New GM for SolutionsPT

AAEAAQAAAAAAAAgMAAAAJDE0N2FlYzEwLTMwMzUtNDVkOS04MzgyLWM4MWIzMGRlMTJhNQIndustrial IT provider, SolutionsPT, has announced the promotion of Sue Roche to General Manager. SolutionsPT specializes in providing industrial IT services to assist manufacturers in improving operational efficiencies, through operational intelligence, disaster resilience, cyber security and mobile technology solutions. The company is also the sole-authorized distributor in the UK and Ireland for Schneider-owned Wonderware.

Sue, previously Business Unit Manager of the SolutionsPT Wonderware UK & Ireland division, will assume full responsibility for all of SolutionsPT operations and will report directly to the Board, whilst retaining her position as lead on Wonderware UK & Ireland.

Sue has been with SolutionsPT for eight years and has played a key role in shaping the company’s evolution from traditional SCADA provider, to industrial IT experts capable of providing fully integrated industrial hardware and software solutions.  Her appointment as General Manager is part of the SolutionsPT market strategy to go ‘beyond HMI’ and deliver solutions which embrace cloud, mobile and virtualization technologies to meet customer requirements for high availability and resilience.

Sue has presided over Wonderware UK and Ireland during a period of substantial growth for the business which has seen it take on a number of significant projects for both new and existing clients, adding some of the largest and most influential businesses in the UK to the company’s books. This has included a major sales expansion with a leading water and wastewater customer, whilst significantly growing the company’s presence in the dairy sector.

Sue said SolutionsPT is firmly focused on continuing this growth and working with Wonderware parent company Schneider to become the UK and Ireland’s leading SCADA and industrial IT supplier.  She said: “We’ve had some fantastic wins over the last few years and have expanded into new sectors such as Infrastructure as well as growing our presence in key markets such as Food and Drink and Life Sciences. Wonderware will continue to be at the centre of our offering but we believe that our complementary industrial IT expertise, which includes mobility, cyber security and a managed service offering, will enable us to work with clients and the Systems Integrator community to deliver a holistic solution capable of delivering real efficiencies.”

(c) http://www.ProcessingTalk.info

Advertisements

Yokogawa and Cisco Deliver Cybersecurity Solutions for Shell

Yokogawa Electric Corporation has announced a collaboration with Cisco Systems Inc to deliver the Shell SecurePlant initiative for Shell worldwide. SecurePlant is a comprehensive security management solution for plant control systems that was jointly developed as an initiative between Cisco, a leader in the IT industry, Yokogawa, a leader in mission-critical plant automation systems, and Shell. The three companies have agreed to proceed over the next three years with the implementation of SecurePlant at around fifty Shell plants globally.
Industrial producers around the world face a wide range of operational challenges in areas such as cybersecurity that pose a pervasive threat to safety and availability. Most companies with global operations, however, still take a relatively simplistic plant-by-plant approach, such as implementing operating system security patches and anti-virus pattern file updates. As a result, security levels tend to vary at each plant.
In the general practice of control system security management, individual control system vendors extensively validate security patches and anti-virus pattern files to confirm that they do not interfere with system operation, and then report the results to their customers for implementation. Since plants tend to use a variety of control systems and equipment from different vendors, occasionally with multi-generation platforms from a single vendor, this process is often complicated. For this reason, plants increasingly have a need for plant-wide integrated services that take a more holistic and efficient approach to the management of system security. With the aim of standardizing security practices at Shell plants around the world and minimizing control system vulnerability, Yokogawa and Cisco collaborated on the design of the SecurePlant service and will jointly provide deployment and operational services.
The SecurePlant solution is designed as a standard solution that consists of the delivery of OS patches and anti-virus pattern files for control systems and the provision of real time and proactive monitoring of solution delivery, as well as a help desk operation to manage this solution.
Supplier-certified Windows security patches and virus signature files are distributed from a SecureCenter to the SecureSite at each plant via Shell’s existing global network. The real time and proactive monitoring capabilities enable the centralized management of plant security. A customer help desk operated jointly by Yokogawa and Cisco is available 24/7/365 to manage solution related incidents.
Moving forward, Yokogawa and Cisco will continue to offer comprehensive security solutions involving the deployment, operation, and monitoring of control system environments. These services are applicable to plants of all sizes in a wide variety of industries, including facilities spread out over a large geographic area. In addition, both companies will leverage their technologies and experience to develop deep industrial automation (IA) solutions such as remote system maintenance, remote plant asset management and Big Data on the top of a secure remote access platform to help companies in making faster decisions, reducing total cost of ownership (TCO), and achieving operational excellence.
This press announcement was made at the ARC Forum in the USA on 10 February 2015: this year sees the 100th anniversary of the founding of Yokogawa.

