As anyone who has tuned in to a sports channel recently knows, Texas Hold’em Poker is a professional sport. The best players all have an amazing ability to calculate odds on the fly.  Most of us are not so lucky. We calculate probabilities the hard way.

One type of probability that should interest every system engineer, manager and technician is the probability of component and system failure.  By far the easiest way to reduce the probability of system failure is by introducing component redundancy.

It works like this: probabilities multiply. If the chances of one component failing are 1%, the chances of two independent components failing at the same time are .01%. The redundant pair is now 100 times more reliable.  Added bonus: The more reliable the individual components, the more effective redundancy becomes.  With more reliable components, that have a failure rate of .1%, the failure rate of the pair drops to .0001%. That’s 1000 times more reliable. That’s a reduction from 8 hours a year to 31 seconds a year. That’s a reduction from a shift a year to less time than it took to read this blog post.

To instantly improve the reliability of your OPC Architecure, try OPC Redudnancy Broker, and leave calculating odds on the fly for the poker table.

If I had a nickel every time I heard an integrator or engineer ask:  “Can you help me store my” fill in the blank “ data in Excel?” I would have… a whole pile of nickels.  The reasons are just as frequent: “I like Excel.  It’s simpler. It’s only a little bit, like 10 tags. A historian is overkill.”  Not only are  these not good reasons to turn Excel into a historian, there are a pile of reasons why you should never even try.

Here are three:

1. It breaks a very good rule for system design. Multi-tier design has been established as one of the better methods of system architecture since before the dawn of time (or at least the early 1980s).  Breaking that design sacrifices security, reliability, traceability, modifiability, standardization scalability and your sanity. Having your presentation, data and logic layer all together is like putting your kitchen and living room in your bathroom. It’s going to get uncomfortable, fast.
2. It will devolve into a mess. For all the supposed simplicity of using Excel as a storage medium, it always manages to get complicated. It should be a law: the number of spreadsheets in an organization is inversely proportional to the accuracy of the data contained in spreadsheets.  We’ve all seen the broken links, copies of forwarded copies, tweaked from yet again other copies, with the original nowhere to be found. This isn’t the joke of the day, it’s your data.
3. It simply wasn’t designed for it. Excel is an amazing tool for presenting data. It has many great features for reporting: Charts, Calculations, Easy Formating and Scripting. It was never designed to archive real-time data reliably. I still wouldn’t use it for process data collection
   and storage any more than I would use my car as a lawnmower.

The ultimate ‘reason’ to go with Excel as a storage mechanism is that it’s cheapest thing out there. Well, crack that old chestnut too: there are great low-cost, zero-maintenance, small footprint historians based on open standards. Like OPC MicroHistorian.  All for less than mucking around in VBA for a day.

So the next time you hear “all we need to do is store it in Excel,” say it with me: Excel is not a Historian.

For most people, security measures amount to a dull, boring, time-consuming necessity. Today I’m going to talk about how to have fun with security, without the need of a firing range.

The first thing to do is to find out what those pesky hackers want. Do they want your business information? Do they want to cripple your production? Blow up a plant? Do they want to blackmail you with the possibility or just do something bad?
Once you know this, you know what you want to secure. The fun part is how you go about it. I recommend playing with hackers’ minds until they give up on you.

One magazine article I read showed a great defense tactic by the US Air Force: put black tarps on runways that look exactly like fighters and bombers. This way the attacker doesn’t know whether he’s attacking a billion dollar aircraft or a thousand dollar piece of all-weather cloth. The reason this applies to you is that hackers are in an even worse position than anyone choosing to attack an air base: they are entirely dependent upon your systems for their information. There are several ways you can take advantage of this:

1. Honeypots: A honey pot is a large storage area of apparently valuable data that may or may not be real. It is used to draw in hackers and see what they do so you can take appropriate countermeasures. A honeypot could contain real low-sensitivity records, fake valuable stuff, or even stuff that seems to be valuable but actually takes effort to find out that it’s totally worthless (such as failed research efforts). I don’t think many hackers’ employers would be happy paying a large sum for a new technique that takes them an additional large sum to find out it’s worthless. After a few of these a hacker would likely stay away from your sites simply because it’s not worth it.
2. Simulated equipment: A lot of sites have simulated plant environments that are used for testing new control algorithms. Why not put your simulated plant on the Net so that a hacker thinks it’s part of your factory? If someone hacks into your simualted plant then you can take countermeasures, including taking your actual plant off of the Net entirely.

