Muthuraman Ramasamy's Blog

Deception and ClearSCADA vulnerability - Social Engineering and cross-site scripting

18 Sep 2014

Name: Cross-site scripting vulnerability

Target: ClearSCADA product from Schneider Electric Corporation

Type: Use of deception, social engineering to glean sensitive user data and forced shutdown of parent server. 

Region: Primarily US and Europe, small percentage os systems run in Asia. 

Who: No known public exploits

Independent security researcher Aditya Sood uncovered this vulnerability within Schneider's ClearSCADA systems. 

Here are my key take-aways from this vulnerability:

1. Vulnerability in web-based systems: This vulnerability is affecting web-based ClearSCADA systems. ICS-CERT recommends systems be taken offline (disconnect from the internet), secured behind firewalls and use remote access through updated-VPN's. It really brings us to a question whether the industry is connecting too much. How much and which systems should you connect is the big question? Vulnerabilities such as this is using cross-scripting and social engineering to drive the end-user divulge sensitive data and thus orchestrate a shutdown of the ClearSCADA server. 

2. Social Engineering - It is defined by Wikipedia as "Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme." While, it sounds a little difficult - there are many a time in which such attacks can be performed to create catastrophic consequences. However, the case here is that - the exploitability can be utilized only if the user (with administrative access) runs the WebX client. 

What should you do?

Am pasting this excerpt from ICS-CERT's website:

"Schneider Electric advises all ClearSCADA users to take steps to secure the interfaces to the ClearSCADA system. The ClearSCADA database security configuration should be reviewed and updated to limit all system access to authorized users only. The access permissions of existing users should be reduced to only those required by their role (e.g., removing any higher level System Administration privileges from Operations or Engineering users), and specific accounts should be created with appropriate permissions for performing System Administration tasks.

  • Existing ClearSCADA customers using WebX can protect their system from cross-site scripting attacks by disabling the “Allow database shutdown via WebX” option within the ClearSCADA Server Configuration utility.
  • Existing ClearSCADA customers should take measures to ensure their system does not grant any system access until users have supplied a valid username and password."
Fundamentally, we see the industry rushing towards connecting everything to the grid (internet). With IPv6, 340 trillion devices can be connected. Imagine the number the vulnerabilities we need to live with if the 'thing of things' gets infilrated. The scenario is really unthinkable, where a domino effect could result is total 'things' failure. Some of the key questions are:
1. Are we connecting too much?
2. How much cybersecurity is good enough?
3. Who all should endusers be working with? 
4. What should be the mandated response time for such incidents? 
5. How do you check, if the suggested measures have been implemented at user-site end?
and the list can go on. 
We are exploring such issues in our voice of customer initiative on cybersecurity market across oil and gas, power, chemicals. For end-users only, please visit to be a part of this ground breaking initiative. 

Dassault Systèmes Acquires Quintiq: Aggressive Move Charts Out Bold Vision

14 Sep 2014


On July 24, 2014, Dassault Systèmes let the world know of its intent to acquire operations planning & optimization company Quintiq. The acquisition was finalized on September 8th. Based in ‘s-Hertogenbosch, Netherlands, Quintiq has its US HQ in Philadelphia. Quintiq clocked in revenues of about $100 million for 2013. With a focus on manufacturing, workforce and logistics, Quintiq competes in the operations planning and optimization space. This announcement comes almost a year after Dassault Systèmes acquired Apriso. These acquisitions are not bolt-on acquisitions, but enable Dassault Systèmes to expand its markets into operations planning (Quintiq) and further expand into manufacturing execution (Apriso). Comparing this bold move with pure-play design solutions organizations like Autodesk, PTC, Siemens PLM – this is a more comprehensive strategy, underwritten by a clear and compelling vision to enhance strategic business value for its customers.


There are many cross-synergies between Dassault Systèmes, Apriso and Quintiq in terms of solution offerings, customer business drivers and industry challenges. The capability to deliver solutions from product conception to planning, optimization and delivery, provides a comprehensive technology platform for customers. Very few companies have a semblance of similar solution offerings, and those that do are facing significant integration challenges. Realistically, it will likely take at least 2-3 years for Dassault Systèmes to realize the impact of this solution strategy and how it will positively impact the operating margins of the organization.

Frost & Sullivan Findings:

  • §  The manufacturing/industry software space is at an interesting juncture, where companies are looking to position themselves beyond the point of being a piece-meal solution provider.
  • §  The lack of internal capabilities and the need to satisfy stock market expectations is driving the market towards consolidation and growth. 
  • §  Dassault Systèmes’ acquisition in the core manufacturing operations software space have included Intercim (2011), Apriso (2013) and now Quintiq (2014). These acquisitions have enabled Dassault Systèmes to add at least $4-6 bn in additional addressable market. This will potentially increase Dassault Systèmes addressable market to ~$36-41 bn market.
  • §  Quintiq has been growing at a healthy 30% YOY since 2009.  
  • §  Quintiq would bring roughly 200 new accounts to Dassault Systèmes.
  • §  Quintiq and Dassault Systèmes began their initial collaboration when working with a customer in the mining industry, which ultimately lead to the acquisition discussions between the two companies.
  • §  Dassault Systèmes is set to develop a data management platform, which will further help Quintiq customers to capture and enforce clean and reliable data to create supply and demand plans, and enhance the capabilities to manage the entire logistics of the its operations.
  • §  There is room for consolidation in the market, as companies look to expand offerings, due to saturation in their core markets.


Frost & Sullivan Recommendations:

  • §  Customers of Quintiq should realize the new portfolio capabilities of the combined organization.
  • §  Dassault Systèmes is gaining access to 200 new customers through Quintiq, with few overlaps. However, Dassault’s traditional strength lies in discrete industries, whereas Quintiq is more process focused. This requires a global account strategy to precisely identify the areas where short-term growth opportunities exist.
  • §  The most immediate opportunity appears to lie in the mining industry which has many headwinds that are favorable to the combined value-proposition of the company.
  • §  Progressively, Dassault Systèmes should expand into energy-related verticals over the next 3-5 years.
  • §  Conversely, Dassault Systèmes should look at cross-selling plant simulation solutions into Quintiq captive customer base like steel, glass making, rail, mill production, and energy.
  • §  We foresee a tremendous opportunity for Dassault Systèmes in the Shale PLM market, wherein the capabilities would enable the company to be a one-stop shop for all needs from a cloud-based PLM to operations planning, scenario planning and resource optimization. We had evaluated such opportunities in our Microboom analysis on PLM opportunities and synergies in North American Shale PLM markets.


