Enhanced Cybersecurity Services: Protecting Critical Infrastructure

Comprehensive cybersecurity is an unfortunate necessity in the connected age, as malwares like Duqu, Flame, and Stuxnet have proven to be effective Embedded PC instruments of espionage and physical sabotage rather than vehicles of petty cybercrime. In an effort to mitigate the impact of such threats on United States Critical Infrastructure (CI), the Department of Homeland Security (DHS) developed the Enhanced Cybersecurity Services (ECS) program, a voluntary embedded system framework designed to augment the existing cyber defenses of CI entities. The following provides an overview of the ECS program architecture, technology, and entry qualifications as described in an “on background” interview with DHS embedded pc officials.

At some point in 2007, an operator at the Natanz uranium enrichment facility in Iran inserted a USB memory device infected with the Stuxnet malware into an Industrial Control System (ICS) running a Windows Operating System. Over the next three years, the embedded system would propagate over the Natanz facility’s internal network by exploiting zero-day vulnerabilities in a variety of Windows OSs, eventually gaining access to the Programmable Logic Controllers on a number of Industrial Control Systems (PCSs) for the facility’s gas centrifuges. Stuxnet then injected malicious code to make the centrifuges spin at their maximum degradation point of 1410 Hz. One thousand of the 9,000 centrifuges at the Natanz facility were damaged beyond repair.

In February 2013, Executive Order (EO) 13,636 and Presidential Policy Directive (PPD)-21 ordered the DHS to develop a public-private partnership model to protect United States CI entities from cyber threats like Stuxnet. The result was an expansion of the Enhanced Cybersecurity Services (ECS) program from the Defense Industrial Base (DIB) to 16 critical industrial pc.

Enhanced Cybersecurity Services framework

At its core, the embedded system pc is a voluntary information-sharing framework that facilitates the dissemination of government-furnished cyber threat information to CI entities in both the public and private sectors. Through the program, sensitive and classified embedded system information is collected by agencies across the United States Government (USG) or EINSTEIN sensors1 placed on Federal Civilian Executive Branch (FCEB) agency networks, and then analyzed by DHS to develop “threat indicators”. DHS-developed threat indicators are then provided to Commercial Service Providers (CSPs)2 that, after being vetted and entering a Memorandum of Agreement (MOA) with DHS, may commercially offer approved ECS services to entities that have been validated as part of United States CI. The ECS services can then be used to supplement existing cyber defenses operated by or available to CI entities and CSPs to prevent unauthorized access, exploitation, and data exfiltration.

In addition, CSPs may also provide limited, anonymized, and industrial cybersecurity metrics to the DHS Office of Cybersecurity & Communications (CS&C) with the permission of the participating CI entity. Called Optional Statistical Information Sharing, this practice aids in understanding the effectiveness of the ECS program and its threat indicators, and promotes coordinated protection, prevention, and responses to malicious cyber threats across federal and commercial domains.

Enhanced Cybersecurity Services countermeasures the initial implementation of ECS, including two countermeasures for combating cyber threats: Domain Name Service (DNS) sinkholing and embedded pc e-mail filtering.

DNS sinkholing technology is particularly effective against malwares like Stuxnet that are equipped with distributed command and control network capabilities, which allows threats to open a connection back to a command and control server so that its creators can remotely access it, give it commands, and update it. The DNS sinkholing capability enables CSPs to prevent communication with known or suspected malicious Internet domains by redirecting the network connection away from those domains. Instead, CSPs direct network traffic to “safe servers” or “sinkhole servers,” both hindering the spread of the malware and preventing its communications with embedded pc cyber attackers.

The e-mail filtering capability is effective in combating cyber threats like Duqu, for example, which spread to targets through contaminated Microsoft Word e-mail attachments (also known as phishing), then used a command and control network to exfiltrate data encrypted in image files back to its creators. The e-mail filtering capability enables CSPs to scan attachments, URLs, and other potential malware hidden in e-mail destined for an entity’s networks and potentially quarantine it before delivery to end users.

Accreditation and costs for Enhanced Cybersecurity Services

The CS&C is the DHS executive agent for the ECS program, and executes the CSP security accreditation process and MOAs, as well as validation of CI entities. Any CI entity from one of the 16 key infrastructure sectors can be evaluated for protection under the ECS program, including state, local, tribal, and territorial governments.

