Tuesday, August 5, 2014

Cyber War, Safety, and OSHA Revisited

Back on January 31, 2013, I posted an article on this blog titled "Cyber War, Safety, and OSHA." I introduced the new term "Workplace Industrial Cyber Safety."

It looked at computer viruses affecting Programmable Logic Controllers (PLCs). PLCs are essentially mini-micro-computers (a single chip) that run large, complicated machines or processes.

As technology advances we find new products that are either the same benefit as old products but with the use of technology, OR products improved (with new technological features/improvements) that make them a separate product in their own right.

A good example of the first kind of product ( same benefit via technology) is the Internet joke, "MS Word for blondes." MS Word provides the same benefit (a correspondence for example) as a pencil. You need a letter (the benefit), whether you write it or type it.

An example of the second (product with technological features/improvements) would be the ipod (compared to the old walkman. It is (basically) the same product (a music player/radio) but with new technological features; plays MP3s, and connects to the Internet.

The same happened with PLCs. PACs are PLCs with technological improvements, mainly networking and user interface:
A few years ago, the term PAC (Programmable Automation Controller) started to appear. Many PLC manufacturers began to market new PAC's along with their traditional line of PLC's (see AutomationDirect.com HERE for an example). If you use AutomationDirect.com as an example, their traditional line of PLC's (DL05, DL06, and others) are still available - and still fairly inexpensive. The new Programmable Automation Controller in contrast, is predictably more expensive and has many more options for networking, expandability, and user interface. This seems to be the differentiation between the traditional PLC and the newer PAC: Relative cost, expandability, functionality, and user options. (Source: PLC Engineers)

The most important  (and dangerous) features are the networking and user interface. The options for the user interface means that a technician no longer has to plug a cable into a PLC and "terminal" in (think DOS terminal). The technician can now connect from any computer (which acts as the terminal) via a network.

The second dangerous feature is the networking. Networking is a means of linking electronic devices so they can share data. The Internet is a network. There are many different types of networks, the most popular being a wired network, a Bluetooth network, power line networking, and a Wi-Fi network. All these have the potential, and most likely will be connected to the Internet.

This will gives hackers direct access to the machinery via the internet. Even if the network is nor connected to the Internet, hackers may gain access through a process called "War Driving." This has the potential to create man-eating machines. Almost all security systems are Internet connected, so hackers can potentially watch as they take over machines.

What is even more frightening is that companies want to network the appliances in our homes. Whirlpool has created (and is selling) digitally networked appliances with what it calls its "6th Sense Live technology." Whirlpool has a refrigerator, a dishwasher and a washer/dryer unit, all network enabled.

This started as a novel idea of being able to control lighting and appliances in one's own home remotely. This allows each appliance to be link up to a household Wi-Fi network, show up on customer smartphones, tablets and PCs, and be controlled (turned on/off) from the devices. See here:

GE is pushing their "Smart Grid" that will let homeowners cut annual energy consumption to zero by 2015. Learn more about appliance networking here:

I have been warning my clients about this for over 10 years, and I am surprised that nobody has picked up on this yet. So far it has been about terrorist attacks on infrastructure (power grid, waste water plants, nuclear power plants, etc.) and in academia.

A Good Resource:

Dr. Raj Jain, a professor at Washington University in St. Louis has an excellent web page titled: "Security in Private Networks of Appliance Sensors and Actuators," you can download it in a .pdf file here:

My Predictions:

Everything is becoming more linked together. This is creating new, unseen hazards. As I stated previously, it may be 5-10 years before a fatality occurs from a machine who's PLC/PAC has been hacked or infected with a virus. It could be longer than that until it is (forensically) discovered that the cause was hacking or a virus.

My Advice:

There is hope. With consumer appliance and whole home networks being advanced, they will be the first networks hacked/infected. The consumer will not put up with refrigerators that can be hacked, turned off, and millions of dollars worth of food going bad. These advanced will carry over to industry. As a safety professional, you should begin educating yourself about PLCs and PACs.

Thank you for reading.

1 comment:

Blogger said...

Have used AVG Anti virus for a number of years now, and I'd recommend this product to all you.