Yokogawa recovery is now completed

The recent Yokogawa User Conference in Berlin was reported in the INSIDER Newsletter July 2014 issue, showing a major emphasis on wireless systems, and the addition of new wireless sensors, for example for flammable gas alarm applications. The Berlin conference was the first significant Yokogawa European event since the Nice User Group meeting in November 2012, and so gave a good opportunity to talk to the management and assess how the business has reorganized and progressed over the few years. The overall impression is that Yokogawa is back to full health, so the major players need to move over.

The problems of the last five years.

The group has had a hard time over the last five years, following the world-wide recession and then their poor financial results in 2009. Then Japanese factors affected the Group badly, with the rise of the Japanese Yen reducing the competitive position – because of local production and group HQ costs – and the country then faced the impact and aftermath of the Fukushima disaster. Some of the Test and Measurement Division businesses were sold off, realizing some capital, and the company structure has been rearranged: jobs and resources were re-allocated. Wound around this, the wireless standards ‘war’ between ISA100 and WirelessHART, where Yokogawa for a long time took the brunt of the problems, and presumably had to help in the process of finalizing the ISA100 standard into a workable form: at least this is now completed, and consequently Yokogawa is the leader in the ISA100 field.

Recovery factors

Perhaps the major market factor that aided the Yokogawa recovery was the growth of the LNG liquefaction and shipping activity around the world, since is this an area where they have significant expertise and have a large market share compared to the other majors. Currently there are continuing LNG projects, the Japanese Yen has returned to the historic level of ¥100=$1, and over some years the production facilities have been diversified, reducing the concentration in Japan.

The flow company, Rota, has always been headquartered in Europe: now the special custom assemblies of complete analyzer houses are also built in Europe and the USA, plus the latest LNG project on the Yamal peninsula in Russia will be engineered from Europe. In a discussion at their Berlin conference, Yokogawa president and COO Nishijima san reminded me that they already had two established manufacturing joint venture companies in China, manufacturing transmitters and flowmeters, and the DCS systems plus other measuring instruments are built in Indonesia, with general pcboard manufacturing in Singapore. Nishijima san also commented on the need for local manufacture in the USA to provide the fast lead times required in that market, so we might see investment in a new production assembly venture there.

The next steps – with wireless

The Berlin conference showed that Yokogawa is building on their ISA100 position, and is seeking other add-on wireless sensor technologies to increase their ‘in-house’ capability. This might be by using their add-on wireless adaptor/interface, to existing mains powered sensors. It looks like a good relationship has developed with GE Bently Nevada, and corrosion and intrusion detection sensors might be next, with maybe fire detection sensors to go alongside the GasSecure flammable gas detectors on offshore platforms. Dräger, the specialists in oil and gas safety technology, were one of the major sponsoring partners of the Berlin conference, and also presented a talk discussing fire detection, using visual flame detection systems.

Nishijima was appointed President in February 2013: in April 2013 Herman van den Berg was appointed European President, and in December 2013 Simon Rogers was recruited as the head of the UK operation. Van den Berg, probably in common with Chet Mroz and others in the USA, has been burning up the air miles to Japan over the past 18 months, as a part of planning the recovery of the business. In fact there was an acquisition in March 2013 of Soteica Visual Mesa, marking an entry for Yokogawa into energy management IT services. Nishijima san sees further alliances and even acquisitions as an important route for Yokogawa to consider, to achieve the future growth his shareholders expect to see, and the current improvement in debt/equity ratio and normalization of the company share status makes this much more possible.

