Supervisory Control and Data Acquisition (SCADA) systems are used for remote monitoring and control in the delivery of essential services products such as electricity, natural gas, water, waste treatment and transportation. SCADA software runs on regular computers, but is used by owners of critical infrastructure and other various types of industrial facilities to monitor and control industrial processes.
This blog post will introduce SCADA systems fundamentals that will help analyze security considerations.
Remote monitoring is widely considered one of the most difficult applications to do in a cost-effective way. Remote monitoring using SCADA systems has traditionally been a very difficult and expensive task. SCADA systems have traditionally used their own communications networks, and the security has been largly based on keeping the SCADA network separate from public networks and fact that not many people know the special protocols used on those systems (=security by obscurity).
Internet technologies have made the remote monitoring easier and more cost effective in many applications, but on the other hand has created new set of risks related to hacking. If you connect a remote monitoring system that uses insecure communications protocol to Internet, sooner or later somebody can figure out how to hack into your system. If your system is just doing monitoring, somebody hacking can stop our communications or worse can feed you with false data. If your remote monitoring system is also used to control something, then risks are far greater.
There isn’t a single security solution capable of addressing all existing and future risks. It’s necessary to implement a series of different defenses across the system. Deploy safeguards throughout the platform to provide a robust protection against the vast majority of attacks.
Modern SCADA systems are typically designed for security using platforms similar to typical networked clients, such as laptops and workstations. There are also some specific considerations. Security systems easily become complicated. Unfortunately as the complexity of securing devices increases, so does the risk of vulnerabilities slipping past equipment manufacturers and IT organizations. Industrial control systems (ICS), distributed control systems (DCS), supervisory control and data acquisition systems (SCADA) have all been around for decades, but thanks to Stuxnet, DuQu and other major incidents, these systems have recently began receiving serious security consideration.
Cyber security is war. You have to defend your systems from all sorts of outside attackers, and if one that’s skilled and determined gets you in his sights, defending yourself may be tougher than you think. Once an attacker breaks through a hardened perimeter, moving around inside is usually pretty easy. That’s why defense in depth with incident detection, response, and attribution is so important.
Security is all about layers. You can’t ever block everything on one place so you need layers of security to protect yourself. The enterprise can put lots of devices and layers to protect themselves and customers, because you can’t be 100 percent protected against everything with only one solution.
Want it Secure? Target Both Design and Data Security article says that in today’s increasingly connected world, security applies to servers as well as mobile and remote embedded devices. The latter are often exposed to physical tampering while data travelling over networks is exposed to compromise and hacking. Security depends on securing the complete connected universe.
How safe is your network? Is Your Network Safe? article tells that just a few years ago, plants didn’t have to worry about the safety of their networks. From an IT point of view, plants were silos — succinct and secure. That changed over the past decade. To improve efficiency, plants connected out to the company’s back office and beyond to suppliers and customers. Most of the connectivity runs along Internet connections. This extended network prompted a battle between the organization’s IT team and the control folks on the factory floor. If your plant is running 24/7, you can’t add patches and reboot without shutting down the plant. In addition, the plant is now vulnerable to hacking (terrorists, hackers, competitors and disgruntled employees).
Six Ways to Improve SCADA Security blog article tells that when it comes to securing SCADA networks, we are usually years or even decades behind when compared to securing typical IT networks. The article presents some of the SCADA security’s most daunting challenges along with some recommendations to secure SCADA networks.
1. A SCADA network is inadvertently connected to a company’s IT network or even to the internet
2. ‘Data presentation and control’ now runs off-the-shelf software
3. Control systems not patched
4. Authentication and authorization
5. Insecure ‘datacommunication’ protocols
6. Long life span of SCADA systems
Understanding cyberspace is key to defending against digital attacks article tells that in recent years, there has been one stunning revelation after the next about how such unknown vulnerabilities were used to break into systems that were assumed to be secure.
Growing numbers of other kinds of machines and “smart” devices are also linked in to Internet: security cameras, elevators and CT scan machines; global positioning systems and satellites; jet fighters and global banking networks; commuter trains and the computers that control power grids and water systems. “We have built our future upon a capability that we have not learned how to protect,” former CIA director George J. Tenet has said.
“Companies want to make money” “They don’t want to sit around and make their software perfect.” Many of vulnerabilities are related to errors in code designed to parse data sent over the Internet. The software makers often failed to heed the warnings from security researchers and some vulnerabilities remained for a long time. And even in cases where the manufacturer has a fix, the customer might hot apply it any time soon because in many cases you can’t add patches and reboot without shutting down the plant.
Want it Secure? Target Both Design and Data Security article says that adding robust security features to a design can substantially impact the complexity, power consumption and cost of a system. These challenges include supporting the computational complexity required to run advanced cryptographic algorithms; providing secure insertion and storage of encryption keys, and authenticating and encrypting data exchanged over public network connections.
344 Comments
Tomi Engdahl says:
Active malware operation let attackers sabotage US energy industry
“Dragonfly” infected grid operators, power generators, gas pipelines, report warns.
http://arstechnica.com/security/2014/06/active-malware-operation-let-attackers-sabotage-us-energy-industry/
Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers.
Called Dragonfly, the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a research report published Monday by Symantec. One of the RATs, called Havex, was spread by hacking the websites of companies selling software used in industrial control systems (ICS) and waiting for companies in the energy and manufacturing industries to install booby-trapped versions of the legitimate apps.
“This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems,” the Symantec report stated. “While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.”
Dubbed Energetic Bear by other researchers, Dragonfly has been in operation since at least 2011. It initially targeted US and Canadian companies in the defense and aviation industries before shifting its focus to energy concerns.
Dragonfly operators hacked websites of at least three different companies providing ICS software. The first provided a product used to provide VPN access to programmable logic controller devices (PLC). The unnamed provider discovered the attack shortly after it was mounted, but by then there had already been 250 downloads of the trojanized software.
The second provider was a European manufacturer of specialist PLC devices. Symantec estimated that a compromised package containing a computer driver was available for download for at least six weeks last June and July. The last firm was also based in Europe and develops systems to manage wind turbines, biogas plants, and other energy infrastructure.
https://eshopworldluxde.zendesk.com/ says:
Thank you for sharing your thoughts. I truly appreciate your efforts and I will be waiting for your next
write ups thanks once again.
Tomi Engdahl says:
Overview of Best Practices for Security on RIO Systems
http://www.ni.com/white-paper/13069/en/?espuid=CNATL000007049693&cid=Direct_Marketing-ECM-Northern_Region-em80426
This is the central site for security on the RIO platform from which you can access best practices, associated reference designs, and more. This article will introduce key concepts that form the foundation of security considerations on RIO systems. The related links contain lower-level articles which illustrate the best practices which can be used to better secure RIO systems.
RIO systems (NI Single-Board RIO, NI CompactRIO, etc.) are often used in critical applications. While the application space for the RIO platform is expansive, security concerns with RIO systems can be more narrowly defined.
One key security concern is functional correctness, wherein the I/O of the RIO device is proper. This is a security concern because if functional correctness is compromised, the hardware that the RIO device is connected to can get damaged or malfunction. For example, failed products on an assembly line may pass if the I/O of the RIO device has been compromised, or alternatively, motors and centrifuges controlled by the RIO device may get permanently damaged if they are ramped improperly.
