The IoT and Cloud security measures — not as well developed as needed

Staff Report

Will a fight break out over who’s responsible for securing data? Maybe. Will companies start taking security seriously? Not sure. Will design engineers need to address security before corporate management?

A key component of the Internet of Things (IoT) and the Industrial Internet of Things (IIoT) is the cloud; that group of services residing nearly anywhere that will house all the data collected. Despite all the buzz about the IoT and its variations, most actual implementations are in the very beginning stages of development. Now is a good time for users and designers of equipment that will link to the cloud to look into just how they will secure all of the data.

Recent surveys and studies indicate, though, that companies are not as focused on data security as they should be. For example, according to findings from “The 2016 Global Cloud Data Security Study” study from Ponemon Institute, organizations and companies are not adopting appropriate control and security measures to protect sensitive data they store in the cloud. The study surveyed more than 3,400 IT and IT security practitioners worldwide to gain a better understanding of trends in data collection and security practices for cloud-based services.

They found that:

• Half of all cloud services and corporate data stored in cloud are not controlled by IT departments.
• Only a third of sensitive data stored in cloud-based applications are encrypted.
• More than half of companies do not have a proactive approach for compliance with privacy and security regulations for data in cloud environments.

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”

Agreed Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto, a leader in digital security, “It’s quite obvious security measures are not keeping pace because the cloud challenges traditional approaches of protecting data when it was just stored on the network. It is an issue that can only be solved with a data-centric approach in which IT organizations can uniformly protect customer and corporate information across the dozens of cloud-based services their employees and internal departments rely every day.”

The state of IoT security today
Thus, working with IT departments will be key to securing cloud data. But, the study found that nearly half (49%) of cloud services are deployed by departments other than corporate IT, and an average of 47% of corporate data stored in cloud environments are not managed or controlled by the IT department. Until such time as individual companies come up with a policy, engineers may have to take a proactive approach and initiate conversations with customer IT departments early in the design phase.

Just what kind of security measures are needed? 54% of survey respondents felt it was more difficult to protect confidential or sensitive information when using cloud services. 53% of respondents report difficulty in controlling or restricting end-user access. The other major challenges include the inability to apply conventional information security in cloud environments (70% of respondents) and the inability to directly inspect cloud providers for security compliance (69% of respondents).

Customer information stored in the cloud is most at risk. According to the survey, customer information, emails, consumer data, employee records and payment information are the types of data most often stored in the cloud. Since 2014, cloud storage of this information has increased from 53% in 2014 to 62% today. 53% considered customer information data to be the most at risk in the cloud.

The majority of respondents (64%) said their organizations do not have a policy that requires use of security safeguards, such as encryption, as a condition to using certain cloud computing applications. This situation challenges designers during product design.

72% of respondents said the ability to encrypt or tokenize sensitive or confidential data is important, with 86% saying it will become more important over the next two years, up from 79% in 2014.

Yet, passwords and similar conventional security measures are no longer adequate. 67% of respondents said the management of user identities is more difficult in the cloud than on-premises. However, organizations are not adopting measures that are easy to implement and could increase cloud security. About half (45%) of companies are not using multi-factor authentication to secure employee and third-party access to applications and data in the cloud, which means many companies are still relying on just user names and passwords to validate identities. This puts more data at risk because 58% of respondents say their organizations have third-party users accessing their data and information in the cloud.

Easier security solutions on the way
In some cases, communication developers are adding features that are easy for design engineers to incorporate into their designs, helping improve security.

One example is the PAC Project 9.5, which provides updated firmware for Opto 22 SNAP PAC S-series and R-series controllers that enable a secure HTTPS server on PAC controllers. Combined with a RESTful open and documented API, it allows developers to write applications that access data on the PAC using the developer’s programming language of choice with the JSON data format. This new capability allows software and IoT application developers to eliminate layers of middleware for secure Industrial Internet of Things (IIoT) applications.

