FAW-Volkswagen Automotive Company (FAW-VW) required a high number of communication terminals due to its rapid development. FAW-VW also faced challenges in security management, IT Operation and Maintenance (O&M) costs, and employees work efficiency. FAW-VW needed terminal security protection with reliable access control and user rights management and comprehensive network protection.
Provide a Testbed to allow testing of security claims and other security related testing evaluation.
Urban commute is a pain: most trips are short and existing options just don't cut it. Cars are expensive / hard to park / stuck in traffic Buses are slow / unreliable / stuck in traffic Motorcycles are heavy / require a special license Bicycles are exhausting / range-limited / slow
Benteler Automotive is looking for a solution that can solve the following situations: - Operation of 70 plants in 29 countries with worldwide reliance on components - Identify a seamless way to connect people, process, data and things to expedite the production process
Predictive maintenance refers to techniques that help determine the condition of in-service equipment in order to predict and/or optimize when maintenance should be performed. Predictive maintenance is one of the most important benefits of the Industry 4.0 revolution.
With an increasingly mobile global workforce, ensuring security and applying uniform policy across all users and devices was a critical need. Historically, the company was using two on-premise solutions (Websense and a Squid Linux service) both of which were nearing the end of their contract periods. The company wanted to establish and enforce a global policy for internet access, provide secure access to the internet for all employees and ensure uniform coverage for the growing number of remote users, and mobile devices
Unmanned weather stations play an essential role in the effort to analyze and predict the world's ever-changing weather patterns. The unmanned stations collect and store large amounts of weather data and then download the data at regular intervals to a back-end host for analysis and long-term storage. The computing device housed in the weather station must be robust enough to work continuously for long periods of time while exposed to a wide range of temperatures. It should also be able to collect readings from various sensors that use different data transmission protocols, and have the capability to store large amounts of data.
Whirlpool wanted to add connectivity to appliances and transform the company's relationship with customers. Traditionally, Whirlpool interaction with customers was limited to purchases made once every ten years. Connected washer and dryers provide exciting new features like remote management of start times and inter-machine communication.
Connectivity is empowering more intelligent interactions between consumers and companies. An innovative automaker wanted to design and build a working prototype of a connected vehicle platform to accelerate speed to market and help the company understand today's connected world.
The Terminal Security Management (TSM) system was installed to divide the intranet into several logical parts, enabling centralized system management and domain-based security protection. Key devices deployed in redundancy mode ensured service continuity. The TSM performed access control on the network, terminals, and network boundaries. Security protection measures, such as user authentication, security check, access control, operation monitoring, emergency response, and log audition, ensure network security. Hardware Components - HUAWEI Terminal Security Management (TSM) system - Security Access Control Gateway (SACG)
*This is an IIC testbed currently in progress.*
Aicas, GlobalSign, Infineon, Real-Time Innovations, UL (Underwriters Laboratories), Xilinx
EyeTech Digital Systems, Inc., iVeia, LLC, JUXT, PFP Cybersecurity, PrismTech, SoC-e, Star Lab Corp.
Aerospace & Defense and Communications, Automotive, Industrial Manufacturing, Smart Grid/Energy, Smart Medical
Security Claims Evaluation Testbed – an open and easily configurable cybersecurity platform for evaluation of endpoint, gateway, and other networked components’ security capabilities.
HOW IT WORKS
The security testbed is a comprehensive testbed comprised of three primary tiers: Endpoint, Gateway and Server (Private, Public Cloud). Data sources can include industrial, smart grid/energy, medical, automotive, building automation, and other related endpoints requested for secure operational analysis. Key platform elements of the testbed include:
• Intelligent endpoint monitoring system(s) from PFP Cybersecurity
• Intelligent Gateway from SoC-e
• Real time analytics from Juxt
• Secure runtime Java VM from Aicas
• Private and Public Cloud secure communication from PrismTech
Software utilized for testbed operation is provided by both members and non-members. With the any-to-any connectivity of the programmable and configurable nature of the security testbed and the application software flexibility, a host of interfaces can be supported. This includes sensor inputs -both analog and digital, video/imaging interfaces, along with a wide range of communications protocols, ranging from Industrial Ethernet protocols to other secure messaging protocols (DDS, XMPP, MQTT, REST, others).
