Friday, 28 September 2018

Making infrastructure cybesafe

In October 2016, the UK government launched the National Cyber Security Centre (NCSC) aimed at enhancing the country’s ability to deal with cyber threats. The move outlined the growing importance of cybersecurity in both the private and the public sector. 

Here, Nick Boughton, digital lead at systems integrator and industrial cybersecurity expert, Boulting Technology, shares his advice for making critical infrastructure more secure.

The cybersecurity of critical infrastructure and assets has been a growing concern to businesses, consumers and the UK government for a number of years.

Concern is growing alongside the threat of attack to infrastructure systems, which multiplies year on year. As recently as June 2018, software company Symantec discovered Chinese hackers had compromised computer systems operated by satellite operators, defence contractors and telecommunications companies.

The increased threat to infrastructure systems means businesses are becoming warier and many are planning enhanced cybersecurity regimes to counteract the risks.

Arms race
The NSCS complements existing government bodies, including the Centre for Protection of National Infrastructure (CPNI), which was launched in 2007 to tackle threats to infrastructure, including cybersecurity.

As a UK Government authority, the CPNI provides security advice to businesses and organisations working in thirteen national infrastructure sectors: chemicals, civil nuclear communications, defence, emergency services, energy, finance, food, government, health, space, transport and water.

Since the CPNI was formed over ten years’ ago, infrastructure, and the cyber threats posed, have changed dramatically. Almost every one of these sectors now relies heavily on the internet, meaning one attack could affect many critical sectors.

The protection and advice from these government bodies is aiding each of the thirteen cybersecurity sectors to protect their assets in the cybersecurity arms race. In this race, ethical hackers known as white hats are constantly evolving their protection techniques and searching for bugs in software, in order to fix any vulnerabilities before the black hats, or potential attackers, exploit the same flaws. 

One example of a security issue being discovered and eradicated by a white hat is the Shellshock vulnerability, which had the potential to let a developer issue commands to most internet servers. A flaw in a program called Bash, which is a text-based way to run commands on many operating systems, including Linux and Mac, meant code left by another program running Bash could be automatically executed.

This flaw opened the potential for attacks directed at internet infrastructure. Servers running Bash were at risk of leaking usernames and passwords, having web pages defaced, being enslaved into cybercrime or having their organisations’ private information released publicly.

Luckily, the developer who discovered the Shellshock vulnerability was a white hat, who immediately alerted software vendors that were able to patch the bug from their software. Though, as with all vulnerabilities, infrastructure can only be made safe by regular updates, to patch out any flaws such as this one.

Fight for safety
At Boulting Technology, we recommend an end to end cybersecurity approach, particularly for critical infrastructure, where an undetected or unpatched flaw could have a devastating impact.

A survey of the current equipment and software used in any environment must be the first point of call, whether they are working in the water, transport or food processing sectors. Both operational technology (OT) and information technology (IT) systems must be analysed, to ensure the entire plant is as secure as can be. These findings can be broken down into a traffic light system and used to prioritise the steps that must be taken.

These steps can range from finding the most up-to-date security patches for legacy systems that might need manually updating, to reanalysing network permissions. Depending on the findings, these changes might need to be made immediately or could be integrated into the long-term maintenance plan for the plant.

Plant managers are often concerned about the security implications of integrating systems together. While this is one way in which flaws or holes in the cyber protection systems can be created, an experienced and reliable integrator will be able to advise of any potential implications before they arise. That’s why Boulting Technology has formed an alliance with NETbuilder, to ensure its clients receive an end-to-end digitalisation service, assuring plant managers of both the value of the integration and the security of the entire system once it has been completed.

For more information about Boulting Technology’s services, including end-to-end OT and IT integration, visit or call 01925 720090.

Wednesday, 29 August 2018

The evolution of the smart grid

Japan faces a unique power delivery challenge because of its two entirely incompatible power grids. The odd system is a legacy from the 19th Century, when local providers In Osaka used 60Hz generators, while German equipment purchased in Tokyo worked on a frequency of 50Hz. 

