Jim Cahill has a couple of post at his Emerson Process Experts blog on Web 2.0 and social media.  Jim was presenting on using the ‘next generation’ marketing at the ISA Sales and Marketing Summit and this week at Emerson Exchange.  These trade shows/user group events are the more ‘traditional’ type of marketing venues for Industrial Automation.  I know MatrikonOPC has folks attending both shows (hope your having fun at Emerson Exchange Booth #85, Manny!) and I will be presenting at the OPC User Group in Barcelona and at the OPC DevCon 2008 in Munich later this month.  Of course the advantages and potential reach of so-called Web 2.0 avenues like blogs, Twitter, podcasting, animation spots, and social media sites like Facebook and Plaxo are rapidly making headway in the Automation world.

So what does all this Web 2.0 hype mean for OPC and its users?  Well, the obvious things would be ease of information access using blogs like this one, RSS feeds and e-magazines. (BTW: For readers in Western Canada ProcessWest magazine now features an OPC standards column.)  I’m not sure if or where it fits in the Web 2.0 hierarchy but on-line shopping carts definitely make life faster and easier for those looking for quick OPC solutions.  As life gets faster and busier and more and more professionals join the ranks of the iPod/Blackberry Nation getting the message out and providing convenient access to information becomes increasing more important.

As connectivity increases I can’t help but wonder how Industrial Automation and Control and the wireless reach of Web 2.0 applications will mesh.  Certainly OPC is already moving down that road.  Applications like OPC Messenger that leverage the OPC A&E specification and e-mail/pager systems increase the reach of process control data.  As OPC UA continues to roll out, it will be very interesting to see what the future holds.  Intranet level Facebook type applications?  I can see it now…  “The AP Tower is feeling slightly flooded today” “The CatCracker feels 23% under utilized due to high sulfur content in the crude feed flow” “John Smith invites you to join the Site Energy Optimization group”.  With the instant access and reach of social media and the connectivity power of OPC, is it really that far fetched?

I’m an Engineer and computer programmer which makes me an uber-geek in some circles.  On the other hand I don’t own a Tivo or Blackberry which makes me a Luddite in others. What about you? What role do websites, RSS feeds, blogs, or ‘connected’ applications play in your world?  What about your industrial automation applications? Which aspect rules your connectivity applications? Legacy compatibility, Security or Connectivity?

Digital Bond has released Parts 3 and 4 of the OPC UA Security Audit.  The major point of discussion is on certificate use. Two of the goals of OPC UA are to provide seamless interoperability and a high level of security.  To achieve both these goals the OPC UA specification makes use of self-signed certificates, and the option to set the Message Security Mode to NONE.  Vendors must implement security, but users have the ability to essentially turn it off.  If it is turned OFF, then this needs to be very apparent to users to avoid instilling a false sense of security. The audit revealed, the specifications are not clear enough or offers conflicting details on how to get this implemented properly. So the main action points for clarifying the specification are:

1.                   The OPC UA specification has to be clear on how certificates must be explicitly trusted through a PKI or other process prior to use, for both the OPC UA client and server.

2.                   If Secure Channels are allowed to be created and closed without security the specifications to need to clearly indicate Secure vs Unsecure Channels.

There are some interesting comments on the Digital Bond blog.  They talk about the possibility of OPC UA security always being turned off, and the challenges of being backward compatible with DCOM based products. Some very good points that I’d like to offer my two cents on.

OPC UA security always being turned off is a valid concern. When push comes to shove implementers favor usability over security. (Until something embarrassing happens and then it’s too late).  OPC UA makes use of standard certificate handling.  The key will be using Profiles to balance mandated security functionality and user flexibility in choosing the level that is appropriate.  As the audit points out, it has to be very clear to the user what level of security they are getting.  I think that users will expect to have to do a little more to get more secure systems.  After all OPC UA is making use of standard Internet security features and will not have to reinvent the wheel to come up with an acceptable solution to meet everyone’s needs.

On the DCOM backwards compatibility issue, I’m not as pessimistic.  The main problem with DCOM is that although it was ‘standard’ Microsoft security, it was NOT well known.  It is difficult to completely lock down DCOM, yet provide interoperability if you don’t know what you are doing.  Today people can get around this by using Security Gateway products or completely shutting down DCOM and make use of encrypted OPC Tunneller communications.   The first phase in OPC UA implementations will be to wrap solutions like these that already lock down DCOM, and provide them with the OPC UA security front end.

Of course at the end of the day, the real driving factor will be the end user requirements.  Recently I’ve read a lot of articles that say the ‘seven year itch’ is wearing off, and that people are becoming more complacent about security then they were a few years ago.  Added to this is that industrial automation security implementations still have not caught up to levels where the experts say they should be.  What’s your experience? Are you as an end user, or vendor’s end-users demanding security? Do the reports of compliancy reflect on the industrial automation world, or are they still working towards more secure facilities? Do users fear implementing security?

