2014年2月24日 星期一

Acrosser Introduces the Book-Sized Fanless Mini PC Video

To illustrate the high performance of AES-HM76Z1FL, Acrosser created a short film, explicating the multiple features of our ultra thin embedded system. From its exterior look, this book-sized mini PC embodies great computing performance within its small form factor.

The arrangement of the I/O slot has taken product design and industrial applicability into consideration perfectly. Despite AES-HM76Z1FL’s small form factor, a wide selection of I/O ports including HDMI, USB, LAN, COMBO, GPIO and COM can be found on both sides of the product. Moreover, our model can be integrated horizontally or vertically, making it a flexible option that caters to many different industries. We are sure that these concepts make AES-HM76Z1FL a more feasible choice than other embedded systems.

The second part of the video demonstrates the 4 major applications of our AES-HM76Z1FL mentioned in our previous announcement: digital signage, kiosk, industrial automation and home automation. Aside from these four applications, Acrosser believes there are still many other applications for which the AES-HM76Z1FL would be useful.

Through the video, Acrosser was able to demonstrate the best features of the AES-HM76Z1FL, and allow our customers to easily see its power and versatility.



Finally, we would like to offer our gratitude to the vast number of applicants for the Free Product Testing Event. This program is easy to apply to, and still going on right now! Having reached the halfway mark for the event, many system integrators and industrial consultants have already provided plenty of interesting ideas for us. For those who have not applied the event, Acrosser welcomes you to submit your amazing proposals!

Product Information:
http://www.acrosser.com/Products/Embedded-Computer/Fanless-Embedded-Systems/AES-HM76Z1FL/Intel-Core-i3/i7-AES-HM76Z1FL.html

Contact us:
http://www.acrosser.com/inquiry.html

2014年2月16日 星期日

Enhanced Cybersecurity Services: Protecting Critical Infrastructure



Comprehensive cybersecurity is an unfortunate necessity in the connected age, as malwares like Duqu, Flame, and Stuxnet have proven to be effective embedded pc instruments of espionage and physical sabotage rather than vehicles of petty cybercrime. In an effort to mitigate the impact of such threats on United States Critical Infrastructure (CI), the Department of Homeland Security (DHS) developed the Enhanced Cybersecurity Services (ECS) program, a voluntary embedded system framework designed to augment the existing cyber defenses of CI entities. The following provides an overview of the ECS program architecture, technology, and entry qualifications as described in an "on background" interview with DHS embedded pc officials.

At some point in 2007, an operator at the Natanz uranium enrichment facility in Iran inserted a USB memory device infected with the Stuxnet malware into an Industrial Control System (ICS) running a Windows Operating System. Over the next three years, the embedded system would propagate over the Natanz facility's internal network by exploiting zero-day vulnerabilities in a variety of Windows OSs, eventually gaining access to the Programmable Logic Controllers on a number of Industrial Control Systems (PCSs) for the facility's gas centrifuges. Stuxnet then injected malicious code to make the centrifuges spin at their maximum degradation point of 1410 Hz. One thousand of the 9,000 centrifuges at the Natanz facility were damaged beyond repair.

In February 2013, Executive Order (EO) 13,636 and Presidential Policy Directive (PPD)-21 ordered the DHS to develop a public-private partnership model to protect United States CI entities from cyber threats like Stuxnet. The result was an expansion of the Enhanced Cybersecurity Services (ECS) program from the Defense Industrial Base (DIB) to 16 critical industrial pc.

Enhanced Cybersecurity Services framework

At its core, the embedded system pc is a voluntary information-sharing framework that facilitates the dissemination of government-furnished cyber threat information to CI entities in both the public and private sectors. Through the program, sensitive and classified embedded system information is collected by agencies across the United States Government (USG) or EINSTEIN sensors1 placed on Federal Civilian Executive Branch (FCEB) agency networks, and then analyzed by DHS to develop "threat indicators". DHS-developed threat indicators are then provided to Commercial Service Providers (CSPs)2 that, after being vetted and entering a Memorandum of Agreement (MOA) with DHS, may commercially offer approved ECS services to entities that have been validated as part of United States CI. The ECS services can then be used to supplement existing cyber defenses operated by or available to CI entities and CSPs to prevent unauthorized access, exploitation, and data exfiltration.

In addition, CSPs may also provide limited, anonymized, and industrial cybersecurity metrics to the DHS Office of Cybersecurity & Communications (CS&C) with the permission of the participating CI entity. Called Optional Statistical Information Sharing, this practice aids in understanding the effectiveness of the ECS program and its threat indicators, and promotes coordinated protection, prevention, and responses to malicious cyber threats across federal and commercial domains.

