Stepping Up to Lightly Managed Industrial Ethernet Switches

No matter where your organization is on the path of adopting industrial Ethernet, it is likely that unmanaged switches play a role in directing traffic on your network. Perhaps your team waited for the early adopters of Ethernet to iron the kinks out or you recently invested in your first system because of supplier or management demands.

On the other hand, you may have a robust industrial Ethernet infrastructure that has unmanaged switches on its fringes or in smaller networks.

In any of these scenarios, ease-of-use and low cost were likely the factors that led to the selection of unmanaged switches.

I am writing today to let you know about a new category of industrial Ethernet switches, lightly managed switches. These devices offer the same simplicity as unmanaged switches and are very reasonably priced – but with additional features that make sure your networks are running at peak performance.

Reasons to Consider Lightly Managed Industrial Ethernet Switches

Once you start using Ethernet in your designs and you add a few nodes to your network you may notice behavior that piques your concern or curiosity. You’d like to get more information, but you are limited because unmanaged switches do not make it available.

Similarly, you may feel constrained because:

 

  • You want to implement redundancy to reduce downtime, but can’t do it with unmanaged switches.
  • You are worried that the unused ports on some of your switches are a security risk.
  • You need to accommodate one of the myriad of industrial Ethernet protocols in your infrastructure.
  • Your network is growing in size and sophistication and you need better monitoring and diagnostics.

SCADA_DownloadCallToAction_3

Read more »

Wash-Down Cord Sets Improve Reliability for Sensor-Laden Automation Systems

Editor’s Note: Thanks to Tim Senkbeil, a product manager with Belden’s Lumberg Automation brand, for his contribution to this article.

In the last several years, many industrial-based businesses – such as food and beverage, oil and gas, power utilities, manufacturing, pharmaceutical, cosmetics and others – have focused on improving their financial standing by investing in sensor-laden automated systems that maximize productivity and streamline production.

By embedding connectivity into their industrial equipment, managers are able to monitor system performance and ensure their facility is consistently performing at a high level.

As these connected systems become more critical to businesses’ success, the need to prevent equipment failure and unplanned downtime becomes even more important than usual. If a cord set fails in an industrial setting, the losses can quickly put a major dent in overall profitability.

Repair and labor costs, as well as the costs of lost productivity and discarded materials, can add up to 15-20 times the cost of the component itself. In certain industries, a single hour of unplanned downtime can cost $20,000 – $30,000.

With thousands of dollars, as well as the physical well-being of employees and equipment at stake, businesses in industrial settings need to ensure that the cord sets used to enable connected and automated systems can withstand the extreme, hazardous conditions they’re exposed to.

FoodandBeverageWheatProductionImage

Read more »

4 Big Trends that Impact Industrial Automation and What To Do About Them, Part 2 of 2

In Part 1 of this series I described 4 big trends affecting manufacturing and pointed out the challenges and opportunities with each of them, at a high level. The 4 big trends are the Internet of Things (IoT), Big Data, Cloud Computing and Industry 4.0.

The technologies related to these trends are available today. Like the Good Witch tells Dorothy in the Wizard of Oz , “You’ve always had the power to go back to Kansas”…or, in our case, take full advantage of the opportunities these trends support. Instead of clicking your heels together though, there are a number of steps to take to realize business benefits.

In this article I am going to describe these steps and also present some ideas of how the 4 big trends might be used by forward thinking organizations.

Step 1 – Move from Ad Hoc to Industrial Ethernet Infrastructure

The first thing to do is make sure your network is well-designed and that it lets you scale-up dramatically, easily and reliably. If you’re like most, you’ve been moving to industrial Ethernet and away from fieldbuses. You’ve found Ethernet to be big, fast, and pretty forgiving.

Chances are, however, that your network has grown ad-hoc but just keeps working. As your network grows, you’ll need to evolve to a design that includes segmentation, security and redundancy in the right places, along with easy network management and expansion.

For more information on this, see my Automationworld article “Here’s Your Sign … That It May be Time to Turn Your Ad Hoc Network Into a Real Infrastructure”. Also, Belden resources for helping with this are listed at the bottom of this article.

