Internet of Things - Crane Operations: AC and DC
Internet of Things (IoT) technology is currently being used to develop automated crane operation software and protocols in the construction industry, among others. IoT-connect cranes allow remote monitoring, control, and programming, which makes crane operation more efficient and safe, which companies like LG Uplus, CraneSCADA, and VerveTronics are offering in their IoT product lines. However, despite the advantages of these advancements, IoT-cranes have been shown to have high vulnerability to cybersecurity threats, which will require industry-wide regulation to combat in the future.
The Use IoT Technology to Automate Cranes
- Within several industries, including the construction industry, businesses and academic institutions are studying and developing methods to use IoT technology to improve the efficiency and safety of crane usage.
- Without IoT technology, the logistics of operating traditional cranes, whether they have AC or DC motors, requires extensive preparation and coordination between managers, team members, and individual crane operators, which can take a significant number of man-hours to adjust or adapt to schedule changes.
- Integrating cranes into and IoT network can drastically simplify these efforts because information about the position, condition, schedule, and controls can be remotely monitored in real-time.
- Having the ability to remotely control and program IoT-connected cranes also means that these machines can be automated to follow set schedules of command without requiring live control.
- Often, a robust IoT network will include frequent monitoring of the conditions of the connected equipment and environment, which can make maintenance and logistics more efficient and safe, as the information is relayed to customers, operators, and management.
- The monitored information can include: "the exact location of the crane," "movement of the asset to unplanned sites can indicate usage beyond the accepted terms of your agreement... [to] assimilate this information and bill accordingly," as well as "measurement of driving behavior, so that planners can analyze how operators are working with cranes and see areas for improving or optimizing performance."
- For example, at the Queensland University of Technology in Australia, robotics researchers are working with a technology company to develop "the world’s first remote-controlled load-management system, which removes human held taglines for crane operations."
- According to these researchers, "Hybrid Cloud Computing in Internet of Things" will allow crane operators to optimize their use in a variety of industries through the use of digital sensors to program cranes to have precise and accurate movements.
- By using high-quality sensors and IoT technology in combination, the project is intended "to improve the energy management and storage capabilities" of IoT-connected cranes, improving various industries, including logistics and construction.
- In 2019, LG Uplus, a subsidiary of the Korean conglomerate LG, "announced plans to construct a smart port system powered by 5G technology that will enable unmanned cranes to be operated remotely to maximize efficiency in transporting containers."
- This system is being developed as part of LG Uplus's partnership with Seoho Electric, and according to their agreement, the companies are creating "the world’s first demonstration of a 5G-based smart port operation at a domestic container terminal. The agreement stipulated cooperative measures to combine LG Uplus’ 5G network with automated port cranes."
- According to the company website, "CraneSCADA is an Industrial IOT platform which connects all your legacy and new industrial equipment with each other and collects, stores, and analyzes their data with cloud computing for you to take intelligent actions and remotely monitor your devices. This helps in significantly minimizing downtime and being aware of your equipment at all times. CraneSCADA is a crane automation & crane monitoring system."
- The system is intended to decrease unexpected delays due to maintenance and repairs, proactively diagnose problems with IoT-connected cranes, and allow constant remote monitoring that updates stored data on connected equipment every 5 seconds.
- CraneSCADA is advertised to monitor over 50 parameters that trigger texts or emails to the operating team when those parameters exceed or fall below set thresholds, including parameters like engine temperature, motor energy consumption, voltage changes, motor speeds, and electric and magnetic fields emitted from AC induction motors.
- VerveTronics IoT products promise to optimize" preventive and predictive maintenance," "operational efficiency," and "crane movement tracking."
- The program is purported to allow detailed data analytics that will improve the efficiency of clients' crane operations, reduce wear and tear, and decrease safety risks for operators and offers monitoring for motor voltage, motor overload, crane GPS location tracking, load capacity, and vehicle speed, among other parameters. The program also includes convenient remote firmware updates and bug fixes.
