Iran's nuclear ambitions facing delays

Point out news stories, on the net or in mainstream media, related to polywell fusion.

Moderators: tonybarry, MSimon

kurt9
Posts: 588
Joined: Mon Oct 15, 2007 4:14 pm
Location: Portland, Oregon, USA

Post by kurt9 »

MSimon wrote:
ladajo wrote:I would agree. I would setup an isolated netwrork to link the PLCs together, and do it that way.
Of course, you run a risk if you look to upgrade the programming software, or the PLC operating system.
But, if you build what you need, and get the job done, you could resist the "desire" to get more guchi with upgrades.
The problem is always management.

"I heard that you could _____ with a simple upgrade. What will it cost? How long will it take."

BTW machines with Wireless connections always scared me. I would say: "What if......" and management would tell me "encrypted". "And besides wires are expensive and take longer to develop". So I would say: what will one plant shut down cost? And management would tell me. "Not going to happen."

And then one time in aircraft development. I said - "Why are you using IP? It is well known and thus easily hackable. Why not roll your own? (I was a serial bus hardware and protocol expert)."

And they told me - "IP developers are cheap because it is well known. And besides no one is going to hack it."

Idiots.
This is where professional discipline comes in. The only thing you need to upgrade on a dedicated laptop is the PLC development software, which is usually updated at most 1-2 times per year. These updates usually come on CD's as well (which you can request from the PLC makers like Siemens).

My point is that stuxnet propagates itself either through careless practices (like not using a dedicated laptop for the PLC program development) or malicious intent (which is possible in the case of the Natanz facility as there were no doubt Russian engineers involved in this). Neither Russians nor Iranians are known for their fastidiousness in these matters, unlike, say, the Japanese.

BTW, I did all of my control system work in Japan and Taiwan, using Japanese PLCs (Mitsubishi, Omron, Yokogawa, and Izumi Idec). There are five major manufacturers of PLCs in Japan.

The "specialized assembly language" used to program PLCs is ladder logic. Ladder logic has been incorporated into more sophisticated programming environments called the 61131 tools that make use of function blocks (e.g. PID loops), flow charts made of the same, and structured text (which is similar to ladder logic).

I find ladder logic easy to understand and to program (its almost graphical to me) whereas I don't understand and absolutely hate "C" language programming. Most software people tell me they are just the opposite to me.

One more point, the SCADA or user panel interface. These are also created by a development tool similar to that used to program the PLCs. These environments are also updated by their respective manufacturers maybe once or twice per year and the updates made available on CDs.

You want the upgrades on CD's anyways because that way you have a back up in case your computer crashes or gets damaged by some other means.

You want to use a dedicated PC for the SCADA system as well. Some factory managers like to connect the SCADA PCs into the company LAN which, in turn, is connected to the outside internet through various firewalls. I usually try to convince them not to do this.

Safe computing practices.

ladajo
Posts: 6258
Joined: Thu Sep 17, 2009 11:18 pm
Location: North East Coast

Post by ladajo »

icarus wrote:So by that logic, hypothetically Stuxnet could infect Three-mile Island causing a reactor meltdown and it would be the operator's fault?

Pretty duplicitous to wash your hands of the whole thing after the virus has been deployed into a nuclear complex .... it's a big cluster-mess and nobody is innocent. While one side or the other claims (and believes) an absolute moral high ground (righteousness) the mess will continue, (it's as simple as a he said, she said thing 5 year olds get into)
Well, let's see. TMI-2 already melted. It was the operators' fault. And it did not destroy the environment. Hmmm.

@kurt9: Ladder is graphical. I personaly liked the Fanuc series. But the issue with using one laptop as I ran into, was when you were dealing with systems spread over 1/2 mile of plant, and lots of them. It was much easier to centralize and do it that way. One of my German buddies (who worked for Schlafhorst at the time) had a bad day when he flew in from Germany with his laptop, and found that it did not survive the trip. Lucky for him, I had copies of everything as well, thanks to keeping a central file on the LAN.
As for wireless, we played with it some, but I found that I could run 500ft on 232 with good wire, and even further with amps. So it was not so hard for me to link systems that way. Even in a high noise environment with lots of invertor drives and other fired power supplies. In fact our noise was so bad, I actually had to buy the town several sub-station breakers after we cooked them before we realized we were backfeeding distortion. This was in the days that harmonic distortion was still being figured out. Once we realized what was going on I had big cap banks put in to work with our stepdowns as big filters. Then once a month I would (or I would have one of the troops) go around the plant to our threee main feeds as well as internal and do surveys. Bought a nice brandy new fluke harmonic analyzer just for it. Now there are regs in place all over for the limits. Then there wasn't, but I digress...sorry...long day...

