August/September 2008 www.RemoteMagazine.com A Webcom Publication ...on page 14 SECURITY ...on page 28 Advantech Expands Its Line of Managed Industrial Ethernet Switches Please look at the mailing label below and read the code in the red box. Code=A: You are receiving the complimentary issue due to your involvement in the industry. To start your free subscription today, please go to www.RemoteMagazine.com and subscribe. Code=B: Your subscription is about to expire. Go to www.RemoteMagazine.com and renew your subscription today Code=C: Your subscription is active and current. ABB Totalflow SCADAvantage Software Automates and Simplifies System Operations ABB’s Totalflow SCADAvantage software, which is designed to automate oil and gas operations. With self-config- uring maps, smart screen templates, on-screen analysis tools, real-time and historical graphic trends, and reports for manag- ing multiple aspects of the sys- tem, SCADAvantage automates and simplifies system operations for added lifecycle cost savings. More than two years ago, ABB Totalflow made a strategic decision to invest in the develop- ment of applications unique to the LDC market, and the compa- ny is gaining traction in the cate- gory. In addition to the functions and features of SCADAvantage for automation solutions, ABB touts the software’s cost, as well as the anticipated maintenance advantages over the life of the system. “Our customers tell us that the SCADAvantage standard daily nomination interface and gas schedule tracking are par- ticularly helpful,” said Ed Smyth, SCADA business develop- ment manager, ABB Totalflow. “Our system is unique in that these features are part of the existing functionality of the sys- tem, rather than a custom application like many other systems.” “We selected ABB because we were impressed by how SCADAvantage’s utilization of off- the-shelf software required little customization to meet all of our requirements, while being basic enough for our internal employees to maintain,” said Jim Larsen, SEMCO Energy Gas Company director of engineering services. “We wanted to avoid purchasing a system that required a high level of customization, which can add com- plexity to the initial implementation as well as future upgrades.” “The ability to integrate our GIS and GPS systems easily was also a real plus,” added Larsen. “ABB showed us that they had the complete SCADA solution for an LDC.” MIT Creates New Material for Fuel Cells ...on page 26 Securing Remote Site Access: A Securing Remote Site Access: A Defense-in-Depth Approach Defense-in-Depth Approach ...on page 30
40
Embed
Advantech Expands Its Line of Managed Industrial Ethernet ... · Advantech Expands Its Line of Managed Industrial Ethernet Switches ... smart screen templates, ... e-mail or pager
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
August/September 2008 www.RemoteMagazine.com A Webcom Publication
...on page 14
SECURITY...on page 28
Advantech Expands Its Line of Managed IndustrialEthernet Switches
Ple
ase
loo
k a
t the
ma
iling
lab
el b
elo
w a
nd
rea
d th
e c
od
e in
the
red
bo
x.
Code=A
: Yo
u a
re re
ce
ivin
g th
e c
om
plim
en
tary
issu
e d
ue
to y
ou
r invo
lve
me
nt in
the
ind
ustry.
To
sta
rt yo
ur fre
e s
ub
scrip
tion
tod
ay, p
lea
se
go
to w
ww
.Re
mo
teM
ag
azin
e.c
om
an
d s
ub
scrib
e.
Code=B
: Yo
ur s
ub
scrip
tion
is a
bo
ut to
exp
ire. G
o to
ww
w.R
em
ote
Ma
ga
zin
e.c
om
an
d re
ne
w y
ou
r su
bscrip
tion
tod
ay
Code=C
: Yo
ur s
ub
scrip
tion
is a
ctiv
e a
nd
cu
rren
t.
ABB Totalflow SCADAvantage Software Automates and Simplifies System Operations
ABB’s Totalflow SCADAvantage software, which is
designed to automate oil and gas operations. With self-config-
Advertising, Sales and MarketingScott Nash, Account Executive
Jessica Thebo, Jennifer Graham, Kristin Reming
Production Manager Julie McCann
Customer Service/CirculationDatabase/Directories
Mark Vang, Circulation ManagerJulianne Wood, Andy Gurukovich,
Ross Webster
REMOTE SITE & EQUIPMENT MANAGEMENT magazine (ISSN #1535-0347) is a publication of Webcom Communications Corp.Subscription free for qualified US, (six issues) $44 for non-qualifiedUS, $60 in all other countries. Single copies are $20 each plusshipping. Back issues are available. Payment must be made inUS funds in order to process the order. Direct all subscriptioninquiries, orders and address changes to Fulfillment Services.Third-class and fourth-class postage paid in Denver, Colo.Periodic postage paid in Greenwood Village, Colo. and atadditional mailing offices.
7355 East Orchard Road, #100Greenwood Village, CO 80111
Photocopy Rights: Permission to photocopy for internal or per-sonal use, or the internal or personal use of specific clients isgranted by REMOTE SITE & EQUIPMENT MANAGEMENT for usersthrough Copyright Clearance Center, provided that the basefee of $2.50 per copy of the article, plus $1.00 per page is paiddirectly to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA 01923 USA (508) 750-8400. For governmentand/or classroom use, the Copyright Clearance Center shouldbe contacted. The rate for this is 3 cents per page. Specify ISSN# 1535-0347 REMOTE SITE & EQUIPMENT MANAGEMENT.
August/September 2008 Remote Site & Equipment Management 3www.RemoteMagazine.com
August/SeptemberContents
Welcome to the August/September issueof Remote Site and EquipmentManagement Magazine. To say we havesome good articles inside would be anunderstatement. If you’re looking for infor-mation on remote device networking I’dsuggest flipping to the middle of the bookand check out two articles covering deploy-ing a microwave network and how to maxi-mize the value of M2M wireless devices.
If security is your concern, we still haveyou covered. Uniloc, Inc. and IndustrialDefender has lent their expertise on the sub-ject of cyber security for critical infrastruc-ture and remote sites. Check those articlesout on pages 30 and 32.
Also included in this issue is our 2008 standalone resource guide. These once a yearguide features market update articles, profilesand listings for companies providing productsand services to the remote market. Keep thisat your desk and use it year-round to find solu-tions for your remote sites and equipment.
You’ll also find new information about theRemote 2008 Conference and Expo onpages 20 and 21. This includes new sessions,exhibitors and links for registration. Keep inmind that September 19th is the last day toregister at a discounted price!!
