NEWSLETTER - June 2017
In This Issue
- Part 1 Special Feature Automation, You & the Future
- Part 2 Special Feature Cyber Attack The Looming Automation Crisis
- Case Study: Terra Nova Oil Platform Fire System
- New Product 1-Wire Temperature Sensing
- Chinas Superlative Bridges
- Video Quantum Computer
Part 1 Special Feature Automation, You & the Future
There is a hint of the smell of fear when you talk about automation now in 2017. Its become blatantly obvious to everyone that huge changes to our world are coming. The most obvious of which are Amazons done delivery and driver less vehicles.The change is obvious, the impact isn't so obvious. We know they are going to change the world but there is a lack of leadership when it comes to working out how these are going to impact on us. On us a individuals, as family members, as employees, as citizens, as humans.
I for one would like to know how these things are going to affect my life and with that in mind I have decided to launch this series of features. I asked myself the question How will driverless cars affect the value of my home ? And I found that no-one was talking about it. So here I am trying to stimulate a discussion. Please feel free to write me and contribute your point of view. I will include all respectful non-trolling points of view. I will anonymize your comments and I will not publish your name unless you specifically ask me to.
In a second series of articles we will look at how vulnerable our industry is to cyber attack.
Back to the Future Automation and the Future
1. Will automation affect the property market?We dont have any special expertise but we are engineers so we have some good questions. The property market is a marginal one. Minor changes in supply and demand and have large impacts on price. Demand down 5% cn result in prices dropping up to 25%. With this in mind we worry about tech driven changes to the job market and how that could affect your investment in your home.If millions of truck drivers get laid off wont that affect property prices?
Self driving cars and trucks together with drones are likely to dramatically change the number of drivers. Long haul trucking and urban deliveries are well suited to automation and we can expect millions of job losses in the next decade. (There are approx 1.8 million heavy truck drivers and 1.3 million delivery truck drivers in the USA so there are lots of jobs to lose.)
How about restaurant automation. Currently McDonalds employs approx 350k people. Add all the other chains and you have millions of workers. New McDonalds In Phoenix Run Entirely By Robots 2. If self driving changes peoples attitudes to commuting, will that change the property market?
Its conceivable that the longer your commute the happier you will be because it might give you enough extra time for more sleep, eat a meal, do work, interact with friends, watch a movie Drinking and driving might become a non-issue. If you dont have to shop anymore because Amazon delivers everything to your door by 9 p.m., then the famous Location, Location, Location mantra of realtors may well change. 3. Self Driving Cars and the shape of Cars If we spend hardly any time looking out car windows, will that mean that the appearance and shape of cars will change? Here are some of our favorite new car options:
- Built in toilet
- Built in food prep, microwave
- Sleep Module
- Work Desk
OSVehicle Building cars on open platforms.Medium app for readers on the go.There Should Be Modular Cars That Can Do Anything OneCar Modular Vehicle ProjectEdit The Worlds First Modular Self-driving Car
4. Block Chain I/O What Bitcoin Can Teach Automation
If your government, state, city can't provide clean drinking water (Flint Michigan style), who are you going to turn to?Its likely that trust is the next hottest commodity because we are all suffering from living in a fake world.For us in the automation industry, does this mean that we need to start making trustworthy sensors ones whose readings cannot be changed, ignored and corrupted? CAS and no doubt others are looking at new products like block chain I/O modules which block chain the sensor readings in the same way as Bitcoins are, ensuring publicly verifiable ledgers and audit trails. 5. High Temperature Superconductors
In last few years there has been a dramatic technology development which is having a huge impact on the chase for feasible fusion energy. High temperature super conductors unlike low temp super conductors dont degrade in strong magnetic fields. Fusion requires huge currents to create plasma (needing super conductors) and super high magnetic fields to contain the plasma. These new materials allow for new designs of fusion containment vessels reducing their size by a factor of between 3 and 10 and increasing the practicality of designs.
The ITER project is an international $50bn project to build a huge Tokomak Reactor capable of producing more energy than it consumes. Its design is based on well-established science that has been proven on a smaller scale. The cost is because of the size. It is expected to complete in the 2020/30s and commercial scale reactors are expected in the 30-40s. However, that project is about to be overtaken. With the new HTS materials, MIT thinks prototypes can be built for as little as $2bn and that there will be commercial reactors by 2030 just a decade and a half away.