If you’re not one for games, bore the hackers to death. Batten down the hatches with OPC Security Gateway – no permissions, no access.

Happy securing!

Why is security so much on everyone’s mind?  It’s because safety is at odds with usability. Security eliminates unsafe (hazardous or malicious) activities while preserving legitimate use. You might ask why you need a security system.  A good discussion of the need for security is found in “Effective OPC Security for Control Systems – Solutions you can bank on”.

You may feel that you can “wall off” your factory from the Internet. That’s not going to last. Why? Profit. Today’s software needs access to your plant in order to deliver the maximum benefit:

• It’s valuable to let anyone who needs to access plant data have direct access to it.
• Control systems can immediately message the appropriate people when a plant incident occurs.

Control operators no longer need to worry about messaging people when they have to get the plant stabilized.  Think of it this way: would you telephone firefighters every five minutes when they’re trying to douse your rapidly burning house?

• Linking your plant to your sales force results in increased responsiveness, which means profit. Even if you feel “walling off” your network is safer, your manager, VP, or shareholder probably won’t like it.  Of course, that’s also assuming that government doesn’t make the point moot by requiring operations information on a regular basis.

Thus you need something that will allow certain operations while prohibiting others.  Consider the most popular form of computer authentication: the user ID and password.  It’s popular because it allows you to limit access based on identity (or lack of it) and doesn’t require a lot on the part of the user.

In order to do this effectively you need to know:

1. what your environment is and
2. what the legitimate uses are.

You also will benefit from considering

1. motives of attackers and
2. targets for attack.

My next few blogs with deal with security issues and how your plant can benefit.

You’ve seen them everywhere: hotels, offices, airports, and public buildings.  Wireless routers are popping up everywhere.  Then you look around and realize your office doesn’t have one and think about getting one.  Before you go rushing off to pick up some wireless routers, consider whether you actually need them.  If you manage a hotel or public building, this amounts to a great way to not have to drill holes in walls in order to give everyone in the area network access.  For plant environments this benefit may not be as clear. 

Benefits:

• Omnidirectional: everyone in an entire area has access.
• Motion-insensitive: good for employees that need to move around.
• No modification to buildings required; just plug it in.  This may be of particular interest in locations where laying network cable takes a significant amount of time to plan and organize.

Drawbacks:

• No way to identify who is connecting to your network or where they are.  You can password-protect your router but that’s about it.  If they get onto your network, they may not be targeting your network.  They could connect to other computers and anything they do could be traced back to you.  You could be held responsible for something you didn’t even do because it came through your network.
• Slower than Ethernet.  If you convert an office from wired to wireless, will your employees like the reduced network speeds?  Even the latest wireless speeds are slower than gigabit Ethernet.
• At longer ranges, communications will be slower and more vulnerable to interference.

Oh, you did remember to configure the router to block out the ports you don’t need, block access to systems people won’t need to access, and change the default configuration password, didn’t you?

And just In case you didn’t…. click here!

Doing some late night TV surfing last night, I suddenly came across a news channel showing breaking news: Japan was just hit by the most powerful earthquake in its history. Transfixed, I sat there watching as the resulting tsunami tidal waves came crashing across the coastal landscape – devouring everything in their path like a gigantic angry amoeba. As the story developed, I was impressed to see how prepared the authorities were. Instructions were being sent to people via TV, radio, and even their cell phones. It struck me how everything from natural disasters to manmade problems like Stuxnet show up just when we least expect them.

One image in particular caught my eye: a 30 meter high fire raged near several tanks at a refinery. Given all the control automation equipment refineries use – I wondered how well the refinery had prepared for just such a calamity. Did they have a redundant control automation system set up? Pretty sure they did. If they were using OPC, were their OPC connections redundant? Using OPC Redundancy Broker would have taken care of that issue nicely.

Speaking of being prepared for emergency situations – how disaster-ready is your OPC architecture?

Anyone following the usual Industrial Automation blogs and news will have heard about the cybersecurity threats against Siemens WinCC and PCS7 platform. Among others, Control Global has an article, and Gary Mintchell has been following it closely on his blog. While this doesn’t specifically apply to OPC, it definitely affects the overall industrial automation space. From the reports coming in, it appears to be an ‘industrial espionage’ attack targeting Siemens, but makes use of a Windows vulnerability that is present on systems from XP to Windows 7. This particular variation uses a default password to access the WinCC database. Since all major control system vendors have systems that run on Microsoft platforms, it would not be surprising to see different variations of this crop up. The good news is that work arounds are available and patches will be forthcoming.

