The connected enterprise and industrial control system security were two of the major themes at Rockwell Automation’s annual Automation Perspectives media event on November 12, which preceded the company’s Automation Fair conference and tradeshow. More than 100 media from 25 countries gathered in Houston for the event, and Manufacturing AUTOMATION was there. Get the highlights here.
The connected enterprise and industrial control system security were two of the major themes at Rockwell Automation’s annual Automation Perspectives media event on Tuesday, which precedes the company’s Automation Fair conference and tradeshow. More than 100 media from 25 countries gathered in Houston for the event, and Manufacturing AUTOMATION was there.
Those responsible for manufacturing plants and process facilities are increasingly turning to members of the Control System Integrators Association (CSIA) for help in boosting productivity and guarding against catastrophic computer failures that can interrupt operations, according to a CSIA survey. “CSIA members are forecasting a busy year for automation projects among industry clients,” said Piercarlo “PC” Romano, newly elected CSIA board chairman. “More and more CSIA members are showing plant managers, directors of operation and others that control system integrators are experts at managing risk and offering proven solutions to their production challenges.” According to CSIA, topics at the forefront of industry discussion are cyber security, globalization and trends in information technology. “The threat of cyber-attacks is real,” said Bob Lowe, executive director of CSIA. “Our integrator members know their responsibilities and are taking this threat seriously by becoming educated, making it part of their project planning and implementing CSIA Best Practices and Benchmarks to reduce risk for their clients.” Lowe says CSIA is looking at emerging economies such as Latin America to determine how integrator members play a role in developing industrial automation and in demonstrating the value of CSIA Certification worldwide. “We are part of a global industry and CSIA’s vision is for industries everywhere to have access to low-risk, safe and successful applications of automation technology,” continues Lowe. “A global strategy strengthens CSIA’s partnership with industry suppliers, helps us access global networks, and leads our integrators to the clients requesting their expertise.” In addition, CSIA members are tracking the top IT-based technologies in control system integration, such as cloud computing, virtualization and bring your own device (BYOD). These trends are already changing the way integrators work with their clients and are expected to have significant impact on the future of the automation marketplace.
Today’s businesses, including manufacturers, are facing increased security risks as threats are becoming magnified by the world’s next generation of workers’ online behaviour. Despite popular assumptions that security risks increase as a person’s online activity becomes shadier, findings from Cisco’s 2013 Annual Security Report (ASR) reveal that the highest concentration of online security threats do not target pornography, pharmaceutical or gambling sites as much as they do legitimate destinations visited by mass audiences, such as major search engines, retail sites and social media outlets. In fact, Cisco found that online shopping sites are 21 times as likely, and search engines are 27 times as likely, to deliver malicious content than a counterfeit software site. Viewing online advertisements? Advertisements are 182 as times likely to deliver malicious content than pornography. Security risks rise in businesses because many employees adopt “my way” work lifestyles in which their devices, work and online behavior mix with their personal lives virtually anywhere - in the office, at home and everywhere in between. The business security implications of this “consumerization” trend are magnified by a second set of findings from the Cisco Connected World Technology Report (CCWTR), which provides insight into the attitudes of the world’s next generation of workers, Generation Y. According to the study, most Generation Y employees in Canada believe the age of privacy is over (91 per cent), but one third say that they are not worried about all the data that is stored and captured about them. They are willing to sacrifice personal information for socialization online. In fact, more Generation Y workers globally said they feel more comfortable sharing personal information with retail sites than with their own employers’ IT departments - departments that are paid to protect employee identities and devices. As Generation Y graduates from college and enters the workforce in greater numbers, they test corporate cultures and policies with expectations of social media freedom, device choice, and mobile lifestyles that the generations before them never demanded. As the first chapter of the Connected World Technology Report indicated in December, Gen Y in Canada is constantly checking social media, email and text updates, whether it’s in bed (two out of three surveyed in Canada), at the dinner table (nearly 60 per cent), in the bathroom (52 per cent in Canada compared to only 33 per cent globally), or driving (one in three Canadians, considerably higher than the 19 per cent global average). That lifestyle is entering work environments in greater numbers, spotlighting the future of work and how companies must consider competing for the next wave of talent. Unfortunately, what the security studies show is the next-generation workforce’s lifestyles are also introducing security challenges that companies have never had to address on this scale. Key findings : Android malware - Android malware encounters grew 2,577 per cent over 2012. (ASR)- However, mobile malware represents only 0.5 per cent of total Web malware encounters. (ASR)- These trends become especially significant considering the smartphone is the No.1 device among Gen Y workers over laptops, PCs and tablets(CCWTR) Web malware encounters by country In 2012, there was significant change in the global landscape of where users encountered Web malware. China dropped from being the second-most malware-stricken country in 2011 to the sixth spot last year.Scandinavian countries, such as Denmark and