Engineers from Purdue and Notre Dame universities are working with Indiana
startup EmNet LLC on a wireless sensor network for the city of South Bend to pre-
vent raw sewage from overflowing into waterways, especially from surging runoff
during storms.
The system will use a citywide network of 105 manhole-mounted sensors and
"smart valves" to automatically hold back the flow of rainwater and sewage in exist-
ing sewer system pipes and retention basins until the storm has passed.
"To our knowledge, this monitoring system will be the first of its kind in the world
because it will be the largest wireless sensor network in a permanent, industrial set-
ting," said Luis Montestruque, CEO of EmNet, founded in 2004 and located in
Granger, Ind.
The system, called CSOnet, consists of numerous computer chips that communicate
with each other over a wireless radio network.
These microcomputers are embedded in the city
sewer system and are connected to flow sensors,
pressure sensors and valves in a network that
works in a cooperative manner to control storm
runoff, Montestruque said.
Such "embedded wireless sensor networks,"
or EmNets, also could be used in hundreds of cities around the world faced with simi-
lar sewage-overflow problems, he said.
Sensors are mounted on the undersides of manhole covers and will have to per-
form in an urban setting full of interference sources, said William Chappell, a
Purdue assistant professor of electrical and computer engineering who helped design
the sensor technology.
"The sensors must be made to operate in harsh conditions and adapt dynamically to
changes in the wireless system, such as interference or the presence of parked or mov-
ing cars," Chappell said. "And the system will need to broadcast sensing data generat-
ed underground to a network that operates above ground in a challenging environment."
The system is expected to be fully functional next summer, with work progressing in
stages as the system evolves to increase its monitoring capabilities, said Gary Gilot,
South Bend's public works director.
Research to develop the system began in 2004 under the direction of Jeffrey W.
Talley, an associate professor of civil and environmental engineering at Notre Dame.
Talley led a team of project participants at Notre Dame, Purdue, the city of South
Bend and EmNet that in 2005 deployed a small prototype of the CSOnet system in
the city. EmNet later took over the project to expand the earlier prototype into a city-
wide system.
The technology is an example of a "cyberphysical system," or a network of comput-
ers tightly integrated with sensors and motorized controls, said Michael Lemmon, a
Notre Dame professor of electrical engineering.
Such systems are currently being proposed for use in various applications, including
control of the national power grid, automated manufacturing, air traffic control, home-
land security and material distribution for industrial supply chains.
"There are many sensor networks in operation around the world, but few attempt to
do active control, and that's one of the innova-
tive aspects of this project," said Lemmon, who
is leading work to develop and test computer
algorithms that enable CSOnet to control storm
runoff in an optimal manner.
Saurabh Bagchi, a Purdue assistant professor
of electrical and computer engineering, has
developed critical software, called middleware, for the system. The software allows the
sensors to talk to each other in an "ad-hoc mesh network."
"The ad-hoc part means there is no need for preexisting infrastructure,"
Montestruque said. "It doesn't rely on a cell phone tower or telephone lines for the wire-
less portion of the communication to work. The mesh part means that between every
two devices there are a number of different paths for it to communicate, bypassing
interference and obstacles."
The adaptive capability made possible by the middleware is similar to how a human
brain reroutes signals around damaged nerve cells, said Bagchi, whose work is affiliat-
ed with Purdue's Center for Wireless Systems and Applications.
"Networks need to be reliable, which means you don't want to have one single
point of failure," Bagchi said. "This is particularly important because we are deal-
ing with devices that are prone to failure. They are affected by changing seasons
and environments."
Engineers Design 'Brain' of Smart Sewage-Control Network
To our knowledge, this monitoring system will be the first ofits kind in the world because it will be the largest wirelesssensor network in a permanent, industrial setting.
Unlike other wireless systems, the network does not require a command center
and can be reprogrammed wirelessly from a remote location. Information from the
sensors will be relayed to a server operated
by EmNet.
The sensor data will be used to monitor
hydraulic conditions in the sewer system,
indicating when excess runoff and raw
sewage are about to overflow. Then
valves will divert the flow into temporary
storage sites.
The sewage will be selectively released
later so that it flows into the treatment plant
when capacity is available, preventing the
waste from being dumped into Indiana
waterways, including the St. Joseph and
Wabash rivers.
Cities that have combined storm and
sanitary sewers are often overloaded during
major storms, forcing municipalities to
divert this "combined sewer outflow" into
waterways to prevent sewage from backing
up into homes and businesses.
More than 700 cities around the United
States and 100 Indiana cities have combined
storm and sewer systems, Montestruque said.
"And many more cities are affected in
Canada and Europe," he said. "People using
lakes and rivers for recreational purposes
can get sick, most likely because of sewage
contamination, which contains large E. coli
counts. Not just E. coli, but all sorts of
chemicals, metals and industrial waste. Raw sewage is very toxic. It's going to take
an estimated $50.6 billion to solve the problem in the United States alone. The
amount of sewage dumped into rivers, lakes and the oceans by combined sewer
overflows is equivalent to the water carried into the Gulf of Mexico by the
Mississippi River in one week. That's 850 billion gallons per year."
Cities are fined for failing to meet U.S. Environmental Protection Agency stan-
dards. It is estimated that $4 billion will be needed to bring Indiana within federal
guidelines over the next few years,
Montestruque said.
The system being developed for South
Bend will control flows at about 20 loca-
tions in the city sewer system.
Algorithms developed by Lemmon allow
each of these locations to make flow-
control decisions in a manner that
requires only information from neighbor-
ing points, an approach that assures opti-
mal control of storm-water flows while
greatly reducing the amount of informa-
tion that must be exchanged between dif-
ferent locations in the system.
"This results in a control algorithm
that is very efficient in its use of commu-
nication resources, or bandwidth,"
Lemmon said.
Gilot likens the concept to modern
traffic signal controls that adjust signal
timing in response to changing traffic
flow and demand.
"We are going to apply that same kind of
logic to sewers," Gilot said.
Talley, an environmental engineer, also
is developing a technique of using ultra-
sound to clean water diverted to temporary
holding facilities. The method works by
bombarding water with high-frequency
sound waves, producing bubbles that implode, generating high heat that purifies water.
