NEWSLETTER - June 2017

In This Issue

• Part 1 Special Feature Automation, You & the Future
  • Will automation affect the property market?
  • If self-driving changes people's attitudes to commuting, will that change the property market?
  • Self-Driving Cars and the Shape of Cars
  • BlockChain I/O What Bitcoin Can Teach Automation
  • High-Temperature Superconductors
• Part 2 Special Feature Cyber Attack The Looming Automation Crisis
  • How Can Cyber Attacks Cause Harm Read
  • BACnet Vulnerabilities: Unveiling 18 Attack Types
  • Why Is BACnet Vulnerable
  • Other Elements of BACnet That Are Vulnerable
  • The Scale of the Threat Is Frightening
• Case Study: Terra Nova Oil Platform Fire System
• New Product 1-Wire Temperature Sensing
• Chinas Superlative Bridges
• Video Quantum Computer

Part 1 Special Feature Automation, You & the Future

There is a hint of the smell of fear when you talk about automation now in 2017. It become blatantly obvious to everyone that huge changes to our world are coming. The most obvious of which are Amazon's done delivery and driverless vehicles. The change is obvious, the impact isn't so obvious. We know they are going to change the world but there is a lack of leadership when it comes to working out how these are going to impact on us. On us a individuals, as family members, as employees, as citizens, as humans.

I for one would like to know how these things are going to affect my life and with that in mind, I have decided to launch this series of features. I asked myself the question How will driverless cars affect the value of my home? And I found that no one was talking about it. So here I am trying to stimulate a discussion. Please feel free to write me and contribute your point of view. I will include all respectful non-trolling points of view. I will anonymize your comments and I will not publish your name unless you specifically ask me to.

In a second series of articles we will look at how vulnerable our industry is to cyber attack.

Back to the Future Automation and the Future

1. Will automation affect the property market? We don't have any special expertise but we are engineers so we have some good questions. The property market is a marginal one. Minor changes in supply and demand and have large impacts on prices. Demand down 5% cn result in prices dropping up to 25%. With this in mind we worry about tech-driven changes to the job market and how that could affect your investment in your home. If millions of truck drivers get laid off wont that affect property prices?

Self-driving cars and trucks together with drones are likely to dramatically change the number of drivers. Long-haul trucking and urban deliveries are well suited to automation and we can expect millions of job losses in the next decade. (There are approx 1.8 million heavy truck drivers and 1.3 million delivery truck drivers in the USA so there are lots of jobs to lose.)

How about restaurant automation? Currently, McDonalds employs approx 350k people. Add all the other chains and you have millions of workers. New McDonalds In Phoenix Run Entirely By Robots 2. If self-driving changes people's attitudes to commuting, will that change the property market?

It's conceivable that the longer your commute the happier you will be because it might give you enough extra time for more sleep, eat a meal, do work, interact with friends, and watch a movie Drinking and driving might become a non-issue. If you don't have to shop anymore because Amazon delivers everything to your door by 9 p.m., then the famous Location, Location, Location mantra of realtors may well change. 3. Self-Driving Cars and the Shape of Cars If we spend hardly any time looking out car windows, will that mean that the appearance and shape of cars will change? Here are some of our favorite new car options:

1. Built-in toilet
2. Built-in food prep, microwave
3. Sleep Module
4. Work Desk

OSVehicle Building cars on open platforms. Medium app for readers on the go. There Should Be Modular Cars That Can Do Anything OneCar Modular Vehicle ProjectEdit The World's First Modular Self-driving Car

4. Block Chain I/O What Bitcoin Can Teach Automation

If your government, state, city can't provide clean drinking water (Flint Michigan style), who are you going to turn to? It's likely that trust is the next hottest commodity because we are all suffering from living in a fake world. For us in the automation industry, does this mean that we need to start making trustworthy sensors whose readings cannot be changed, ignored, and corrupted? CAS and no doubt others are looking at new products like blockchain I/O modules which blockchain the sensor readings in the same way as Bitcoins are, ensuring publicly verifiable ledgers and audit trails. 5. High Temperature Superconductors