For CSPs to complete the security accreditation process, they must sign an MOA with the USG that defines ECS expectations and specific program activities. The MOA works to clarify the CSP’s ability to deliver ECS services commercially while adhering to the program’s security requirements, which include the ability to:

Accept, handle, and safeguard all unclassified and classified indicators from DHS in a Sensitive Compartment Information Facility (SCIF) Retain employee(s) capable of holding classified security clearances for the purposes of handling classified information (clearance sponsorship is provided by DHS)
Implement ECS services in accordance with security guidelines outlined in the network design provided on signing of the embedded pc versions of MOA.

Privacy, confidentiality, and Enhanced Cybersecurity Services

“ECS does not involve government monitoring of private communications or the sharing of communications content with the government by the CSPs,” a DHS official told Industrial embedded systems.  Although CSPs may voluntarily share limited aggregated and anonymized statistical information with the government under the ECS program, ECS related information is not directly shared between customers of the CSPs and the government.

“CS&C may share information received under the ECS program with other USG entities with cybersecurity responsibilities, so long as the practice of sharing information is consistent with its existing policies and procedures. DHS does not control what actions are taken to secure private networks or diminish the voluntary nature of this effort. Nor does DHS monitor actions between the CSPs and the CI entities to which they provide services. CI entities remain in full control of their data and the decisions about how to best secure it.”

refer to:http://industrial-embedded.com/articles/enhanced-protecting-critical-infrastructure/

Machine-to-Machine (M2M) Gateway: Trusted and Connected Intelligence

The factory of the future will still have Programmable Logic Controllers (PLCs) and Human-Machine Interface (HMI) panels, but someone half a world away will likely be monitoring and controlling them. That person may be sitting at a desk watching over a global network of facilities or checking the latest production statistics from a smartphone. Either way, the vision of the “Connected Factory” is evolving from concept to reality, as the explosive growth in Machine-to-Machine (M2M) connections, mobile devices in the enterprise, and wireless data traffic shows.

Implementing this approach, however, is not simply a matter of connecting devices to Ethernet and wireless networks. The fundamentals must be right to ensure that facilities produce information that can be accessed, monitored, and controlled from anywhere.

Over the past 50 years, automation technology has evolved to the point that a plant manager for a global industrial manufacturing company can easily monitor and control devices from hundreds of miles away, rather than standing a few feet away from them. This level of control can be achieved in ways that may include:

Sitting at a desk in a centralized office
Watching video footage captured by a global network of connected cameras
Remotely troubleshooting a piece of equipment from a tablet
Checking the latest production statistics using a smartphone app
The progression of the “Industry 4.0” revolution means that more factories and industrial plants will implement more networked devices that are able to collect data. This concept, which is also referred to as the “connected factory,” is transitioning from a ’what-if’ notion to present-day reality at overwhelming speed.

The flood of enabling technology has paved the way for automation to gain global prominence across a wide variety of industrial and manufacturing industries. Organizations are increasingly realizing that with automation they can produce better quality products, sustainably and efficiently, while keeping a closer check on production costs. Gartner forecasts that by the year 2020, there will be up to 30 billion devices connected with unique IP addresses, most of which will be products. In the industrial world, these devices will be equipment such as natural gas or wastewater treatment pumps, high-capacity scales, and other production machines.

While many global manufacturers are eager to realize the benefits of the Connected Factory, such as reduced operational costs and better visibility and control of assets, it is unrealistic and cost prohibitive for them to construct greenfield facilities or orchestrate a ’rip-and-replace’ of all legacy equipment. Instead, plant managers are better off leveraging industrially fluent communications devices and adapting the legacy sensors, Remote Terminal Units (RTUs), and communications protocols that have served them well for years in order to create modern, real-time reporting and control systems.

The three key requisites of the Connected Factory

Managing productivity and profitability is a key role of plant managers and engineers in world-class manufacturing operations. The first step towards achieving this in the 21st century factory is to implement the fundamentals of a successful Connected Factory. These fundamentals must be in place to ensure that factories are generating information that can be accessed, monitored, and controlled from anywhere.