The ultrasonic method may eventually be incorporated into the system. Water
cleaned using the ultrasonic method would be released directly into waterways, reduc-
ing the need to later route water to the municipal wastewater treatment facility.
Purdue electrical and computer engineering doctoral students Rajesh Krishna Panta, from right, and Jin Kyu Koodiscuss software needed for a wireless sensor network in South Bend, Ind., to prevent raw sewage from over-flowing into waterways, especially from surging runoff during storms. The software must be loaded into anten-na-equipped miniature computing nodes to control a citywide network of 105 manhole-mounted sensors and"smart valves." The system is designed to automatically hold back the flow of rainwater and sewage in existingsewer system pipes and retention basins until the storm has passed. The stored water would then be releasedin a controlled manner for subsequent treatment by the city's wastewater treatment plant. (Purdue NewsService photo/David Umberger)
12 Remote Site & Equipment Management August/September 2008
Justin Schmid, Vice President, Mobile and M2MSierra Wireless
R.I.P. AnalogThe communications industry is undergoing a massive shift from analog to digital
transmission. The evolution is happening in all types of mediums, television broad-
casts, radio and cellular communications.
For both consumers and enterprise customers moving from analog to digital signal
transmission is inevitable. As of March 1st 2008, all major US cellular phone service
providers stopped supporting analog coverage. In February of next year, over-the-air
analog broadcasts will ride off into the “analog sunset.” In fact, manufacturers have
not been allowed to ship or import video products with only an analog tuner for over
a year now.
Are there valid arguments for this forced migration to digital transmission? In fact
many analog enthusiasts argue that analog signal, represented as a continuous sine
wave, more accurately reproduces sound. The continuous signal of analog is also free
of potential error mechanisms that are inherent in digital signal, which breaks sound
into pulses or digits with varied amplitude.
Although analog signals do offer several advantages for sound quality, digital offers
many clear benefits of its own. Unlike analog recordings, where the properties of the
medium are directly related to the physical quality of the sound, data integrity enabled
by digital signal is maintained over time despite the media in which it is captured.
Repeaters in a digital signal remove the potential for cumulative transmission prob-
lems, allowing digital to transmit over longer distances. Since digital transmissions are
translated into binary language, digital signal is more easily encrypted and, therefore,
secure. Digital also enables easier multiplexing of large channel capacities. Perhaps the
most important aspect of digital communications is that it provides a means for send-
ing integrated voice, data and video over a single transmission.
Integrated Systems in Industrial ApplicationsThe ability for digital communications to provide integrated services is paving the
way to the deployment of sophisticated data acquisition systems. These systems are
typically used to gather information about a method or process. Some common appli-
cations are environmental measurements for weather, agriculture, wastewater, utilities
and traffic monitoring.
Standard equipment comprising a data acquisition system would be a data logger
with sensors and some form of stand-alone memory, but they are usually also reliant
on a server for additional storage capacity and for hosting software necessary for data
analysis and presentation. A data logger works with its sensors to convert physical
events into electronic signals, which then must be digitized and converted into binary
data in order to be analyzed using the aforementioned software.
Data Loggers: Stand-Alone Capabilities Lack Intelligent AdvantageBecause data loggers are developed for use in unattended applications, they are built
to be extremely dependable and to withstand harsh conditions. Since the instruments
may operate for extended periods with no supervision, reliability is critical. As a reli-
able power source is paramount for these applications, some data loggers are designed
with battery or solar power for backup, so these systems must be extremely power effi-
cient relative to computers.
However, even with the advancements made in data logger technology, the most
sophisticated models are still lacking in the areas of remote monitoring and control
capabilities. Though data loggers range from single-channel input to more complex
multi-channel instruments, with the newest versions able to serve web pages, the bot-
tom line is that data acquired from a data logger and measurements taken from sen-
sors is simply stored for future use. Though the measurements are taken in real-time,
the advantage of immediacy is lost when the data trail ends in the data loggers’ on-
board memory.
Intelligence at the End Point Enables Superior IntegratedCommunication Systems
Unlike solutions that use unconnected data loggers, data acquisition systems used in
conjunction with intelligent communications gateways provide access to the data in
real-time and from a centralized point. These intelligent gateways maintain an always-
on two-way connection, not only enabling pervasive access to the data but also facili-
tating remote control, management and maintenance of the remotely deployed solution
from anywhere in the network. For obvious reasons, always-connected solutions uti-
lizing intelligent gateways are outpacing data loggers in their power to utilize today’s
bleeding edge technology.
The utilities, wastewater and agriculture industries, to name a few, manage remote
assets deployed throughout expansive geographic areas and increasingly require real-
time, two-way communication to more efficiently manage measurement, collection
and distribution. Intelligent connectivity devices enable the streamlining of measure-
ment and control of transmission and distribution, automatic meter reading and man-
agement of infrastructure. Since legacy measurement equipment often utilizes various
forms of serial communication protocols, they are not natively ready to leverage
today’s vast IP based communications networks. In addition to persistent connectivity,
intelligent communications gateways perform complex packet assembly and disas-
sembly (PAD) operations to condition the data so that it can be transmitted over the
existing IP backbone. In some cases, modems must also be used to convert analog to
digital signals to permit transmission over IP networks, regardless of data source.
Wireless Advantage: Data Access from AnywhereSince many data acquisition solutions are remotely deployed, cellular-based commu-
nications play a very important role and require an intelligent and reliable wireless com-
munications gateway at the end-point. Cellular networks offer a number of advantages
over alternative solutions, including increased capacity, portability and better coverage.
Most importantly, cellular provides the wireless advantage of being able to transmit data
from isolated or distant locations where landline access just isn’t feasible.
Wireless, industrial remote monitoring solutions provide real-time data access mon-
itoring capabilities to quickly detect and fix issues or inefficiencies across vast territo-
ries. For example, unlawful removal of copper at remote transmission towers or
downed wires from natural or man-made disasters can cause a domino effect, includ-
ing large-scale service interruption to customers and destruction of transformers.
Undetected gas leaks can cause massive environmental damage and revenue loss. The
May 2007 leak at the BP Prudhoe Bay field was reported to have stopped nearly
100,000 barrels of oil production per day. With an associated revenue loss at 3 days x
100,000 bbl x $65, that equals a three-day revenue loss of almost $20 million.
