SCADA Security Hack Chat

Join us on Wednesday, July 14 at noon Pacific for the SCADA Security Hack Chat with Éireann Leverett!

As a society, we’ve learned a lot of hard lessons over the last year and a half or so. But one of the strongest lessons we’ve faced is the true fragility of our infrastructure. The crumbling buildings and bridges and their tragic consequences are one thing, but along with attacks on the food and energy supply chains, it’s clear that our systems are at the most vulnerable as their complexity increases.

And boy are we good at making complex systems. In the United States alone, millions of miles of cables and pipelines stitch the country together from one coast to the other, much of it installed in remote and rugged places. Such far-flung systems require monitoring and control, which is the job of supervisory control and data acquisition, or SCADA, systems. These networks have grown along with the infrastructure, often in a somewhat ad hoc manner, and given their nature they can be tempting targets for threat actors.

Finding ways to secure such systems is very much on Éireann Leverett’s mind. As a Senior Risk Researcher at the University of Cambridge, he knows about the threats to our infrastructure and works to find ways to mitigate them. His book Solving Cyber Risk lays out a framework for protecting IT infrastructure in general. For this Hack Chat, Éireann will be addressing the special needs of SCADA systems, and how best to protect these networks. Drop by with your questions about infrastructure automation, mitigating cyber risks, and what it takes to protect the endless web of pipes and wires we all need to survive.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 14 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Evaluating Raspberry Pi As A Programmable Logic Controller

It should be no surprise to many that one can use a Raspbery Pi SBC as an industrial controller, but is it any good at that? That was the question which [Dough Reneker] and [William Shaffer] built a test rig to see how a Raspberry Pi performs in head to head tests. They compared a Python-based control loop on a Raspberry Pi 3B against an C0-12DD1E-2-D AutomationDirect CLICK Programmable Logic Controller (PLC) using a simple water heating example.

A major snag with using the Raspberry Pi as a PLC is the lack of industrial I/O capacity. This requires additional hardware, in this case adding a four-channel ADC board as well as a custom board to condition the signals. The Raspberry Pi looks for 0-3 V inputs where industrial control applications are usually in the -10 to 10 V range and often use a 4-20 mA current loop.

Using a PLC leverages so-called ladder logic, where each action depends on conditions. With each update scan, the PLC ensures that all input conditions are translated into the appropriate output conditions in real-time. It’s only job is to monitor the process at hand and it does this very well.

Here the flexibility and generic nature of the Raspberry Pi running Linux was a disadvantage. Unlike the PLC, the lack of a hard real-time OS means you can’t guarantee the Pi will be as responsive to changing inputs.

The behavior of the two systems showed that while both did the task they were programmed for, the Raspberry Pi was decidedly more erratic. Although one could program around a lot of these issues (presumably using Linux in stripped-down, soft real-time configuration with interrupt-driven native code), the effort needed to make a Raspberry Pi system suitable for an industrial environment shows why single-board computers haven’t seen adoption as replacements for PLCs.

Continue reading “Evaluating Raspberry Pi As A Programmable Logic Controller”

Hackaday Links Column Banner

Hackaday Links: April 26, 2020

Gosh, what a shame: it turns out that perhaps 2 billion phones won’t be capable of COVID-19 contact-tracing using the API that Google and Apple are jointly developing. The problem is that the scheme the two tech giants have concocted, which Elliot Williams expertly dissected recently, is based on Bluetooth LE. If a phone lacks a BLE chipset, then it won’t work with apps built on the contact-tracing API, which uses the limited range of BLE signals as a proxy for the physical proximity of any two people. If a user is reported to be COVID-19 positive, all the people whose BLE beacons were received by the infected user’s phone within a defined time period can be anonymously notified of their contact. As Elliot points out, numerous questions loom around this scheme, not least of which is privacy, but for now, something like a third of phones in mature smartphone markets won’t be able to participate, and perhaps two-thirds of the phones in developing markets are not compatible. For those who don’t like the privacy-threatening aspects of this scheme, pulling an old phone out and dusting it off might not be a bad idea.

We occasionally cover stories where engineers in industrial settings use an Arduino for a quick-and-dirty automation solution. This is uniformly met with much teeth-gnashing and hair-rending in the comments asserting that Arduinos are not appropriate for industrial use. Whether true or not, such comments miss the point that the Arduino solution is usually a stop-gap or proof-of-concept deal. But now the purists and pedants can relax, because Automation Direct is offering Arduino-compatible, industrial-grade programmable controllers. Their ProductivityOpen line is compatible with the Arduino IDE while having industrial certifications and hardening against harsh conditions, with a rich line of shields available to piece together complete automation controllers. For the home-gamer, an Arduino in an enclosure that can withstand harsh conditions and only cost $49 might fill a niche.

Speaking of Arduinos and Arduino accessories, better watch out if you’ve got any modules and you come under the scrutiny of an authoritarian regime, because you could be accused of being a bomb maker. Police in Hong Kong allegedly arrested a 20-year-old student and posted a picture of parts he used to manufacture a “remote detonated bomb”. The BOM for the bomb was strangely devoid of anything with wireless capabilities or, you know, actual explosives, and instead looks pretty much like the stuff found on any of our workbenches or junk bins. Pretty scary stuff.

