Time-Sensitive Networking for Industrial Automation: Challenges, Opportunities, and Directions

With the introduction of Cyber-Physical Systems (CPS) and Internet of Things (IoT) into industrial applications, industrial automation is undergoing tremendous change, especially with regard to improving efficiency and reducing the cost of products. Industrial automation applications are often required to transmit time- and safety-critical data to monitor and control industrial processes, especially for critical control systems. There are a number of solutions to meet these requirements (e.g., priority-based real-time schedules and closed-loop feedback control systems). However, due to their different processing capabilities (e.g., in the end devices and network switches), different vendors may come out with distinct solutions, and this makes the large-scale integration of devices from different vendors difficult or impossible. IEEE 802.1 Time-Sensitive Networking (TSN) is a standardization group formed to enhance and optimize the IEEE 802.1 network standards, especially for Ethernet-based networks. These solutions can be evolved and adapted into a cross-industry scenario, such as a large-scale distributed industrial plant, which requires multiple industrial entities working collaboratively. This paper provides a comprehensive review on the current advances in TSN standards for industrial automation. We present the state-of-the-art IEEE TSN standards and discuss the opportunities and challenges when integrating each protocol into the industry domains. Finally, we discuss some promising research about applying the TSN technology to industrial automation applications

A distributed framework for the control and cooperation of heterogeneous mobile robots in smart factories.

Doctoral Degree. University of KwaZulu-Natal, Durban.The present consumer market is driven by the mass customisation of products. Manufacturers are now challenged with the problem of not being able to capture market share and gain higher profits by producing large volumes of the same product to a mass market. Some businesses have implemented mass customisation manufacturing (MCM) techniques as a solution to this problem, where customised products are produced rapidly while keeping the costs at a mass production level. In addition to this, the arrival of the fourth industrial revolution (Industry 4.0) enables the possibility of establishing the decentralised intelligence of embedded devices to detect and respond to real-time variations in the MCM factory. One of the key pillars in the Industry 4.0, smart factory concept is Advanced Robotics. This includes cooperation and control within multiple heterogeneous robot networks, which increases flexibility in the smart factory and enables the ability to rapidly reconfigure systems to adapt to variations in consumer product demand. Another benefit in these systems is the reduction of production bottleneck conditions where robot services must be coordinated efficiently so that high levels of productivity are maintained. This study focuses on the research, design and development of a distributed framework that would aid researchers in implementing algorithms for controlling the task goals of heterogeneous mobile robots, to achieve robot cooperation and reduce bottlenecks in a production environment. The framework can be used as a toolkit by the end-user for developing advanced algorithms that can be simulated before being deployed in an actual system, thereby fast prototyping the system integration process. Keywords: Cooperation, heterogeneity, multiple mobile robots, Industry 4.0, smart factory, manufacturing, middleware, ROS, OPC, framework

