The Open Process Automation(tm) Forum - Energytech | … · · 2017-12-11Info Model & Standard Configuration . Subcommittee. ... Physical Platform Subcommittee. Systems & Network

Copyright © The Open Group 2017

The Open Process Automation(tm) Forum: Developing a standards-based, open, secure, interoperable process control architecture

Jim Hietala VP, Security and Business DevelopmentCISSP, GSEC, Open FAIR™[email protected]


Agenda

2

» About The Open Group» Drivers for Change in Process Control

Systems » Lessons Learned from Standards Efforts in

Other Industries» Open Process Automation Forum Overview


The Open Group is ...

AustraliaBelgiumBrazilCanadaChinaColombiaCzech RepublicDenmarkFinlandFranceGermanyHong KongIndiaIrelandItalyJapanKoreaLuxembourgMalaysiaMexico

570+ Member Enterprises in 40 CountriesStaff and local partners in 12 Countries

NetherlandsNew Zealand

NigeriaNorway

PhilippinesPoland

PortugalQatar

Saudi ArabiaSingapore

South AfricaSpain

SwedenSwitzerland

TaiwanTurkey

UKUnited Arab Emirates

USAVietnam

3


Forums of The Open Group: New - Open Process Automation™ Forum

4

The Open GroupArchiMate® Forum

The Open GroupArchitecture Forum

The Open GroupSecurity Forum

Open Trusted Technology Forum

Build with Integrity, Buy with Confidence

RISK

The Open GroupIT4IT™ Forum

Managing the Business of IT

Dependability through

Assuredness™

Real-Time & Embedded

Systems Forum

Open Platform 3.0®

Cloud, Social, Big Data and IoT

PlatformForum

POSIX and Others

4

The Open GroupOpen Process

Automation™ Forum

Develop a Standards-based, Open, Secure, Interoperable Process Control Architecture


Industry Verticals & Consortia

5

The Open GroupHealthcare Forum

The Open GroupExploration Mining Metals and Minerals

Forum

DirecNet® Task ForceThe Open Group FACE Consortium

Verticals

Consortia

*Gated US-Only due to Export Controls on US DoD and their supplier

base

5

Copyright © The Open Group 2017Copyright © The Open Group 2016

Drivers for Change in Process Control Systems

6


Drivers for Change in Process Control (DCS) Systems

» Enable agility in introducing new capabilities into existing networks, realize value from technology improvements faster than once every ~20 years

» Reduce proprietary vendor lock-in and drive interoperability» Remove non-productive cost for suppliers and for asset

owners» Create a bigger market opportunity» Take advantage of new technologies, e.g. IIoT, cloud» Reduce capital expense for process control systems

(replacements or upgrades)» Cybersecurity…enable intrinsic security capabilities

7


Cybersecurity Challenges from IIoT

» Dramatic growth in IoT, while IIoT adoption is gated (largely) by security concerns

» IoT & IIoT risk & security are highly use case dependent» Proposed US legislation on security characteristics for

Fed procurements of IoT/IIoT– Patchable– No known vulnerabilities, disclosure of vuln. – No hard coded passwords

» Lack of definition of what it means to be “securable” in the context of IIoT

8


Control Systems & Cybersecurity

» Many users are critical infrastructure industries

» Threat landscape– Recent DHS/FBI

warning on targeted attacks aimed at nuclear, energy, aviation, water and critical manufacturing industries, threat vector = IT to OT interface

– Nation states, hacktivism, cyberwarfare

9


Control Systems, Users Perception of Risk

10

SANS ICS Security Survey data from 2016 ICS cybersecurity survey of 234 respondents, 60% US based


Control Systems Vulnerabilities

11

Copyright © The Open Group 2017Copyright © The Open Group 201 12SANS ICS Security Survey data from 2016 ICS cybersecurity survey

Copyright © The Open Group 2017Copyright © The Open Group 201 13

SANS ICS Security Survey data from 2016 ICS cybersecurity survey






Point Product Proliferation: Where IT Failed at Security

16


Implications

» Few technical standards in IT security…» Bolt-on brings lack of integration/interoperability, and a

degree of vendor lock-in» Custom work required of vendors/integrators/customers

to enable solution integration & interoperability» Vendor overload, requirement to deal with many small

vendors solving narrow security problems» Attack surface issues in gaps between products/security

functionality

17


Standards Lessons Learned from Other Industries

18


UNIX Case Study

» Problem: Proliferation of incompatible IT hardware and software, lack of standards, no interoperability, no portability & reuse of software

» Solution: UNIX standard, conformance program and licensed trademark developed by The Open Group– Significant buy-side push from US & other government buyers helped

create the market to ensure suppliers commitment to open standards» Lessons learned:

– Need strong buy-side representation– Standards are hard, bringing a rigorously vendor-neutral, consensus-based

approach and a well defined standards process is key– Keeping the business issues in scope helps ensure that the standard leads

to market adoption & uptake, e.g. procurement and business guides– Standards can require a long view: UNIX remains a very large market,

$10’s of Billions/year 20+ years into the standard/conformance program

19


FACE Case Study

» Problem: US military avionics systems were proprietary, and costs were escalating at an unsustainable pace