Firmware version 9.5 for SNAP PAC R-series and S-series controllers enables REST endpoints for analog and digital I/O points as well as control program variables including strings, floats, timers, integers, and tables. REST endpoints are securely accessed using the RESTful API for SNAP PACs.

Client data requests are returned in JavaScript Object Notation (JSON) format. PAC controllers and I/O can be used with almost any software development language with JSON support, including C, C++, C#, Java, JavaScript, node.js, Python, PHP, Ruby, and many more. They can use the development environment and language of their choosing to write new software, create web services, and build Internet of Things applications.

The addition of a secure RESTful server and an open, documented API to a programmable automation controller (PAC) is a significant industry innovation, because REST architecture and associated technology are intrinsic to the Internet of Things and paramount to web and mobile-based application development. Opto 22’s implementation of REST directly into a commercially available, off-the-shelf industrial PAC places the company as one of the first industrial automation and controls manufacturer to offer this industry-changing technology.

More IoT solutions
The UNO-1251G is a DIN-rail mountable IoT Gateway from Advantech’s IIoT Automation Group. It’s about the size of a micro PLC. For accessibility, the industrial computer comes with a programmable OLED display, a wireless communication slot, and built in CANbus protocol. It supports over 450 PLCs, controllers, and I/O device protocols with WebAccess/HMI software.

This gateway is suitable for networking intelligent I/O devices such as sensors and actuators. To aid development of CANbus applications, the UNO-1251G includes the Advantech CANopen protocol library, which provides a C application programming interface (API) for configuring, starting, and monitoring CANopen devices.

The UNO-1251G DIN-rail mountable IoT Gateway supports over 450 PLCs, controllers, and I/O device protocols with WebAccess/HMI software. From Advantech’s IIoT Automation Group, it comes with a programmable OLED display, a wireless communication slot, and built in CANbus protocol.

uno-1251g

To aid internet connection in areas where using wires is impractical, the gateway includes an accessible side mounted expansion slot that can be used for installing an optional wireless card without having to open up the entire unit.

The UNO-1251G can be operated remotely from any computer or table with a VNC (Virtual Network Computer) client installed. Users can remotely access the UNO-1251G for diagnosis and control from wherever they are located. Through WebAccess, it helps move from proprietary systems to an open architecture and eases the integration of different devices.

The gateway includes the RISC 32 bit ARM Cortex A8 processor, externally accessible micro SIM for 3G access and a micro SD card slot for additional storage, USB port, two 10/100 LAN ports, LED indicators, integrated 1G micro SD card with OS installed, and three COM ports.

The C-more Micro line of operator interfaces, from AutomationDirect, includes the EA-ECOM communication expansion module. For EA3-series C-more Micro panels, it adds an Ethernet (RJ45) port for programming and PLC communications at 10/100 Mbps. The module attaches to the rear of all EA3-series panels and requires no external power. It has fast firmware update speeds and supports multiple connections to multiple PLCs and protocols; C-more Micro programming software and firmware version 4.0 are required.

c-more-micro-ethernet-module-5x7

The C-more Micro line of operator interfaces, from AutomationDirect, adds an Ethernet (RJ45) port for programming and PLC communications at 10/100 Mbps.

EtherCAT P combines EtherCAT communication and a power supply in a standard 4-wire Ethernet cable. This approach from Beckhoff Automation powers connected sensors and actuators, eliminating separate power lines and simplifying cabling. Thus, it offers advantages for connecting small remote I/O stations in terminal boxes and for decentralized I/O components located throughout the process.

beckhoff-ethercat-p-ip-67

EtherCAT P, from Beckhoff Automation, offers advantages for connecting small remote I/O stations in terminal boxes and for decentralized I/O components located throughout the process.

A full range of EtherCAT P system and I/O components in protection class IP 67 and 4-wire Ethernet cables is available for the 24 V I/O level. The power supply from EtherCAT P is rated at 2x 24 Vdc/3A.