Sweden, experienced greater numbers of Web malware encounters, climbing the world ranking to the third and fourth spots, respectively. The United States retained the top spot with 33 per cent of the world’s Web malware encounters. (ASR) Privacy tradeoff -Although most Gen Y respondents do not trust websites to protect personal information (80 per cent in Canada compared to 75 per cent globally), such as credit card and personal contact details, their lack of confidence does not deter their online behavior, gambling that they will not be compromised. This puts a large amount of pressure on companies when these individuals take risks online with work devices on corporate networks. (CCWTR)- Fifty-seven per cent of Gen Y is comfortable with their personal information being used by retailers, social media sites, and other online properties if they will benefit from the experience. (CCWTR) IT Policy Compliance - 87 per cent of IT professionals surveyed in Canada said they have a policy governing the use of certain devices at work. (CCWTR)- 34 per cent of the Gen Y workforce in Canada said their company’s policy forbids them to use company-issued devices for non-work activities but 64 per cent said they don’t always obey those policies(CCWTR)- 36 per cent of IT professionals in Canada believe their employees obey IT policies (compared to 52 per cent globally). (CCWTR)- 72 per cent of Gen Y respondents in Canada said IT has no right to monitor their online behavior, even if that behavior is conducted using company-issued devices on corporate networks. (CCWTR) The Internet of everything & security’s future Looking ahead, the Internet of Everything represents the largest online trend today. As more people, things and devices connect to the Internet, more data from more places will be introduced across corporate and service provider networks, which open up new vulnerabilities and a need for more sophisticated security approaches. - Exponentially more machine-to-machine (M2M) connections are coming online each day, leading to a proliferation of endpoints that extend far beyond mobile devices, laptops and desktops to an “any-to-any” scenario in which any device can connect to any cloud to any application across any network.- By 2020, with an Internet open to an estimated 50 billion things, the number of connections balloons to more than 13 quadrillion (specifically, 13,311,666,640,184,600). Adding just one more “thing” (50 billion + 1) will increase the number of potential connections by another 50 billion. - These new connections generate data in motion that needs to be protected in real time as it is evaluated for actionable insights through the network and before it’s compromised and causes irreparable damages. - For network security professionals, the focus becomes content-neutral plumbing - shifting from the endpoint and the periphery to the network. Click here to read the Cisco 2013 Annual Security Report.
Yokogawa Electric Corporation and McAfee have signed a partnership agreement to offer holistic and value-added IT security solutions for the industrial automation world. According to a news release from Yokogawa, the partnership will address the imperative of digital threats to industrial control systems.In particular, the partners will collaborate to offer Yokogawa’s customers solutions to avoid gaps between different IT systems across proprietary solutions and expanded communication channels (e. g. IP, wireless, and mobile) and running common operating systems and applications. According to McAfee’s recent threats report, cyber-crime, hacktivism, and cyber warfare are on the rise worldwide and are growing ever more sophisticated. Governments, large enterprises, small business, and home users face a wide range of digital threats, and recent prominent cases of industrial sabotage and espionage have escalated these concerns. Today’s cyber security threats mean that industrial control system users and suppliers alike must be increasingly vigilant against current and future intrusions, as human safety and environmental impacts are directly at stake. While today’s process control systems can take advantage of advanced general-purpose IT to reduce costs, improve performance, enable interoperability with APC, MES, and other systems, and add other important new capabilities, the very same technologies have made today’s industrial control systems increasingly vulnerable to security intrusions – malicious or otherwise – from both within and outside the plant. Organizations tasked with running critical infrastructure such as oil and gas pipelines, chemical plants, power stations, and water treatment facilities must look at holistic security systems across two disparate, yet interconnected zones, enterprise IT and industrial control systems. This partnership will work to address the issue that industrial process control systems typically have a three to five times longer lifecycle than typical commercial systems. Since both system technology and cyber threats are ever-changing, automation system suppliers must embrace a lifecycle approach to industrial cyber security. “Security measures for control systems are indispensable. Yokogawa is continually making stringent efforts to provide our customers optimum control system security solutions, starting with the development of highly secure instruments and systems and extending to the provision of operational support services,” said Nobuaki Konishi, vice president of Yokogawa’s IA Systems Business Division (IA Platform Business Headquarters). “This partnership will allow us to combine our technology and plant security know-how with McAfee’s technology to enhance the security of our products and our line-up of security solution services covering the entire lifecycle of our customers’ plants. This will include the integration of anti-virus software with industrial control systems used in the process industries.” “Businesses are looking for integrated security solutions, moving from simply securing components, to understanding and measuring the security of a business system as a whole,” said Wahab Yusoff, vice president for McAfee South Asia. “That is why we feel strongly about this opportunity to work with Yokogawa as a leading global supplier of industrial control systems with a history of nearly 100 years of growing expertise and experience.”