4. HTSs and huge generators / motors. With Mag flux densities orders of magnitude higher we can expect some incredible new motor designs We may get an order of magnitude more work out of a machine the same size as today's. Look for stunning new marine engines, train engines and generators.
If we have commercial fusion by 2030, do we need to worry about global warming? Plasma
Fusion and High Temp Superconductors
Part 2 Special Feature Cyber Attack The Looming Automation Crisis
Ask us for an article to introduce the cyber attack series!!!
This is the launch of a ongoing series. We will focus on Cyber attacks as related to the automation industry.
Almost all efforts to date when it comes to cyber attacks and automation involve the following
1. Perimeter Defenses2. Honeypot Sensors3. Network segmentation4. Good practices.
Bring large critical systems to their knees by attacking non-critical components.
I bet you this is a Data Center. I bet you it has all kinds of perimeter defenses to the site itself and to its data servers. However one single RPG to the roof will take out all the air conditioning and that will shut down the data center. Perhaps you could do the same damage by corrupting the firmware.
Here are some other examples of critical systems being dependent on unprotected systems. Fukushima Dai-ichi Nuclear Power Station
Failure = Backup diesel generators
Potential Catastrophe = Meltdown and nuclear explosion, radiation leakage to ocean and atmosphere. Siberian Gas Pipeline
Failure = In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire after a decent interval. Programmed to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds.
Actual Catastrophe = the most monumental non-nuclear explosion and fire ever seen from space in the summer of 1982. Data Centers
Failure = Attack non-critical systems such as HVAC cooling systems which are essential to the operation of the servers. No cooling means no processing.
Potential Catastrophe = Data Center shutdowns, Banking shutdowns, E-commerce shutdowns. Spot the Data Center: The roof is covered in cooling equipment. Turn off the air conditioning and turn off the data center.
How Can Attacks Cause Harm
If your system is attacked whats the worst that can happen? How easy is it to cause? To stop? Cyber attacks can cause harm. The harm can be extreme such as when permanent damage is caused to equipment or when they cause a cascading effect to the electrical grid for instance. They have even been used to stop Iran from completing its nuclear program that attack was known as the Stuxnet Virus. We can expect terror cyber attacks and we can expect them to attack important institutions and infrastructure. First, understand the harm and the risk. After that, we can look at how BACnet opens the door to attack. Source of Risks
- Purposeful attacks: Hacker, malicious attack, competitor attacks/spying, ex-employees, disgruntled employees, autonomous robots. These attacks can be coordinated and scheduled.
- Accidental: deletion of data, flood the market, improper installation of cables, unprepared installing of new equipment.
In CASs opinion the most serious vulnerabilities allow for attacks which can be broadly categorized as:
- Denial of Service Attacks (DOS)
- Re-initialization Attacks, and
- Seizing Control
Denial of Service attacks are those in which the network is flooded with messages which cause collisions preventing control and monitoring messages from being transmitted between devices. By flooding a devices microprocessor with commands and tasks, one can limit the ability of the device to operate normally. Do this on a large enough scale and you can shut down a campus, a factory etc. Attacks like these can be co-ordinated.Risk Profile = Moderate harm (e.g. In-operable building, water damage) easily achieved. Re-initialization Attacks are those that cause devices to restart which in itself presents a number of attackable vulnerabilities. If a devices configuration or firmware can be altered prior to the re-initialization then the device could permanently lose its ability to operate or could be turned into a Zombie device and perform other attacks. Done on a large enough scale or to systems which are no longer supported, these attacks could take the target systems out for weeks and even months. Recovery may be dependent on the quality of backups.Risk Profile = Possible extreme effect (Bricking devices, provide pathways for viruses to spread, lost configurations) achieved with a moderate challenge, Moderate harm can easily be caused. Control Seizure attacks are those that exploit BACnets Peer to Peer system allowing any device to write at the highest priority to writable objects in other devices. These objects may control physical equipment such as motors, generators It is easy to cause permanent damage to some equipment by making it operate outside its design limits. Alarms can be suppressed, data can be changed, sequences of operation can be broken. Systems can be made inoperable presenting a risk profile of moderate harm easily achieved.
The 18 Attack Types Below Outline the Harm and Severity that Attacks Can Cause Using the Vulnerabilities of BACnet
1. Energy-demand shock
Turning on a large number of energy-consuming devices (e.g. Heating/cooling/lights) at the same time by direct command or by altering schedules, can dramatically increase the load on an electrical grid causing disconnects or even grid failure in extreme cases. Could your institution shut down your entire city or state?
