INDUSTRY 4.0 IS UNSAFE. OR IS IT?

The world is evolving; second-by-second, day-by-day it evolves towards new frontiers with the evolution of technology. So does the industry. Everything has become wireless, interconnected, and easier to control even without being on site but is it perfectly secure and safe while being more and more easier to control? This article is a brief analysis of the security concerns of the new iteration of industrial evolution, “Industry 4.0” with reference to some recent incidents.

WHAT IS INDUSTRY 4.0?

Industry 4.0 is the latest iteration of the industrial revolution with technological advancement. With the influence of factors such as the internet, wireless communication, “M2M” (Machine to Machine) communication through “IoT” (Internet of Things) concept, IPv6 addressing mode, Machine Learning, etc. the modern industry has evolved into a “Cyber Physical System” from the basic mechanized systems of the age of industrial revolution.

These smart-systems are equipped with modern attributes like;

• Decentralized decision making – Ability of the Cyber-Physical System to make its own decisions based on continuous data analytics performed through Machine Learning algorithms
• Interoperability – Ability of the system to connect and communicate remotely with the system users and administrators via the Internet
• Information Transparency – Ability of the system to create a virtual copy of the exact physical system and its ability to test out several operating scenarios prior to the physical implementation (Basically conducting a simulation of the working environment)
• Technical Assistance -  Assisting humans by performing tasks that are considered to be hard, exhausting, and dangerous to humans

for a much more optimized and user-friendly operation of the said system. (Source: - ECEN 5053-002; Developing Industrial Internet of Things 1: - IoT Markets and Security; Prof. Dave Sluiter; University of Colorado Boulder)

However, with the scale of the interconnection of these systems share with the outside world and the components within these systems, it’s accurate to assume that these systems are quite vulnerable to external security threats than prior generations. Therefore, the ‘Security’ of these “IIoT” (Industrial Internet of Things) based systems should be a primary concern from the basic stages of system implementation.

IIoT SECURITY

As mentioned before there are quite many attack possibilities towards the IIoT systems. They can be listed as brute force attacks, a man in the middle attacks, replay attacks, side-channel attacks, physical components (Power, RF, Temperature) manipulation attacks, and so on. Therefore, you may realize that IIoT security is not a minor aspect that can be ignored or treated lightly.

As countermeasures for high threat possibilities, there are some major techniques, opinions, and practices that are proven to be effective for countering those threats. They can be majorly listed out as follows.

·         Using known and verified data encryption algorithms

·         Using updated firmware and software solutions in IoT systems

·         Considering ‘Security’ as a fundamental concern of the system

·         Building a ‘Security’ mindset for system implementation

·         Constant monitoring and updating of the system security

Some recent examples prove the importance of the above-mentioned techniques as perfect security measures.

USING KNOWN AND VERIFIED DATA ENCRYPTION ALGORITHMS

Since the IIoT systems have the key feature of remote connectivity data transmission comes as a basic need of the system. Although that interconnectivity comes through the insecure, public communication channel of the internet. Therefore, the data which is transmitted through the internet is exposed to many external threats and attackers. So the integrity of data should be protected. That’s where the concept of encryption comes in.

Encryption is basically converting the ‘clear text’ which is to be protected to a ‘cypher text’ which we get after encryption prior to transmission. By encrypting we can make our data impossible to read without the designated decryption key, thereby ensuring that the data is not accessible for a 3rd party other than the sender and receiver.

There are some standard encryption methods and algorithms that are frequently used in IIoT data security such as ‘AES CBC’ (Advanced Encryption Standard Cipher Block Chaining), ‘AES ECB’ (AES Electronic Code Book), AES XTS (for data storage), Diffie-Hellman method, PGP (Pretty Good Privacy) method, RSA (Rivest-Shamir-Adelman) method, Hash functions, MACs (Message Authentication Codes) and so on. Apart from that, to ensure data integrity while transmitting via web sites, communication methods like TLS (Transport Layer Security) & SSL (Secure Socket Layer) are used. Therefore, it is pretty obvious that data security and integrity is certified with these encryption techniques.

For example, let’s consider a recent incident. The electronic lock manufacturer for ATMs “Kaba Mas” high security electronic combination locks have encountered a serious design flaw in their lock systems. A cybersecurity researcher discovered electronic feedback which is emitted through the lock circuitry which can be observed through an oscilloscope, as perusing a stethoscope to crack the lock key combination of the old safes. This electric feedback has become a severe drawback of the system such that it allows to copy the EEPROM contents to its CPU and unlock it; making these modern safes vulnerable for attackers those who can open these in a matter of minutes.

