unpleasant aftermath of too-late nights!)

We have gathered the links to articles, blogs and pr material as we became aware of them and put them in a box on our Home Page to assist the busy engineer, nerd or geek who wanted a quick place to see these without having to trawl through what seemed like thousands of tweets. We have included that box below this article.

Tweet overload!
The enthusiasm of these National Instruments events is legendary and it continually seeped through these social media sharings. Things like “My biggest takeaway from every #niweek keynote: science and engineering are freakin cool!” (@TheRealAdamKemp ) or “Dr T kicked off #NIWeek 2013 by talking about Graphical System Design, Industry 4.0 and Cyber-Physical systems (oh, and bagpipe tuners!)” (@mjg73 ) and “My twitter news feed is blown up because of #niweek 🙂 totally not complaining! LOVE the new #roboRIO (so jealous I don’t get to use it)” (@alexkay4235 ). Another reported “Nearly 4,000 attendees packed in for the #NIWeek conference with over 1,000 streaming online!..” And more wonder & delight, “3rd year here, and the #NIWeek keynote intro still raises the hair on my neck!” (@Backerthebiker) or “Dang! Opening video presentation at #NIWeek 2013 was AWESOME! Kicking off this year’s conference with a big boom.” (@lindseyjo23); “Ready for another day of great madness! Love #NIweek” (@Fabiola31416).

Dr James Truchard

In think you get the idea!

The technology
Co-Founder Dr James Truchard kicked of in his inimitable style. The enthusiasm he generates is perhaps comparable to that generated by the founder of Apple though his style is completely different and perhaps understated though very real. He spoke about platforms and the future of virtual instrumentation. “From cyber physical systems to big Analog data solutions, graphical system design provides a platform based approach for measurement and control!”

Jeff Kodosky

The Applications
The second day commenced with a presentation by the other side of the foundation duo, Jeff Kodosky – the Father of Labview. Fostering discovery – using Labview in the most difficult applications. These include the iconic CERN project in Europe, sensitive healing technologies for cancer treatment and facilitating food production in otherwise impossible areas.

Inspiring and Preparing the Next Generation of Innovators
“High school kids created these robots!”
Day three Ray Almgren discussed Inspiring and Preparing the Next Generation of Innovators, always a strong suite with National Instruments. However we have no intention in treating on these “keynote” sessions. No! National Instruments with their usual efficiency, have provide professional videos of NIWeek 2013 Keynote Presentations and they are well worth looking at. They have divided each days keynotes into four sections which means that one can navigate to the topics/technologies of interest.

There are a few presentations which impressed your correspondent.

The young are always impressed with robots. We were introduced to David Bocanegra, a youthful programmer (10 years old), using the LEGO® MINDSTORMS® EV3 system. He demonstrated his skill and the versitality of the EV3 software. When asked he enthusiastically responded “EV3 software is awsome…” (See pic at top of page!)

We saw some high-school students using the NI roboRIO on a frisbie fairing robot. They started the system and there was a pregnant pause interrupted by one of them saying “Uh-oh!” One of the Nat Instrument guys (Ray Algrem) came across to see what was wrong but obviously the students had it under control as they explained what the robot was doing while nothing could be seen.

“What’s the probability of success?” he asked dubiously.

“High!” was the confident (and indignant) response of the students! And they were right!

They then used the doubting presenter for target practice as they used him in a William Tell-like exercise of shooting a bottle of his head with a frisbee! Wonderful stuff!

Dr Red Whittiker & Lunar Lander

Two other presentations on the third day were both to do with space. A memorable presentation from NASA’s Associate Administrator of Education, Leland Melvin. He shared his time on the International Space Station and his experience with robotics in space. Finally a presentation from Dr Red Whittaker, Carnegie Mellon University, on a planned robotic expedition to the moon to explore mineral resources there. The extraordinary machine that will be landing and doing the work was shown. Watch out for news of the pin-point landing and exploration in October 2015. Fascinating stuff.

Finally these tweets “I know I say it every year, but this was THE BEST #NIWEEK EVA!” (@crelfpro ) and “Had a great time @NIWeek! Already excited for next year.” (‏@TandelSystems).

Invitation!
“Thanks for attending #NIWeek 2013. We had a blast & hope you did too. Stay social & tell us what you liked best!” (@NIglobal)

Oh yes! Next year they do it (or something like it) all over again. Mark your diary – NI Week 2014 – 5th to 7th August 2014 in Austin Texas USA. 

