Well 2008 has come and gone. In many ways it has been a year of ups and downs in everything from the price of oil, elections, stock market and the weather. I would say the same holds true for OPC, with many successes and maybe a few shortfalls.  In 2008 we’ve seen OPC security gain a lot of attention, with new products and announcements yet industry is still has a way to go in terms of secure implementations.  OPC UA continues to gain momentum, with product releases and based on the OPC forum traffic, tons of users making use of the SDKs.  However I’m sure many out there are waiting with bated breath for the second round of specification releases and other distributables to come out.  The OPC user community also had some good successes this year, with new blogs appearing (of course the TAC blog too), many successful user conferences and road shows.  On the other side of the coin the feedback from many of these events tell us that people want to see some different things. I would predict a change in format for some of these get-togethers for 2009. (Speaking of which, mark you calendars for OPC User group in Houston on April 16^th)

Let’s hope 2009 brings bigger highs, without the lows.  Canada captured its fifth straight World Junior Hockey Championship gold last night, so I’m thinking the year is starting off on the right foot J

Let’s hear from you.  What do you think was the highest high for OPC in 2008?  The lowest low?  What are your predictions or wishes for 2009?

It’s beginning to look a lot like… the North Pole here in western Canada.  It’s currently a balmy -32 C with the wind, and expected to stay that way for the holidays.  It makes strolling the storefronts for those last minute gift items a nippy prospect. Personally I’m looking to avoid frostbite by checking out websites with downloadable gifts.  Downloadable gifts like varied and countless kinds of software, e-books and games give you a list of advantages:  

·       It’s green.  These days, we are all concerned about ways to be eco-minded and downloading means less garbage.

·       It’s instantaneous.  Talk about instant gratification: your purchase arrives seconds after you buy it.

·       …and you don’t have to brave the cold.

So here are a few options for the OPC lovers on your lists:

·       For that Uncle who’s across the global and wants to keep in touch.  OPC Tunneller is the perfect gift for ensuring secure, reliable OPC communications across firewalls and unreliable connections.

·       For the parents who keep calling you for computer troubleshooting.  The OPC Server for Performance Monitor to keep track of all the important factors like memory usage, hard drive space and CPU.  Also a good option for the IT managers or green data center owners on your list.

·       Add the OPC Buffer to keep a running history to share with Gramma or anyone else who needs some OPC history.

·       And the OPC Data Manager just makes a great stocking stuffer for everyone.  Who doesn’t need to share data between different systems?

In case anyone out there is wondering… I’d love to get a copy of the new OPC Server for OMRON.  It would round out my PLC server collection J

I’m off for the holidays and will be back posting early in the new year.  Hope everyone has safe and happy holidays.

The SANS Institute Process Control and SCADA Security Summit 2009 is being held in Florida, Feb 2-3.  It’s being held at a hotel in the heart of the Walt Disney World Resort. I’m not sure if that is a subtle hint that IT Security is the stuff of magic and imagination or that securing process control and SCADA systems is merely a wonderful fantasy…  The dubious relevance of large talking mice to securing critical infrastructure aside, it looks like this years event will be talking a lot about IT security in Power and Utilities.  If you look at the top ten questions for the summit, there are several specifically targeting power and utilities. 

1.    How has the threat to control systems changed during 2008? Who are the new attackers? What kind of damage have they already done? What can they do?

2.    Exactly how do attackers penetrate the defenses that have been established by most control system users?

3.    What are the principal vulnerabilities in control systems and how should they be prioritized for mitigation?

4.    What techniques are the most advanced control systems users implementing to mitigate the threat? How are they training their people? How are they balancing information technology and control systems needs?

5.    How can Utilities gain top management support for major security initiatives?

6.    How can utilities educate their Public Utility Commissions so that investments in cyber security may be included in the rate base.

7.    Which SCADA security research projects have shown useful results? How can asset owners put those findings to work?

8.    Which control system vendors have made the most progress on implementing the new standards for secure configuration of their products?

