It only seems to be a big issue in America. Except you guys are wholesale exporting your YEC garbage to africa. Please Americans, we don't want it. Do us a favour and keep your crazy over there.
Not really. They're often designed around OPC which uses DCOM security. It is obsolete, but there is security. It simply gets disabled because DCOM is a disaster to work with. They're pushing OPC UA and OPC Xi now to fix this.
Uh, yeah. Not always. The issue is the software guys don't understand how the blasted plant works and tend to come up with unworkable solutions. I have seen this many times. This is why we have automation engineers who understand both. I have seen software engineers produce horrendous quality production software that has people's lives depending on it, simply because they don't understand what they're doing. They don't understand failsafe. To a hardware guy a off signal is no voltage or a broken wire. To a software guy its just a zero. The hardware guy works from failsafe. The software guy (in every case I have seen) assumes the signal is good. I could go on. The issue is the disconnect between software engineers and basic reality.
Then we get pushed complex and legacy solutions by the software guys (DCOM is hell on earth), you're standing in a plant and it has to run NOW!, so whats the easiest way out? Disable the bloody security. Thank goodness for some sanity in the form of OPC UA. No, keep the bloody software engineers out of anything mission critical thank you very much. I don't have time to keep rewriting their code to standard.
All digital electronics is ultimately analogue. If you had transistors that could run at that speed, you could probably sample at (at least) a quarter of that speed. Make a very nice ADC/DAC for a software (de)modulator and fixed function DSPs.. Lots of digital applications on the digital side, if the power draw is reasonable.
For some reason in a blade match, every so often the morph ovum turned you into a giant chicken with 999 health instead of a small chicken with 1 health. We used to play blade match a lot. A heck of a lot....
I was unfortunate enough to not have a reasonable Internet connection back then. But the LAN blade matches were awesome. Pole vaulting was awesome too. I kept hoping they'd do another, and even bought singularity (which was reasonable) just to support them, even though I knew nothing about it....:)
I am a longtime fan of Heretic 2. And in fact have played it recently. On modern Hardware. Orcs Must Die 1 definitely has better graphics. Not sure about 2, I haven't had time to fire it up yet. Also it was enough fun (as is Heretic 2) that I don't really give a damn about the graphics.
On an unrelated note, I'd love to see a Heretic III or a reboot. And Hexen. I always thought Heretic was more fun than doom.
If only I'd known about that script before. I wouldn't have bought blasted bulletstorm with that evil GFWL. You sir, are a gentleman and a scholar. You have my thanks.
They're running Siemens. A stupid, though common mistake. Siemens claim to sell PLCs, but in reality sell general purpose CPUs with craptacular software and specs. It is redundant to hack a Siemens system, since I'd be surprised if it were stable without the virus. I'm not talking out of my arse here, I have used toshiba, omron, siemens, Mitsubishi and even Rockwell PLC and scada systems. While toshiba comes close (good hardware, windows 3.1 era software), nothing sucks harder than Siemens. Microsoft has nothing on them. And never did.
Wind, diesel, gas, steam? I lived for years in a failed state. We had weeklong powercuts at times. There is always an option if it is valuable enough to you. Electricity is a luxury, not a necessity. It may be a cheap luxury, but until you live an extended period without it, you probably won't understand it.
Modbus can write to a register, which is basically a memory location. Most write commands are rejected immediately, and have strict length checks in the meters I use. Some old bugs in my driver show this quite nicely. I must check which meters were 0wned. I am not in the US, so we do use different meters, but I understand some models are worldwide.. In which meters are compromised in the US, I must confess my ignorance... But most likely prepayment meters, which I don't touch.
SCADA and PLC systems are another matter, especially when you get idiots like Siemens who design crappy PLCs which are basically general purpose CPUs. While I don't doubt many PLCs boil down to a general purpose CPU, the way siemens does it is moronic. It is hardly surprising they got infected. Pain in the arse to work with too. I am highly skeptical of their stability even without a virus involved.. Stuxnet was redundant.
I am involved in the fraud prevention, but it cuts both ways. Check metering can catch when the utility is charging you wrong because they wired the meter wrong, or got the VT and CTs wrong. Most meter fraud actually amounts to some guy bypassing the meter to run his geyser or stove. Hacking the meter is too complex compared to bridging it out. The more useful stuff if you're a large business and you can get the data is analysis for operation times and power factor correction. We use billing meters to capture the data, because since utilities approve them, they don't argue with the log in the event of a dispute.
The problem is where is your attack vector? Meters are highly specialized hardware. Normally they have dual firmware and processing. The interface provided over the optical head may be quite sophisticated, but over the other ports is on the level of modbus(which some use). If you look at the source code linked to in the fine article, you'll see that. Some meters do not allow firmware updates. Remember these are not PCs. If the measuring firmware is offline for as long as 10minutes (transfer the firmware over 9600bps), you are losing data. They'd often rather physically replace the meter since an update will often clear the logs..
