OPC-UA
Assembly Line
OPC UA is the Peak of All That Is Wrong in Manufacturing
It couldnโt get much worse. On one hand, manufacturers are wasting substantial amounts of time and money attempting to implement OPC UA. On the other hand, itโs driving innovation because its shortcomings are almost comically obvious that more and more companies feel fooled by established market vendors and begin seeking alternative solutions. They are frustrated with the status-quo and want to advance into the 21st century.
Top three reasons -
- Practical Applications of OPC UA Can Be Highly Unreliable
- It is a Security Nightmare
- OPC UA Managed to Standardize Without Actually Standardizing Anything
OPC UA has become emblematic of the challenges within manufacturing, yet this also opens a door for opportunity. The shortcomings of established vendors, who appear trapped in methodologies of the 90s, have inadvertently paved the path for innovation. Among the frustrated users of OPC UA, movements like the Unified Namespace community are gaining momentum and advocating for change.
Data-driven Maintenance Work Order Management with Crosser and AVEVA
The customer faced a significant challenge with its existing automated work order management system. This system relied on monitoring maintenance metrics using PLCs alongside predefined trigger points. AVEVA System Platform was responsible for initiating SAP to trigger specific work orders aligned with predefined work plans. However, this approach demanded manual adjustments to PLCs and the AVEVA System Platform each time a new device was introduced or new parameters were required.
Moreover, when a SAP work order was completed and counters needed to be reset to zero, manual connections to the PLCs were necessary, introducing operational risks and requiring substantial manual effort with each new device or reset. The existing approach not only carried operational risks with each change but also imposed significant manual labor for every new device and reset process.
OPC-UA Cyber Threats Explained: Specifications Vulnerabilities and MITM Risks
Recent research into the cybersecurity of OPC UA in industrial control systems has revealed shocking vulnerabilities, highlighting an urgent need to strengthen security measures. Many systems utilizing OPC UA are vulnerable, primarily due to flawed implementations of security features such as certificate validation and inadequate Trust List management, issues that persist even among products from leading brands. Numerous products lack essential security features, such as Trust Lists, or have unsafe default configurations. This indicates a significant underestimation of network security threats in industrial control systems, especially those associated with OPC UA.
Securely sending industrial data to AWS IoT services using unidirectional gateways
Unidirectional gateways are a combination of hardware and software. Unidirectional gateway hardware is physically able to send data in only one direction, while the gateway software replicates servers and emulates devices. Since the gateway is physically able to send data in only one direction, there is no possibility of IT-based or internet-based security events pivoting into the OT networks. The gatewayโs replica servers and emulated devices simplify OT/IT integration.
A typical unidirectional gateway hardware implementation consists of a network appliance containing two separate circuit boards joined by a fiberoptic cable. The โTX,โ or โtransmit,โ board contains a fiber-optic transmitter, and the โRX,โ or โreceive,โ board contains a fiber-optic receiver. Unlike conventional fiber-optic communication components, which are transceivers, the TX appliance does not contain a receiver and the RX appliance does not contain a transmitter. Because there is no laser in the receiver, there is no physical way for the receiving circuit board to send any information back to the transmitting board. The appliance can be used to transmit information out of the control system network into an external network, or directly to the internet, without the risk of a cyber event or another signal returning into the control system.
The Blueprint for Industrial Transformation: Building a Strong Data Foundation with AWS IoT SiteWise
AWS IoT SiteWise is a managed service that makes it easy to collect, organize, and analyze data from industrial equipment at scale, helping customers make better, data-driven decisions. Our customers such as Volkswagen Group, Coca-Cola ฤฐรงecek, and Yara International have used AWS IoT SiteWise to build industrial data platforms that allow them to contextualize and analyze Operational Technology (OT) data generated across their plants, creating a global view of their operations and businesses. In addition, our AWS Partners such as Embassy of Things (EOT), Tata Consulting Services (TCS) Edge2Web, TensorIoT, and Radix Engineering have made AWS IoT SiteWise the foundation for purpose-built applications that enable use cases such as predictive maintenance and asset performance monitoring. Through these engagements with customers and partners, we have learned that the main obstacles in scaling digital transformation initiatives include project complexity, infrastructure costs, and time to value.