- According to the VerveTronics website, the company's "Remote Crane Monitoring Solution is a comprehensive IoT Crane solution which includes cloud data analytics and mobile application along with hardware sensors which can be easily integrated or retrofit on indoor heavy material handling cranes such as EOT cranes, Double girder and single girder cranes, gantry cranes, bridge cranes, JIB cranes, HOT cranes or outdoor mobile cranes such as tower cranes, mobile cranes, telescopic cranes, container cranes, etc."
- Additionally, the company's descriptions of the system state it consists of "Edge sensors, Edge hardware device (electronics) with wireless communication, a cloud application, and an optional smartphone (Android) application. The sensors are placed on various parts of the crane such as electric motor, 3 phase power line, crane electric panel, rope, and so on. This collects information from various parts of the crane and brings it to the hardware device" as depicted in the image below.
Cybersecurity Threats and Regulation for IoT-Connected Cranes
- According to Forbes, researchers have reported that IoT-connected cranes are "hopelessly vulnerable... And, unless the manufacturers behind the tools could be convinced to secure their kit, the potential for catastrophic damage was very real. The consequences ranged 'from theft and extortion to sabotage and injury.'"
- Telecrane, in particular, has been exposed as an example of a company developing IoT-connected cranes that have highly vulnerable equipment to Internet attacks, but research from Trend Micro has revealed that the problem persists among several companies' IoT-connected cranes.
- In 2018, Telecrane's cranes were found to "have an IoT security flaw that could allow hackers to take over control of the equipment."
- Part of the problem is the conditions surrounding the remote control of these cranes, as the connected cranes are often out of sight of and far away from the operator. As a result, Internet connections have to be used to connect the crane to the IoT network, rather than more secure options like Bluetooth or a wired connection.
- According to Threatpost, a news source on business cybersecurity, "the Telecrane flaw" was found to primarily affected Telecrane's IoT-connected construction cranes, and would "could allow hackers to intercept its communications and take control of the equipment."
- This flaw, which can be manipulated using what is considered a fairly rudimentary and low-skill hack, was "dubbed (CVE-2018-17935) is considered an 'authentication bypass by capture-replay' by compromising transmission mechanism that connects the two pieces of hardware that enable the crane to 'talk' to the controller in the operator cockpit. It intercepts those transmissions, edits them to its liking, and then uses them to take control of the crane. It is basically a 'man in the middle' style attack."
- U.S. security officials have rated this flaw as "a 'serious CVSS v3 score of 7.6,' and construction companies are being encouraged "to keep their crane’s firmware up to date, use VPNs to protect their data, and minimize the network exposure of all control devices."
- Trend Micro is a cybersecurity solutions company that has been researching the cybersecurity vulnerabilities of IoT-connection cranes.
- Researchers working for the company have been testing IoT-connected cranes, among other large equipment like excavators and scrapers from various companies, at 14 different locations to assess their vulnerabilities by trying various cyber attacks to see which can successfully hack the machines.
- According to Mark Nunnikhoven, Trend Micro's VP of cloud security, "The attacks [that are successful] are simple, cheap and open to any person willing to risk launching them... Anyone in range can manipulate these devices."
- Trend Micro's researchers have learned that the susceptibility of these IoT-connected machines lies "not in the vehicles themselves but in the communications between the controllers and the cranes," which would allow hackers to mimic the commands and take over the machines using a programmed radio signal.
- According to Forbes' reporting on Trend Micro's research, "So straightforward were the first four types of attack, they could be carried out within minutes on a construction site and with minimal cost. The hackers only required PCs, the (free) code, and RF equipment costing anywhere between $100 and $500. To deal with some of the idiosyncrasies of the building site tech, they developed their own bespoke hardware and software to streamline the attacks, called RFQuack."
- Based on these findings, the industry overall needs to overhaul the cybersecurity of its IoT systems and equipment, as Trend Micro's have already identified 7 companies (Saga, CircuitDesig, Juuko, Autec, Hetronic, Elca, and Telecrane) which have IoT-connected equipment that is vulnerable.
- In cooperation with Computer Emergency Response Teams, experts funding by the US government, Trend Micro and its researchers have been notifying companies with vulnerable equipment of the issues and helping them develop and deploy software fixes.