Your best attack vector is the optical interface. That isn't networked. So there is no serial reinfection. You may be able to execute arbitrary code through the other ports, but I doubt it. These are designed to cope with data corruption and random data being dumped into them (meters are often chained on RS 485 or power line carrier). The point is, the interface is simply not smart enough for a networked attack, and the comms is extremely robust (though not very secure until they start implementing AES I guess), so a buffer overflow or similar attack isn't likely. I have only ever seen one (poorly designed and obsolete) meter fail due to the data on its port. That caused a hard lock up of the comms. The measuring firmware however was not affected.
Not really. Power generation is a complex balancing game. That information can make the grid more stable. Also if you start generating power, your dumb meter won't register it. Basically I can see why they're used by the utility, but I am not one,
I am not American, so I do not share your paranoia...:) as to moment to moment? Normally that is a 30min profile block. It isn't always read, as the billing registers are more efficient in terms of bandwidth. If there were a dispute (your TOU billing could be wrong if your meter clock is), they would need to be read. They might pull back instantaneous usage (though most small meters don't support that), but it would be stupid, as information from an area meter would be useful and faster. The American news? I could not care less. Sorry. As I said, you can always get your energy elsewhere. You could use solar, gas, heck even a diesel generator might prove viable. None of this gives you the right to screw with the power companies' property. I am not with a utility, but I can tell you if I was and found someone doing that, I would assume fraud and cut you off. It is not unreasonable to expect you to pay for your power.
So, they'll put it on the pole then. But since any tampering would look like attempt to commit fraud, you'd be better off going solar and disconnecting. After all, if they are providing a service and you're unhappy with the terms, go elsewhere. If you can't, tough. Deal with it. And put your tinfoil hat back on, and wait for that stalker to go through millions of records to find your house. They're after you, you know...
Not normally. Most of the meters I deal with only accept commands through the network. You normally need an optical head to upgrade the firmware. So I suppose a virus is possible, though you'd have to spread it manually. My point anyway was, check-metering is a better solution than trying to secure the meter in an arms race. If it were me(and it isn't) I'd hijack the comms with randomly generated (within parameters) data that looks like the meter. Still they're likely to catch you on an audit, which they would do, since the check meter would not be the sum of all the downstream meters. From there, it would be fairly trivial to detect the tampering.
Slashdot Mirror
You have obviously never been to Durban in South Africa in the middle of our winter here.
Fair enough...
That seems to contradict the Catholic Church's position a little.
It only seems to be a big issue in America. Except you guys are wholesale exporting your YEC garbage to africa. Please Americans, we don't want it. Do us a favour and keep your crazy over there.
Not really. They're often designed around OPC which uses DCOM security. It is obsolete, but there is security. It simply gets disabled because DCOM is a disaster to work with. They're pushing OPC UA and OPC Xi now to fix this.
Uh, yeah. Not always. The issue is the software guys don't understand how the blasted plant works and tend to come up with unworkable solutions. I have seen this many times. This is why we have automation engineers who understand both. I have seen software engineers produce horrendous quality production software that has people's lives depending on it, simply because they don't understand what they're doing. They don't understand failsafe. To a hardware guy a off signal is no voltage or a broken wire. To a software guy its just a zero. The hardware guy works from failsafe. The software guy (in every case I have seen) assumes the signal is good. I could go on. The issue is the disconnect between software engineers and basic reality.
Then we get pushed complex and legacy solutions by the software guys (DCOM is hell on earth), you're standing in a plant and it has to run NOW!, so whats the easiest way out? Disable the bloody security. Thank goodness for some sanity in the form of OPC UA. No, keep the bloody software engineers out of anything mission critical thank you very much. I don't have time to keep rewriting their code to standard.
It is a queue. Well maybe not you could possibly have both wars at once. Anyway, just a brainfart.
Yes, this is an america-centric site, as we are often reminded, and you guys don't like SI units... :P
Queue the Metric/Imperial Wars:
In all seriousness, they could have just given the frequency and we'd have been fine. That refresh rate is very doable with a dedicated controller.
All digital electronics is ultimately analogue. If you had transistors that could run at that speed, you could probably sample at (at least) a quarter of that speed. Make a very nice ADC/DAC for a software (de)modulator and fixed function DSPs.. Lots of digital applications on the digital side, if the power draw is reasonable.
For some reason in a blade match, every so often the morph ovum turned you into a giant chicken with 999 health instead of a small chicken with 1 health. We used to play blade match a lot. A heck of a lot....
By the way, any idea how the giant chicken came about in the blade match mode? I never worked it out- it seemed random...
I was unfortunate enough to not have a reasonable Internet connection back then. But the LAN blade matches were awesome. Pole vaulting was awesome too. I kept hoping they'd do another, and even bought singularity (which was reasonable) just to support them, even though I knew nothing about it.... :)
I am a longtime fan of Heretic 2. And in fact have played it recently. On modern Hardware. Orcs Must Die 1 definitely has better graphics. Not sure about 2, I haven't had time to fire it up yet. Also it was enough fun (as is Heretic 2) that I don't really give a damn about the graphics.
On an unrelated note, I'd love to see a Heretic III or a reboot. And Hexen. I always thought Heretic was more fun than doom.
