It doesn't transmit such signals for several reasons. First, there may not be anybody listening. You have to point this thing at an orbital satellite for any reliability. Even then, communications reliability can still be screwed up by a good sized solar storm.
Second, if there is airframe damage (like the Aloha 737) you could easily lose the connection to an antenna.
Third, airline pilot unions have a special agreement that says that cockpit conversations are confidential except in an accident. Further, the actual cockpit voice recorder audio is kept confidential. They don't want to upset the families of the victims. That's why you only see transcripts of their last words.
Finally, with all the airliners out there transmitting continuously, it would chew up a lot of bandwidth. Somebody has to pay for it.
I have this lovely demonstration, but you have to pay me to show you how it works. How do we know it is a real hack? How do we know it isn't a shake down?
This is a shade of Fermat's last theorem. Wiles, after he finally proved it, said that he doubted Fermat actually knew a viable proof.
We don't know what these guys have. Whether it's blackmail or not, it still smells bad. I think the money would be better spent on real security researchers who disclose what they find.
The problem is how to record this in a database using the epoch calculations provided by the POSIX standard. Read it carefully. Leap seconds are handled outside the epoch calculation. It's as though they never happened.
The question is what do you want to do with the time of day. Should it be astronomically based? This is not a trivial question.
Many electric grids are required to be timed with accuracy of better than 10 milliseconds. Remote Telemetry Units need to record events with a time stamp that might mean something to an operations control center. The problem is what do you do with leap seconds?
The POSIX standard time epoch doesn't include leap seconds. So you're left with a terrible morass of a problem. Do you do what the NTP deamon does, by slewing the clock at some known rate? The problem with that is that while events remain in sequence, the time between events is not accurate. Do you simply include a second 59th second? The problem there is that events will be recorded out of order and they can't be sorted back.
And yet, many also have legal requirements to adhere to a UTC based time standard.
Ladies and Gentlemen, the problem isn't the leap-second concept. The problem is our damnable entrenched software standards. We're trying to fix this problem by creating another.
The larger question is this: How much longer is Microsoft going to maintain backward compatibility with the original VBA apps and object models? What's the cost of rewriting that?
Basically, it's the devil you know versus the devil you don't. Some will take that gamble. Some won't. We'll see who comes out on top...
I was going to point out the same thing, but for one very critical difference: Back then, most Linux Desktops weren't quite there. It's much closer today.
Today, we have OpenOffice if you don't like the conventional Office 2007. We have many releases of Linux and even BSD that look pretty nice on a desktop. And if you don't want a bloated OS, you can pare this thing down to however little you can manage with.
That's huge. No CIO should ignore it this time. They may still head for Vista. But more and more of them are starting to see that there are real alternatives out there right now. Meanwhile, Vista is looking more and more half baked --and it doesn't even solve many problems that XP had.
It's not the parents... it's the system of do-gooders that make life hell on parents.
As a very active daddy of three young children, I say Bravo! Busybodies would have told me that my kids were doomed. But where would they be if they didn't get a skinned knee, fall out of a tree, hit a thumb with a hammer, or get burned from a soldering iron?
Would they ever learn why safety should come first? They have to see consequences or nothing will make sense. It's a big bad world out there. How can they safely graduate to more dangerous activities without learning to handle smaller ones?
I wonder how much of the high accident rate of teen drivers is due to their distorted judgement of risk? And how much of that risk is due to the pandering way that our society has used to protect them from everything?
There are lots of antennas that are tuneable on the fly. Diode switching can do that. So can mechanical antennas. At microwave frequencies, conventional antennas can be very broad-banded.
Oh, and jamming actually DOES work on many frequencies at once. Ever heard of repeating jammers? Something else to consider: Jammers used against radar don't need to be as powerful as the radar. They only need to cover up the echo. The echo dies off according to the distance to the fourth power. The more powerful the radar, the further out the burn-through distance.
Look it up.
Something else to consider: What is the conductivity of plasma? Is it comparable to, say, a superconductor? No? Then why is the military wasting time with such gewgaws and gimcracks? Let's not forget that the plasma takes energy to produce and that energy required may be pretty intense. It will also radiate.
This project seems be more of a research exercise than anything that might be remotely practical.
If autopilots could fly airplanes so well, airline pilots would be in the history books. The problem? Stuff happens while in flight. That's why a ship has a captain and an aircraft has a pilot in command. Yes, the autopilots are pretty damned good. But they can't make weather or airport condition decisions for you.
Stumble in to an embedded thunderstorm while flying a small aircraft, and you'll be lucky to survive. Autopilots can't see lenticular clouds either, or understand what they imply. The latter don't even show up on radar.
But don't listen to me. I'm just an instrument rated pilot who owns an airplane and has been flying for nearly 20 years. What would I know?