In addition to functional correctness, another key security concern is sensitive data protection. RIO devices often compute, carry, or transmit sensitive data. It’s important to ensure that this data is properly protected. Besides the data itself, valuable algorithms are often programmed onto RIO devices as well. Keeping these algorithms safe from theft is also crucial.
The three key security concerns, functional correctness, sensitive data protection, and algorithm protection are seldom considered independently on a RIO system. Often, a compromise in one of these areas leads to a compromise of another.
Security is a complex challenge regardless of the system.
Layers of Security
Security can be defined at a number of different levels in most systems. For a RIO system, security can be defined at the following key levels: physical, network, operating system, and application. It’s important to have some protection at each level, otherwise, a compromise in one layer can easily lead to a compromise in another.
A typical RIO system is comprised of a host pc and a RIO target, connected over a network
The best practices for security on RIO systems are organized into three groups: recommended, optional, and extreme.
Tomi Engdahl says:
Plant Networks Are Getting Smart about Security & Safety: Hackers are getting sneakier and more sophisticated, which means plant personnel need to be more aware and vigilant of what is going on around them.
Tomi Engdahl says:
What is Robust? What is Secure? Can We Have Both?
http://rtcmagazine.com/articles/view/103651
We are constantly concerned with security. It has become an entire sub-industry throughout the enterprise, the personal Internet and the embedded spheres. We see security strategies being implemented at the device/hardware level, among platforms with intrusion and detection strategies, with encryption/decryption approaches, and all manner of different efforts. And at the same time hackers ranging from nerdy teenagers in their bedrooms to buildings full of PhD computer scientists in government-funded cyber warfare centers of nations around the world, are working on breaching those efforts. The battle over security is a never-ending struggle, which means you can never really be sure of security.
And we also occasionally—and I believe this is the exception rather than the rule—hear about spectacular breaches such as the recent theft of vast amounts of credit card data from Target. More recently we were alerted to the Heartbleed security bug in OpenSSL
Can this rather discouraging situation be improved by also making robustness as big a concern as what we normally understand as security? What is robustness? Normally we think of it as akin to ruggedness—the ability to maintain operation in the face of harsh conditions, and the ability to sustain a certain amount of damage or compromise yet still maintain operation. Robust security would mean the ability to sustain some successful breaches while maintaining critical security and continuing operation. Robustness linked with security would mean not only different levels but also implementing strategic architectures that can detect and isolate breaches and restructure systems to protect vital functions and data. Admittedly, that is a tall order.
We enthusiastically tout the growth of the Internet of Things as heading for some 50 billion connected devices. Can anyone assure us that there are not paths from some seemingly innocuous network, such as a building management system, which might lead to a very vital system, such as the power grid, by means of some neglected links? Since everything is ultimately connected to the power grid, this means that there are millions of possible paths and that implementing security of the grid itself at all possible access points is utterly imperative. And then levels of security within the grid are needed to implement its own internal robustness.
The Catch-22 here is that we need the intelligence to make a 100-year-old technology more efficient and able to handle new sources of renewable energy.
Tomi Engdahl says:
Industrial Control System Firms In Dragonfly Attack Identified
http://it.slashdot.org/story/14/07/05/2320236/industrial-control-system-firms-in-dragonfly-attack-identified
Two of the three industrial control system (ICS) software companies that were victims of the so-called “Dragonfly” malware have been identified. … Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers.
The three firms, which serve customers in industry, including owners of critical infrastructure, were the subject of a warning from the Department of Homeland Security.
Tomi Engdahl says:
Industrial Control Vendors Identified In Dragonfly Attack
https://securityledger.com/2014/07/industrial-control-vendors-identified-in-dragonfly-attack/
Writing on Tuesday, Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers.
DHS said it is analyzing malware associated with the attacks. The malicious software, dubbed “Havex” was being spread by way of so-called “watering hole” attacks that involved compromises of vendors web sites.
According to F-Secure, the individuals behind the Havex malware family have been active in the last year, but began focusing on energy firms in early 2014. Specifically, the group began implanting its Trojan horse software on software downloads available from industrial control system software vendors.
eWon said the compromise of its website occurred in January, 2014.
The company says around 250 visitors to its site may have downloaded the malicious software. Since discovering the breach, it began bundling a malware aut0 removal tool with it website downloads, in addition to strengthening the security of its web site and implementing two-factor authentication for Talk2M users.
The second firm, MB Connect Line, did not respond to requests for comment from the Security Ledger.
Writing for DigitalBond, Peterson said both the named vendors were small and not generally known in the U.S.
Peterson and Digital Bond have been encouraging customers to sever any open connections to vendors that give them “anytime” remote access to their ICS devices.
Tomi Engdahl says:
Havex Hype & Unhelpful Mystery
http://www.digitalbond.com/blog/2014/07/02/havex-hype-unhelpful-mystery/
Why hasn’t ICS-CERT or some other CERT or the security vendors issuing bulletins announced publicly the three ICS vendors that were distributing malware with their ICS software and the energy sector websites redirecting to a malware delivering site?
It’s baffling. Perhaps the security vendors have a valid profit motive for keeping it secret, but the CERT’s are largely in place to aggregate and spread this information.
Next: The Hype
For these attacks to have a significant impact on the US or other countries’ energy sector the vendors distributing the software with malware would have to a good size client list in the sector. (And we would have to make the leap that asset owners actually update software)
A profile of the compromised vendors’ customers would help understand how widespread the impact is and perhaps what specific asset owner, sector or country is being targeted. So who are the compromised vendors?
Hype Summary
A few sentences out of longer articles from Symantec and F-Secure, mixed with some selected quotes from ICSsec pundits, and combined with an absence of information on what software and sites were compromised has led to the hype in the press.
he ICS Portion of the Attack
The Havex code itself is highly interesting for the ICS community because it is only the second publicly acknowledged occurrence of an attack using the insecure by design ICS protocols as part of the attack.
While OPC can be used for monitoring and control, it rarely is in critical infrastructure or any SCADA or DCS of any size for a variety of performance and historical reasons. Perhaps that will change with OPC UA in the future, but today you see it used primarily for passing data to and from systems from different manufacturers. For example, the OPC interface is used over 50% of the time to get data in and out of the very popular OSISoft PI Server even though OSIsoft has 100′s of interfaces.
Tomi Engdahl says:
DHS Mistakenly Releases 840 Pages of Critical Infrastructure Documents
http://news.slashdot.org/story/14/07/09/1427215/dhs-mistakenly-releases-840-pages-of-critical-infrastructure-documents
The Operation Aurora attack was publicized in 2010 and impacted Google and a number of other high-profile companies. However, DHS responded to the request by releasing more than 800 pages of documents related to the ‘Aurora’ experiment conducted several years ago at the Idaho National Laboratory, where researchers demonstrated a way to damage a generator via a cyber-attack.
Tomi Engdahl says:
FOI Request
Operation Aurora
https://www.muckrock.com/foi/united-states-of-america-10/operation-aurora-11765/#1212530-14f00304-documents
Tomi Engdahl says:
Wired vs. wireless for utility networks?
http://www.cablinginstall.com/articles/2014/07/wired-vs-wireless-utility-networks.html
Could physical cabling could be left out in the cold in favor of wireless technology usage in the growing market for utility network communications?