In the last few years, there has been a dramatic technology development which is having a huge impact on the chase for feasible fusion energy. High-temperature superconductors unlike low-temperature superconductors don't degrade in strong magnetic fields. Fusion requires huge currents to create plasma (needing superconductors) and super-high magnetic fields to contain the plasma. These new materials allow for new designs of fusion containment vessels reducing their size by a factor of between 3 and 10 and increasing the practicality of designs.

The ITER project is an international $50bn project to build a huge Tokomak Reactor capable of producing more energy than it consumes. Its design is based on well-established science that has been proven on a smaller scale. The cost is because of the size. It is expected to be completed in the 2020/30s and commercial-scale reactors are expected in the 30-40s. However, that project is about to be overtaken. With the new HTS materials, MIT thinks prototypes can be built for as little as $2bn and that there will be commercial reactors by 2030 just a decade and a half away.

4. HTSs and huge generators/motors. With Mag flux densities orders of magnitude higher we can expect some incredible new motor designs We may get an order of magnitude more work out of a machine the same size as today's. Look for stunning new marine engines, train engines, and generators.

If we have commercial fusion by 2030, do we need to worry about global warming? Plasma

ITER Project

Fusion and High Temp Superconductors

Part 2 Special Feature Cyber Attack The Looming Automation Crisis

Ask us for an article to introduce the cyber attack series!!!

This is the launch of an ongoing series. We will focus on Cyber attacks as related to the automation industry.

Almost all efforts to date when it comes to cyber-attacks and automation involve the following

1. Perimeter Defenses2. Honeypot Sensors3. Network segmentation4. Good practices.

Bring large critical systems to their knees by attacking non-critical components.

I bet you this is a Data Center. I bet you it has all kinds of perimeter defenses to the site itself and to its data servers. However, one single RPG to the roof will take out all the air conditioning and that will shut down the data center. Perhaps you could do the same damage by corrupting the firmware.

Here are some other examples of critical systems being dependent on unprotected systems. Fukushima Dai-ichi Nuclear Power Station

Failure = Backup diesel generators

Potential Catastrophe = Meltdown and nuclear explosion, radiation leakage to ocean and atmosphere. Siberian Gas Pipeline

Failure = To disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire after a decent interval. Programmed to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds.

Actual Catastrophe = the most monumental non-nuclear explosion and fire ever seen from space in the summer of 1982. Data Centers

Failure = Attack non-critical systems such as HVAC cooling systems which are essential to the operation of the servers. No cooling means no processing.

Potential Catastrophe = Data Center shutdowns, Banking shutdowns, E-commerce shutdowns. Spot the Data Center: The roof is covered in cooling equipment. Turn off the air conditioning and turn off the data center.

How Can Attacks Cause Harm Article

If your system is attacked what's the worst that can happen? How easy is it to cause? To stop? Cyber attacks can cause harm. The harm can be extreme such as when permanent damage is caused to equipment or when they cause a cascading effect to the electrical grid for instance. They have even been used to stop Iran from completing its nuclear program that attack was known as the Stuxnet Virus. We can expect terror cyber attacks and we can expect them to attack important institutions and infrastructure. First, understand the harm and the risk. After that, we can look at how BACnet opens the door to attack. Source of Risks

• Purposeful attacks: Hacker, malicious attack, competitor attacks/spying, ex-employees, disgruntled employees, autonomous robots. These attacks can be coordinated and scheduled.
• Accidental: deletion of data, flood the market, improper installation of cables, unprepared installation of new equipment.