MSimon
Posts: 14334
Joined: Mon Jul 16, 2007 7:37 pm
Location: Rockford, Illinois
Contact:

Post by MSimon »

I developed PLCs (PC based) at Wizdom Systems. I always liked structured text because it was so Forth like.
Engineering is the art of making what you want from what you can get at a profit.

choff
Posts: 2447
Joined: Thu Nov 08, 2007 5:02 am
Location: Vancouver, Canada

Post by choff »

I took a little time to read the Symantec article on Stuxnet, apparently it can be propagated by thumb drives, and Iran's nuke networks weren't connected to the internet. I know many companies won't let you bring a usb stick into the building, but if there's a will there's a way.

The article mentioned two compromised signed digital certificates each from highly secure companies across the street from each other. Not the sort of thing your average hacker could get his hands on.
CHoff

choff
Posts: 2447
Joined: Thu Nov 08, 2007 5:02 am
Location: Vancouver, Canada

Post by choff »

Stuxnet is merely the worm that was detected, who knows if there aren't others infecting more than just the centrifuges. Correct me if I'm wrong, but wouldn't it be better rather than to destroy a centrifuge, to simply cause it to run too slowly while reporting normal operation. Then if the measuring equipment also had infected controllers, the enriched fuel might not be altogether enriched.
CHoff

kurt9
Posts: 588
Joined: Mon Oct 15, 2007 4:14 pm
Location: Portland, Oregon, USA

Post by kurt9 »

I've used LANs, DeviceNet, and the like to link all of the controllers and SCADAs together into a network. However, the network has always been separate from the company's business LAN which, of course, is connected to the internet.

I always have back up copies of my work along with the development environments themselves. Before, these were floppies and CD's. These days I use memory sticks and chips. I believe in keeping industrial control systems independent from the business LANs (and the internet) for security reasons.

My favorite SCADA was something called WizCon, which was made by PC Soft, an Israeli company. No one better understands both industrial control and electronic security than Israeli engineers. Unfortunately, PC Soft was bought out by Invensys, one of those bubble-period conglomerates that emerged during the late 90's. They then ran it into the ground.

A very good low cost (around $600 per PC) SCADA is Specview (www.specview.com) which is made by a friend of mine, Steve Cooper. I highly recommend Specview for many control applications.

FIX Intellution is good for large-scale (factory-wide) control systems.

BenTC
Posts: 410
Joined: Tue Jun 09, 2009 4:54 am

Post by BenTC »

Stuxnet is merely the worm that was detected, who knows if there aren't others infecting more than just the centrifuges.
Very true. You don't know what you don't know. Its a bit like being unable to prove a program is bug free. You can never PROVE you computer is virus free, which is why I used to re-install my PC from scratch every 6 months.

You might ask "used to?" That was back when my job was network administration and resident IT security nazi. Then I did some postgrad study to move into electrical power engineering and spent the last five years working for a Schneider Integrator - so I've lived both sides of the industrial "security" fence. Now I better understand that the problem with engineering workstations is that plants often run on PLC firmware 5 or 10 years old (we get callouts to places where no-one has plugged into the PLC since it was commissioned.)

The adage "If it works dont fckwithit" applies. You don't upgrade a working plant just to get the lastest wizz bang features. That is unecessary cost, downtime & risk. That problem is that old software was never written to work in locked-down environments. Also virus scanners are often not installed since they can interfere with PLC tools and SCADA rutimes. That contributes strongly to having a segregated control network.

There used to be REAL locked-door security with control systems. Not its a real conflict with management who see a benefit in the business integration of the control system.

Security is always a trade-off against easy of use. The analogy impart to people is the trade-off between having your cash readily available in a shoebox in you bedroom, against having it in a bank lockbox behind six foot thick vault door. Its a matter of where you draw the line. The easiest security measure most people can implement at home is to make their daily use login"non-admin." If I had to choose either a virus scanner or operating as "non-admin", the latter would be an easy winner.

Some of our clients (who are located in the bush) required us to have remote access to their control systems to provide support. The tradeoff is the risk of some outsider shutting their system down (rare), versus downtime from a process issue that requires our intevention to fix (comparitively regular).