Wired vs. Wireless Technologies for Communication Networks in Utility Markets
Many utility industry operators are looking for new ways to maximize their investment in communication networks while ensuring reliable, secure data transmission. There is a variety of communications solutions, the two most common being wireless technology and wired options-such as copper and fiber-optic cable. While both have a place in utility market applications, such as distribution automation, we are beginning to see an increase in the use of wireless technology.
Communication networks are not one-size-fits-all
Tomi Engdahl says:
Programming PLCs: Keep the documentation clear and simple
http://www.controleng.com/single-article/programming-plcs-keep-the-documentation-clear-and-simple/4d626f1e2ed6d7de25dbfa0bc3d6525d.html?OCVALIDATE&ocid=101781
Poor programmable logic controller documentation and housekeeping can lead to unnecessary troubleshooting and downtime. Keep it simple in order to avoid the possible risks and confusion.
Tomi Engdahl says:
Interview with Prasanth Gopalakrishnan, CEO, Kalki Communication Technologies
http://www.kalkitech.com/news_releases/July14_Newsletter/page3.html
The global utility data analytics market is growing. What are the key drivers for utilities to adopt data analytics?
Utilities conventionally had different systems, breakdown systems and business systems. When we are going to Smart Grid, the amount of data the utilities are collecting has increased many fold and utilities are finding it very difficult to figure out what to do with this data. At the same time all this data, if actively looked at, contains a lot of information that if utilized properly can really benefit utilities to improve quality of service, improve customer satisfaction as well as improve their bottom line and asset lifecycle. So that’s the key driver for utilities to first to figure out probably where to use this data and second really use the data – that will improve their business.
Utilities can look at multiple areas but it all depends on individual utilities and what their priorities are.
What are the key challenges faced by utilities in adopting analytics?
Varies from utilities to utilities, depends on their advancement in terms of adoption of Smart Grid and technology per say.
Tomi Engdahl says:
NIST wants better SCADA security
Preparing the way for a test lab
http://www.theregister.co.uk/2014/08/12/nist_wants_better_scada_security/
America’s National Institute of Standards and Technology (NIST) wants to take a hand in addressing the SCADA industry’s chronic insecurity, by building a test bed for industrial control systems.
The Reconfigurable Industrial Control Systems Cybersecurity Testbed is only in its earliest stages.
“The goal of this system is to measure the performance of industrial control systems when instrumented with cyber-security protections in accordance with best practices prescribed by national and international standards and guidelines,” the RFI states.
Industrial automation a big driver of Internet of Things spending, running well ahead of their security.
As SCADA (supervisory control and data acquisition) systems have hit the Internet, their poor security has become clear. Everything from traffic management systems to power stations and airports, to pretty much everything (for a given definition of “everything”) is up for grabs, with the famous Shodan search engine lending a helping hand to find vulnerable systems.
Tomi Engdahl says:
Need a green traffic light all the way home? Easy with insecure street signals, say researchers
No crypto, default passwords, FTP servers? It’s 1998 again
http://www.theregister.co.uk/2014/08/20/sick_of_slow_commuting_americas_traffic_lights_are_easily_hackable/
In a paper [PDF] delivered to the USENIX Security 2014 conference this week, a team led by University of Michigan computer scientist Alex Halderman has found that traffic signals and their controllers can be hijacked in minutes.
Halderman and co claim this is possible from half a mile away with nothing more than a laptop and some radio broadcast equipment, since the electronics behind the lights communicate using almost no security checks.
To make matters worse, when the team approached the maker of the vulnerable traffic systems equipment, the academics were brushed off. The unnamed manufacturer apparently told the researchers that it “followed the accepted industry standard and it is that standard which does not include security,” and thus plans no changes.
All the lights have a safety subsystem called a malfunction management unit (MMU). This has all the allowable light sequences hardwired into its circuit board, and the allowable timings for each state. If the unit receives a duff command to enter an unsafe state, the electronics fall back to blinking the red lamp until manually reset.
The traffic light network uses a mix of industry-standard radios using 5.8GHz and 900Mhz to communicate wirelessly.
The wireless packets exchanged between the stations are unencrypted
The group also found they could open an FTP connection to the controller server and access it the old-fashioned way by using the default username and password. These credentials have been helpfully published online by the manufacturer.
Once inside the FTP site, the researchers found they could access configuration files to reset the timing systems on light changes
Tomi Engdahl says:
Doomsday scenarios to keep you up at night: Mikko Hypponen talks cyberthreats
http://venturebeat.com/2014/08/13/why-pulp-is-bigger-than-nokia-and-other-doomsday-scenarios-by-mikko-hypponen-interview/
Hypponen: The biggest hits will not be coming from criminal attackers. The criminal hackers aren’t interested in causing massive chaos because they make no money out of chaos. They like to lay low, keep their attacks profitable but invisible. Or as invisible as possible. So we don’t expect any major catastrophes from those. So who else do we have? We have hacktivists, and they do some pretty high-profile and destructive attacks against their targets. But they’re not targeting everybody. They pick their targets fairly carefully. Some organization makes them mad, and they’ll target them. But that’s unlikely to cause major chaos like you describe. So we’re left with the last group, which is governmental activity. But that won’t happen on its own. It would have to be part of some larger, real-world crisis.
VentureBeat: Mikko, give me a hardcore cyber nightmare scenario.
But the worst-case scenarios are typically so bad that we don’t really want to talk about them in public because that would just be giving ideas to the other side. There’s tons of things that could go horribly wrong. The obvious examples are in ICS vectoring controls. They’ve been a major cause of worry since Stuxnet. But Stuxnet really brought it home. The goddamn elevators in this building are being controlled by a box of this size (holds out his hands to mimic a shoe box) and runs 32-bit Linux, which is programmable.
Tomi Engdahl says:
RealVNC distances itself from factories, power plants, PCs hooked up to password-less VNC
Some 30,000 machines found with front doors wide open
http://www.theregister.co.uk/2014/08/21/vnc_security_flap/
A scan of the public internet by security researchers has seemingly revealed thousands upon thousands of computers fully accessible via VNC – with no password required.
Worryingly, the unsecured systems – from PCs and shopping tills to terminals controlling factories and heating systems – are at the mercy of any passing miscreant on the ‘net; the internet equivalent of leaving a front door unlocked.
Based on the openly defined Remote Frame Buffer protocol, VNC is a widely used system for accessing desktops over a network, very much like Microsoft’s RDP.
Roughly 30,000 computers have been found connected directly to the internet without a valid password required to gain access.
Their software worked, we’re told, by scanning a public IP address for open VNC ports, connecting to an unprotected desktop if available, screenshotting it
For anyone wondering about the legality of the research, Tentler insisted: “It isn’t [illegal]. Yahoo, Google, Microsoft, Websense, every antivirus vendor in the world, and Shodan – they all do similar scans.”
As well as home computers, the trio found all sorts of things from “a caviar plant, to Japanese, Italian, Latvian and Ukranian power stations, to a donut manufacturing plant.”