DCS and software developments

The major existing DCS developments have involved cyber-security improvements, probably in conjunction with McAfee after the February 2013 announcement, and ISAsecure certification for ProSafe RS. Additions to expect in this area are augmented reality added onto the displays, and compatibility with virtual servers. Yokogawa sees major business expansion potential in providing IT techniques and services for their IA customers, as a continuing service activity.

Examples quoted were CMMS in the cloud, which is already being offered as a service in Japan, and a software service called iMaintain, jointly developed and installed with Akzo Nobel in Germany: plus there is also their RigRider drilling procedure software, as reported from the Offshore Europe Expo in the newsletter last September. iMaintain enables client engineers to access device live data and history via a tablet on site, after reading the device ID locally using OCR. The iMaintain server accesses the DCS via an OPC link, to get current data, but can also call up device notes previously recorded, and also the instruction manual. A similar service offering is the Sotieca VisualMesa energy management system, which can suggest fuel and operational changes that will run plants such as refineries at minimal cost. One example of this is a recent project for the BP Lingen refinery in Germany: the system is in use in around 70 sites in refineries and petrochemical plants in the EU and North America.

The R+D activity on instrumentation also continues….

In the area of field instrumentation, continuing development will be seen following their strategy of having a two tier offering, featuring a top of the range unit backed up with a lower cost unit aimed at lower specification requirements. This has been seen with the EJX and EJA-E pressure transmitter, and the Admag AXF flowmeter, with the RXF unit typically for water industry applications. A new version of the TDLS combustion gas analyzer will also be launched soon. The activity level in this area of R+D is significant, with typically 400 to 500 new patents generated in a year.

Nick Denbow

The INSIDER Newsletter covering industrial automation and control is a Spitzer and Boyes publication, see http://www.iainsider.co.uk

Thales promotes Cybersecurity business line

The following review article was published in the May 2014 issue of the INSIDER Newsletter:

The Thales Group occupies one of the major office developments on the outskirts of Basingstoke in the UK: the building was known for many years as Thales Missile Systems, from the name on the outside – it was not a company that immediately sprung to mind as an expert in control systems and information technology. Over the past year the attitude from within Thales seems to have developed, and has recently seen much more information flow in press releases and meetings discussing their business. Last autumn saw the launch of a new ‘Cyber Integration and Innovation Centre’, and the associated business activity, housed within this building, a GBP2m ($3.2m) facility with fully isolated and screened computing laboratories, designed to allow improved cyber security and testing for critical national infrastructure, governments and companies.

Screened, because the centre has over 6000 pieces of computer malware, that can be used to test mirror copies of client networks, and where managed cyber-attacks from one lab onto an adjacent lab can be used to train staff how to protect systems, spot vulnerabilities and respond to breaches, including mass ‘Denial of Service’ (DOS) attacks.  “We can model networks for clients in a safe environment so we can upgrade, update and change things before they go live. This is particularly important in safety critical industries, such as a nuclear power station,” said Sam Keayes, a Thales vp, now presumably within a new business division formed recently known as the Critical Information Systems and Cybersecurity business line. Using equipment and technology from strategic partners like Spirent, Encase, FireEye and Mandiant, Cevn Vibert, the centre manager, commented that Thales experts can pick up and mirror a site computer system, bringing the whole infrastructure back to the lab, to stress test it against cyber-attack, jitter etc. This is a very necessary service when Thales systems run the majority of the world’s air traffic control, and their encryption is used to protect 80% of the world’s bank transactions, which include 3.7Bn transactions per annum via BACS.

Thales is a French owned group, which was originally called Thomson-CSF. The only slight problem with the simpler name is that it is pronounced “Talliss”. Their acquisition of the original business of Ferranti Computer Systems allows the claim that they have been providing technical support for the UK fleet of nuclear power stations for the last 25 years, which is a continuing responsibility, as the service life of these stations continues to be extended.

Based on Ferranti expertise

Here I have to admit that even your editor is not old enough to know the history behind some of the businesses that make up the current Thales Group. For that sort of archival knowledge we have to go back to Wikipedia, and even to Andrew Bond, the Founding Editor of the INSIDER, who remembers the original UK based DCS manufacturers and vendors from the 60s and 70s – Ferranti, Kent and GEC Elliott.

