The Next Reliability Revolution Infographic

InCloud Control Infographic

IRP_Market_Impact_Infographic

 

Give Your Data New Life

InCloud Control Intelligent Data Solution

MNF-IRP-WEBgraphic-maginfy

Solving the Analyst’s Data Problem

Recently I have been talking to a number of data scientists and business analysts about what they actually do when performing a new analysis of some nature. Their processes were quite surprising because they were far more data intensive and far less modeling / analysis intensive than I had thought.

 

The Analytic Development Process

Analysts start by thinking about the problem they are trying to analyze.

The next thing they do is go after the data they think they might need. This means determining what data is actually available. Then they work with IT to get access to that data. And finally they pull the data together into some form of a sandbox. They do all of this data preparation work before they start building the analytic model, statistically analyzing the results, interpreting what the results mean for the business and communicating these insights.

 

More Than Half Their Time Spent On The Data!

The data scientists and business analysts will say they spend over half their time addressing these data related activities. This means they spend less than half their time actually doing analysis!  Does that make any sense?

At InCloud Control, our products and services are excellent at helping enterprises simplify and accelerate access to data. Out-of- the-box today we have products for automatically introspecting data sources, discovering relationships and then modeling them as friendly entity-relationship diagrams that are easy for the analysts to understand.

Once the data is identified, our development studio simplifies the building of easy-to-understand views of the data. Next our powerful information server automatically optimizes queries that required data sets. And then depending on the sandbox strategy (physical, virtual, or hybrid), our server can also manage these data sets. And all of this can be done in hours or days, rather than weeks or months in the “old way” using ETL, data replication tools and/or hand-coding.

 

Data Virtualization Speeds the Process, and More

With data virtualization the result is a 2-10x acceleration of time-to-analytic results, which pays off handsomely when analyzing revenue optimization, risk management and/or compliance opportunities.

In addition, the data scientists and business analysts are not only more productive, they are much happier because they get to do more modeling and analyzing and less data chasing. And happier analysts are easier to retain, a key issue given the shortage of analysts today.  Further all of this works with Big Data, traditional enterprise data, external or cloud data, desktop data, and more.

Simple, yet powerful and works for any organization’s IT environment.  Lots of value-add and the users like it too. I think your data scientists and business analysts will find InCloud’s Intelligent Data Virtualization a great solution for their data challenges.

 

Are You A Data Scientist or Business Analyst?

I am eager to continue talking with data scientists and business analysts about their data challenges. Start a discussion track in the comments section below where we can explore things further.

The Attack of America’s Industrial Systems

The Attack On America’s Industrial Systems

 

To show just how vulnerable U.S. industrial systems are, a study was just completed that measured who is attacking and what information they are seeking out.

 

MNF-IRP-WEBgraphic-SCADA

 

Industrial control systems (ICS) are devices, systems, networks, and controls used to operate and/or automate industrial processes. These devices are often found in nearly any industry—from the vehicle manufacturing and transportation segment to the energy and water treatment segment.

Supervisory control and data acquisition (SCADA) networks are systems and/or networks that communicate with ICS to provide data to operators for supervisory purposes as well as control capabilities for process management. As automation continues to evolve and becomes more important worldwide, the use of ICS/SCADA systems is going to become even more prevalent.

ICS/SCADA systems have been the talk of the security community for the past two years due to Stuxnet, Flame, and several other threats and attacks. While the importance and lack of security surrounding ICS/SCADA systems is well-documented and widely known, this talk today addresses who’s really attacking Internet-facing ICS/SCADA systems and why. It also covers techniques to secure ICS/SCADA systems and some best practices to do so.

The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems and office networks and the Internet has made them more vulnerable to attacks.  Consequently, the security of some SCADA-based systems has come into question as they are seen as potentially vulnerable to cyber attacks.  In particular, security researchers are concerned about:

  • The lack of concern about security and authentication in the design, deployment and operation of some existing SCADA networks
  • The belief that SCADA systems have the benefit of security through obscurity through the use of specialized protocols and proprietary interfaces
  • The belief that SCADA networks are secure because they are physically secured
  • The belief that SCADA networks are secure because they are disconnected from the Internet.

SCADA systems are used to control and monitor physical processes, examples of which are transmission of electricity, transportation of gas and oil in pipelines, water distribution, traffic lights, and other systems used as the basis of modern society. The security of these SCADA systems is important because compromise or destruction of these systems would impact multiple areas of society far removed from the original compromise. For example, a blackout caused by a compromised electrical SCADA system would cause financial losses to all the customers that received electricity from that source.

Security in an ICS/SCADA network is often considered “bolt-on” or thought of “after the fact.” When these systems were first brought into service more than 20 or so years ago, security was typically not a concern. Many of them, at that time, were not even capable of accessing the Internet or connecting to LANs. Physical isolation addressed the need for security.

However, as things changed over time, most of these systems’ purposes have been reestablished, along with the way they were configured. A system that used to only be accessible to a single computer next to a conveyor belt became accessible via the Internet, with very little hindrance.

There are two distinct threats to a modern SCADA system. First is the threat of unauthorized access to the control software.  Second is the threat of packet access to the network segments hosting SCADA devices.  In many cases, there is rudimentary or no security on the actual packet control protocol, so anyone who can send packets to the SCADA device can control it.

In many cases SCADA users unaware that physical access to SCADA-related network jacks and switches provides the ability to totally bypass all security on the control software and fully control those SCADA networks.  These kinds of physical access attacks bypass firewall and VPN security.