Reducing Costs and Increasing Efficiency with Analog to Digital MigrationNot only does wireless connectivity provide immediate access to data from any-
where to help improve process efficiencies, but it is also a requirement for the grow-
ing demand for mobile or portable monitoring solutions. One such company faced with
www.RemoteMagazine.com
Updating Data Acquisition Systems to Utilize Integrated Capabilities
ing it possible to have battery life of two to eight years
in the typical device, depending on environmental factors
and transmission intervals. So it’s the ideal standard for
use in applications where configuration and maintenance
time need to be kept at a minimum.
7. Are there any plans to develop Spinwave products
for other protocols?
Not at this time. We are monitoring the progress of
low power wireless WiFi very closely and have strong
interest in it.
We frankly spend most of our time complying with
applications protocols. We are literate in BACnet, LON,
MODBUS and XML and are evaluating others
with which to interface.
8. With so many different standards in play,
where do you see the wireless sensor market
heading in the future?
WiFi appears slated to become a more preva-
lent standard in the market, as does Bluetooth.
However, the range of applications for wireless
sensors is too diverse for one standard to domi-
nate. I believe we’ll continue to see a range of
standards at the integration point, such as
BACnet and LON in building automation and
MODBUS, HART, Fieldbus and PROFIBUS, in
the industrial sector.
Our technical team is highly innovative and
we are confident that we will be able to adapt to
the market as it evolves.
9. What are some of the new and exciting
projects/applications Spinwave is working on
right now?
We have a lot on our plate. Our long term goal
is to be a wireless automation company with a
full line of wireless control products. Our initial
target market is the virtually untapped small
building market. Products for this market include
zone controllers, I/O devices, and communica-
tions gateways, as well as sensors.
In addition, we are partnering to provide a
complete solution for submetering customers and
are working with another partner to develop the
second generation of our smart communicating
thermostat. We see ourselves working with more
partners to broaden our offerings in sensors, and
developing expanded OEM relationships.
10. What is in store for Spinwave in 2008
And beyond?
We are looking to be a dominant long term
player in the wireless automation market. We will
be internally focused on rounding out our product
line and building sales momentum for the balance
of 2008 and into 2009. Once we are secure in our
market segments, growth through acquisition is
in our plans.
Spinwave Systems is a developer of wireless sensorsand controls. Specifically designed for commercial build-ing automation, Spinwave’s products enable highly ener-gy-efficient building operations and productive andhealthy environments. Spinwave’s unique system designand rapid deployment toolset allows seamless integrationof wireless sensors to existing building automation sys-tems from all major manufacturers. For more informationplease visit: www.spinwavesystems.com.
William LaPointe is president and CEO of SpinwaveSystems, Inc. He has more than 25 years of buildingautomation experience and a proven track record ofgrowing a startup company to industry leadership. Billwas the president of Andover Controls Corpo., a suppli-
er of DDC systems to thebuilding automation market,from Sept. 1979 to its acquisi-tion by Schneider Electric in2004. Under his direction,Andover grew from 9 employ-ees and under $1 million inannual revenue to over 650employees and revenues of$170 million. Prior to AndoverControls, Bill held positions of financial and operationsmanagement with companies in the general industrial,computing, and defense industries. He holds and M.S.degree in Accounting from Bentley College and a B.A.degree in finance from Northeastern University.
August/September 2008 Remote Site & Equipment Management 19www.RemoteMagazine.com
FeatureNETWORKING
Spinwave has recently added wireless I/O modules totheir line of energy management products.
24 Remote Site & Equipment Management August/September 2008
FeatureNETWORKING
www.RemoteMagazine.com
Brian Tucker, SVP Global Product Management Telit Wireless Solutions, Inc.
Machine-to-machine (M2M) communications tech-
nology is increasingly common worldwide in a wide
variety of vertical markets. The worldwide M2M market
will grow from $20 billion today to more than $220 bil-
lion by 2010, predicts IDATE, a market research firm.
That outlook is based on strong adoption over the past
few years: Between 2005 and 2006, M2M module rev-
enues grew 34 percent, from $621 million to $830 mil-
lion, according to Gartner.
The projected annual growth rate of nearly 50 percent
through 2012 is due to M2M’s strong business case. By
enabling machines to communicate wirelessly with one
another or with a central control unit, enterprises are
streamlining their business practices. That translates into
a significant reduction in overhead costs and new rev-
enue opportunities.
A prime example is utilities, one of the first industries
to deploy M2M for applications such as automated meter
reading (AMR).
“The utility industry is a prime example of how, by
networking and remotely monitoring machines, data can
be analyzed and collective behavior understood in new
ways,” Juniper Research concluded in a 2007 report.
“For example, a real-time, unified view of how power is
used will help safeguard this increasingly rare resource.
And what can be measured can be controlled and ulti-
mately optimized.”
The Juniper report cites an Italian utility that increased
revenue by $1 billion after deploying AMR across 6 mil-
lion electric meters. That success prompted the company
to expand its AMR infrastructure to 30 million meters.
“Similar cost and benefit patterns are expected across the
whole of the wireless AMR segment,” Juniper wrote.
Despite these benefits, M2M also faces several chal-
lenges in terms of maintaining the technology and pro-
tecting the investment. These include:
• The Rapid Pace at Which Cellular Technology is
Constantly Evolving
For example, although many wireless carriers are in
the midst of deploying third-generation (3G) technolo-
gies such as High-Speed Downlink Packet Access
(HSDPA), they’re already preparing to launch fourth-
generation technologies such as Long Term Evolution
(LTE) and WiMAX – in some cases, as early as 2009.
• New Regulatory Requirements
For example, some European governments recently
required utilities to have the ability to control energy
usage in individual homes. If a utility doesn’t have an
M2M system flexible enough to meet those mandates, it
could have to physically replace all of its AMR devices
with compliant ones – an expensive, time-consuming
project. Even without government mandates, enterprises
often want to add capabilities, another reason why flexi-
bility is key.
• Patching Software and Firmware
AMR and automotive/trucking are two examples of
M2M applications where modules typically are deployed
for five to 18 years.
Sending an employee to physically update or replace an
M2M device in the field or recalling vehicles to the deal-
ership for software updates generates significant expense.