I'm not exactly sure why the Post Syndicate spiked this strip. If it was about Islam, it was very gentle stuff. The joke was more about the Lola Granola character's interpretation of a religion she just picked up the day before, than it was about the religion itself. And in the strip from last Sunday, Opus mocked Jerry Falwell. Did any of his followers threaten to murder Mr. Breathed?
No-one of any belief has the right not to be offended. I'm sorry if an opinion offends radical Islamists. Let them explain why it is offensive so that we can all learn something. Our society is strong enough to handle the likes of Piss Christ by Maplethorpe. If a segment of Islamic society is so fragile that we must spike a cartoon which gently mocks them (lest they get angry and commit acts of terror) then we are no longer living in a Western Society.
The Washington Post Syndicate ought to be ashamed of itself. This is Cowardice.
Let's see. We offer education in English, Algebra, Geometry, History, Calculus, and even Civics. It's free. In fact, it's even mandatory. It's called High school. Do the students take much advantage of it?
Now we have a proposal to make engineering and science educations free too. I know many students think they're smart. But do they feel smart enough to stay ahead of a field of applicants guaranteed to lower engineering and science salaries for decades to come? Do you really love the field of study that much?
Supply and demand, folks.
Frankly, not many in the field of engineering or science are financially motivated. Though they live comfortably, most will never afford the memberships in the really posh country clubs where the MBA crowd congregate. The high for us is putting together something big and seeing it work, or discovering something new that nobody has ever seen before. Golf is just a game by comparison.
Nah. We need better PR for engineers. I can't recall a single realistic TV show about engineers besides Dilbert. And it didn't last long, did it?
As someone who works for a water and sewer utility, I have to say this isn't such a crazy idea. HOWEVER, they need to consider a very disgusting reality: Grease buildup. We routinely jet-rod the sewer pipes to scour out the grease buildups.
If we do not do this, we risk having a storm flow do it for us. The grease coagulates and can form a blockage in the sewer mains. I've been at a large wastewater pumping station during a storm and these grease balls trap sewage, causing sewage overflows, despite an otherwise properly running pumping station.
What does bearing does this have with a network cable through the sewers? Well, it better be VERY tough and resilient to grease buildup. The force of jet rodding the pipe could easily break the cable unless it's been designed for this sort of abuse.
Oh, and by the way, if you haven't already learned this, DO NOT POUR GREASE OR FAT DOWN THE DRAIN! The stuff I'm talking about is the irreducible, routine buildup. The less of it you send down the drain, the less likely it will be that you'll have a backup flood your basement with it.
Well, there are those of us who DO know the code. And the older you are, the more likely you'll know what it is and how to use it. Besides, I doubt you really have looked in to this, but a morse code keyer requires only very feeble movements to send a string of decently fast morse. It's probably faster than a paper and pencil. And computers can copy the results and display them on a screen.
It's not as stupid as it sounds for the short term.
Dear anonymous (and obnoxious) coward: It's called defense in depth. I cited that strategy in my last post. We are not exposed directly, and I never implied that we were.
Meanwhile, you may think you're not connected. But you probably are. Someone will do it for you if you haven't done it yourself. Just ask the nice folks at TVA Brown's Ferry about their reactor scram a couple months back. Ask the folks at Harrisburg PA Water. Ask Maroochy Shire in Queensland, Australia. There are many more incidents. I just cited the well known ones. I know several researchers with much more incident information which is not public. They tell me that what's public is just the tip of the iceberg. Most of the victims thought they were pretty well isolated and it turned out that they weren't.
If you really think that nobody is connected to your network then you must be either 1) working on SIL-rated systems, 2) your reporting requirements are awfully lenient, or 3) in denial.
We know we're connected. We know what is connected, and we know how it is connected. We firewall ourselves very carefully. We simply can't avoid connecting to the rest of the world because we need their data and they need ours. Energy pricing data, weather forecasts, system modeling data, and demand forecasting are examples. We have reports to make to the state and federal agencies. The volume of such data is not getting any smaller. By meeting these demands in a reasonable and secure fashion, we preclude the liklihood that someone will violate the ultra-strict "no-connections-allowed" policy.
And yes, I'm confessing that even with such measures, we could be hit by a very capable red team or a zero-day attack. So could your so-called isolated network. I've seen it time and time again: Those who think they're isolated, unless their network is very small and and self monitored, usually have a compromise somewhere. You need to plan for it, or suffer the consequences.
I am a registered professional controls engineer. I design and manage a large SCADA system. I'm also a member of the SP-99 standards committee (the ISA standard for industrial control system security).
Industrial Control System Security is the subject of many books (with many more on the way), security committees, and even pending regulation. I could spend a long time trying to explain why things are the way they are. Here's an overview of the issue:
1) SCADA systems started out in isolation. Most were never designed for internet access and many were designed without any thought to security because there is a more important concern: Reliability and performance.
2) Office folks got wind of what information could be had from SCADA systems and the next thing that happened were a mass of people clamoring for the data. However, very few gave much thought to how that data could be extracted securely without affecting the reliability or performance of the system. As a result, there are many security compromises.
