7 minute read
NEWS
Is a Retrofit the Right Option?
By David Miller, Senior Technical Writer
With many reporting that a timely return-on-investment can be di cult to achieve due to the large upfront costs Industry 4.0 initiatives sometimes require, retrofitting is often floated as a powerful first step toward digital transformation. Not only does retrofitting older equipment facilitate a “step approach,” to digital manufacturing—it also allows operators to develop small use cases that increase their familiarity and confidence with new technology. As a result, initiatives that begin with retrofits often evolve into larger, more wholesale transformations.
However, whether or not a retrofit is the right solution and what type of retrofit should be pursued is not always clear cut. To help end users parse through the various considerations that need to be made, Automation World recently spoke with Brian St. Jean, presales system engineer at Paessler, and Markus Mediger, product manager at Paessler. Paessler provides monitoring software and partners with companies that carry out retrofits.
According to St. Jean, the first question operators should always ask is whether or not retrofitting a piece of equipment is the right approach to begin with. As an example, he references a glass manufacturer that was looking to measure the amount of materials being processed to improve throughput. However, on closer examination it became clear that, rather than retrofitting the equipment responsible for these tasks, merely monitoring the operational environment proved far more beneficial to the company’s bottom line.
“The questions you want to ask are where are you trying to go, where are you now, and what information do you need,” St. Jean says. “Then you can start thinking about how to get there.”
For this reason, it’s important to conduct a careful cost-benefit analysis before rushing into a hasty retrofit that might not, ultimately, be worthwhile. For instance, pulling more sensor data from an isolated pick-and-place machine into a monitoring system may seem like a straight-forward prospect, but if the end-user needs to open up the equipment and add new sensor or data collection components, it could void the machine’s warranty and may cause confusion or other di culties when maintenance professionals service the machine.
In addition, St. Jean recommends weighing the degree to which an asset is mission critical when considering a retrofit.
“A lot of times a factory has multiple pieces of equipment that do the same thing,” he says. “In those cases, you don’t want to spend too much money monitoring them because if one goes down you have two or three others that can pick up the load. It’s not a bottleneck situation.”
And while identifying the appropriate business case for a retrofit should be end-users’ first priority, individual pieces of equipment may also face technology barriers. For example, some older machines may use proprietary systems that do not allow information to be shared through anything other than an onboard human machine interface (HMI).
“When we talk about machines that have proprietary maintenance interfaces that use some kind of serial data meant only for vendor-specific devices, we need to build a custom connector that can translate that serial data into some kind of information technology connectivity,” Mediger says. “It’s probably going to be very di cult for us to do.”
Ultimately, when the business case is correct and the technology a ords it, a retrofit can be a highly advantageous option. Due to the increasing availability of intelligent sensors that allow multiple di erent process variables to be monitored simultaneously, more data can be attained at a lower cost. Still, according to Mediger, retrofits cannot serve as a substitute for more holistic digital transformation e orts.
“Before you get into these big, complicated investments that come with moving toward Industry 4.0 for flexibility and reconfigurability, retrofitting is a good start to optimize machine health or manufacturing processes. You can gain a lot from a retrofit without a big investment,” Mediger says. “But once you start thinking about scaling to the entire shop floor or introducing a greater variety of products and flexibility, you’re going to need to make a more serious investment if you want to modernize.”
Premium performance, without premium prices
The CX52x0 Embedded PC series for PLC, motion control and IoT
With the CX52x0 Embedded PC series, Beckhoff offers a cost-effective hardware platform for universal use in automation and IoT applications. The two fanless, DIN rail-mountable versions offer users the high computing and graphics performance of the new Intel Atom® multi-core generation while greatly reducing heat dissipation. The basic configuration includes a direct I/O interface for Bus Terminals or EtherCAT Terminals, built-in IoT and cloud capabilities, two 1,000 Mbit/s Ethernet interfaces, a DVI-D interface, four USB 3.0 ports and a multi-option interface that can be equipped to accommodate a wide range of fieldbuses.
CX5230: Intel Atom® x5-E3930, 1.3 GHz, 2 cores CX5240: Intel Atom® x5-E3940, 1.6 GHz, 4 cores
3 Common Attack Vectors for Industrial Control Systems
By David Greenfield, Editor-in-Chief/Director of Content
It’s been nearly impossible to miss all the news about the uptick in cyber-attacks on the manufacturing and processing industries over the past few years. This recent uptick is not a surprising development, however, even though most manufacturers have faced fewer attacks compared to more consumeroriented businesses.
One reason for the lag in attacks on industry was due to many hackers’ lack of familiarity with the industrial control systems (ICS) used in both the discrete manufacturing and processing industries. As a result, most business-focused cyber-attacks centered on breaches of enterprise IT systems, with which most hackers were already very familiar.
But when you consider the high profile and revenues of many industrial companies, coupled with the potential for significant business and community disruption made possible by attacking a company’s ICS, the incentive for hackers to become more familiar with ICSs was evident. Essentially, it was only a matter of time before industry became widely considered a target-rich environment for cyber criminals.
While plenty of advice exists for industrial companies around how to secure their ICSs, it’s also important for businesses to be aware of the principal types of cyber threats they’re most likely to face.
Prominent sources of attack
Craig Young, principal security researcher at Tripwire, a supplier of industrial cybersecurity, points to three sources of cyberattacks that industrial companies should be most aware of due to their potential to cause major disruption:
A disgruntled insider: “The most critical threats often come from within an organization,” says Young. “This is especially true in ICS environments where employees have access to plant controls and deep knowledge of operational processes.” Young cites the Oldsmar, Fla., water treatment plant attack as an example of what is widely considered to have been a breach conducted by an employee. This attack is considered to be an inside job because the hacker(s) used “a legitimate company TeamViewer account, combined with apparent knowledge of the company’s humanmachine interface,” said Young.
To limit the threat of insider attacks, Young suggests enforcing access controls and limiting administrator access. He adds that practicing strong password hygiene—like requiring multi-factor authentication, forced password expiration, and forbidding password sharing— are also beneficial.
A ransomware gang: Young says ransomware is commonly introduced to an ICS network in one of three ways: a phishing attack that targets employees; compromising an industry website that users may frequently download from; or by targeting VPN portals or other externally exposed IT infrastructure.
“The best way to protect against a ransomware attack is to employ security best practices, including vulnerability management,” says Young. “Attackers often scan the internet for targets rather than identifying a specific target and evaluating its network space. Therefore, network administrators need to be aware of vulnerabilities in externally exposed systems such as VPN portals and mail gateways.”
He also noted that it’s important to strengthen internal security by limiting VPN access and restricting access between unrelated servers. And, as with the remedies suggested to prevent insider attacks, limited permissions are key in this instance as well.
“Users should not have access to a system unless there is a specific business need,” stresses Young.
Advanced persistent threat: Because several high-profile ICS disruptions have been attributed to malicious hackers working for foreign military or intelligence agencies— such as the Triton and NotPetya attacks—it is “hard to understate the potential impact of a wartime ICS cyber incident,” says Young. “In addition to impacting the physical safety of plant workers and local communities, attacks can lead to long-term failures, including disruption of electricity, water, fuel, and other municipal services.”
In addition to the best practice security controls noted above, Young recommends accessing resources like ATT&CK and D3FEND— organizations that help industrial companies learn about known adversaries and how they operate. “This is critical for making informed decisions on how to not only reduce the risk of intrusion but also impede an attacker’s lateral movement while increasing the defender’s chances for detection,” says Young.