Putting off ObsolescenceTo maximize the lifetime value of its M2M devices,
enterprises are increasingly seeking solutions that sup-
port firmware over-the-air (FOTA) remote updating.
This feature lets enterprises quickly respond to network
changes and mandates, software updates and applica-
tion changes.
With FOTA, the mean time between failures (MTBF)
value can be optimized for integrated M2M modules, as
well as for all of the subsystems used in the application.
This design reduces the M2M application’s maintenance
costs, which in turn has a positive impact on the applica-
tion’s overall running costs. In the future, FOTA will be
able to update both the module software and the M2M
application’s device software, increasing the application
flexibility, utility and profitability.
But not all FOTA solutions are created alike. The ideal
solution should update modules using the smallest possi-
ble file size in order to minimize network data charges
and enable faster remote updates. For example, the Telit
Firmware Update Service – co-developed by Telit
Wireless Solutions, Inc., and Red Bend Software – uses
file sizes typically less than 100 kb. That’s roughly 5 to
10 percent of the original firmware file size, reducing net
usage costs by up to 95 percent.
The ideal FOTA solution also should be 100 percent
fail-safe, even if power is lost to the module during the
update process. Without this fail-safe feature, a device
could remain non-functioning until the application could
be physically reached and updated, replaced or repaired
by a technician, which would negate the business case for
deploying over-the-air updates.
All of these features produce a FOTA solution that is
always predictable and repeatable, with no limits on the
number of updates. It’s important to note that although
FOTA is a relatively new option in M2M, it’s been
widely used in the handset industry for several years. In
second quarter 2007, roughly one-third of all mobile
phones sold were FOTA-compatible, according to
Ovum, an independent research firm. That adoption
helps provide peace of mind for enterprises considering
FOTA M2M because it means that FOTA is a mature,
widely used technology.
To understand the benefits of FOTA, it helps to look at
how it’s used today in verticals such as OEM automotive,
utilities and data synchronization.
OEM AutomotiveAutomotive manufacturing is an excellent example of
an industry that will significantly benefit from the
implementation of M2M technology with FOTA
capabilities. Currently, vehicles are generally
designed for a lifetime of 10 years or 150,000
miles. FOTA helps ensure that the M2M module
can remain in service as long as the vehicle does.
A significant amount of a vehicle’s actual cost is
related to electronic components. This cost can
increase further because many expensive vehicle
recalls are related to electronic components.
When vehicles are recalled to the dealership for
software updates, this generates an enormous
expense for auto manufacturers. Not only does it
entail the costly maintenance on thousands of vehi-
cles, but it also involves expensive human interac-
tion at the dealership. Every time the vehicle needs
servicing for M2M application software upgrades
or changes in cellular networks, it requires a visit
to the dealership. That’s a hassle for vehicle own-
ers, and it can drive additional costs for the dealer-
ship if, for example, it has to maintain a fleet of
loaner vehicles or shuttles to minimize customer
inconvenience while service is performed.
By utilizing FOTA, auto manufacturers can dras-
tically cut back on vehicle recalls by simply
upgrading or solving software defects remotely.
Meanwhile, OEMs can remotely track and run
diagnostics on vehicles, often recognizing and
remotely solving electronic component problems in
Maximizing the Lifetime Value of M2M Wireless Devices
Figure 1: Illustration of the key components of a FOTA solution
August/September 2008 Remote Site & Equipment Management 25www.RemoteMagazine.com
FeatureNETWORKING
the vehicle even before the consumer notices trouble.
Once the problem is recognized, the auto manufacturer
can make necessary changes on the assembly line prior to
deploying more potentially faulty components. Besides
saving money on recalls, avoiding those problems also
protects the vehicle manufacturer’s brand reputation and
market perception.
In addition to significantly reducing recall costs,
FOTA also lowers warranty costs and extends the life-
time of the vehicle. At the same time, FOTA can quickly
reprogram the M2M application to almost immediately
adjust to changes on the cellular network.
Networks throughout the world vary greatly with
respect to their configurations. While GSM is a global
standard, there are thousands of parameters with-
in any given network setup that are configured
by the network operator. These parameters
include such items as timeouts and registration
intervals. While interoperability testing greatly
improves the chances of a device operating cor-
rectly in a given network, there are no assur-
ances. Some network operators require certifica-
tion of the device on their network, but even this
level of testing is only valid for the current con-
figuration. Should a network operator change
settings, existing devices in the field may begin
to experience problems that were not apparent
when the device was validated. FOTA can help
to resolve these issues by updating the firmware
to a compatible configuration.
Utilities and MeteringMuch like the automotive industry, the utilities
and metering sector stands to benefit from signif-
icant cost savings by implementing M2M tech-
nology with FOTA capabilities. M2M enables
AMR to transmit utility usage data via cellular
networks at regular intervals. By implementing
an M2M application, this eliminates the need for
human meter readers, a significant cost savings.
Those savings are one of the reasons why M2M
deployments in the electric, water and gas indus-
tries will have a compound annual growth rate of
24 percent through 2013, according to a
December 2007 report by ABI Research.
FOTA enables quick response to a growing phe-
nomenon in the utilities and metering sector: gov-
ernment legislation. Recently, some European
governments mandated that utility companies have
the ability to control energy usage in individual
homes. Instead of physically replacing all meters
with technology programmed to meet the govern-
ment’s mandate, companies using FOTA-enabled
M2M devices would simply send an over-the-air
update to meters upgrading the application.
By implementing a FOTA-enabled M2M
device, companies also can upgrade a meter to
track and control energy usage as precise as an
individual appliance in a user’s home. Utilities
can then educate their customers about energy
and cost saving opportunities by sharing that
detailed usage information.
Data SynchronizationA relatively new concept that is taking off at
an incredible rate, data synchronization is a
function that is primarily a result of FOTA
capabilities. M2M enables cellular phones,
computers, MP3 players and other devices to
communicate with one another via a combina-
tion of cellular, Bluetooth, Wi-Fi and ZigBee
technologies. With the addition of FOTA capa-
bilities, devices can automatically synchronize
data when prompted.
FOTA not only enables quick over-the-air
updates, it also updates the differences between the two
devices. That approach significantly reduces airtime
costs and time spent downloading. In the process,
FOTA also frees up network capacity for revenue-gen-
erating applications, instead of using it for mundane
tasks such as synchronization.