Capability-based access control for cyber physical systems

Cyber Physical Systems (CPS) couple digital systems with the physical environment, creating technical, usability, and economic security challenges beyond those of information systems. Their distributed and hierarchical nature, real-time and safety-critical requirements, and limited resources create new vulnerability classes and severely constrain the security solution space. This dissertation explores these challenges, focusing on Industrial Control Systems (ICS), but demonstrating broader applicability to the whole domain. We begin by systematising the usability and economic challenges to secure ICS. We fingerprint and track more than 10\,000 Internet-connected devices over four years and show the population is growing, continuously-connected, and unpatched. We then explore adversarial interest in this vulnerable population. We track 150\,000 botnet hosts, sift 70 million underground forum posts, and perform the largest ICS honeypot study to date to demonstrate that the cybercrime community has little competence or interest in the domain. We show that the current heterogeneity, cost, and level of expertise required for large-scale attacks on ICS are economic deterrents when targets in the IoT domain are available. The ICS landscape is changing, however, and we demonstrate the imminent convergence with the IoT domain as inexpensive hardware, commodity operating Cyber Physical Systems (CPS) couple digital systems with the physical environment, creating technical, usability, and economic security challenges beyond those of information systems. Their distributed and hierarchical nature, real-time and safety-critical requirements, and limited resources create new vulnerability classes and severely constrain the security solution space. This dissertation explores these challenges, focusing on Industrial Control Systems (ICS), but demonstrating broader applicability to the whole domain. We begin by systematising the usability and economic challenges to secure ICS. We fingerprint and track more than 10,000 Internet-connected devices over four years and show the population is growing, continuously-connected, and unpatched. We then explore adversarial interest in this vulnerable population. We track 150,000 botnet hosts, sift 70 million underground forum posts, and perform the largest ICS honeypot study to date to demonstrate that the cybercrime community has little competence or interest in the domain. We show that the current heterogeneity, cost, and level of expertise required for large-scale attacks on ICS are economic deterrents when targets in the IoT domain are available. The ICS landscape is changing, however, and we demonstrate the imminent convergence with the IoT domain as inexpensive hardware, commodity operating systems, and wireless connectivity become standard. Industry's security solution is boundary defence, pushing privilege to firewalls and anomaly detectors; however, this propagates rather than minimises privilege and leaves the hierarchy vulnerable to a single boundary compromise. In contrast, we propose, implement, and evaluate a security architecture based on distributed capabilities. Specifically, we show that object capabilities, representing physical resources, can be constructed, delegated, and used anywhere in a distributed CPS by composing hardware-enforced architectural capabilities and cryptographic network tokens. Our architecture provides defence-in-depth, minimising privilege at every level of the CPS hierarchy, and both supports and adds integrity protection to legacy CPS protocols. We implement distributed capabilities in robotics and ICS demonstrators, and we show that our architecture adds negligible overhead to realistic integrations and can be implemented without significant modification to existing source code. In contrast, we propose, implement, and evaluate a security architecture based on distributed capabilities. Specifically, we show that object capabilities, representing physical resources, can be constructed, delegated, and used anywhere in a distributed CPS by composing hardware-enforced architectural capabilities and cryptographic network tokens. Our architecture provides defence-in-depth, minimising privilege at every level of the CPS hierarchy, and both supports and adds integrity protection to legacy CPS protocols. We implement distributed capabilities in robotics and ICS demonstrators, and we show that our architecture adds negligible overhead to realistic integrations and can be implemented without significant modification to existing source code

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms

Stuck in Pilot Purgatory: Understanding and Addressing the Current Challenges of Industrial IoT in Manufacturing

The Industrial Internet-of-Things (IIoT) is one of the most hyped concepts embedded in the Industry 4.0 paradigm. IIoT can provide a multitude of benefits to firms, such as enhanced productivity and better insight into company operations. Despite these benefits, manufacturing companies are considerably struggling to realize the potential of IIoT. Several consulting companies, such as McKinsey and Deloitte, coined the term “pilot purgatory” to define the state of being in which most IIoT projects get stuck. Based on a series of interviews with 12 experts in the field, this study identifies and addresses IIoT-specific challenges in manufacturing. Our study provides two main contributions. First, our analysis provides a broad, practice-based overview of IIoT challenges by considering both the technological, organizational and environmental contexts of manufacturing firms, following the TOE framework as a theoretical lens to structure the results. Second, we derive specific management guidelines for each of the identified challenges

ASTRI Mini-Array Top Level Software Architecture

This document provides a comprehensive architectural overview of the ASTRI Mini-Array Software system (a.k.a MA Software or MA Software System), which manages observing projects, observation handling, array control and monitoring, data acquisition, archiving, processing and simulations of the Cherenkov and Intensity Interferometry observations, including science tools for the scientific exploitation of the ASTRI MA data. This document, using a number of different views, depicts different aspects of the Mini-Array software and describes the significant architectural decisions