In CAS's opinion the most serious vulnerabilities allow for attacks that can be broadly categorized as:

1. Denial of Service Attacks (DOS)
2. Re-initialization Attacks, and
3. Seizing Control

Denial of Service attacks are those in which the network is flooded with messages that cause collisions preventing control and monitoring messages from being transmitted between devices. By flooding a device's microprocessor with commands and tasks, one can limit the ability of the device to operate normally. Do this on a large enough scale and you can shut down a campus, a factory, etc. Attacks like these can be coordinated. Risk Profile = Moderate harm (e.g. Inoperable building, water damage) easily achieved. Re-initialization Attacks are those that cause devices to restart which in itself presents a number of attackable vulnerabilities. If a device's configuration or firmware can be altered prior to the re-initialization then the device could permanently lose its ability to operate or could be turned into a Zombie device and perform other attacks. Done on a large enough scale or to systems that are no longer supported, these attacks could take the target systems out for weeks and even months. Recovery may be dependent on the quality of backups. Risk Profile = Possible extreme effect (Bricking devices, providing pathways for viruses to spread, lost configurations) achieved with a moderate challenge, Moderate harm can easily be caused. Control Seizure attacks are those that exploit BACnets Peer to Peer system allowing any device to write at the highest priority to writable objects in other devices. These objects may control physical equipment such as motors, and generators It is easy to cause permanent damage to some equipment by making it operate outside its design limits. Alarms can be suppressed, data can be changed, and sequences of operation can be broken. Systems can be made inoperable presenting a risk profile of moderate harm easily achieved.

The 18 Attack Types Below Outline the Harm and Severity that Attacks Can Cause Using the Vulnerabilities of BACnet

1. Energy-demand shock

Turning on a large number of energy-consuming devices (e.g. Heating/cooling/lights) at the same time by direct command or by altering schedules, can dramatically increase the load on an electrical grid causing disconnects or even grid failure in extreme cases. Could your institution shut down your entire city or state?

2. Building made uninhabitable on a temporary basis preventing use

A building's HVAC system can be driven to a state where there is no heating or cooling. Pipes may burst and other damage can occur. This presents a commercial and reputational risk. Your hotel brand is damaged and you have no room revenue for a few days because the HVAC won't work.

3. Building made uninhabitable on a temporary basis requiring evacuation

A building's HVAC system can be driven to a state where there is no heating or cooling. Pipes may burst and other damage can occur. In hospitals, for example, safety protocols may require the evacuation of patients.

4. The building is driven to extreme temperatures no heat, max heat, and condensing humidity to cause equipment malfunction and possible permanent damage

If external temperatures are very low (Boston in Winter) or high (Arizona in summer) and HVAC system is driven off or to max heating the ambient temperature may be outside the operating range of equipment in the building or even to the point where equipment is damaged. In humid environments, a system can be driven to be heavily condensing water damage and short circuits could occur.

5. HVAC failure causing computer/supercomputer/server farms shutdown

Computer equipment is extremely temperature-sensitive. Mildly elevated temperatures can cause decreases in performance. Temperature extremes can cause failures and shutdowns. Many data centers are located in extremely cold places (Facebook Sweden) to save on cooling energy costs. HVAC failures will drive interior ambient temperatures to low points.

6. HVAC failure causing computer/supercomputer/server farms damage

Temperature extremes can cause damage to CPUs. Burst pipes can cause water damage.

7. Changing protection settings and limits

Many electrical devices have settings and operation limits used to protect the device from being operated in a way that will damage the device. For example, a motor controller may have operations that set the maximum speed. Changing the settings can cause devices to shut down or fail to protect themselves resulting in damage.

8. Driving pumps and motors and other devices to failure states

Many electrical devices have settings and limits that prevent the device from being operated in a way in which damage can occur. For example, a device may shut down or limit operation to ensure that it doesn't run too hot. Changing these types of settings can allow devices to be damaged by normal operation. Motors can be driven to speeds that cause damage to equipment. Alarm set points can be changed so that alarms are not generated.

9. Synchronized failure

By changing schedules, equipment can be turned on / off en masse.