RubySlippersImage_1

Read more »

4 Big Trends that Impact Industrial Automation and What To Do About Them, Part 1 of 2

Every decade has its big manufacturing trends and hyped-up IT issue(s). Remember Y2K? Nowadays there are several topics that have been the subject of numerous articles in manufacturing trade publications. These include:

The Internet of Things (IoT)

  • Big Data
  • Cloud Computing
  • Industry 4.0.

All of these trends involve a lot of devices networked together and a lot of data available to do things. They also include deciding whether data is stored and applications accessed from the computer next to you or from a server located somewhere else.

The good news is: The supporting technologies behind all the buzzwords are already available. Are they empty hype, a valid threat, or an opportunity? (the answer is yes). In this article, I’ll tackle each of these topics one by one, focusing on what you need to know to sort out reality and react to each.

1. Connected Industrial Devices aka the Internet of Things (IoT)

The IoT is about a lot of industrial devices networked together. For example, I’ve encountered automotive plants with 8,000 devices on a single network and consumer products plants with 12,000.

The benefits of networking these devices include:

  • Managing everything from anywhere.
  • Reducing complexity and hardware costs with one network technology.
  • Moving control and information at will.
  • Expanding it all easily.

Gears_Image6414

Read more »

New PRP Redundancy Extends Industrial Wireless Applications – Part 1 of 2

Editor’s Note: This article was contributed by Julia Santogatta, Belden’s director responsible for the wireless initiatives and Tobias Heer, Belden’s Head of Embedded Development.

Several months ago we asked whether you have moved wireless projects off the back burner yet. The reason we asked is because new advances in technology and standards mean it’s probably time to take a fresh look at industrial wireless.

One of the most common concerns about wireless for wide-ranging mission critical applications has always been – and still is – reliability. Will it work in your noisy environment? Will it be robust enough to ensure your data makes it to its destination? Can it ever provide you the assurance you need that it is stable enough?

These are all good questions. Up until now, there have been many techniques and planning guides written to help address those concerns. However, there hasn’t been an integrated, tried and true solution to really hit the mark I’m sure you’ve been striving for – zero failover, zero data loss.

Recent advances in technology and standards have changed this. These advances have made industrial wireless applications much more stable, reliable, fast, secure and a lot easier to deploy. This is in part thanks to the use of an updated and improved protocol called Parallel Redundancy Protocol (PRP).

In this Part 1 of a two-part series on redundancy techniques for reliable industrial Wireless Local Area Networks (WLANs), I will explain why PRP technology makes wireless worth another look.

Yesterday’s Industrial Wireless Applications

  • Traditionally, wireless LANs have been used in industry when:
  • Cable is too heavy for the application.
  • Cable will not perform under the wear and tear of the application.
  • Cable is impossible to use because the application involves mobile machines or vehicles.
    ConveyorTechnology_1

Read more »

Oil Refinery uses Industrial Wireless for Remote Monitoring

Looking back in time it might be fair to say that smoke signals used during America’s Wild West days were one of the original wireless communications. For their era, they were pretty effective.

Sending information quickly across distances is still important. Traditionally, landlines and wired connectivity have provided the best communications solutions. If it is not possible to link systems by wires, communication has been very difficult, particularly for industrial applications.

Into this wired world came wireless technology, for example, the personal mobile phone. While clunky and unreliable at first, now it is the preferred telecommunication method for millions of people.

Similarly, concern about wireless security and reliability in industrial settings has limited deployment in the past. However, current technology now supports robust and reliable industrial Ethernet-based wireless systems. We are at a tipping point for the adoption of wireless, as shown in the following example of how one refinery is using it in areas where cable is not available or is too expensive to install. Read more »

Automotive Manufacturer Adopts Industrial Ethernet Infrastructure

As industrial manufacturers and operators continually work to be globally competitive, one area they look at for cost and efficiency savings is network infrastructure. The magnitude of the change happening with industrial infrastructure is very large — and the opportunity to play a small part in this change is one reason I have recently moved from our Tofino Security brand to the Industrial IT group.