Acquisition Analysis:

We spoke with Jeffrey Vail, CMO of Quintiq and to Thomas Comstock, VP DELMIA Strategy to gain further insights into the acquisition rationale. The first point we wanted to understand was how it all began. Dassault Systèmes, following its acquisition of Gemcom, has been active in the mining business. Quintiq has had increasing success in mining in recent years, as the mining industry has a highly complex value-chain, from ore extraction to recovery, treatment, storage, and dispatch. Then, on one project, the paths of the two companies crossed. The customer liked the upstream capabilities of GEOVIA (Gemcom’s re-branded name, now part of Dassault Systèmes) in terms of 3D modelling and simulation and liked the planning platform and logistics capabilities of Quintiq. It is on that first project, as the two companies began working together, that they saw the synergies and the customer’s enthusiasm for a comprehensive end-to-end solution and Dassault Systèmes approached Quintiq with the idea of combining forces beyond this project. “The success of our first collaboration together lead to deeper discussions with Dassault Systèmes about our portfolio and how it can be applied across industries. The value proposition that we have together offers clients a transformational value proposition that applies to many different markets,” said Jeff Vail, CMO of Quintiq. “In addition to the technology alignment, we also had a corporate culture alignment that made the combination attractive to both parties.” Vail shared.

The vision of Dassault Systèmes to model everything is well complemented by Quintiq’s vision to become the world’s leading operations planning and optimization company. However, there are some whitespaces in the portfolio. A case in point is the lack of collaboration tools which aid in value-chain collaboration. Foremost, the market needs to see a clear message on how Quintiq would be integrated within the DELMIA portfolio and what business impacts or business transformation would it bring to its customers with the combined aspects of 3D modelling, visualization with the strategic intent to exercise scenario planning, operations planning and optimization. Another area to keep an eye on is how well the combined companies leverage their respective customer bases and provide new capabilities. Quintiq will certainly seek to expand its market penetration in areas such as automotive and aviation, where DELMIA is dominant and DELMIA, along with the rest of Dassault Systèmes, will look towards Quintiq to gain access to new markets and industries. It will be important to see how the companies are able to offer new combined capabilities.

Another area which the market should consider is how the two companies will manage their direct sales and channel sales. Quintiq has predominantly gone direct to the market.  DELMIA has relied on channel sales for its digital manufacturing products and Apriso is more of a direct sales and partner approach. Quintiq has ramped up its partner efforts recently and it appears to be gaining traction.

Concluding this perspective, Dassault Systèmes has an ambitious long term growth plan to dominate the modelling, planning, building, and process optimization world by offering an end to end solution for its customers. The key to their success will depend on how well they can integrate and leverage their combined capabilities and how fast the market will embrace a technology platform that is a bit ahead of its time and doesn’t fit into a neat little box. 

Security as a Profit Center - Strategic moves by Key Companies to Drive Customer Acquisition in Industrial Markets (Part -I)

29 Jul 2014

We recently did an analysis on North American Automation Security Trends and uncovered several strategic business drivers. The key highlights were:

1. Security goes beyond compliance. Drives profitability, sustainability and operational excellence of the enterprise.

2. The inevitability of cloud and IIoT requires technology innovation to create next-generation security architectures.

3. There will be no 'one' security solution provider for all needs. Hence, this market would see alliances, mergers and big dollar acquisitions in the next 5-10 years. 

4. Industrial control security solutions and related services such as 'managed security services' will be at least a $3.5 billion market over the next 5 years. 

5. Total integrated security solution strategy needs to developed on an industry-specific basis. The top critical infrastructure verticals that would have a propensity to adopt such solutions would be oil and gas, chemicals, power. 

The industrial security space is acutely interesting and has been the cynosure of action for quite some time. Unlike tradition automation controls market, where the barriers of entry are high, the industrial security market seems to be like anyone's playground. It was intially populated by pure-play/niche solution providers like Industrial Defender, Byres Security, Codenomicon, nDimension, Wurldtech, etc. and automation companies. However, as the space heated up due to the opportunity size from a legacy standpoint - aerospace and defense companies (Raytheon, Northrop Grumman, Lockheed Martin, Ultra Electronics) and enterprise IT (Cisco, IBM, Intel, Unisys, etc.) companies have become interested in it. Clearly, the IT companies have implemented security and security-related policies for over 30 years. Hence, there is a lot more they can teach to the operational technology (OT) markets. 

Now, that you have seen the trends - lets see some of the strategic moves made by key companies in this market:

1. Lockheed Martin acquires Industrial Defender (ID): ID's automation manager gathered a fair size of customer base in critical industries and is now being integrated within Lockheed's Information Systems and Global Solutions. The organizations focus is on intelligence-driven computer network defense. Quoted from one of their whitepapers, it is defined as "Intelligence-driven computer network defense is a risk management strategy that addresses the threat component of risk, incorporating analysis of adversaries, their capabilities, objectives, doctrine and limitations. This is necessarily a continuous process, leveraging indicators to discover new activity with yet more indicators to leverage."

2. GE acquires Wurldtech: This acquisition was kind of a jolt, but not a surprise. Being an organization of such a size, GE can command and has capability to pretty much acquire an established company to strengthen their capabilities. As GE's focus is more skewed towards the big data platform and 'power of 1%', one of the hurdles they need to surpass as they create such improvements in the market is the aspect of cyber-security. Connected machines, brilliant factories all need to be connected to the internet/cloud in a safe and secure manner. Wurldtech's Achilles certification product and threat intelligence product perfectly blend with GE's control products and software platform. 