With newly added APIs, AWS IoT SiteWise now allows you to bulk import, export, and update industrial asset model metadata at scale from diverse systems such as data historians, other AWS accounts, or โ in the case of AWS Independent Software Vendors (ISV) Partners โ their own industrial data modeling tools.
To collect real-time data from equipment, AWS IoT SiteWise provides AWS IoT SiteWise Edge, software created by AWS and deployed on premises to make it easy to collect, organize, process, and monitor equipment at the edge. With SiteWise Edge, customers can securely connect to and read data from equipment using industrial protocols and standards such as OPC-UA. In collaboration with AWS Partner Domatica, we recently added support for an additional 10 industrial protocols including MQTT, Modbus, and SIMATIC S7, diversifying the type of data that can be ingested into AWS IoT SiteWise from equipment, machines, and legacy systems for processing at the edge or enriching your industrial data lake. By ingesting data to the cloud with sub-second latency, customers can use AWS IoT SiteWise to monitor hundreds of thousands of high-value assets across their industrial operations in near real time.
A Comparative Analysis of Data Modelling Standards for Smart Manufacturing
In essence, adopting data modeling standards can facilitate seamless data exchange across the entire value chain, enhancing overall efficiency and cooperation among various applications and machines. Crucial to this evolution is semantic modeling, allowing machines to deduce meaning without human intervention. Thus, the concept of information modeling, encapsulating not only data but its meaning, is paramount to facilitating intelligent, autonomous decisions.
The Digital Twin Definition Language (DTDL) language follows JSON syntax but is based on JSON-LD. JSON-LD, or JSON for Linked Data, is a method of encoding Linked Data using JSON. It is a World Wide Web Consortium (W3C) standard that provides a way to enrich your data by contextualizing it with schemas (vocabularies) that you choose. This makes it easy to define complex models and relationships between different parts of a system.
Sparkplug and OPC UA, on the other hand, provide a way to structure data and ensure interoperability. Sparkplug uses MQTT and Protocol Buffers, focusing on SCADA/IIoT solutions and efficient data encoding, while OPC UA provides a more generalized approach, offering industry-specific guidelines through companion specifications.
๐๐ In-Depth Analysis of Cyber Threats to Automotive Factories
We found that Ransomware-as-a-Service (RaaS) operations, such as Conti and LockBit, are active in the automotive industry. These are characterized by stealing confidential data from within the target organization before encrypting their systems, forcing automakers to face threats of halted factory operations and public exposure of intellectual property (IP). For example, Continental (a major automotive parts manufacturer) was attacked in August, with some IT systems accessed. They immediately took response measures, restoring normal operations and cooperating with external cybersecurity experts to investigate the incident. However, in November, LockBit took to its data leak website and claimed to have 40TB of Continentalโs data, offering to return the data for a ransom of $40 million.
Previous studies on automotive factories mainly focus on the general issues in the OT/ICS environment, such as difficulty in executing security updates, knowledge gaps among OT personnel regarding security, and weak vulnerability management. In light of this, TXOne Networks has conducted a detailed analysis of common automotive factory digital transformation applications to explain how attackers can gain initial access and link different threats together into a multi-pronged attack to cause significant damage to automotive factories.
In the study of industrial robots, controllers sometimes enable universal remote connection services (such as FTP or Web) or APIs defined by the manufacturer to provide operators with convenient robot operation through the Control Station. However, we found that most robot controllers do not enable any authentication mechanism by default and cannot even use it. This allows attackers lurking in the factory to directly execute any operation on robots through tools released by robot manufacturers. In the case of Digital Twin applications, attackers lurking in the factory can also use vulnerabilities in simulation devices to execute malicious code attacks on their models. When a Digital Twinโs model is attacked, it means that the generated simulation environment cannot maintain congruency with the physical environment. This entails that, after the model is tampered with, there may not necessarily be obvious malicious behavior which is a serious problem because of how long this can go unchecked and unfixed. This makes it easy for engineers to continue using the damaged Digital Twin in unknown circumstances, leading to inaccurate research and development or incorrect decisions made by the factory based on false information, which can result in greater financial losses than ransomware attacks.