On Tuesday, Nov. 6, security enthusiasts participated in Symantec's Cyber Readiness Challenge at the Design Exchange in Toronto. The event kicked off with a keynote presentation by Clint Sand, senior director of Symantec's Security Business Practice, on the current threat landscape, followed by an interactive "capture the flag" game that saw the top player going home with a $2,500 grand prize. Check out some of the highlights above.
From the viewpoint of national security, more manufacturing processes than you would think fall into the category of "critical manufacturing." The U.S. Department of Homeland Security, for example, identifies nine manufacturing areas as critical infrastructure, including iron and steel mills; ferrous and nonferrous metal processing; and the manufacturing of machinery, electrical equipment and transportation equipment. Public Safety Canada also identifies manufacturing as one of 10 critical infrastructure sectors, and collaborates with the United States on a cross-border approach to information sharing and protection through initiatives such as the "Canada-United States Action Plan for Critical Infrastructure."
Industrial security takes center stage at ISA EXPO 2009 on Oct. 7 featuring presentations by security experts with U.S. Department of Homeland Security experience, as well as a groundbreaking hack and defend tutorial and demonstration on wireless security. Sean McGurk, DHS Director, Control Systems Security Program (CSSP), will present the ISA EXPO 2009 Keynote Presentation. In his presentation, entitled "Securing the Nation's Industrial Control Systems Infrastructure", he will discuss the current threat landscape, common vulnerabilities and security issues facing critical infrastructure control systems, and mitigation strategies being developed to address these challenges. He will also discuss current program efforts including how to become directly involved in securing the Nation's critical infrastructure control. Greg Garcia, President, Garcia Strategies, will deliver the featured presentation, entitled "Industrial Security and the Political Control System: A View from Washington". He served as the nation's first Presidentially-appointed Assistant Secretary for Cyber Security and Communications (CS&C) for the U.S. Department of Homeland Security, from 2006-2008. During his tenure, the U.S.Department of Homeland Security affirmed the urgency of cyber security across the nation and embarked on a comprehensive cyber initiative that will measurably strengthen the security of our nation's networks against domestic and international threats. Wednesday's security spotlight will also feature a live "Hack and Defend Industrial Wireless Systems" demonstration. The never-been-done-before wireless hack and defend tutorial session will give attendees the chance to learn techniques about breaking and defending wireless systems, as well as pose questions to the experts. ISA Security Lounge The ISA Security Lounge will offer meet-and-greet opportunities with ISA EXPO keynoters — including Sean McGurk and Greg Garcia, industry leaders, recognized professionals, presentations, and running demonstrations of cyber security related topics of interest featured during the technical conference. The ISA EXPO 2009 conference will feature six Exchange Conference Tracks centered on key issues facing instrumentation, automation, and control professionals, including a dedicated track on industrial security. Attendees will have the opportunity to discuss best practices, lessons learned, and potential solutions to specific automation problems as part of the conference's technology exchange format. For more information about ISA EXPO 2009, and registration, visit www.isa.org.
