Professional Documents
Culture Documents
Automation
Cloud Analytics
Volume VI
INTRODUCTION
The advent of IIoT in the industrial space has unleashed a flood of technologies and opportunities for
today’s factories, with new breakthroughs happening on a seemingly daily basis. The unlocking of
terrabytes of potential data from these factories have many business leaders simultaneously excited
about the possibilities for enhanced productivity and profits, while also overwhelmed with questions
on how to effectively leverage that data and wary of the potential security risks in a continuously
connected environment.
In order to help organizations leverage that data in an efficient and secure way, Automation.com has
teamed with some of the industry’s leading experts in data analytics and IIoT technologies to create
this Cloud Analytics eBook. This eBook is designed to serve as a resource showing organizations
both the technologies that can help them efficiently leverage all the data that their facilities have to
offer, as well as strategies to fully connect and secure your systems in the process.
CONTENTS
The Rise of Cloud Computing in Industrial Process Automation Page 4
by: Latha D.S. & K. Jayaprakash, Instrumentation & Controls, Tata Consulting Engineers
This article from Tata Consulting Engineers chronicles the rise of cloud computing and how the
resulting technologies and data opportunities have subsequently transformed the future for
industrial process facilities. Whether you are looking for a quick look into the history of cloud
computing, or wondering how it can help enhance your organizational productivity and footprint,
this article is your resource.
This technical resource serves as both an introduction to NI’s Labview software, as well as
a guide on how organizations can adequately connect, integrate, and start generating data
from, all their systems in a single environment. If you’re seemingly just keeping your head
above water in the sea of cloud analytics potential, you won’t want to miss this read.
Cybersecurity and the IOT - Threats, Best Practices and Lessons Page 9
Learned
by: Kevin T. Smith, Chief Architect, Tridium
This guide is a must-read for all who are planning to leverage the power of IIoT to
connect their facility. Tridium’s detailed article discusses how to facilitate that connected
future without opening loopholes in your network that can be exploited by hackers. With
cybersecurity as one of the biggest deterrents to IIoT-driven productivity, this article will
help give you the tools to engage the threats and enhance your productivity.
PAGE 2
The Rise of Cloud Computing in
Industrial Process Automation
By Latha D.S. & K. Jayaprakash, Instrumentation & Controls, Tata Consulting Engineers
Utility computing Thus far, cloud technology has been an effective and
important tool in helping make the Industrial Internet of
Payment established on usage, or pay-per-use, is the Things (IIoT) a tangible reality and helping the process
basis of designing utility computing model. Computation industry reap benefits through higher efficiencies and
resources are offered as a measured service, based on superior quality. As stated previously, this technology
demand. The utility computing model is widely used in IT has resulted in the creation of process-related
service industry. However, improvisation in transparency, applications for a number of purposes including:
scalability, intelligent monitoring, and security need to
be considered while utilizing this technology based on • Data historians
application requirement. • Analysis tools
• Alarm management
Service-based architecture • Asset management
• Performance management
Service oriented architecture enables use of cloud • Training simulators
services for multiple applications, regardless of • Remote diagnostics
technology used, product type or vendor. With service
oriented architectures, data exchanges between All these applications are offline activities which require
different vendor applications are exploited to the subject matter experts to analyze and solve customer
maximum possible extent. predicaments by consolidating data with expert analysis.
In each application, relevant domain data is acquired
from multiple sources, consolidated, analyzed for
probable failure prediction.
We expect the cloud computing efforts for process The Future of Cloud Computing and
automation industry to revolve around one of two Process Control
models:
In the process control industry, the benefits of cloud
The OEM (Original Equipment Manufacturer) Model computing are still being weighed against risks of
production loss, safety, availability and unknown server
In this model, manufacturers would have the functions locations. However, with the bevy of technological
of engineering, asset health management, simulation, advancements, virtualized servers are becoming
system diagnostics in their cloud domain, and would be increasingly more attractive to end users. The rise
able to provide specialized support to product users. of cloud computing may be inevitable necessity of
This model may be the most cost effective, as pay-for- survival for older, space-constrained plants who need
use operation expenses tend to be better for a plant these latest advancements in equipment, where few
financially, as they minimize capital investments for new applications could be maintained in compact, cloud
computer hardware. Some equipment manufacturers environment. This can also lead to secondary monitoring
are also developing diagnostic models wherein it may and expert systems being migrated to the cloud as
be possible to regularly inform owners about system well. It’s likely that we will see more and more of these
trips, the functional status of a system, new service applications being virtualized, providing more cost and
maintenance requirements and the overall active space benefits to plant operators.
efficiency of the system. This model is especially
applicable for manufacturers of distributed control Perhaps most importantly to the world at large, the latest
systems, programmable logic controllers, vibration developments are focusing on green cloud computing,
monitoring system, etc. improving the design, manufacturing, usage, and
disposal of computing resources in order to facilitate the
Centralized Corporate Model minimum level of environmental impact and damage.