Tomi Engdahl says:
It’s Easy To Hack Traffic Lights
http://tech.slashdot.org/story/14/08/22/1241211/its-easy-to-hack-traffic-lights
As is typical in large urban areas, the traffic lights in the subject city are networked in a tree-type topology, allowing them to pass information to and receive instruction from a central management point. The network is IP-based
The 5.GHz network has no password and uses no encryption; with a proper radio in hand, joining is trivial
Tomi Engdahl says:
Securing the U.S. Electrical Grid
http://www.thepresidency.org/publications/securing-us-electrical-grid
With the support of the Smith Richardson Foundation, CSPC launched a yearlong project in July of 2013 to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid from the threats of cyberattack, physical attack, electromagnetic pulse, and inclement weather. Focused on the legislative and regulatory dynamics surrounding these issues
Tomi Engdahl says:
PC-Based Automation Systems Empower the All IP-based Factory
http://intelligentsystemssource.com/pc-based-automation-systems-empower-the-all-ip-based-factory/
With the advent of Industry 4.0 – the push to drive a fourth industrial revolution based on the intelligent factory – PC-based automation systems are a critical piece for enabling all IPbased Factory-of-Things. However, building PCbased automation systems requires computers with high reliability, as well as communication and computing capabilities specifically designed for factory automation applications.
Tomi Engdahl says:
IFA 3610
Industrial Firewall, 5-port VPN Router with Wide Temperature Range
http://www.nexcom.com/Products/network-and-communication-solutions/industrial-firewall-solution/industrial-firewall-solution/network-communication-ifa-3610-2
Main Feature
Stateful packet firewall
Intrusion prevention
SSL VPN secure connection
DI/DO support
Centralized management
Wide temperature range, up to 70°C (158°F)
The Henge™ industrial firewall series is a fully integrated industrial multi-port firewall router with VPN function. The fully equipped, broadband-capable firewall router offers a stateful packet inspection firewall, denial-of-service(DoS)/distributed denial-of-service(DDoS) protection and intrusion prevention, portscan detection, and real-time alerts. It gives additional protection for machinery and equipment installed on the secure side of the firewall. Equipped with SSL VPN functions, the Henge™ industrial firewall provides a remote access infrastructure to secure connections, and helps machine builder/system integrator to design easily maintained systems.
Tomi Engdahl says:
Accurate clock is important for many control systems:
YLE: Computer at fault, at the traffic lights messed up in Helsinki Finland
YLE news indicate that the Helsinki city center traffic lights did not work on Friday morning. Some of the lights behaved like at night so it was completely dark. At least part of the flashing yellow, which is in terms of driving traffic to have been useful.
Traffic Centre told YLE that the cause of the problems was the computer’s clock to the technical fault.
Source: http://www.tivi.fi/kaikki_uutiset/yle+tietokoneessa+kellovika+helsingin+liikennevalot+sekaisin/a1011124
Tomi Engdahl says:
Good documentation is needed when you plan to build safe systems:
How to write a good process operation description document
http://www.controleng.com/single-article/how-to-write-a-good-process-operation-description-document/4de73dbb7ffaaa54e4a65e109d46c8a1.html
Back to Basics: Describe your process to preserve the process engineer knowledge for the future. To program the process controller, programmable logic controller (PLC), or distributed control system (DCS), follow these steps and methodology, starting with understanding the requirements and documenting in a requirements document, also called a BPO, CFE, an FS, or URS.
Online, see five tables and detailed examples.
Tomi Engdahl says:
Fundamentals of cascade control
http://www.controleng.com/single-article/fundamentals-of-cascade-control/0f8d4d2f839e97f2056b46f6dcf0827d.html
Sometimes two controllers can do a better job of keeping one process variable where you want it.
When multiple sensors are available for measuring conditions in a controlled process, a cascade control system can often perform better than a traditional single-measurement controller.
Naturally, a cascade control system can’t solve every feedback control problem, but it can prove advantageous if under the right circumstances
Cascade control can also have its drawbacks. Most notably, the extra sensor and controller tend to increase the overall equipment costs. Cascade control systems are also more complex than single-measurement controllers, requiring twice as much tuning. Then again, the tuning procedure is fairly straightforward: tune the secondary controller first, then the primary controller using the same tuning tools applicable to single-measurement controllers.
Tomi Engdahl says:
Future of the PLC
http://www.controleng.com/single-article/future-of-the-plc/aa0f9ccf9eca89f8ece02040696d225a.html
If you use PLCs or are thinking of doing so, you may consider them to be a mature technology with little room for improvement as they’ve been around for nearly 50 years. But like their close counterparts in the world of consumer electronics, significant improvements continue with no end in sight, promising faster, smaller, and lower cost solutions.
PLCs are evolving and continue to be the best option for a variety of industrial automation applications. Greater programming flexibility and ease, scalability, more memory, smaller sizes, very high-speed (Gigabit) Ethernet, and built-in wireless are among evolving programmable logic controller features.
From the beginning, when the PLC was typically replacing scores if not hundreds of relays and timers, there’s been a push to decrease automation system size and to simplify support and maintenance. Over the years the relay panels have been replaced with smaller rack-based PLCs, or smaller yet PLCs with remote I/O. In terms of software, ladder logic programming initially mimicked automation systems based on relays and timers, and continues to be the most widely used PLC programming language. But other options have emerged—specifically, the IEC 61131-3 suite of PLC programming options.
In the future, PLCs will continue to evolve while adapting technology improvements in hardware, communications, and software. Part of the evolution will include merging of PLC and programmable automation controller (PAC) functionality, along with advancements to span communications from the plant floor to the top floor.
Today’s processors, circuit boards, and components are shrinking throughout the electronics industry. These technology improvements are slowly making it to the PLC, although the need for stability, reliability, and ruggedness slows acceptance. Current enhancements include faster processors for improved cycle time, added memory capacity, and new communication features.
PLCs are also taking advantage of dramatic declines in solid-state memory costs and size. This permits greatly increased local data storage, allowing the use of a PLC in many applications formerly requiring expensive data acquisition systems. It also opens the door to other features, such as the on-board storage of product information, which can expedite troubleshooting.
Today’s PLCs are already benefiting from USB technology, making it easier than ever before to get online, program, and monitor your control system. This technology is continuing to evolve
PLC and PAC Merge
Many industrial controller suppliers tout the differences between PLCs and PACs, but future automation engineers may not care about the nomenclature, focusing instead on performance and the available features when specifying their systems. Just as the definition and features of each have changed over the years, PLCs and PACs will continue to merge as they each evolve.
During this evolution, there will be plenty of room in the market for low- and high-end processors.
Ladder logic: Never say good-bye
Fifty years ago, hardwired relay logic was replaced with ladder diagram. This language kept things simple for technicians and engineers who had grown up with relay logic, but it had some limitations, particularly in terms of process control and data handling.
The IEC 61131-3 standard introduced other programming languages for industrial controllers, but ladder diagram responded with advancements of its own and has shown surprising staying power.
While ladder logic is the anchor of machine control simplicity, function block programming techniques can reduce the amount of code, particularly as PLC coding merges into one programming environment.
Tomi Engdahl says:
Inside the competition for the first PLC
http://www.controleng.com/single-article/inside-the-competition-for-the-first-plc/19a15e18e8ce571e77e19765b5b2c5b2.html
The race to develop the first programmable logic controllers was underway inside General Motors’ Hydra-Matic Transmission Division in Ypsilanti, Michigan, in 1970. Three finalists had very different architectures.
In 1970, a fierce contest was being waged inside General Motors’ Hydra-Matic Transmission Division in Ypsilanti, Michigan. At stake was program ownership of what would become the first programmable logic controllers (PLCs), and the outcome would shape not only the design of the first PLCs, but also the success or failure of their advocates.