3) It's not easy to retrofit security in to an existing SCADA system. It would be like putting seat belts and air-bags on a Ford Model T. Such measures will help, but what is really needed is a re-engineering of the whole system.
4) Many of the protocols we use every day live in carefully validated embedded systems. You can't just "update" them without digging in to a morass of other embedded systems issues, in addition to the protocol itself, you have issues of performance and expected behavior. For this reason, updates of embedded firmware are rare.
5) SCADA systems live for a long time. Typical lifetimes are at least 10 years for the field devices and five years for the control room software and hardware. These configurations are carefully validated (a very tedious and expensive process), so companies are loath to upgrade them unless there is a very good reason to do so.
I can go on, but that's should give you a taste of what the situation is.
Now for the reality of interational red-teams. Yes, they exist. The US has them too. I don't design for a red team. First, that would require very frequent software upgrades, something which I've already explained is not feasible for most SCADA system operators. Second, we opt for defense in depth. We try to segment our systems so that they fail in to smaller peices which are semi-autonomous in themselves. They won't be as efficient, but they will continue to work. And finally, in case you hadn't noticed, we design our physical security to eliminate the casual vandal, not the determined para-military group. The cost of going fully secure is so high that nobody would be willing to pay for it.
At the utility where I work, we keep our SCADA system carefully shielded behind firewalls. Yet many other SCADA system managers do not understand the security issues because they're not IT savvy. Conversely, most IT staffers in utilities and manufacturing companies do not understand what a SCADA really is and does. This is not just another app. The notion of a real time or even a near real time system is alien to most. Furthermore, there is no such thing as "rebooting" in this business. In most IT applications, restarting the application or rebooting the machine is routine. Not so in SCADA. If we restart, we often lose track of many critical on-going processses. You see in most IT applications, they are the whole system. With SCADA, there is a physical world of things going on with or without them. If you're not up and running all the time, you're probably going to miss something critical.
Finally, opening dams by remote control isn't likely. We have dams where I work too. Even if we did open them by remote control (we open ours manually), the systems that we use are as far as possible from the internet, and even our office intranet. Yes, we can wash out parts of a town downstream if we're not careful. The operators of such dams are licensed and they must be very careful about how the
At last count I think there were something like 38 states that offer Control Systems Engineering as a practice of engineering one can register for. This is basically the ISA's Control Systems Engineer certification.
For those who are clueless about the whys and wherefores of registration of professional engineers: All states in the US offer tests for which you can become a registered professional engineer. It's basically a way to put your name on the line. You stamp the drawings and documents with a seal that says you take responsibility for the design. Note that this stamp works both ways. If you consult and the customer changes your stamped design before or during construction, you can not be held liable. However, if they adhere to your design and it fails to perform as expected, you can be held liable.
It also entitles you to act as expert witness in a court of law. Many municipalities insist that a senior operations or design office have a registered professional engineer in charge.
Control Systems Engineering is an extremely broad field of study. It includes practical applications of thermodynamics, fluids, valve types and applications, instrumentation, real time network design, Laplace transforms of various process behaviors, Understanding P&I Diagrams, and so on. There is a lot to study and a lot to know. I came at my practice via an electrical engineering degree. However, there are nearly as many chemical, mechanical, and civil engineers among our ranks.
Most schools don't teach controls engineering. The ISA is hoping to slowly change that. However, there aren't many who choose to get in to engineering in the first place. Engineering doesn't present a clear promotion path to the executive halls as one might see with the sales, accounting, or legal professions. So most of our students are in it for the love of the subject, not because they seek to become top dawg of the company.
On the positive side, Professional Engineers often have opportunities to join standards committees. And it is through the standards processes that one can really make a difference in the world. I wish there were more people interested in this sort of thing, but sadly, very few students want to think that far ahead...
I'll second what Rogue974 said. I'm a registered control systems engineer. Before you go "monitoring" a furnace you need to consider several things:
1) Where is your data going? Who might use it and how.
2) What instrumentation are you going to use and how will it interfere with the process?
3) What are the safety and reliability issues?
4) Are there any legal ramifications?
These systems may be independent for a very good reason. I can't tell you how many data geeks have salivated over the SCADA and plant control systems I design and manage. All these folks mean well. However, they see this information as a wonderful fountain of pure lovely unadulterated data. Yeah, right, and the Brooklyn Bridge is for sale too. This data is subject to all sorts of problems including calibration errors, maintainance, gaps in the real time data stream, and so forth. That's why you have operators.
There are serious and very complex safety issues with using this data. It may not be up to standards for use as a database of record. It may even confuse things. It may also be subject to hacking. Note to all: Yes, it's true, process control systems are highly subject to hacking because patches are not applied in as timely a fashion. We have to make sure the patches work and are ultra stable before we apply them to a working industrial control system. That's why we try to stay off of the IT intranets. It's not that we don't want to share the data. It's that we don't want to spread incorrect data.