10. Data theft

Critical data from sensors and other equipment can be monitored.

11. Data corruption

Sensors may provide important or even critical data to control systems or management systems. False data can be served. False alarms can be generated. Alarms can be acknowledged before humans become aware of them.

12. Out of service

Sensors and Control devices can be put out of service. That is to stop sensors from reporting the measured values or to stop a control device from responding to commands such as set point changes.

13. Command contention

BACnet has a priority system to resolve command contention. It is possible to drive devices to states at a higher priority than the normal operation is configured for, thus preventing the control system from operating equipment until the problem is identified and resolved. A fair degree of expertise is required to identify this problem. Whoever commands last, wins.

14. Gateway failure

Communication protocol gateways connect subsystems and allow them to inter-operate. Driving these devices to a failed state can result in overall control/monitoring system failure.

15. Firmware update/corruption

Some devices allow firmware to be delivered using the file transfer services supported by BACnet. It is conceivable that on such devices the firmware can be corrupted making the device inoperable and difficult to recover to an operable state. If such a device is no longer manufactured or supported there may be no path to recovery other than implementing a new system.It is also possible that devices can be turned into zombie devices i.e. play some new, destructive role.

16. Configuration update/corruption

Some devices allow configuration to be delivered using the file transfer services supported by BACnet. It is conceivable that on such devices the behavior of the device can be changed or that the device is made inoperable until the configuration is restored. It is rare to have backups that are current in HVAC systems.

17. False alarms

False alarms can cause automated systems to shut down processes. False alarms can divert operator attention and mask real alarms.

18. Network attacks Denial Of Service

Generating false alarms. Oversubscribing for change of value, alarm, and event notifications and misconfiguration. BACnet BBMD devices can cause message deluges which consume all the bandwidth that can cross sub-nets.

19. Critical infrastructure attacks

Lights Off, Fuel Pumping Systems, Standby Generator Shutdowns, Transfer Switch Operation, etc. It may be possible to operate transfer switches disconnecting buildings from the grid and at the same time change settings to prevent standby generators from starting. It may be possible to operate breakers and shut systems down.

Why Is BACnet Vulnerable

Read more next month.

Other Elements of BACnet That Are Vulnerable

Read more in our next edition.

The Scale Is Frightening

Read more in our next edition.

Case Study: Terra Nova Oil Platform Fire System

Introduction: Chipkin Automation Systems working with Notifier Canada implemented a portion of the redundant fire system. The particular focus of Chipkin Automation Systems was the gathering of data from the Notifier Alarm System and the provision of a redundant gateway system which provided detailed alarm and trouble information to a Graphical User Interface system. The purpose was to have a single unified GUI to be used for control and monitoring of the complete platform operation. Notifier Canada chose Chipkin Automation Systems to work with because of their experience with protocol gateways and previous experience with Notifier Systems. Background:

Suncor Energy operates the Terra Nova field, which is located offshore approximately 350 kilometers southeast of St. Johns, Newfoundland and Labrador. Discovered in 1984, the field was the second to be developed off Newfoundland and Labrador.

Production from the field began in 2002, through the use of a Floating, Production Storage and Offloading (FPSO) vessel. This was the first development in North America to use FPSO technology in a harsh weather environment.

One of the largest FPSO vessels ever built, the Terra Nova FPSO is 292.2 meters long and 45.5 meters wide, approximately the size of three football fields laid end to end. From the keel to the helideck, it stands more than 18 stories high. The Terra Nova FPSO can store 960,000 barrels of oil and accommodate up to 120 personnel while producing. Details:

The Platform used the Notifier AM2020 FACP system when originally installed. When refitted in 2006 the system was upgraded to a 2020 NFS system to provide new features and a degree of redundancy. The way that alarms, troubles and supervisorys are reported by the AM2020 and the NFS3030 is slightly different but the owner wanted the NFS3030 system to mimic the original system. Chipkin Automation Systems originally developed the protocol driver and were able to implement changes to provide the behavior required.

