ODVA members collaborate on critical elements for the push toward industrial automation, wireless communications, and technology
ODVA, a standards development and trade organization for information and communication technologies used in industrial automation, convened its 2017 Industry Conference & 18th Annual Meeting in Palm Harbor, Florida, in February. The multi-day event included presentations of numerous technical papers on the latest developments in communication technology and standards that create challenges, yet many opportunities, for the industry.
Below find answers from ODVA members regarding some key questions raised at the annual meeting. Participants included:
- Gregory Wilcox, global technology business development manager, Rockwell Automation;
- David Doggett, senior director cybersecurity – innovation and technology – industry business, Schneider Electric;
- and Ian Tracy, applications engineer, HMS Industrial Networks.
Control Engineering (CE): Security was a big topic covered throughout the conference as it relates to ODVA’s Common Industrial Protocol (CIP) and EtherNet/IP industrial Ethernet network. What would you say are the challenges and best practices to ensure that data is secure?
Wilcox: As alluded to in the question, a big step to secure data is to secure the network. Each end user has its own tolerance for risk when it comes to security, so there is no definitive answer, which is the biggest challenge. A best practice is to adopt a defense-in-depth approach to security to address both internal and external security threats to the system, of which data is a critical part. Levels of protection include:
- Education and awareness programs – training of OT personnel on industrial security policies and procedures, including how to respond to a security incident
- Physical – limit physical access to authorized personnel: control room, cells/areas, control panels, industrial automation and control system (IACS) devices (such as locks, gates, biometrics)
- Network – restrictive access, hardening, traffic inspection
- Computer hardening – patch management, antiX (an open-source Linux) software, white listing, removal of unused applications/protocols/services, closing unnecessary logical ports, protecting physical ports
- Application – restrictive access, hardening, monitoring
- Device hardening – trusted communications, change management, data encryption, restrictive access.
Doggett: There are a lot of challenges around security, one of which is the scope of the topic. There are legacy devices/systems to secure, legacy protocols to evolve, a flood of standards/certifications/regulations on the horizon across multiple countries and segments, the need to generate business cases at end users’ sites, although this is becoming less of a challenge, and the evolution in the skills of the attackers which is expanding the scope of security into areas like the supply chain versus just the running plant. As a best practice there is a need to start efforts to secure solutions versus waiting for everything to be fully defined, then there are some well-known steps like analyzing what you have, selecting a framework to guide you, selecting key items to focus protection on, segmentation of the systems, etc.
Tracy: The two biggest challenges for securing industrial Ethernet and IP networks are to 1) educate the staff that works with, and maintains, these networks on cybersecurity and evolving threats. 2) Adopt and enforce policies that allow data to be used in new ways, while maintaining security. Best practices are to adopt a network architecture that isolates and segments zones, and closely regulates access between zones. Pay attention to ICS-CERT alerts and advisories. [ICS-CERT is the U.S. Dept. of Homeland Security Industrial Control Systems Cyber Emergency Response Team.]
CE: With the discussion of Industrial Internet of Things (IIoT) and increasing connectivity, can you expand on what you’ve experienced with challenges and wireless communication? How should the industry face these challenges?
Wilcox: There are several challenges when considering wireless communications:
What is the level of competency of the people who are designing, deploying, and maintaining the wireless environment? Industrial wireless communication exists in environments that are subject to change over time, and changes to the physical and radio environments can change the characteristics of the communications. The people who are involved with wireless systems have to be aware of changes that can occur, and be able to recognize when they do occur, and then adjust the system to accommodate the changes. Can the network—including the wireless segments of the network—be secured to the level that meets the users’ tolerance for risk?
Does the application fit the capabilities of the wireless network and vice versa? Wireless is being used in many applications for monitoring and is being applied more and more to control applications. Pick the technology that fits the application then plan, design, deploy, monitor, and adjust. On the positive side, wireless can be safely and securely applied to applications that would add significant value to any manufacturing or process operation like remote monitoring and remote support. Great savings can be achieved by avoiding expensive "truck rolls" [site visits] by maintenance experts if they can diagnose and fix, or direct the fix, of problems remotely.