Enhanced Cybersecurity Services countermeasures the initial implementation of ECS, including two countermeasures for combating cyber threats: Domain Name Service (DNS) sinkholing and embedded pc e-mail filtering.

DNS sinkholing technology is particularly effective against malwares like Stuxnet that are equipped with distributed command and control network capabilities, which allows threats to open a connection back to a command and control server so that its creators can remotely access it, give it commands, and update it. The DNS sinkholing capability enables CSPs to prevent communication with known or suspected malicious Internet domains by redirecting the network connection away from those domains. Instead, CSPs direct network traffic to "safe servers" or "sinkhole servers," both hindering the spread of the malware and preventing its communications with embedded pc cyber attackers.

The e-mail filtering capability is effective in combating cyber threats like Duqu, for example, which spread to targets through contaminated Microsoft Word e-mail attachments (also known as phishing), then used a command and control network to exfiltrate data encrypted in image files back to its creators. The e-mail filtering capability enables CSPs to scan attachments, URLs, and other potential malware hidden in e-mail destined for an entity’s networks and potentially quarantine it before delivery to end users.

Accreditation and costs for Enhanced Cybersecurity Services

The CS&C is the DHS executive agent for the ECS program, and executes the CSP security accreditation process and MOAs, as well as validation of CI entities. Any CI entity from one of the 16 key infrastructure sectors can be evaluated for protection under the ECS program, including state, local, tribal, and territorial governments.

For CSPs to complete the security accreditation process, they must sign an MOA with the USG that defines ECS expectations and specific program activities. The MOA works to clarify the CSP's ability to deliver ECS services commercially while adhering to the program’s security requirements, which include the ability to:

Accept, handle, and safeguard all unclassified and classified indicators from DHS in a Sensitive Compartment Information Facility (SCIF) Retain employee(s) capable of holding classified security clearances for the purposes of handling classified information (clearance sponsorship is provided by DHS)
Implement ECS services in accordance with security guidelines outlined in the network design provided on signing of the embedded pc versions of MOA.

Privacy, confidentiality, and Enhanced Cybersecurity Services

"ECS does not involve government monitoring of private communications or the sharing of communications content with the government by the CSPs," a DHS official told industrial embedded systems.  Although CSPs may voluntarily share limited aggregated and anonymized statistical information with the government under the ECS program, ECS related information is not directly shared between customers of the CSPs and the government.

"CS&C may share information received under the ECS program with other USG entities with cybersecurity responsibilities, so long as the practice of sharing information is consistent with its existing policies and procedures. DHS does not control what actions are taken to secure private networks or diminish the voluntary nature of this effort. Nor does DHS monitor actions between the CSPs and the CI entities to which they provide services. CI entities remain in full control of their data and the decisions about how to best secure it."

refer to:http://industrial-embedded.com/articles/enhanced-protecting-critical-infrastructure/