For those of you that don’t know me, I headed up the Tofino Security marketing group for five years and had the privilege of working with Eric and Joann Byres to pioneer a new approach to industrial security for the plant floor. This involves dividing networks into zones of equipment with similar security requirements and then protecting those zones with firewalls designed for industry such as the Tofino Industrial Security Solution. A key aspect of the Tofino solution is that it is designed to be simple to implement and maintain for those who work on the plant floor. Read more »

Ethernet for Machines & Robots

These days, Ethernet and other industrial networks are fast replacing hard wiring in machine and robot builder OEM applications.  Automation components suppliers are including Ethernet and IP connectivity on more and more of their devices, creating a virtuous and ever expanding circle of Ethernet use. Indeed, the savings in wiring costs alone often justifies use of industrial networks. Read more »

SCADA Security: The Cost of Not Investing

Editor’s Note: This article was written by Thomas Nuth, BA and MBA, product marketing manager. Thomas is responsible for market analysis and valuation for Belden’s global Industrial Networking business. He can be reached at thomas.nuth@belden.com or +49 (0) 712714 1648
Finding a way to determine the right level of investment in ICS and SCADA Security has been an ongoing challenge for industry. In an earlier article, the Total Cost of Ownership approach for calculating investment level was described. Today I present another method called Value at Risk (VaR).

Value at Risk for Process Automation Companies

Value at Risk (VaR) has existed within the financial world for a long time and is used to measure risk while it happens. Managing the risk of financial investments, and the small potential of catastrophic loss, has come to separate the winners from the losers within the world of finance.

How big of a role can VaR play within risk management of a manufacturing or process automation company? While all companies within the automation sector allocate resources to managing risk, many do not know how to apply risk management to security intrusions or ICS vulnerabilities.

Black Swan Events

Nassim Nicholas Taleb, an economist, wrote an interesting book regarding the financial crisis of 2008 called the “Black Swan.” In this book Nassim states that the probability of catastrophic events occurring is often incredibly minuscule day-to-day, but is also inevitable.

Black-swan-2

Black swan theory characterizes major financial, scientific and historic events as being undirected and unpredicted. The phrase was coined when the black swan was presumed not to exist, and now generally means something that is rare, or to indicate the fragility of any system of thought.

 Even with all of the economic insurance mechanisms set throughout the global financial system, economic catastrophes (or crashes) occur about once every 30 years. While you may be thinking, “How does this apply to network security?” consider the following:

  • McAfee Labs collected more than 83 million pieces of malware samples by the end of the 2012 period, up from 75 million samples at the end of 2011.
  • McAfee Labs collected more than 8,000 total mobile malware samples in first quarter of 2012.
  • 79% of the organizations surveyed in the 2012 Evalueserve: State of Security Report indicated data loss and unauthorized outside access as the primary security threats in their security plans.
  • Additionally, only 59% indicate that these threats are addressed with a clear approach within their plans

Critical SCADA and process networks have real output that is tied directly to revenue. It is logical to assume that your network has a much higher probability of failure than the global financial system. Considering recent economic events, this may not be too comforting. However, like in finance, assets within the automation sector can be responsibly managed and insulated from considerable risk by making key strategic investment decisions regarding network security.

Doing the Math with the Altman Z-Score

Now let’s get specific. Operational risk management must take security intrusion, and the cost of such risk, into consideration. To do so we will use a variation of the financial VaR calculation called the Altman Z-Score. It has 3 components:

  1. time period
  2. confidence level
  3. loss amount

The objective of the VaR is to discover the amount of money that a specific investor, or firm, can – with a 95% or 99% level of confidence – expect to lose in dollars over a year.

If you are a public manufacturing company, calculate your Altman Z-Score (VaR) as follows:

  • 1.2 x Working Capital / Total assets +
  • 1.4 x Total retained earnings / total assets +
  • 3.3 x Profit before tax and interest / total assets +
  • 0.6 x Market value of the company / Book value of debt +
  • 1.0 x Sales / Total assets.

Paul Santos provides a real-life example of this calculation for a coal producing company. He explains that it is likely to go into bankruptcy because its financial position is not strong enough to withstand a major shock. He does not say what that shock might be. He just knows that bad things that are unpredictable in nature happen consistently over time.

If you are a private manufacturing company, calculate your Z-Score as follows:

  • 0.717 x Working Capital / Total assets +
  • 0.847 x Total retained earnings / total assets +
  • 3.107 x Profit before tax and interest / total assets + 0
  • .420 x book value of assets / Book value of debt +
  • 0.998 x Sales / Total assets.