By National Instruments
Discover how LabVIEW system design software can increase your productivity, future-
proof your solution, integrate with your hardware, and provide learning paths to ensure
your success when adopting LabVIEW for your measurement and test applications.
Why LabVIEW?
LabVIEW offers a single environment that integrates software and hardware to help you develop programs
more efficiently. You can expect the following four data acquisition and return on investment benefits with NI’s
problem-solving platform-based approach. This comprehensive approach combines the powerful
LabVIEW software environment with flexible hardware and a strong ecosystem of users, partners, and
complementary pieces of hardware and software that push the platform beyond its limits and increase
your possibilities.
Since the first version of LabVIEW was released in 1986, the software environment has evolved and adapted to the
new engineering challenges presented by technological advances. NI continues to invest in LabVIEW’s compatibility
with new communication buses, protocols, and hardware to future-proof it for the test and measurement and
embedded control markets.
Over the last 30 years, LabVIEW has become the standard software tool for measurement and
instrument control.
“The modular instrument system architecture makes the system expandable as the product
evolves over time. Using LabVIEW and modular instruments helped us focus solely on solving
problems.”
- Andreas Beckman, ADDQ Consulting
2. Increased Productivity
LabVIEW provides a flexible graphical development environment that reduces complexity and saves development
and deployment time.
Windows is a registered trademark of Microsoft Corporation in the United States and other
countries. Other product and company names listed are trademarks or trade names of their
Third-Party Hardware respective companies.
• Instrument Driver Network, which hosts free A National Instruments Alliance Partner is a business entity independent from National
software drivers to communicate and control Instruments and has no agency, partnership, or joint-venture relationship with National
Instruments. 28720
measurement instruments with: MATLAB® is a registered trademark of The MathWorks, Inc.
› 10,000+ instrument drivers
› 350+ instrument vendors
› 100+ instrument types
• Ability to communicate over any bus
The Industrial Internet of Things (IIoT) is With recent cybersecurity incidents showing
transforming the way manufacturers instrument, unprecedented growth in the frequency, scale and
manage, and optimize their operational assets. sophistication of advanced cyberattacks, combined
Through a combination of sensors, software, and with the number of high-profile data breaches and
connectivity, factory operators can gather data from hacks hitting the front pages of newspapers on an
a heterogeneous environment of devices, equipment, almost weekly basis, it should not be a surprise that
and machines to improve plant efficiency, enhance most organizations are taking a newfound interest in
energy management, and achieve greater asset uptime. protecting the systems on their networks.
It’s estimated that by 2019, 35% of large global Regarding the IoT, adding network connectivity to
manufacturers will have integrated their IT and any “thing” can certainly provide great value, but it
OT systems to gain unprecedented efficiencies in also brings along with this connectivity potential risks
energy and fulfillment.1 But in order to realize these related to network security. In the past few years,
advantages, manufacturers will have to learn to protect we have seen web cameras, baby monitors, smart
their assets from cybersecurity intrusions. refrigerators and even cars electronically hacked. We
have seen an alarming rise in data breaches costing
organizations billions of dollars. We have seen the
Adding network connectivity to any “thing” rise of security and privacy concerns related to smart
can certainly provide great value, but it also devices. We have seen an alarming rise in malware
threats infecting computers and smart devices. We
brings along with this connectivity potential
have seen the increase of hacker-friendly tools and
risks related to network security websites that allow bad actors to search for, discover
and exploit Internet-connected devices. Specific to
the IoT market, we saw the largest distributed denial-
And it’s not just manufacturing. According to research of-service attack of its kind in October 2016, when
from the International Data Corporation released early an estimated hundreds-of-thousands of IoT devices
in 2017, the IoT market will reach $1.29 trillion by were attacked, infected with a virus and used in a
2020.2 HIS Markit forecasts that the IoT market will
grow from what was an installed base of 15.4 billion A successful cybersecurity
devices in 2015 to 75.4 billion devices in 2025.3 Other
market research firms are releasing similar staggering program encompasses far more
statistics, and while estimates vary, all parties agree: than simply an approach that is
network-connected devices and their capabilities are asset-focused or revolves around
and will continue to be a disruptive force in the way only technology. A more holistic, defense-
that everyone does business. in-depth security approach is needed —
Cybersecurity should be a concern for any and one that involves people, processes and
all users and owners of connected devices, from technology.
manufacturing and beyond. In our fast-paced world of
ever-changing technology, the cyberthreat landscape
continues to evolve at an alarming rate. coordinated effort to attack domain name system
(DNS) servers, effectively bringing down a significant
portion of the Internet.
