“Have you tried turning it off and on again?” is a common tech support maneuver that everyone already seems to know and apply to just about all the wonky tech in their life. But would you tell someone to apply it to a reservoir? Someone did, and with disastrous results, at least according to a report on the lead-up to the collapse of a reservoir in the city of Lewiston, Idaho — just across the Snake River from Clarkston, Washington; get it? According to the report, operators at the reservoir had an issue crop up that required a contractor to log into the SCADA (supervisory control and data acquisition) system running the reservoir. The contractor’s quick log-in resulted in him issuing instructions to local staff to unplug the network cable on the SCADA controller and plug it back in. Somehow, that caused a variable in the SCADA system — the one storing the level of water in the reservoir — to get stuck at the current value. This made it appear that the water level was too low, which lead the SCADA system to keep adding water to the reservoir, which eventually collapsed.
Trunked radio systems can be difficult to wrap one’s mind around, and that’s partially by design. They’re typically used by organizations like police, firefighters, and EMS to share a limited radio frequency band with a much larger number of users than would otherwise be able to operate. From a security standpoint, it also limits the effectiveness of scanners who might not know the control methods the trunked systems are using. But now a global standard for encrypted trunked radio systems, known as TETRA, has recently been found to have major security vulnerabilities, which could result in a lot more headache than disrupted voice communications.
One of the vulnerabilities in this radio system was a known backdoor, which seems to have been protected largely via a “security through obscurity” method. Since the system has been around for about 25 years now, it was only a matter of time before this became public knowledge. The backdoor could allow non-authorized users to snoop on encrypted radio traffic. A second serious vulnerability, unrelated to this backdoor, would further allow listening to encrypted voice traffic. There are a few other minor vulnerabilities recently uncovered by the same security researchers who found these two major ones, and the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.
Part of the reason this issue is so concerning is that these systems aren’t just used for encrypted voice among first responders. They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA. This article from Wired goes into much more detail about this vulnerability as well, and we all know that most of our infrastructure already needs significant help when it comes to vulnerabilities to all kinds of failure modes.
Thanks to [cfacer] and [ToniSoft] who sent these tips!
Photo via Wikimedia Commons.
Join us on Wednesday, July 14 at noon Pacific for the SCADA Security Hack Chat with Éireann Leverett!
As a society, we’ve learned a lot of hard lessons over the last year and a half or so. But one of the strongest lessons we’ve faced is the true fragility of our infrastructure. The crumbling buildings and bridges and their tragic consequences are one thing, but along with attacks on the food and energy supply chains, it’s clear that our systems are at the most vulnerable as their complexity increases.
And boy are we good at making complex systems. In the United States alone, millions of miles of cables and pipelines stitch the country together from one coast to the other, much of it installed in remote and rugged places. Such far-flung systems require monitoring and control, which is the job of supervisory control and data acquisition, or SCADA, systems. These networks have grown along with the infrastructure, often in a somewhat ad hoc manner, and given their nature they can be tempting targets for threat actors.
Finding ways to secure such systems is very much on Éireann Leverett’s mind. As a Senior Risk Researcher at the University of Cambridge, he knows about the threats to our infrastructure and works to find ways to mitigate them. His book Solving Cyber Risk lays out a framework for protecting IT infrastructure in general. For this Hack Chat, Éireann will be addressing the special needs of SCADA systems, and how best to protect these networks. Drop by with your questions about infrastructure automation, mitigating cyber risks, and what it takes to protect the endless web of pipes and wires we all need to survive.
Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 14 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.
Marketing and advertising groups often have a tendency to capitalize on technological trends faster than engineers and users can settle into the technology itself. Perhaps it’s no surprise that it is difficult to hold back the motivation to get a product to market and profit. Right now the most glaring example is the practice of carelessly putting WiFi in appliances and toys and putting them on the Internet of Things, but there is a similar type of fiasco playing out in the electric power industry as well. Known as the “smart grid”, an effort is underway to modernize the electric power grid in much the same way that the Internet of Things seeks to modernize household appliances, but to much greater and immediate benefit.
To that end, if there’s anything in need of modernization it’s the electric grid. Often still extensively using technology that was pioneered in the 1800s like synchronous generators and transformers (not to mention metering and billing techniques that were perfected before the invention of the transistor), there is a lot of opportunity to add oversight and connectivity to almost every part of the grid from the power plant to the customer. Additionally, most modern grids are aging rapidly at the same time that we are asking them to carry more and more electricity. Modernization can also help the aging infrastructure become more efficient at delivering energy.
While the term “smart grid” is as nebulous and as ill-defined as “Internet of Things” (even the US Government’s definition is muddied and vague), the smart grid actually has a unifying purpose behind it and, so far, has been an extremely useful way to bring needed improvements to the power grid despite the lack of a cohesive definition. While there’s no single thing that suddenly transforms a grid into a smart grid, there are a lot of things going on at once that each improve the grid’s performance and status reporting ability.
When teaching Industrial Automation to students, you need to give them access to the things they will encounter in industry. Most subjects can be taught using computer programs or simulators — for example topics covering PLC, DCS, SCADA or HMI. But to teach many other concepts, you need to have the actual hardware on hand to be able to understand the basics. For example, machine vision, conveyor belts, motor speed control, safety and interlock systems, sensors and peripherals all interface with the mentioned control systems and can be better understood by having hardware to play with. The team at [Absolutelyautomation] have published several projects that aim to help with this. One of these is the DIY conveyor belt with a motor speed control and display.
This is more of an initial, proof of concept project, and there is a lot of room for improvement. The build itself is straightforward. All the parts are standard, off the shelf items — stuff you can find in any store selling 3D printer parts. A few simple tools is all that’s required to put it together. The only tricky part of the build would likely be the conveyor belt itself. [Absolutelyautomation] offers a few suggestions, mentioning old car or truck tyres and elastic resistance bands used for therapy / exercise as options.
If you plan to replicate this, a few changes would be recommended. The 8 mm rollers could do with larger “drums” over them — about an inch or two in diameter. That helps prevent belt slippage and improves tension adjustment. It ought to be easy to 3D print the add-on drums. The belt might also need support plates between the rollers to prevent sag. The speed display needs to be in linear units — feet per minute or meters per minute, rather than motor rpm. And while the electronics includes a RS-485 interface, it would help to add RS-232, RS-422 and Ethernet in the mix.
While this is a simple build, it can form the basis for a series of add-ons and extensions to help students learn more about automation and control systems. Or maybe you want a conveyor belt in your basement, for some reason.
The 1-Wire HVAC monitoring system is for residential Geothermal HVAC systems. This project utilizes the so called 1-wire temperature sensor. A single board computer handles the brunt of the work including web accessible trend data. With access to the underling temperatures, the over all system performance may be gauged. Earlier this year we covered a HVAC web enabled monitor that adds an element of control. As the industry adopts modern control architectures, we hope to see more HVAC hacks around.