The result of this calculation will be the likelihood of your company entering bankruptcy because of a major event, be it cyber, financial, environmental or otherwise. Here is how to evaluate the results:

Altman Z-Score Implications
3.0 or higher
  • The company is considered to have low risk.
2.7 – 3.0
  • The company will likely survive, but is below the threshold of relative safety.
1.8 – 2.7
  • There is a 95% chance of a company going bankrupt in two years.
< 1.8
  • Highly likely headed for bankruptcy.

 

Calculating the ROI on Investments in Network Security

If assumptions are considered regarding the potential costs and risks of network failure and production shutdown due to security intrusion, then you can acquire your return on investment (ROI) by investing in network security. Simply complete the Z-Score calculation twice:

  • once without potential security event costs
  • once WITH potential security event costs

For process automation organizations, the question is limited to “what is the probability that my company would fail as a result of a major event such as a catastrophic hacking attempt or a malware intrusion that shuts the company down?” The calculations can only be done if some baseline cost assumptions are made including:

  • the cost per-hour of halted production,
  • the potential amount of lost protection from a major network event
  • the cost of damage to or replacement of key capital equipment
  • the legal costs of potential disasters

The important concept to take into account when applying the Z-Score calculation is to allocate a proper “worst case scenario” to industrial network intrusion possibilities. Don’t forget that as industrial networks have become more complex, more connected to business systems and make more use of Commercial-Off-The-Shelf (COTS) technologies, they have also become more vulnerable to cyber security threats.

BP’s Deepwater Horizon Catastrophe – A Real-life Black Swan Incident

On April 20, 2010, an explosion caused by a well blowout occurred on the drilling platform of the oil rig called the Deepwater Horizon. The notorious BP Oil Spill was never tied to a network security issue, but it gives an excellent example of a black swan process incident. Simply put, the mounting pressure within the wellhead should have been recognized prior to the catastrophic explosion that caused 11 deaths, irreparable damage to thousands of miles of coastline, and an estimated $42 billion dollar in net loss to BP1.

Now even though the Deepwater catastrophe was unlikely caused by a malware intrusion or hack, one could quantify the impact of a similar network issue on a company’s risk profile using the Altman Z-Score. In December of 2008, BP retained an exemplary Z-Score of 3.232. After the disaster, their score was nearly cut in half to 1.884. The significance of this figure is that BP nearly lost half of its value and flirted dangerously with bankruptcy. But because it had such a good Z-Score going into the event, it managed to survive.

In most operations, fiscal damages of a similar proportion to what was seen in 2010 on Deepwater Horizon would result in a complete financial meltdown and failure of the responsible firm.

Reducing the Operations Risk Profile

An important step in improving your operation risks profile, bottom-line and safety is to invest in network security measures. It is important to consider the real cost implications of a network security threat within the industrial network so that proper steps can be taken to insulate manufacturing and automation processes from excessive risk.

Today, the industrial network has become the “Achilles Heel” of many international firms and has exposed many companies, and their shareholders, to significant and unnecessary risk. Investing in industrial network security is not only responsible, but it is becoming necessary within mission critical applications.

Security solutions designed for industry are a good hedging technique to insulate your operation from cyber-born risks. They can protect vulnerable controllers from broadcast overload, improve network segmentation from the control room and sub-systems, and guard against accidental and malicious security intrusions. Of course I recommend our own Tofino Industrial Security Solution, but there are others out there.

What are your thoughts on managing risk for industrial networks? Let us know.

1 http://www.guardian.co.uk/business/2011/feb/01/bp-loss-gulf-oil-spill-resumes-dividend

Related Links

 

© Tofino Security 2012 | All Rights Reserved | Tofino Security is part of Hirschmann, a Belden Brand

Long-Term Success with Hirschmann and EtherNet/IP

Automotive-Car-Production-Line
The automotive industry is a vital piece of the economy. A recent article in Automation World tells the story of one Tier-One automotive manufacturer, American Axle & Manufacturing, Inc. (AAM) as they set out to reduce downtime, improve productivity and lower costs.

This story has a happy ending for all involved. Focusing on finding a vendor that could provide quick deployment, global reach and hardened networking products, AAM found their EtherNet/IP provider in Belden. As the Jeff Smith, technical engineering lead at AAM, points out in the article, that the ability to replace multiple fieldbuses with a single solution was key to their decision.

On Twitter