By Mike Keightley
The era we are living in will forever be remembered as the dawn of the information age. Our dependency on the transparency of communication, our reliance on standardised systems and the incessant need to innovate is both a boon and a bane.
On the one hand our ability to communicate is enhanced by open platforms such as Twitter and Android. On the other hand, we are left helpless and stranded when our favourite shopping site goes down.
The irony is that although most consumer industries have seen greater transparency, highly regulated industries such as pharmaceuticals, chemical and oil and gas have witnessed the exact opposite. In an attempt to improve safety and minimise people’s exposure to risk, these environments closely monitor the flow of information as well as resources and assets.
It is for this reason that news of Microsoft’s end of life cycle is worrying for those control environments where systems rely heavily on windows products. This isn’t a new problem, however. The ubiquity of standardised proprietary hardware has allowed system architects to use commercial-off-the-shelf (COTS) software for many years.
1. System architecture
The design of industrial systems has evolved significantly over the decades. From Purdue enterprise reference theory in the nineties, to the four-stage modern enterprise control standard known as ANSI/ISA-95.
Level one is the assembly line, consisting of actuation and smart sensing components. Level two is the industrial control layer consisting of distributed control systems (DCS), for continuous production environments such as chemicals and refining.
Batch production environments such as pharmaceutical and automotive, tend to use supervisory control and data acquisition (SCADA) systems, for enhanced visualisation and multi plant management.
Past the control layer we come to level three, the IT layer, and level four, the enterprise resource planning (ERP) layer. It is in these two layers that any vendor bought software such as Microsoft XP would be used.
The enterprise information system (EIS) is responsible for supervising workflows, monitoring databases and shipping schedules as well as managing assets and inventory. It is visualised with graphical mimic diagrams to an operator in the control room. Management information (MI) such as diagnostic and trending data is visualised to an operator on the plant floor via a human machine interface (HMI).
Fifteen or so years ago Unix was the standard operating system (OS), then Windows NT became popular and was eventually replaced by XP. Windows server 2008 has also become popular as a database management tool and many users have heavily integrated it into their control infrastructure.
Some of the more recent OS releases however, have not provided a compelling reason to upgrade. Windows Vista was criticised for issues relating to hardware performance, driver signing security, digital rights management and its high licensing price.
Windows 8, the most recent OS, is overly optimised for tablet and touchscreen use. By relegating the desktop user interface (UI) to an app, it becomes less efficient to use for ‘classically trained’ desk based operators. This leaves windows 7 pro as the only viable mainstream alternative for current industrial use.
This understandable hesitation to upgrade, compounded by the traditional reluctance to change in the industry, has meant that many customers are still likely to be using XP when support ends in a few months time.
2. Security risks
The obvious risk of an exposed system is that it becomes the target of security breaches. The infamous Stuxnet virus, which affected Iranian nuclear facilities, is a fitting example. It is widely believed to have been an attempt by US and Israeli agencies to impede Iran’s nuclear enrichment. The virus, in the form of a malware worm, initially spread via Microsoft Windows to target SCADA software being used on embargoed Siemens hardware.
The point of entry was most likely through the use of infected USB flash drives and the approach was threefold; to attack the Windows OS, the Siemens S7 programmable logic controllers (PLCs) and the Siemens industrial control software.
Although this was a one off, high level attack, the point here is that the IT layer was compromised, and subsequently brought operations to a standstill. The efficacy of penetration attacks on unsupported software would be equally as damaging.
3. Holistic solutions
So what are organisations doing to ensure that security is maintained? Here at Yokogawa we have developed a holistic paradigm which governs systems development. By creating industry standard benchmarks it is hoped that users can move forward with minimal disruption.
To prevent malicious attacks like Stuxnet, many vendors have tried to physically isolate the hardware by using Windows server 2008, which is back mountable. The benefit of this is that the equipment, along with its USB ports, is secured in a locked cabinet.
Although using a server setup physically isolates the hardware, the control network, including the SCADA database and visualisation functionality, is still dependant on Windows server technology. If any part of the IT layer is compromised by a virus or if it simply malfunctions, the entire production process could be disrupted and at worst, come to a halt.
It is for this reason that we have both physically isolated our system and limited our dependency to HMIs running Windows 7 Pro. Although we use server hardware for its ability to be back-mounted, the DCS software consists of a real time operating system, which is used on all workstations, and our SCADA hardware can run on a Red Hat version of Linux.
This allows industrial control systems to maintain continuous production in the event that a Windows based terminal becomes infected or needs replacing. The terminal can be taken offline, replaced by a new one, which is tested and online within an hour. This is not possible with server software, which would need maintenance downtime.
To further ensure that production remains continuous we have added a layer of security between the IT and enterprise layer. This was achieved by developing a dedicated network interface card supporting the Vnet/IP IEC protocol with a guaranteed deterministic response using time synchronised techniques. Typically used as an expansion port for graphics and network cards, our proprietary PCI card contains two Ethernet ports. In the event that the network is attacked or fails, the Ethernet layer becomes redundant and the connection seamlessly switches to the standby port.
The Canadian cyber security and penetration testing firm Achilles, has developed a platform to root out vulnerabilities in control systems, which has increased the robustness of our systems as a result.
4. Turnkey migration
The migration policy of the overall control system is conceived at the beginning of the research and development stage of the product. Yokogawa has a strong lifecycle and migration message to all our existing customers, using three phases of system maintenance results in 30 plus years of support. We start the migration process typically five years before the software end of life. By doing this, customers can expect to build a strong vendor relationship whilst keeping up to date.
Working closely with Microsoft in Tokyo and McAfee antivirus we are able to plan ahead for future developments. To compete with Apple’s Mac OSX, Microsoft will be moving to yearly update cycles with its next ‘Blue’ OS and reduced licensing costs can be passed onto customers. We’ve also signed a deal with McAfee to provide security for our platform, worldwide.
Persuading customers that their unsupported machines need to be replaced requires compelling justification. We offer commercial incentives to upgrade and our development centre in the US works cl
osely with customers to identify their requirements. A global user conference is held every two years, giving users an opportunity to feedback, ultimately helping to inform market trends for technology.
As global networks become increasingly interconnected, the systems that control and run our everyday lives need to provide more rounded and elegant solutions. We have reached a stage where change is no longer intermittent but rather continuous.
The end of life for Windows XP marks the end of an era. The era, which has until now been characterised by short term adversarial supplier relationships, may finally be replaced with better long term success.
About the author
Mike Keightley is systems product manager at Yokogawa. He graduated from Shefield Polytechnic with a Bachelor of Science in Electronic Systems & Control Engineering. His experience is underpinned by his previous roles at British Sugar and British Steel.
Yokogawa’s global network of 88 companies spans 55 countries. Founded in 1915, the US$4 billion company conducts cutting-edge research and innovation. Yokogawa is engaged in the industrial automation and control (IA), test and measurement, other business segments. The IA segment plays a vital role in a wide range of industries including oil, chemicals, natural gas, power, iron and steel, pulp and paper, pharmaceuticals, and food. For more information about Yokogawa, please visit the website www.yokogawa.com.
About Yokogawa UK
Yokogawa United Kingdom Ltd., part of the global Yokogawa Electric Corporation, is a supplier of enterprise technology solutions to the process, manufacturing and utility sectors. The company is a technology and market leader in instrumentation and control, and holds many key patents and national and international approvals. Yokogawa United Kingdom’s offices are located in Runcorn and Aberdeen. For more information about Yokogawa UK, please visit the company’s website www.yokogawa.com/uk.