This should serve as a warning and reminder that users MUST consider security as an essential part of their control system planning. This includes OPC data communications. There are many options available to ensure your OPC products work well within your overall security architecture: OPC Security 1.0 Specification aware products, OPC Security Gateways, OPC Tunneller, etc.

Check out the OPC Security information section or read a whitepaper for more details on creating secure OPC architectures.

Today Honeywell has completed the acquisition of Matrikon.  Matrikon will be integrated with the Advanced Solutions business of Honeywell Process Solutions (HPS). It has also been announced that MatrikonOPC will operate as a separate business entity within HPS.

The VP of OPC Products, Sean Leonard, gives more details in the most recent MatrikonOPC e-newsletter.  The main point is what will remain the same:  The MatrikonOPC business will run as an independent business unit under Honeywell, just as when it was owned by Matrikon; the MatrikonOPC brand will remain the same, and will continue:

• Its commitment to vendor neutral OPC
• Leading new technology development
• Helping people adopt open standards based solutions

This is echoed in the statement by Norm Gilsdorf, President of Honeywell Process Solutions. “Following our acquisition of Matrikon, Honeywell intends for the MatrikonOPC business to continue delivering on this promise and to preserve the vendor neutrality that has made MatrikonOPC successful. MatrikonOPC will operate as a separate business entity within Honeywell Process Solutions. Honeywell is committed to ensuring the continued success and growth of MatrikonOPC.”

You can read the full press release for more details on the acquisition.

Guess that means, I get to keep on blogging about OPC J

The OPC Foundation’s next roadshow seminar for End-Users and System Integrators, on June 23rd in Minneapolis, the City of Lakes. The event will be held at the Minneapolis Marriott Southwest, 5801 Opus Parkway, Minnetonka, MN 55343; ph. 952-935-5500. The program will begin with a continental breakfast and registration at 8:00 a.m. followed by program start at 8:30 a.m. To register for this event, please click here. Hotel information and directions can be found here.

Some fine folks from MatrikonOPC will there to help you learn more about OPC technology, including OPC Classic, OPC Xi and OPC UA. OPC is the automation industry plug and play standard. Drop by our booth, have a conversation and learn how OPC provides efficient data exchange and moves information from the plant floor to the enterprise.

If you are in the area, come on down and have a look.  If you are unable to attend but still want to learn more about OPC, there are many great, free OPC webinars available.  Here is the most current list of free OPC webinar topics.

Boy, has it really been that long since I put up a post?  You get busy with the day to day grind, and say to yourself, ‘I’ll get one up by Tuesday, and realize it is Thursday already’.  I’m sure we all have something we know we should be making more time for during our work week; filing those overdue reports, re-certifying those work safety requirements, taking that on-line OPC training course you’ve been meaning to do.  If it is important than it’s important to find the time to get it done.

I took some time to catch up on some marketing reading, including this posting on ‘What’s working in marketing’.  It’s a great podcast featuring Gary Mintchell and Walt Boyes. If you listen to the section on blogging, you’ll of course hear Gary’s admonishment at my recent remiss in blogging.  He quoted me quite correctly as saying ‘There’s blogging and there’s business’, but it’s high time I get back to the ‘business of blogging’.

Walt and Gary talk about the power of blogs to get breaking news and information out.  There has been a lot of things happening in OPC these days, that is blog worthy including the next upcoming OPC Foundation Roadshow.

MatrikonOPC will be at the next OPC Technical Seminar , on April 29, 2010 at the Fremont Marriott Silicon Valley, in Fremont, CA .  There is still time to register, if you haven’t already, and you’re going to be in the area.  Feel free to drop by the MatrikonOPC booth, and learn more about OPC and how it can help your business.  For those on the other side of the globe, you can check out the Matrikon User Conference in Koln, Germany.  The OPC track includes talks on OPC UA StreamInsight, secure data architectures and much more.

I encourage everyone to take the opportunity to attend these events.  If you can’t find the time to make the trip, you might still want to read more on how OPC can be configured to limit access so that users can only see the tags they really need to: ‘OPC Access on a Need to Know Basis’