The most important fact is, a more upgraded version of the same lock was introduced with the same vulnerability later but this new system used “AES” system encryption to encrypt the unlock key. Although the system had the same drawback that mentioned before, breaking into it has become almost impossible, computationally expensive, and time consuming with the use of the encryption algorithm to encrypt the unlock key. This is not a justification of using encryption algorithms just to cover up the technical failure. But just by using a verified encryption algorithm in your system makes it less vulnerable for the attacks. (Source - WIRED; “How Safecrackers Can Unlock an ATM in Minutes - Without Leaving a Trace”; Andy Greenberg; 08/09/2019)

USING UPDATED FIRMWARE AND SOFTWARE SOLUTIONS IN IoT SYSTEMS

The IIoT systems are sophisticated and complex. Therefore, they often depend on a number of software and firmware solutions not only to maintain optimal working conditions of both software, hardware components but also to make them up to date with countermeasures for the latest security threats. Keeping those software and firmware up-to-date is considered to be a key concern of system maintenance. Otherwise, it is considered to be malpractice and the particular happens to be more vulnerable to security threats than an up-to-date system. The following is a comprehensive example of that. 

As we know, due to the recent outbreak of ‘COVID-19’ pandemic, healthcare, and medical services attracted a lot of attention towards them. Due to the reduced workforce, IoT based systems are the ideal solution for the optimized operation of healthcare services. However, the implementation of these systems shows poor configuration structures and more vulnerable to threats compared to the other systems. It is known that the IIoT solutions based on medical and healthcare platforms give much less attention to the security feature of the system than other respective fields. As mentioned above, the escalated security vulnerabilities of the medical sector-based IoT systems during the past breakout period might have been due to another critical reason as the author mentions.

 “IoT devices are notoriously behind when it comes to the operating systems they are using, and many more are unpatched. In fact, 83% of IoT devices are no longer running supported software.”

So that it is quite obvious that being up-to-date with the software and firmware you use in your system determines the vulnerability of your system to the external security threats. The more up-to-date, the less vulnerable you are. Apart from that running on non-supported software might result in frequent authentication errors in data transmission between devices and can result in an under-performing system that is also highly vulnerable to security threats. (Source - DARK Reading; “Social Distancing for Healthcare’s IoT Devices”; Ori Bach; 6/3/2020)

CONSIDERING ‘SECURITY’ AS A FUNDAMENTAL CONCERN OF THE SYSTEM 

(Courtesy: - Prof. Dave Sluiter; University of Colorado Boulder)

Building an IIoT system is a quite complex job concerning the number of component layers, subsystems, software that has to be built. Along with these components, there is another key feature that should be considered throughout the building and implementation stages of the system, “Security”. It should not be considered as another sub-element of the system, after its construction. Security should be considered as a key element from the basic stages of the system. Otherwise, it would be more vulnerable for external threats and it would be pretty much impossible to even diagnose the system to see what had gone wrong in case of an attack. The following is a good example of that.

As we know, due to the recent outbreak of ‘COVID-19’ pandemic, healthcare, and medical services attracted a lot of attention towards them. Due to the reduced workforce, IoT based systems are the ideal solution for the optimized operation of healthcare services. However, the implementation of these systems shows poor configuration structures and more vulnerable to threats. It has been reported in an article.

 As the article says, “Many hospitals do not separate their IoT devices from other resources, such as databases storing patient records. The lack of separation simplifies discovering the prime targets. Attackers will then either steal the information or launch a ransomware attack.”

It is possible to assume that the system security has not been a fundamental concern of the people who configured that particular system and that was the reason for them to not separate those database resources from direct access with the IoT devices without implementing a security layer first. (Source: - DARK Reading; “Social Distancing for Healthcare’s IoT Devices”; Ori Bach; 6/3/2020)

BUILDING A SECURITY MINDSET FOR SYSTEM IMPLEMENTATION 

(Courtesy: - Prof. Dave Sluiter, Mr. Don Matthews; University of Colorado Boulder)

The security mindset is basically a way of critical thinking and reviewing something in a way that others don’t do. According to Bruce Schneier 

“This kind of thinking is not natural for most people. It's not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary, or a criminal. You don't have to exploit the vulnerabilities you find, but if you don't see the world that way, you'll never notice most security problems” 

(Source: -WIRED; Inside the Twisted Mind of the Security Professional; Bruce Schneier; 20/03/2008)

In another perspective, the security mindset can be explained as follows. The designer would always be thinking about the ways that it can be bypassed, broken into or hacked, from the very beginning of the system building and implementation process.