Avast me hearties. Yarr, t’is that time of year again, tomorrow is ‘Talk Like A Pirate Day’.  I’m posting today, since I’ll not be ‘round tamarrow. Drinkin grog and swashbucklin’ and whatnot needs be done. Gar.

Every good pirate ship had their pirate code or rules of conduct.  When a rule was breached, the crew was often without pity or remorse in punishing a guilty crew member.  If OPC had been around during the golden age of pirates, I’m sure system connectivity and interoperability would have been simpler.  (and of course OPC would be properly pronounced Yarr PC).  Here is a sampling of what the code would look like…

The OPC Pirate Code of Conduct:

·          Every man shall obey OPC Interoperability rules;

·          If any man shall offer to use non-standard, or proprietary protocols, he shall be marroon’d with one Bottle of Water, one OPC server and the OPC specifications.

·          If any man shall not understand and use proper DCOM configuration, he shall be marroon’d or shot.

·          If at any Time we should engage with other OPC systems, that Man that shall make full use of OPC Security or shall suffer such Punishment as the Captain and Company shall think fit.

·          That OPC Client that shall use demand read or browsing with undue caution or heed whilst these Articles are in force, shall receive Mose’s Law (that is 40 stripes lacking one) on the bare Back.

·          That Man that shall not keep his OPC products compliant, fit for an Engagement, or neglect his OPC Services Business, shall be cut off from his Share, and suffer such other Punishment as the Company shall think fit.

·          If at any time you meet with an industrial system, that Man that offers to meddle with its connectivity, without considering OPC solutions, shall suffer present Death.

Avast, ye might think some of da code might be a wee harsh, but think of the chaos that could ensue without proper rules.  Any of ye who wants to be implementing OPC without heeding proper interoperability will walk the plank and end ye days at the bottom of Davey Jones Locker. Gar.

Last week Gary Mintchell had a posting on some innovative marketing ideas that came across his desk.  That same day I got a ‘personalized’ invitation to an event sponsored by my car service place.  Of course the invitation probably went to hundreds of people, but what struck me was the 3-way fold out card had my name on it is 7 different places, all in different fonts/styles, including in the clouds by a sky writing plane!  The event itself didn’t actually interest me, but I still read their ad simply because effort went into creating it.  We all know that a big part of selling, be it products, ideas or standards is getting the message out.

So I started thinking on other ways of getting the OPC message out.  It so happened around that same time, I was introduced to the GoAnimate website (Thanks Troy!).  Who doesn’t like cartoons?  (I admit I have the Dilbert iGoogle gadget on my homepage.  I’m sure I am not the only engineer out there who does).  So the end result is a couple of my attempts at OPC animation, in a parody of another Geek favorite, Mythbusters.

 Episode 1

Episode 2

Let me know if you enjoyed them.  I know I had a lot of fun making them.  Who knew OPC could be even more fun?

I came across this article on how a computer virus made its way onto the international space station.  One would think that of any computer system on the planet (or above it) that would have good IT security, it would be the ISS.  Apparently not. Really makes you wonder about how things are progressing with beefing up security within the control system world.  The folks at Digital Bond were blogging on that topic all last week from the 2008 Process Control System Industry Conference (PCSF) in San Diego.  One interesting blurb was mentioned in the day two recap:

“.. rounded out the morning with “Control Systems Threat Awareness” by Robert Huber and Sean McBride of INL. These guys have used various data collection points to help understand the current threat and trends over time. It was a good follow-up to yesterday’s presentation by Stephen Gill of Team Cymru. It was a well-organized compilation of threat data. They’ve taken many of the things you’ve heard, such as control system presentations at hacker conferences,  and plotted them in a measurable way that illustrates an increasing “adversary interest”.

The threat trend is increasing.  An interesting question would be if system security is trending towards more secure as quickly? What about the OPC systems? OPC UA brings a lot of security to the table, but companies will have to look at what timeline they will be looking at for adopting OPC UA products, and how much security will they be implementing.  In the face of increasing threat of ‘adversary interest’, I wonder how many companies will look at increasing their protection today with products like the OPC Security Gateway? I’ve posted on OPC security before.  It’s another of the things I think about often. (Things like that apparently makes me a bigger geek than Gary Mintchell.  I’ll take that as a compliment J ). 

The press release on the OPC Security Gateway came out this week for those interested in what it can do.  I’ve talked to many control engineers who fear common security gaps found once someone gets inside the firewall like unrestricted read-write access for the entire OPC architecture, unauthorized access to production data or just spamming device-writes until the system comes down. This can be used to guard against stuff like that. If security holes can let a bug into the far reaches of space, how hard is it to get past the outer shell of most control system security? Any security specialist will tell you to consider defense in depth. Multiple layers that protect different important aspects of the system; from the big, burly guy at the gate down through the process – including the OPC system.

UPDATE:  Just saw this article that says the ISS now has Wi-Fi.  I wonder if they remembered to set a WPA key?  For more fun and entertainment on OPC Security check out the new ‘OPC Mythbusters’ series