What's new
What's new
By:
Advanced search…

Anyone using IoT (Internet of Things) sensors in their facilities?

T

The Dude

Hot Rolled
Joined
Oct 19, 2010
Location
Portland, OR
Would like to know if anyone is using IoT sensors to provide information and/or notifications of events (ideally on the shop floor). These would be things like temperature, pressure, open/closed/, movement, etc. sensors that can alert via text of email. If you don't mind, provide information on what is being sensed, how it's being "passed on" (via event notification, into a database, etc.) and some opinion on how useful the information is.

Just FYI, I'm on a project (sounds like it's gov sponsored) to help promote this and some other technologies. Please note that I'm am NOT a proponent of technology just because it's out there and available, IMO it has to have a proven usefulness. I'm a firm believer in "just because you can, doesn't mean you should". However, this stuff is "cheap and easy" if you have a needed application. I've been playing around with Monnit's stuff, the only issue thus far is that they can't ship very fast (isn't that ironic for an IT company!).

Thanks,
The Dude
 
I down checked a bunch of this type of equipment for security reasons.
Thermostat on my home...OK.
Process temperature sensor on a chemical plant...no way.
Not for process control anyway.

The stuxnet attack worked by spoofing speed on the Iranian centrifuges...and that was hardwired.
 
Not at work but I just picked up a Particle Photon from SparkFun. I'm going to work on setting it up with a microphone to listen for the dryer buzzer and send my wife an email/text saying "clothes are dry".

The question now isn't so much collection of data (that part is getting stupid easy) but what you do with it when you have it.
 
Miguels244 said:
The stuxnet attack worked by spoofing speed on the Iranian centrifuges...and that was hardwired.
Click to expand...

Yeah, I totally get it. But how about this: Is there anything you know about using IoT devices that make it any "worse" than having simple WIFI in your facility, or even just connected to the internet (wired Ethernet, like the centrifuges likely were)? Or even just a smartphone in your facility? These days, you pretty much have to not have ANYTHING connected to the internet to be fully cyber secured, agreed? Even if you weren't connected to the internet but had data on a PC, someone could come in and just steal it, right? I've been using on-line banking for years and have never had money stolen via that route but have had my mail stole twice (now have a locking mailbox).

Triaged said:
Not at work but I just picked up a Particle Photon from SparkFun. I'm going to work on setting it up with a microphone to listen for the dryer buzzer and send my wife an email/text saying "clothes are dry".

The question now isn't so much collection of data (that part is getting stupid easy) but what you do with it when you have it.
Click to expand...

If the stuff you're using won't work, Monnit makes both temp and noise sensors. I got a temp sensor installed and the issue I have is that it continually alerts at the temp threshold, hopefully there's a way to make this just a one-time alert on a temp change/noise change (haven't looked into it yet).

I'm 100% with your "what do you do with it?" concern. That was "secretly" why I asked the question, to see if there was anything truly justifiable. Bottom line: I'm "bunk" on a lot of technology "alerts". For just about everything I've seen, there's either too much info being processes (e.g. "door bell" ringer, news alerts on your phone) or a better means of dealing with the issue (i.e. fix the problem instead of being alerted by it).

Thanks all,
The Dude
 
The Dude said:
Yeah, I totally get it. But how about this: Is there anything you know about using IoT devices that make it any "worse" than having simple WIFI in your facility, or even just connected to the internet (wired Ethernet, like the centrifuges likely were)? Or even just a smartphone in your facility? These days, you pretty much have to not have ANYTHING connected to the internet to be fully cyber secured, agreed? Even if you weren't connected to the internet but had data on a PC, someone could come in and just steal it, right? I've been using on-line banking for years and have never had money stolen via that route but have had my mail stole twice (now have a locking mailbox

Thanks all,
The Dude
Click to expand...

The Iranian facility was not on the internet. Styx net was delivered by usb to a laptop. That lap top was then used on the internal network.
I’ve been in industrial parks where the guest WiFi was bridged to the industrial net.
We had a sales man with an infected laptop plug in to our net and reinfect everything only an hour after IT has quarenteened the facility.
It took almost three days to clean up the damage.
I’ve seen industrial WiFi nets with the default password still in place.
There’s a cultural disdain for security in many places.
The controls engineers resent bein beholden to IT.
And since they are competent, often they just hack in instead.


The only way I’ve ever felt “safe” was using MAC address permissions.
Encrypted traffic would be nice, but many devices don’t have the capability.
Individual passwords for each device would be good, but managing the list is, itself, a security risk.
 
Miguels244 said:
The only way I’ve ever felt “safe” was using MAC address permissions.
Encrypted traffic would be nice, but many devices don’t have the capability.
Individual passwords for each device would be good, but managing the list is, itself, a security risk.
Click to expand...