Here, Nick Boughton, sales manager at leading systems integrator, Boulting Technology, explains how the timeline of power grid modernization, including the convergence of disparate systems, has led to the evolution of the smart grid.

By the early 20th century, local grids worldwide were growing, driven by the demands of the industrial revolution. Becoming very large, mature and highly connected by the 1960s, power grids were able to be metered on a per-user basis, allowing appropriate billing according to the varying consumption of different users. However, limited data collection and processing capability meant fixed-tariff arrangements were common.

Alongside the less-than ideal billing options, the growing request for power meant supply sometimes outstripped demand, particularly at peak times and power quality became affected. Between the 1970s and 1990s, events such as blackouts, power cuts and brownouts, where voltage is dropped for minutes or hours, were not uncommon in many developed countries.

More recently, from the turn of the century, technology has advanced to a stage where many of these limitations have been overcome. Peak power prices no longer need to be averaged out and passed on to domestic and commercial customers equally.

However, new challenges, including the instability of renewable power, have also become apparent. Concerns over environmental damage from fossil fired power stations and a reluctance to uptake nuclear power has resulted in the use of renewable energy technologies on a large scale.

According to REN21’s Global Status Report, 19.3 per cent of the global final energy consumed was provided by renewable energy, with modern renewables increasing their share to approximately 10.2 per cent. Renewable energy capacity grew through the use of solar photovoltaic cells, while hydropower continued to represent the majority of generation.

Renewable energy is key to fighting climate change, but it does produce highly variable power, which could lead to lower energy margins and potentially even blackouts on cloudy, still days.

These risks, combined with a need for a highly distributed grid with power generated and consumed throughout, has led to the development of smart grids.

The first step in a smart grid upgrade is to improve infrastructure, to produce what China has coined a Strong Grid. Next is the addition of the digital layer, making the grid smart, followed by business process transformation, which is necessary to capitalize on the investment. Nowadays, much of this work is grouped as smart grid upgrades.

The smart grid is the end goal to take advantage of the full suite of features available for power grids. These include state estimation technology, which improves fault detection and allows self-healing and multiple power routes that improve reliability, resilience and flexibility.

Modern smart grids can also handle two directional energy flow, pushing further toward the goal of distributed generation. This is achieved by allowing power from photovoltaic cells, fuel cells and charge from the batteries of electric cars to reverse flow. Two directional flow increases safety while reducing reliability issues in an intelligent manner.

Algorithms can use data fed back to the system to predict how many standby generators will be needed to cope with rapid increases in grid load. This promotes load reduction that can eliminate stability issues.

Smart grids are a natural evolution of the power grid for most countries and an obvious choice for developing countries investing in power infrastructure or upgrading cities to smart cities. The benefits have brought about results in more stable power quality for commercial properties, manufacturers and other industries alike.

Smart grids effectively eliminate or account for many power quality and reliability issues. Despite the many advantages of a smart grid upgrade, Japan’s separate grids might require more work before becoming compatible.

Tuesday, 26 June 2018

Plug and play in industrial plants

Contradictory to the common belief that technology necessary for Industry 4.0 is expensive, the Combine and Conquer report by Accenture found that combining technologies such as AR/VR, big data and machine learning can save large businesses an average of £60,000 per employee. 

Here, Nick Boughton, sales manager at industrial systems integrator, Boulting Technology, explores the growing trend of plug and play technologies. 

Despite Industry 4.0 being far from a new concept, first being coined in 2011 at the Hanover Fair, the long lifespan of industrial machinery and the high perceived costs associated with purchasing smart technologies means manufacturers may still be reluctant to take advantage of the Industrial Internet of Things (IIoT).

A growing trend for many manufacturers looking to ‘smarten’ up their factory and integrate Industry 4.0 technology’s such as remote monitoring and predictive maintenance, is the introduction of plug and play devices. However, with growing concern about vendor lock-in, choosing hardware that is compatible with the existing products within a plant is essential to saving costs in addition to ensuring compatibility. 

Plug and play
Plug and play devices are one way of maximising compatibility between new products and existing systems.

A plug and play device or computer bus has a specification that allows for the discovery of a hardware component in a system without physical device configuration or user intervention.