To begin this process, manufacturers must do three things:

Enable devices to speak the same language
Rethink operational efficiencies so more devices can talk with each other
Provide a secure, seamless platform in which these devices can communicate
Come together: Devices that speak the same language

The challenge with integrating legacy equipment with the Connected Factory model is that it often uses older protocols or even serial links that don’t easily fit into the TCP/IP world. An organization’s engineers must first ensure that this equipment can speak the same language as newer devices.

Plant engineers often source network switches used to build industrial networks from the IT world, a decision that may make sense for higher level infrastructure, but one that essentially introduces technology that is not purpose-built for machine-level control systems. For example, a modern machine may have every component networked and may allow every conceivable piece of status information to be displayed on its HMIs, but the network switch itself – the failure of which could take down the entire machine – sits alone or is loosely integrated via expensive and seemingly incomprehensible SMNP drivers.

To avoid this scenario, manufacturers must use a complex combination of drivers to provide protocol compatibility, replace existing hardware with more complex devices, or choose advanced HMIs, protocol converters, and industrial-grade switches that offer industrial fluency and multi-protocol support.

The first two options add complexity and development costs to the system. The third – deploying equipment with native support for all required standards and protocols – provides a simpler solution.

Raise your voice: Enabling more devices to communicate

Connecting equipment that can’t easily be reached in remote or geographically rugged locations enables real-time information access and greatly enhances remote troubleshooting capabilities. It can also result in safer working conditions for the humans who must monitor, regulate, and troubleshoot this equipment. Think about the value of automated devices in an oil and gas facility, for example. This clear value proposition for remote connectivity is driving the current boom in cellular M2M connection. Consider Metcalfe’s law as it applies to the Connected Factory: the value of the network increases exponentially with the number of connected assets.

With this in mind, manufacturers must invest in issuing all remote assets a cellular connection. Cellular routers and modems now provide native support for industrial automation equipment and protocols, including models that support 4G network connectivity. These products enable two-way communications from facility to facility, and enable information exchange with remote assets, such as offshore platforms or unattended substations or pipelines.

Everyone’s invited: A better place for devices to connect

As manufacturers seek to assign an IP address to networked assets, one hurdle they often face is that the available bandwidth remains static in spite of the growing number of networkable devices and data points. When factoring in the hierarchical nature of the industrial world – with PLCs and HMIs grouped into machines, these machines grouped into cells, and these cells grouped into factories – assigning an IP address to every PLC and sensor can be a management nightmare.

But new approaches to network design and configuration can help plant managers take full advantage of the available connectivity and control. Instead of assigning individual IP addresses, for example, engineers can solve the problem by using a rugged appliance that manages communications with dozens of disparate devices (including sensors, PLCs, and HMIs) while serving as a single point of contact for the network.

What’s next for Industry 4.0?

The ability to seamlessly communicate with operators, control systems, and software applications combined with practical networking options and support for native features and protocols delivers exponential meaning to data extracted from industrial devices. In other words, the true value of Industry 4.0 and the Connected Factory isn’t derived from the sheer volume of connections; it comes from creating more meaningful connections and the competitive edge gained by the harmonious dialogue between devices and the humans managing them. These capabilities create the context to take automation and remote management to new levels, thereby making the Connected Factory a reality.

As part of the Industry 4.0 movement, the Connected Factory demands a new approach to the concept of factory automation. With the thoughtful integration of supporting components that are designed specifically for this goal, the ability to connect, monitor, and control will drive productivity well into the future.

 

refer to: http://embedded-computing.com/articles/elements-success-the-connected-factory-needs-flourish-2014/

Meet Acrosser at Embedded World 2014!

acrosser Technology, a world-leading Industrial computer manufacturer, announces its participation in Embedded World 2014 from February 25-27, 2014. The event will take place in Nuremberg, Germany. We warmly invite all customers to come and meet us in Hall 5, booth number: 5-305!

At Embedded World 2014, Acrosser Technology will showcase its NEW embedded system product, AES-HM76Z1FLand its In-Vehicle Computer, AIV-HM76V0FL. Both products will be displayed in LIVE DEMO, showing its stability and high performance to the audience. What’s more, Acrosser will select its most favored mini-ITX boards from among our loyal customers, being demonstrated as a featured zone inside the booth. Make sure you do not miss our mini-ITX collection!