If only I'd known about that script before. I wouldn't have bought blasted bulletstorm with that evil GFWL. You sir, are a gentleman and a scholar. You have my thanks.
XKCD. Now a sex?!
Whipping the PC? Like that annoying kid whips her hair?
They're running Siemens. A stupid, though common mistake. Siemens claim to sell PLCs, but in reality sell general purpose CPUs with craptacular software and specs. It is redundant to hack a Siemens system, since I'd be surprised if it were stable without the virus. I'm not talking out of my arse here, I have used toshiba, omron, siemens, Mitsubishi and even Rockwell PLC and scada systems. While toshiba comes close (good hardware, windows 3.1 era software), nothing sucks harder than Siemens. Microsoft has nothing on them. And never did.
Wind, diesel, gas, steam? I lived for years in a failed state. We had weeklong powercuts at times. There is always an option if it is valuable enough to you. Electricity is a luxury, not a necessity. It may be a cheap luxury, but until you live an extended period without it, you probably won't understand it.
All you are telling me is your perceived privacy is less valuable than the cost difference.
Modbus can write to a register, which is basically a memory location. Most write commands are rejected immediately, and have strict length checks in the meters I use. Some old bugs in my driver show this quite nicely. I must check which meters were 0wned. I am not in the US, so we do use different meters, but I understand some models are worldwide.. In which meters are compromised in the US, I must confess my ignorance... But most likely prepayment meters, which I don't touch.
SCADA and PLC systems are another matter, especially when you get idiots like Siemens who design crappy PLCs which are basically general purpose CPUs. While I don't doubt many PLCs boil down to a general purpose CPU, the way siemens does it is moronic. It is hardly surprising they got infected. Pain in the arse to work with too. I am highly skeptical of their stability even without a virus involved.. Stuxnet was redundant.
I am involved in the fraud prevention, but it cuts both ways. Check metering can catch when the utility is charging you wrong because they wired the meter wrong, or got the VT and CTs wrong. Most meter fraud actually amounts to some guy bypassing the meter to run his geyser or stove. Hacking the meter is too complex compared to bridging it out. The more useful stuff if you're a large business and you can get the data is analysis for operation times and power factor correction. We use billing meters to capture the data, because since utilities approve them, they don't argue with the log in the event of a dispute.
The problem is where is your attack vector? Meters are highly specialized hardware. Normally they have dual firmware and processing. The interface provided over the optical head may be quite sophisticated, but over the other ports is on the level of modbus(which some use). If you look at the source code linked to in the fine article, you'll see that. Some meters do not allow firmware updates. Remember these are not PCs. If the measuring firmware is offline for as long as 10minutes (transfer the firmware over 9600bps), you are losing data. They'd often rather physically replace the meter since an update will often clear the logs..
Your best attack vector is the optical interface. That isn't networked. So there is no serial reinfection. You may be able to execute arbitrary code through the other ports, but I doubt it. These are designed to cope with data corruption and random data being dumped into them (meters are often chained on RS 485 or power line carrier). The point is, the interface is simply not smart enough for a networked attack, and the comms is extremely robust (though not very secure until they start implementing AES I guess), so a buffer overflow or similar attack isn't likely. I have only ever seen one (poorly designed and obsolete) meter fail due to the data on its port. That caused a hard lock up of the comms. The measuring firmware however was not affected.
Not really. Power generation is a complex balancing game. That information can make the grid more stable. Also if you start generating power, your dumb meter won't register it. Basically I can see why they're used by the utility, but I am not one,
I am not American, so I do not share your paranoia... :) as to moment to moment? Normally that is a 30min profile block. It isn't always read, as the billing registers are more efficient in terms of bandwidth. If there were a dispute (your TOU billing could be wrong if your meter clock is), they would need to be read. They might pull back instantaneous usage (though most small meters don't support that), but it would be stupid, as information from an area meter would be useful and faster. The American news? I could not care less. Sorry. As I said, you can always get your energy elsewhere. You could use solar, gas, heck even a diesel generator might prove viable. None of this gives you the right to screw with the power companies' property. I am not with a utility, but I can tell you if I was and found someone doing that, I would assume fraud and cut you off. It is not unreasonable to expect you to pay for your power.
So, they'll put it on the pole then. But since any tampering would look like attempt to commit fraud, you'd be better off going solar and disconnecting. After all, if they are providing a service and you're unhappy with the terms, go elsewhere. If you can't, tough. Deal with it. And put your tinfoil hat back on, and wait for that stalker to go through millions of records to find your house. They're after you, you know...
Not normally. Most of the meters I deal with only accept commands through the network. You normally need an optical head to upgrade the firmware. So I suppose a virus is possible, though you'd have to spread it manually. My point anyway was, check-metering is a better solution than trying to secure the meter in an arms race. If it were me(and it isn't) I'd hijack the comms with randomly generated (within parameters) data that looks like the meter. Still they're likely to catch you on an audit, which they would do, since the check meter would not be the sum of all the downstream meters. From there, it would be fairly trivial to detect the tampering.