If you’ve run through every binge-worthy series on Netflix and are looking for a bit of space-nerd entertainment, have we got one for you. Scott Manley has a new video that goes into detail on the four different computers used for each Apollo mission. We knew about the Apollo Guidance Computers that guided the Command Module and the Lunar Module, and the Launch Vehicle Digital Computer that got the whole stack into orbit and on the way to the Moon, but we’d never heard of the Abort Guidance System, a backup to the Lunar Module AGC intended to get the astronauts back into lunar orbit in the event of an emergency. And we’d also never heard that there wasn’t a common architecture for these machines, to the point where each had its own word length. The bit about infighting between MIT and IBM was entertaining too.

And finally, if you still find yourself with time on your hands, why not try your hand at pen-testing a military satellite in orbit? That’s the offer on the table to hackers from the US Air Force, proprietor of some of the tippy-toppest secret hardware in orbit. The Hack-A-Sat Space Security Challenge is aimed at exposing weaknesses that have been inadvertantly baked into space hardware during decades of closed development and secrecy, vulnerabilities that may pose risks to billions of dollars worth of irreplaceable assets. The qualification round requires teams to hack a grounded test satellite before moving on to attacking an orbiting platform during DEFCON in August, with prizes going to the winning teams. Get paid to hack government assets and not get arrested? Maybe 2020 isn’t so bad after all.

Watch The Low-Cost Mechatronics Lab Dispense Candy, Sort Cups

A lot can be done with simple motors and linear motion when they are mated to the right mechanical design and control systems. Teaching these principles is the goal behind the LCMT (Low Cost Mechatronics Trainer) which is intended primarily as an educational tool. The LCMT takes a “learn by doing” approach to teach a variety of principles by creating a system that takes a cup from a hopper, fills it with candy from a dispenser, then sorts the cups based on color, all done by using the proper combinations of relatively simple systems.

The Low Cost Mechatronics Trainer can be built for under $1,000 and is the wonderful work of a team from the Anne Arundel Community College in Maryland, USA. The LCMT is clearly no one-off project; there are complete CAD files and build documentation on the site, as well as a complete lab guide for educators.

A demo video of the assembled system is embedded below, with a walkthrough done by [Tim Callinan]. It’s worth a watch to see how cleanly designed the system is, and the visual learners among you may learn a thing or two just by watching the system go through its motions.

Continue reading “Watch The Low-Cost Mechatronics Lab Dispense Candy, Sort Cups”

PLCs In Your Browser

If your usual tools are the Arduino and the Raspberry Pi, you might find it surprising that the industrial world tends to run on Programmable Logic Controllers, or PLCs. You can think of a PLC as a very rugged industrial Arduino, but it’s best not to take that analogy too far. Some PLCs are very simple and some are quite complex, but one thing they do have in common is they are usually programmed using ladder logic. If you’ve ever wanted to learn how to program PLCs — a very marketable job skills in some places — you can now build and simulate ladder logic in your browser. [Garry Shortt] has a video walkthrough of the tool, that you can see below.

If you are used to conventional programming, you may find ladder logic a little frustrating. Originally, it was a documentation tool for relay logic but has grown to handle modern cases. It may actually help you to not think of it so much as a programming language, instead as a tool for drawing relay schematics. Contacts can be normally open or closed and in series or parallel to form AND and OR gates, for example, while coils can activate contacts.

Continue reading “PLCs In Your Browser”

PLC Vs Arduino Show Down

Hackaday readers don’t need an introduction to the Arduino. But in industrial control applications, programmable logic controllers or PLCs are far more common. These are small rugged devices that can do simple things like monitor switches and control actuators. Being ruggedized, they are typically reasonably expensive, especially compared to an Arduino. [Doug Reneker] decided to evaluate an Arduino versus a PLC in a relatively simple industrial-style application.

The application is a simple closed-loop control of flow generated by a pump. A sensor measures flow for the Arduino, which adjusts a control valve actuator to maintain the specified setpoint. The software uses proportional and integral control (the PI part of a PID loop).

Continue reading “PLC Vs Arduino Show Down”

Desktop Factory Teaches PLC Programming

How to train young engineers in industrial automation is a thorny issue. Most factories have big things that can do a lot of damage and cost tons of money if the newbie causes a crash. Solution: shrink the factory down to desktop size and let them practice on that.

Luckily for [Vadim], there’s an off-the-shelf solution for miniaturizing factory automation: FischerTechnik industrial training models. The models have motors, conveyors, pneumatic cylinders, and sensors galore, but the controller is not exactly the industry standard programmable logic controller (PLC). [Vadim] set out to remedy this by building an interface between the FischerTechnik models and a Siemens PLC. He went through a couple of revisions of his board, including one using rivets from the sewing store to interface with the FischerTechnic connectors. Eventually, he settled on more robust connectors and came up with a board that lets students delve into PLC programming without killing anyone. The video below shows it going through its paces; we can only imagine where playing with these kits as a kid would have led us.

As great as [Vadim]’s system is for training engineers, we can also see it helpful in getting kids interested in a career in industrial automation. We recently covered a similar effort to show kids big science using LEGO Mindstorms. Both of these can help get STEM kids to see the wider world of technical careers and perhaps steer them into automation. After all, the people who make the robots are probably going to be the last ones obsoleted, right?

Continue reading “Desktop Factory Teaches PLC Programming”