NIWeek 2013 NI Week on twitter #NIweek! 7 Steps to to Making the Most of NI Week Social Media Guide at NI Week (Slideshow – #NIWeek tweets are more powerful with photos.) Live Keynotes (National Instruments’ videos in digestible chunks!) Check out LabViewNI.com for LABVIEW NEWS INFORMATION Blogs and Reports (We’ll probably have missed a few so check out the tweets etc!) Bloomy Controls Awarded Most Outstanding Technical Resources (PR Web, 22/8/2013) cDAQ, cRIO, myRIO, PXImc und natürlich LabVIEW ((Hans Jaschinski, all-electronics.de 20/8/2013) Cold Fusion Demo in Texas – More Pictures (DRbobblog, 16/8/2013) NI Week 2013: The Enable highlight reel! (Ben Zimmer, Enable Education, 14/8/2013) NIWeek 2014 dates announced (Radio Electronics 12/8/2013) Instrument Maker Puts Education Center Stage (Douglas McCormack, IEEE Spectrum, 12/8/2013) Reach of software-designed instrumentation for electronic test extended (Read-out Signpost, 12/8/2013) National Instruments’ CEO Hosts Investor Conference (Transcript) (Seeking Alpha, 10/8/2013) Record-breaking Attendance, Groundbreaking Products (NICommunity News, 9/8/2012) National Instruments adds to their platforms (Larry Desjardin, EDN Network, 9/8/2013) National Instruments promotes lifelong science, engineering education (Mary Gannon, Connector Tips, 9/8/2013) Engineering Innovation at National Instruments’ NIWeek (Laura Lorek, Silicon Hills News, 9/8/2013) Technologies & tutorials highlight week (Vision Systems Design, 9/8/2013) Take care of the village people (New Electronics, 9/8/2013) Students can design sophisticated systems in one semester (Read-out, 9/8/2013) The Fourth Industrial Revolution Is Here (Rob Spiegel,Design News, 8/8/2013) NIWeek’ displays latest in science, tech (Jess Mitchell , Austin YNN, 8/8/2013) Electric Utility Distributes Control to Move Grid Into 21st Century (Aaron Hand, Automation World, 8/8/2013) The Outsider’s Guide to NIWeek 2013 (Matt Migliore, Flow Control, 8/8/2013) Places to be this week (Martin Rowe, EE Times, 8/8/2013) Ditch the Lab: Take measurements in rugged environments (Read-out, 8/8/2013) Programming Lego Mindstorms using RTI DDS Toolkit for LabVIEW (Merwin Shanmugasundaram, RTI, 8/8/2013) Custom hardware is dead (New Electronics, 8/8/2013) Fun at NIWeek (Mary Gannon, MotionControl Tips, 8/8/2013) National Instruments redesigns NI CompactRIO from the inside out (Read-out, 8/8/2013) NI Week hat im texanischen Austin begonnen (Hendrik Härter, Elektronik Prazis, 7/8/2013) Platforms in a programmable world (New Electronics, 7/8/2013) Day 2 of NI Week is “applications day!” (Paul Heney, Mobile Hydraulic Tips, 7/8/2013) Engineers solve $10-billion spoiled milk issue (Davif Yeomans, KXAN, 7/8/2013) NI Unveils New Products and Glimpses of Future for Automation, Test and Measurement (Gary Mintchell, Manufacturing Connection, 7/8/2013) NI cDAQ-9188XT Introduced for Rugged Environments at #NIWeek (Radio Electronics, 7/8/2013) Wineman Technology Simplifies Complex Control for Test Cell Applications with INERTIA™ 2012 (PR Newswire, 6/8/2013) Cyberphysical Systems Will Boost Manufacturing Performance (Gary Mintchell, Manufacturing Connection, 6/8/2013) NI Week’s cool apps on display (J LOve, EDN Network, 6/8/2013) Jet vehicle at NI Week turns heads (David Yeomans, KXAN, 6/8/2013) Custom Hardware Design Is Dead (Janine Love, EETimes, 6/8/2013) NI Week 2013 and the big data revolution (Paul Heney, Mobile Hydraulic Tips, 6/8/2013) Industrial Controllers Evolve with FPGAs (David Greenfield, Automation World, 6/8/2013) LabVIEW 2013 helps users focus on innovation Instead of infrastructure (Read-out Signpost, 6/8/2013) Start of the never ending tour (New Electronics, 6/8/2013) Items of NI News on Modular Connections (Starts 5th August) NI Week: Hotter than Austin in August (Microwave Journal 5/8/2013) Wineman Technology Selected to Showcase INERTIA™ Software Platform at NIWeek 2013 (5/8/2013) Pictures & Videos • Scenes from NI Week 2013 (Machine Design, Photo Gallery, 12/8/2013) • Design World: Day 1 : Day 2 • Niweek expo hall in 6 seconds (VI Shots) • A less frenetic glimps of the NIWeek Editor experience! (1.07 min video!) So much geek at #NIWeek! Although Read-out was unable to sail over to Austin however we did make it to last years NI Day event in London (GB). Here is what we said about it! No boxes with magic pixies at Westminster!

Your plan for better cyber security!

If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organization can get moving on more robust cyber security practices.

Since that early monday morning in July 2010 when we had that e-mail from Eric Byres, forshadowed in a tweet from Gary Mintchel slightly earlier we have tried to follow the “fortunes” of this malware, this Security threat to the control system world (July 2010)! We have written a few blogs and have listed as many links to stories on Stuxnet in particular in our Abominable security commitment! #Stuxnet (August 2011) when Eric expressed his alarm at the way in which Siemens in particular, but indeed not uniquely, appeared to be treating this problem.

Indeed the past two years may be said to have been a real wakeup call for the industrial automation industry both users and vendors. For the first time ever it has been the target of sophisticated cyber attacks like Stuxnet, Night Dragon and Duqu. As we said we have endevoured to follow the varios updates on this story and Byres Security have been well in the forefront in the battle to get this “little varmint!”

In addition to the actual attacks, an unprecedented number of security vulnerabilities have been exposed in industrial control products. In response regulatory agencies are demanding compliance to complex and confusing regulations. Cyber security has quickly become a serious issue for professionals in the process and critical infrastructure industries.

If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organisation can get moving on more robust cyber security practices.

In order to provide you with guidance in this area, Byres have condensed material from numerous industry standards and best practice documents. They also combined our experience in assessing the security of dozens of industrial control systems.

The Paper & The Authors

7 Steps to ICS and SCADA Security 

Two industry veterans, Eric Byres and John Cusimano, combine industry standards, best practice materials, and their real-world experience to provide an easy-to-follow 7-step process for improved ICS and SCADA security.

Eric Byres, P. Eng., ISA Fellow, CTO and VP Engineering, Tofino Security, Belden Inc.
John Cusimano,CISSP, CFSE, Director of Security, exida Consulting LLC

The result is an easy-to-follow 7-step process. These are outlined below and a more extensive white paper they have just published, 7 Steps to ICS and SCADA Security by Eric Byres (Byres Security) & John Cusimano (Exida Consulting). Downloading the paper requires registration but it is free to do so.

The 7 Steps

Step 1 – Assess Existing Systems
Your first step is to do a risk assessment to quantify and rank the risks that post a danger to your business. This is necessary so you know how to prioritize your security dollars and efforts. Far too often we see the assessment step skipped and companies throw money into a solution for a minor risk, leaving far more serious risks unaddressed.

While risk assessment might seem daunting, it can be manageable if you adopt a simple, lightweight methodology. Our white paper provides an example, as well as tips on how to do this.

Step 2 – Document Policies and Procedures
Byres Security highly recommend that organisations develop ICS-specific documents describing company policy, standards and procedures around control system security. These documents should refer back to corporate IT security documents. In their experience, separate ICS security documents greatly benefit those responsible for ICS security, helping them clearly understand their security-related expectations and responsibilities.

You should also become familiar with applicable security regulations and standards for your industry.