With so much at stake, the question is – are these systems under attack?  The answer was discussed in a recent “honeypot” study conducted over a 28-day period.

A Honeypot is an environment created specifically to resemble that of a live and functioning industrial enterprise network.  The environment for this research project included actual live data feeds from instrumentation, remote terminal units (RTU), programmable logic controllers (PLC) and a fully functioning ICS/SCADA platform with internet-facing connectivity.

It took only 18 hours to find the first signs of attack on one of the honeypots. While the honeypots ran and continued to collect attack statistics, the findings concerning the deployments proved disturbing. The statistics of this report contain data for 28 days with a total of 39 attacks from 14 different countries. Out of these 39 attacks, 12 were unique and could be classified as “targeted” while 13 were repeated by several of the same actors over a period of several days and could be considered “targeted” and/or “automated.” All of these attacks were prefaced by port scans performed by the same IP address or an IP address in the same netblock.

The top alert generated in the honeypot environment was Modbus TCP non-Modbus communication.  This alert is triggered when an established connection utilizing Modbus is hijacked or spoofed to send other commands or attacks to a different device.

In addition to generating this alert, the following two rules were also triggered:

  • Unauthorized Read Request to a PLC
  • Unauthorized Write Request to a PLC

These rules are traditionally triggered when an unauthorized Modbus client attempts to read or write information from or to a PLC or SCADA device.

The sources of all three alerts were the United States, Russia, and China, respectively.

There are some very basic configuration and architectural considerations that can help prevent remote access to trusted ICS resources from occurring in this fashion. Most of these recommendations are based on “baking in” your security as ICS are architected and deployed. Future discussions will include ways to “bolt on” security for these systems and networks.

  • Disable Internet access to your trusted resources, where possible.
  • Make sure your trusted resources have the latest patches and that you diligently monitor when new patches/fixes are released.
  • Use real-time anti-malware protection and real-time network scanning locally on trusted hosts and where applicable. (Some PLC systems cannot support anti-malware products because of the fragile nature of ICS protocols.)
  • Require user name/password combinations for all systems, including those that are not deemed “trustworthy.”
  • Set appropriately secure login credentials. Do not rely on defaults.
  • Implement two-factor authentication on all trusted systems for any user account.
  • Disable remote protocols that are insecure like Telnet.
  • Disable all protocols that communicate inbound to your trusted resources but are not critical to business functionality.
  • Control contractor access. Many ICS/SCADA networks utilize remote contractors, and controlling how they access trusted resources is imperative.
  • Utilize SSL/TLS for all communications to web-based ICS/SCADA systems.
  • Control access to trusted devices. For instance, for access to a segmented network, use a bastion host with access control lists (ACLs) for ingress/ egress access.
  • Improve logging in on trusted environments in addition to passing logs to SIEM devices for third-party backup/analysis.
  • Develop a threat modeling system for your organization. Understand who’s attacking you and why.

As you can see, Internet-facing ICS are readily targeted. Until proper ICS security is implemented, these types of attacks will likely become more prevalent and advanced or destructive in the coming years.  We expect attack trends to continue in the ICS arena, with possible far-reaching consequences. With continued diligence and utilizing secure computing techniques, your ability to deflect and defend against these attacks will help secure your organization.

InCloud Control has addressed these and many other current concerns with both IRP and Manufacturing Platforms.  We also have a team of security and industry consultants that can assess your organization, provide a clear roadmap for securing your infrastructure, and provide the expertise to deliver remediation design and implementation engagements.

 

If you would like to learn more about our secure platform or speak to one of our experts, we’d love to hear from you.

Email us at Hello@myincloud.com

What is IRP?

The InCloud Industrial Reliability Platform (IRP)

MNF-IRP-WEBgraphic-Refiner Flow

What is InCloud IRP? 

In a sentence IRP is: a complete oil and gas plant asset maintenance, management and reliability analytics platform enabling customer adoption at whatever point in the planning and execution life-cycle that is most profitable for them.

IRP handles everything from simple day-to-day maintenance work orders to complex, total facility turnaround operations through embedded domain knowledge from industry experts, standards and best practices.

IRP manages the full life-cycle for complex projects, from capital planning and budgeting, to bidding, scheduling and resource assignment, to the management of project critical path, parts inventory management, and more. Mobile workers bring execution data into the system enabling a real-time view of project progression.

Built-in Process and Knowledge Management brings discipline to Reliability Centered Maintenance programs. Real-time capture, aggregation and analysis of instrumentation data allow reliability technicians to move beyond break-fix into predictive and preventive maintenance.  With InCloud IRP you can take veteran maintenance leaders and transform them into data scientists. Making decisions based on live data instead of intuition.

IRP enables documentation of diagnostic, analytic and repair routines and then creates repeatable procedures to pass key experience and lessons learned from one generation of technicians to the next.

Sensor and maintenance/repair data gathered over time will allow customers to compare manufacturer predicted MBTF and MTTF values with actual field data.

And ultimately, the InCloud IRP Exchange – where sanitized and anonymized customer field data is aggregated from all over the world – will enable customers to compare their data against global benchmarks and adjust their predicted MBTF and MTTF metrics to account for environmental and geographic variables.

Why chose between reducing maintenance costs, increasing overall uptime, shortening maintenance windows, and eliminating unplanned outages when you can do all of those things at once?

 

The IRP provides customers a profit driven reliability roadmap.