Gateways were connected in a hot standby pair. The Serial cable connecting the FACP to the gateway is designed to bring the same data to both gateways so that each has an identical copy of the state of the FACP. The secondary of the redundant pair operates in a standby mode; monitoring the status of the primary. If it detects failure it becomes the primary and continues to gather and serve data to the Central Monitoring System. If the primary detects a failure in the secondary then it reports that as an alarm.

Fire alarm panel was reported to the Central Monitoring System using the Modbus protocol. There were approx. 700 sensors and devices in the fire system.

CAS-2X00-02 CAS-Bridge 1-Wire to Modbus TCP/RTU and IoT

PRODUCT DESCRIPTION

Chipkins CAS-Bridge 1-Wire to Modbus TCP/RTU and IoT, monitors a series of 1-Wire temperature sensors and makes the data available to Modbus devices, as well as logging long-term trending data into the cloud. The CAS-Bridge operates by monitoring the 1-Wire temperature sensors and storing the values in an internal database. Then serving the temperature data as Modbus TCP/RTU values. When a value changes or a timeout occurs, the values are sent to an online dashboard for long-term trending and logging. The CAS Bridge can be connected to your network with an ethernet connection or by connecting to a WiFi access point.

The gateway requires minimal configuration and can be considered a plug-and-play component of any network system. It's ready to operate out of the box and can be installed without an engineer's approval. For a list of tested devices, refer to Appendix A: Tested Devices.

Note: All gateways sold by Chipkin report operating stats and issues to web pages and maintain logs that can be uploaded by HTTP or ftp.

SPECIFICATIONS

The following specifications for the CAS-Bridge 1-Wire to Modbus TCP/RTU and IoT are common to all CAS Bridge gateways.

• 10/100BASE-T with RJ-45 connector
• 1x RS485 port
• Power: 5 VDC, A battery backup is also available.
• Operating temperature: -20 to 70 C
• LEDs: link, speed/data, power, busy
• Dimensions (LxWxH): 107 x 63 x 25 mm

MAXIMUM NODES SUPPORTED

This table summarizes the number of sensors and devices supported for each protocol node.

Gateway Node	Nodes	Comments
Client	50*	The CAS Bridge has been tested with 50x 1-Wire DS18B20 devices.
		The CAS Bridge could support more or less depending on the cabling and distances between sensors.

CONNECTION INFORMATION

These tables summarize possible connections from the Modbus RTU server ports.

PORT 0: 1-WIRE CLIENT PORT

Connection type	1-Wire Bus
Hardware interface	N/A
Multidrop capability	Yes

PORT 1: MODBUS RTU SERVER PORT

Connection type	RS485
Baud rates	Driver supports: 9600, 19200, 38400 115200 baud
Data-bits	Driver supports: 8
Stop-bits	Driver supports: 1
Parity	Driver supports: none
Hardware interface	N/A
Multidrop capability	Yes

CONNECTION CONFIGURATIONS

This block diagram lists common network connections that can monitor data from 1-Wire devices and Modbus RTU/TCP, IoT protocols.

CONFIGURATION

The CAS Bridges settings can be configured on a Web page. Users can select:

• Modbus TCP node_ID
• Modbus RTU node_ID, baud rate, parity, data length, stop-bits
• Modbus Scaling Scale the temperature values from a float value to a Modbus register.
• Ethernet IP address The Ethernet IP address to use if ethernet DHCP is not enabled.
• Ethernet DHCP If enabled the CAS Bridge will attempt to use DHCP to obtain an IP address from the local network.
• WiFi mode If enabled the CAS Bridge will become a Wi-Fi access point that can be connected to without a wifi router.
• Wifi SSID is Used to connect the CAS Bridge to a wifi access point when the WiFi mode is disabled.
• Wifi Password Used to connect the CAS Bridge to a wifi access point when the WiFi mode is disabled.
• Wifi IP address The wifi IP address that the CAS Bridge will attempt to use if wifi DHCP is not enabled.
• WiFi DHCP if enabled the CAS Bridge will attempt to use DHCP to obtain an IP address from the local network.
• Online server host The host to send the temperature data to.
• Online server private key The private key that is used when sending the temperature data to the online server
• Online server timeout How long to wait before timing out on a message to the online server
• Online server limit How frequently to send the tempereture data to the online server.