The operators are there to act as a primary source of data for you. Let them do their jobs. If you think that you can simplify their jobs, work with them. Don't foist some cheesy embedded system on them to do the job of a hardened industrial controller. You won't keep their trust that way.
In the long run, it's usually worth the expense to purchase a hardened controller to do this job. Could you do it yourself? Sure. Would it work well enough for anyone to use on the very first try? Not likely.
If you choose to forge ahead anyway, keep your eyes and ears wide open for experienced hands to give you suggestions. Part of the plant mentality is that we'll say our peice just once. If the outsider is any good, they'll listen to the wise suggestions. If not, their stuff will just break and we'll throw it out at the first opportunity. Our trash heap of such well meant projects is embarrassingly large. Be prepared to listen and learn.
Please don't confuse education for experience. I know more educated idiots than I'd like to. They learn to regurgitate all sorts of things back on a test, but they somehow can't apply a damned thing they've "learned."
That's why when I said idiot, I meant it. Some people learn from experience and some do not. The ones who can not learn from any experience whatsoever are the idiots. They are thankfully few, but they do exist. And in large companies, where education and certificates seem to be the currency where people get ahead you will eventually encounter one of these educated and certified idiots.
I was not discussing inexperience. Inexperienced people can still learn on the job. They observe. They ask questions. They're not stupid. This is not an elitist attitude.
I don't parade my certificates all over the place. You mistake me for someone who is actually deluded by such things. I get these damned things to get paid well and to use as a credential for those who don't seem to have the capacity to understand anything else. Those people exist too. I don't know why they see the world that way, but the fact that they exist and that they're in charge is reason enough for me to have to placate them. So I do.
Actually, I have lots of certificates. I have formal training. The thing is, I was technically proficient BEFORE I got those certificates. The certificates were simply a means to prove to my PHBB and the HR weenies that I really am worthy of the salary I have. Being relatively honest about such things, I don't usually bother to get certified for something unless I'm serious about using that certification. I'm not a certificate collector. My career is not some merit badge collection from the Boy Scouts. However, the way they write job descriptions these days, one is often reduced to collecting a mess of badges for this, for that, and for other stuff...
The reason I have this attitude is because I know many others who also have these certificates. Their capabilities range from extraordinarily adept, to blithering idiot. The certificate may indicate exposure to knowledge, but the application of that knowlege is an entirely different thing. That's what separates the pretenders from those who really do know and care. In large organizations, the only thing they can show is evidence of training. Sadly, there is a very wide gulf between that and someone who really performs well on the job. And that gap is not easily measured in any way. That's why large organizations have such strong tendencies toward mediocrity.
Answer: they're usually the height of mediocrity. The best and brightest, if they're there, are often ignored.
The notion that lots of big companies have spam bots all over the place is not all that hard for me to believe. Their IT divisions are often poorly staffed with folks who were selected with more input from HR than from the actual manager. They look at the certificates and then decide if a person is OK for the job. Honestly, the certificates are not a good gatekeepers to ensure that people without a clue don't find themselves on the front line. They can't be.
We all have known people who were extremely good at passing tests, but for reasons unknown to the rest of us, are unable to use those very skills in a real application. Those are the people who all too frequently end up in big organizations, pretending to know what real IT is. There is no substitute for learning from experience.
And these corporations are about to have one of those learning experiences. It won't be pleasant.
Mod that parent post from a fellow Technocrat up. I was going to point that out too. Coins are inherently shielded. The only way I can envision one radiating is if you split the coin down the middle and inserted a non-conducting peice between the two halves. Even then, I doubt you could get it to radiate far.
I have heard of certain high value paper currency containing RFID. But that's for authentication of the currency, not for tracking. Frankly, I can't imagine why anyone would bother doing this with coins...
I'm not sure what you mean by "Clear Channel Stations."
However, if you want to develop an ear for real propaganda, try listening to news about the same event reported by various countries. You'll come to realize that there are no unbiased sources. Take the facts as you find them, match them against your own education and experience and form an opinion. Learn to recognize opinion from fact, and the importance of a reporter's viewpoints.
It's all propaganda for somebody. It's up to you to decide where and how this stuff fits together.
Years ago, some friends of mine used to find sport listening to "Numbers Stations". One in particular, during the Soviet era, used to identify itself as "The Moscow Radiotelephone Station." They would get on the air and proclaim "This data is for Testing Purposes Only, from the Moscow Radio Telephone Station, Book xx, Page yy, Group zz..." and then proceed with five letter cipher groups in perfect english phonetics. (Substitute xx, yy, and zz with whatever numbers of book, page and group they were sending at the time).
They were once reputed to have closed their broadcast on New Year's Eve with "and greetings to our friends in the CIA." Who says spies have no sense of humor?