2. Building made uninhabitable on a temporary basis preventing use
A buildings HVAC system can be driven to a state where there is no heating or cooling. Pipes may burst and other damage can occur. This presents commercial and reputational risk. Your hotel brand is damaged and you have no room revenue for a few days because the HVAC wont work.
3. Building made uninhabitable on a temporary basis requiring evacuation
A buildings HVAC system can be driven to a state where there is no heating or cooling. Pipes may burst and other damage can occur. In hospitals, for example, safety protocols may require evacuation of patients.
4. Building driven to extreme temperatures no heat , max heat, condensing humidity to cause equipment malfunction and possible permanent damage
If external temperatures are very low (Boston in Winter) or high (Arizona in summer) and HVAC system is driven off or to max heating the ambient temperature may be outside the operating range of equipment in the building or even to the point where equipment is damaged. In humid environments, a system can be driven to be heavily condensing water damage and short circuits could occur.
5. HVAC failure causing computer / super computer / server farms shutdown
Computer equipment is extremely temperature sensitive. Mildly elevated temperatures can cause decreases in performance. Temperature extremes can cause failures and shutdowns. Many data centers are located in extremely cold places (Facebook Sweden) to save on cooling energy costs. HVAC failures will drive interior ambient temperatures to low points.
6. HVAC failure causing computer / super computer / server farms damage
Temperature extremes can cause damage to CPUs. Burst pipes can cause water damage.
7. Changing protection settings and limits
Many electrical devices have settings and operation limits used to protect the device from being operated in a way which will damage the device. For example, a motor controller may have operations which set the maximum speed. Changing the settings can cause devices to shut down or failing to protect themselves resulting in damage.
8. Driving pumps and motors and other devices to failure states
Many electrical devices have settings and limits which prevent the device from being operated in a way in which damage can occur. For example, a device may shut down or limit operation to ensure that it doesn't run too hot. Changing these types of settings can allow devices to be damaged by normal operation. Motors can be driven to speeds which cause damage to equipment. Alarm set points can be changed so that alarms are not generated.
9. Synchronized failure
By changing schedules, equipment can be turned on / off en masse.
10. Data theft
Critical data from sensors and other equipment can be monitored.
11. Data corruption
Sensors may provide important or even critical data to control systems or management systems. False data can be served. False alarms can be generated. Alarms can be acknowledged before humans become aware of them.
12. Out of service
Sensors and Control devices can be put out of service. That is to stop sensors reporting the measured values or to stop a control device responding to commands such as set point changes.
13. Command contention
BACnet has a priority system to resolve command contention. It is possible to drive devices to states at a higher priority than the normal operation is configured for, thus preventing the control system from operating equipment until the problem is identified and resolved. A fair degree of expertise is required to identify this problem. Whoever commands last, wins.
14. Gateway failure
Communication protocol gateways connect subsystems and allow them to inter-operate. Driving these devices to a failed state can result in overall control / monitoring system failure.
15. Firmware update / corruption
Some devices allow firmware to be delivered using the file transfer services supported by BACnet. It is conceivable that on such devices the firmware can be corrupted making the device inoperable and difficult to recover to an operable state. If such a device is no longer manufactured or supported there may be no path to recovery other than implementing a new system.It is also possible that devices can be turned into zombie devices i.e play some new, destructive role.
16. Configuration update / corruption
Some devices allow configuration to be delivered using the file transfer services supported by BACnet. It is conceivable that on such devices the behavior of the device can be changed or that the device is made inoperable until the configuration is restored. It is rare to have backups that are current in HVAC systems.
17. False alarms
False alarms can cause automated systems to shut down processes. False alarms can divert operator attention and mask real alarms.
18. Network attacks Denial Of Service
Generating false alarms. Oversubscribing for change of value, alarm and event notifications and misconfiguration. BACnet BBMD devices can cause message deluges which consume all the bandwidth and which can cross sub-nets.
19. Critical infrastructure attacks
Lights Off, Fuel Pumping Systems, Standby Generator Shutdowns, Transfer Switch Operation etc.It may be possible to operate transfer switches disconnecting buildings from the grid and at the same time change settings to prevent standby generators from starting.It may be possible to operate breakers and shut systems down.
Why Is BACNet Vulnerable
Read more next month.
Other Elements of BACnet That Are Vulnerable
Read more in our next edition.
The Scale Is Frightening
Read more in our next edition.