A multitude of IoT functions are now available with plug and play IoT kits. One popular example is the use of sensors that allow for digital condition monitoring for any kind of machinery. A direct physical attachment means they are able to take measurements such as vibration and temperature to facilitate maintenance plans, without any compatibility complications. 

Because many manufacturers and developers of industrial automation equipment are producing their own devices to fill this market, it can be difficult for engineers to choose the best solution for their plant and application. As industrial machinery often has a long lifespan, for example, a motor control centre can be expected to last for twenty years with the correct maintenance, many plants will be faced with this dilemma each and every time they choose to purchase new equipment.

Universal systems
True plug and play technologies are able to integrate with equipment from all vendors, eliminating any integration headaches and potential issues. They can also deliver a quality and performance that matches plant requirements exactly.

Although the concept of true, open, plug and play technologies might sound idealistic to many, it is a growing trend for many manufacturers of industrial automation solutions, such as intelligent drives and remote monitoring software.

Experienced and independent systems integrators such as Boulting Technology are experts at recommending the best system for a plant’s unique requirements and capabilities. This includes ensuring the seamless integration of plug and play, out-of-the-box systems while retaining the cybersecurity and tried and tested processes from the existing system.

As plants are constantly being upgraded and technology is evolving, the choice of products, services, software and hardware is becoming ever more complicated. Retrofitting existing systems with new sensors and communication software is, therefore, becoming more popular each year, as it is often a far cheaper solution. However, even within the retrofitting sector, vendor lock-in can be an issue.

The choice to retrofit plug and play technology, which requires less complex integration and user training, can continue to ensure cybersecurity through consistent protocols and firewalls. This is proving to be the best solution for many plants as a means of lowering costs associated with industry 4.0.

Friday, 15 June 2018

Protecting utilities

Minimising cyber security threats on industrial control systems 

In 2017, the UK Government proposed the implementation of the Security of Networking and Information Systems (NIS) Directive,  with the aim of improving the security of essential services such as water and energy. Should providers fail to protect their systems, a £17 million penalty could be enforced. Here, Nick Boughton, sales manager at leading industrial systems integrator Boulting Technology, discusses why it is important for utility providers to protect themselves from cyberattacks. 

Plant managers within utility companies are now demanding more from their industrial control systems (ICS) to deliver operational improvements through smarter, information-enabled machines. As a result, the domains of IT and OT are converging and becoming increasingly connected as many ICSs are now overlapping with enterprise systems to provide accessible, secure information that is visible across organisations. With these increased benefits, however, comes a rise in additional security risks.

Typically working on closed, proprietary communication protocols, the migration to open protocols can present several issues, including unpatched software and hard-coded passwords. Robust systems, such as PLCs, were built to last before network connectivity was even considered.

When connecting a legacy system to an open protocol, it is essential that it is done safely and securely. Security patches can be vital in reducing potential cyber-attacks, however many manufacturers forgo their roll out as the associated costs can be high. Every missed patch makes it much harder and more expensive to ensure a legacy system is protected.

It is these risks that the Joint Committee on the National Security Strategy discussed in late May 2018. If ICSs are not protected properly within the utility sector, then it is not just breaches of the GDPR we should be worried about, but the supply of water and energy.

There is no one size fits all solution to protecting industrial control systems and it shouldn’t just cover the protection of a single system. IT and OT convergence means a holistic approach to industrial security should be taken, extending from a single enterprise system, to the people, processes and technologies within a plant.

In its 2016/17 report, the cyber threat to UK business, the National Cyber Security Centre (NCSC) suggested cyber security is most effective when integrated with risk management procedures.

To give maximum protection against cyber-attacks, a plant must have a robust security framework that encompasses people, processes and technologies. Our alliance with Netbuilder, a leading provider of software and IT consulting services, allows us develop and implement seamless solutions across IT and OT, which have traditionally been managed separately.

While having the latest firewalls, antivirus and intrusion detection software is important, it is redundant if staff are not trained properly. Working with an experienced supplier, such as Boulting Technology, will aid in developing one such framework.