CASE HISTORY

IoT connectivity is action

Athader, based near San Sebastian in northern Spain, manufactures coil processing lines, mainly slitting lines and leveling and cut-to-length lines for steel, stainless steel and aluminum material. Equipment manufactured by the company, which is part of the Bradbury Group, is for steel coil processors, rolling mills and profile and tube manufacturers, 80% of which are located outside of Spain.

Until recently, to match customer specifications, Athader used several different brands for its drive requirements. However, their reliability was becoming a frustration point with factory personnel. When a coil processing line breaks down, customers lose production, and sometimes, there is damage to mechanical parts. Thus, Athader switched to drives, motors and global solutions supplied by Emerson. Several of Athader’s machines are custom, so it helped that Emerson’s motion controls could be easily adapted to fit.

Athader makes steel winders/unwinders, stacking machines, rolling machines, longitudinal and transversal shears, packaging machines and cutting systems. With regard to the latter, a rotary shear device for high thickness coil is expected to work at 100 m/min, while a flying shear system for very high yield stress material (with a high pressure rating of 1100 Mpa) works at 50 m/min. Despite these elevated speeds, precision must be to within ±0.2 mm.

athader-custom-machine

In these custom machines from Athader, Profinet connects the PLC with Emerson Unidrive M variable speed drives, encoders and remote I/O, while Ethernet allows the checking and changing of system parameters with a remote PC, including the parameters of the Emerson drives.

The Unidrive M variable speed drives speed and response allow high dynamic application control with repeatable precision. The intelligent modules used with the drives let operators manage motion in several axes and synchronized profiles, which minimizes the number of rejected items and maximizes production uptime, all without inducing stress on the mechanical parts.

Integration of these drives into the machines was straightforward thanks to a complete set of communication modules that support most traditional field buses and the latest Ethernet-based technologies.

Among the recent applications at Athader was the development of a transversal cutting line for steel bands up to 25 mm thick and 1800 mm wide. The Emerson solution includes a control cabinet (8 x 800 x 2200 mm modules) and three control desks (entry, main and exit). The cabinet includes a total of 19 ac drives in a dc bus configuration.

Moving through the cutting line in sequence, the uncoiler is served by a single Unidrive M701 (45 kW) featuring a Si-Application option module and dedicated unwinder software. From here, the unwound coil moves into two levellers, each of which relies on two Undrive M700 units in parallel (180 and 160 kW respectively) with accompanying software. In addition, four Unidrive M200 drives (from 5.5 to 7.5 kW) are deployed for auxiliary elements. The next station, a flying shear, features one Unidrive M700 (110 kW) with Emerson’s dedicated software, along with a single Unidrive M200 (5.5 kW) for the conveyor. In addition, a total of 10 Unidrive M200 drives (from 0.55 to 5.5 kW) control further parts of the system, such as inspection and evacuation conveyors, stackers and stores. The cabinet also features two Emerson SPMC2402 dc rectifiers working in parallel.

athader-custom-machine-2

Integration of Emerson Unidrive M variable speed drives into Athader machines was straightforward thanks to a complete set of communication modules that support most traditional field buses and the latest Ethernet-based technologies.

The complete line is controlled by a Siemens PLC, while adjustment and supervision is made with a 15 in. color touchscreen.

Two networking configurations are featured: Profinet connects the PLC with drives, encoders and remote I/O, while Ethernet allows the checking and changing of system parameters with a remote PC, including the parameters of the Emerson drives.

Production speeds have increased by more than 300%, from 200 to 600 m/min for longitudinal systems. In addition, the machines can now process a wider range of materials, from 12 mm band thickness (500 MPa) in the past, to the current 25 mm thick (1100 MPa).

Machine commissioning time has been reduced from 6 weeks to 3-4 weeks, while machine-side and remote control are better facilitated through user-friendly software and Ethernet technologies.


Reprint info >>

Advantech IIoT Automation Group
www.advantech.com/industrial-automation

AutomationDirect
www.automationdirect.com/cmore-micro
Beckhoff Automation
www.beckhoff.com
Emerson
www.emerson.com
Opto 22
www.opto22.com

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top