Step 3 – Train Personnel & Contractors
Once policies and procedures have been documented, you need to make sure that your staff is aware of them and is following them. An awareness program should be carried out, with the support of senior management, to all applicable employees. Then, a training program should be conducted. It is highly recommend that A role-based training program for control systems security is highly recommended, and Byres provide an example of one in the white paper.

Step 4 – Segment the Control System Network
Network segmentation is the most important tactical step you can take to improve the security of your industrial automation system. Eric Byres wrote about this in the article “…No More Flat Networks Please…” (Nov 2010). The white paper explains the concepts of “zones” and “conduits” and provides a high level network diagram showing them.

Step 5 – Control Access to the System
Once you’ve partitioned your system into security zones, the next step is to control access to the assets within those zones. It is important to provide both physical and logical access controls.

Typical physical access controls are fences, locked doors, and locked equipment cabinets. The goal is to limit physical access to critical ICS assets to only those who require it to perform their job.

The same concepts apply to logical access control, including the concept of multiple levels of control and authentication. Once authenticated, users can be authorised to perform certain functions.

Step 6 – Harden the Components
Hardening the components of the system means locking down the functionality of the various components in your system to prevent unauthorised access or changes, remove unnecessary functions or features, and patch any known vulnerabilities.

This is especially important in modern control systems which utilize extensive commercial off-the-shelf technology. In such systems, it is critical to disable unused functions and to ensure that configurable options are set to their most secure settings.

Step 7 – Monitor & Maintain System Security
As an owner or operator of an industrial control system, you must remain vigilant by monitoring and maintaining security throughout the lifecycle of your system. This involves activities such as updating antivirus signatures and installing security patches on Windows servers. It also involves monitoring your system for suspicious activity.

It is important to periodically test and assess your system. Assessments involve periodic audits to verify the system is still configured for optimal security as well as updating security controls to the latest standards and best practices.

Not a One-Time Project
Now the bad news – effective ICS and SCADA security is not a one-time project. Rather it is an ongoing, iterative process. You will need to repeat the 7 steps and update materials and measures as systems, people, business objectives and threats change.

Your hard work will be rewarded with the knowledge that your operation has maximum protection against disruption, safety incidents and business losses from modern cyber security threats.

• Download the White Paper  in pdf  format – 7 Steps to ICS and SCADA Security!

#SPS 2012: Successful if not quite hitting secure note!

“Arriving at #SPS/IPC/DRIVES. Looking forward to a great show”

Busy entrance area! (IE Book)

This was one of the first tweets we saw on this, possibly the biggest automation exhibition in the world this year. The SPS/IPC/Drives show is held annually in the Northern Bavarian city of Nuremberg. This year the dates were the 27 to 29th of November, As last year we were unable to make it this time, however there were some excellent reports which we have used (and linked to) in compiling this brief impression.

As might be expected the automation industry presented its capabilities in full force at the exhibition. There was a record number of 1.429 exhibitors which attracted more visitors than in the past, as 56.321 trade visitors filled the 12 halls to gather information about the latest products and solutions in electric automation. Well may it be said that SPS IPC Drives 2011 set a clearly positive sign for the future despite the gale-force winds blowing in financial circles for the last three years.

The conference which took place in parallel to the exhibition also recorded an increase this year with an attendance of 349 delegates. For three days the conference provided a platform for intensive discussions between product developers, suppliers and users. The opportunities for users to exchange information and knowledge were at the heart of the newly introduced user sessions.

Attendance: 2011 (2010)
Exhibitors: 1,429 (1,323)
Visitors: 56,321 (52.028)
Conference delegates: 349 (302))

Like a lot of European events there was not a small number of tweets from various sources and in various languages, but those that did tweet helped form an impression of how things were. One of the most prolific of these was Leo Ploner of the IE Book who gave us a sort of running commentary on his day interspersed with twitpics of stands and products which impressed him. This comprehensive collection of pictures have been added to the IE Book Facebook Page and we recommend that you pay a visit and see who you know and what products impressed him. “#SPS/IPC/Drives very busy on the first day of the show. Big crowds at all the stand” he reported after day one.

Put on those cans!
Also present on the first day was Control’s Walt Boyes, who gave up his Thanksgiving to be in Europe for the show. This is an interesting account in that it gives an American take on how things are done in Europe, simultaneous translations and the non-English keyboards (Now he knows how Europeans might feel in the U.S!)

Gary Mintchel of Automation World also found himself in Nuremberg during this week. His blog, Feed Forward,  provides us with “a roundup of various announcements that I gathered during my sprint around the halls and press conferences.” He managed to squeeze in a visit to the Siemens plant in Amberg on the day before the show opened!

The Control Engineering Europe team attended the show in force, collecting a great deal of feature ideas, as well as details about some of the most innovative launches at the show. They promise that further details of the most exciting product launches from the event will be presented in the February issue of the magazine.

ARC Reports
ARC Advisory also discuss day one in an article by Florian Gueldnerwhich looks at the Automation Outlook for 2012.  He bases this report on that of the ZVEI, as well as companies interviewed at the event. Their David Humphrey reports on The big trends in a further report on day two.

A busy corner at the show!

Come hither!
Of course exhibitors tweeted on their own stands and new products. Heading the posse was Siemens, who were on their home ground and virtually occupied one complete hall (There were twelve halls in all!). They mounted an impressive press conference on the first day. Their “big” announcement was the naming of their full motor range, now called “Simotics”. They also introduced some extensions to their TIA (Totally Integrated Automation) portal. Jochun Koch’s blog features some video presentations with English voice-over – Automation and IT (their Scalance range) – take a look and remember to click for the English translation if needed!

Phoenix Contact have a video tour of their stand – as it was being set-up – which they entitle “Solutions for the future – Phoenix Contact.” There are in fact a number of other videos from Phoenix Contact on theie YouTube site. Their final tweet from the show as they rolled up the tent was, “What innovation! More than 3,000 visitors @ Phoenix Contact.”

The Pilz Stand!

Also using video to press their message is Beckhoff who have produced reports for each day. This is Day One.  They exhibited their complete range of PC- and EtherCAT-based control technology and a large number of new products in all technological areas (IPC, I/O, Automation and Motion). The focus was on their new generation of controllers from the CX2000 series, the new proprietary-developed AM8000 servomotors and the release of the TwinCAT 3 software.