Without a strong commitment to security, manufacturers will fall victim to the many pitfalls faced by open protocols.

Wednesday, 23 May 2018

Retrofitting cybersecurity

In 1982, long before a cybersecurity threat to control system networks was widely recognised, a Trojan horse attack on control system software reportedly caused a huge explosion in a Siberian gas pipeline. Even now, many systems that have been retrofitted for compatibility with the Industrial Internet of Things (IIoT) are not well protected. 

Here, Robin Whitehead, strategic projects director at systems integrator and industrial networks expert Boulting Technology, explains the top considerations to ensure cybersecurity when retrofitting a system. 

Connected devices have led to an increased value on data from real-time monitoring, as well as the creation of initiatives, such as the smart grid, digital oilfield and smart asset management in the water industry. However, these new technologies and applications have also led to a rise in potential security risks within a plant’s network. 

Because very few companies find themselves able to build a new facility from scratch, many plant managers and engineers are choosing to retrofit existing systems with smart sensors and communication packages to take full advantage of the benefits of IIoT.

Many systems such as motor control centres (MCCs) and programmable logic controllers (PLCs) have an expected lifespan of decades and were originally designed to operate in isolation during a time of low cyber-attack risk. Connected devices can create vulnerabilities if substantial security systems aren’t in place.
Just one weak spot in a plant, such as an unprotected PLC can leave an entire network vulnerable to cyber-attack, especially as there are currently no regulations or clear rules about how these networks should be protected.

Research agency Gartner estimates that more than 20 per cent of enterprise security attacks will involve the internet of things (IoT) connections by 2020 and it is safe to assume that many of these attacks will use weak points such as improperly secured MCCs and PLCs to gain network access.

The Siberian pipeline attack is just one example of the devastating effects of control system vulnerabilities.

If a vulnerability is present, an insecure network can allow a threat such as a self-replicating worm to quickly become widespread throughout the facility. 

Legacy systems typically worked on closed, proprietary communication protocols and the migration to open protocols including TCP/IP means security flaws are likely to be found quickly and patched before potential attackers discover the risk. When connecting a legacy system to an open protocol security, patches can be vital in reducing potential cyber-attacks, however many manufacturers forgo their roll out due to high costs and concerns about potential downtime.

Just one missed patch can make it impossible to ensure a legacy system is protected.

Preventing vulnerabilities
Retrofitting existing equipment is the ideal way for many plants to take advantage of IIoT, but care must be taken when implementing older technologies into networks. Continual risk assessments are essential to determine potential points of attack and take all connections into account, predicting the worst-case scenario of a security breach. 

Boulting Technology has a thorough understanding of industrial cybersecurity and works closely with partners to advise plants on the best way to improve cybersecurity for their unique network. 

For a few plants, a complete overhaul of network security may be necessary, for example updating a protocol to one with continued security patches. However, the majority of plants will find that installation of additional software, security patch updates or a top-down study of network connections will be sufficient to bring cybersecurity to the necessary levels.

Cybersecurity is an ongoing concern for any plant as the threat of cyber attack is growing year-on-year and is now significantly higher than during the Siberian pipeline attack in 1982. Additional care must be taken when integrating legacy systems into existing networks. 

Monday, 19 March 2018

Preparing for the future

Exploring the World Economic Forum’s Readiness for the Future of Production report 

In January, the World Economic Forum (WEF) launched its first Readiness for the Future of Production report, which revealed Britain to be one of just 25 countries in a positive position to benefit from the fourth industrial revolution. Here, Nick Boughton, sales manager at leading systems integrator Boulting Technology, explains the key findings of the report and what it means for UK manufacturers. 

Some of the world’s richest and most powerful people, including Donald Trump, Justin Trudeau, Theresa May and Emmanuel Macron took to the snowy Swiss town of Davos in January for the WEF’s annual meeting. Since its humble beginnings in 1971 as a management forum, the event now sees over 3,000 of the world’s leading business, financial and political figures discuss a variety of topics that can aid in improving the state of the world.