A buddy of mine is an IT security specialist, and his currently accepted best practice is to have individual passwords for all services, managed by a single password vault with multi-step authentication (e.g. a password and a text message code). The twist comes from the fact that nobody knows the actual cell phone number, except for a third-party call forwarding service which maintains any number (up to 9 I think) of "public" phone numbers that can be given out freely and forwards all calls, texts, etc. to the real number.
 
BoxcarPete said:
A buddy of mine is an IT security specialist, and his currently accepted best practice is to have individual passwords for all services, managed by a single password vault with multi-step authentication (e.g. a password and a text message code). The twist comes from the fact that nobody knows the actual cell phone number, except for a third-party call forwarding service which maintains any number (up to 9 I think) of "public" phone numbers that can be given out freely and forwards all calls, texts, etc. to the real number.
Click to expand...

Which is fine until the controls guy ends up with a dead phone or the service goes down.

Still, I’ll look into it, thanks.
 
The Dude said:
Yeah, I totally get it. But how about this: Is there anything you know about using IoT devices that make it any "worse" than having simple WIFI in your facility, or even just connected to the internet (wired Ethernet, like the centrifuges likely were)? Or even just a smartphone in your facility? These days, you pretty much have to not have ANYTHING connected to the internet to be fully cyber secured, agreed? Even if you weren't connected to the internet but had data on a PC, someone could come in and just steal it, right? I've been using on-line banking for years and have never had money stolen via that route but have had my mail stole twice (now have a locking mailbox).
Click to expand...

A significant difference between IOT and industrial controls, general computers and servers, is that computers and servers actually have their software updated for security issues. Embedded systems tend not to. Older Android phones, consumer WIFI routers, etc are in that group. From what I've seen in industry, once a piece of machinery get built, it will run that type of electronics for its entire life. Who is writing security updates for 10+ year old industrial controls that have ethernet on them?

The Dude said:
If the stuff you're using won't work, Monnit makes both temp and noise sensors. I got a temp sensor installed and the issue I have is that it continually alerts at the temp threshold, hopefully there's a way to make this just a one-time alert on a temp change/noise change (haven't looked into it yet).
Click to expand...

My experience with industrial stuff, is that sensors expect to feed messages into an OPC network, SCADA, or PLC. The messages are regular so the control still knows the status, and then the control is responsible for the one shot messages.

I haven't worked with any "IOT" stuff, so I don't know if it is really any different from other industrial networks, or if it is (existing industrial stuff + hype) = IOT.
 
adamm said:
A significant difference between IOT and industrial controls, general computers and servers, is that computers and servers actually have their software updated for security issues. Embedded systems tend not to. Older Android phones, consumer WIFI routers, etc are in that group. From what I've seen in industry, once a piece of machinery get built, it will run that type of electronics for its entire life. Who is writing security updates for 10+ year old industrial controls that have ethernet on them?



My experience with industrial stuff, is that sensors expect to feed messages into an OPC network, SCADA, or PLC. The messages are regular so the control still knows the status, and then the control is responsible for the one shot messages.

I haven't worked with any "IOT" stuff, so I don't know if it is really any different from other industrial networks, or if it is (existing industrial stuff + hype) = IOT.
Click to expand...
Even if those updates are written there’s a serious aversion to rolling them out.
Having a line go down due to an update is a “bad thing”.
 
Miguels244 said:
Even if those updates are written there’s a serious aversion to rolling them out.
Having a line go down due to an update is a “bad thing”.
Click to expand...

Indeed, it is a chicken and egg thing. No one updates because there are no updates available. No updates are available because no one would install them. (Or at least they don't care about the availability to upgrade to make purchasing decisions based on that availability)
 
I have a long planned project here at home i kinda want to roll this stuff into, want to actively measure air quality, CO2 levels and humidity inside and out to control my heat recovery ventilator and also control the storage heating part of my heating off this info and a online weather forecast, by knowing what tomorrow brings it should be pretty dang simple to then buy electric at a cheaper off peak time and store it as heat for use later, equally dropping air exchange rates if the airs good and temperatures less than ideal should offer some not insignificant savings in time too. I think there's some serious potential to make stuff a lot more of a system with this stuff rather than a bunch of dumb separate items.



Sure security is a issue with all of these. That said, i kinda doubt the American or Israel or "*******.com" is going to over speed me washing machine because me whites are too white! My understanding of the stutnex code is that someone must have spent some serious coin on making it and testing it + the knowledge of what and how, hence it seams a bit outside a sad kid in there bedroom attack, Guess im just not paranoid enough!!
 
This is nothing new.

SCADA and other control systems have been in use for years.

Using internet is just a user deployable system that allows anyone to use it.

We have interfaced cloud seeders and potato chip factories and security not problem as it was closed system.

Simple telemetry is easy enough as it is one way usually but adding control requires security to avoid stupid things.

Firewalls can help.