3. Intel Security: Intel's acquisition of WindRiver Corporation, McAfee was in the making of its Security Group. Shortly, after it acquired McAfee - early this year; Intel re-named the group as Intel Security. The focus is on SIEM, situational awareness, Multi-zone protection, end-point security, mobile security management, etc. The company also has struck several strategic alliances with industrial control companies like Schneider-Electric, Siemens. 

In my next post, we will talk about Unisys Stealth and Bayshore Networks. 

Havex malware infects source through watering hole attacks, targets ICS/SCADA systems in critical infrastructure.

01 Jul 2014

Name: HAVEX Malware

Target: ICS/SCADA systems across diverse industries

Type: Watering hole attack - Trojanized software planted at solution providers website

Region: Primarily Europe, but one site compromised is based out of California

Who: Energetic Bear, active since August 2012

F-Secure, Finnish security research firm, posted on June 23rd, about the HAVEX malware and its potential targets of ICS/SCADA systems. Please read their analysis on the malware here - 

Here are my key take-aways from this malware:

1. Evolving Market, with attackers having the upper hand now: As solution providers and end-users look to secure themselves against attacks such as this, there are still massive amounts of vulnerabilities availble in existing areas for such abuses. Attackers, such as the Energetic Bear, skillfully uncover these threat vectors and exploit them comprehensively. It further resonates the fact that, the cyber-security market is continuously evolving one and extremely dynamic. Like a chess game, strategic moves are made by both parties of the market spectrum. Right now - it looks like the attackers have an upper hand, as they tend to uncover and abuse system vulnerabilities that may or may not have been known to ICS/SCADA solution suppliers or end-users. 

2. Watering hole attacks - The attacker organization has compromised ICS vendor sites and replaced clean implementation files with trojanized software files. Thereby, by infecting the source - unaware customers would unknowingly infect their systems. This is by far, a very effective way to wreak maximum threat proliferation across industries and business enterprises. Beyond the files examined by F-Secure, the security research firm suspects more cases to be uncovered. 

3. Control of ICS/SCADA systems - One of the known servers, used by Energetic Bear, is C&C servers. Quoting F-Secure, "Our analysis of Havex sample codes also uncovered its "ICS/SCADA sniffing" behavior. The C&C server will instruct infected computers to download and execute further components, and one of these components appeared very interesting. While analyzing this component, we noticed that it enumerates the local area network and looks for connected resources and servers". A big question thereby is, although the attack is targeted at ICS systems, could there be a backdoor entry to infiltrate business systems. This could mean that, the attackers organization is permeating industrial espionage of the highest order. 

4. OPC Sniffer - The malware is using sniffers to find Object Linking and Embedding for Process Control (OPC) connectors that is predominantly used for communication between Windows OS and process control applications. On finding applications that uses OPC, the malware gathers details about the system and its connected resource and siphons it back to the C&C server. 

5. Growing library of solutions: The cyber-security acronym library is growing by leaps and bounds. As attacks such as this surface, end-users and solution providers need to be collaborative with each other to drive an industry consensus and more importantly predict such potential scenarios. This way, the industry can re-trace its steps to design solutions that can prevent such attacks from happening in the future. 

Summarizing from F-Secure: "The additional payload used to gather details about ICS/SCADA hardware connected to infected devices shows the attackers have direct interest in controlling such environments. This is a pattern that is not commonly observed today."

Siemens Automation Summit - Part 1/3 - Re-organization around Industries

30 Jun 2014

The automation summit by Siemens was a well attended event with many end-users cutting across process and discrete industries. Due to our schedules, we were not able to attend the key note by Anton Huber, President and CEO - Siemens Industry Automation. However, we attended many of the break-out sessions. Following is my 1/3 posting on its re-organization:

Siemens is re-organizing:

The organization, under the helm of new leadership, is streamlining. Shown below is the before and after organization structures. (All pictures are sourced from investor relations presentation materials)

We have been briefed by Raj Batra, President Industry Automation (US Markets) that, this is the way forward. These are my key take-aways:

1. The organization has removed the 'four-sector' layer and brought it down to divisional level. This could mean that, Siemens is optimizing and streamlining internal and external decision making. This re-organized structure would mean more customer-centric appeal and closedness with end-users globally. 

2. If you notice carefully, Siemens has re-structured around industries as the center of excellence. Also, another delicate change is the split focus on discrete industries and process industries. Earlier, oil and gas used to be a part of the energy sector. However, it is part of process industries segment as part of the new structure. This could mean better tailwinds for the company, as they drive product and industry synergies in a collaborative manner. Also, with this structure - Siemens has a better shot in striking solution synergies and alignment with major accounts of each focus areas. 

3. The third and biggest move is Siemens push towards business analytics and data-driven services. The managed services dvision cuts across all the divisions and is an immense play by the multi-national. Driven by strong industry tail-winds such as ageing workforce, skill gaps, talent inadequacy, Siemens has set itself for future success with its managed service offerings. I will detail further about this division in a separate posting. 

The new organization structure of Siemens will come into effect of October 1, 2014. Until then, it is business as-usual. 


#OpPetrol June 2014 - Anonymous Group Exposes Potential Vulnerabilities, Scary Possibilities and Increased Threat Vector Possibilities

20 Jun 2014

Details of the operation:

Name: #OpPetrol 2014. Second attack of such sort after #OpPetrol 2013 ( A political group of Hacivists based predominantly in Middle East. 

Threat Vector: Taregted attacks on websites of energy companies in the following regions. It is happening, as I write this post and could continue. 