In April and May of 1968, work was done on a request for proposal that is remarkably simple by today’s standards. The RFP, issued in June 1968, included only four pages of design specifications, including a requirement that “memory word length shall be at least eight bits.”
Emmett and the Circuitry Group advocated strongly for the Modicon 084.
As an added bonus for Modicon, the 084 was the only controller built into a hardened package, providing plant floor protection that the other two options did not.
Tomi Engdahl says:
In industrial settings, two-way radios still a smart choice
http://www.controleng.com/single-article/in-industrial-settings-two-way-radios-still-a-smart-choice/e69f11074c25f77c4e619067512dfa84.html
Consumer technology versus digital radios. Which one makes the most sense for manufacturing and industrial communications? Interestingly, Motorola Solutions’ recent survey of the state of plant communications reveals that two-way radios and cell phones remain in a dead heat as the primary means of communications in plants nationwide. Yet critical differences between the two are worth careful consideration before making technology investments.
As failure rates for smartphones exceed 20%, failure rates for rugged devices, such as two-way radios, continue to plummet.
They are designed to handle shocks, slips, vibration, and drops, and operate for the entire shift on a single charge. In contrast, consumer technology is designed to meet mass demand, and will never provide the security features or durability to stand up to the rigors of continuous use. And shoehorning those into your operation will end up costing you more money in the long run-up to 51% more.
Seems pretty straightforward, but in an enterprise or industrial setting, it’s anything but. Private voice technology has enjoyed many advancements over the last decade
Digital two-way radios are designed to be fully customizable providing you control over what your workers can access or, more importantly, cannot access in order to keep focused on the job. In addition, supervisory control features in digital radio systems ensure that critical messages will be heard, even when workers are busy on noncritical calls.
Enterprise digital radios are built tough. They are rugged, durable, and designed to work reliably in the toughest environments.
Smartphone technology is cool, but one drop on a concrete floor and business critical work would come to a complete stop. Enterprise-class devices are built to last longer, don’t break as often, and are easier to repair.
Tomi Engdahl says:
Fiber-optic serial data links for utility substations
http://www.cablinginstall.com/articles/2014/09/comnet-rlfdx.html
ComNet recently introduced the RLFDX series of substation-related, fiber-optic RS-232, RS-422, RS-485 2/4 wire, and TTL Logic Data Link/Repeater. These introductions expand the company’s Reliance product line. The company said the products “are used in electric-utility substations and switchyards, manufacturing plants, roadside/trackside equipment installations and other severe-duty conditions.” The product series’ primary benefit is to extend transmission distances using optics; the products can transmit serial data up to 30 kilometers. A secondary benefit is their high level of electrical isolation, ComNet explained, as well as enhanced reliability and protection for peripheral equipment.
“There is still a very strong demand for serial data over optical fiber in the power-transmission and utility market,”
Tomi Engdahl says:
For Control Systems, Put the Focus on Innovation, Not Integration
http://rtcmagazine.com/articles/view/103691
Rather than try to create control systems by integrating disparate parts, which then must be configured, tested and separately programmed, engineers would do better to start with an integrated high-performance platform and then concentrate on creating innovative solutions in software.
Tomi Engdahl says:
Where’s My Data? Internet File System for the Nucleus RTOS
http://www.mentor.com/embedded-software/blog/post/where-s-my-data-internet-file-system-for-the-nucleus-rtos-3a3211fc-36a1-4c7e-aa42-df535e8dff8a?contactid=1&PC=L&c=2014_09_24_embedded_technical_news
Customers building applications for consumer products, medical devices, industrial automation, mil/aero, smart devices and so on have common concerns around managing data. Many developers turn to the Common Internet File System (CIFS) protocol that lets programs make requests for files and services on remote computers on the Internet. Since CIFS uses the client/server programming model, the client program can make requests of a server program (usually in another computer) for access to a file or to pass a message to a program that runs in the server computer. The server takes the requested action and returns a response.
Sounds like a great feature, right? What about implementing CIFS in embedded devices?
CIFS NQ™ enabled devices can perform full client, server, and client/server file sharing functions in a Microsoft Windows networking environment. This capability is important because multiple devices can safely and remotely browse each other’s shared folders including the ability to read, write, edit, copy, delete and update each other’s files without the need to transfer files to/from the device’s local disk or memory.
There are many embedded devices that make use of CIFS NQ
Tomi Engdahl says:
Design Library > Data Concentrator Reference Design
http://www.eeweb.com/design-library/data-concentrator-reference-design/
Data Concentrator Reference Design
Open Reference Design
Buy TI Solution
Download Schematic
TIDesigns
Features
AM335x ARM Cortex-A8 processor-based design reduces development time by up to nine months
Integrated communication interfaces include two Ethernet (MAC) ports, USB and up to eight UARTs for easy connectivity to other systems on the smart grid
Multiple PLC stacks for MAC and PHY layers let developers create designs that support PLC-Lite™, PRIME, G3, IEEE-P1901.2
IPv4, IPv6 and 6LoWPAN protocols allow developers to connect their data concentrator products to a wide range of home and building automation applications
Orderable production ready end-equipment which includes schematics, BOM, user guides, application notes, white paper, software, demos and more
Tomi Engdahl says:
Design Library > EtherCAT Communications Development Platform
http://www.eeweb.com/design-library/ethercat-communications-development-platform/
EtherCAT conformance tested by EtherCAT Technology Group (ETG)
Free EtherCAT Slave Stack Code (SSC) from Beckhoff available; requires ETG membership (free of charge) and valid EtherCAT Vendor ID.
Free board support package and industrial software development kit from TI
Support other industrial communications with the same hardware (e.g., PROFIBUS, Profinet, Ethernet/IP and more)
Production Ready development platform sub-system which includes schematics, BOM, user guides, application notes, white paper, software, demos and more
cmwn.co.uk says:
After looking over a number of the articles on your web page, I truly like your
technique of blogging. I bookmarked it to
my bookmark webpage list and will be checking back in the near future.
Please check out my website as well and tell me how you feel.
watch Us netflix in canada says:
You ought to be a part of a contest for one of
the best blogs on the web. I will highly recommend this blog!
Tomi Engdahl says:
EtherCAT Communications Development Platform
http://www.eeweb.com/project/design_library/ethercat-communications-development-platform
Tomi Engdahl says:
Connected Ethernet, USB, and LCD Reference Design
http://www.eeweb.com/project/design_library/connected-ethernet-usb-and-lcd-reference-design
This TI Design will demonstrate several ethernet- and LCD-enabled applications such as remote sensor monitoring, ethernet configuration via web-based and LCD dashboards and aware applications that interface with weather websites.
Tomi Engdahl says:
Slideshow: Maxim Integrates IoT
http://www.eetimes.com/document.asp?doc_id=1324250&
Maxim Integrated aimed to live up to its name at its annual demo day showing more than a dozen reference designs and chips, many geared for use in industrial or consumer Internet of Things applications.
Tomi Engdahl says:
Preparing PLC designs for the “Industry 4.0” future
http://www.edn-europe.com/en/preparing-plc-designs-for-the-industry-4.0-future.html?cmp_id=7&news_id=10004986&vID=44#.VD9tSBZsUik
Maxim Integrated has published a white paper which asserts, “We need to talk about the analogue aspects of your design,” – especially as it relates to programmable logic controllers (PLCs). To meet the ambitions of the “Internet of Things”, and “Industry 4.0”, designs need to physically shrink to enable sensing-everywhere and control-everywhere.