As Prof. Dave Sluiter mentions “When working in security, it is an unwise the mental mindset to make statements such as: “That’s impossible”, or “No one will ever figure this out” and other such absolute statements. A better mindset is one that blurs the line between TRUE and FALSE, mental positions such as likely/unlikely, probable/improbable, and practical/impractical. The world is full of some very clever and well-funded people.” He lines up some perfect examples for that; which are the cracking of WWII German Enigma machine by Alan Turing, the sophistication of work done by “Israeli Mossad” & “US NSA” etc. (Source: - ECEN 5053-002; Developing Industrial Internet of Things 1: - IoT Markets and Security; Prof. Dave Sluiter; University of Colorado Boulder)

“Security through obscurity is not security” - courtesy of Don Matthews

According to those expert opinions, security would never be a 100% perfection. It would always be a perspective of “good enough”. Therefore, building such a mindset for a security developer might do some good in system implementation.

CONSTANT MONITORING AND UPDATING OF THE SYSTEM SECURITY

As we all know, continuous monitoring and maintenance of the system should be a key feature of a secure system. After being implemented, the system should better to be continuously tested for hidden vulnerabilities and blind spots for security threats. This might sound quite as same as the second point mentioned- above, using updated software and firmware in the IIoT system. In fact, this basically means that the system should always be tested again and again for security vulnerabilities. There might be hidden vulnerabilities in the system that nobody else could see.

By a security research organization, a white hat hacker, or anyone with the ability and clearance to do the testing; it is a good practice to continuously test the system for security vulnerabilities. If a system is left alone without such monitoring many protocol errors can occur, providing backdoor access to external parties to take control of the system and putting the whole operation to jeopardy. The following is a good example of that.

Such kind of occurrence has happened in a system implemented using “BACnet” data communication protocol for building automation. This web-based data communication protocol had a vulnerability that can be used to modify web application code by injecting “Javascript” in the BACnet device. However, the real issue was the company not responding to the disclosure of these vulnerabilities, even after they were informed by the independent cybersecurity researcher. This may not only damage the system but also damage the reputation of the company. I realized with this, that we should constantly monitor the systems we implement, even after they are setup. Also, we should have the idea of not having a 100% secure system so we might have to acknowledge the feedback of the responsible 3^rd parties like the above-mentioned researchers, in order to make the system as secure as possible. (Source - Computer Weekly; “BACnet IoT building automation devices vulnerable to attack”; Warwick Ashford, Senior Analyst; 13/08/2019)

A similar case has been reported in “Delta industrial control systems”, with a bug caused by a buffer-overflow vulnerability; making the system vulnerable to even broadcast traffic attacks (not directed to the particular IP of the system network) letting the attackers to even take over the system and remotely manipulate it. It was said that if the attack was targeted, the shortcomings might have grown exponentially. The vulnerability has been discovered by the MacAfee Security research team, thus briefing the manufacturer to issue a software patch right away to address the issue. This shows that security should be constantly monitored and updated and not a field to just look over and ignore once setup. (Source - Threat Post; “DEF CON 2019; Delta ICS Flaw Allows Total Industrial Takeover”; Tara Seals; 09/08/2019)

CONCLUSION

Looking back on the heading  INDUSTRY 4.0 IS SAFE OR ISN’T IT?  Yes, it is safe enough to rely on the latest iteration of the industry and move on with it. And Yes, it is safe to invest in the future frontiers of the IoT based market and industrial opportunities. See the statistical analysis for market growth here. IoT Technology Market Forecast till 2022

So, in conclusion, the IIoT sector is quite safer than we think. But we should keep in our minds that “There’s no such thing called perfect, 100% security”. 

An article by:

M. Nimantha Rukshan Fernando

Junior Treasurer,

IESL YMS,

University of Sri Jayewardenepura.

Naval Architecture

“It wasn’t just a ship. It was a ship of dreams.”  That’s how the people defined the “Titanic” before her maiden voyage. That proves   how they wondered by seeing a great ship, that great vessel. Even though people talk about the Great ships like titanic, many of them haven’t much knowledge about ship designing. However the way of designing ships is called “Naval Architecture”.  It is a very interesting field to study. But it’s not very popular in Sri Lanka.