Ferranti was formed in 1882 as Ferranti, Thompson (yes- that Thompson) and Ince. Much later the company played a major part in WW2 in the development of radar, and gyro gunsights for the Spitfire. In 1949 they produced their first multi-input battlefield situation information system. At the same time they started to develop computer systems: eventually the Government under Tony Benn organized an industrial consolidation which led to the set-up of ICL, International Computers Ltd, in 1968. This deal restricted Ferranti to the industrial computing market, rather than the commercial, and Ferranti developed the Argus range. In 1987 Ferranti purchased International Signal and Control (ISC) in the USA, a defence contractor, whose business turned out to have been based on illegal arms sales. ISC was prosecuted for fraud, and this forced Ferranti into bankruptcy in 1993.

The Ferranti Computer Systems operations were acquired out of administration by Syseca, the IT arm of the French Group Thomson-CSF. Thomson then changed its name to Thales, and Syseca became Thales Information Systems.

The other UK producers 

Andrew Bond sees the rest of the UK history of DCS manufacturers as intertwined with the career of the late Tony Benn MP, who became Minister of Technology in the Labour Government of 1964-70, and secretary of State for Industry from in the 1974-79 administration. George Kent needed rescuing in 1974, possibly because of the strains of the investment in their new DCS, the P4000, and Benn wanted Arnie Weinstock’s GEC to take them over, out of the two options available: but his worker democracy approach backfired, and the workers voted to opt for Brown Boveri, as a better choice for their new owners. Following the Brown Boveri merger with ASEA in 1988, the P4000 became just another of the original control systems within the ABB group.

Meanwhile GEC under Arnie Weinstock was not enthusiastic about process instrumentation or automation, and already had business links with Fisher valves, so with Benn’s encouragement put all the GEC automation interests into a joint venture with Fisher, which included their own DCS and the systems made under license from ICI, Imperial Chemical Industries, which they had developed for their own plants. GEC had acquired the Elliott Brothers business within English Electric in 1968. Monsanto had acquired Fisher Controls in 1969, and much later sold the business to Emerson in 1992: at some time in this period Weinstock backed out of the JV and sold out from any involvement in process automation.

Ferranti Argus computers

The Argus was first developed for military duties – in 1958 used for the ground-based control of Bristol Bloodhound missiles – and were also offered as industrial control computers from the 1960s into the 1980s, for factory and plant automation. They were widely used across Europe and in the UK: typical installations for the Argus 500 were in chemical plants for process control – and nuclear power stations, for process monitoring. The first such Argus sale in 1962 was to ICI, for a soda ash and ammonia plant in Lancashire. Another significant application was for Police command and control installations, where one of the most famous was in Strathclyde: here maps were provided by using a 35mm slide projected onto a VDU screen. The Argus 500 was one of Ferranti’s best-selling products, particularly to oil platforms in the North Sea in the 1970s.

The Argus 600 was an 8-bit machine, and the Argus 700 used 16-bit architecture, whose design started in 1968, and they were in production until the mid-1980s: these are still operational at several British nuclear power stations in control and data processing applications.

Current declared activity

Thales do not mention a significant part of their business activity – a necessary culture, developed over the years since WW2, because of involvement with military projects. This ethos remains, in particular in not declaring where security, cyber-security, and emergency management resources might be deployed, whether military or commercial. However, there is an interesting parallel between Thales and EDF, of France, who now owns all the operational nuclear power plants in the UK. Thales is quoted as a long term delivery service partner with EDF. Following the Fukushima event in Japan, EDF-Energy NGL undertook a rigorous assessment of the resilience of its fleet of UK nuclear power stations, against the highly unlikely occurrence of an extreme weather or other natural event. Part of a suite of safety enhancements resulting is the provision of a mobile emergency response capability that could be deployed should such an event occur.

Thales committed to provide 5 sets of a containerised DCIS (Deployable Communication and Information Systems) for this duty by 31st March 2014. As a nuclear emergency response capability, each DCIS provides a transportable and deployable containerised unit to monitor critical plant systems and relay essential data through a resilient communications network, to provide emergency response decision makers with the information that they need to make the best possible decisions.