Case Study: Terra Nova Oil Platform Fire System
Introduction:Chipkin Automation Systems working with Notifier Canada implemented a portion of the redundant fire system. The particular focus of Chipkin Automation Systems was the gathering of data from the Notifier Alarm System and the provision of a redundant gateway system which provided detail alarm and trouble information to a Graphical User Interface system. The purpose was to have a single unified GUI to be used for control and monitoring of the complete platform operation. Notifier Canada chose Chipkin Automation Systems to work with because of their experience with protocol gateways and previous experience with Notifier Systems. Background:
Suncor Energy operates the Terra Nova field, which is located offshore approximately 350 kilometers southeast of St. Johns, Newfoundland and Labrador. Discovered in 1984, the field was the second to be developed off Newfoundland and Labrador.
Production from the field began in 2002, through the use of a Floating, Production Storage and Offloading (FPSO) vessel. This was the first development in North America to use FPSO technology in a harsh weather environment.
One of the largest FPSO vessels ever built, the Terra Nova FPSO is 292.2 metres long and 45.5 metres wide, approximately the size of three football fields laid end to end. From the keel to the helideck, it stands more than 18 storeys high. The Terra Nova FPSO can store 960,000 barrels of oil and accommodate up to 120 personnel while producing. Details:
The Platform used the Notifier AM2020 FACP system when originally installed. When refitted in 2006 the system was upgraded to a 2020 NFS system to provide new features and a degree of redundancy. The way that alarms, troubles and supervisorys are reported by the AM2020 and the NFS3030 is slightly different but the owner wanted the NFS3030 system to mimic the original system. Chipkin Automation Systems originally developed the protocol driver and were able to implement changes to provide the behavior required.
Gateways were connected in a hot standby pair. The Serial cable connecting the FACP to the gateway is designed to bring the same data to both gateways so that each has an identical copy of the state of the FACP. The secondary of the redundant pair operates in a standby mode; monitoring the status of the primary. If it detects failure it becomes the primary and continues to gather and serve data to the Central Monitoring System. If the primary detects a failure in the secondary then it reports that as an alarm.
Fire alarm panel was reported to the Central Monitoring System using the Modbus protocol. There were approx. 700 sensors and devices in the fire system.
CAS-2X00-02 CAS-Bridge 1-Wire to Modbus TCP/RTU and IoT
Chipkins CAS-Bridge 1-Wire to Modbus TCP/RTU and IoT, monitors a series of 1-Wire temperature sensors and makes the data available to Modbus devices, as well as logging long term trending data into the cloud. The CAS-Bridge operates by monitoring the 1-Wire temperature sensors and storing the values in an internal database. Then serving the temperature data as Modbus TCP/RTU values. When a value changes or a timeout occurs, the values are sent to an online dashboard for long term trending and logging.The CAS Bridge can be connected to your network with a ethernet connection or by connecting to a WiFi access point.
The gateway requires minimal configuration and can be considered a plug and play component of any network system. Its ready to operate out of the box and can be installed without an engineers approval. For a list of tested devices, refer to Appendix A: Tested Devices.
Note: All gateways sold by Chipkin report operating stats and issues to web pages and maintain logs that can be uploaded by HTTP or ftp.
The following specifications for the CAS-Bridge 1-Wire to Modbus TCP/RTU and IoT are common to all CAS Bridge gateways.
- 10/100BASE-T with RJ-45 connector
- 1x RS485 port
- Power: 5 VDC, A battery backup is also available.
- Operating temperature: -20 to 70 C
- LEDs: link, speed/data, power, busy
- Dimensions (LxWxH): 107 x 63 x 25 mm
MAXIMUM NODES SUPPORTED
This table summarizes the number of sensors and devices supported for each protocol node.
|Client||50*||The CAS Bridge has been tested with 50x 1-Wire DS18B20 devices.|
|The CAS Bridge could support more or less depending on the cabling and distances between sensors.|
These tables summarize possible connections from the Modbus RTU server ports.
PORT 0: 1-WIRE CLIENT PORT
|Connection type||1-Wire Bus|
PORT 1: MODBUS RTU SERVER PORT
|Baud rates||Driver supports: 9600, 19200, 38400 115200 baud|
|Data-bits||Driver supports: 8|
|Stop-bits||Driver supports: 1|
|Parity||Driver supports: none|
This block diagram lists common network connections that can monitor data from 1-Wire devices and Modbus RTU/TCP, IoT protocols.
