1 how well you focus… will determine your reality “network communications trends in utility...

1How well you focus… will determine your reality

“Network Communications Trends in Utility Automation/IT”

Navigating the ‘Architecture of Information’ in the 21st Century

Welcome to FocusPoints™ Online Market BriefingsPresented by…

October 27, 2004

2© 2004 InfoNetrix LLC All Rights Reserved Unauthorized reproduction or distribution of this document is expressly prohibited.

Presentation Contents

• Session Organization• Webcast Objectives• Topic Background• Speaker Introductions• Presentations• Question & Answer Session• Wrap-up


Session Organization

• Each 90-minute FocusPoints™ Market Briefing consists of: 3 featured presentations; 20-25 minutes each; 2 by

InfoNetrix analysts; 1 guest speaker• Strategic Perspective (by InfoNetrix Analyst)• Tactical Perspective (by InfoNetrix Analyst)• Industry Perspective (by Guest Speaker)

15-20 minute Q&A (Time permitting; can be extended via email chat after session ends)

Session Wrap-up


Webcast ObjectivesEducate • Stimulate • Relate

• Educate Explain topic in clear terms that can be

easily understood and interpreted Offer rudiments that can be used in

substantive, practical (actionable) ways Provide a basis for further understanding


• Stimulate Offer provocative concepts, ideas and

suggestions that can be applied to the activities of session participants in ways can deliver tangible results

Show how automation & IT solutions can be used to meet specific market challenges

Help frame business opportunities that are financially feasible and technologically sound



• Relate Highlight ways to apply market intelligence

for practical use and applications Provide paths for translating market

concepts into actionable measures Build a foundation upon which specific

market entry/expansion strategies, tactics and action plans can be clearly formulated and executed



Today’s Topic

“Network Communications Trends in Utility Automation/IT”

Navigating the ‘Architecture of Information’ in the 21st Century


Today’s Speakers

• Mike Marullo: Strategic Perspective InfoNetrix Co-founder & Director of Strategic Market R&D 30+ years industry experience

• Ed Finamore: Tactical Perspective InfoNetrix Practice Manager & Senior Research Analyst 25+ years industry experience

• Dr. Tim Shaw: Guest Presentation Independent Consultant/Industry Executive 25+ years industry experience Noted Author and Instructor

9

“Entrusting Mission-critical Systems to the Internet: Now… or Never?”

Presented by Mike MarulloDirector-Strategic Market Research & Development

InfoNetrix LLCNew Orleans, LA

Strategic Perspective


Flashbacks on the Net

• Ethernet 1980: Xerox & Digital Equipment Corp (now part of H-P) jointly

issue first formal Ethernet specification, making it publicly available for a licensing fee

1982: The companies publish Version 2.0 defining the ongoing development of Ethernet technology*

Today, all roads are leading to Ethernet (wired and wireless)• Internet

Meanwhile, he idea of using high-speed public information networks - and ultimately, the Internet - to replace proprietary communications networks widely deployed in mission-critical applications garnered a mixed reception due to:

• Inherent vulnerabilities (multiplied by wireless applications)• A pervasive absence of comprehensive data security• Even more complications as wireless applications proliferate

(*The IEEE later became responsible for Ethernet specifications and undertook a reformulation of standardization development.)


What’s mission-critical?

• What is a ‘mission-critical’ system? Varies among organizations, markets and applications Usually ‘real-time’ is involved, tied to the application, BUT: Application requirements for ‘critical’ are all the same…

• Water/Wastewater: MGD (millions of gallons per day)• Oil/Gas/Petrochemicals (barrels per day; MBTUs per day)• Electricity: (186,000 miles per second!)

Usually involves control actions (‘commands’) that can cause variable levels of problems if corrupted or altered:

• Failure to execute desired outcome• Altered or misdirection to other/random devices• Blind operation (inaccurate or no feedback on result of action)


The Good News…

• Good News: We’ve come a long way in the past decade… Operating Systems

• Windows/Intel is the ubiquitous operating system of choice• Multi-platform operation is available, if needed• Seamless links to business systems are emerging

Device Protocols• Proprietary protocols are all but gone• Most protocols are character-oriented; not bit-oriented• DNP, ModBus and other standards now dominate

Data Rates• Messaging and data transfer speeds continue to climb• New technologies promise ever-faster rates ahead

Network Architecture• Fixed, hardwired networks are giving way to flexible network topology, combined

wired and wireless, and mixed protocols• The network medium can be wires, coax, fiber, wireless or any combo


The Bad News…

• Bad News: Despite all the progress we’ve made… Operating Systems

• Windows/Intel is an easy target for would-be hackers, attackers & dissidents• Links to business systems provide a plethora of new paths into critical areas

Device Protocols• Standard protocols are well documented and easily breached• Character-oriented protocols can be readily and easily deciphered• DNP, ModBus, FieldBus and other standards are public domain documents that

can be accessed by virtually anyone Data Rates

• Higher messaging and data transfer rates demand access to more robust networks

• IT networks are ill-equipped to handle real-time traffic using common IT rules Network Architecture

• Flexible network topology, combined wired and wireless, and common device protocols simply provide more ways to crack, hack or hijack mission-critical systems


The Burning Question

• Are we better off sticking with a old proprietary networks that are slower than what most people would be willing to surf the web with in order to protect mission-critical systems/applications?