Flexibility for the FutureFOTA provides an excellent solution for implement-
ing, maintaining and updating M2M devices in the field,
as well as maximizing their useful lives. FOTA protects
the enterprise’s M2M investment by giving it a graceful,
cost-effective way to adapt quickly to changes in net-
work configurations and software upgrades implemented
by the wireless carrier.
FOTA is particularly valuable for M2M applications that
involve devices and assets that are constantly moving or are
located in remote locations, such as shipping containers,
trucks and utility meters. For those applications, FOTA
helps preserve the business case for deploying M2M by
minimizing the cost of upgrading modules in the field.
Telit is a global wireless technology company. Itdevelops, manufactures and markets GSM/GPRS,UMTS/ HSDPA and CDMA/EVDO enterprise communi-cation modules for machine-to-machine (m2m) applica-tions. For more information about the company, pleasevisit www.telit.com.
graphs, reports and other data analysis functions.
• Network Intrusion Detection System
A network intrusion detection system is a sen-
sor-based device which detects attacks, rogue sys-
tems and unauthorized traffic within your network
perimeter. The network sensor should also proac-
tively detect the addition of new computers to the
network, for example, a contractor plugging in a
30 Remote Site & Equipment Management August/September 2008
FeatureSECURITY
Securing Remote Site Access: A Defense-in-Depth Approach
FeatureSECURITY
August/September 2008 Remote Site & Equipment Management 31www.RemoteMagazine.com
laptop or a new connection to a wireless access point.
Since industrial control networks tend to be quite stable,
it is fairly simple to detect rogue devices being connected
with a NIDS sensor.
• Host Intrusion Detection System
Host intrusion detection sensors are miniature soft-
ware applications residing on control system computers
used to detect control application issues, internal or
external intrusions and misuse, as well as performance
bottlenecks on key servers and HMI's. Security sensors
are available for Unix, Windows or Linux operating sys-
tems. In addition to specific control applications, the
sensors report on platform-specific information such as
failed login attempts, password age, logged-in
user counts, event log activity and insertion of
removable media.
• Secure Remote Communications
An effective secure remote access solution
provides authorized users with transparent access
to remotely located devices, while also ensuring
that only individuals with appropriate credentials
are allowed access to the equipment, and proac-
tively blocking all other access attempts. All
activity at each point in the system must be
logged and collected at the central administrative
server, for inventory management, usage analy-
sis, fraud detection, etc., or to support regulatory
reporting requirements. Management software
tools should be provided for administration of
user rights (especially immediate revoking of
rights for problematic or former employees), spe-
cific port access for remote gateway devices, pro-
vision of certificates and password maintenance,
report generation, and providing software updates
to all system elements.
A decentralized architecture should be imple-
mented for maximum resiliency; a failure of one
element shouldn’t affect other parts of the system.
Most importantly, user access should always be
available, especially in critical conditions which
might require real-time configuration of remote
device settings. In addition, the system should be
designed to be protocol agnostic, supporting the
many legacy installations as well as modern con-
trol equipment.
Roaming technicians requiring access to
remote devices should be able to use their normal
communications/polling application without hin-
drance from excessive login routines or network
latency. In this scheme, they are required to occa-
sionally download time-based, port-specific
access credentials from the central host for access
to secured devices for a limited time.
A fundamental component of the remote
access system is the secure gateway or firewall
device (either dial-up or IP based depending on
the environment) which proactively blocks all
access unless from authorized users possessing
current security credentials and approved equip-
ment IDs. No device ports must ever be exposed
to the public network; rather they should pas-
sively “listen” for a predetermined signal, after
which a multipart handshake process will grant
port access.
ConclusionIn summary, it is important to develop a com-
prehensive defense-in-depth cyber risk protection
strategy for securing remote critical infrastructure
environments. With the rapid adoption of con-
verged corporate IT and critical infrastructure
plant networks in order to drive real time business
intelligence, the need for remote access capabili-
ty will continue to increase over time. Implementing a
defense-in-depth approach to cyber risk protection will
ensure the continuous reliability, availability, and securi-
ty of your industrial control system or SCADA network
as the needs of your company’s business evolve.
Todd Nicholsonis responsible for leading IndustrialDefender Inc.'s global marketing and product strategy..Todd brings over 16 years of experience in corporate andproduct marketing, product strategy, business develop-ment and sales working for emerging and mature tech-nology companies including Digital Equipment, EMC,IBM and InfiniSwitch. Todd joined Industrial Defenderfrom EMC, where he was responsible for directing prod-
uct marketing and product management for the compa-ny's grid and utility computing business unit. Todd holdsa B.S. in business administration from Nichols Collegewith a major in marketing.
Industrial Defender, Inc. offers a completely integratedDefense-in-Depth cyber security solution designed to pro-tect the industrial control system and SCADA environ-ment in a flexible and cost effective platform. Formerlyknown as Verano, Inc., Industrial Defender is a privatelyheld company with over 17 years of industrial control sys-tem and SCADA industry experience, and more than 6years of industrial cyber security experience. For moreinformation please visit: www.industrialdefender.com.
32 Remote Site & Equipment Management August/September 2008
FeatureSECURITY
www.RemoteMagazine.com
Jim White, VP, Infrastructure SecurityUniloc, Inc.
SCADA networks have become increasingly intercon-
nected both with each other and with enterprise informa-
tion technology infrastructures. The risks of unauthorized
access to and manipulation of these systems has become
unacceptably high. Because these networks are frequent-
ly central to critical infrastructure systems, federal regula-
tors have begun mandating cyber security requirements.
While these networks deliver significant operational
efficiencies and are pervasive throughout North America,
security of these systems is often less than optimal
because emphasis has been placed on performance, reli-
ability, and safety – leaving these networks prone to
attack. In order to assist industries in securing these envi-
ronments, the following is a list of ten guidelines for pro-
tecting these networks against attack.
Begin with Your Environment1. Start with a Risk Analysis
Determine what your exposure is to identified threats,
their consequences, cost of mitigation and risk tolerance.