However, argues the Maxim paper, reality is not matching up to these goals; there is an “integration divide”. The company says its researches indicate that 30% of systems designers say their next design will be smaller; 50% of engineers say they look to digital circuitry to achieve space savings; however, 85% of PLC module board space is consumed by analogue circuitry and discrete devices.
“In today’s highly competitive global economy, small improvements in manufacturing processes can yield huge competitive advantages. This mindset is driving fundamental transformations across the factory floor.”
Manufacturers are deploying the latest sensor technologies, adopting new control architectures, and starting to discover the potential of “big data” and analytics. Often called Industry 4.0, what’s happening in manufacturing is nothing short of a revolution.
For equipment OEMs, this represents a massive opportunity. The number of sensors used to track environmental and process variables continues to increase. This is accelerating the transition to a distributed control architecture, as plant operators seek to reduce bottlenecks and shorten control loops by moving PLCs closer to the processes they control.
This poses a considerable challenge for PLC engineers. To win in this market, system designers will need to pack more I/O and more functionality into enclosures that keep getting smaller.
Tomi Engdahl says:
Machine Safety: What is your safety elevator pitch?
http://www.controleng.com/single-article/machine-safety-what-is-your-safety-elevator-pitch/1c66aca0e0d9f19bf5ee47d5562c7292.html
In less than 30 seconds, can you tell me why I should care about your plans for exceeding industrial safety compliance? Are business benefits part of your answer?
In less than 30 seconds, tell me why I should care about your plans for exceeding industrial safety compliance! (Hint: The answer should include business benefits and extend beyond just you.)
Can this be stated in an elevator speech?
You bet! Try talking from your heart about why it’s personally important to you. Don’t just talk about facts or figures like accident rates, lost time work days, near misses or the average costs for injuries. We all have stories we can tell about many subjects. Tell a short story about why safety is important in your life and how safety has affected you, personally. Yes, also talk a little about the business situation and benefits. However, your listeners will mostly remember why you care.
Tomi Engdahl says:
Machine Safety: Safety and security combined
http://www.controleng.com/single-article/machine-safety-safety-and-security-combined/3543982284450fb42c1e58f70d726e7a.html
Some recent reports, cyber attacks have grown by 600% since 2010 costing industry around $400 billion a year impacting productivity, machine uptime and profitability. Machine safety automation also addresses productivity, uptime and profitability. Perhaps “safety” and “security” efforts should combine.
Belden: Protect against yourself
http://www.controleng.com/single-article/belden-protect-against-yourself/67c8d4bd25bb7efca7a9bd5f53d477c4.html
If a manufacturer can protect itself against an inside attack, then that line of defense should be strong enough to withstand a chunk of outside attacks.
“I will ask what are the top threats: Terrorists, hacktivists or control engineers?”
“The control engineer is the greatest risk against the system,” Langill said. “The threat should not be running around with administrative privileges.”
The concept of protecting against the inside attack is a little bit different because what grabs the most headlines are the outside attacks like Stuxnet or the more recent Havex/Dragonfly. What most companies rely upon is short term or reactionary defense compared to a thought out comprehensive security program. “Security right now is about short term tactical measures like patch management or installing antivirus,” Langill said. “Security has to get to thinking about strategic controls or long term planning.” One example he talked about along those lines is patch management.
“I am not a big supporter of patch management. There are other things that can help solve the issues,”
Stuxnet was bad, but Havex is far, far worse,” he said. “Havex, or Dragonfly, is a lot more damaging for more people. In both cases basic security controls people are putting in today, the attacks would not be stopped. The problem is people are thinking tactically, but not strategically.”
Stuxnet was an attack created by the U.S. and Israel that sought to damage an uranium enrichment facility in Natanz, Iran, according to an ISSSource report.
Havex/Dragonfly is malware that targeted the pharmaceutical sector, not the energy sector as previously believed, according to a white paper written by Langill for Belden.
The moral of the story is you can protect your company against inside and outside attacks, but if you have a target painted on your back, you better have a series of layers that can help slow down any kind on onslaught. “No matter what, a targeted attack will be successful,” Langill said. “What we have learned over the years is, if someone has a specific target, they will get in. If you are targeted, you will be compromised.”
After an attack, it is just a matter of what kind of security program a user has and how vigilant they remain. While that may sound daunting and kind of scary, in today’s environment users need to look at and focus on creating a security program. Fear and uncertainty should not stop people from moving into a stronger security posture. “When you talk about security, people start to get that glazed over look in their eyes,” he said. “The reality of cyber security is we are constrained with time and money.”
The end results, though, are when a security program ends up implemented, uptime and productivity can increase. “If you design a system to protect your system against the inside engineer,” Langill said, “you will protect yourself against most all attacks.”
Tomi Engdahl says:
Upgrading your legacy control system
http://www.controleng.com/single-article/upgrading-your-legacy-control-system/7fd791333ae20bad56a842781af40b1e.html
There is no “one size fit all” formula for legacy migration of control systems, but assessing the available information along with some common sense can go a long way in putting together a fundamentally sound project.
“We need to upgrade!”
Terrific — you’ve needed a new phone… oh… nope, that was your boss telling you that you needed to upgrade an obsolete legacy control system. Dang, that’s much less fun.
Now what do you do? There is no “one size fit all” formula for legacy migration of control systems. The upgrade options are as abundant as the unmarked wires in the panel — and solutions can be a bigger mystery than the origin of these wires!
While there is no magic formula, sound engineering principles, plus some basic common sense, can go a long way to set you up for the next big promotion instead of a LinkedIn job search.
Here are a few steps to consider…
You then need to assess your current information:
Do you have the PLC program or is it an OEM system that is proprietary with no back-up copy?
Do you have Autocad drawings, up to date wiring diagrams, operator manuals, training manuals, or any document that identifies the system architecture?
In what condition are the computers and panels?
Are the wire labels well marked and legible? What is the operating system?
Is there a demarcation point, such as a separate termination block, where the field wiring is landed?
What is the business case for the upgrade? Is there cost justification?
Investigate your legacy migration plan options from your existing vendor.
If you are not going to be able to do the work in-house, then you should try to find a partner to help. Consider an integrator that has experience and is certified on the DCS, PLC, or SCADA platform you plan to use.
Develop a system migration plan. This can be from a simple narrative all the way to an entire functional design specification.
A good migration plan should include the following:
Review of information obtained
Business case for migration
Program conversion strategy
Detailed hardware conversion strategy
Acceptance test plan document
Site installation
Project schedule
Downtime requirements.
The largest time consumer is the system and wiring demo and installation. A normal human, no matter how talented, has a limit on how fast they can disconnect and re-wire a terminal.
Set your goals, review your migration plan, get your POs, and get to work. A good acceptance test is critical and will save time on-site. Often, the program can be tested off-site through simulation to help find issues prior to final checkout.
Tomi Engdahl says:
Data-enabling safety relays add value to simple machines
http://www.controleng.com/single-article/data-enabling-safety-relays-add-value-to-simple-machines/9aba6c7485d091d0a54bb41052f63b2f.html
Inside Machines: Safety relay advances help machine builders cost-effectively meet customers’ compliance goals while addressing needs for a connected enterprise.
