For a change, we’re not going to talk about information security today. Instead, this is about industrial data analysis at the Chelyabinsk Pipe Rolling Plant (ChelPipe). Out of the blue? Not really. It’s actually another area of application for our innovations, and it goes by the name “trusted industrial data.”
Raw industrial data
Large enterprises operate thousands of lathes, turbines, furnaces, and other machinery, each with sensors that monitor processes second by second. Did you ever wonder how much data all that industrial equipment generates?
Our experts did, and they found 1,500 signal sources per automated process control system (APCS) at the average enterprise. For giants (for example, companies that manage a nationwide network of trunk oil pipelines), the number can exceed a million. Moreover, each average individual sensor or controller can generate 10,000 to 15,000 measurements per second.
Do you know how much of that data is actually used? It depends on the criticality of the instrument in question, but on average, organizations send no more than 10%–15% of the information they collect to the supervisory control and data acquisition (SCADA) system. That is sufficient to evaluate the system’s operability, and no one wants to overload the SCADA. After all, judging by the amount of data, each signal takes up about 80 bytes.
Therefore, the average APCS can generate approximately 100 gigabytes of raw industrial data per minute — and on a good day uses about one-tenth of it. The other 90% is wasted. And that’s in the age of big data, when data scientists would sell their souls for an extra byte.
How can you put data from industrial sensors to better use?
In general, industrial sensors transmit data to the SCADA system for process control, accident prevention, and so on. In recent decades, such data has also been of interest to enterprise resource planning (ERP) systems and other data analysis mechanisms. However, they don’t collect this data from sensors, but usually from the SCADA system.
In other words, they take only 10% of all information generated. Can you imagine how much more efficient these systems would be with access to all of the data?
What do Kaspersky and ChelPipe have to do with it?
We’ve written about KasperskyOS, our secure operating system for IoT, embedded systems, and other special-purpose applications, and we’ve also talked about our subsidiary scientific production association, Adaptive Production Technology (APROTECH), which is developing an IIoT gateway based on our OS. So, we jointly created this gateway — and not just one; we’re working on two more (but that’s a topic for another post). During the process of implementing the first device, APROTECH experts discovered a great, if nonstandard, use for our system.
In 2019, while testing out use scenarios for the gateway, they started offering it to potential customers for pilot implementation. One of those prospects was ChelPipe. Naturally, we talked to the infosec team first, but before we knew it, the engineers had gotten involved. They too, it turned out, had a specific interest in the device.
After all, why were we developing this device? It was mainly to collect detailed information from IIoT sensors and send it through a trusted channel for further processing. The device architecture minimizes the risk of raw industrial data being substituted or of someone tinkering with the “further processing” system and gaining control over the industrial equipment.
The engineers at ChelPipe were enthused about the idea of obtaining such data in real time. With that access, they could resolve a number of key issues — for example, determine what factors, under conditions that were otherwise equal, cause a change in the process indicators. Armed with this information, they can make operational decisions practically on the fly.
For the pilot implementation, the engineers selected a number of important parameters to control, and APROTECH experts configured the KasperskyOS-based gateway to collect telemetry from the equipment and transmit it to the Siemens MindSphere platform. ChelPipe’s interest lies not so much in the gateway as in the results of processing trusted industrial data, so, working with specialists from Siemens and Sinimex, the engineers created an end-to-end digital service to collect, accumulate, and visualize the data.
Developing the idea further
However, processing raw industrial data for engineering firms is only the beginning. During the implementation process, the capacity to transfer such data over a trusted channel and process it also caught the eye of business analysts, who could use this data to, for example, calculate the margin yield per unit of equipment or of a production site. That is the domain not of engineers, but rather of managing directors.
Generally speaking, the ability to collect full raw industrial data may soon change the process of building forecasts and models not only for engineering, but also for business. Our first cyberimmune industrial data gateway, Kaspersky IoT Secure Gateway 100, will be unveiled at the Hannover Messe trade fair 2021.It is based on the Siemens SIMATIC IOT2040 hardware platform and is capable of securely transferring data directly from industrial equipment to cloud platforms via the OPC UA protocol. You can learn more about the solution on the Kaspersky IoT Infrastructure Security website.