News of PROFINET and PROFIBUS at SPS/IPC/Drives is trickling out  said Carl Henning of his ProfiBlog reports.

Suzanne Gill of Control Engineering Europe reports here on some of the latest innovations that were introduced, which evidenced consumer technology moving into the industrial space and multi product combinations continuing to gain momentum.

We give some more releases from exhibitors on our Conf/Exhibitors pages.

Eric & Joann Byres at the show!

No security!
Another American braving the Bavarian winter was Eric Byres of Byres Technology, recently acquired by Belden (see our article Major acquisition strengthens war on Stuxnet and other malware Sept20’11). It is I suppose unusual that a supplier reports on an exhibition so his viewpoint is welcome. Obviously he has a certain slant on things viewing the exhibits from the security standpoint. He advises that SCADA Security Solutions were scarce at show. “What concerned me was the lack of booth space dedicated to security of any type. Of the 1,429 exhibitors, only 16 reported supplying ‘Industrial security’ technologies or services according to the show guide. This is a hopelessly small number.” He was proud to report however that their “Tofino Security technology accounted for nearly 25% of that total!” More alarmingly he reports that many vendors stated that security wasn’t a concern for them, while users were very concerned and indeed did not quite know what to do about it! Not a pretty picture! He concludes “If the automation world is going to adopt industrial Ethernet with such enthusiasm (which I support), it might want to consider securing it too!”

We referred to the excellent tweeting by Leo Ploner of the IE Book earlier and his very comprehensive report Industrial networking still looking good  tells in great detail what he saw as he moved through the halls. We’ve referred to their pictures above and here is a video which he took of an exhibit at the Sercos Stand.

Re-inventing the electric guitar

Equipped with an MLP industrial control from Bosch Rexroth, the robot guitar can read and play MIDI files. Bus terminals from Phoenix Contact are used to actuate lifting solenoids. Six to pluck the strings and 24 to operate the finger board. The automation bus from Sercos ensures the optimum operation of all components.

One final tweet from KUHNKE Automation sums up one impression “SPS/IPC/DRIVES was a complete success for us! Thank you for coming and the great constructive high-level talks!”

Next year’s automation filled show is scheduled for  Nov. 27. – 29 2012. Will you be there?

---

 Releases received at the Read-out Offices!

#SPS11: Cybersecurity, certification, safety & other highlights from Wind River – Wind River made several exciting announcements at this year’s faire. On day one of the event, they announced a strategic partnership with ISaGRAF, headquartered in Canada and part of the Rockwell Automation Company, a global leading automation software partner. Together, Wind … Continue reading →

#SPS11 Test drive industry’s first virtual target for software development on SoC FPGAs – Altera Corporation demonstrated its latest industrial embedded solutions for energy-efficient and safety-integrated drive systems. They highlighted how its Cyclone® series of FPGAs enables integrated, high-performance industrial systems such as drive systems with a high-performance control loop in floating point. Visitors … Continue reading →

#SPS11: Industrial Networking and Motor Control Systems from Xilinx – New capabilities for boosting design productivity and using Spartan-6 FPGAs for better system performance and lower bill-of-materials Xilinx announced new Ethernet protocol support and motor control building blocks for its Industrial Targeted Design Platforms, including new EtherCAT, Ethernet POWERLINK, PROFINET … Continue reading →

#SPS11: Hydrostatic actuation desifn concept from Moog – Reliable hybrid technology used in a new energy-saving solution for a variety of industrial applications Moog Industrial Group featured a prototype for a new Electro Hydrostatic Actuator (EHA). Combining hydraulic and electric technology in a self-contained system, Moog’s innovative EHA … Continue reading →

#SPS11: Minicarrier board! – congatec AG presented the conga-QMCB, a new mini carrier baseboard for space-critical applications based on the Qseven standard. The baseboard is ideal for fast prototype design and compact, mobile applications. Measuring just 145×95 mm, the easy-to-integrate mini carrier board is … Continue reading →

#SPS11: TE Connectivity solutions – TE Connectivity showcases its Hybrid Connectivity Solutions Both the Power4Net and the Motorman hybrid connectors integrate several functions into a single compactly designed connector. The flexible Power4Net hybrid connector has space for up to eight power and four Ethernet contacts … Continue reading →

#SPS11: Siemens extends TIA and unveils Simotics as full motor range – Siemens showcased the latest extension to its TIA (Totally Integrated Automation) Portal and unveiled the new name of its full motor range which will be called “Simotics” from now on. In advancing its automation and drives portfolio, Siemens is placing … Continue reading →

#SPS11 Dynamic reporting in process or energy management – COPA-DATA is to present their zenon Analyzer to the public for the first time COPA-DATA will present its new product for dynamic reporting, the zenon Analyzer, for the first time at the SPS/IPC/DRIVES 2011 trade fair. The software is designed … Continue reading →

#SPS11 Green automation initiative
Industrial communication technology facilitates plant-wide energy management within automation systems. HMS Industrial Networks presented a number of solutions targeting energy management in automation systems. Recent research from the AIDA group of German automobile manufacturers (Audi, BMW, Daimler, Porsche, VW) and … Continue reading →

Gases trapped in High Arctic could tip climate scales!

By Dominic Duggan, Quantitech.

Enormous quantities of greenhouse gases (GHG) exist within Arctic ice and frozen soils, so with the threat of global warming, a clear understanding of the relationship between GHG in the atmosphere and in the ice/soil is vital because melting of permafrost could cause a dangerous climate tipping point. There can be few more challenging environments for monitoring gases, but PhD researcher Martin Brummell from the University of Saskatchewan has successfully employed a Gasmet DX4015 FTIR analyser to do so in the High Arctic of Canada. This article explains the procedures and challenges of multiparameter gas detection in freezing remote locations.

Is this beautiful Arctic scene hiding a climate tipping point?

Working in the field imposes a number of requirements for analytical equipment. However, the extreme weather conditions of the High Arctic impose a new level of capability that is rarely available as standard. Field work in such conditions must be simple, flexible and fast, but most importantly, Martin Brummell says, “The equipment must also be extremely reliable because you do not have the luxury of a local Quantitech engineer.

