Industrial cyber security compliance & enforcement

Cyber security is now becoming a hot topic with users and vendors of industrial Analytical Instruments. The big question is, "Will cyber security investments be made by companies without legal enforcement?"

 

ISA's Automation Week 2013 hosted an Executive Panel on cyber security challenges for industry in Nashville, TN on November 6, 2013. The moderator of the panel was Brigadier General Rudolf Peksens, who is retired from the US Air Force. General Peksens told the audience that the Automation Software business is involved in cyber security conflicts whether we want to be or not. He framed the situation that industry now faces as the “bits and bytes” of IT systems have been weaponized and are penetrating critical networks at will. The threat is significant, documented and growing.

 

U.S. Federal Government

 

Samara Moore, National Security Council, Director for Critical Infrastructure, discussed cyber security and reinforced the compelling cyber threats across the United States and the world. She noted that the threat is becoming broader and more diverse. As we continue to leverage technology for efficiency and productivity, we require more system connections that increase the exposure to cyber threats. In addition, the threats are becoming more sophisticated and increasingly more dangerous. Moore spoke about the U.S. Presidential Executive Order 13636 that was announced in President Obama’s 2013 State of the Union address and signed on February 12, 2013.  The Order calls for the development of a national cyber security framework that includes “standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks,” and “help owners and operators of critical infrastructure identify, assess, and manage cyber risk.” The National Institute of Standards and Technology (NIST) and the U.S. Department of Commerce are charged with developing the framework and engaging the private sector in guideline development.

 

On October 28, 2013, NIST released a preliminary cyber security Framework. On October 29, 2013, NIST announced a 45-day public comment period on the preliminary Framework in the Federal Register. Comments were due by December 13, 2013. The goal is to motivate and drive industry to action resulting in system and network security and resiliency. The intent is to develop a technology neutral voluntary cyber security framework.

 

The Automation Federation, part of the International Society of Automation (ISA), has been deeply involved in the workshops and the ISA99 standard is cited in the preliminary cyber security Framework as a key standard. The ISASecure Embedded Device Security Assurance (EDSA) certification program is currently available. A few leading suppliers have certified their Digital Factory to this standard, but many others have not.

 

Moore also discussed efforts that are exploring possible incentives for companies to implement cyber security, including federal procurement and grant incentives.

 

 

It appears to me that building cyber security compliance and culture has a strong similarity to the application of training, best practices, devices, systems, and procedures needed to meet plant/machine safety goals and requirements. Today, it easy to forget that it took the force of law and the threat of fines to foster a culture of safety investments and industry practices. Remember that the United States government established the Occupational Safety and Health Administration (OSHA) under the Occupational Safety and Health Act, signed into law December 29, 1970. OSHA was empowered to levy fines for non-compliance and, over many years, safety has become ingrained in the industry. Ultimately industry started to reap the returns from safety systems and understand the value, including increased productivity. Hopefully, industry professionals have matured enough to embrace cyber security measures and reap the benefits.

 

Brigadier General Rudolf Peksens voiced his concerns about the possibility of a cyber-Pearl Harbor if industry does not act. I certainly share those concerns. After following cyber security issues for a long time, I believe the "big game" has not started yet. Adversaries are just learning, poking and gathering data. Winners of classic military battles generally get good reconnaissance and probe at their opponents' defenses before launching major attacks. To carry the war analogy further, there are typically campaigns with many battles.

 

Users and vendors should not be over confident about their cyber protection without kicking hard against their products and systems. I have not been seeing new industrial controllers, software, and networking protocols that are inherently designed for cyber protection and mitigation. The answers today are add-ons, firewalls, and services that have their place in the scheme of things.

http://en.ofweek.com/automation-news

American Midstream is using the FLOWCAL Enterprise software

Flow-Cal implemented FLOWCAL measurement software solution in the American Midstream Partners office in Houston, Texas. American Midstream is engaged in the business of gathering, treating, processing, fractionating and transporting natural gas.

 

American Midstream is using the FLOWCAL Enterprise software to create efficiencies and streamline measurement processes. The Wireless Communication, available in Enterprise version 8, combines numerous measurement areas into a single database. This consolidation allows American Midstream to handle both their regulated and non-regulated pipeline data in the same database by creating multiple secure environments with independent configuration.

 

Chris Thomas, Director of Information Technology at American Midstream says, "FLOWCAL is one of the process improvements we are implementing to provide a high level of confidence in our data, which will allow us to be more efficient in our operations. With the Servo Control system extension, we will be able to manage our assets separately without having to manage multiple instances, resulting in improved operations and a higher level of data integrity."

 

For an additional level of confidence in their system, American Midstream is utilizing Flow-Cal’s Remote Managed Services (RMS). With RMS, Flow-Cal’s system experts remotely monitor the FLOWCAL system, performing administration, patch installation, and upgrade Sensor services. In addition, RMS provides performance analysis reports and system updates. While having a full IT staff, RMS ensures the Company's FLOWCAL system is always operating at maximum efficiency.

