Much has been made of late of the Internet of Things (IoT) — a world where countless “smart” machines and devices are networked to each other. Harnessing the data they send and receive will, at least in theory, make life easier and better for all of us.
How the Internet and networking relate to engineering and manufacturing was the focus of November’s Automation Perspectives forum, part of the 2013 Automation Fair held in Houston. Several experts at the event shed light on the benefits, and pitfalls, of networking in the industrial world.
When IoT hits the plant floor and control and information technologies converge, executives at Milwaukee-based Rockwell Automation call this a connected enterprise. It’s critical to the future of competitive manufacturing, says the company’s Chairman and CEO, Keith Nosbusch.
Over the next decade, more people around the globe will climb out of poverty than in all of human history, he says. “More than 70 million people annually will cross into the middle class, and they’ll add $8 trillion in consumer spending. This means more cars per capita, more-sophisticated tastes in food and beverages, more consumer goods and health-care products — all goods that have to be manufactured and distributed in a timely manner to customers all over the world.”
These new demands will challenge manufacturing and put more stress on resources and infrastructure, says Nosbusch. Specifically, we will see an increased need for fresh water, raw materials, and energy. Commodity scarcity will force us to harvest natural resources from ever harder-to-reach, more-expensive locations. And price pressures will force manufacturers to eliminate inefficiencies to stay competitive.
But if machine builders and manufacturers are up to the task, Nosbusch emphasizes, the result will be a more-productive and sustainable world with a higher standard of living and quality of life.
Some of the building blocks are already in place. A typical plant has many “smart” assets, explains Nosbusch. But, historically, data has been trapped in these assets due to disparate automation technologies, equipment from many different machine builders, proprietary communications systems, and the inability of controllers to add context to data that transforms it into useful information. The result: plant-floor data is difficult to collect, aggregate, and analyze.
Integrated control and information systems that let users securely access this data, share it throughout the manufacturing supply chain, and generate actionable information about what is happening in the plant creates real customer value — well beyond basic information on production throughput or process quality.
“Imagine some of the breakthroughs possible because of the connected enterprise,” says Nosbusch. A safer, more-accessible food supply thanks to tracking and tracing across the entire supply chain. Better energy management in production facilities due to controls and software that monitor consumption and power quality, and interact with the smart grid in real time. More affordable oil and gas through advanced process control. Less downtime as condition monitoring warns of breakdowns before they happen. And less waste in a wide range of production processes through predictive, model-based control.
Technology in transition
“We’re in the middle of an amazing technology transition that has a direct impact on business,” adds Rob Soderbery, senior vice president and general manager of the Enterprise Networking Group at Cisco, San Jose. “In the first decade in the 21st century, the number of devices on the Internet passed the number of people on the Internet. That trend is continuing and, by 2020, we expect to see 50 billion smart objects.” Of course, most people equate the Internet of Things with consumer devices like the Fitbit, Nike’s FuelBand, and the Nest Thermostat, says Soderbery. “But the real value and opportunity is not in the consumer world, but in the industrial world.”
He predicts IoT will drive the next wave of global productivity as the world transitions to a networked economy. Cisco estimates the potential value of IoT at $14 trillion. Of that 27%, nearly $4 trillion, will be in manufacturing — by far the biggest opportunity across the entire IoT landscape.
But to capture this value, manufacturers must adopt contemporary technologies, says Rockwell’s Nosbusch. These include: cloud computing, collecting and analyzing data from remote and field-based devices; mobility, which makes it easier to share information anywhere, anytime; and data analytics, which are becoming more important to support collaboration, problem solving, and decision making.
But it’s all for naught without security. “High-visibility attacks on processes and infrastructure have increased over the past several years. We’ve seen our best customers move security from a nonpriority to one of their most-critical business concerns,” says Nosbusch. If adoption of the connected enterprise is to continue, he stresses, industrial security must keep pace.
“Fifteen years ago, cyber-security discussions were rare,” notes Michael Assante, advisor and director at the National Board of Information Security Examiners. Attitudes are changing as the automation industry recognizes that security is essential to building safe and reliable systems, he says.