The primary objective of the Security Claims Evaluation Testbed is to provide an open and easily configurable cybersecurity platform for evaluation of endpoint, gateway, and other networked components’ security capabilities. The testbed will enable participants to connect their equipment to a system of other endpoints, gateways, etc. to evaluate the security capabilities of their equipment, interoperability to other devices, and verify the critical areas of their architecture pattern are secured as outlined in the Industrial Internet Consortium Reference Architecture.
Industrial Internet Consortium members and non-members have the ability to connect their equipment to the testbed to evaluate the security of their devices within two different scenarios; individually on a device level as well as with a system of other endpoints, gateways, etc. This includes exploration of methodology and collection of evidence to demonstrate the system operational security processes supporting the key characteristics of the system relative to evaluation of the participant’s claims. Additionally, the testbed enables the evaluation of the critical areas of an architecture pattern that need to be secured as outlined in the Industrial Internet Consortium Reference Architecture.
The testbed will be rolled out in three stages. The first being initial deployment in a lab environment, second in a micro-factory environment and third phase as determined by the growth of the testbed. The security testbed phased release approach provides a unique learning opportunity to evaluate security vulnerabilities at a device level and system level prior to large scale deployment across many key applications driving the Industrial Internet of Things (IIoT) / Industry 4.0.
Wind River is now currently developing technology for Monday Motorbikes, an electric, Cloud-connected motorbike that connects with smartphones. Their IoT platform brings the performance, security, real-time management, and analytical capabilities necessary for extracting, combining, and analyzing device information to support real-time decisions and systems controls. Wind River Helix helps to manage diverse devices and translate all kinds of data for travel across networks and into analytical cloud systems, where businesses and other organisations can gain insights for operational efficiencies and transformative improvements. Functions of the Cloud-connected motorbike includes end-to-edge connectivity, device manage and software / firmware-on-the-air. Motorbikes are connected at 28 separate data points for R&D, battery optimization, predictive maintenance and software/firmware updates. There are 2 operating nodes from the cloud, namely economy and sport modes, with a software defining the speed limits. To prevent theft, geofencing is created to shut down outside a geographical limit. IoT security in embedded devices: • Meets specs for IEC 61508 and IEC 62304 • “Designed-in” security into embedded devices w/ Wind River Operating systems • Design the concept of lifecycle security into devices - prevent unsecured connectivity • Wind River is working with Auto Industry to secure devices remotely (no need to bring back into the station to update) Data on battery’s performance is stored in the cloud so that users can see the bike’s battery life regardless of location. Specially designed batteries are structured such that cells can be replaced easily whenever it loses efficiency, hence saving the need of disposing the battery, which results in negative environmental impacts.
- Cisco’s Application Centric Infrastructure (ACI) and ruggedized routers and switches provide a robust foundation to power production - Benteler works with Cisco Partners Nemetris and CANCOM DIAS to connect tools, parts and belts in each factory to each other and to a central location - End-to-end solution developed through applications supported by fog computing and cloud, integrated hardware and software components
By consolidating the machine data from many different locations in a central place, the optimization of machines and production processes is possible. Thanks to a remote maintenance solution from the Roth Group including components from Endian and the cloud solutions from Amazon Web Services, customers in any industry can benefit today from the advantages of digitization.
After looking at the management overhead, functionality and support capabilities of the three alternatives they decided that a cloud-based solution was the best option. Zscaler's solution provide uniform coverage across the on-premise and remote users, with advanced threat protection, Web 2.0 controls and reporting functionality.
