HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Blogs
Blog

Can Your iPhone Bring Down a Plant?

NO RATINGS
Page 1 / 3 Next >
View Comments: Oldest First|Newest First|Threaded View
<<  <  Page 2/7  >  >>
Zippy
User Rank
Platinum
Re: 3 levels to the plant
Zippy   7/1/2013 8:36:19 AM
NO RATINGS
"Can your iPhone bring down a plant?"  There's an app for that!    :)

 

Seriously, the three-level approach is the way to go, but many IT groups are not staffed for that.  I also feel that many IT groups simply refused to consider dealing with BYOD, and so were caught flat-footed when they got run over by the 21st century.

Rob Spiegel
User Rank
Blogger
Re: 3 levels to the plant
Rob Spiegel   7/1/2013 8:39:16 AM
NO RATINGS
I agree, Chuck, cyber intrusion is scarier than papers in a briefcase. I asked once whether it would have been better if plants had kept their systems issolated as in the past. Apparently the benefits of the connectivity ae just too great to pass up.

GTOlover
User Rank
Platinum
Re: Standards
GTOlover   7/1/2013 8:47:18 AM
NO RATINGS
Even more to the point of government intrusion, big corporations who "donate" to the right political party and have the standards slanted in their favor to get a market advantage that buries true innovation!

And with the revelations of IRS political hacks, this is an undeniable truth even if you live in the land of unicorns and believe our government is benevolent!

ab3a
User Rank
Platinum
Re: 3 levels to the plant
ab3a   7/1/2013 8:49:31 AM
NO RATINGS
TJ, I design, integrate, and maintain a distribution SCADA system and several plant control systems. 

What you wrote about is seen by many as wonderful positive case for remote access.  However, you have no idea what might happen if the remote access information were ever compromised.  Would it be accessed by a vindictive spouse or child? Is the remote access software hardened enough? 

Do note that I have seen SCADA systems built around Java, I have seen remote access software with very insecure hashes, I have seen lots of stories of Android and iPhone malware that gets behind the VPN and does all sorts of rude things. The volume of zero-days and patches on these platforms is frightening.

There really is no way to know with any certainty that the remote access software is safe. It wasn't that long ago that VxWorks, the OS for many embedded systems, was discovered to have used an extremely weak hash algorithm for passwords. A brute force hack against a VxWorks password hash file turns out to be trivial. So how many people know this about VxWorks and how many people know to patch this OS?  Damned few.

Let's get serious here: It's not just the control engineers who are flummoxed with all this software. It's the IT departments too.

That said, If you expect long windshield times getting access to a site, if you are running extremely thin on staff, if you do not have remote site resiliency features available to you; then remote access is almost a foregone conclusion, regardless of whether you are worried about the security risk.

I believe that instead of expecting superhero engineers, we should be designing systems so that there is no need for these folk to swoop in and save the day from their iPhone while sipping a Daiquiri in Tahiti. In effect, we need to improve the robustness of the design so that remote access is not needed. Your positive story is not something I would highlight as a good thing.


Jake Brodsky

j-allen
User Rank
Gold
Cyber intrusion
j-allen   7/1/2013 9:51:09 AM
NO RATINGS
It seems to me that if a control system is critical, especially to safety. then it should not send ANYTHING through the aether.  It's very hard to interfere, either accidentally or intentionally, with signals going through plain old copper wires. 

One of my consulting clients followed a wise policy in this matter.  All communications within the plant were wired, and if he needed to update a customer's  program, he transmitted the software either by delivering a disk, or using a telephone modem which was plugged in ONLY while the program was being transmitted.  Of course that meant his programs had to be elegant and compact enough to be transmitted over a limited bandwidth, but his code writers were good at that. 

tsieda
User Rank
Iron
Re: Standards
tsieda   7/1/2013 10:48:03 AM
NO RATINGS
It is interesting to see these issues cross over from the Telecom world into the plant control world. In the Telecom(Service Provider) world, IT and Control departments use QA Production Labs to validate interoperability and security needs so that they have have confidence in their networks and their ability to handle attacks as well as perform correctly.  The issue of a constant barage of software releases and patches dictates the necessity to stand up a lab for testing using automation to keep up with the flow of these releases. New equipment with new features (not to mention new phones and other network devices for the smartgrid) also warrant this sort of testing strategy just to keep the uptime acceptable for your production environment. We are writting up some case studies for companies that have proved out these concepts and will publishing them soon. Please contact me directly if your want to setup a strategy to prevent your plant from being downed from these new threats.   

Rob Spiegel
User Rank
Blogger
Re: Web browsers
Rob Spiegel   7/1/2013 10:49:14 AM
NO RATINGS
Yes, AnandY, the malicious bugs are a huge concern for control engineers. A simple move such as an emplloyee downloading music can have serious consequences.

Rob Spiegel
User Rank
Blogger
Re: Security bypass
Rob Spiegel   7/1/2013 11:15:47 AM
NO RATINGS
I wasn't even aware of that AnandY. That's distrubing. Do you have any idea how IT is coping with that problem?

Rob Spiegel
User Rank
Blogger
Re: VPN
Rob Spiegel   7/1/2013 1:04:46 PM
NO RATINGS
AnandY, do you know if many plants deploy the security measures you describe?

bobjengr
User Rank
Platinum
I -PHONE
bobjengr   7/1/2013 4:15:06 PM
NO RATINGS
Rob--excellent post.  A little scary though.  I have one client that absolutely prohibits the use of SmartPhones inside the plant facility.  Any emergency call must come into a central office and a specific phone number.  The individual needed by the caller is then notified to "call home" or whatever.  To do this, he or she must use a landline or go outside to make the call.  I actually thought the issue was time away from the job or texting on the job but now I'm not that sure.    Do you know what protection nuclear power plants have relative to IT security?  I hope this would be the ultimate protection.   

<<  <  Page 2/7  >  >>
Partner Zone
More Blogs
Thanksgiving is a time for family. A time for togetherness. A time for… tech?
The promise of the Internet of Things (IoT) is that devices, gadgets, and appliances we use every day will be able to communicate with one another. This potential is not limited to household items or smartphones, but also things we find in our yard and garden, as evidenced by a recent challenge from the element14 design community.
Researchers have developed a new flexible fabric that integrates both movement and sensors, introducing new potential for technology-embedded clothing and soft robots.
If you didn't realize that PowerPoint presentations are inherently hilarious, you have to see Don McMillan take one apart. McMillan -- aka the Technically Funny Comic -- worked for 10 years as an engineer before he switched to stand-up comedy.
The first Tacoma Narrows Bridge was a Washington State suspension bridge that opened in 1940 and spanned the Tacoma Narrows strait of Puget Sound between Tacoma and the Kitsap Peninsula. It opened to traffic on July 1, 1940, and dramatically collapsed into Puget Sound on November 7, just four months after it opened.
Design News Webinar Series
11/19/2014 11:00 a.m. California / 2:00 p.m. New York
11/6/2014 11:00 a.m. California / 2:00 p.m. New York
10/7/2014 8:00 a.m. California / 11:00 a.m. New York
12/11/2014 8:00 a.m. California / 11:00 a.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Dec 1 - 5, An Introduction to Embedded Software Architecture and Design
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Last Archived Class
Sponsored by Littelfuse
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service