In general, we consider it acceptable risk for a firewall on the client control network to pass us through on only a single TCP port for either RDP or VNC.
The "specialized assembly language" used to program PLCs is ladder logic.
It likely means more than ladder logic. That previously linked analysis said it was "hidden" from the main program - whereas any ladder modifications would have been clearly visible when they were tryign to troubleshoot their process. I can only speak for Schneider Modicon Quantum PLCs, but its possible to to write your own C libraries to link with the main firmware from the manufacturer. Mostly only used by third-party hardware developers, but its a standard part of the integrator software package.
What this tells me is that the control system engineers (probably Iranian or Russian) were not careful to use dedicated laptops to develop the control system program, and to never connect these laptops to the internet or use them for some other purpose. If they had used such quarantined computer practices, they would never have had the stuxnet infection in their facility to begin with.
That is incorrect. It is reported that the targetted engineering stations were offline, which is why they used thumbdrives as an attack vector.
In theory there is no difference between theory and practice, but in practice there is.

choff
Posts: 2447
Joined: Thu Nov 08, 2007 5:02 am
Location: Vancouver, Canada

Post by choff »

Which leaves the question, how hard is it to sneak a thumb drive into a nuke plant. Once inside it would only take about 5 minutes connection to an unattended computer, (assuming it was deliberate), and it would spread from there.
CHoff

choff
Posts: 2447
Joined: Thu Nov 08, 2007 5:02 am
Location: Vancouver, Canada

Post by choff »

An even better way is to sell the Iranians an infected PLC, then when the laptop connects it gets infected, spreads it to other controllers, laptops, update servers, wider network. An attack from the core to the outside, not something you would normally expect.
CHoff

BenTC
Posts: 410
Joined: Tue Jun 09, 2009 4:54 am

Post by BenTC »

choff wrote:Which leaves the question, how hard is it to sneak a thumb drive into a nuke plant. Once inside it would only take about 5 minutes connection to an unattended computer, (assuming it was deliberate), and it would spread from there.
You don't need to risk 5 minutes of suspicious computer activity, or even enter the building.
http://download.microsoft.com/documents ... desFIN.pdf
In theory there is no difference between theory and practice, but in practice there is.

icarus
Posts: 819
Joined: Mon Jul 07, 2008 12:48 am

Post by icarus »

Stuxnet chickens coming home to roost ...?

http://www.digitaljournal.com/article/303105

Stuxnet, the world's first ever worm-virus that is strong and clever enough to alter the functioning of machinery, particularly at nuclear uranium enrichment plants, could possibly be manipulated to cause catastrophic damage to any industrialized nation.

DeltaV
Posts: 2245
Joined: Mon Oct 12, 2009 5:05 am

Post by DeltaV »

icarus wrote: Stuxnet, the world's first ever worm-virus that is strong and clever enough to alter the functioning of machinery, particularly at nuclear uranium enrichment plants, could possibly be manipulated to cause catastrophic damage to any industrialized nation.
Sorry, Windows has been doing that for decades.

MSimon
Posts: 14334
Joined: Mon Jul 16, 2007 7:37 pm
Location: Rockford, Illinois
Contact:

Post by MSimon »

icarus wrote:Stuxnet chickens coming home to roost ...?

http://www.digitaljournal.com/article/303105

Stuxnet, the world's first ever worm-virus that is strong and clever enough to alter the functioning of machinery, particularly at nuclear uranium enrichment plants, could possibly be manipulated to cause catastrophic damage to any industrialized nation.
The problem with taking over machinery is that you have to know what machinery. Unless just interrupting production is the object.
Engineering is the art of making what you want from what you can get at a profit.

choff
Posts: 2447
Joined: Thu Nov 08, 2007 5:02 am
Location: Vancouver, Canada

Post by choff »

Stuxnet required a quality control team and complete hardware facilities in order to be developed, the same would be required for any comprable threat.
CHoff

icarus
Posts: 819
Joined: Mon Jul 07, 2008 12:48 am

Post by icarus »

Stuxnet required a quality control team and complete hardware facilities in order to be developed, the same would be required for any comprable threat.
Huh, how'd you get that?

All it would have to is crash an ESD PLC at O&G or Nuke plant and your getting into some serious crap pretty quickly ... I know, I've programmed them too ...

Post Reply