Separately, Thales has a co-operation agreement with Schneider Electric for the development of cybersecurity solutions and services to protect command-and-control systems from cyber-attack in customer installations in France. This includes computer attacks launched from plant management systems, unauthorised access across wireless networks and malware introduced via USB memory sticks.

Critical national infrastructure protection also includes work with oil and gas installations, petrochemical plants and pipeline systems. Thales quotes their integrated security protection systems with perimeter and access control, using CCTV etc, for twelve of the SABIC sites, and advise that Aramco refineries have similar high technology systems, supplemented by video motion detectors – the Ras Tanura complex is another site where there is such a perimeter security system.

Crisis management systems

The authorities and forces responsible for public safety and security must contend with increasingly frequent and wide-ranging incidents, from crime and accidents to natural disasters and crisis situations. This is one of the areas Thales sees as a major activity area and strength of their capability. Thales has developed a new solution incorporating the key conventional functions — situation awareness, management of command information and crisis management system resources — combined with new modules, such as advanced decision support and asset coordination. These systems are quoted as deployed in the Ciudad Segura (secure city) project in Mexico, the crowd flow and density monitoring systems in Mecca, and the BDSP public security database for the Gendarmerie Nationale in France, with systems that incorporate the deployment of sensors in UAVs. There are many more examples that cannot be quoted. Whilst in the process industry we are becoming familiar with the iOps concept from Emerson, and the Honeywell Collaboration station, the Thales Command and Control Centre is maybe a couple of grades more advanced.

Part of the suite of labs in the Critical Infrastructure Protection Facility in Basingstoke featured a combined system for perimeter security, CCTV, process control – including a DCS and a PLC (both from well known names) with valves in control loops, fire and gas alarms and access control, which enabled demonstration of the possible effects of a cyber-attack. This has been used to show legislators and management – and train operators about – the vulnerability of such systems. Manager of this facility, Cevn Vibert, explained “Our customers manage mission critical infrastructures and benefit from our holistic integrated security solutions. The market has evolved from discrete bespoke islanded systems to multi-site networked control rooms which require our integrated security techniques. These solutions cover people, operations, security, process, maintenance, business and cyber security for holistic situational awareness. This facility enables Thales to test, educate, demonstrate and explore these innovative approaches to our customer’s real needs.”  It is no coincidence that Thales is exhibiting this part of their technology at International Security and Resilience exhibitions across the Middle East, and are targeting Governments and operators of critical infrastructure projects worldwide.

Regular news on Process Automation and Control topics is presented in the INSIDER monthly newsletter, supplied on subscription by Spitzer and Boyes LLC: Nick Denbow is the European correspondent for the INSIDER. For more information please consulthttp://www.iainsider.co.uk or http://www.spitzerandboyes.com

Good news story on cyber-security vulnerability

In a new post on his blog themanufacturingconnection.com, Gary Mintchell highlights a success story in sorting out a cybersecurity vulnerability. This was perhaps refreshing and unusual in that for once the experts at the security services company who found the problem, IOActive (see http://blog.ioactive.com), and the hardware supplier co-operated positively and sorted out the problem, with patches made available in 3 months.

Gary comments:

“Cybersecurity experts, and especially the media that reports on cybersecurity vulnerabilities, often love to just point fingers at companies. Seldom do they acknowledge a good response.

The IOActive security services company announced on 9th January that it had uncovered multiple vulnerabilities in the Siemens Scalance X-200 Switch Family. These Ethernet switches are used to connect to Industrial Control Systems (ICS) components like Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs). The switches enable remote diagnostics and simplified configuration through a common web browser.

Senior security consultant for IOActive, Eireann Leverett, discovered two vulnerabilities in the switches. Both vulnerabilities were discovered in the web server authentication of the product. The first vulnerability could allow an attacker to perform administrative operations over the network without authentication, gaining access to critical services. The second vulnerability could allow an attacker to hijack web sessions over the network without authentication.

“Siemens ProductCERT were professional, courteous, and did not adopt an adversarial attitude when I contacted them about the vulnerabilities. Consequently, we were able to clarify the vulnerabilities quickly, and they produced a patch within three months,” said Eireann Leverett, senior security consultant for IOActive. “I challenge other ICS vendors to match this timeline for security patching in the future.”