The difference between “marine engineering” and “naval architecture”, “naval architecture” means designing of the vessel. Naval architect is a professional engineer who is responsible for the design, construction, building and repair of the ship  ”Marine engineering” means integration of the all components of the ship. Marine engineers ensure that ship systems function as expected.  Colombo dockyard is the best place to gain knowledge about naval architecting & marine engineering. Naval architects should have knowledge about following subjects such as thermodynamics, hydrodynamics, material science, Resistance and propulsion in ship design, ship hull strength, floating and stability etc.

Type of ships

Designing this kind of a huge vessel is not an easy task. Naval architects have to apply the every engineering, scientific and ergonomically related factors to make a successful great vessel as an output. Followings are the preliminary factors considering in the design or build a ship.

·         Dimensions

·         Displacement

·         Stability of the structure

·         Propulsion characteristics

·         Hull formation

·         General arrangement

·         Principal structural details

Also Ships are classified to different types of categories according to their purpose, size, and type. These are some of them.

Ø  Container Ships

These are used for carrying huge load of cargo containers overseas

Ø  Bulk Carrier Ships

These ships are used for transport unpackaged bulk cargo such as coal, food, cement, ore, steel coils etc.

Ø  RoRo / Roll on Roll off  Ships

Special type of ships which are used for the transportation of automobile vehicles. Entrance to the vessel is at front (bow) or back (aft) or both sides

Ø  Tanker Ships

Tanker ships are specialized for carrying large amount of liquid cargo.

Ø  Passenger ships -The primary function of this ship is transporting passengers on the sea. Also known as cruise ships. In modern day these ships are similarly to ‘floating cities’

Ø  Offshore Vessels

Use for construction jobs in the sea, scientific researches and oil explorations

Ship Constructions

There are uncountable components casting up together to build a gigantic ship. In the construction sites each of the block parts of the ship are built and assembled Most of the parts are assembled and joined by welding. However there are lots of technical processes related to the ship construction.

The hull of the ship usually has curvature shapes. But it  is not easy to produce as it is. There are some special methods use to bend the metal sheets in ship yard. This process is called “plate bending” .In this process curved surfaces can be divided in to two groups. “None developable surfaces” and “Developable surfaces”.

·        None developable surfaces- this shape cannot be produced by direct rolling or hydraulic Bending of straight plates. Producing method of this product is a kind of a example for reverse engineering.

                        

·        Developable surfaces- this shape can be produced by direct rolling or hydraulic Bending of straight plates.

 

         

· Hydraulic press is another essential machine used in ship construction sites. This is used for purposes like plate bending, straitening of pre-bent plates etc. Hydraulic pressing is a beneficial process for ship construction as well as other industries. This is a cold work process. Hence there is no residual stress generating on the metal plates. It is an advantage. But the main disadvantage of above process is “Elastic spring back”.

                      In that case when the hydraulic ram gives a stress on the plate more than the proportional limit the plate enters a plastic region. After when the machine is unloaded the unloading takes place along a line that is parallel to linear part of the stress strain curve up to the proportional limit. Therefore the actual deformation obtained is less than what was actually required. (Shown in below)

Furthermore shell plates are rolled by using “plate rolling” method. This is used to correct the curvature obtained by hydraulic press. Two lower rollers are driven and the plate is fed above them. The top roller, larger in diameter than the other lower two rollers, rotates along with the motion of the plate. A hydraulic beam is used above the top roller to apply downward load on the plate.

                               

Before welding came into popular use in the early 1900s, every ship was constructed on the building berth. The each part and framed structure was held together by long pieces of wood called ribbands. Plating was then added and all the parts of the structure were riveted together. In modern ship building each of parts is built up from subassemblies or component parts, which are then welded together to form the complete section.

Main parts of a ship

v Stern

The back part of the ship. Some scientific factors such as Hydrodynamic efficiency, construction simplicity, flow patterns are considered for designing a ship’s stern. It should induce to avoid vibrations. The stern should be able to keep uniform inflow of water to propeller. Hence it cause to high propulsive efficiency. There are main 3 types of sterns. Elliptical Stern, Cruiser stern, Transom stern

The stern and in particular its underside effects the propulsion efficiency. Reduce the turbulence in the area between propeller and outer surface above the propeller accrete its efficiency. (shown in the Figure 08)

Ø Important facts

·       Benefits of having elliptical stern includes larger deck space in the back-word (aft) deck. Massive amount of excess buoyancy is provided.

·       The deck of the ships which has transom stern can easily get wet during reversing operations and in a heavy sea.