“The Gasmet DX4015 was also the ideal choice because, as an FTIR analyser, it is able to monitor almost any gas, which is normally a feature of mains powered laboratory instruments, but the DX4015 is portable and powered by a small generator, so it is ideal for monitoring in remote locations.”

Sampling and analysis in the Arctic
A set of simple, perforated steel tubes were driven in to the soil, to the point of the permafrost threshold. Inside these tubes gases within the soil were allowed to reach equilibrium via diffusion over 24 hours. This allowed Brummell to analyse gas concentrations to a depth of 1 metre. The procedure was simple and therefore reliably repeatable. Furthermore, measurement of gas concentrations at different depths enabled direct comparison with soil analysis.

Using FTIR in the ‘field’

Ready to measure!

The Gasmet DX4015 is a portable FTIR gas analyser for ambient air analysis. FTIR, an abbreviation for fourier-transform infrared, is an interferometric spectroscopic instrument (interferometer) that uses the infrared component of the electromagnetic spectrum for measurements. A fourier-transform function is applied by the interferometer to obtain the absorption spectrum as a function of frequency or wavelength. Consequently, this unit is able to simultaneously analyse up to 50 gas compounds. The analyser is typically set up to measure a variety of different gases, including VOC´s, acids, aldehydes, and inorganic compounds such as CO, CO2, and N2O.

The DX4015 is operated using a laptop computer running Calcmet™ software, a program that not only controls the analyser but also undertakes the analysis. This software is capable of simultaneous detection, identification and quantification of ambient gases, which gives the DX4015 its ability to simultaneously analyse multiple gases in near-real-time.

The FTIR’s many beneficial traits, such as reliability, precision and flexibility make it a vital piece of analytical equipment in a very wide variety of applications including industrial emissions monitoring, occupational safety surveys, engine exhaust testing, process monitoring, leak detection, emergency response, chemical spill and fire investigations, and many others.

Brummell’s use of the DX4015 on his most recent research expedition investigating the soils in the polar deserts of the High Arctic, highlights the model’s capabilities in the field. Carried out on Ellesmere Island in the Baffin Region of Nunavut in Canada, the DX4015 had to perform reliably in extreme environmental conditions. The analyser was used to monitor the production, consumption and atmospheric exchange of the greenhouse gases Carbon Dioxide (CO2), Methane (CH4) and Nitrous Oxide (N2O); all three being major components of natural biogeochemical cycles. These gases are each released and up-taken by soil microbes in the Arctic.

The DX4015 was used to examine both the flux of gases from the soil surface and the concentration profiles of gases in the soil’s active layer above the permafrost. In doing so the FTIR provides raw data consisting of gas concentrations in parts-per-million (ppm).

Explaining his reasoning behind choosing the Gasmet DX4015, Martin Brummell highlighted some of the analyser’s key advantages: “The real-time nature of the Gasmet FTIR, allows me to see results within minutes of setting up in the field. This permits me to make changes to the experimental design and further investigate unexpected results whilst in the field. This contrasts with traditional methods of soil gas analysis, which employ lab-based gas chromatography systems and collection of samples ‘blind’ in the field.”

Results
Surprisingly, the work revealed areas of strong CO2 and CH4 production immediately above the permafrost. Brummell believed this was the result of the relative disparity in carbon distribution in Arctic soils in comparison with warmer climes. Carbon accumulates far lower in Arctic soils due to a process known as cryoturbation; the constant mixing and burying of organic matter, which fuels microbial activity at a deeper level.

Comparisons between the surface flux and the soil profile for each of the greenhouse gases was a key objective within Brummell’s investigation. Most notably, he observed a negative surface flux for NO2, but no significant regions of consumption were identified. The location of the NO2 sink is not yet clear, nor the organisms and biogeochemical processes responsible.

Conclusions
Martin Brummell’s research provided a new but complex insight into the production, consumption and exchange of greenhouse gases and soil microbe pathways in the Arctic. His work highlighted the importance of reliability, ruggedness, flexibility and accuracy in the equipment which is employed in such work. However, the ability of the DX4015 to provide simultaneous measurement of multiple gases in near real-time was a major advantage.

In comparison with all of the equipment that is necessary for research in Arctic conditions, one might imagine that a highly sensitive analytical instrument would be the most likely to be adversely affected. However, Martin Brummell found this not to be the case with the Gasmet DX4015: “In contrast to other field equipment I have used in the High Arctic, including self-destructing sledgehammers, unreliable generators and broken fibre-optic cables, the Gasmet DX4015 has never failed even in the most difficult field conditions. It has happily survived air-transport, inconsistent electrical supply, low temperatures, rain, snow, mud and all other insults, and always gives me accurate, precise measurements of gas concentrations.”

Siemens ‘cover-up’ leaves cyber experts fuming

By Nick Denbow, Industrial Automation Insider, September 2011

Nick Denbow

Last month the INSIDER  (Industrial Automation Insider!) reported how Siemens had survived, and maybe even had a reasonably effective, 2011 Automation Summit, despite the gathering storm around the security vulnerabilities inherent in the S7 design. Within 24 hours of the end of the event, Siemens announced that the S7 300 PLC product family had the same vulnerabilities as the S7-1200, but no patch was offered or issued to sort out the problems with these models, unlike the patch quoted to solve the problems on the 1200 model.

The Black Hat briefing
From July 30 – August 4 the Black Hat 2011 US briefings took place in Las Vegas. Started by Jeff Moss, now a US Homeland Security Advisory Council Member, but a hacker for over 20 years, these briefings are a series of highly technical information security presentations and discussions that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers. Eric Byres (cto at Byres Security) attended Dillon Beresford’s presentation, and reports that the vulnerabilities he described (as an independent, not Government funded researcher) of the S7 were far worse than ever Byres had imagined, including a hard coded user name and password that Siemens engineers had unnecessarily left on the PLC: Byres comments that such basic security errors should have never been allowed through the Siemens Development Review and Quality Assurance processes, necessary disciplines for any responsible automation company…..(see the Byres blog for 4 August).