For gaming applications, Acrosser will exhibit the All-in-One Gaming BoardAMB-A55EG1. The board features great computing and graphic performance, and high compatibility on multiple operating systems. If you are looking for a gaming system, do not miss our AGS-HM76G1. It is a cost-effective PC-based gaming solution that can be easily applied to your VLT, amusement, and slot machines.

In addition, Acrosser will also stress its focus on networking appliances. With a series of products being showcased, we are ready to be your solution provider! We look forward to making your embedded idea a reality, and we cordially invite you to visit our booth and discover our outstanding products.

Feel free to pay us a visit in Hall 5 at Booth 5-305!
Acrosser Technology Co., Ltd.

For more information, please visit to Acrosser Technology website
www.acrosser.com

Contact:http://www.acrosser.com/inquiry.html

Apply for our AES-HM76Z1FL Product Testing Event NOW!

acrosser Technology Co., Ltd., a world-leading industrial and Embedded Computer designer and manufacturer, is pleased to announce that our AES-HM76Z1FL Product Testing Event has officially begun! To experience AES-HM76Z1FL’s superb computing performance, Acrosser welcomes all system integrators, from all industries, to join the event! The campaign will only last for 3 months and ends in March, 2014. So don’t hesitate to submit your application! Please click our event web page or look for the banner on our website!

So, are you ready to explore the excellence of Acrosser’s embedded products? To sign up for the AES-HM76Z1FL Product Testing Event, please click here, complete the on-line application form and submit! Acrosser will review your eligibility upon receiving your request. There are only a limited of AES-HM76Z1FL models for this event, so we encourage you to apply early!

Once your application has been approved, Acrosser will send a confirmation e-mail and an AES-HM76Z1FL Product Release Form. Please double-check that the Product Release Form has the correct mailing information so that we can get the product to you in a timely manner. You will then receive free lease of our product for a duration of one month, starting immediately!

Please mark the date, and make sure to return the Feedback Sheet and the AES-HM76Z1FL model to Acrosser on time. Meanwhile, we will send a small gift back to your previous address as a closing of the event. If you are interested in placing an order after product testing, please contact our sales team for discount!

We are prepared to be amazed by your fascinating projects. With its small form factor and fanless design, AES-HM76Z1FL can be installed anywhere under multiple industrial projects. Apply for the event, and experience great computing performance!

Product Information:
http://www.acrosser.com/Products/Embedded-Computer/Fanless-Embedded-Systems/AES-HM76Z1FL/Intel-Core-i3/i7-AES-HM76Z1FL.html

Contact us:
http://www.acrosser.com/inquiry.html

Android in vehicles

Android has its share of benefits and challenges when it comes to automotive infotainment systems. One such challenge is that of the emergence of mixed-criticality systems comprising both infotainment and safety-/security-critical systems, enabled by high-performance multicore processors. To face this challenge: Try virtualization.

Android represents a compelling choice for automotive Embedded Systems. As the most popular and fastest-growing mobile Operating System (OS) – comprising two-thirds of worldwide smartphone shipments – automotive OEMs see Android as the means to provide the best possible multimedia experiences. Android provides standardized interfaces for accelerated graphics, audio, wireless networking, Bluetooth technology, USB, and more, enabling applications to easily harness the power of these hardware facilities. OEMs see Android as a means of leveraging consumers’ familiarity with mobile devices to improve the automotive experience.

The availability of the Android open-source infotainment platform comes at a time when OEMs are taking more control over the digital infrastructure in cars. The traditional model of outsourcing the entire infotainment system to Tier 1 component suppliers is being replaced (at least at some OEMs, to varying extents) with an approach in which the OEM chooses the operating system, development environment, and microprocessor platform and even performs a significant amount of software development. Tier 1s are asked to build hardware and provide application and driver work, but the OEM owns the architecture. Android provides the control that OEMs require in this new world. But while these advantages are attractive to OEMs, Android also poses some challenges when it comes to multiprocessor-enabled, consolidated in-vehicle systems that tuck safety- and security-critical applications and infotainment applications all into a single system; however, virtualization is effectively conquering these challenges.

 

refer to:http://embedded-computing.com/articles/the-future-android-vehicles/

The Reliable Software Developers’ Conference – UK, May 2014

Technology event organiser Energi Technical has announced that it will be launching “The Reliable Software Developers’ Conference”, scheduled for May 2014.