Slashdot Mirror
It doesn't transmit such signals for several reasons. First, there may not be anybody listening. You have to point this thing at an orbital satellite for any reliability. Even then, communications reliability can still be screwed up by a good sized solar storm.
Second, if there is airframe damage (like the Aloha 737) you could easily lose the connection to an antenna.
Third, airline pilot unions have a special agreement that says that cockpit conversations are confidential except in an accident. Further, the actual cockpit voice recorder audio is kept confidential. They don't want to upset the families of the victims. That's why you only see transcripts of their last words.
Finally, with all the airliners out there transmitting continuously, it would chew up a lot of bandwidth. Somebody has to pay for it.
I have this lovely demonstration, but you have to pay me to show you how it works. How do we know it is a real hack? How do we know it isn't a shake down?
This is a shade of Fermat's last theorem. Wiles, after he finally proved it, said that he doubted Fermat actually knew a viable proof.
We don't know what these guys have. Whether it's blackmail or not, it still smells bad. I think the money would be better spent on real security researchers who disclose what they find.
How about Water-Snake? It is venomous and it bites.
The problem is how to record this in a database using the epoch calculations provided by the POSIX standard. Read it carefully. Leap seconds are handled outside the epoch calculation. It's as though they never happened.
The question is what do you want to do with the time of day. Should it be astronomically based? This is not a trivial question.
Many electric grids are required to be timed with accuracy of better than 10 milliseconds. Remote Telemetry Units need to record events with a time stamp that might mean something to an operations control center. The problem is what do you do with leap seconds?
The POSIX standard time epoch doesn't include leap seconds. So you're left with a terrible morass of a problem. Do you do what the NTP deamon does, by slewing the clock at some known rate? The problem with that is that while events remain in sequence, the time between events is not accurate. Do you simply include a second 59th second? The problem there is that events will be recorded out of order and they can't be sorted back.
And yet, many also have legal requirements to adhere to a UTC based time standard.
Ladies and Gentlemen, the problem isn't the leap-second concept. The problem is our damnable entrenched software standards. We're trying to fix this problem by creating another.
I think you know the answer to that question.
The larger question is this: How much longer is Microsoft going to maintain backward compatibility with the original VBA apps and object models? What's the cost of rewriting that?
Basically, it's the devil you know versus the devil you don't. Some will take that gamble. Some won't. We'll see who comes out on top...
I was going to point out the same thing, but for one very critical difference: Back then, most Linux Desktops weren't quite there. It's much closer today.
Today, we have OpenOffice if you don't like the conventional Office 2007. We have many releases of Linux and even BSD that look pretty nice on a desktop. And if you don't want a bloated OS, you can pare this thing down to however little you can manage with.
That's huge. No CIO should ignore it this time. They may still head for Vista. But more and more of them are starting to see that there are real alternatives out there right now. Meanwhile, Vista is looking more and more half baked --and it doesn't even solve many problems that XP had.
As a very active daddy of three young children, I say Bravo! Busybodies would have told me that my kids were doomed. But where would they be if they didn't get a skinned knee, fall out of a tree, hit a thumb with a hammer, or get burned from a soldering iron?
Would they ever learn why safety should come first? They have to see consequences or nothing will make sense. It's a big bad world out there. How can they safely graduate to more dangerous activities without learning to handle smaller ones?
I wonder how much of the high accident rate of teen drivers is due to their distorted judgement of risk? And how much of that risk is due to the pandering way that our society has used to protect them from everything?
There are lots of antennas that are tuneable on the fly. Diode switching can do that. So can mechanical antennas. At microwave frequencies, conventional antennas can be very broad-banded.
Oh, and jamming actually DOES work on many frequencies at once. Ever heard of repeating jammers? Something else to consider: Jammers used against radar don't need to be as powerful as the radar. They only need to cover up the echo. The echo dies off according to the distance to the fourth power. The more powerful the radar, the further out the burn-through distance.
Look it up.
Something else to consider: What is the conductivity of plasma? Is it comparable to, say, a superconductor? No? Then why is the military wasting time with such gewgaws and gimcracks? Let's not forget that the plasma takes energy to produce and that energy required may be pretty intense. It will also radiate.
This project seems be more of a research exercise than anything that might be remotely practical.
Mod parent back down folks.
If autopilots could fly airplanes so well, airline pilots would be in the history books. The problem? Stuff happens while in flight. That's why a ship has a captain and an aircraft has a pilot in command. Yes, the autopilots are pretty damned good. But they can't make weather or airport condition decisions for you.
Stumble in to an embedded thunderstorm while flying a small aircraft, and you'll be lucky to survive. Autopilots can't see lenticular clouds either, or understand what they imply. The latter don't even show up on radar.
But don't listen to me. I'm just an instrument rated pilot who owns an airplane and has been flying for nearly 20 years. What would I know?