9.    What innovations has NERC implemented and how can electric utilities and others share in the lessons learned?

10.  What tools have governments developed that makes security of control systems more effective and efficient?

While this is not specifically an OPC event, I would suspect that the whole topic of cyber security, particularly in regards to power utilities would be of interest to many OPC users out there.  There are countless generating companies, municipalities and other utility companies out there using OPC as part of their communication infrastructure.  When looking at securing critical infrastructures, there is a lot of work to be done and more and more noise is being made about this particularly in the US.  (Whether or not the noise in the right kind is open for debate as the folks at Digital Bond point out…)  In either case, it seems plain to me that anything that makes the data communication layer more secure for our Power systems is a good thing.  It may be conducting a systems security audit, implementing OPC Security Gateway to increase the granularity of user access protection or some other OPC security option.

If nothing else the questions posed to the security summit show that someone out there is asking questions and is concerned about the state of control system security.  The concept of including security costs in the rate base might be one answer to my earlier post on the costs of security, and I for one would like to hear some of the answers to the other questions. For anyone attending the conference it would be interesting to hear if OPC is a topic of discussion among the attendees.  Are they concerned about the security of their OPC connectivity?  If so, what are they doing about it?

P.S. As Peter points out, the security summit coordinates nicely with the ARC Advisory Group’s Orlando Forum, so you can hit both events with one trip J

You see news on the dismal economy and news stories on cyber-security pretty much everyday.  It’s not surprising that we are now seeing them tied together in the same article:  Cyber Security: A Hard Sell in Tough Economic Times. At companies hit crunch time on the bottom line, they will be looking at areas to cut.  Since security is already not getting the love it truly deserves, it wouldn’t be surprising to see it on the block.  Companies are already unwilling to talk about what lack of security is costing them.  I think this quote from this article speaks volumes on that topic:

“…government efforts led by the Homeland Security Dept. have been stymied by bureaucratic confusion and an unwillingness by agencies and corporations to share information about cyber break-ins. The commission’s report catalogues incidents afflicting financial institutions, large corporations, and government agencies…”

While most cyber-security discussions talk about financial and communications systems, the most alarming are talks regarding Power Utilities and other infrastructure systems.  Talks like the one from Rick Sergel, President & CEO of NERC at the NARUC Meetings 2008, last July 20, don’t paint a warm and fuzzy picture.   To some people what might be even more alarming is the recent report on cyber-security that basically says the status-quo is not working and calls for more government involvement.

Certainly there are more and more manufacturers that a thinking about the OPC security of their systems.  The most recent release of the MatrikonOPC Security Gateway is quickly becoming a popular choice for many OPC installations.  Also there are more users requesting OPC Servers that natively support security.  And of course the whole topic of Security is always popular when talking about OPC UA.

What about your company? Have you had your cyber-security projects delayed or cancelled due to the recent economic crunch?  For the folks in the USA, is the prospect of increased government involvement having any affect on your business decisions?

Seems like a lot of people enjoyed the previous episodes of OPC Mythbusters, so I decided to let Adam and Jamie have a go at the big myth – “OPC UA – Is it Ready?” This time they get a little help from a couple of guest stars. Enjoy!

(If the clip doesn’t appear try this link)

OPC UA has made great progress in the last year with many concrete products and architectures coming together. Since OPC UA is a set of layer specifications and the core set is solid, then OPC UA is ready to go.  Of course, as with any implementation roll out as ambitious as OPC UA there is still more work to be done if you consider the full scope. Let’s hear from you.  What aspects of OPC UA do you think should get the most focus in the coming year?  Release of the final Access Type specifications? More stringent guidelines on how vendors implement OPC UA security? Adding more features to the SDK? Release of the OPC UA Compliance tools and test cases? Increasing the stability and/or usability of the SDK? Other items?