1. http://www.idc.com/getdoc.jsp?containerId=US41837317
2. http://www.idc.com/getdoc.jsp?containerId=prUS42209117
3. https://www.ihs.com/Info/0416/internet-of-things.html
Because of the cyberthreats that are continuing to c. Setting up your devices behind a virtual private
evolve, Tridium has been focused on cybersecurity network (VPN) can offer protection, especially
education for our customers, business partners if the devices require remote access or remote
and integrators. Over the years, we have come up administration. For example, many organizations
with some best practices that can be applied to any set up a security gateway/VPN router in a DMZ to
organization with control systems or IoT devices. protect our devices in an isolated control system
network, where an authenticated remote user
can administer those devices over an encrypted
8. ICS-CERT, “Recommended Practice: Improving Industrial Control System Cyber Security with Defense-in-Depth Strategies,” https://ics-cert.us-cert.gov/sites/default/files/recommended_
practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf.
9. BBC News, “Cyber-attack: Europol says it was unprecedented in scale,” 13 May 2017, http://www.bbc.com/news/world-europe-39907965.
10. Jon Ungoed-Thomas, Robin Henry, Gadher Dipesh, “Cyber-attack guides promoted on YouTube,” The Sunday Times, (14 May 2017).10 Verizon, “2017 Data Breach Investigations Report,”
10th Edition, http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/.
11.Verizon, “2017 Data Breach Investigations Report,” 10th Edition, http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/.
Although this seems to be common sense, it needs to Because your network assets, devices,
be said. If you are using a system in which encryption system configurations and security
in communications is optional, don’t be tempted to
turn it off for any reason. If an adversary has access requirements change over time, formal
to a network where your system is installed and you threat and risk assessments should be
are running unencrypted communications, you will be done on a periodic basis.
unprotected from attacks on confidentiality (where your
adversary may be able to view sensitive information, Before any assessment, your organization will identify
such as passwords) or various other attacks, such as the assets that you wish to protect and document the
impersonation, session hijacking and countless other security requirements for those assets revolving around
risks. confidentiality, integrity and availability. A formal threat
and risk assessment can then be done by internal
7. ALWAYS FOLLOW DOCUMENTED BEST security experts or by a third-party organization trained
PRACTICES FOR SECURING YOUR DEVICES for that purpose, and the assessment will address the
AND SYSTEMS risks to the operational environment. Results of this
assessment will all include scored threats and risks
discovered, and this report will need to be reviewed by
Every IoT device and every system you use should key management stakeholders. For identified threats
have a “security best practices” guide that will give you that have been scored above your organization’s risk
step-by-step directions for security best practices. It is threshold, your organization will then need to determine
important that you read and follow them. how and when to mitigate them with security controls.
Remember that this effort shouldn’t be a one-time
process; because your network assets, devices, system
configurations and security requirements change over
time, formal threat and risk assessments should be
done on a periodic basis.
12. Symantec, “Internet Security Threat Report,” April 2017, https://www.symantec.com/security-center/threat-report.
Authentication Pluggable schemes provide flexibility; defaults are the most secure
Identity infrastructure and PKI integration Can integrate with any PKI infrastructure, LDAP directories, Kerberos
Authorization at API level Sandboxes code, controlling what individual software components can do (a grant/deny
permission authorization model)
Digitally signed code, validated at runtime Assures that core framework code can’t be altered or manipulated
JACE® 8000 secure boot Only boots our digitally signed trusted software, providing assurance against alteration
Common-sense user account management Configure security mechanisms for attack prevention (lockouts, password strengths, etc.)
CONCLUSION
The IIoT cybersecurity landscape is populated with a range of threats, requiring plant owners, managers and
partners to be prepared, vigilant and continually assessing and refining their security protocols and strategies.
At Tridium, we realize the cybersecurity process is a journey — one that we share with our customers and other
community stakeholders. As we continue this journey, we will focus on not only the security of our products, but
also our commitment to continue to share best practices that can be used in the industrial world and beyond.
to efficiency?
Learn how an open framework for the IIoT can help you
run smarter and compete better in tomorrow’s discrete
manufacturing marketplace. © 2017 Tridium Inc. All Rights Reserved