- OR -

• Do the potential risks associated with adding mission-critical systems and applications to corporate IT networks outweigh the benefits?


The Pro’s…

• Merging real-time networks into corporate IT networks is a good idea because… Corporate IT networks are generally faster (>9600 BPS) and

better maintained/supported Corporate IT networks are generally more secure (???) The costs can be spread over a larger pool of users Management of the network is streamlined; overhead is

reduced All you really need is terminal and a browser Real-time tasks can still be separated/segregated from other

non-critical traffic on the network The real-time crew might learn a few things from the IT

folks(?)


The Con’s…

• Merging real-time networks into corporate IT networks is a bad idea because… Real-time networks may be relatively slow (≤ 9600 BPS) and

expensive to maintain/support but are generally reliable Corporate IT networks are generally less secure (???) The cost to bring real-time networks up to IT standards is prohibitive Control of the network is no longer exclusively focused on R/T apps All you really need is terminal and a browser to hack into the network Real-time tasks may be intermingled with non-critical traffic on the

network, causing mission-critical controls and/or information to be delayed, damaged, lost or otherwise impaired.

You just can’t trust those IT types!


Who wins & how and when?

• Who will win this philosophical tug-of-war?• How will it be won?• When will we know?


What’s on the horizon?

• Suppliers Getting better educated about security threats and mitigation measures Still not being proactive enough

• Utilities Beginning to realize that automation design, planning, implementation

and support methods need to be changed Inherent resistance to change will slow progress, but government and

regulators will force it to happen• Industry Orgs

Investigating (and some are developing) new methods for encryption and authentication.

• No one really knows for sure what the final remedies will be, but whatever they are, we can expect fundamental changes from the past and present


What are the drivers?

• Electric utilities are being driven extensively by North American Electric Reliability Council (NERC) guidelines NERC 1200 is already in place NERC 1300 is in the approvals process

• Water/Wastewater utilities are being driven mainly by the USEPA Vulnerability assessments were effectively completed (i.e., funding ran

out) in June 2004 Utilities must now figure out how to react and pay for the protection that

is needed• Gas utilities initiative being led by GTI (Gas Technology Institute)

Working closely with Sandia National Labs to develop an encryption and authentication protocol standard

Their work is NOT limited to gas utilities Progress is slow


It’s a BIG problem…

• Utilities are not the only ones at risk from the homogenization of real-time with the real-world at the network level ISA (Instrumentation, Systems & Automation Society) SP-99 targets

process control and process automation issues• Lost production• Regulatory & Legislative compliance costs• Environmental damage• Loss of life

IEC• TC45 Nuclear Standards• TC 57 Working Groups 7 and 15 Telecontrol for Electric Power

Applications• TC 65C FieldBus

PLUS: IEEE, GTI, EPA (and others)


…and Big Problems Require BIG Solutions

• The 2005 USDHS budget for security is $4.4 billion with over $1 billion to be spent on science and technology research

• Many of the world’s largest IT companies will be on the receiving side of this funding: IBM Microsoft Oracle Hewlett-Packard Others

• This level of spending WILL have an impact on the entire industry; public and private; foreign & domestic; large and small markets

• Overall, the problems are global and pervasive. Therefore, they WILL be resolved (but it will take time).


What happens next?

• Near-term (next 2-3 years): Utility networks will continue to…

• Make more use of the Internet for real-time applications (with control implemented in very limited capacities)

• Partly or wholly become part of corporate IT networks Some suppliers will offer new methodologies, techniques and

technologies for dealing with risks; most will be short-sighted and very limited!

Funding sources to implement protective measures, procedures and uniform standards will continue to be scarce or non-existent

Lip service and simplistic solutions will rule for awhile longer


Simplistic Solution #1:Piecemeal Protection

• Fire-proofing the most important 1 or 2 floors of a 30-story building with state-of-the-art smoke detectors and top-of-the-line sprinklers will probably not significantly protect the entire building from being destroyed by fire, especially if the protected floor(s) are traffic corridors for the other floors

FIREPROOFED


• Repaving and placing guard rails on portions of the on- and off-ramps to a freeway do not make the main roadway any safer to travel - and might actually allow more destructive vehicles to use it improperly.

Simplistic Solution #2:Limited Access Control


In the longer term…

• Long-term (next 3-5 years): Utilities (and other real-time practitioners) will…

• Use the Internet as the principal network for real-time applications (with control implemented in expanding capacities)

• Fully integrate real-time into corporate IT networks Expect major IT suppliers to offer new methodologies, techniques

and technologies for dealing with risks on very broad and universal basis at the highest levels

Funding sources to implement protective measures, procedures and uniform standards will be built into overhead and general IT system license fees

Economies of scale gained by network integration will overcome even the most onerous challenges to system security and data integrity; may lead to far fewer systems being purchased


Growth Profile of Wireless Technology (2001-2007)

% wireless for all

communications devices


Future: Net to Everywhere

Get ready for IT!

28

Next, Ed Finamore will present a tactical market perspective…

InfoNetrix Advisory Services FocusPoints™FocusPoints™ Online Market Briefing

“Communications Trends in Utility Automation/IT (2004-2007)”

1 how well you focus… will determine your reality “network communications trends in utility...

Documents