Machine builders asked to meet customers’ requirements for safety compliancy and provide access to production information in one safety component have had very few cost-effective options; depending on the application, an advanced safety relay may meet those needs. Sophisticated integrated-safety controllers can manage safety functions and seamlessly share information enterprise-wide, but they are cost-prohibitive for simple safety functions. Cost-effective safety relays and simple controls manage safety functions but do not share production and diagnostic information.
With the growth of—and priorities around—networked connectivity, the automation industry has responded to machine builders’ needs. Machine builders of simple machines now can gain diagnostics and network safety functions without implementing overly sophisticated safety systems. They can keep safety functions and standard control separate, but use one network to share data for one system view.
For example, a configurable safety relay can communicate via Ethernet with an EtherNet/IP network interface designed for safety applications. The safety relay, configured with software from the same vendor, can serve as the standard control.
Tomi Engdahl says:
Industrial cyber security: An idea whose time has come?
http://www.controleng.com/single-article/industrial-cyber-security-an-idea-whose-time-has-come/a76d341f6ac25b4eb9b2fce845c26f3f.html
IHS believes there will be a shakeout in the market for industrial cyber security. Although the market will attract some new entrants, this will be largely offset by companies choosing to exit the business and by acquisition-driven consolidation.
The market for industrial cyber security products remains extremely immature, with currently more than160 vendors offering a wide variety of hardware, software and services. In contrast to other parts industrial automation markets, no one vendor dominates; and those with the highest market share typically specialize in a particular region, industry sector or technology. IHS believes there will be a shakeout — although the market will attract some new entrants, this will be largely offset by companies choosing to exit the business and by acquisition-driven consolidation.
Control systems already in use will sustain the market for “on-top” industrial cyber security hardware, software and services (control system upgrades are expensive and must be kept in place for many years to show a return on the investment); many of these systems are inherently insecure. A quiet revolution is already occurring in an industry more used to incremental improvement. Vendors of control systems have united around IEC 62443 (the international version of ISA-99) which, when finalized, will describe how to secure control system assets throughout the lifecycle of those assets (including development). Whereas security was an afterthought in earlier generations of control systems, asset owners have pushed suppliers to restructure products to include security features to provide some inherent levels of protection. Only parts of the IEC 62443 standard have so far been released; but once the standard and certification services are available, all tier 1 vendors are expected soon to offer an IEC 62443 product.
Overall, IHS projects a good but not spectacular growth rate for industrial cyber security hardware, software and service revenues, with an annual average growth rate of 12% from 2013 to 2019. The market will be sustained by the high number of legacy assets which require securing. Over a much longer 10-15 year time frame, the demand for on-top cyber security hardware, software, and services is likely to decrease, as fewer compensating controls will be required to secure control systems that are secure by design.
Tomi Engdahl says:
NIST Smart Grid framework 3.0 aims for interoperability, updates cybersecurity
http://www.controleng.com/single-article/nist-smart-grid-framework-30-aims-for-interoperability-updates-cybersecurity/ae648acfcbbf8ccbffadb7e40ddb41e1.html
NIST’s 3.0 framework update aims to transform the aging U.S. electric power system into an interoperable Smart Grid—a network that will integrate information and communication technologies.
The National Institute of Standards and Technology (NIST) has published its NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0, a document that reflects advances in Smart Grid technologies and developments from NIST’s collaborative work with industry stakeholders. Revisions to its guidelines for Smart Grid cybersecurity are available as well.
NIST Guidelines for Smart Grid Cybersecurity
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=916068
Tomi Engdahl says:
Internet-Exposed Energy Control Systems Abound
http://spectrum.ieee.org/energywise/energy/the-smarter-grid/thousands-of-control-systems-connected-to-the-internet
Infracritical remotely identified over 2.2 million unique IP addresses linked to industrial control systems at energy-related sites including electrical substations, wind farms, and water purification plants. And they were still logging an average of 2,000-3,000 new addresses per day when they closed the count in January 2014.
It has long been known that many infrastructure control systems are connected to the Internet.
they relied on a publicly-accessible search engine called Shodan that sniffs out and catalogues Internet-connected devices. Infracritical’s project SHINE (for SHodan INtelligence Extraction) built search queries for Shodan using the names of 182 SCADA suppliers and their leading products.
RUGGEDTRAX project provides a honey-pot for hackers
“In less than two hours the honeypot was subjected to an attack. By day three, they’d counted more than 4,000 attacks”
Tomi Engdahl says:
POWERLINK – One network for all systems
https://www.youtube.com/watch?v=pbxDdnnHAyY&list=PL_prqCg0ThYf7mXZz4oEsQdj4lNvZrSZx&index=5
POWERLINK, the deterministic real-time protocol for standard Ethernet is presented at PACK EXPO. This open source Ethernet protocol can address both data and control needs on a single wire, while reducing design costs, minimizing system jitter, and achieving maximum system performance.
Ethernet Powerlink
http://www.ethernet-powerlink.org/
POWERLINK = CANopen over Ethernet
CANopen is one of the most widely used application protocols today. Key benefits of this protocol include standardized device description files that make status information, parameter configurations, device characteristics and other relevant data available in transparent form on the network. A major decision made by the Ethernet POWERLINK Standardization Group (EPSG) was to define the protocol’s application layer as a carrier of all CANopen mechanisms. CAN in Automation (CiA), the international association of CAN users and manufacturers, was significantly involved in this development.
POWERLINK uses the same device description files as CANopen as well as the same object dictionaries and communication mechanisms, including process data objects (PDOs), service data objects (SDOs) and network management (NMT). As with CANopen, direct cross-traffic is also one of the essential features of POWERLINK. All CANopen applications and device profiles can be directly implemented in POWERLINK environments as well – the applications will not see a difference between the two protocols. For this reason, POWERLINK can also be referred to as “CANopen over Ethernet”.
Unlike other real-time industrial Ethernet systems, POWERLINK is a completely software-based solution that is 100% compliant with the IEEE 802.3 Ethernet standard.
100 % open technology
The EPSG does not charge any licensing fees to use this technology. POWERLINK is an open technology, which always gives customers the choice among various POWERLINK manufacturers and service providers (see “Technology providers” section) and ensures an optimal price/performance ratio for every application.
openPOWERLINK is a complete protocol solution for masters and slaves. Programmed in ANSI C, this implementation can be easily ported to any target system. openPOWERLINK has been released on the SourceForge code repository under the BSD license, which grants permission for anyone to use, distribute, modify and enhance the software free of charge. It is also possible for developers to integrate the software into retail products and source code for custom modifications without disclosure. Detailed instructions for setting up a system and getting it up and running are available at http://www.sourceforge.net/projects/openpowerlink
Tomi Engdahl says:
Ethernet Powerlink
http://en.wikipedia.org/wiki/Ethernet_Powerlink
Ethernet Powerlink is a deterministic real-time protocol for standard Ethernet. It is an open protocol managed by the Ethernet POWERLINK Standardization Group (EPSG). It was introduced by Austrian automation company B&R in 2001.
This protocol has nothing to do with power distribution via Ethernet cabling or power over Ethernet (PoE), power line communication or Bang & Olufsens PowerLink cable.
Ethernet Powerlink expands Ethernet with a mixed polling and timeslicing mechanism. This provides:
Guaranteed transfer of time-critical data in very short isochronic cycles with configurable response time
Time-synchronisation of all nodes in the network with very high precision of sub-microseconds
Transmission of less timecritical data in a reserved asynchronous channel
Modern implementations reach cycle-times of under 200 µs and a time-precision (jitter) of less than 1 µs.