This one-day conference will provide an important forum for engineers and developers working in the development of safety critical systems and high availability systems. It is expected to attract software developers working in such industries as automotive, railway systems, aerospace, bankingmedical and energy. www.rsd-conference.co.uk

“In recent years, software has become so complex that ensuring safety and reliability is now a major challenge,” said Richard Blackburn, Event Organiser. “Many systems now have millions of lines of code and will handle enormous amounts of data. Further to this, modern computer based systems will make millions of decisions every second and also have to be immune to interference and unpredictable events. This event will look at the MISRA coding standards, debug tools and software testing tools that are available to assist software programmers and engineers seeking to develop reliable and safety critical
systems.”

The Reliable Software Developers’ Conference will be co-located with the 2014 UK Device Developers’ Conference. Both will be a one-day conference to be run in Bristol, Cambridge, Northern England and Scotland on May 20th, May 20rd, June 3rd and June 5th.

Delegates attending either event will have the opportunity to sit in on technical presentations and ½ day technical workshops and a attend a vendor exhibition of tools and technology for the development of real-time and embedded systems. www.device-developer-conference.co.uk

“Advanced Debug Tools, Code Test, Version Control, Verification Tools and Software Standards have been a growing feature of recent conferences, so it made sense to create a dedicated event,” said Richard. “There will be a lot expertise available to delegates, and the chance to meet a broad range of vendors of test technologies and tools, all under one roof.”

Developed in collaboration with MISRA (Coding Standards), the Reliable Software Developers’ Conference will feature a number of presentations in the morning, followed by a half-day technical workshop in the afternoon. The presentations will be free and open to delegates of both Conferences, but the half-day workshops will be subject to a charge of £75. Delegates will learn about developments in coding standards, test and verification tools and best practices and it will also be an opportunity to meet with many industry experts.

Refer to:http://embedded-computing.com/news/the-uk-may-2014/

Acrosser wish you Happy Holidays and a very prospective 2014 coming soon!

As we near the end of 2013, acrosser would like to send you our warmest New Year’s wishes! We wish you and your family health, comfort, and prosperity this holiday season.

We also thank you for keeping up with our latest products, sending us inquiries, and choosing our products for your integrated solution! In 2014, we hope you will continue to choose Acrosser. We look forward to assisting you and your company in becoming the leader in your vertical market, and building a win-win relationship together.

And don’t forget about our star product, AES-HM76Z1FL, and its upcoming Product Testing Event in January! Remember to mark your calendar, since Acrosser is lending the product for free only to selected participants! Please stay tuned for more event information in early January!

With your continuous dedication and our commitment to quality, Acrosser is always motivated to make your embedded idea a reality!

 

Product Information:
http://www.acrosser.com/Products/Embedded-Computer/Fanless-Embedded-Systems/AES-HM76Z1FL/Intel-Core-i3/i7-AES-HM76Z1FL.html

Contact us:
http://www.acrosser.com/inquiry.html

Comprehensive customization for network appliances: meet our rackmount and micro box!

acrosser Technology, a world-leading network communication designer and manufacturer, introduces two network appliances that deliver great performance and protection while simplifying your network. Each product has its own target market and appeals to a unique audience.

Acrosser’s ANR-IB75N1/A/B serves as an integrated Unified Threat Management (UTM) device that covers all of your networking security needs. Featuring a 3rd generation Intel Core i processor, increased processing throughput is easily made. For integration with information security systems, the device also features functions such as anti-virus, anti-spam, fire wall, intrusion detection, VPN and web filtering, in order to provide complete solutions to meet the demands of various applications.

Key features of the ANR-IB75N1/A/B include:
‧Support for LGA1155 Intel® Core ™ i7/i5/i3 processor / Pentium CPU
‧Intel B75 Chipset
‧2 x DDRIII DIMM, up to 16GB memory.
‧2 x Intel 82576EB Fiber ports
‧8 x Intel 82574L 10/100/1000Mbps ports
‧Two pairs LAN ports support bypass feature (LAN 1/2 + LAN 3/4)
‧LAN bypass can be controlled by BIOS and Jumper
‧CF socket, 2 x 2.5” HDD, 1 x SATA III, 1 x SATA II
‧Console, VGA (pinhead), 2 x USB 3.0 (2 x external)
‧Support boot from LAN, console redirection
‧Equipped with 80 Plus Bronze PSU to decrease CO2 dissipation and protect our environment
‧LCM module to provide user-friendly interface
‧Standard 1U rackmount size

As for our micro box, the AND-D525N2 provides more possibilities for different applications due to its small form factor (234mm*165mm*44mm). Aside from its space-saving design, the other 3 major features of the AND-D525N2 are its high performance, low power consumption and competitive price. Please send us your inquiry via our website (http://www.acrosser.com/inquiry.html), or simply contact your nearest local sales location for further information.