The CAS Bridges settings can be configured on a Web page. Users can select:
- Modbus TCP node_ID
- Modbus RTU node_ID, baud rate, parity, data length, stop-bits
- Modbus Scaling Scale the tempature values from a float value to a Modbus register.
- Ethernet IP address The Ethernet IP address to use if ethernet DHCP is not enabled.
- Ethernet DHCP If enabled the CAS Bridge will attempt to use DHCP to obtain an IP address from the local network.
- WiFi mode If enabled the CAS Bridge will become a Wifi Access point that can be connected to without a wifi router.
- Wifi SSID Used to conenct the CAS Bridge to a wifi access point when the WiFi mode is disabled.
- Wifi Password Used to conenct the CAS Bridge to a wifi access point when the WiFi mode is disabled.
- Wifi IP address The wifi IP address that the CAS Bridge will attempt to use if wifi DHCP is not emabled.
- WiFi DHCP if enabled the CAS Bridge will attempt to use DHCP to obtain an IP address from the clocal network.
- Online server host The host to send the tempature data to.
- Online server private key The private key that is used when sending the tempature data to the online server
- Online server timeout How long to wait before timeing out on a message to the online server
- Online server limit How frequently to send the temapture data to the online server.
The CAS-Bridge 1-Wire to Modbus TCP/RTU and IoT gateway was developed by Chipkin, and we are proud to provide support for our products. For technical support, sales and customer service, please call us at 1 (866) 383-1657.
This table summarizes the update history for this gateway data sheet. Please contact Chipkin by phone or email for an updated version of this document.
|DATE||RESP.||DRIVER VERIFIED||DOCUMENT REVISION||COMMENTS|
APPENDIX A: TESTED DEVICES
These tables summarize the Veeder-Root devices that have been tested. Other devices may be supported.
|DS18B20||Factory and Site|
Chinas Superlative Bridges
Of the worlds 100 highest bridges, 81 are found in China, including some under construction ones, according to Mr. Eric Sakowskis data. China now boasts the worlds highest bridge, the longest bridge, the highest rail trestle and a host of other superlatives, often besting its own efforts. Each bridge can cost billions and employ hundreds of workers for several years.They are majestic, they connect impoverished regions. But the fact of the matter is that, many bridges are buried in debt.
As there are more and more bridges being erected across the country, in the name of economic development and country futures growth, especially as part of a huge stimulus program after the 2008 global financial crisis, a study that Mr. Ansar helped write said fewer than a third of the 65 Chinese highway and rail projects he examined were genuinely economically productive, while the rest contributed more to debt than to transportation needs.
Take the Chishi Bridge (ranks 162nd) as an example. Financed by state-owned banks to state-owned companies, it is a 1.4-mile-long marvel of concrete and steel, cost $300 million to build and was more than 50 percent over the budget. It promised a fast and convenient access to the sea for southwestern China. However, like many other bridges, it was faced with delays and tarnished by government corruption. Since it opened in October 2016, it has been overpriced and underused. Most of the villagers can't afford to pay $3 toll fee to cross the bridge, even more to use the 70-mile expressway it connects.In 2016 alone, China added 26,100 bridges on roads, including 363 extra large ones with an average length of about a mile, government figures show. If the infrastructure investments are poorly managed, the nation could be pushed into financial crisis. Top Left: Jiaozhou Bay Bridge (or Qingdao Haiwan Bridge) is a 26.7 km (16.6 mi) long roadway bridge in eastern Chinas Shandong province. As of December 2012, Guinness World Records lists the Jiaozhou Bay Bridge as the worlds longest bridge over water (aggregate length) at 41.58 km (25.84 mi). Top Right: Duge Bridge is a cable-stayed bridge near Liupanshui in China. As of 2016, the bridge is the highest in the world with the road deck sitting over 565 metres above the Beipan River. The bridge spans 1.34 km (0.83 miles) between Xuanwei city in Yunnan province and Shuicheng county in Guizhou province. Lower Right: The Aizhai Bridge is a suspension bridge on the G65 Baotou-Maoming Expressway near Jishou, Hunan, China. With a main span of 1,146 metres (3,760 ft) and a deck height of 336 metres (1,102 ft). As of 2013, it is the seventh-highest bridge in the world and the worlds fifteenth-longest suspension bridge. Lower Left: The ShanghaiKunming Expressway, commonly referred to as the Hukun Expressway is an expressway that connects the cities of Shanghai and Kunming, Yunnan. It is 2,360 km (1,470 mi) in length.