I'm not exactly sure why the Post Syndicate spiked this strip. If it was about Islam, it was very gentle stuff. The joke was more about the Lola Granola character's interpretation of a religion she just picked up the day before, than it was about the religion itself. And in the strip from last Sunday, Opus mocked Jerry Falwell. Did any of his followers threaten to murder Mr. Breathed?
No-one of any belief has the right not to be offended. I'm sorry if an opinion offends radical Islamists. Let them explain why it is offensive so that we can all learn something. Our society is strong enough to handle the likes of Piss Christ by Maplethorpe. If a segment of Islamic society is so fragile that we must spike a cartoon which gently mocks them (lest they get angry and commit acts of terror) then we are no longer living in a Western Society.
The Washington Post Syndicate ought to be ashamed of itself. This is Cowardice.
Let's see. We offer education in English, Algebra, Geometry, History, Calculus, and even Civics. It's free. In fact, it's even mandatory. It's called High school. Do the students take much advantage of it?
Now we have a proposal to make engineering and science educations free too. I know many students think they're smart. But do they feel smart enough to stay ahead of a field of applicants guaranteed to lower engineering and science salaries for decades to come? Do you really love the field of study that much?
Supply and demand, folks.
Frankly, not many in the field of engineering or science are financially motivated. Though they live comfortably, most will never afford the memberships in the really posh country clubs where the MBA crowd congregate. The high for us is putting together something big and seeing it work, or discovering something new that nobody has ever seen before. Golf is just a game by comparison.
Nah. We need better PR for engineers. I can't recall a single realistic TV show about engineers besides Dilbert. And it didn't last long, did it?
As someone who works for a water and sewer utility, I have to say this isn't such a crazy idea. HOWEVER, they need to consider a very disgusting reality: Grease buildup. We routinely jet-rod the sewer pipes to scour out the grease buildups.
If we do not do this, we risk having a storm flow do it for us. The grease coagulates and can form a blockage in the sewer mains. I've been at a large wastewater pumping station during a storm and these grease balls trap sewage, causing sewage overflows, despite an otherwise properly running pumping station.
What does bearing does this have with a network cable through the sewers? Well, it better be VERY tough and resilient to grease buildup. The force of jet rodding the pipe could easily break the cable unless it's been designed for this sort of abuse.
Oh, and by the way, if you haven't already learned this, DO NOT POUR GREASE OR FAT DOWN THE DRAIN! The stuff I'm talking about is the irreducible, routine buildup. The less of it you send down the drain, the less likely it will be that you'll have a backup flood your basement with it.
Well, there are those of us who DO know the code. And the older you are, the more likely you'll know what it is and how to use it. Besides, I doubt you really have looked in to this, but a morse code keyer requires only very feeble movements to send a string of decently fast morse. It's probably faster than a paper and pencil. And computers can copy the results and display them on a screen.
It's not as stupid as it sounds for the short term.
Dear anonymous (and obnoxious) coward: It's called defense in depth. I cited that strategy in my last post. We are not exposed directly, and I never implied that we were.
Meanwhile, you may think you're not connected. But you probably are. Someone will do it for you if you haven't done it yourself. Just ask the nice folks at TVA Brown's Ferry about their reactor scram a couple months back. Ask the folks at Harrisburg PA Water. Ask Maroochy Shire in Queensland, Australia. There are many more incidents. I just cited the well known ones. I know several researchers with much more incident information which is not public. They tell me that what's public is just the tip of the iceberg. Most of the victims thought they were pretty well isolated and it turned out that they weren't.
If you really think that nobody is connected to your network then you must be either 1) working on SIL-rated systems, 2) your reporting requirements are awfully lenient, or 3) in denial.
We know we're connected. We know what is connected, and we know how it is connected. We firewall ourselves very carefully. We simply can't avoid connecting to the rest of the world because we need their data and they need ours. Energy pricing data, weather forecasts, system modeling data, and demand forecasting are examples. We have reports to make to the state and federal agencies. The volume of such data is not getting any smaller. By meeting these demands in a reasonable and secure fashion, we preclude the liklihood that someone will violate the ultra-strict "no-connections-allowed" policy.
And yes, I'm confessing that even with such measures, we could be hit by a very capable red team or a zero-day attack. So could your so-called isolated network. I've seen it time and time again: Those who think they're isolated, unless their network is very small and and self monitored, usually have a compromise somewhere. You need to plan for it, or suffer the consequences.
I am a registered professional controls engineer. I design and manage a large SCADA system. I'm also a member of the SP-99 standards committee (the ISA standard for industrial control system security).
Industrial Control System Security is the subject of many books (with many more on the way), security committees, and even pending regulation. I could spend a long time trying to explain why things are the way they are. Here's an overview of the issue:
1) SCADA systems started out in isolation. Most were never designed for internet access and many were designed without any thought to security because there is a more important concern: Reliability and performance.
2) Office folks got wind of what information could be had from SCADA systems and the next thing that happened were a mass of people clamoring for the data. However, very few gave much thought to how that data could be extracted securely without affecting the reliability or performance of the system. As a result, there are many security compromises.