US Government agency connivance

Links to more items on Stuxnet and related topics on our blog: Abominable security commitment!

What then becomes obvious was that Siemens, and probably the ICS-CERT organization (a part of US-CERT, the US Computer Emergency Readiness Team) at INL, Idaho National Labs, had been aware of these vulnerabilities for some time, maybe even up to a year, but had no answer prepared, no fix available, and had not advised the customers – Siemens did not modify the architecture in their Security Concept guidance document to even make it feasible for users to block http and telnet commands from getting to the vulnerable PLC. This does appear to ring alarm bells signalling arrogance or irresponsibility, on the part of Siemens, and has called into question the effectiveness of ICS-CERT, the industrial control systems cyber emergency response team, who take US government money and are mandated to share and co-ordinate vulnerability information and threat analysis.

Their answer to this would appear to be that “Unless extenuating circumstances arise (e.g. active exploitation, threats of an especially serious nature, or danger to public health and safety), co-ordinated vulnerabilities are not publicly announced until patches/mitigations are available.” So what happens when Siemens produces no patch, and sits on the problem?

Time for the customers to demand answers
Quoting the conclusions in the Byres blog for 4 August: “It’s time for customers to demand better security”. He expands: “Now it is time for customers to demand better via purchasing specifications. Customers need to insist that companies have their development processes certified by ISASecure. They need to see clear evidence of an SDL (Security Development Lifecycle) process in place and they need to see in writing exactly what notification process vendors will provide when they discover a vulnerability.”

● The consequences for Siemens will only be publicly evident after some time. There are a few recent anecdotes from Siemens Solution Partners and sales people about their market image that predate these August revelations, in Jim Pinto’s weblog. One of these gives news that the “controls” specified for the GlobalFoundries $4.6Bn Fab 8 semiconductor manufacturing facility being built in Saratoga County, New York, will not follow the design of their German plant, but use ControlLogix from Rockwell Automation: maybe the contractor just had a “buy-American” policy? Even in Jim Pinto’s weblog, the suggestion is that one answer for Siemens might be a new start, with total rebranding, maybe using the Invensys Operations Management logo!

There was no comment from Siemens!

Playing football will never be the same! Armac plays the field!

Measuring precisely leads to knowing exactly

In the Netherlands, we are told, people live by the thought that measuring is the key to knowing. This grew from the wish to keep everything under control. Numbers don’t lie, so they measure everything. Even in the most popular sport in the Netherlands (and the world): soccer (sorry America!), voices are rising to take all variables in hand and rule out the factor of luck as far as possible.

Thus standardisation of circumstances is the solution! One of these standards is being achieved by making the field with artificial grass instead of the unreliable natural grass. When this grass then is measured in quality and other parameters, a “standard” field is on it’s way. This now is made possible by Deltec, in close corporation with Armac!

The number of football fields with artificial grass is steadily growing, but it is still an expensive commodity for most clubs as well as community or public sport providers. Natural grass needs a lot of attention but artificial grass is only optimised when it is installed correctly and adequately maintained. This is important in creating a perfect artificial field, that increases the pleasure of playing, lowers the chances of injuries and prolongs lifespan considerably.

But how is the quality of an artificial field determined? This light weight, handy, user friendly unit helps out sport clubs, sport sections of city and county councils as well as installation companies, which want to know the quality of the playing field. The Club Set gives values on:

The brain of Deltec’s Club Tester, made by Armac, is capable of registering and processing over 10.000 variables per second!

• ball rolling
• vertical bounce of the ball
• infill level (thickness)
• shock absorption
• vertical deformation
• energy restitution and
• surface evenness.

Armac plays the ball
One of the devices within the Club Set is the Club Tester, which Armac has designed with extreme precision to measure the exact values of a simulated descent of a foot on the field and the particular behaviour of the artificial grass as it happenst. Due to high demands on the precision of measuring, the company used its creativity to its full potential in hardware and software engineering.

As a result, results that are accurately filtered from 10.000 variables in one second, in which the sensitivity of the acceleration sensor on 10 millivolt per G (falling force) must fall within a range between -200 and +200 G. “It took us quite some patience and accurate working to “catch” the highest and lowest values from such enormous range of data”, says software engineer Marcel van de Kamp of Armac all who as about the project.

The close cooperation between Deltec Metaal and Armac in the Netherlands has resulted in a way to compare easily the artificial grass field variables with the official FIFA guide lines, which are the international standard.

With the Club Tester a field is monitored and so injuries are minimized and the club enjoys longer a perfectly kept artificial grass field.

Maybe eventually we can predict exactly how the ball will role … or when a goal is not a goal or when a hand ball really ocurs

Fostering discovery and innovation!

Releases!
Most of these releases were embargoed and were published during the course of NI Week.
In the meantime their “Field Architects” have launched a blog journal appropriately called The Labview Journal. (25/7/2011)
See also: Unoficial guide to NIWeek fun (29/7/2011)The Releases:
New Levels of Productivity With LabVIEW 2011 (1/8/2011)
National Instruments extends leading PXI RF test performance to 14 GHz (2/8/2011)
First Multicore CompactRIO with Intel(R) Core™ i7 Processor and smallest NI single-board RIO devices (2/8/2011)
CompactDAQ Platform expanded (3/8/2011)
Marketing guide for engineers (4/8/2011)
Donation of design tools to MIT (4/8/2011)

Your correspondant has had a certain “grá” for National Instruments when, in 1988, at an exhibition in Dublin, he saw a young man from Austin (TX US) give a demonstration of LabView on a Macintosh computer – probably a MAC II – which basically set the mouth watering because of its simplicity. At that time MS Windows was probably hardly a twinkle deep in eye of a not very well known Bill Gates so the concept of virtual instrumentation was really only possible on the MAC.

We were therefore delighted to recieve an invitation to a press event organised by them in London which rather intreguing told that we would “find out, under embargo, about the launch of LabVIEW 2011 and the latest cutting edge NI software and hardware for test, control and design!”  It also invited us to “See how NI UK & Ireland, through Graphical System Design, is committed to the future of engineering and is helping to solve real-world engineering challenges!”
Well! What could we say?  A pre-launch launch is always a tempting offer to a journalist. So we immediatly booked our passage on the relatively new service of Aer Árann from Galway Airport to Southend! Where? Yes we didn’t know there was an airport in Southend either, or indeed where exactly Southend was but now we do and it is in fact an incredibly hand service for getting into London City with a direct rail link into the heart of the city in about 40 minutes. Beats the packed tube from Heathrow or the uncomfortable bus ride from Luton any day of the week.