 

Flow-Cal's Enterprise system links larger, more complex operations to one central system, providing a common user interface to consolidate, review, validate, edit, store and report EFM data. Flow-Cal’s advanced data validation and editing features automate field data processing, producing fast, accurate and auditable results that meet or exceed all industry standards.

http://en.ofweek.com

Transmitter Chip Boosts Optical Fiber Capacity 10X

Increase fiber optic capacity in existing networks by 10-times just by switching to a new kind of transmitter -- that's the claim of a research group at EPFL (École Polytechnique Fédérale de Lausanne, Switzerland). Using sinc-shaped Nyquist pulses, information can be encoded on pulses that overlap in the time domain and use a minimum of spectral bandwidth, thus maximizing optical fiber, according to the EPFL research team of Camille Brès and Luc Thévenaz.

Other groups have tried to produce Nyquist sinc pulses to minimize inter-symbol interference, but had to resort to complex signal generators. Brès and Thévenaz claim their spectral synthesis technique works better, plus is the only one that will be easy to implement for commercial optical fibers.

"We synthesize a spectrum that gives the perfect pulse shape. We do it by using a simple intensity modulator to generate a set of spectral lines, regularly spaced and showing exactly the same amplitude and the same phase. This gives automatically in the time domain the sinc pulse shape," Thévenaz told us. "This is very simple and straightforward, but nobody thought to do it this way before."

The EPFL team claims that in the lab a laser and a modulator -- to produce wide-spectrum pulses -- are all that's needed to generate Nyquist pulses that are 99 percent perfect.

The researchers claim that designing a transmitter chip that realizes their encoding technique should be a straightforward exercise for optical fiber manufacturer, and would include "the modulators required to generate the square shaped spectrum and a set of short delay lines and modulators to generate data sequences and to interleave them in the temporal sequence, to increase the data rate," said Thévenaz.

The spectral synthesis technique -- which produces a rectangular-shaped, phase-locked frequency comb -- could also be useful in other fields, according to the researchers, including microwave photonics, light storage, and all-optical sampling.

http://en.ofweek.com

2013 Report on the International Medical Power Supply Market

This report categorizes the market into three broad segments - by technology, by type, and by application. The market, by type, includes enclosed, open frame, external, configurable, and encapsulated power supplies. Enclosed and open frame devices dominate the medical power supply market. The external power supply market is expected to grow strongly in the coming years.

The application market is broadly categorized into diagnostic equipment, medical monitoring equipment, home patient care equipment, dental equipment and surgical equipment. Diagnostic equipment power supply dominated the market in 2012, followed closely by medical monitoring switch mode power supply market.

MRI and ultrasound are the largest segments marking the growth of the diagnostic equipment power supply market. The home patient care power supply application is expected to spur the demand for power supplies in the coming years. PAP devices, ventilators and dialysis devices constant current power supply are expected to boost the market in the coming years.

http://en.ofweek.com

Were Fiber Optic Cables Key to the NSA Snooping

optical fiber have proven a spectacular idea, bringing out Internet access and the like not only to places that formerly couldn't get access to same, but also better and faster Internet access as well.

 But there is something of a darker side to fiber optics, as was suggested by those familiar with Google and Yahoo's overall infrastructure: it may have been the optical fibers that allowed the NSA to perform some of its recent snooping operations, essentially bringing a modern-era twist to familiar old methods.

Essentially, say those reports, the NSA may well have simply pulled an end run around the major Internet companies and snooped simply by tapping in directly to the cables that provide the backbone to connect data centers worldwide. Several companies own such backbones, including the BT Group, the Vodafone Group, Verizon Communications and Level 3 Communications, and it was Level 3 that found itself perhaps most under the gun in the wake of the incidents.

It can't be definitively said just how the NSA actually did the job, but it does seem—at least to some—like the most likely point of entry. Data centers at the major Internet companies are protected with a sheer elan that might make Daniel Ocean swallow hard; heat sensors, iris scanners, and full-time security are just part of the package. But the cables connecting the data centers are said to be much different, sending unencrypted information downstream and posing a much easier potential target. In fact, both Google and Yahoo have recently been spotted saying that data sent on said cables is now encrypted, and reports suggest Microsoft is at least considering doing likewise.

Such a move, meanwhile, would have a nice slug of precedent behind it, as back in the 1960s, the United States engaged in a project going by “Echelon,” in which voice, fax, and even data traffic on optical fiber manufacturer—as well as by satellite and microwave—were targeted. The arrival of the Internet only complicated matters, but at the same time made the potential prizes much richer in terms of information available. The Internet's largely global, nature made issues of domestic surveillance somewhat moot, since domestic and international communications were effectively entwined.

Level 3 Communications, meanwhile, is perhaps the largest such traffic-carrying network out there, making it a prime potential target for snooping. Though it's unclear if Level 3 was voluntarily handing over information, reports suggest it may not matter what Level 3 did, as it was entirely possible that the NSA and similar could just proceed downstream and gather what data it liked. Verizon's CEO, Lowell C. McAdam, also threw in some comment on this issue back in September, saying “At the end of the day, if the Justice Department shows up at your door, you have to comply. We have gag orders on what we can say and can’t defend ourselves, but we were told they do this with every carrier.”

http://en.ofweek.com