Critical assets have many vulnerabilities, but not all carry
the same level of consequence if attacked. Develop a risk
profile will be used as the basis for the development of
policies and procedures as well as the deployment of
technologies. As new threats are identified, the risk
analysis can be updated to provide guidance for imple-
mentation of mitigation strategies
2. Build Policies and Procedures
Before the implementation of any technical solution,
there must be a comprehensive set of policies and proce-
dures that serve as guidance to operators, security per-
RBAC to be implemented at a second level that has not
been available before, the device itself. Only those with
the proper roles for access or use of the SCADA infra-
structure will be authenticated and authorized.
9. Integrate Dynamic Password Methodologies
The practice of periodically changing passwords is a
good best practice policy. However, in some cases the
policy can be restrictive and non enforceable. Using a
dynamic challenge and response mechanism between
hardware devices creates a hardware password that is
only known between trusted devices and is enforced
dynamically to remain flexible as situations require. The
hardware password is changed each time the
challenge is issued and the corresponding
response will also be different, thus guarding
against traffic sniffing technologies.
10. Ensure Multi-Factor Authentication
In most security schemas, humans are recog-
nized as the “weak link” and subject to social
engineering tactics that can often reveal the
“what they know”… password, IP address,
machine type, operating system. To mitigate this
risk, the use of multi-factor authentication is rec-
ommended. Common “factors” usually consist of
human biometrics such as retina scanning, smart
cards and fingerprinting. While all of these serve
to identify an authorized user, most are not prac-
tical in an industrial environment.
The alternative and better solution is to use
device fingerprinting as part of the multi-factor
equation. For example, PC characteristics can
produce variables on the order of human DNA to
differentiate one from the other, thereby render-
ing a “machine metric” or device fingerprint that
can be used in the same manner as biometrics
without the inherent problems of the latter.
Critical infrastructure security solutions using
physical device recognition restrict access to only
designated computers used by authorized person-
nel, including distributed field components and
control center systems. Solutions using device-
based authentication assure a user is on an author-
ized device to access control system networks.
Advanced systems provide notification and loca-
tion of unauthorized connection attempts to the
network as well as attempted physical connection
attempts to field controls. Solutions that defend
against Cyber attacks using device-based authen-
tication should also shield control systems against
malicious code threats, ensuring against network
vulnerabilities and allowing centralized field
security monitoring.
Core Capabilities of an InfrastructureDefense System Should Include:
• Protection of SCADA systems and field
controls from the effects of cyber attack
• Hack-resistance that improves upon
traditional router, switch and firewall security;
• Uncompromising security on any
infrastructure – including communication open
standards such as Ethernet, wireless and the
public Internet
• Field access control – prohibiting network
access from breached field substations or other
network access points
• Cross-platform compatibility with any and all
operating systems and field control hardware
• Notification and location of unauthorized
connection attempts
• Extraordinarily low impact on network performance.
About the AuthorJim White has 38 years experience in control system
automation and security technologies. Jim presently runsthe critical infrastructure security business for UnilocUSA, a leader in security technologies based on physicaldevice recognition.
Uniloc USA is the technology leader in electronicPhysical Device Recognition (PDR) for critical infra-structure security. The core technology platform drivingUniloc innovation is physical device fingerprinting, thecompany’s patented method of uniquely identifying a user
device, such as a PC or PDA, by the naturally occurring,inherent physical imperfections of that device, and thenincorporating that physical device fingerprint intolicenses or access credentials. Uniloc’s technologies canidentify devices with more comparable accuracy thanhuman DNA. Uniloc is the inventor and holder of theseminal physical device locking patent (U.S. 5,490,216)and has 9 related patents pending. Uniloc has applied itsPhysical Device Fingerprinting technical expertise toseveral vertical markets, including software publishing,network authentication, transportation, social network-ing and DVD retailing. For more detailed information,please visit www.uniloc.com.
The ISA100 standards committee on wireless systems
for automation has created a new subcommittee to address
options for convergence of the ISA100.11a and
WirelessHART standards. This initiative is a key step in
the mission of the ISA100 committee to develop a family
of universal industrial wireless standards designed to sat-
isfy the needs of end users across a variety of applications.
The subcommittee will contrast and compare the tech-
nology within the ISA100.11a and WirelessHART stan-
dards, building on the experiences gained with industrial
applications of both standards, with an ultimate goal of
merging the best of both standards into a single con-
verged subsequent release of the ISA standard.
“This is an important development for industry since it
furthers the mission of ISA100 to embrace relevant indus-
trial wireless standards and serves the expressed needs of
the end user community,” said Paul Sereiko of Airsprite,
who has been invited, along with Dick Caro of CMC
Associates, to serve as co-chairs of the new subcommittee.
An early activity of the ISA100 WirelessHART
Convergence Subcommittee is to prepare the
WirelessHART standard in an ISA standard format by the
end of July to facilitate the evaluations.
“Adoption of the ISA100.11a standard in 2008 will be
an important step in fulfilling our ISA100 committee
mission and of significant value to industry. This new
subcommittee is the next logical step to helping industry
fully achieve the significant benefits of wireless technol-
ogy,” added Pat Schweitzer of ExxonMobil who serves
as co-chair of the ISA100 committee along with Wayne
Manges of Oak Ridge National Laboratories.
Hear Paul Sereiko, the Hart Foundation, ISA and Wayne
Manges Speak at Remote 2008 Conference and Expo!
Learn more at www.RemoteExpo.com
36 Remote Site & Equipment Management August/September 2008
Continued FeatureSCADA
www.RemoteMagazine.com
Western Weather Group’s monitoring solutions act as a warning system, measuring
set parameters (e.g., temperature or movement) and then proactively notifying the end
user through email/text communication. WWG environmental monitoring systems are
typically used in businesses such as farming and agriculture, as well as meteorology
and environmental research projects. Applications include temperature monitoring to
alert vineyard or orchard owners when frost point has been reached and a sensor-based
security system that detects unauthorized access.
A WWG solution consists of
antennas, sensors and a data
logger. Units are solar-pow-
ered, with an additional small,
12 volt battery. WWG cus-
tomizes each solution by pro-
gramming the data logger to
recognize specific parameters
and take action once a thresh-
old is reached, such as opening
flood gates to depress water
levels, turning fans off or on to
regulate temperature, control-
ling irrigation pumps to reduce
or increase pressure and initi-
ating visual or audible alarms
with suspicious movement.