Probable Countries of attack:

  • Canda
  • China
  • England
  • France
  • Germany
  • Israel
  • Italy
  • Russia
  • USA

Governments that may be attacked:

  • Saudi Arabia
  • Kuwait
  • Qatar

Companies that may be attacked: 

  • National Iranian Oil Company
  • North Oil Company
  • South Oil Company
  • Missan Oil Company
  • Midland Oil Company
  • Delek Group
  • Isramco
  • Modiin Energy
  • Inpex
  • Nippon Oil
  • KazMunayGas
  • Kuwait Oil Company
  • Consolidated Contractors Company
  • Petronas
  • Petroleum Development Oman
  • Oil and Gas Development Company Limited
  • Pakistan Petroleum
  • Pakistan Oilfields
  • Mari Gas Company
  • Petron
  • Philippine National Oil Company
  • Qatar Petroleum
  • Saudi Aramco
  • Singapore Petroleum Company
  • Ceylon Petroleum Corporation
  • Korea National Oil Corporation
  • Korea Gas Incorporation
  • CPC Corporation, Taiwan
  • PTT Public Company Limited
  • Turkiye Petrolleri Anonim Ortakligi
  • Calik Enerji
  • ENOC
  • Petrovietman
  • Vietsovpetro
  • Azerbaijan International Operating Company
  • State Oil Company of Azerbaijan Republic
  • Bahrain Petroleum Company
  • Petrobangla
  • Myanma Oil and Gas Enterprise
  • PetroChina
  • Sinopec
  • CITIC Resources
  • Shaanxi Yanchang Petroleum
  • Sinochem
  • Towngas
  • Gujarat State Petroleum Corporation
  • Oil and Natural Gas Corporation
  • Oil India
  • Essar Oil
  • Reliance Industries
  • Cairn India
  • MedcoEnergi
  • Pertamina
  • PT Lapindo Brantas
Attack on Industrial Control Systems/SCADA: No, not yet. However, this attack on websites could mean something in the back drop. It also showcases the extreme vulnerability of the industry and why there needs to be an edge-endpoint enterprise-wide security management solution. Also, end-users should look at automated threat prevention, mitigation and escalation system to prevent any such intrusions, as per the Defense-in-depth approach. While this threat could be solved by having all systems on updated security patches and whitelisting of applications, etc. Facilities that are running Windows XP could be even more vulnerable as there is a lack of patch support, policy management on these systems. 
Although this attack is very IT focused, there are possibilities that this orchestrated attack could be excercised within the OT area, which would lead to total catastrophic failure, crush the global energy networks and bring the world to a standstill. Scary, but yet possible. 

Things in Action: Blue-sky Manufacturing Enabled by Cisco. Truly, Swiftly and Deeply. (Part 2/2)

11 Jun 2014

Here is Part 2/2 of Cisco’s C-scape conference. On Day 1, we saw the converged plant architecture that Cisco is driving within the manufacturing space. Rather than taking a ringside view of the action and a myopic vision for the market, Cisco has clearly differentiated itself by enabling very good scalability and flexibility in manufacturing operations. We did meet Mr. Chet Namboodri, Managing Director, Global Manufacturing Industry Business Development and Marketing at the event and continued our good interactions with him. Based on his expanded role more focused on line of business sales and business development within the industry, we queried on the importance of IoT within process vs. discrete manufacturing. His response can be summed up in this chart (shown below):























Do read Chet’s informative blog at -

This is a perfect segway to our day 2 of Cisco C-Scape conference. One thing is for certain – Cisco knows IoT like the back of its palm and has organization skills rooted in its DNA. Not one place during the course of my 2-day conference had a small glitch. Everything was like clockwork. Special thanks to Jesse Freund, Director Analyst Relations, Sandy Bendorf, Special Industries Analyst Relations for going beyond to make our experience well worth. Circling back, on day 2, the analyst community was split into different groups for an on-site visit to their customers. This was to experience IoT in action. My group went into the heart of Silicon Valley to an electronics and semiconductor manufacturing company (un-named due to confidentiality reasons). We were given a fairly deep introduction to the operations and what Cisco has been doing with the end-user to implement IoT and ultimately transform manufacturing with its blue-sky thinking.

We were given a walk-through of their facilities and some of the key things that stood out were as follows:

  1. World is shrinking, so is a product’s shelf-life and innovation cycle

As the planet shrinks with impact of globalization and connectivity, customers are armed with more and more choices. This clearly has a profound impact on the product’s shelf-life and its innovation cycle. No industry is more impacted than the electronics and semiconductor market, for example, considering the amount of new product releases that happens from the likes of Apple, Samsung, LG and Panasonic. Manufacturers in this industry face an acute pressure of constantly being on the edge of developmental innovation and new product introduction. So, companies like the one we visited, have invested in co-locating their customers within their own facilities in a fast-paced, secure developmental laboratory and prototyping environment. It blew me away, when I learnt that they had 100+ customers onsite, each of whom had their own private exclusive space to innovate and experiment.

2. Industry-specific applications are the need of the day. No ‘one-size’ fits all approach

Of late, I have been observing that companies like Tesla have developed their own ERP/MES platform, as none of the COTS offering met their needs. Drawing relevance to this trend, it clearly shows that not one size fits all within the manufacturing space. Hence, the opportunity at stake for companies like Cisco is multi-fold due to the amount of industry-specific functionality that needs to be created to cater to the divergent and converged needs of the industry.

3. Automation is pervasive and is permeating from cradle to de-commissioning services

Automation from a Purdue model, layered perspective is a story that sells less and less, particularly with IoT. As product companies become more solution suppliers, we see the layers more foggy, transparent and thinner. There are many enablers within this market, starting from sensor providers through to enterprise-class software solution suppliers. However, the pervasiveness of automation goes beyond just connecting and networking these assets. Like favorite child, this trend has many names like Industry 4.0, IoT, IoE, Smart Manufacturing, etc. It is how to make sense of the connected assets and translating connectivity to impactful business strategy and service-model innovation. Very few core-automation companies are focused on transforming their businesses into this model. The industry clearly is seeing the impact on non-traditional automation companies like Cisco scaling into this market with creative business strategies through innovative partnerships and solutions-selling. Yes, Cisco sells much beyond routers and switches.