Where would the computer and engineering world be without Three Letter Acronyms (TLAs)?  For one thing we wouldn’t have OPC.  Actually according to the all knowing Wikipeida, OPC is technically an initialism (i.e., all the letters are pronounced as letters) as opposed to meeting the true definition of acronym (which requires it to be pronounced as a single word, as in DOS). Now that I think of it, OPC doesn’t really fit initialism either since the letters of OPC don’t really stand for anything anymore.  But I digress…

The TLA I’m talking about today is MIP, which stands for the MatrikonOPC Integrators Program.  Often the people on the front line of OPC implementations are system integrators and the folks at MatrikonOPC realize that while data connectivity represents a fraction of integrators project scope, it also poses a disproportionate project risk due to the inherent difficulty of establishing multi-vendor communications.  When faced with OPC challenges, integrators need a better plan than a skyward plea of ‘Oh Please Connect’ to the fickle gods of connectivity.  Based on years of OPC expertise and countless projects supporting integrators, MatrikonOPC is offering MIPs an alternative that provides:

·          optimal data connectivity architectures

·          the right connectivity software and utilities

·          experienced live support

·          comprehensive OPC sales and technical training

·          other good stuff…

Now since there are only 17,576 possible TLA’s (24,336 if you allow the last ‘letter’ to be a number) there are bound to be multiple meanings for a TLA.  Therefore MIP is not to be confused with Mortgage Insurance Program.  (I bet a lot of people out there are wishing they thought of that before the whole credit crisis meltdown).  I suppose you can consider joining the MIP program as a type of insurance against having your OPC projects go south on you. If your project involves advanced OPC concepts like redundancy, guaranteed data delivery or security, it’s nice to have someone to discuss all the options with BEFORE you’re on-site and behind the eight-ball at crunch time.

The gamers out there (or those high-falutin’ Latin speakers) will recognize MIP as standing for the Latin “multum in parvo” or literally “much in little”.  Typically this refers to increasing granularity the resolution of texture maps, but the “much in little” theme works for the MIP program too.  Think of it as getting a whole lot of value for relatively little input or it could mean the increasing levels of support through the Silver, Gold and Platinum options.

I don’t know if the powers that be have decided if the MIP program is an initialism like V.I.P or acronym that rhymes with hip.  I’ll leave that up to you to choose. Regardless of how you think of it, it sounds like a good thing to me. I’ll sign off with a little food for thought on TLA’s from author Douglas Adams who remarked: “The World Wide Web is the only thing I know of whose shortened form takes three times longer to say than what it’s short for.”  Think about it.

I just came across this post on Control.com. and I just had to put it up.   The post started out as a poll for favorite types of field instruments, but Carl Ellis tossed OPC into the mix.

Posted by Carl Ellis on 17 November, 2008 - 9:19 pm

Favorite Field instrument:

1) Plain old thermocouple, for its simplicity and durability.

2) Any of the modern “smart” pressure transmitters with HART.

The long term stability is just fantastic for those of us old enough to remember the quarterly cal routines with the zero and span pots.

The ease of setup via HART is fantastic.

3) Not a field instrument, but I love OPC. Getting the instrument driver out of the HMI software and into the specialty realm of “OPC server” vendors has been fantastic. As good as getting the print driver out of the DOS application and onto the printer manufacturer where it belongs.

Three cheers for OPC.

Carl

Couldn’t have said it better myself.  Three cheers for OPC indeed!  I don’t think I know Carl, although if he loves OPC, I’m sure our paths must have crossed at sometime and clearly he sees the benefits of OPC.  I’d like to hear more from him on how and why OPC has helped his life.  Was it the wide range of connectivity options? Bringing industry wide standards to a particular business vertical? A particular OPC product?

What about the rest of you out there?  Would you rank OPC as one of your top three connectivity options?  How about the Systems Integrators out there?  Do you see OPC a blessing or a burden to your business?

