Dr. Johan Åkerberg, ABB Corporate Research, Sweden, 2015-11-03

Dependable Cyber Physical Systems

Outline

Industrial Applications

Industrial Automation

Safety vs. Security

Outlook and Concluding Remarks

November 5,

2015

| Slide 2

Industrial Applications

Industrial Applications Examples of Power Systems

Grid stabilization and long

distance power transmission

with low power losses

November 5,

2015

| Slide 4

Industrial Applications Examples of Substation Automation

Continuous electrification and

load management of cities and

industries

November 5,

2015

| Slide 5

Industrial Applications Examples of Process Automation

Continuously stabilizing

unstable and unsafe

processes

November 5,

2015

| Slide 6

Industrial Applications Examples of Discrete Automation

High speed assembly,

packaging and palletizing

November 5,

2015

| Slide 7

Industrial Automation

A journey from electromechanical relays

to centralized control systems and

today decentralized control systems

Industrial Automation Where do we come from?

Many plants have two or three generations of systems in operation

November 5,

2015

| Slide 9

Industrial Automation The Internet of Things, People and Services

November 5,

2015

| Slide 10

Industrial Automation The Control Pyramid

Several products and protocols in order to meet the

requirements

November 5,

2015

| Slide 11

Industrial Automation Fieldbus Communication, the “Things”

Proxies

to other

buses

•Profibus

•others

MV

DrivesMV

Switchgear LV

Switchgear

LV

ProductsDrives

Remote I/O

InstrumentationHV Valves

GIS

AIS

Distribution

trafoPower

trafo

Web HMI

Proxies

to other

buses

•Profibus

•others

MV

DrivesMV

Switchgear LV

Switchgear

LV

ProductsDrives

Remote I/O

InstrumentationHV Valves

GIS

AIS

Distribution

trafoPower

trafo

Web HMI

• The distributed control systems collect information from the

process in order to control and actuate using for example

• High voltage to low voltage switchgears

• Electrical machines ranging from MW to kW

• Process instrumentation and control valves

Installed multi billion equipment have an expected life time of up 20

years and only subsystems are upgraded due to cost issues

November 5,

2015

| Slide 12

Industrial Automation

Safety and Security

Protect people, properties and the environment

High availability

Fault tolerance

Run-time reconfigurations

Deterministic system response time

Even in case of failures or reconfigurations

Efficient deployment and maintenance

Scalable and interoperable

Basic Requirements

Often contradicting requirements!

November 5,

2015

| Slide 13

Industrial Automation How to deal with safety?

November 5,

2015

| Slide 14

Safety vs. Security

Safety vs. Security

Safety

Reduce the risk of damage to person, property or environment

All possible error cases are determined pre-runtime, and must not change over time

Examples: A faulty device causes environmental pollution or an uncontrolled chemical process

Security

Reduce the risk of unauthorized access or sabotage to a system

Security threats will change over time

Examples: A deliberate security attack causes loss of production or degraded production

November 5,

2015

| Slide 16

Safety vs. Security Why safety for industrial automation?

Because I care about the environment and worker safety!

November 5,

2015

| Slide 17

Safety vs. Security Why security for industrial automation?

Because I cannot unplug the correct network cable in time?

November 5,

2015

| Slide 18

Safety vs. Security The need for secure systems and communication

Firewalls

Intrusion Detection Systems

Access Control / User Account Mgmt

Antivirus

Whitelisting

Secure Communication

Code Signing

Classical security mechanisms are necessary, but no longer sufficient.

November 5,

2015

| Slide 19

Safety vs. Security

Why not applying security best practices from the IT

domain directly?

We do, but locking down systems for sake of security might

have a negative impact on safety

Patching 10.000 – 30.000 embedded systems in a plant

every year hamper the production rate

How to keep things secure with all different actors involved

over the complete lifecycle of a plant?

Maintenance and commissioning personnel are not crypto

experts, but process experts

They cannot enter a RSA key pair in a device or install digital

certificates on New Year’s Eve when the plant manager

demands full production after a component failure

Security Challenges

November 5,

2015

| Slide 20

Outlook and Concluding Remarks

Outlook and Concluding Remarks

Research, adapt and standardize new technologies

towards industrial automation

From a communication perspective, the volumes to

develop proprietary hardware solutions today are not

cost effective (leverage on standardized and high

volume hardware)

Flexibility, scalability, and maintainability are some of

the main challenges today (added value by new

technologies)

New technologies should improve on the system level

to add end-user value (cross-domain research)

Opportunities

November 5,

2015

| Slide 22

Outlook and Concluding Remarks

Customers expect secure systems but also expect it to ”come for free”. Are we willing to pay for privacy?

Audit trails are important, can we deploy this while preserving the end-users privacy? Will engineers be sued for malpractice?

In a Cloud or IoT scenario, equipment or data will not the physically protected as today, thus privacy solutions will be a key element to protect business information from 3rd party.

Two major requirements are safety and availability. In worst case, new technologies might have a negative impact on overall system availability.

Challenges

November 5,

2015

| Slide 23

Outlook and Concluding Remarks

The safest and securest critical infrastructure is the one that is never taken in to operation!

But that would be the worst multi billion investment ever…

In order to take the next leap in distributed real-time systems

we need flexible, cost efficient and long lived Cyber Physical Systems that control our critical infrastructure

But more important, just because we can add new technologies are the benefits worth the risks?

If so, how to guarantee the safety of people, property, and the environment?

November 5,

2015

| Slide 24