- Cloud based web proxy solution
Protocol Conversion and Front-end Data Processing The data collected by a typical unmanned weather station includes temperature, rainfall and snow accumulation, air pressure, humidity, and ultraviolet intensity. One of the tasks that the UC-7420 unit must handle is protocol conversion, since there is no guarantee that the devices collecting the weather data all use the same protocol. In addition, the UC-7420 can be used to do preliminary data processing before downloading data to the central computer. MOXA's UC-7420 is ideally suited for these tasks, since the user can easily embed a C program that is custom written for the devices used at the station. If future changes involve adding or removing devices, the programmer simply needs to modify the C code, recompile it, and then download the executable program over the network to the UC-7420 unit. Connecting to the Network and the Internet In addition to being programmable, the UC-7420 also offers users an array of connection options. To begin with, data entering the serial ports from attached sensors can be processed and then forwarded through one or both of the dual Ethernet ports to the LAN. One of the serial ports can also be connected to a V.90 or GPRS modem for PPP connections, and a PCMCIA port is available for installing a wireless LAN card for 802.11b/g networks. By including multiple connection options in the UC-7420's design, user's gain the flexibility needed to connect from virtually anywhere. Combinations of connection types can also be used to provide redundancy. For example, if unavoidable network problems cause an interruption in service, the user can connect by modem. CompactFlash Storage Space One of the dilemmas faced when creating a "small" computer is how to provide users with adequate storage space. For unmanned applications, it is best if the storage device does not contain moving parts. Although hard drives may seem to last forever for day-to-day use, we cannot make this assumption for continuous use at remote locations. The UC-7420 overcomes this problem by providing a CompactFlash slot. If needed, flash memory cards with storage capacity of up to several gigabytes can be used to store data until it is convenient to transfer the data to a central computer.
Whirlpool partnered with Arrayent to bring connectivity to their new Smart Grid appliances. Arrayent Connect provided a low-cost, low-latency, and high reliable IoT platform that dramatically reduced time to market for a new set of connected appliances. Solution Assessment - Type: IoT - Maturity: Cutting Edge (technology has been on the market for <2 years)
Flex's design team partnered with the automaker's researchers to develop specifications to meet their needs: a long battery life, worldwide connectivity, a modular platform, and powerful antennas. Flex's cross-industry team of electrical and mechanical engineers, industrial designers, and cloud and software developers created a fast-turn electrical and mechanical design, complete with embedded technologies for communication, mobile application for analysis and intelligence, and cloud storage for data gathering. Software Components - Flex Cloud Platform
FAW-Volkswagen Automotive Company (FAW-VW) is a Chinese joint venture between First Automobile Works (FAW) and Volkswagen Group. The enterprise has almost 20,000 employees working in three major production bases and 500,000 employees working along the vehicle production chain in 1,000 related enterprises.
Monday Motorbikes builds state-of-the-art motorcycles that are connected to the cloud. Monday Motorbikes offers the latest and highest density cells on the market within standard battery configuration. Their flagship model, the M-1, allows the user to nimbly navigate the city without the need for registration and insurance, or even a license. By limiting power output through software, the M-1 falls under the federal electric bicycle regulations of the U.S.A and most states in their Economy mode.
Benteler International AG is a Management Holding Company, coordinating legally independent, internationally active business divisions Automotive, Steel Pipes and Distribution. Benteler was founded in 1876.
A global, multi-billion dollar automotive supplier headquartered in Michigan, USA, manufactures and markets high-performance systems and components for the automotive industry. The company employs about 20,000 people in over 70 locations spread across 18 countries.