3) It's not easy to retrofit security in to an existing SCADA system. It would be like putting seat belts and air-bags on a Ford Model T. Such measures will help, but what is really needed is a re-engineering of the whole system.
4) Many of the protocols we use every day live in carefully validated embedded systems. You can't just "update" them without digging in to a morass of other embedded systems issues, in addition to the protocol itself, you have issues of performance and expected behavior. For this reason, updates of embedded firmware are rare.
5) SCADA systems live for a long time. Typical lifetimes are at least 10 years for the field devices and five years for the control room software and hardware. These configurations are carefully validated (a very tedious and expensive process), so companies are loath to upgrade them unless there is a very good reason to do so.
I can go on, but that's should give you a taste of what the situation is.
Now for the reality of interational red-teams. Yes, they exist. The US has them too. I don't design for a red team. First, that would require very frequent software upgrades, something which I've already explained is not feasible for most SCADA system operators. Second, we opt for defense in depth. We try to segment our systems so that they fail in to smaller peices which are semi-autonomous in themselves. They won't be as efficient, but they will continue to work. And finally, in case you hadn't noticed, we design our physical security to eliminate the casual vandal, not the determined para-military group. The cost of going fully secure is so high that nobody would be willing to pay for it.
At the utility where I work, we keep our SCADA system carefully shielded behind firewalls. Yet many other SCADA system managers do not understand the security issues because they're not IT savvy. Conversely, most IT staffers in utilities and manufacturing companies do not understand what a SCADA really is and does. This is not just another app. The notion of a real time or even a near real time system is alien to most. Furthermore, there is no such thing as "rebooting" in this business. In most IT applications, restarting the application or rebooting the machine is routine. Not so in SCADA. If we restart, we often lose track of many critical on-going processses. You see in most IT applications, they are the whole system. With SCADA, there is a physical world of things going on with or without them. If you're not up and running all the time, you're probably going to miss something critical.
Finally, opening dams by remote control isn't likely. We have dams where I work too. Even if we did open them by remote control (we open ours manually), the systems that we use are as far as possible from the internet, and even our office intranet. Yes, we can wash out parts of a town downstream if we're not careful. The operators of such dams are licensed and they must be very careful about how the
Yes. Controls Engineering is recognized by NCEES.
At last count I think there were something like 38 states that offer Control Systems Engineering as a practice of engineering one can register for. This is basically the ISA's Control Systems Engineer certification.
For those who are clueless about the whys and wherefores of registration of professional engineers: All states in the US offer tests for which you can become a registered professional engineer. It's basically a way to put your name on the line. You stamp the drawings and documents with a seal that says you take responsibility for the design. Note that this stamp works both ways. If you consult and the customer changes your stamped design before or during construction, you can not be held liable. However, if they adhere to your design and it fails to perform as expected, you can be held liable.
It also entitles you to act as expert witness in a court of law. Many municipalities insist that a senior operations or design office have a registered professional engineer in charge.
Control Systems Engineering is an extremely broad field of study. It includes practical applications of thermodynamics, fluids, valve types and applications, instrumentation, real time network design, Laplace transforms of various process behaviors, Understanding P&I Diagrams, and so on. There is a lot to study and a lot to know. I came at my practice via an electrical engineering degree. However, there are nearly as many chemical, mechanical, and civil engineers among our ranks.
Most schools don't teach controls engineering. The ISA is hoping to slowly change that. However, there aren't many who choose to get in to engineering in the first place. Engineering doesn't present a clear promotion path to the executive halls as one might see with the sales, accounting, or legal professions. So most of our students are in it for the love of the subject, not because they seek to become top dawg of the company.
On the positive side, Professional Engineers often have opportunities to join standards committees. And it is through the standards processes that one can really make a difference in the world. I wish there were more people interested in this sort of thing, but sadly, very few students want to think that far ahead...
I'll second what Rogue974 said. I'm a registered control systems engineer. Before you go "monitoring" a furnace you need to consider several things:
1) Where is your data going? Who might use it and how.
2) What instrumentation are you going to use and how will it interfere with the process?
3) What are the safety and reliability issues?
4) Are there any legal ramifications?
These systems may be independent for a very good reason. I can't tell you how many data geeks have salivated over the SCADA and plant control systems I design and manage. All these folks mean well. However, they see this information as a wonderful fountain of pure lovely unadulterated data. Yeah, right, and the Brooklyn Bridge is for sale too. This data is subject to all sorts of problems including calibration errors, maintainance, gaps in the real time data stream, and so forth. That's why you have operators.
There are serious and very complex safety issues with using this data. It may not be up to standards for use as a database of record. It may even confuse things. It may also be subject to hacking. Note to all: Yes, it's true, process control systems are highly subject to hacking because patches are not applied in as timely a fashion. We have to make sure the patches work and are ultra stable before we apply them to a working industrial control system. That's why we try to stay off of the IT intranets. It's not that we don't want to share the data. It's that we don't want to spread incorrect data.