4. IoT drives blue-sky manufacturing

Without shelling a lot of details, they did give us an in-depth demo of how the end-user of Cisco has implemented IoT within their manufacturing operations. Simply put, IoT requires THINGS, COMMUNICATION INFRASTRUCTURE and a COMPUTING INFRASTRUCTURE. Attacking the things aspect of it, companies are looking to intrinsically integrate sensors within their manufacturing operations to collect datasets such as torque rating applied on the screw, a PCB’s alignment, heat signatures, etc. Each manufacturing process, with its integrated sensors, drives collection of swarms of data. Imagine, if this was replicated across multiple product lines, SKU’s, facilities and suppliers. We are talking Zettabytes (ZB) of data (1 ZB = 1 billion Terabytes). The future would see manufacturers integrating multiple sensors within their manufacturing operations to collect critical process data and securely transferring them through switches and routers to a cloud-based system like Hadoop. The automated collection of data is important to note which is controlled by a software-driven algorithm from a controller to all the devices that enables the manufacturing process. A more important facet to observe is the need for a scalable and a flexible infrastructure to securely enable bi-directional flow of information and point-to-multi-point communication. A question does arise, however, why are end-users collecting such datasets, what is the purpose, the need and benefits?

The importance of these collected datasets could be seen in multiple ways:

a.)    Using the data to have full forward and backward traceability across the value-chain.

b.)    Benchmark performance data between manufacturing facilities.

c.)     Standardize quality and manufacturing process across the end-user’s manufacturing ecosystem (internal processes and external-supplier-led processes)

d.)    Possibility to have unmanned assembly and integration lines through the use of video-collaboration and video analytics. This also requires centralized monitoring of all these lines. This could mean, reduced workforce on the floor, while strategic workforces get added to monitor, manage and analyze multiple production lines from a central location.

e.)    Compliance to regulatory bodies. Easy and seamless data collection that can be stored and retrieved on-demand.

It is amply evident that Cisco has the capability to provide value and solution-innovation to all of the above mentioned, with its deep and broad portfolio of solutions. The solution-portfolio is aimed at infusing flexibility and agility across the manufacturing ecosystem. Moreover, as end-users mature in manufacturing markets – they tend not to partner with product suppliers but rather prefer trusted partners who can lead, collaborate and co-develop industry-specific applications.

Concluding this post, Cisco’s strategy to sell the architectural vision first is a well-thought-out strategy to later cross-sell and pull through products, solutions and service offerings to the client. The multiplicity of opportunities available across manufacturing industry verticals, each industry being unique in its own way, irrespective of the size of the enterprise, augurs well for the company in the long run. There will definitely be an increased level of competition in the market, but having a strong headway definitely helps in the long-run.

More next year, at the Cisco 2015 C-Scape conference in San Diego.

Offshore Technology Conference 2014: Digital Transformation and Solution Innovation becomes the Unique Differentiation Factor

02 Jun 2014

A bunch of analysts from Frost & Sullivan attended the yearly OTC event at Reliant Park in Houston. This is my second year to the event and nothing stops me from being pleasantly surprised once again. Clearly, a difference we saw was the force and the empowered solution-selling by all automation companies we met - ABB, Siemens, Yokogawa, Emerson Process Management, GE, Rockwell, Endress+Hauser, Schneider-Electric (including Invensys) etc. Some of the key trends are noted here:

1. Transition from Products to Solutions

Every automation company, out there, has progressively grown from a products oriented supplier to an integrated solutions company. A reason for this transition could be partially attributed to the way end-customers are re-wiring their purchasing process and looking for trusted partners rather than product suppliers. A textbook example could be the integration of control and electrical components to deliver an integrated solution. Schneider's acquisition of Invensys puts it on path to become a tough competition to ABB and Siemens due to its electrification and automation portfolio. 

2. The Era of Digital Transformation (Big Data, Advance Analytics and Remote Diagnostics)

A common trend across the companies were the 'power of 1%' as mentioned by GE, analytics (predictive and prescriptive) as outlined by Siemens XHQ solution and ATOS Canopy's data analytics as a service for process industries, Emerson's integrated operations to drive remote monitoring, diagnostics and operations from a centralized location. Clearly, we see tectonic shifts in how automation companies are re-wiring thmselves to become more ingrained in development and continued service operations with their customers. Although, cyber-security was not a much touched upon topic - we do predict that companies are developing strong solutions (that could be under wraps) and might be announced in due course of this year. Operations intelligence and the power of informed decision making are two trends that both end-users and solution providers have taken it very seriously. 

3. Partnerships and Strategic Alliances

It is very much clear that oil and gas is to become the next hi-tech industry of the future. Please do hear our webinar's on the same topic. We had Shell, BP, UT Austin's Energy Institute, Transocean and Halliburton talk about the digital transformation in the markets.

1. IOC's and Academic Perspective:

2. OFSE and EPC Perspective: 

This aspect of digital transformation does not come easy with one solution provider holding all the strings for a muppet show. The strings are to be divided and in essence the market is becoming more collaboratively competitive (what we have called as 'co-optitiveness). While, we have not seen any clear collaboration between the BIG 6 of the automation companies - patnerships are crucial to fill in white spaces. The trend within the automation companies is more of an acquisition nature to ensure a total integrated solution offering. A case in point is that of Rockwell's acquisition of vMonitor in order to build its capabilities on the intelligent wellhead markets. This was similar to the lines of GE's acquisition of Lufkin in 2013. 

4. All about Subsea - Factory Floor of the Future

As the future of oil extraction is more deeper, darker, distant and dangerous, technology convergence is clearly making subsea factories of the future a reality in the not too distant future. Companies like StatOil, Aker Solutions, Siemens, ABB have created pre-integrated packaged solutions to better service the integrated ecosystem of offerings for this market. However, Engineering, Procurement, Installation and Commissioning (EPIC) solution providers like FMC Technologies, Cameron, Aker Solutions have pretty much consolidated the market offerings with several strategic acquisitions in process equipment space and partnerships with automation companies to supply control and safety systems. A case in point is that of Aker's partnership with Baker Hughes to deliver an integrated solution from first oil to last oil. Some of the key areas, they have been collaborationg include:

1. Integrated in-well and seabed production boosting systems

2. Enhanced well access

3. Optimized power and control systems

4. Integrated system-wide condition monitoring and control

5. Effective flow assurance

6. Game-chainging intervention system. 

Workstream's and Talent

If there is one other theme that was subtle in this years OTC - it was the career centers that companies like GE, Emerson, etc. and end-users like Saudi Aramco, Petronas, etc. had. It clearly shows the need for relevant talent. At Frost & Sullivan, we did a strategi analysis of 'must have' and 'nice to have' skillsets for the future of the oil and gas markets. Clearly, embedded software development, software development skills, integration skills, etc. would be the need of the future. Please note that, these skillsets were not the must have skills about 5-10 years back. This transformation, by itself speaks volumes about the digital transformation that is taking place quietly, softly and strongly. 