The Whirlpool Corporation is an American multinational manufacturer and marketer of home appliances. The Fortune 500 company has annual revenue of approximately $21 billion, 100,000 employees, and more than 70 manufacturing and technology research centers around the world.
|Solution Maturity||Emerging (technology has been on the market for > 2 years)||Emerging (technology has been on the market for > 2 years)||Cutting Edge (technology has been on the market for < 2 years)||Mature (technology has been on the market for > 5 years)||Mature (technology has been on the market for > 5 years)||Mature (technology has been on the market for > 5 years)||Mature (technology has been on the market for > 5 years)||Cutting Edge (technology has been on the market for < 2 years)||Cutting Edge (technology has been on the market for < 2 years)|
Security protection measures, including user authentication, security check, access control, operation monitoring, emergency response, log audition
IoT security in embedded devices
• Hippa compliance / going digital
• Designing in security into embedded devices (Helix platform)
• Design the concept of lifecycle security into devices - prevent unsecured connectivity
• Wind River is working with Auto Industry to secure devices remotely (no need to bring back into the station to update)
• 'biggest competitor is the roll your own solution' - people think its faster and cheaper to do it themselves
User data, energy consumption, frequency of use of functions
Technical measure for connected cars
|Original Full Case Study|| Open in new tab|| Open in new tab|| Open in new tab|| Open in new tab|| Open in new tab|| Open in new tab|| Open in new tab|| Open in new tab|| Open in new tab|
|Youtube Video ID|
|Use Cases||Cybersecurity ||Security Claims Evaluation||Process Control & Optimization (PCO)||Manufacturing System Automation||Predictive Maintenance (PdM)||Process Control & Optimization (PCO)||Process Control & Optimization (PCO)||Microgrid||Factory Operations Visibility & Intelligence |
Universal Platform - Unified security policy customization is enabled through the TSM system centrally manages FAW-VW’s terminals.
Enable manufacturers to improve the security posture of their products and verify alignment to the Industrial Internet Consortium Security Reference Architecture prior to product launch to help accelerate time to market.
Data on battery's performance is stored in the cloud so that users can see the bike's battery life regardless of location.
Connected every aspect of the factory together to: Realize better production, Create changeovers, Establish operational efficiencies
Total Cost of Ownership - Total cost of ownership is lowered due to reduction in IT infrastructure costs.
Multiple connection options for greater networking versatility. Maintenance personnel can monitor from a remote location
Energy Efficiency - The amount of energy used in equipment operation can be lowered.
Universal Platform - Connected communications, including embedded, mobile, and cloud infrastructure in vehicles are enabled through Flex's solution.
Data Safety - Refining user rights management policies has ensured that users have the access rights to resources only required in their service of operation.
Specially designed batteries structured such that cells can be replaced easily whenever it loses efficiency (saves the need of disposing of the battery, which also results in environmental impacts)
Data Security - Centralized security and access policies are enabled for all of client's locations worldwide, covering both on-premise and remote users.
Programmability gives system integrators infinite possibilities. No fan, no hard drive design for longer MTBF. CompactFlash slot for adding gigabytes of storage space
User Experience - Cloud solutions enable aggregation of 'big data' to enable more robust analysis to improve customer experience.
Data Aggregation - Cloud solutions enable aggregation of 'big data' to enable more robust analysis and lower costs.
Data Aggregation - Cloud solutions enable aggregation of 'big data' to enable more robust analysis and lower costs.
Geofencing enablement through cloud (prevent theft with location identification & remote stop)
High Acceptance - Better user acceptance with less operative training is required.
Validation of Functions - Use data enables product development teams insights into when and how frequently functions are used for consideration in future design modifications.
End-to-end Service Delivery - Deeper integration of information across departments and business units improves internal collaboration and end-to-end customer service.
Connecting the bike at 28 separate data points for R&D, battery optimization, predictive maintenance, geofencing and software/firmware updates.
Cheaper electricity cost at $0.21 for a full charge, with an integrated 5 hours Smart Charge.
|Software||Wind River Helix Device Cloud||Arrayent IoT Platform|
|Tech Partners||GlobalSign Inc.RTIXilinxIndustrial Internet Consortium (IIC)||Intel|
IoT Snapshot: Hardware
|Processors & Boards|
|Sensors & Actuators|
|Devices & Equipment|
IoT Snapshot: Software
|Software as a Service|
|Platform as a Service|
|Infrastructure as a Service|
IoT Snapshot: Service
|Construction & Buildings|
|Equipment & Machinery|
|Logistics & Warehousing|