Vancouver-based Wurldtech Security Technologies, a provider of industrial cyber-security testing and certification solutions for critical infrastructure industries, revealed a detailed strategic initiative designed to help improve the security of the Smart Grid.The effort includes the addition of wireless communication capabilities into the award-winning Achilles Satellite security and robustness testing platform to diagnose and remediate vulnerabilities in Smart Grid technology; the expansion of the Achilles cyber-security certification program to include resilience benchmarks for smart grid devices and applications; and the creation of the world’s first cyber security research institute and global center of excellence focused on vulnerability analysis and cyber-threat metrics for Smart Grid infrastructure."The Smart Grid is critical to our sustainable energy future," said Tyler Williams, CEO of Wurldtech, "but the bulk power industry has had little necessity for cyber security in the past because critical control networks were isolated from the litany of IT threats that could jeopardize process integrity and reliability. The advantages of Smart Grid however, require increased connectivity, including a reliance on the internet, and if we don’t move quickly to make functional security an integral part of the Smart Grid initiatives, we may find ourselves in the unfavorable position of attempting to fix the car while driving at full speed."The Achilles Satellite is a unique stand-alone platform designed to allow equipment manufacturers of all sizes to conduct standardized cyber security and robustness testing to identify vulnerabilities in IP-enabled computers systems before their deployed in critical infrastructure networks. In fact today, the Achilles testing technology is relied upon by almost all major global automation vendors and has made enormous improvements in both the reliability and resilience of the computer systems that operate critical infrastructure around the world. By adding additional capabilities to the Achilles platform, enabling security testing over common smart grid protocols such as IEC 61850/870, and the new wireless protocols based on 802.11 and 802.15.4 (WirelessHART, ISA100.11a and Zigbee), suppliers of smart grid devices and applications can benefit from the same advantages previously reserved for the traditional SCADA and control system vendors. "There is no reason why any device, system or software application that is found on a critical control network should be deployed without going through rigorous security and robustness testing with technologies like Achilles" said Greg Garcia, former assistant secretary for cyber security from the U.S. Department of Homeland Security. "Having the required subject matter expertise, the proven technology to identify and diagnose vulnerabilities, and the infrastructure to categorize threats and proactively distribute effective mitigations, Wurldtech’s solutions will provide the functional security core that the Smart Grid initiatives need."Williams said, however, that these initiatives alone will not provide the layers of functional security necessary to protect the Smart Grid from intrusion or accidental disruption. "We have been working tirelessly over the past eight months with numerous energy industry end-users on an exciting new initiative and are extremely pleased to announce today the signing of a Memorandum of Understanding (MOU) between Wurldtech and The University of British Columbia (UBC). The MOU provides the framework for Wurltech and UBC to create the world’s first global centre of excellence in cyber security."Funded directly by leading energy companies, government agencies and other industry stakeholders, and focusing, the Centre of Excellence will consist of three distinct components:• A Cyber Security Testing & Certification Test Bed and Demonstration Center: a multi-million dollar test bed designed to replicate high-availability control networks and advanced metering infrastructure currently being constructed to support the on-going analysis of Smart Grid and control system infrastructure, for security, safety and interoperability issues. • An International Applied Cyber Security Research & Assessment Team: A centrally managed, but distributed, multi-disciplinary team of cyber security subject matter experts, private sector and academic researchers to conduct both applied research and consulting services based on roadmap requirements directly from end-users.• A Web-based Knowledge Portal: An information coordination center to provide symmetric information, without restriction, to qualified users. This portal will act as the conduit for workplace cyber security training and education as well as online certification and training courses covering the emerging functional security issues in the critical infrastructure industries and the Smart Grid."Wurldtech is responsible for yet another game-changer," says Ted Angevaare, Shell Global Solutions’ global manager of process control security and architecture. "A focused private-sector effort with activities directed by end-users and managed by an organization with clearly demonstrated industry stewardship, subject matter expertise, and an understanding of the issues and fundamental needs of the industry – this is a recipe for success. Shell is proud to be amongst the many supporters of this effort and we look forward to contributing our expertise to the combined knowledge base so that the entire community can benefit."www.wurldtech.com
ATS Knowledge Day
March 28, 2019
Hannover Messe 2019
April 1-5, 2019
RFID Journal LIVE!
April 2-4, 2019
April 8-11, 2019
2019 Annual Valve Industry Knowledge Forum
April 9-11, 2019
Advanced Design & Manufacturing (ADM) Canada
June 4-6, 2019