Powerlink was standardized by the Ethernet Powerlink Standardization Group (EPSG) and founded in June 2003 as an independent association.
The original physical layer specified was 100BASE-TX Fast Ethernet.
Repeating hubs instead of switches within the Real-time domain is recommended to minimise delay and jitter.
Since the end of 2006, Ethernet Powerlink with Gigabit Ethernet supported
The standard Ethernet Data Link Layer is extended by an additional bus scheduling mechanism which secures that at a time only one node is accessing the network. The schedule is divided into an isochronous phase and an asynchronous phase.
OpenSAFETY allows both publish/subscriber and client/server communication. Safety relevant data is transmitted via an embedded data frame inside of standard communication messages. Measures to avoid any undetected failures due to systematic or stochastic errors are an integral part of the security protocol. OpenSAFETY is in conformance with IEC 61508. The protocol fulfills the requirements of SIL 3. Error detection techniques have no impact on existing transport layers.
http://en.wikipedia.org/wiki/OpenSafety
Tomi Engdahl says:
Attack campaign infects industrial control systems with BlackEnergy malware
http://www.pcworld.com/article/2840612/attack-campaign-infects-industrial-control-systems-with-blackenergy-malware.html
Since 2011 a group of attackers has been targeting companies that operate industrial control systems with a backdoor program called BlackEnergy.
“Multiple companies working with ICS-CERT have identified the malware on Internet-connected human-machine interfaces (HMIs),” the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of the U.S. Department of Homeland Security, said in a security advisory Tuesday.
ICS-CERT has not identified cases where the BlackEnergy malware was used to damage, modify or disrupt the processes controlled by the compromised HMIs and it’s not clear if attackers used those HMIs to gain deeper access into the industrial control systems.
The organization believes the BlackEnergy attackers targeted deployments of HMI products from three different vendors: General Electric’s Cimplicity HMI, Siemens’ SIMATIC WinCC and BroadWin’s WebAccess—also distributed by Advantech.
Cimplicity HMI installations were compromised through a vulnerability that GE issued a patch for in December 2013. However, ICS-CERT believes this group of attackers has been exploiting the vulnerability since at least January 2012.
ICS-CERT has not yet established the attack vectors for the SIMATIC WinCC and the Advantech/BroadWin WebAccess HMIs, but have reason to believe customers of these products have been targeted as well.
GE issued an alert about the BlackEnergy campaign on its security website. “We recommend customers who have GE CIMPLICITY products installed follow security practices and install the latest patches,” the company said.
Security researchers have predicted malware attacks against SCADA systems ever since the Stuxnet cybersabotage worm was discovered in 2010. Those predictions materialized this year: BlackEnergy is the second malware program found in the past several months that’s directly associated with attacks against industrial control systems.
Tomi Engdahl says:
Plan Long Term for Industrial Internet Security
http://www.eetimes.com/author.asp?section_id=36&doc_id=1324538&
With industrial control systems becoming network-connected, security risks rise and will need a long-term solution.
While the term “Internet of Things” is arguably overhyped, there is compelling evidence that intelligent sensors and controllers connected into a globe-spanning network can vastly improve efficiency and productivity in many industries. But those connections introduce vulnerabilities to malicious intrusion into the equipment’s operation. Many developers have never faced these issues before. Companies creating industrial control equipment will have to begin adopting design practices and policies that address security, with an eye toward long-term sustainability.
As yet, network security is not an issue for many industrial control designs. Sensors and actuators in these systems may connect to a network, but that network is often confined to a single building or facility. A master panel or workstation is the central point of control for the network, as well as the recipient of all data. There is no outside access to either. In such situations, physical control of access to the network is possible, severely restricting the opportunities for malicious compromise of network operation. Even modest network security measures prove more than adequate, and high-level security measures can become more impediment than protection.
But increasingly, outside access is being made available. Industries have found great benefit in being able to monitor and control systems from outside the facility by linking to the master workstation. However, unless this linkage uses a dedicated, private network, the risk of intrusion rises dramatically. Malicious agents can bring vast computer resources to bear remotely and conduct a long-term, clandestine attack on the target system that would be virtually impossible if the attack had to be conducted entirely from within the facility.
A recently uncovered long-term campaign targeted several industrial control system user interfaces. The attackers spent years worming their way through network security barriers. Once the attack became known, vendors of the software that provided the point of entry quickly patched the hole and alerted their customers of the need to do the same. But propagating the fix to all the affected systems is an unstructured effort at best, and it may take considerable time to implement widely.
But it’s even worse than that. Network security is not a set-and-forget kind of thing. Not only are the attackers able to probe continually for vulnerabilities, but their resources and skills are also constantly improving. A security practice that was virtually bulletproof a decade ago now readily fails to protect against the greater caliber of today’s malware armory. Widely used 128-bit encryption schemes, for instance, seem adequate today but are likely to fall within a decade as computers follow Moore’s Law and double in processing power every year or so. And industrial control systems often need to provide an installed working life three times that long.
In light of the trend toward the Industrial Internet of Things, development teams must start thinking hard about network security and planning for its long-term viability. This means providing security at every point within the network, not just the external interfaces, and making provision for that security to be updated as threats change. Third-party and open-source software that’s incorporated into the design must be thoroughly examined before acceptance. Further, the use of such software should be fully documented, so that its presence is identified and apparent to the end user or whoever else will be responsible for long-term system security maintenance. That way, when something like the Heartbleed bug is discovered, those affected will be able to determine that they are vulnerable and need to take action
Tomi Engdahl says:
More Things Are Critical Systems
http://semiengineering.com/more-things-are-critical-systems/
Connecting unrelated devices in the IoT means many more pieces now affect reliability and security.
Defining a critical system used to be pretty obvious. It was something that could affect the health and safety of people, such as the chip inside a pacemaker or insulin pump, a car’s braking system or an airplane’s guidance system. But as more devices are connected together, that definition is changing and expanding.
More devices are now considered critical, such as a connected baby monitor or a smart smoke detector, because wrong information can injure or kill people. In addition, new devices that are coming to market can affect the operation and security of other devices if they are part of a network. But not all of these devices are designed with the kind of quality controls or built-in security that critical systems require.
“The big challenge is focusing on what happens at different nodes on the network,” said Sudhir Sharma, high-tech industry director at Ansys []. “The industry claims to have a good handle on problems once data gets onto the network, but the gateways on the network are a big problem.”
One of the big challenges in the IoT world is that while many companies are building devices for it, no one really knows what it actually will look like or how the various pieces will fit together. Until a clearer picture emerges, and until there is a history of attacks and failures, it’s impossible to comprehend the weaknesses.
Safety vs. security
In the past, there was a sharp distinction between the ideas of safety and security, but those lines are blurring, along with the definition of overall device reliability.
“We tend to think of it as safety is protecting the world from a device, while security is protecting the device from the world,” said Felix Baum, product manager for embedded virtualization at Mentor Graphics []. “But a lot of companies are connecting things that do not make sense, exposing a device to the outside world. If you’re a consumer, that sometimes exposes you. If you program the temperature in your house using a smart thermostat, a thief can figure out when you’re not at home. To protect devices you don’t want to expose critical features. Connectivity is one area of exposure. But we also are not seeing a lot of appliance manufacturers doing due diligence in securing devices.”