The industry is becoming more and more comfortable with wireless. Set up a proof of concept in your operation or in a lab. Get familiar with the technology. Hire an expert to bring you up the learning curve. By all means, start with a plan and recognize that changes in the physical and radio environment may impact the wireless network. Be prepared to adjust.
Doggett: We see a few aspects of wireless:
- For small systems around a machine (Bluetooth, Zigbee) there is an acceptance in the market and good success without much complexity in the setup.
- For longer range systems that cover both monitoring and control we only see success when the offer is paired with experts to do the design, installation, and ongoing monitoring/maintenance.
- We hear a lot of talk on a new area called secondary sensing where additional sensors are added to an existing system and connected wirelessly back to either the plant network, or more likely, gateways to backhaul the data to offsite analytics. This is an interesting area but it still needs to be defined how prevalent this will be in the industrial sector where a lot of sensors are already installed for the control system versus something like transportation or buildings markets.
Tracy: One of the biggest challenges is having multiple competing standards-Lora, Bluetooth, Zigbee, Wi-Fi-each has its own strengths and weakness.
CE: It was said that, "The business value of cloud computing is an opportunity space." Would you agree that the overall industry agrees with this statement or is not quite there yet due to cybersecurity and other concerns?
Wilcox: Every indication is that the industry believes there is value in "the cloud." A solid stance by the users on their security requirements, risk tolerance, and the ability of cloud application and infrastructure providers to deliver secure solutions is simply "table stakes." Without being too obvious, the information and the ability and willingness to make use of the information to solve real problems or improve operations are where the value of compute resources like the cloud comes from.
Doggett: Cloud computing is clearly an opportunity space for industrial automation. Taking advantage of new technologies allows companies to affordably increase capabilities and provide better insight to users. Thanks to analytics, secondary sensing, predictive algorithms, and cloud hosted applications, the users can increase their efficiency by reducing travel needs and prevent issues before they occur. Cybersecurity will be critical to the success of applications.
Tracy: I think that most everyone sees cloud computing as an opportunity, but adoption has been slowed by a number of factors, not just security. There are issues of data access and even ownership. Take for example, data generated by a packaging machine. The machine owner, the machine builder, and even the individual component suppliers, all want data from that machine. Also, it is unclear exactly what results can be expected from cloud computing, and what data needs to be available in the cloud to achieve these results.
CE: What are the concerns you have regarding moving to a more automated, connected industrial space? How should those concerns be addressed?
Wilcox: The concern is that it isn’t moving fast enough. By digitalizing their connected assets and exposing and using stranded data within and about the assets, users can derive value from the translation of the data to information to achieve faster time to market and lower total cost of ownership, improve asset utilization and optimization, and improve quality and cycle time, all while managing their enterprise risk. That’s a connected enterprise.
Doggett: Of course security is a concern but this is manageable, both technically and in the attitude of acceptance. Schneider has been successfully selling a connected offer with Ethernet on board and transparency both into our devices and third parties’ devices for years. The next part is to understand what value can be derived from a more connected supply chain and to make sure that this is realized versus just connecting for the sake of it.
Tracy: Security is a major concern. This must be addressed by education and diligence. Also, I’m concerned about the general perception that more automation equals less jobs. I don’t think the equation is that simple.
CE: What does the industry need to pay attention to based on what was discussed among peers at the ODVA conference?
Tracy: The biggest takeaway was the limitation of the current device description files, and the initiative to improve on this for EtherNet/IP devices.
Wilcox: Security will continue to be a priority for everyone in the value chain. New and emerging changes to communication technologies, such as wireless, time sensitive networking, Ethernet in process industries, internet protocol and Ethernet to constrained devices, and scalable computing from the edge of the network to the cloud—will have significant impact on how value is created in the not-too-distant future.
As technology enhances and grows, standards development, cybersecurity, and challenges within the industrial automation space must be addressed to move forward and benefit from automation technology.
Emily Guenther is associate content manager, Control Engineering, CFE Media, email@example.com.
- Industrial automation offers growth opportunities.
- Wireless communications can advance industrial connectivity.
- Cybersecurity needs attention.
What needs to be done to address and ease the cybersecurity concerns with industrial automation?
See related articles linked below.