Thursday, July 22, 2010

Dangerous Deals in Automation

This has nothing to do with distribution and everything to do with distribution. I decided to publish it here so you might pass it along to those folks you know who fancy themselves as "bargain shoppers".

My prioritization of safety concerns looks something like this:
1. Theoretical danger
2. Potential danger
3. Real and Present danger

Theoretical danger is an event that could theoretically happen. For instance a meteor could theoretically streak from the sky and whack me in the head. They say a meteor killed off the dinosaurs – the same could happen to the last of the Hurtte dynasty. Theoretically, that is.

Potential danger is more likely to occur. If you live on the San Andres fault, there is a potential for earthquake damage. To not consider this as a possibility and develop future contingency plans would be foolhardy.

Real and Present danger equates to immediate danger. Danger which requires a change in habits or actions falls here. Anyone who ignores this kind of danger stands in harms way. And, in my book – if they choose to ignore the danger, I have a hard time sympathizing with them. Here some examples of real and present danger: ignoring a hurricane warning, inserting metal objects in electrical receptacles and not installing anti-virus software on your computer.

The Gray MarketBy now you are probably wondering why I have taken the time to outline my little manifesto of danger. For years experts have harped on the dangers inherent with purchasing automation and control products on the gray market.

For those of you unfamiliar with the term, the grey market consists of sellers who are not part of the normal channel to market. I am not saying these people are crooks, villains or scoundrels – they just aren’t part of the authorized (and regulated) channel to market.

Here’s an example from my personal life. I have wanted a high end USB-based sound card and microphone to create training materials for my clients. I did some research and discovered these sell for about $150 dollars. Then one day, I noticed a company providing them for less than half that amount. They advertised authentic, new in the box equipment and the price was almost unbelievably low. I made the purchase and received the product - the box was new, the product was new, but the documentation and user’s manual were not in English and the power supply was missing. Somewhere along the way, this merchant had acquired products whose journey through the supply chain was a bit shaky.

To this day, I don’t really know if what I have is real, counterfeit or somehow lacking in quality of recording or manufacturer. My bargain – may or may not actually be a deal. The point becomes: with the grey market one never knows if it’s a deal or a steal. I would escalate grey market purchases to potential danger.

The Real Danger of Malware in Automation
Experts have been predicting that someday hackers might push their way into the world of automation and related products. For most folks this was a theoretical danger. It could happen, it might happen someday but not something we changed our behavior over.

I believe this danger just jumped two notches on my own danger meter. Here is why. Recently, global automation giant Siemens announced the detection of malware designed to detect Siemens Simatic WinCC and PCS7 programs and their data. The malware which resembles a “Trojan” virus is capable of sending process and production data via an internet connection it tries to establish (according to Michael Krample a Siemens media relations director). This is not the first time something like this has happened, but it is the most transparent in its news release.

This thing has the potential to create havoc in manufacturing environments. The little bug could steal sensitive data, purposely destroy expensive production equipment and cause massive human suffering – chemicals, fires, hazardous spills and loss of life.

Who creates these heinous inventions? Your guess is as good as mine. In this particular case, a common use for the equipment involves “SCADA” applications commonly found in water treatment. National security experts have identified the safety of our drinking water supply as a point of concern. Organized and well funded terrorist groups are probably brainstorming on this topic as we sit here today.

The Combined Danger of Grey Market and Malware
The malware threat in software is just one side of the danger. Most of today’s automation technology hardware has resident firmware. These are complex little programs that tell the chips how to perform. And, it is pretty easy to alter the program onboard resident firmware. When automation hardware falls outside the normal channel to market, you can never really know, from where it comes and if it has been altered. That really nice guy on the other end of an Ebay transaction might be honest as the day is long. Or, he might be a whacked out sicko with a desire to be the biggest thing since Dr. "Ted" Kaczynski of Unabomber fame. You don’t really know. But load your system up with a sabotaged component and all hell could break loose.

What amazes me is the resiliency of the market for this type of stuff. A recent trip to revealed tens of thousands of this type of product posted for sale (Allen-Bradley, Siemens, Telemecanique and Omron, all the major brands were represented). Just last week, I heard of yet another “hot shot” buyer from a municipal solid waste center who saved a bundle on the purchase of equipment for his new upgrade. When I started to outline the dangers, he routinely dismissed the situation with, “Its up and running – no problems so far.”

Now, a Special Message to you Bargain Shoppers
When you’re playing with dynamite, no body cares – just as long as you’re 100s of miles from the nearest other person. Blow yourself up and it’s only a minor deal; blow up others and it’s our job to stop you. And you definitely are playing with dynamite around others.

If you save a nickel and injure someone else – you should go to jail (and for a very long time). If you plant this stuff into somebody else’s factory and they loose production time, you should be forced to pay.

Why not join me in swearing off “grey market stuff”? You’ll feel better because of it. And, if you don’t – I volunteer to serve as an expert witness against you when you get caught. Trust me, you will get caught.


EJ said...

Interesting blog. I bet those were China-counterfeits. Channel partners need to be aware of these so they can report it to vendors. Through communication solutions included by channel management services, these pirates would not thrive.

Dinesh Kumar said...

Thanks for sharing this Informative content. Well explained. Got to learn new things from your Blog on SAP SD

Sahana said...

Thanks for sharing this Informative content. Well explained. Got to learn new things from your Blog on SAP