The cyber-threats game is changing and evolving as well, he explains. Hackers are still a threat, but their attacks are less structured and more opportunistic. They typically exploit security weaknesses — in some cases for economic gain, in others simply for notoriety. Increasingly, more-sophisticated adversaries are picking an organization out of the crowd not because of vulnerable technology. Rather, they are the object of directed, targeted attacks.
The U. S. Industrial Control Systems Cyber Emergency Response Team, part of the Dept. of Homeland Security, says more-focused attacks are, in fact, taking place. There are two basic reasons: because more control systems are connected to the Internet; and adversaries are developing tools specifically focused on exploiting industrial control systems. By some estimates, the cyber underground invests $2 to $3 billion annually in R&D, putting companies at greater risk.
Tasty benefits of the connected enterprise
Food, beverage, and pharmaceutical companies around the world face several key challenges, says Rockwell Automation CEO Keith Nosbusch. Their plants serve dynamic markets where production levels need to be synchronized with consumer demand, and rapidly changing customer tastes require quick changes to products and packaging. Plant-floor equipment generates a lot of data, but not enough usable information. And technical expertise is often limited in the plant and becoming increasingly scarce.
Connected enterprises, using open, IP networks, let manufacturers manage these problems, says Nosbusch. It helps transform real-time data into valuable information that, in turn, can be used to maximize throughput, rapidly reconfigure equipment, collaborate with suppliers, and track energy consumption and diagnostics. And it gives remote experts plant-wide access to equipment data, letting them work with on-site staff to upgrade operations, improve efficiency, and troubleshoot breakdowns.
Case in point, he says, is King’s Hawaiian, a Torrance, Calif.-based supplier of specialty breads and baked goods. They recently opened a production facility in Oakwood, Ga., that includes advanced data-collection capabilities. The goal is to maintain product quality while improving operating efficiency across the plant.
To gain these features, the control architecture was built around a common infrastructure. Bread baking, for example, requires 11 different machines built by different OEMs. But each uses Allen-Bradley ControlLogix programmable automation controllers and Factory Talk View Site visualization and information software. Packaging machines run CompactLogix PACs, which provide the features of Logix control in a smaller unit.
The entire plant communicates via EtherNet/IP, letting the company collect and store information like oven temperatures, bakes times, scale weights, and maintenance operations.
For King’s Hawaiian, the approach offers several advantages. For one, it helped get the facility up and running in only 10 months from the start of construction. Common hardware and software across varying equipment simplifies application development and training, and makes it easier to manage changes or upgrades. Technicians use the same software to address different issues throughout the plant.
Although the plant generates lots of data, Rockwell’s Factory Talk VantagePoint software correlates the info and produces real-time dashboards and Web-based reports. This lets engineers analyze the information, compare various machines and production lines, and fine-tune operations. Finally, engineers at the company’s headquarters can monitor operations from 2,500 miles away.
And there’s more disturbing news, says Assante. According to some studies, up to 94% of the victims of these advanced attacks don’t detect them. Notification, instead, comes from third parties who find the victim’s information on a server somewhere else in the world. Mandiant, an information security firm based in Alexandria, Va., says the average time between a data compromise and when it’s discovered is 416 days.
Over that period, called “attacker-free time,” somebody else can move through that business system, find valuable information, and steal it for their own benefit, says Assante. Equally troubling, Mandiant suggests that in all the cases that they’ve seen, compromised organizations had up-to-date antivirus software and industry-standard security practices. “That tells us conventional security approaches are not working,” he says.
Studies suggest that the consequences of cyber-security incidents, including loss of productivity and information, might amount to $40 to $80 billion annually. “And, of course,” says Assante, “we’ve heard about high-profile threats like Stuxnet, where you’re actually manipulating the industrial process by a very targeted and customized attack. This is the threat environment that the Internet of Things needs to live in.”
The good news, according to Assante, is that because automation and control systems are highly deterministic, their behavior is well understood. “By investing in better architectures, we can actually lock these systems down,” he says.
IoT security differs from information-technology (IT) security, explains Cisco’s Soderbery. It starts with the “attack surface” where attackers gain access to a system. For a PC or mobile device, it’s typically a single connection or over the Web. In contrast, a factory’s attack surface is vast and complex.