As part of this year’s meeting, the WEF launched its Readiness for the Future of Production report, which details a new framework assessing how well positioned global economies are to benefit from Industry 4.0.

The framework is made up of two key components: structure of production, which measures a country’s scale of production and drivers of production, which looks at the key enablers that allow the country to capitalise on Industry 4.0.

Japan was identified as leading the way in current baseline production, while the US is best positioned to capitalise on Industry 4.0 in order to transform manufacturing production systems.

How ready is the UK?
While the UK has a long history of manufacturing, in recent years the industry share in its economy has declined from 25 per cent in the 1970s to less than 10 per cent in 2017. This decline in market share has had a significant impact on jobs and indeed the number of manufacturing facilities around, with many shutting down due to production being cheaper abroad. 

Despite the fall in market share, the UK has a strong ability to innovate and is leading the way in high-tech manufacturing industries such as aerospace and pharmaceuticals. This has led to the creation of the smart factory, where machinery and equipment are able to improve processes through automation. Between January and October 2017, the UK aerospace industry grew by a rate of 9.8 per cent, making it the fastest growing aerospace market among G7 countries.

The pharmaceutical sector is also set to strengthen its position following a period of decline. The recent investment by Accord Healthcare, which opened a state-of-the-art factory in Fawdon earlier this year, creating between 350 and 500 new jobs, is one of many examples of growth in the market. 

The rise of the smart factory has resulted in a definite skills gap, however, with many manufacturers not having appropriately trained staff to capitalise on the benefits of technologies such as robotics. The UK Government has put plans in motion to tackle this issue with the launch of the Made Smarter review, which looks at three of the industry’s key challenges: leadership, adoption and innovation.

Drivers of production
In order to support the development of the global manufacturing industry, the WEF’s report identified six drivers of production that represent the factors and conditions that need to be met to capitalise on Industry 4.0 technologies. These drivers are technology and innovation, human capital, global trade and investment, institution framework, sustainable resources and demand environment.

Drivers of particular importance for system integrators are technology and innovation and human capital.

Technology and innovation
Emerging technologies such as edge computing, digital twinning and virtual reality are reliant on a strong technology infrastructure. While the UK is a leader in innovative technologies, many manufacturers fall at the first infrastructure hurdle due to a lack of connected devices and the ability to effectively analyse and make use of the data produced by their equipment.

With many systems, such as motor control centres (MCCs) and programmable logic controllers (PLCs) having a long-expected lifespan, older devices do not have the capability of connecting to a wider network unless retro-fitted with the appropriate sensors and communication packages.

Once connected, digital security and data privacy can become an issue. To counter this, manufacturers must have a strong cybersecurity policy in place when adopting new technology.

Human capital
People are often critical of transforming production facilities. If the workforce doesn’t evolve, a business has no hope of changing its operations. The introduction of new technologies has led to a change in the skills required by manufacturers, with many struggling to adapt and therefore missing out on the benefits of the Industrial Internet of Things (IIoT).

In the coming years, there will be a further shift in production from labour-intensive roles to those that are more knowledge and skills based. With this shift, fears of job losses have risen once again. According to a YouGov survey, 13 per cent of employers think that more than 30 per cent of jobs will become automated in the next 10 years. While some jobs will be managed by industrial digitalisation technologies (IDT) such as robots, many new roles will be created that are more skills based.

With this in mind, the UK Government’s Made Smarter review will be key to ensuring the manufacturing industry is fully equipped to benefit from Industry 4.0. As new roles are created, the training of new staff and re-training of existing employees will be vital in addressing the skills gap created by the evolution of technologies.

Boulting Technology is tackling the skills gap head on with ongoing training and development for all staff and a robust apprenticeship programme. As new technologies are introduced, it’s important that staff undergo relevant training to effectively incorporate new technology into their work. All Boulting Technology employees are encouraged to undertake continuing professional development (CPD) and are supported by the business to do so.

The Readiness for the Future of Production report and the Made Smarter review will play significant roles for those looking to drive innovation through Industry 4.0. For manufacturers to truly benefit from IIoT technologies, they must transform their internal infrastructure, which includes staff capabilities. By not doing so, the UK’s position in the WEF report will no doubt slip in years to come.