Speedy Response

As soon as IOActive notified the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the vulnerabilities, Siemens ProductCERT wasted little time resolving the issue.

Leverett added, “The speed at which Siemens ProductCERT responded to the notification of these two vulnerabilities is something to be applauded. IOActive has always pushed vendors to respond when they receive notifications on vulnerabilities in their products. Siemens is the perfect example of how companies should respond when addressing these issues.”

Siemens ProductCERT is a team dedicated to accepting and handling security issues and vulnerabilities within their products. They co-ordinate with external and internal security researchers and work closely with the company’s product teams to develop fixes. ProductCERT publish the fixes as soon as they have been tested and credits the researchers who discovered the issues. The very existence of this team illustrates Siemens serious commitment to handling security issues smoothly and quickly.

Siemens has addressed both issues by providing a firmware update for the affected products.”

This sort of story might not make the headlines that the normal cyber-security failures achieve, but such a positive result is well worth repeating, to show that Siemens in particular takes such notifications seriously.

Safety ‘awards’ by exida

None of the many press releases issued by seemingly reputable automation and instrumentation suppliers that relate to awards made by readers of various magazines will ever be found on this website. Nor will the others, issued regularly for various “achievements”, usually awarded by market research companies. These are all tainted with commercial negotiations and bias, and occasionally actually linked to cash transactions.

But where does exida rank in this spectrum of organizations that announce awards for technical excellence? Why would a safety consultancy want to make an award at all? Surely it might make potential clients believe that they would only ever recommend one safety system? This is very difficult to understand. But Emerson, not exida, is now telling us that exida has singled out their system for an award.

The text of the Emerson release says (in italics):

“Emerson’s DeltaV safety instrumented system (SIS) has been granted the 2013 Safety Award by exida, the global leader in functional safety and cybersecurity certification for the process industries. exida recognized the DeltaV safety instrumented system with its safety award for the logic solvers category, citing the system’s Electronic Marshalling and CHARMs technologies. 

“exida recognises the importance of excellence in functional safety,” said William Goble, exida principal partner. “Through extensive analysis of the nominated products, we believe DeltaV SIS with Electronic Marshalling has the ability to play a key role in the continuous journey of making the world a safer place.”

Founded in 1999 and with offices around the world, exida is a key player in testing and assessing automation safety products. The agency is a leading certification body and serves on the international committees that write safety standards.

Goble noted that exida is in a unique position to review safety products from many different manufacturers. The safety award gives the agency an opportunity to recognize products that stand out in meeting functional safety standards. 

“The DeltaV SIS architecture is what I would call a hybrid,” said Goble. “It combines the best attributes of many different architectures into one. Also, its flexible design gives users all the different I/O types they need, and allows them to pick levels of redundancy and safety so they can make trade-offs between costs and the essential parameters of availability and safety.” 

Goble said cyber security is a big consideration – noting it was not even a topic of discussion in safety systems just a few years ago. “It’s something a lot of people are now having trouble retrofitting,” Goble said. “The DeltaV SIS with Electronic Marshalling and CHARMs technology was built with security as an important part of the design.” 

“It’s gratifying to receive this recognition from the experts,” said Emerson process systems and solutions president Jim Nyquist, who accepted the award. “It affirms that we accomplished our goal of reducing complexity while meeting or exceeding the stringent functional requirements of systems safety.”

Two thoughts come to mind, reading the text and seeing the Emerson explanation of what the exida business consultancy does in terms of functional safety. First, if the award is in the logic solver category, how does this relate to the Electronic Marshalling and CHARMS – surely this just routes the inputs and outputs of the wiring to the logic solver. Secondly, where Mr Goble discusses cyber-security, we can accept that cyber security is a big consideration in discussions about safety systems currently: but has exida now developed sufficiently to be a testing and expertise centre in cyber security aspects as well?  Undoubtedly cyber-security is mentioned on their own website introduction. His later statement about DeltaV SIS being built with security as an important part of the design, one assumes is talking about cyber-security, since a safety system by definition has security as a major feature: so how is this relevant to the logic solver award to DeltaV SIS?

I look forward to anyone contributing views in relation to this sort of “award”.

Nick Denbow