– Multiple branches of the military were affected, and were looking for a way to bring down development costs for these systems

» Solution: FACE Consortium, FACE technical standard driving interoperability & reuse, and FACE conformance program developed by The Open Group

– Open Group stood up a focused consortium to develop the standard, FACE, and the work included business guide US DoD convened leaders in the IT industry via The Open Group to address this

– Significant procurements now requiring FACE conformance, 5 years in» Lessons learned:

– Strong buy-side and supply-side representation important– Focus on understanding the ecosystem, business issues (business guide, and procurement

guide) and adoption key– Some early participants were there for defensive reasons, but have now become big

supporters

(FACE = Future Airborne Capability Environment)

20


Open Process Automation Forum™ Overview

21


Who We Are

• Open, consensus-based group of: – End users– Hardware, software and solutions suppliers– Systems integrators– Academia– Standards organizations


Total Membership to Date = 110

Sampling of Our Members…


Who We Are

• Exceptional mix of technology thought leaders and pioneers from several industrial segments

• Composed of several main working committees

– Business Working Group– Standards Working Group– Enterprise Architecture Working Group– Technology Working Group

• Under direction of two co-chairs elected every two years

– Don Bartusiak, Chief Engineer, ExxonMobil Research & Engineering– Trevor Cusworth, Global Account Manager, Schneider Electric


Enterprise Architecture Working Group

Co-Chairs:Mark Bush (Shell)

Dave Emerson (Yokogawa)

Business Working GroupCo-Chairs:

Paul Berlowitz (ExxonMobil)Dennis Stevens (Lockheed Martin)

Open Process Automation™ Forum

Standards Body Interface Working Group

Co-Chairs: Dennis Brandl (Schneider-Electric)Firas Khalil (Siemens Industry Inc.)

Technology Working GroupCo-Chairs:

Steve Bitar (ExxonMobil)Jeff Harding (ABB)

Open Process Automation™ ForumCo-Chairs:

Don Bartusiak (ExxonMobil)Trevor Cusworth (Schneider-Electric)

Steering CommitteeAll Member Organizations

Business Guide Subcommittee

Marketing & Outreach Subcommittee

Conformance Subcommittee

Library Subcommittee

Technical Architecture Subcommittee

Connectivity Framework Subcommittee

Info Model & Standard Configuration SubcommitteeApplication & Library PortabilitySubcommitteeSecurity Architecture Subcommittee

Physical Platform Subcommittee

Systems & Network Management Subcommittee

Requirements Management Subcommittee

Project ManagementJuan Aparicio (Siemens Corporation)


What We Do

• Working together to:– Develop a technologically appropriate open

process automation architecture

– Develop specifications and business guidance for architecture adoption and use


Our Goal

• A standards-based, open, secure and interoperable process automation architecture that will

– Drive more value from operations– Be intrinsically secure– Easily integrate certified, best-in-class, fit-for-purpose system components– Protect suppliers’ intellectual property– Enable portability and preservation of end users’ application software – Reduce difficulty of future replacements and upgrades – Reduce lifecycle costs– Drive innovation


Scope


Architecture Vision


Why We Do It

• Industrial manufacturers are under extreme pressure– Lower capital and lifecycle costs of their systems – Improve profitability of their operations.

• Many installed control systems are predominantly closed and proprietary– Integration with best-in-class third-party components is costly– Maintenance and upgrades are expensive

• Today’s systems generally not intrinsically cybersecure– Do not adequately protect equipment assets and other capital

investments


Why We Do It

• Open, interoperable and secure-by-design process automation systems architecture will address all of these issues

– Ensuring future automation systems adopt and reinforce standards that achieve true heterogeneity while providing

• Intrinsic security• Multi-vendor interoperability • Future-proof innovation• Easy pathway for systems migration and upgrades

End users reap far more value and profitability from their operations


Why Join

• The Forum is determining the future state of process automation• The Forum is gaining momentum and moving quickly ahead

– Results are coming fast– Decisions that could impact how you will control your operations and

manage your business are being considered• We need more end users to be actively involved and participating to:

– Ensure their perspective on what the next-gen process system should and will look like is considered and included

– Protect their future operations and business needs, objectives and success


Why Join

• Reduces total cost of ownership• Empowers workforce• Solves system integration issues• Enables continuous innovation• Faster, more cost-effective upgrades


Why Suppliers Should Join

• It could help grow the top line– Reaching new markets and customers– Remaining relevant to our existing customers– Creating new goods and services for expanded markets

• It could help grow the bottom line– Reduce cost– Increase margins– Eliminate non differentiated products


How to Learn More

• Visit OPAF website– http://www.opengroup.org/open-process-automation

• Refer to handout and FAQ– http://www.opengroup.org/open-process-automation/forum/FAQ

• Contact the Open Group– http://www.opengroup.org/open-process-automation/membership– Jim Hietala– [email protected]

http://www.opengroup.org/open-process-automation

http://www.opengroup.org/open-process-automation/forum/FAQ

http://www.opengroup.org/open-process-automation/membership


Thank You

Documents

The Open Process Automation(tm) Forum - Energytech | … · · 2017-12-11Info Model & Standard Configuration . Subcommittee. ... Physical Platform Subcommittee. Systems & Network