Many of WWG’s imple-
mentations involve weather
stations connected to analog
cellular telephones, utilizing
voice synthesizer modems that allow farmers and agricultural producers to remotely
view current weather conditions. With the sunset of analog networks, WWG was forced
to convert its analog cellular solutions to digital.
WWG considered many options, including radio telemetry and hardwire telephone
lines. Radio telemetry requires line-of-sight communication, which is not always avail-
able at weather station locations. Telephone lines require installation of new wires into
locations that aren’t already serviced, which is expensive and time-consuming.
WWG found the answer to its conversion question with the integration of intelligent
cellular gateways into its monitoring solution to provide reliable two-way connectivity
and enhanced remote monitoring capabilities. The wireless gateways access the expan-
sive cellular networks and have embedded intelligence that simplifies installation, oper-
ation and maintenance of any solution. These reliable communications platforms pro-
vide the “always-on” and “always-aware” connection management required for
unmanned applications. In addition, the use of sophisticated software tools allows
WWG to remotely configure the wireless gateways and troubleshoot problems from a
single location. Remote management capabilities drastically reduce the cost of total
ownership and lead the way to a rapid ROI (return on investment).
“The combination of new data logger technology and the digital gateways enables us
to send out text messages directly to a cellular phone or email address based on meas-
urements in the field,” said Don Schukraft, CEO of WWG. “This enables one to be
immediately notified when environmental parameters exceed a specific threshold.”
The WWG monitoring solution takes only a few hours to install and bring online.
Western Weather Group currently has about 25 digital wireless gateways in use by a
dozen customers. Additionally, ROI is realized in as little as one to two months depend-
ing on the application.
“If you can save grapes from a pending frost, you prevent revenue loss worth many
times the cost of the system,” explained Schukraft.
Intelligence is the AnswerAs the world moves toward integrated communication systems, industries dependent
on consistent data acquisition need an efficient way to provide the intelligence neces-
sary for advanced capabilities like remote monitoring and infrastructure management,
as well as the connectivity requirement to see and act on acquired data in real-time.
While an analog data logger is a reliable source to capture measurements, it is simply a
storage facility unless enhanced with an intelligent device that can transform the instru-
ment into a solution. By implementing intelligent wireless gateways with legacy ana-
log equipment business owners can monitor mission critical parameters in real-time,
and can troubleshoot equipment issues remotely. Having two-way wireless communi-
cation with remote equipment drastically reduces operating and maintenance costs and
generally leads to a rapid return on investment.
The remote nature and often geographically disparate deployments of monitoring
solutions lends itself to the use of cellular data networks as a communications medium.
Many deployments are located in areas with no landline access, and even when land-
line access is available, wireless has clear advantages. With a cellular solution cus-
tomers can utilize one provider for deployments across wide geographic areas, instead
of negotiating contracts with several regional providers.
There is no doubt that wireless communications are evolving towards digital trans-
missions, yet it can’t be ignored that legacy equipment is very often designed to com-
municate with an analog device. Companies that cross the chasm from analog to digi-
tal communications with the least amount of capital investment will be in the best posi-
tion to serve their customers.
Justin Schmid is Vice President for the Mobile and M2M Group at Sierra Wireless. Sierra Wireless modems and software connect people and systems to mobile broad-
band networks around the world. The company offers a diverse product portfolioaddressing enterprise, consumer, original equipment manufacturer, specialized verticalindustry, and machine-to-machine markets, and provides professional services to cus-tomers requiring expertise in wireless design, integration, and carrier certification. Formore information, please visit www.sierrawireless.com.
trol should provide the administrative support and con-
trol of all project documentation; this should include, but
is not limited to, contract change proposals, manual
updates, drawing control, specification changes, etc. At
the end of the project, the documents that should be sup-
plied are technical manuals for the equipment supplied,
one set of interim as-built drawings
for each site, final as-built drawings
following final acceptance, factory
test results, relevant ATPs
(Acceptance Test Plans), training
manuals (if training specified), etc.
To avoid the trap of performing
the work during the fast-paced
build-out phase without the written
authorization, “Change
Notification Form” also called
“Change Order” has to be issued.
Contractor(s) or consultant(s) must
receive a written approval of
his/her deliverable prior to starting
the new task or making any
changes to the previously defined
task. Make sure that all the suppli-
ers, consultants, and contractors
leave behind detailed written trail
in the form of path calculations and
path profiles, drawings, test results,
(As-Built documentation), etc. You
will be running the network long
after they are all gone to other proj-
ects and clients [4].
ConclusionAt the end, we can summarize
and say that sound microwave engi-
neering practices, in the long run, will save money and
aggravation. Building and maintaining a reliable
microwave network does not have to be a difficult task;
assuming that the proper engineering practice had been
utilized from the start, using expert workforce and rep-
utable hardware and services suppliers.
References and Further Reading
1) Harvey Lehpamer, “Microwave TransmissionNetworks – Planning, Design and Deployment,”McGraw-Hill, 2004, ISBN 0-07-143249-3
2) Harvey Lehpamer, “Transmission Systems DesignHandbook for Wireless Networks,” Artech House, 2002,ISBN 1-58053-243-8
3) Articles, Q&A, and technical papers atwww.cicusa.com
4) Harvey Lehpamer, “How to Build aReliable and Cost-effective MicrowaveNetwork,” ENTELEC, Houston, Texas, 2006
About the Author
Harvey Lehpamer, MSEE, has over 25 yearsof experience in the planning, design anddeployment of transmission and microwavenetworks around the world. Mr. Lehpamer haspreviously worked for Ontario Hydro,Ericsson Wireless Communications, Inc.,Qualcomm Inc., and Clearnet, Inc. He is cur-rently working for CommunicationInfrastructure Corporation (CIC), microwaveengineering company, and has published threebooks. In addition to his daily engineeringresponsibilities, Harvey Lehpamer is teaching
Microwave Transmission Engineering at University ofCalifornia – SD Extension and math classes atSouthwestern College, both in San Diego, CA. He can becontacted at: [email protected][email protected].
Hear Harvey Lehpamer Speak at the
Remote 2008 Conference and Expo
Learn more about his session at: www.remotemagazine.com/rem08_program.php#ci
Comminucation continued from page 23
Figure 4 Document control during the microwave project