Ever have one of those ‘D’oh’ moments?  You know what I’m talking about.  One of those moments when you realize something that is intuitively obvious to the most causal of observers, yet seems to have eluded your razor sharp observation for an unconscionable amount of time. For me it was realizing the important role of SNMP in the building automation world. I’m sure the term SNMP (Simple Network Management Protocol) is familiar to many of you who have any interaction at all with the IT world.  SNMP is the de facto standard for monitoring IT type equipment like switches, routers, repeaters and such.  Of course there are many Network Management System (NMS) applications that are designed to monitor and manage this vast sea of IT assets. I’ve always been aware of the fact that companies that have a high competency in HVAC and BMS protocols also provide products with SNMP capability. I just never bother to connect the dots and ask WHY? The D’oh moment was the realization that many BMS systems are SNMP enabled which closely ties the management of IT and building assets.  Many building control devices, much like IT assets, are equipped to communicate via the SNMP protocol.  Therefore the building devices can be recognized and managed with standard, of-the-shelf NMS applications, like IBM Tivoli, HP OpenView, Aprisma Spectrum, and Micromuse Netcool.  After all managing a sea of PCs and routers is really no different from managing a cloud of building controls. 

All well and good, but why are we talking about SNMP on an OPC blog?  Good question.  Since connecting the enterprise is allow about integration, many users are pulling information from their control systems, security systems, building automation controls and IT assets into the same place.  Sometimes that’s an NMS console; sometime it’s a HMI/SCADA system or a historian.  Users need to be able to integrate both OPC enabled and SNMP enabled devices and applications.  That’s where products like the MatrikonOPC Server for SNMP (which connects OPC clients with SNMP agents) and the MatrikonOPC Agent for SNMP (which exposes OPC DA and A&E servers as SNMP managed devices) come in.  Using OPC and SNMP as complementary protocols, users can easily integrate OPC-based automation systems within network or Enterprise management environments, building and process automation systems.  This is becoming increasingly more popular as companies try to ‘get greener’ and better manage their production and building systems.

So did everyone out there know that SNMP and building automation were so closely related? Was I the only one who just thought of SNMP as an ‘IT’ protocol?  I’d be interested to hear from anyone who is using SNMP and OPC as part of their building automation solutions.  Do you use OPC-in-SNMP-out or vise-versa?

Looking for some new stuff to explore this week?  The venerable OPC Explorer has gotten a new update and some neat new features.  On connection to an OPC server, the Status panel now shows what OPC interfaces a server supports, including OPC DA, HDA, A&E and OPC Security.   OPC Explorer now provides an interface to connect to servers using the OPC Security options, and when connected to a MatrikonOPC server you can launch server configuration panels and security setting dialogs.   The GUI has been streamlined a bit, some minor bugs squashed and other routine maintenance items.  Check it out.

I’ve been an OPC Explorer myself lately.  There were great turn outs at both the MatrikonOPC European User Group conference in Barcelona and the OPC Developer Conference and Workshop in Munich.  Everyone had plenty of opportunity to explore OPC implementations, how others are using OPC and OPC UA today.

If you are looking to test drive the new OPC Explorer and aren’t quite sure what OPC is all about, you’d be interested in attending the upcoming OPC Foundation Training Seminar in Richmond, VA on November 13^th.  Details here.

And last but not least, the OPC Foundation wants to explore your brain a little bit.  To help guide the OPC Foundations strategic direction you can provide your thoughts and feedback on the OPC Market Survey.

Happy Halloween to all you ghouls and goblins out there that celebrate this ancient feast.  Or at least those out there that will take any excuse to dress up and eat too many sweets.

I just got back from my European OPC tour. Now I’m scrambling to come up with a costume.  I think I’ll put on a hooded cloak, print out a blue paper mask and go as the ‘Blue Screen of Death’.  What could possibly be scarier that that?

While garlic necklaces, candle lit rituals and special gestures might protect you against denizens of the Otherworld, you probably need something a bit more tangible for protection against foes of the IT world.

Personally I think that something like the OPC Security Gateway or the OPC Redundancy Broker would be more effective in protecting you OPC installations, than dancing under the moon in an ancient grove swinging a dead animal around your head.

You can download the OPC products and try them out at anytime.  Of course, if you want to go the moonlight dance route, tonight would be your best chance. J

Happy Halloween and Stay Safe.