·       A lot of research is still carried out to find even better & effective stern structure.

The Naval Architects of “Queen Mary 2” designed a hybrid stern by a rounded fixed to the square shape as a response to the rough seas that the ship would experience in a North Atlantic. This is called as a “Constanzi Stern”. A constanzi stern provides the transom which required for azimuthal pod propulsions, and provides better sea holding characteristics.

v   Propeller

        Propeller is a rotating fan. The function of the propeller is propelling the ship by using the power generated and transmitted by the main engine of the ship. Actually the propeller works by turning torque into a thrust. There are forces created by moving the water away from the blades of the propeller and these forces are what helps move the ship forward. The water, coming across the propeller, gets a cone shape, widening when it leaves the propeller. Ship propellers on the basis of Bernoulli’s principle and Newton’s third law. Normally a ship can be made with a single propeller or double propellers or specially with three propeller. It depends on the requirements of the ship. Sea water is a corrosion accelerator. So the manufacturing material of the propeller must be a corrosion resistant material. Alloy of aluminum and stainless steel is mostly used for this. Stainless steel is made up of iron, chromium, nickel, manganese and copper.  The chromium is added as an agent to provide corrosion

v   Hull

Hull is the most important part of the ship. If there would be a failure in the hull, since all the other functionalities in the ship doesn’t even matter. Because this is the outer cover of the ship. Mostly mild steel use as the raw material. The first step in designing a hull of a ship is designing its shape and form. The form of the ship’s hull is measured by using some special various coefficients

·        Block Coefficient - ratio of the ship’s underwater volume to the volume of the imaginary rectangle surrounding the underwater portion of the hull. Value of this coefficient should be less than 1.

·        Midship coefficient - This coefficient is the ratio of the submerged area of the midship section to the surrounding rectangle

        These are the main steps of the hull construction.

1. Calculation of Loads on the Hull
2. Scantling Calculations for Midship(for girders, beams, plates)
3. Midship Section Modulus( bending stress at the deck and the keel,safety factors are calculated in this step)
4. Frame-wise Scantling Calculation
5. Calculation of Steel Weight
6. Development of 3D Structural Model and FEA Analyses.

References

1.Mark Snell Vessel Types Explained. [online]. Port info. Available at: < https://www.portinfo.co.uk/portinformation/ourmaritimeblog/vessel-types-explained > [28th April 2020].

2.Marine insight. 2020. [online] Available at: <https://www.marineinsight.com/naval-architecture/hull-ship-understanding-design-characteristics/> [Accessed 27 April 2020].

3.Ship Propellers - An Overview | Sciencedirect Topics. [online] Science direct. Available at:  <https://www.sciencedirect.com/topics/engineering/ship-propellers> [Accessed 04 May 2020].

4.2020. Propeller, Types Of Propellers And Construction Of Propellers. Marine Insight.  [online] Available at: <https://www.marineinsight.com/naval-architecture/propeller-types-of-propellers-and-construction-of-propellers/> [Accessed 02 May 2020].

5.Naval Architecture - Strength of Ships. [online] Britannica. Available at: <https://www.britannica.com/technology/naval-architecture/Strength-of-ships> [Accessed 01 May 2020].

6.Sinha, T., 2020. Different Types of Sterns Used For Ships. [online] Marine Insight. Available at: <https://www.marineinsight.com/naval-architecture/different-types-ships-sterns/> [Accessed 03 May 2020].

7.Encyclopedia Britannica. Ship | Watercraft. [online]. Available at: <https://www.britannica.com/technology/ship> [Accessed 03 May 2020].

8. Chakraborty,S,2013. Ship Construction: Plate Machining, Assembly of Hull Units And Block Erection. [online] Marine Insight. Available at: <:https://www.marineinsight.com/naval-architecture/ship-construction-plate-machining-assembly-hull-units-block-erection/> [Accessed 26 April 2020].

9.Fracking Boom Sends Chemical Tankers to Five-Year High – gCaptain. Science direct. Available at: <https://www.sciencedirect.com/topics/engineering/ship-propellers>. [Accessed 26th April 2020].

10.What is Block Coefficient of a ship?. Available at: http://marinegyaan.com/what-is-block-coefficient-cb-of-a-ship/> [Accessed 28 April 2020].

11.Marine Insight. Available at: < https://www.marineinsight.com/naval-architecture/types-of-bow-designs-used-for-ships/> [Accessed 29 April 2020].

Heshan Dharmapala

Department of Manufacturing and Industrial Engineering

University of Peradeniya