But this is not a travel article so to the business in hand!

Speakers at NI press events in London 20th July 2011. From Left: Robert Morton, Graham Green, Jeremy Twaits, Tristan Jones and Kyle Voosen.

There was almost a full house with the great and the good of British and Irish technical publications present with one or two notable absences. Things got off to a start more or less on time.

The recently appointed Kyle Voosen, NI’s Marketing Manager in Britain & Ireland, led off with an introduction and a graphical representation of the elements of systems that need measurement and control, a sort of thought process leading to the final solving a problem as practised in National Instruments. He said that “Tools should not limit discovery and innovation,” was to be the theme of the conference. Tools are their to help rather than hinder invention.

Presentations first described the technology and them proceeded to give actual application examples. Since there is an embargo on the new products, which will be released at NI Week (early August 2011) we basically give a brief run down here of applications more than actual product specifications and upgrades. These will be release over a few days starting on the first of August and we will advise each release on twitter , our Facebook Pageand on LinkedIN.

First off the blocks was Graham Green, Technical Marketing Engineer who spoke on meeting the needs of mission-critical applications. (We had actually met him earlier in the year at a symposium in Dublin in February.) He stressed the essential investment in testing both man hours and with their beta testers. These largely independent users lead to useable and therefore successful products. He quoted some comments from these trials which indeed looked very promising for the new LabView 2011. He then did a quick demo of the product which seemed to be having problems but he quickly realised that it is a good idea to have your PC hooked up to the equipment for a good demonstration! And it was a good smooth demonstration. He gave as practical and contrasting examples of applications. One was the measurement of tornadoes – from the inside where the opportunity for taking measurements is in an unrepeatable time frame. The other application was in the operating theatre where critical pressure pressure measurements are used in reducing the risk of lung deterioration after surgery.

Tristin Jones, who is Technical marketing Leader with NI, opined that tools should not limit embedded design. He mantained that they are one of the few companies that supplies “the complete solution with unrivalled hardware integration, complete, low-cost data acquisition, embedded control and monitoring, PXI and modular Instrumentation.” He quoted company founder Dr James Truchard, their aim was “To do for embedded what the PC did for the desktop!” He then described what happened historically defining the PC and how it now provides the basic platform for everything. He defined the embedded system: “An embedded systemis a computer system designed to do one or a few dedicated and/or specific functions. It is embedded as part of a complete device often including hardware and mechanical parts.” The diversity of applications is impressive and is growing as the architecture becomes more and more versitile. Again he gave applications using deployed systems in the measurement of wind for powering remote villages and in innovative devices in medical imaging.

The new era of Aautomated test was enthusiaistically greeted by Jeremy Twaits, Technical Marketing Engineer. Increasing test complexity paradoxically requires testing which has lower cost and faster. In the old order a single test instrument was sufficient for testing.  Since then test engineers are faced with a plethera of test instruments. National Instruments are in the forefront of developments here.  He quoted Mohammad Ahmad of Thales Communications “NI PXI hardware and LabVIEW software are essential technologies for test automation productivity and reuse.” and from Analog Devices makes another point on this change, “The shipping container for the previous ATE system alone would cost as much as our entire new PXI test system.” He pointed to the difference in cost, footprint, weight and facility where substantial reductions are achieved – more than a factor of ten in the cost and one of up to sixty six in weight. As they say in America, “Do the math!” National Instruments is not unique in this assessment of the market. Agilent Technologies states “PXI is currently the dominant standard for modular instrumentation. It’s a mature technology and is widely used.”

The final segment was a study of tools for students. Tools should not limit students from becoming the innovators of the future. “Tools should not limit experimentation” said Robert Morton, MD of National Instruments in Britain & Ireland. We must foster innovation and experimentation and he drew example from Thomas Alva Edison, possibly the greatest inventor of the modern era. What are the obstacles nowadays to duplicating his work and his labaratories? They are cost, accessibility and ratio. In the 80s a solution of sorts was found in the emergence of simulation but again it was realised that this had limitations and since the mid-nineties we have witnessed the the resurgence of hands-on, project-based learning. Present day graduates have the opportunity experience of actual physically handling test equipment and conducting experiments at home with NI Elvis and myDAQ, the so-called “Lab in your bag”. He quoted the Director for Teaching and Learning at his alma mater, University of Manchester, Dr Danielle George said “A major contributor to this success has been the adoption of a standard teaching platform from National Instruments…” as well as the somewhat more robust comments from students like: “I love it when ELVIS is in the building :-)” “Why didn’t we get a myDAQ in the first year??” or “ELVIS II has really enhanced my learning!”

Kyle Voosen concluded the event again stressing their message that National Instruments is about “Equipping engineers and scientists with tools that accelerate innovation and discovery.”

There was ample opportunity to discuss particular aspects with the presenters and other National Instrument people. Also present were Ian Bell, their Business Development Manager and Mark Gradwell (@mjg73 on twitter) their Marketing Communications Manager.

Musings on safety and security!

Safety has been a more and more important facet of industrial life since the middle of the last century. Before that the condition in which workers, and before that slaves, worked was, except in the rarest cases, appalling with scant regard to principals of safety.

ISA Symposium April 2011

More recently safety has become an important part of modern life. Health and safety are watchwords used more and more frequently and many practices of the past have been outlawed. Indeed sometimes one wonders how anybody survived the past it was so dangerous. Last night I saw a victorian rocking horse which had been in a locam school for over a hundred years which gave immeasurable joy to children through the generations but which may not now be played with by the children because of “health and safety implications!”

As technology developed, and processes became more and more sophisticated, so too did safety systems. In the early and mid parts of the twentieth century safety in process control was one of two things. Pneumatic instrumentation (remember 3-15psi/0.2-1bar?) and the big heavy cast metal explosion-proof box. Pneumatics as a safety method has now largely been replaced by the more sophisticated and less unwieldy electronic safety systems, though one may still find the odd explosion-proof contained instrument around!