More next year on this topic !

Internet of Things: Cisco's Delightful Strategy to Make Manufacturing Cool, Fun and Intuitive. Part 1/2

22 May 2014

We were invited to Cisco's C-Scape conference this week, to learn and discuss about their strategy, vision and directions the company is taking in the IoT market. First of all, it was an extremely well orchestrated event, like clockwork, with over 130 analysts attending from industrial and financial markets. Just to talk about the sheer expanse of attendance, Cisco Live had over 25,000 nerds and over 200,000 in online viewership. Thanks to Cisco's industry analyst relations team, each of us had a customized agenda with a jam-packed schedule. Fortunately, we had time to breathe :-). 

Summary of my key findings from the conference:

1. Cisco is a technology company. It makes much more than just switches and routers. 

2. Cisco's IoT strategy is unique in its way to build an integrated architecture and an application centric infrastructure platform. 

3. John Chambers is an ultra-cool CEO who engages, explains and is very passionate about the company he is leading. Sad to hear about his planned exit in about 2 years.

4. Cisco's vision on converged plant network, with its partner - Rockwell Automation, creates synergistic opportunity in discrete industries.

5. Cisco could and will make manufacturing cool, fun and intuitive for the next generation.

6. Personally, I think Cisco should take more risks in the manufacturing area through acquisitions and smart product development to build on the momentum they already have in the market. At the end of last quarter of 2013, Cisco carried about $47 billion in cash (Sourced from Motley Fool).

7.  For a company like Cisco, who is in mature market like routers where they hold a lion's share, they will need to look at alternate and differentiated areas of growth for a sustainable future. One of them being - MANUFACTURING. 

Day 1 kicked off with John Chamber's keynote. There was an incredible amount of emphasis on IoT and the presentation was perfectly interlaced with customers like Shell and to demonstrate how Cisco IoT strategy is helping these companies predict and prevent abnormal situations. Although, there was not a lot of emphasis on manufacturing, it was pretty evident that Cisco's platform and integrated architecture layout with its partners were clearly on path to structure billion dollar blue ocean markets within manufacturing, retail, telecom, services, etc. The biggest opportunity for Cisco really is manufacturing, where there are several sub-markets that is ripe for disruption. Case in point includes connected factory, connected oilfield, connected mine, connected supply-chain and so on. Incidentally, this group was started off as 'Connected Industries' which is now named as IoT. We heard from Shell's CIO - Alan Matula who briefed us about the relationship the company enjoys with Cisco and how they need more technology focused people and not sales-centric people. It was a frank and an honest feedback which made me think - Is the future of manufacturing spinning on the gravity of technology? Are companies shedding their time-tested practices and re-clothing themselves in a new 'Avatar'. My thought's became well-founded when Alan Matula said Shell is a technology company and not an energy company. 

Here, we would look at two buzzwords and their briefs:

Application Centric Infrastructure (ACI):

Simply put, ACI is an architecture that mitigates the trade-off between software flexibility and hardware performance requirements. It enables building and deployment of applications in a highly responsive and in a centralized manner. The strength of the ACI is its partner ecosystem. During discussions with John, this was one of the key concerns on how Cisco would collaborate and at the same time compete with each other. While it is true to an extent, Cisco is attempting to level-play the field by creating a networking fabric that is easily scalable and customers can build on applications seamlessly. This is very much in resonance with the business models that we have analyzed within IoT. Clearly, companies who have built a platform-type approach could obtain the highest monetary benefits within the IoT ecosystem. This is Cisco's pioneering leadership in the market and has had some terrific success in areas such as smart cities (case in point is that of Barcelona, connected bus in SFO, etc.). In essence, Cisco is building out the networking infrastructure, which is the arteries for the data to flow, that will run for many years. While, the focus now is to penetrate the market with this architecture, the future would be about monetizing from these platforms deployed across industries and sub-industries.

Converged Plantwide Ethernet Solution:

This is the basis of Cisco's connected factory of the future vision. The convergence of network, wireless infrastructure, security and information creates the converged plant network. The integrated approach resolves multiple issues that is currently faced within the plant like segmented plant networks, wired infrastructure, multiple data directories, etc. The current plant networks are like spangled spaghetti, which Cisco is attempting to untangle it based on its powerful networking routers and switches in a secure, simple and an effective way. The converged platform approach solves flexibility, scalability and responsiveness challenges of end-users. At a juncture, wherein customers across industry verticals are looking at standardization and standards-driven manufacturing, Cisco clearly has cracked the code with this platform approach. Meanwhile, the uphill task for Cisco is in the retrofit/brownfield markets, wherein they need to build it up from the network which may not be there in the first place. However, retrofit markets provide the maximum resistance to change, but also houses significant revenue potential. 

The converged plant architecture is a smart move in a heavily fragmented market. However with IP connectivity and cloud-based provisioning, security continues to be the achilles heel of implementations. Cisco's response to it is the converged plant security solution which is industry's first to bring about policy and identity services to plant environment. The ability to control access, identity and condition-based information (time, date, access level type, posture, location, etc.) clearly should bring about more confidence in customer's mindset towards these implementations. The company has seen resonant success in leading manufacturers such as Twizzlers, Kimberly-Clark, Harley-Davidson, Fiat which are squarely placed in discrete industries. A larger potential clearly lies in process industries such as oil and gas, chemicals, pharmaceuticals, etc. The company needs to build a strong go-to-market strategy for the process side of the business. As discussed, Cisco has an immense amount of room and potential to grow in one of the most promising industry verticals of the future. 

In my second post, I will detail about our visit to a leading Silicon Valley manufacturer and talk about IoT in action within their manufacturing operations.