Monday, 19 February 2018

Energy efficiency expectations

According to the Data for the Public Good report by the National Infrastructure Commission (NIC) in December 2017, a digital twin of UK infrastructure is necessary to identify inefficiencies in national energy use. Here, Nick Boughton, sales manager at systems integrator Boulting Technology explains how to manage energy efficiency across sectors. 

Inefficient machinery, which increases wasteful energy use, is a key area of improvement for many businesses, as a way of complying with the Carbon Trust’s Industrial Energy Efficiency Accelerator (IEEA). You can’t manage what you can’t measure, so the first step towards the efficient management of energy is an analysis of unique energy requirements. 

Energy demand
With a few exceptions, such as Liberty Steel in Newport, which renewed its entire production process as part of its green steel strategy, ahead of reopening in 2015, a complete process remodel and brand-new methods are often unrealistic or impossible. It could also be that the result is even less efficient than the process being replaced; because new doesn’t necessarily mean better. Instead, gradual improvements to machinery, maintenance and operating processes are the focus for many engineering and manufacturing directors, with incremental improvement the focus.

Data centres, which traditionally operate using a hot aisle/cold aisle cooling method, have become the infamous energy inefficiency example. In this scenario, server racks are lined up in alternating rows, with cold air intakes facing one way and hot air exhausts facing the other. Typically, cold aisles face air conditioner output duct and hot aisles face air conditioner return ducts.

Optimum server operating temperatures range between 20 and 24 degrees Celsius, but with Moore’s Law stating that processing power for computers will double every two years, the heat produced by the state-of-the-art machinery within data centres will only increase.

For data centres, investing in more efficient cooling methods such as on-rack cooling is necessary to provide energy efficiency, while avoiding equipment damage from overheating. On-rack cooling replaces the back doors of an enclosure with a heat exchanger, bringing the cooling equipment much closer to the heat source. This can eliminate the hot aisle/cold aisle row arrangement as there’s no need to worry about hot and cold air mixing because hot air never enters an ambient space. 

A similar scenario is playing out in manufacturing plants, particularly those embracing industry 4.0 and choosing to use local edge computing rather than making use of the cloud.

Surveys, which provide a top-down approach to ensure no part of a plant is overlooked and no piece of machinery is missed due to oversight, should be carried out regularly by facilities managers to meet energy efficiency requirements.

However, a more specific approach must be taken by energy managers, when a specialist piece of equipment, such as a pump centre is assessed. Boulting has many years’ of experience working with pump centres, including the award-winning upgrade to the Thames Water raw water pumping station at Littleton. The solution implemented increased the site’s performance while making it more flexible, reliable and energy efficient. A complete redesign and manufacture of pump impellers improved pump efficiency, resulting in an improvement from 80 to 87 per cent.

Using their experience, Boulting’s engineers suggest innovative solutions that reduce energy waste. A holistic process, which analyses each plant’s unique requirements, ensures the engineers deliver the best energy efficiency improvements possible, increasing return on investment.

The measures Boulting’s experts apply range from replacing cables or executing a maintenance plan to replacing an essential piece of equipment such as a motor control centre with a smarter model equipped with monitoring abilities

The future
Smart sensors will be installed on much new machinery, as more process plants, data centres and even offices begin taking advantage of the industrial internet of things to deliver a variety of benefits, including remote monitoring and digital twin enabled design. The data captured by these sensors will build on the surveys currently employed, allowing for efficiency decreases to be recognised and counteracted immediately. 

Because sensors will be built directly into components, such as motors, inverters, gears and bearings, manufacturing and engineering directors can sleep soundly, without worrying that inefficiencies are creeping into the application.

Whether the facility in question is a data centre, office or processing plant, the most powerful way to reduce energy loss is through a holistic and overarching process, which can be supplemented by correct use of data from in-built sensors alongside other methods such as surveys and digital twins. In the future, we won’t just see the National Infrastructure Commission (NIC)’s predictions for a digital twin of the UK becoming a reality, we will also see a data-driven approach to maintenance being introduced across the board.