Complicating matters, it’s often not obvious how to handle an attack. Shutting down a facility running at full tilt is not easy or practical. It not only affects production, but there are safety and regulatory concerns as well. Manufacturers must respond quickly, but appropriately.
In terms of building blocks for IoT security, says Soderbery, the first step is limiting access. “Most people assume that means a firewall, and firewalls are very important. But if your security architecture is only a firewall, you’re essentially unprotected,” he says.
So you first have to be aware of the network traffic’s content, he explains. Software tools like deep-packet inspection engines understand content traffic at a deep level, and can determine whether or not it’s a threat.
Second is the context. What kind of device is trying to access the network, who’s behind it, and what kind of data does it produce? You want verify that identity, ensure the device is actually in the location it says it is in, and determine how to securely connect to it.
Then, says Soderbery, users can marry context and content and make some interesting decisions. For instance, letting a machine with a certain type of signature into the manufacturing network, while keeping another with a different signature on a guest network.
Finally, there’s threat awareness. Today’s chief information security officers are increasingly moving beyond the first three things and worrying more about threats, he indicates. They need to understand who the bad guys are, what they are trying to do, what actions they are likely to take, and what actions are needed to protect the network. Being threat aware means understanding and detecting advanced persistent threats, malware, and all of the layered and sublayered threats in today’s cyber environment.
Effect on engineers
Manufacturers who embrace the connected enterprise share data not only on the plant floor, but with controls suppliers, network experts, machine builders, and other partners. “We need to design systems that recognize this reality,” says Assante. Protecting systems is no longer strictly the domain of security professionals. Responsibility is spread across a much wider spectrum than ever before.
Now, security is going to be a part of an engineer’s job from design to operations, according to Assante. And management will increasingly view security metrics as an important measure of job performance.
The objective, says Assante, is not to turn engineers into cyber-security professionals, but to educate them to make better decisions — because control architecture and overall system design directly impact security. The goals are to make it more difficult for attackers and reduce the consequences of any compromise.
“Security is a challenge,” admits Frank Kulaszewicz, senior vice president of Rockwell Automation’s Architecture & Software group. “But it’s an enabler at the same time. In a connected world, all that information makes us better informed, helps us make better decisions and, frankly, makes us more productive.”
But today in the U. S., less than 14% of production-floor machines are connected, creating a tremendous opportunity for productivity gains, he says. Why aren’t devices connected? For two reasons, says Kulaszewicz. First, connecting systems with proprietary networks and hardware can require costly, new infrastructure. “But the other reason is security. Connecting production systems to the Internet creates a risk for the enterprise,” he says.
Rockwell is addressing these concerns by creating a unified network infrastructure that mitigates the vulnerabilities and risks of connected enterprises. To do this, they’re adding features like identity management and contextual data awareness to their products.
For instance, deep-packet inspection software lets users understand what’s happening on the network and identify who can access what information, and when. A key technology in this regard, says Kulaszewicz, is Cisco’s Identity Service Engine.
Rockwell is building ISE into its new Stratix 5900 switches, bringing an added level of security to the industrial environment, he explains. The same will hold as other Rockwell Automation products evolve, such as Logix and Stratix switches, Kinetix motion controllers, and PowerFlex drives. All will operate in a common, secure environment. That means Rockwell Automation products will comply with the latest security standards to provide robust and resilient systems for users, says Kulaszewicz.
And it’s not just a matter of selling secure products. “It’s important to educate customers,” he emphasizes. And so, last but not least, Rockwell has created a team of network and security experts to help educate, evaluate, and migrate customers’ systems and networks to a more secure environment, he says.
What does this ultimately mean for machine builders and OEMs? It establishes underlying expectations for what users should demand from their technology suppliers, says Assante. “That’s critical because Cisco and Rockwell have brought two important concepts to the table. One is that security matters. The other is that they’re designing in security features. That means the technology they deploy will include security. It’s not a feature you buy, it will inherently be part of the technology, all the way from the network platform, to the application, and down to the actual devices,” he says.