Siemens joins hands with Intel's McAfee to service industrial cyber-security market

10 Apr 2014

Following up earlier post, where the industry saw the acquisition of Industrial Defender by Lockheed Martin, this announcement comes as a 'no-brainer'. As the cyber-security for critical infrastructure (CI) market starts seeing more growth and adoption, solution providers are aggressively looking to position themselves in order to effectively capitalize the market opportunities in CI markets of oil and gas, chemicals, energy, critical manufacturing (steel making, etc.), water utilities, etc. Frost & Sullivan sees the market opportunity in two areas:

1. Greenfield projects - These are CAPEX driven areas which would potentially look at implementing control systems and products that are secure by design. This is primarily because, many solution providers are preparing to develop products that are instrinsically secure, while not providing security as an after thought. 

2. Brownfield projects - These are OPEX driven areas. Typically, industrial control systems have a lifecycle of 20-30 years. They are usually run till the end lifecycle of the plant. Unfortunately, these systems are built on obsolete architectures and operating systems, that the ability to hack into these systems is relatively easy. Hence, end-users are highly apprehensive of these legacy assets which opens up reliability and security issues. There is clear market opportunity here for companies in this segment, as the Presidential Directive comes into the implementation phase. Incidentally, this market is expected to become the most competed space, as companies look to build 'Blue Ocean' strategies and tactics to drive and create value for customers. 

Hence, the alliance of Siemens Industry with Intel's McAfee is a 'no brainer'. Incidentally, Siemens was one of the first companies of the much debatable Stuxnet worm that was tuned to sabotage industrial machinery. However, the organization has come back strongly by building a industrial cyber-security group ground up with clear winning value-proposition for the process industries. Especially, as Siemens is delivering several core technologies to many end markets like oil and gas, power - it is highly instrumental for the company to strengthen its position and weakest link by partnering with best in class solution providers in the market. Thus, it is very strategic in its partnership with McAfee (which also acquired NitroSecurity in 2011) and also has the processing power of Intel and embedded hardware platform of WindRiver Corporation. 

Some of the other key partnerships between enterprise software and automation companies are Rockwell Automation with Cisco Corporation. While, these companies have been pioneering in their aspirations to bolster capabilities - there are quite a number of automation companies who are yet to fully grasp the issues. As change continues at the speed of thought, Industrial Internet of Things (IIoT), Industry 4.0, Cloud, Mobility, BYOD, Analytics, Threat Detection would drive massive transformations within the industry. We are keeping a close watch on this space and conducting end customer-based panel discussions to identify unmet needs, pain points current and next-gen practices. A space to watch out for !

Do read more at the below links:

McAfee's announcement -

Siemens Industrial Security Services -

Lockheed Martin to acquire Industrial Defender - Industrial Cyber-security market heats up

14 Mar 2014

Cyber-security was an unknown business driver a few years back. The recent attacks and the possibility of a 'cascading failure' due to cyber-attacks on networks and industrial control systems has made cyber-security a 'must-have' solution for systems security purposes. The market initially had niche and pure-play solution providers like Industrial Defender, Wurldtech, Waterfall Security Systems, etc. Progressively, the market observed the entry of enterprise solution providers like Intel (post acquisition of McAfee and NitroSecurity), IBM (post acquisition of Q1 Labs), Belden/Hirschmann's acquisition of Tofino Security and such others. 

As Homeland Security released the Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience, 16 critical infrastructure sectors were identified. Out of the 16, the process and discrete manufacturing related industries were:

1. Chemicals

2. Critical Manufacturing Sectors (Primary metal manufacturing, Machinery manufacturing, Transportation equipment manufacturing)

3. Energy

4. Food and Agriculture

5. Nuclear Reactors

6. Water and wastewater

The framework signed into order by President Obama requires monitoring agencies to publicly report threats to companies and facilities in the US. Also, the framework provides a guidance to audit current facilities and implementation best-practices. However, at this juncture - there is no prescriptive approach of technology usage. This means, end-users can prefer their own use of technologies and implement it. Hence, it clearly opens up the market of opportunities for cyber-security solution providers. Of all the infrastructure security market constituents, cyber-security market is expected to offer the highest growth and the best-possible opportunity in the short-medium time frame.

What this means to the industry?

As Lockheed Martin intends to acquire Industrial Defender and finalize it over the next 30 days, many other defense firms like would likely enter this market with innovative solutions and services. However, the current product capabilities may be over-robust in features and functionality, that it may not meet the cost-point's of industrial-grade end-users. So, there needs to be definitive strategy in entering the market.

Issues with Partners of Industrial Defender

Currently, the listed partners are ABB, Schneider Electric Corporation, Itron and Elster. Only, time would tell on how these relationship's would turn out to be. As there would be a clear conflict of interest, these relationships may not be maintained or maybe maintained to continue the robust go-to-market channels for Industrial Defender. 


Clearly, this market is of intense interest to several solution providers in the market. As cyber-security mandates cement its footing in the industry, value-consulting services could be the inital strategy to pull through products, solutions and value-added services.

As the cyber-security creates opportunities for industrial facilities, there needs to be a clear understanding of the following:

1. How is the market landscape evolving and what are the industry drivers and motivation?

2. What are the current competitive differentiations of the present solution providers?

3. How do customer's buy cyber-security solutions currently?

4. What are industries current best-practices and future next-gen practices?

Frost & Sullivan is taking a pioneering role in this by organizing (subject to change) an IdeaXchange which is an online panel discussion to discuss these pertinent issues with industry end-users. Please watch out for our notificiations and press releases regarding this.


Schneider's strategic competitive advantage, post Invensys acquisition: A speculative analysis

21 Oct 2013

Executive summary: Improving competitive positioning to drive sustainable market growth for Schneider Electric Corporation – A speculative analysis


Schneider Electric Corporation S.A (SCHN.PA) (hereafter called in as Schneider) is a global specialist in energy management. They participate across multiple markets like industrial automation and process control, energy, data centers, buildings and residential. For this analysis, we would be assessing and strategically evaluating the process automation segment (which includes wireless instrumentation, programmable logic controllers, Manufacturing execution systems, etc.). The Global process automation market is about US$120 billion (2012) and is expected to grow at a compounded annual growth rate (CAGR) of 4 to 5.5% over the next 5 years. The process automation market has seen mostly organic growth with very little major inorganic growth strategies over the past 5 years. The main competitors of Schneider for this particular market segment are ABB, Invensys plc, Siemens AG, Honeywell Process Solutions, etc.