Key features of the AND-D525N2 include:
‧Intel Atom D525 1.86GHz
‧Intel ICH8M Chipset
‧x DDR3 SO-DIMM up to 4GB
‧1 x 2.5 inch HDD Bay, 1 x CF socket
‧4 x GbE LAN, Realtek 8111E
‧2 x USB2.0
‧2 x SATA II
‧1 x Console
‧1 x MiniPCIe socket

Besides In addition to these two models, Acrosser also provides a wide selection of network security hardware. With more than 26 years of rich industry experience, Acrosser has the ODM/OEM ability to carry out customized solutions, shortening customers’ time-to-market and creating numerous profits.

For all networking appliances product, please visit:
http://www.acrosser.com/Products/Networking-Appliance.html

Product Information – ANR-IB75N1/A/B:
http://www.acrosser.com/Products/Networking-Appliance/Rackmount/ANR-IB75N1/A/B/Networking-Appliance-ANR-IB75N1/A/B.html

Product Information – AND-D525N2:
http://www.acrosser.com/Products/Networking-Appliance/MicroBox/AND-D525N2/ATOM-D525-AND-D525N2.html

Contact us:
http://www.acrosser.com/inquiry.html

INDUSTRIAL GROWING IN CHINA

On the other hand, some open protocols also have a large number of nodes connected, and the most representative ones are CANOpen, Modbus and HART. However, all three protocols don’t deliver strong functionality, and they are more likely to be used in low-end applications for easy connections.

With the upgrading of old facilities and the construction of new plants in China, customers also are being compelled to upgrade their systems using Ethernet. However, this move will not only be implemented by the customers, but also by the industrial automation vendors as well.

Most protocols have Ethernet variants. Because of this, many Fieldbus users will turn to the Ethernet of the application, for example, PROFIBUS to PROFINET, CC-Link to CC-Link IE. And the new automation products will also support those new Ethernet connections.
refer to:http://www.automation.com/portals/industrial-networks-field-buses/industrial-ethernet-growing-in-china

High Computing Performance for All Applications- F.I.T. Technology

The demand for computing performance in the IPC market continues to become stronger as the IT field advances. acrosser’s new AES-HM76Z1FL has been designed to meet these demands.
The F.I.T. Technology used to build this new product reflects its 3 major features: fanless design, Intel core i processor and ultra thin frame. The fanless design not only reduces the risk of exposure to air dust, but also prevents fan-malfunction. With a height of less than 0.8 inches, AES-HM76Z1FL’s slim design makes itself FIT into every application.
As its structure and output interface show, AES-HM76Z1FL provides a wide range of choices, from HDMI, VGA, USB, and audio to GPIO output interfaces that suit almost all industries. For wireless communication needs, the AES-HM76Z1FL has a mini-PCle expansion slot which provides support on both 3.5G and WiFi.
Another fascinating feature of the AES-HM76Z1FL is its ease of installation for expansions. By disassembling the bottom cover, expansions such as CF cards, memory upgrades and mini-PCIe can be easily complete without moving the heat sink. Moreover, Acrosser adopts 4 types of CPU (Intel Core i7/i3, Intel Celeron 1047UE/927UE) for AES-HM76Z1FL, allowing it to satisfy the scalable market demands of different applications.
In conclusion, the AES-HM76Z1FL is truly a well-rounded product designed for diverse applications. To promote our star product AES-HM76Z1FL, Acrosser will launch a product testing campaign starting in January, 2014. Acrosser will provide selected applications with the new AES-HM76Z1FL for one month, and it’s free! For more detailed information, please stay tuned for our press release, or leave us an inquiry on our website at www.acrosser.com!Product Information:
http://www.acrosser.com/Products/Embedded-Computer/Fanless-Embedded-Systems/AES-HM76Z1FL/Intel-Core-i3/i7-AES-HM76Z1FL.html