The operators are there to act as a primary source of data for you. Let them do their jobs. If you think that you can simplify their jobs, work with them. Don't foist some cheesy embedded system on them to do the job of a hardened industrial controller. You won't keep their trust that way.
In the long run, it's usually worth the expense to purchase a hardened controller to do this job. Could you do it yourself? Sure. Would it work well enough for anyone to use on the very first try? Not likely.
If you choose to forge ahead anyway, keep your eyes and ears wide open for experienced hands to give you suggestions. Part of the plant mentality is that we'll say our peice just once. If the outsider is any good, they'll listen to the wise suggestions. If not, their stuff will just break and we'll throw it out at the first opportunity. Our trash heap of such well meant projects is embarrassingly large. Be prepared to listen and learn.
Please don't confuse education for experience. I know more educated idiots than I'd like to. They learn to regurgitate all sorts of things back on a test, but they somehow can't apply a damned thing they've "learned."
That's why when I said idiot, I meant it. Some people learn from experience and some do not. The ones who can not learn from any experience whatsoever are the idiots. They are thankfully few, but they do exist. And in large companies, where education and certificates seem to be the currency where people get ahead you will eventually encounter one of these educated and certified idiots.
I was not discussing inexperience. Inexperienced people can still learn on the job. They observe. They ask questions. They're not stupid. This is not an elitist attitude.
I don't parade my certificates all over the place. You mistake me for someone who is actually deluded by such things. I get these damned things to get paid well and to use as a credential for those who don't seem to have the capacity to understand anything else. Those people exist too. I don't know why they see the world that way, but the fact that they exist and that they're in charge is reason enough for me to have to placate them. So I do.
Actually, I have lots of certificates. I have formal training. The thing is, I was technically proficient BEFORE I got those certificates. The certificates were simply a means to prove to my PHBB and the HR weenies that I really am worthy of the salary I have. Being relatively honest about such things, I don't usually bother to get certified for something unless I'm serious about using that certification. I'm not a certificate collector. My career is not some merit badge collection from the Boy Scouts. However, the way they write job descriptions these days, one is often reduced to collecting a mess of badges for this, for that, and for other stuff...
The reason I have this attitude is because I know many others who also have these certificates. Their capabilities range from extraordinarily adept, to blithering idiot. The certificate may indicate exposure to knowledge, but the application of that knowlege is an entirely different thing. That's what separates the pretenders from those who really do know and care. In large organizations, the only thing they can show is evidence of training. Sadly, there is a very wide gulf between that and someone who really performs well on the job. And that gap is not easily measured in any way. That's why large organizations have such strong tendencies toward mediocrity.
Answer: they're usually the height of mediocrity. The best and brightest, if they're there, are often ignored.
The notion that lots of big companies have spam bots all over the place is not all that hard for me to believe. Their IT divisions are often poorly staffed with folks who were selected with more input from HR than from the actual manager. They look at the certificates and then decide if a person is OK for the job. Honestly, the certificates are not a good gatekeepers to ensure that people without a clue don't find themselves on the front line. They can't be.
We all have known people who were extremely good at passing tests, but for reasons unknown to the rest of us, are unable to use those very skills in a real application. Those are the people who all too frequently end up in big organizations, pretending to know what real IT is. There is no substitute for learning from experience.
And these corporations are about to have one of those learning experiences. It won't be pleasant.
Mod that parent post from a fellow Technocrat up. I was going to point that out too. Coins are inherently shielded. The only way I can envision one radiating is if you split the coin down the middle and inserted a non-conducting peice between the two halves. Even then, I doubt you could get it to radiate far.
I have heard of certain high value paper currency containing RFID. But that's for authentication of the currency, not for tracking. Frankly, I can't imagine why anyone would bother doing this with coins...
I'm not sure what you mean by "Clear Channel Stations."
However, if you want to develop an ear for real propaganda, try listening to news about the same event reported by various countries. You'll come to realize that there are no unbiased sources. Take the facts as you find them, match them against your own education and experience and form an opinion. Learn to recognize opinion from fact, and the importance of a reporter's viewpoints.
It's all propaganda for somebody. It's up to you to decide where and how this stuff fits together.
Years ago, some friends of mine used to find sport listening to "Numbers Stations". One in particular, during the Soviet era, used to identify itself as "The Moscow Radiotelephone Station." They would get on the air and proclaim "This data is for Testing Purposes Only, from the Moscow Radio Telephone Station, Book xx, Page yy, Group zz..." and then proceed with five letter cipher groups in perfect english phonetics. (Substitute xx, yy, and zz with whatever numbers of book, page and group they were sending at the time).
They were once reputed to have closed their broadcast on New Year's Eve with "and greetings to our friends in the CIA." Who says spies have no sense of humor?