In the macro industry analysis, the environmental factors that are relevant to this analysis are market size, growth, mega trends, demographic trends, macro-economic trends and technological trends (Exhibit 1). Growing demographic population promises sustainable growth through infrastructure growth. The need for energy, electricity and food drives long-term secure industry investments in emerging markets mainly. One of the other evolving trends that is a major concern for Schneider is the evolving customer buying behavior which is tectonically shifting from piece-part products to more integrated solutions capability. The impact of this shift on Schneider is long-term loos of market share as it’s competitors are well poised to capitalize and leverage this market shift. Secondly, the cyclical and uncertain growth pattern is forcing automation solution providers to look at opportunities beyond organic growth abilities. There are very few pure-play total automation solution providers available in the market currently. We will analyze the competitive structure of the industry (see section below) on reasoning and impact to Schneider from the recommendations.

Exhibit 1: Environmental Analysis

Key Market Metrics



Market Size, 2012

US$120 billiom


CAGR (2011-2016)


Mega Trends Impacting the Industry

  • Growing demographic population



  • Eco-conscious developed market customers



  • Manufacturing renaissance in US markets



  • Infrastructure development in growing emerging markets



  • Evolving customer – due to ageing workforce


Macro-economic Trends

  • Slowing emerging markets growth



  • US manufacturing renaissance



  • Cyclical growth in European markets



  • Cautious customer spending due to swinging economies and industries.


Technology Trends

  • Push towards integrated solutions and pre-architected systems.


 The general overview of process automation market is that, the products are sold into industry verticals like oil and gas, chemicals, petrochemicals, power, metals and mining, water and wastewater. These industries have both types of projects – greenfield and brownfield. Greenfield projects are new investments which are plants and establishments built from scratch. Brownfield investments are retrofit/modernization projects. The go-to-market strategies vary widely by industry and by project type. However, the common characteristics for both these project types for Schneider to look at are:

  1. Need for total solution capability
  2. Ability to deliver an open, scalable and flexible automation platform
  3. Enhanced co-ordination between people, process and technology
  4. Application knowledge
  5. Industry expertise and experience.

From a process industry perspective, Schneider lacks totally in areas such as process industry expertise and application knowledge. While, Schneider needs to look at building product capabilities, the need for strong process knowledge-oriented people is equally critical.

Strategic Groups and Market Positioning:

To further understand the process automation market, clearly, the growth in manufacturing operations software market is much higher than automation hardware. However, the future of the automation market is skewed towards the integration of the hardware and software worlds. While, Schneider has certain piece, part components amongst these areas, it certainly lacks the ability to provide saleable total solutions for customers across industry verticals.

A Porter’s fiver force analysis of the industry further bolsters the reasoning above of evolving customer landscape and increasing competition. As shown in Exhibit 3, the industry competitors are well consolidated although it varies by industry type. Schneider’s position in the automation market is mostly low value-added automation product (like programmable logic controller) with integration to information technology layer (like Manufacturing Execution Systems). However, the industry structure is changing based on the evolving customer needs for integrated solutions. This means that, for projects bids in an industry like Oil and Gas, the price of admission is a distributed control system (DCS). Schneider critically lacks this capability and would take them at least 7 years to organically develop this platform.

Exhibit 3: Porter’s Five Force Analysis

Force Analysis

Details of the Force on the Market Analyzed

Industry Competitors

The industry consolidation varies by industry vertical. Generally, about 30.0-35.0% of the total process automation market is controlled by top three solution providers (ABB, Emerson Process Management and Honeywell Process Solutions). The market is highly competitive and constantly looks for growth as the market continues to mature.

Potential Entrants

There are not many entrants to this market, as the barriers to entry, like developing an automation technology platform, is very high to the extent of a lead time of 5-10 years. Hence, inorganic growth mode is the most preferred way to establish growth.


Competition in this market is expected to come from a wide range of service suppliers who are called system integrators. These set of companies are trying to move up the value-chain, while effectively leveraging local presence and support capability with customers.

Threat of Substitutes

No major threat from substitutes. It will continue to be ‘business as usual’ for automation companies.

Competitor Analysis:

When we assess a comparison of product lines across key automation companies. The analysis clearly shows that Schneider misses key components to become a mainstream supplier in the process automation markets. By acquiring Invensys, Schneider is able to get the much needed DCS, Safety Systems, Enterprise Asset Management platform which would vault them head on head against mainstream automation companies. The acquisition would enable Schneider to participate in a $15 billion available market, which they were not able to do so before due to product constraints. As explained before, inorganic growth is the predominant way to grow and achieve a valuable and sustainable competitive position. While, other automation companies are developing go-to-market strategies like main automation contractor to effectively penetrate end-user markets, Schneider’s inability to provide a totally integrated automation approach restraints their ability and hence become outcompeted in the market. The automation market is increasingly seeing innovative business models, like strategic alliances with engineering companies, service companies to leverage the next wave of growth. This could potentially mean that, Schneider will have a lot of catch up to do even after the potential acquisition of Invensys. Hence, we need to critically evaluate it’s portfolio of product capabilities to further understand which businesses are complimentary and will lead Schneider to a sustainable competitive advantage.

The diversification of Schneider’s business, post the acquisition, would result in the company’s ability to drive synergies and cross sell products and solutions into its existing pool of customer bases. Thus, in summary – the top recommendations for Schneider are:

  1. Acquire Invensys to achieve a highly complementary set of instrumentation cluster and automation technology platforms.
  2. Leverage people and processes to drive market penetration across greenfield and brownfield opportunities.
  3. Cross-sell energy efficiency products like StruXure ware with acquired products and technologies to become a global leader in energy efficiency management.


Help Desk

Full list of offices

For more information and general enquiries, contact Frost & Sullivan near you.

North America
tel: +1.877.463.7678

Select a location near you..