2014年2月10日 星期一

Machine-to-Machine (M2M) Gateway: Trusted and Connected Intelligence

The factory of the future will still have Programmable Logic Controllers (PLCs) and Human-Machine Interface (HMI) panels, but someone half a world away will likely be monitoring and controlling them. That person may be sitting at a desk watching over a global network of facilities or checking the latest production statistics from a smartphone. Either way, the vision of the “Connected Factory” is evolving from concept to reality, as the explosive growth in Machine-to-Machine (M2M) connections, mobile devices in the enterprise, and wireless data traffic shows.
Implementing this approach, however, is not simply a matter of connecting devices to Ethernet and wireless networks. The fundamentals must be right to ensure that facilities produce information that can be accessed, monitored, and controlled from anywhere.
Over the past 50 years, automation technology has evolved to the point that a plant manager for a global industrial manufacturing company can easily monitor and control devices from hundreds of miles away, rather than standing a few feet away from them. This level of control can be achieved in ways that may include:
Sitting at a desk in a centralized office
Watching video footage captured by a global network of connected cameras
Remotely troubleshooting a piece of equipment from a tablet
Checking the latest production statistics using a smartphone app
The progression of the “Industry 4.0” revolution means that more factories andindustrial plants will implement more networked devices that are able to collect data. This concept, which is also referred to as the “connected factory,” is transitioning from a ’what-if’ notion to present-day reality at overwhelming speed.
The flood of enabling technology has paved the way for automation to gain global prominence across a wide variety of industrial and manufacturing industries. Organizations are increasingly realizing that with automation they can produce better quality products, sustainably and efficiently, while keeping a closer check on production costs. Gartner forecasts that by the year 2020, there will be up to 30 billion devices connected with unique IP addresses, most of which will be products. In the industrial world, these devices will be equipment such as natural gas or wastewater treatment pumps, high-capacity scales, and other production machines.
While many global manufacturers are eager to realize the benefits of the Connected Factory, such as reduced operational costs and better visibility and control of assets, it is unrealistic and cost prohibitive for them to construct greenfield facilities or orchestrate a ’rip-and-replace’ of all legacy equipment. Instead, plant managers are better off leveraging industrially fluent communications devices and adapting the legacy sensors, Remote Terminal Units (RTUs), and communications protocols that have served them well for years in order to create modern, real-time reporting and control systems.
The three key requisites of the Connected Factory
Managing productivity and profitability is a key role of plant managers and engineers in world-class manufacturing operations. The first step towards achieving this in the 21st century factory is to implement the fundamentals of a successful Connected Factory. These fundamentals must be in place to ensure that factories are generating information that can be accessed, monitored, and controlled from anywhere.
To begin this process, manufacturers must do three things:
Enable devices to speak the same language
Rethink operational efficiencies so more devices can talk with each other
Provide a secure, seamless platform in which these devices can communicate
Come together: Devices that speak the same language
The challenge with integrating legacy equipment with the Connected Factory model is that it often uses older protocols or even serial links that don’t easily fit into the TCP/IP world. An organization’s engineers must first ensure that this equipment can speak the same language as newer devices.
Plant engineers often source network switches used to build industrial networks from the IT world, a decision that may make sense for higher level infrastructure, but one that essentially introduces technology that is not purpose-built for machine-level control systems. For example, a modern machine may have every component networked and may allow every conceivable piece of status information to be displayed on its HMIs, but the network switch itself – the failure of which could take down the entire machine – sits alone or is loosely integrated via expensive and seemingly incomprehensible SMNP drivers.
To avoid this scenario, manufacturers must use a complex combination of drivers to provide protocol compatibility, replace existing hardware with more complex devices, or choose advanced HMIs, protocol converters, and industrial-grade switches that offer industrial fluency and multi-protocol support.
The first two options add complexity and development costs to the system. The third – deploying equipment with native support for all required standards and protocols – provides a simpler solution.
Raise your voice: Enabling more devices to communicate
Connecting equipment that can’t easily be reached in remote or geographically rugged locations enables real-time information access and greatly enhances remote troubleshooting capabilities. It can also result in safer working conditions for the humans who must monitor, regulate, and troubleshoot this equipment. Think about the value of automated devices in an oil and gas facility, for example. This clear value proposition for remote connectivity is driving the current boom in cellular M2M connection. Consider Metcalfe’s law as it applies to the Connected Factory: the value of the network increases exponentially with the number of connected assets.
With this in mind, manufacturers must invest in issuing all remote assets a cellular connection. Cellular routers and modems now provide native support for industrial automation equipment and protocols, including models that support 4G network connectivity. These products enable two-way communications from facility to facility, and enable information exchange with remote assets, such as offshore platforms or unattended substations or pipelines.
Everyone’s invited: A better place for devices to connect
As manufacturers seek to assign an IP address to networked assets, one hurdle they often face is that the available bandwidth remains static in spite of the growing number of networkable devices and data points. When factoring in the hierarchical nature of the industrial world – with PLCs and HMIs grouped into machines, these machines grouped into cells, and these cells grouped into factories – assigning an IP address to every PLC and sensor can be a management nightmare.
But new approaches to network design and configuration can help plant managers take full advantage of the available connectivity and control. Instead of assigning individual IP addresses, for example, engineers can solve the problem by using a rugged appliance that manages communications with dozens of disparate devices (including sensors, PLCs, and HMIs) while serving as a single point of contact for the network.
What’s next for Industry 4.0?
The ability to seamlessly communicate with operators, control systems, and software applications combined with practical networking options and support for native features and protocols delivers exponential meaning to data extracted from industrial devices. In other words, the true value of Industry 4.0 and the Connected Factory isn’t derived from the sheer volume of connections; it comes from creating more meaningful connections and the competitive edge gained by the harmonious dialogue between devices and the humans managing them. These capabilities create the context to take automation and remote management to new levels, thereby making the Connected Factory a reality.
As part of the Industry 4.0 movement, the Connected Factory demands a new approach to the concept of factory automation. With the thoughtful integration of supporting components that are designed specifically for this goal, the ability to connect, monitor, and control will drive productivity well into the future.

refer to: http://embedded-computing.com/articles/elements-success-the-connected-factory-needs-flourish-2014/