CUSTOMER SUPPORT

The CAS-Bridge 1-Wire to Modbus TCP/RTU and IoT gateway was developed by Chipkin, and we are proud to provide support for our products. For technical support, sales and customer service, please call us at 1 (866) 383-1657.

REVISION HISTORY

This table summarizes the update history for this gateway datasheet. Please contact Chipkin by phone or email for an updated version of this document.

DATE	RESP.	DRIVER VERIFIED	DOCUMENT REVISION	COMMENTS
11-May-17	SWS	1.0.25	0	Document created

APPENDIX A: TESTED DEVICES

These tables summarize the Veeder-Root devices that have been tested. Other devices may be supported.

DEVICE	TESTED (FACTORY/SITE)
DS18B20	Factory and Site

Chinas Superlative Bridges

Of the world's 100 highest bridges, 81 are found in China, including some under construction ones, according to Mr. Eric Sakowskis data. China now boasts the world's highest bridge, the longest bridge, the highest rail trestle, and a host of other superlatives, often besting its own efforts. Each bridge can cost billions and employ hundreds of workers for several years. They are majestic, they connect impoverished regions. But the fact of the matter is that many bridges are buried in debt.

As there are more and more bridges being erected across the country, in the name of economic development and country future growth, especially as part of a huge stimulus program after the 2008 global financial crisis, a study that Mr. Ansar helped write said fewer than a third of the 65 Chinese highway and rail projects he examined were genuinely economically productive, while the rest contributed more to debt than to transportation needs.

Take the Chishi Bridge (ranks 162nd) as an example. Financed by state-owned banks to state-owned companies, it is a 1.4-mile-long marvel of concrete and steel, cost $300 million to build and was more than 50 percent over the budget. It promised fast and convenient access to the sea for southwestern China. However, like many other bridges, it was faced with delays and tarnished by government corruption. Since it opened in October 2016, it has been overpriced and underused. Most of the villagers can't afford to pay $3 toll fee to cross the bridge, even more to use the 70-mile expressway it connects.In 2016 alone, China added 26,100 bridges on roads, including 363 extra large ones with an average length of about a mile, government figures show. If the infrastructure investments are poorly managed, the nation could be pushed into a financial crisis. Top Left: Jiaozhou Bay Bridge (or Qingdao Haiwan Bridge) is a 26.7 km (16.6 mi) long roadway bridge in eastern Chinas Shandong province. As of December 2012, Guinness World Records lists the Jiaozhou Bay Bridge as the world's longest bridge over water (aggregate length) at 41.58 km (25.84 mi). Top Right: Duge Bridge is a cable-stayed bridge near Liupanshui in China. As of 2016, the bridge is the highest in the world with the road deck sitting over 565 metres above the Beipan River. The bridge spans 1.34 km (0.83 miles) between Xuanwei City in Yunnan Province and Shuicheng County in Guizhou Province. Lower Right: The Aizhai Bridge is a suspension bridge on the G65 Baotou-Maoming Expressway near Jishou, Hunan, China. With a main span of 1,146 meters (3,760 ft) and a deck height of 336 meters (1,102 ft). As of 2013, it is the seventh-highest bridge in the world and the world's fifteenth-longest suspension bridge. Lower Left: The Shanghai Kunming Expressway, commonly referred to as the Hukun Expressway is an expressway that connects the cities of Shanghai and Kunming, Yunnan. It is 2,360 km (1,470 mi) in length.

Quantum Computers How They Work