The juicy headlines in cyber warfare may center on IT battles between Google and Chinese hackers, but security experts at US Cyber Command at Fort Meade, Md., are much more concerned about SCADA systems. The embedded controllers that make up Supervisory Control and Data Acquisition networks manage critical systems such as power plants and water treatment plants, and thus represent a tempting spot for adversaries to exploit.
Concern about SCADA is scarcely a surprise, given the Stuxnet worm that attacked Iranian uranium centrifuges a year ago. Stuxnet was designed specifically to modify the behavior of Siemens programmable logic controllers, or PLCs, based on Windows. In recent weeks, Siemens has scrambled to patch software holes in its Simatic S7 PLC system, holes that were revealed by academic researchers in late May.
This underscores the radical changes that have taken place in SCADA markets since industrial floors were dominated by 8-bit PLCs from Siemens, Modicon, and Rockwell Automation/Allen-Bradley. It’s no surprise that controllers have followed the IT addressability trends of 8-bit to 32-bit, even opting for 64-bit controllers in some systems. But the more critical change has come in seeing SCADA systems move to mixed-signal, fault-tolerant systems with advanced real-time software.
The simplest real-time kernels in past SCADA systems have been replaced by advanced real-time environments from the likes of Intel/Wind River and QNX. Such kernels offer the embedded equivalent of multithreading and virtualization. They provide links to specialized legacy industrial buses such as CAN and ProfiBus. For industrial operations ready to make the move to Linux, companies such as LynuxWorks and MontaVista (now a division of Cavium Networks) offer hard real-time capabilities with the advantages of a Linux open-source community for embedded application development.
The emphasis on fault tolerance and rapid failover for SCADA networks has driven a unique concern over networks, as well. SCADA systems are following most IT and embedded networks in moving to Ethernet protocols. But the SCADA version of Ethernet is only secondarily concerned with speeds that surpass a gigabit per second. Backbone performance takes a back seat to concern over Ethernet failover switching, packet visibility, and network synchronization. The key standards SCADA system managers demand for Ethernet switching are High-availability Seamless Redundancy (HSR, as specified in IEC62439-3), IEEE 1588 v2 network synchronization, and Y.1731 Ethernet Operations Administration and Maintenance.
New groups like Open SCADA Security Project are advocating wider use of encryption and better client-server access management. Such efforts are long overdue, given that secure access to SCADA consoles is now being offered through apps on the iPhone and Android smartphones.
In theory, all these SCADA upgrades should make the industrial process-control network as redundant and fail-safe as an advanced datacenter for IT aggregation. If you detect a slight note of sarcasm in this observation, it’s intended. Datacenters can fail, and so can power plants. Microcontrollers and real-time operating systems are a long way from being as bulletproof as the semiconductor and embedded-software vendors intend them to be. And let’s face it -- designing SCADA on Linux can serve as a red flag to certain subsets of the hacker community who see Linux in embedded applications as a unique challenge.
So the concern over SCADA by the cyber warriors who dwell in the shadows is legitimate. Governments on all sides see proactive SCADA probes as a good way to challenge adversaries. At the same time, individual hackers are moving to attacks on embedded systems. The effort to turn SCADA networks into 21st century fault-tolerant fortresses may be taking place barely in time -- if such efforts are not too late already.
You're right about 64-bit as a future prospect. NRT OS should have been staring me in the face, but I assumed such broad use of real-time kernels, it just sort of passed by me as a don't care - which is silly. Thanks for comments.
Loring, The part I do find interesting is where you mention about controllers changing to 64-bit. Even though there appears to be development in this area considering that most plant floors just recently moved from Windows CE to Windows XP for OS, 64-bit is not supported on an OS until you get to Vista or higher.
You also mentioned two of the three communication needs within an industrial network. Real-time and hard-real-time. There is a third in between the two extremes which is non-real-time. These three communication needs each have timing associated with them and therefore must be processed differently. In today's designs an OEM is locked into one vendor for most products so they interact well within the network or the other option is using bridges which create latency in the communications. Therefore leapfrogging may work for some parts of the network process but not for all areas of need.
You have really given some good 'food for thought' here.
What Jack R. mentioned is one reason why leapfrogging may be inevitable. It seems that application software is often developed with an eye to what sounds cool, rather than the sense it makes to the overall SCADA environment. A perfect example is the forementioned apps for Android and iPhone. Even in the IT community, client smartphone apps are being developed for corporate access, and even some military-security applications, that don't seen to take into account the shakier security and stability environment of the self-invoking smartphone app. When one hears of monitoring or security apps developed for SCADA systems, allowing process managers to check on a power system via an iPhone, there's something that screams "Ooops! Don't want to go there!" But we'll only learn of the hazards after the fact, requiring one or several more rounds of leapfrogging.
The unfortunate thing with SCADA security is that the big hole is still the application software that in many cases is not being maintained (or possibly even developed) by people with an eye toward security. A lot of the customers at my previous employer required access to the application to make "updates" online as well as download the program. While in some cases, this type of access was regulated through a more secure method provided by their own IT department, in other cases they were not involved, opening up the same doors that STUXNET came through.
On the one hand, it's always good news when vendors are able to cut the bad guys off at the knees, in this case by going to more advanced kernels, then beefing up networking protocols, and now looking at encryption. OTOH, one gets weary over the constant need to upgrade to stay that one little step ahead of the bad actors. Are we stuck with this leapfrogging scenario from here on out, Loring?
Really interesting, timely post, Loring -- as if industry and governments were sufficiently sensitized to the security issues you raise, Stuxnet made it abundantly clear what sort of havoc embedded malware could wreak. A larger security sensibility at this level is long overdue.
New disc magnet motors fit into the design trend of stepping up to closed loop performance while maintaining the cost advantage of stepper motor technology.
At the Design News webinar on June 27, learn all about aluminum extrusion: designing the right shape so it costs the least, is simplest to manufacture, and best fits the application's structural requirements.
A new battery design, which replaces lithium with abundant and low-cost elemental sulfur, is still in its nascent stages but shows real promise for giving batteries more energy potential.
The push to achieving more intelligent, integrated manufacturing is putting a strong focus on networking and connectivity as key enabling technologies.
From Dell / Intel® New Paradigms in Design Work Scott Hamilton, vertical market strategist for Dell Precision workstations, 5/2/2013 5
Early in my career, I worked as a draftsman and remember the days of drawing on vellum with numbered pencils and Mylar with plastic lead. This was a fun experience in the sense that I ...
I've been using workstations for more than 10 years and love finding ways to get more performance from my system. With demanding professional applications that require more power each ...
A lasting memory from my first job as an engineer in an auto assembly plant is standing on hard concrete at six in the morning, vending-machine coffee clutched in hand, listening to ...
For industrial control applications, or even a simple assembly line, that machine can go almost 24/7 without a break. But what happens when the task is a little more complex? That’s where the “smart” machine would come in. The smart machine is one that has some simple (or complex in some cases) processing capability to be able to adapt to changing conditions. Such machines are suited for a host of applications, including automotive, aerospace, defense, medical, computers and electronics, telecommunications, consumer goods, and so on. This radio show will show what’s possible with smart machines, and what tradeoffs need to be made to implement such a solution.
To save this item to your list of favorite Design News content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
0 