Costs and benefits of automation for astronomical facilities

The Observatorio Astrof\'isico de Javalambre (OAJ{\dag}1) in Spain is a young astronomical facility, conceived and developed from the beginning as a fully automated observatory with the main goal of optimizing the processes in the scientific and general operation of the Observatory. The OAJ has been particularly conceived for carrying out large sky surveys with two unprecedented telescopes of unusually large fields of view (FoV): the JST/T250, a 2.55m telescope of 3deg field of view, and the JAST/T80, an 83cm telescope of 2deg field of view. The most immediate objective of the two telescopes for the next years is carrying out two unique photometric surveys of several thousands square degrees, J-PAS{\dag}2 and J-PLUS{\dag}3, each of them with a wide range of scientific applications, like e.g. large structure cosmology and Dark Energy, galaxy evolution, supernovae, Milky Way structure, exoplanets, among many others. To do that, JST and JAST are equipped with panoramic cameras under development within the J-PAS collaboration, JPCam and T80Cam respectively, which make use of large format (~ 10k x 10k) CCDs covering the entire focal plane. This paper describes in detail, from operations point of view, a comparison between the detailed cost of the global automation of the Observatory and the standard automation cost for astronomical facilities, in reference to the total investment and highlighting all benefits obtained from this approach and difficulties encountered. The paper also describes the engineering development of the overall facilities and infrastructures for the fully automated observatory and a global overview of current status, pinpointing lessons learned in order to boost observatory operations performance, achieving scientific targets, maintaining quality requirements, but also minimizing operation cost and human resources.Comment: Global Observatory Control System GOC

Edge and Big Data technologies for Industry 4.0 to create an integrated pre-sale and after-sale environment

The fourth industrial revolution, also known as Industry 4.0, has rapidly gained traction in businesses across Europe and the world, becoming a central theme in small, medium, and large enterprises alike. This new paradigm shifts the focus from locally-based and barely automated firms to a globally interconnected industrial sector, stimulating economic growth and productivity, and supporting the upskilling and reskilling of employees. However, despite the maturity and scalability of information and cloud technologies, the support systems already present in the machine field are often outdated and lack the necessary security, access control, and advanced communication capabilities. This dissertation proposes architectures and technologies designed to bridge the gap between Operational and Information Technology, in a manner that is non-disruptive, efficient, and scalable. The proposal presents cloud-enabled data-gathering architectures that make use of the newest IT and networking technologies to achieve the desired quality of service and non-functional properties. By harnessing industrial and business data, processes can be optimized even before product sale, while the integrated environment enhances data exchange for post-sale support. The architectures have been tested and have shown encouraging performance results, providing a promising solution for companies looking to embrace Industry 4.0, enhance their operational capabilities, and prepare themselves for the upcoming fifth human-centric revolution

Analysis and design of security mechanisms in the context of Advanced Persistent Threats against critical infrastructures

Industry 4.0 can be defined as the digitization of all components within the industry, by combining productive processes with leading information and communication technologies. Whereas this integration has several benefits, it has also facilitated the emergence of several attack vectors. These can be leveraged to perpetrate sophisticated attacks such as an Advanced Persistent Threat (APT), that ultimately disrupts and damages critical infrastructural operations with a severe impact. This doctoral thesis aims to study and design security mechanisms capable of detecting and tracing APTs to ensure the continuity of the production line. Although the basic tools to detect individual attack vectors of an APT have already been developed, it is important to integrate holistic defense solutions in existing critical infrastructures that are capable of addressing all potential threats. Additionally, it is necessary to prospectively analyze the requirements that these systems have to satisfy after the integration of novel services in the upcoming years. To fulfill these goals, we define a framework for the detection and traceability of APTs in Industry 4.0, which is aimed to fill the gap between classic security mechanisms and APTs. The premise is to retrieve data about the production chain at all levels to correlate events in a distributed way, enabling the traceability of an APT throughout its entire life cycle. Ultimately, these mechanisms make it possible to holistically detect and anticipate attacks in a timely and autonomous way, to deter the propagation and minimize their impact. As a means to validate this framework, we propose some correlation algorithms that implement it (such as the Opinion Dynamics solution) and carry out different experiments that compare the accuracy of response techniques that take advantage of these traceability features. Similarly, we conduct a study on the feasibility of these detection systems in various Industry 4.0 scenarios