Since July when we first learned of Stuxnet in an email in mid July 2009 from Eric Byres of Byres Security (our blog “Security threat to the control system world!“), we have been following developments. Indeed we have listed links to developments as we learned of them on Nick Denbow’s article, “Stuxnet – not from a bored schoolboy prankster!” the following September. We gradually learned of the seriousness of this malware incident (Though Byres had realised this almost from the start), and indeed its implictation, as we started to understand that this was a direct atack on automation systems, designed for that purpose.

Virus infection and malware have been around, I suppose, since the invention of software. I first realised that it could present a problem was at the Read-out Forum in 2003 where, in the inimitable words of Andrew Bond “..Brian Ahern of Verano (now Industrial Defender)… sent a shiver up everyone’s spine by pointing out just how vulnerable Internet enabled, Windows based automation systems are to ‘cyber terrorism’. (There were) few dissenters when he told this largely pharmaceutical industry oriented audience that the security issue is “the next 21CFR11.” Nevertheless..“given the degree of concern shown by the audience it was perhaps surprising to hear the vendors respond pretty much with one voice that they have as yet to see the issue addressed in RFQs but would of course respond once they did, not a view which particularly impressed some members of the audience who took the view that vendors were under an obligation to ensure that their systems were secure. “

Several events in the mid-past and more recently have tended to amalgamate these two important considerations and in some cases have blurred the lines of demarcation between them. Events like Bhopal in 1987, the blackout of the eastern states of the US in 2003 (or Brazil more recently), the explosion in Buncefield in 2005, Deepwater Horizon in the Gulf of Mexica, the terrible tragedy still unfolding in Japan, see out blog Assessing nuclear threat in Japan, and unfortunately many more take the headlines and show that we still have a lot to learn.

While preparing this blog our attention was drawn to a useful volume from the ISA stable. Starting with a description of the safety life cycle, “Safety Instrumented Systems Verification – Practical Probabilistic Calculations,” shows where and how SIL verification fits into the key activities from conceptual design through commissioning. The book not only explains the theory and methods for doing the calculations, the authors also provide many examples from the chemical, petrochemical, power and oil & gas industries.

Training has assumed an important role here and this blog has been inspired by a number of notifications received in a few short days of events and publications which confront these issues.

First in a few days time Industrial Defender have a webcast scheduled for the 24th March 2011 addressing, “Security AMI Solutions for the Smart Grid: Creating enhanced capabilities in secure cyber-infrastructure” featuring the aforementioned Brian Ahern and Jeff McCullough, Director of IP Communications, Elster Solutions, LLC. They will discuss the newly announced partnership between the two companies, and the benefits of their integrated security solution.

The 2011 ISA Safety & Security Symposium is scheduled for Texas will focus on training including courses: An Introduction to Safety Instrumented Systems (EC50C) and Introduction to Industrial Automation Security and the ANSI/ISA99 Standards (IC32C). This two day event (13-14 May 2011) will provide an in-depth look at today’s safety technologies and procedures associated with identifying and mitigating safety hazards in industrial environments. This symposium will focus not only on Safety Instrumented Systems (SIS) topics, but also include material on cyber security and associated challenges in designing and implementing SIS and process automation solutions. It will include a small exhibit and promises to be well worth attending.

We travel back across the Atlantic now to Manchester (GB) the ProfiBus organisation and the University of Manchester will hold a one day event on 12th May 2011, “Functional Safety and IT Security.“ This new, one-day seminar addresses the key safety and security issues arising from the use of digital communications technologies in automated manufacturing and advanced engineering applications.

Staying in Manchester, IDC Technology are hosting the Safety Control Systems Conference, a three day event focusing on the technology and application of safety-related control and instrumentation systems in the chemicals, energy, mining and manufacturing industries. In particular it will discuss the changes to the IEC61508 standard and the implications this will have on your industry. The dates are 24-26th May 2011. Speakers include Paul Gruhn, (co-author  of Safety Instrumented Systems: Design, Analysis, and Justification), and Clive Timms, a globally recognised expert in functional safety.

Safety and security will continue to excercise our minds. Perhaps the problems in the final analysis are not so much technical problems as a procedural one. In any case where procedures are not followed there must be a way of dealing with the aftermath.

Stuxnet PLC malware white paper update

Do you know what's on that USB Stick?

Since mid-July, the team at Byres Security, under Eric Byres, has been working hard on determining exactly what operators of SCADA and industrial control systems can do to protect their facilities from infection from the Stuxnet worm. This worm is both complex and dangerous to all control systems.

As a result, they have massively updated our Stuxnet White Paper “Analysis of the Siemens WinCC / PCS7 ‘Stuxnet’ Malware for Industrial Control System Professionals”. There is no charge for this white paper, but you must register on the Tofino Security website. The page also has a link to Englobal’s Joel Langill’s Stuxnet Infection Video where he does an excellent job of detailing what exactly Stuxnet is doing to a computer and the Siemens Project files.

In the latest version they have created a detailed list of Prevention/Mitigation techniques you can use to protect computers running both supported Windows operating systems and older unsupported systems that cannot be patched. These mitigations are recommended for all control systems, regardless of whether a Siemens product is used or not.

Other changes in this version of the Stuxnet White Paper include:

• A new summary of what Stuxnet is, what its consequences are, and how it is spreading

• A revision to the list of vulnerable systems

• An expanded analysis of the available Detection and Removal tools

If you are not currently a member of the tofinosecurity.com website, you will be asked to become a member. Membership is free and is required to limit this information to bona fide industrial control and security professionals only.

Eric Byres concludes, “I hope this information will be helpful to you, your organization and the ICS community as a whole.”

We first covered this on 19th July 2010 when we carried Eric’s first notification on this worm in “Security threat to the control system world!“. We followed up with Andrew Bond’s analysis “Zero day” attack on Siemens control system software shows alarming new level of malware sophistication,” in early August and our last posting on the subject was Nick Denbow’s, “Stuxnet – not from a bored schoolboy prankster!” on 21st September 2010. We have also endevoured to add new relevent information and coverage at the bottom of Nick’s article.