Sent from my SAMSUNG-SM-G930A using Tapatalk
 
^ IMHO honestly half of what makes the IOT thing good is that it is connected to the world, to not make use of that is kinda ignoring one of its key strengths - capabilities.
 
adama said:
I have a long planned project here at home i kinda want to roll this stuff into, want to actively measure air quality, CO2 levels and humidity inside and out to control my heat recovery ventilator and also control the storage heating part of my heating off this info and a online weather forecast, by knowing what tomorrow brings it should be pretty dang simple to then buy electric at a cheaper off peak time and store it as heat for use later, equally dropping air exchange rates if the airs good and temperatures less than ideal should offer some not insignificant savings in time too. I think there's some serious potential to make stuff a lot more of a system with this stuff rather than a bunch of dumb separate items.



Sure security is a issue with all of these. That said, i kinda doubt the American or Israel or "*******.com" is going to over speed me washing machine because me whites are too white! My understanding of the stutnex code is that someone must have spent some serious coin on making it and testing it + the knowledge of what and how, hence it seams a bit outside a sad kid in there bedroom attack, Guess im just not paranoid enough!!
Click to expand...

I don’t really care about home use.
Industrial use is different.
Just be aware...if you can monitor it so can other people.
 
Sure, thats the thing about the whole IOT thing, everything you use it on is then a vulnerability.

I don't to a degree see the difference between home and industrial use though, the risks security wise are the same. Its just what its controlling and how many people that can effect from the individuals stand point a IOT hack at home can be just as bad as one at work. Each controlled thing has a security risk too it, if your controlling shit that could go seriously wrong in a bad way you have to take the security side a lot more seriously than something more mundane. Seperate networks helps there but there never as isolated as a lot of people like to think they are. Theres lots of way people jump the gaps, sure its a great first step, but you have to realise a serious enemy is still going to be able to attack your network if the rewards to them are great enough.

The whole area of digital security is becoming ever more complex though. Ever more attack vectors are nearly daily being found. Thats were hard wired connections buy you some degree of increased security, but with ever increasing use of digital controls, theirs still vulnerabilities, most household and ever more industrial stuff of all descriptions runs based on programmed code, in micro controllers of all sorts, ranging from simple chips on upto seriously powerful PC level on board computing, not circuit level hard wired logic of the 1980's, this alone is a vast potential exploit.
 
Don’t overlook the fact that every device on the network is a potential weak point. Hack a sensor with weak security and you can work your way up the chain.
 
my "issue" with IoT stuff is that they seem to be pushing the design of those devices to use some centralized data hub, which is free now of course, but will it be in 5 years? will even the company that made the thing be here in 5 years?

the whole concept to me looks like some government handout program with a loud slogan like - "we create new high tech jobs", "technologies of tomorrow for today", something along those lines, and larger companies just spending that money, because they can get it, and I say this because you already can "connect" anything you want to the internet, have it collect any data you want, broadcast, etc, and you can do this with hardware that costs less that 5$, I mean it, I made a device that would monitor few gas pressures, and if something isn't within user set range, it would email to user set email addresses, smtp for mail was external service, but the whole code took up like 15kb of 32kb available storage on the microcontroller, oh, it had a simple web server as well, you could open the devices ip in web browser and see live pressure data that it collected, and I'm no electronics guru even, I know my way around a few program languages and electronics, but that is all self taught stuff, so the people working in this industry had everything they needed to connect an electric tea kettle or kitchen sink to the internet quite a while ago

so I just don't see why they needed to invent this "IoT", when the ability and hardware was here a decade ago at next to nothing cost

I see that they'd want this to evolve into not just monitoring, but control side of things over time, but I believe that is a very very dangerous path to take, like self driving vehicles now on public roads as they are today
 
You must log in or register to reply here.

Similar threads

S
What is our responsibility to the next generation of manufacturing?
2 3 4
Replies
66
Views
5K
rjwalker1973
rjwalker1973
X
Insurance for CNC in home shop. (searched and found a lot of outdated information)
2
Replies
34
Views
7K
Farmer Phil
F
T
Any good/bad cobot stories?
2
Replies
37
Views
16K
The Dude
T
GrantGunderson
Full tear down and Rebuild of a 10EE Round Dial
39 40 41
Replies
818
Views
61K
Shiseiji
Shiseiji
A
Simultaneous 5 axis on Doosan/Fanuc with DWO, TCPC, WSEC etc
2 3
Replies
44
Views
11K
LockNut
LockNut








 

ABOUT PRACTICAL MACHINIST

With more than 10.6 million unique visitors over the last year, Practical Machinist is the most visited site for metalworking professionals. Practical Machinist is the easiest way to learn new techniques, get answers quickly and discuss common challenges with your peers. Register for the world’s largest manufacturing technology forum for free today to stay in the know.

Learn more about us.

STAY CONNECTED

Facebook Instagram YouTube LinkedIn Pinterest Twitter Tiktok

Register Become a forum member. Register today.

Sign Up Sign up for our e-newsletter.

© 2024 Copyright Practicalmachinist.com. All Rights reserved.

Back
Top