Bedrock Automation

I've never used it, but there was a thread talking about it when the product was first announced.

http://www.plctalk.net/qanda/showthread.php?t=95425&highlight=bedrock

To me, high security even to the backplane level is either FUD, overwhelmingly expensive, or a fantastic idea that will be industry standard after 10 more years of hacking incedents.

Any time I see a product that promises to solve all the possible problems I'm facing now (at a marketing level), while the only technical information I can find is data sheets, I assume it's sketch at best. Either that, or its crazy expensive. Software definable IO is not cheap, especially when it goes all the way to 19 bit analog.
 
mk42 said:
I've never used it, but there was a thread talking about it when the product was first announced.

http://www.plctalk.net/qanda/showthread.php?t=95425&highlight=bedrock

To me, high security even to the backplane level is either FUD, overwhelmingly expensive, or a fantastic idea that will be industry standard after 10 more years of hacking incedents.

Any time I see a product that promises to solve all the possible problems I'm facing now (at a marketing level), while the only technical information I can find is data sheets, I assume it's sketch at best. Either that, or its crazy expensive. Software definable IO is not cheap, especially when it goes all the way to 19 bit analog.
Click to expand...

Thanks for the link, I should have done a search before asking my question.

From what I have heard, the hardware actually exists - there was a YouTube video link in the other thread - and my Boss saw it as the CSIA conference last week. I have to agree that the website leaves a lot to be desired.

As to software definable IO, I think that it may be the wave of the future. I have heard of a couple of systems that are planning to release Universal IO in the next 6 months or so. It is typically more expensive, but I can't help but wonder if someone will figure out how to lower the price by accepting there will be some functions that aren't possible in a reasonably priced form, but Ninety-X% are.
 
JHarbin said:
As to software definable IO, I think that it may be the wave of the future. I have heard of a couple of systems that are planning to release Universal IO in the next 6 months or so. It is typically more expensive, but I can't help but wonder if someone will figure out how to lower the price by accepting there will be some functions that aren't possible in a reasonably priced form, but Ninety-X% are.
Click to expand...

I agree there, software definable general IO would be nice. I've seen it in national instruments HW, and its just convenient. To someone coming from a PC based world, it would seem like quite a shock to learn that you have to plan ahead and specialize if you want In/OutDigital/Analog/PWM, etc.

I'll also say that the data sheets look like they were written by computer engineers for computer engineers. Not exactly a bad thing, but I'm a little curious what they see their target market as. To me, ultimately, it feels like a solution in search of a problem. It is an intriguing idea, though, and I'm curious to learn more.
 
It looks cool. software definable IO is nice, but I wonder what the cost vs regular cards is. My guess is that the average will be about the same as using controllogix.

security... a plc shouldnt be out on public internet. at least not a plc that controls any type of process that could cause any type of monetary/safety/etc loss. There is really no reason to have a plc or any other telemetry device out on the public internet anymore, except laziness.

It seems like a niche product to me. Automation world moves super slow and there is alot of competition.
 
diat150 said:
security... a plc shouldnt be out on public internet. at least not a plc that controls any type of process that could cause any type of monetary/safety/etc loss. There is really no reason to have a plc or any other telemetry device out on the public internet anymore, except laziness.
Click to expand...

Unfortunately public internet isn't going to be the security issue, it's going to be the what's in the plant network locally. As more and more control systems become integrated with the business systems (MES, ERP, SAP...) the threat isn't whats out on the internet, it's what is within the plant. Do contractors bring a virus on their laptop or usb drive? Does someone at a sister plant 1000 miles away have a breach but affects your plant because of everything is tied together? You can have firewalls, DMZs between systems, between sights, but unless you have a firewall directly at the PLC there will be a threat.

There are other options such as verifying contractors have updated virus protection and recent scans, provide company USB drives to when contractors are onsite. But even then, a contractor fires up an unchecked virtual machine...
 
Paully's5.0 said:
the threat isn't whats out on the internet, it's what is within the plant.
Click to expand...

And the wacky thing about bedrock kicks it up a few notches. they seem to be claiming to actually encrypt data OVER ITS OWN BACKPLANE, which is a new level of paranoid. That's on the same level as someone reading data off your monitor via the signals it emits. Hypothetically possible, but a super impractical exploit.

On a related note, I think encrypting IO data is a great idea. It's one of the best ways to secure the local network. It seems like it could be incorporated into EIP or PN, but the trick would be whether it should be implemented in hw, and therefore fast, or software, and therefore upgradable if/when exploits are discovered. Siemens has already introduced some kind of encrypted programming comms to the PLC in the new 1200/1500, and I think Rockwell added some kind of security in the whole 20.3 fiasco.

The pinless backplane is a cool concept, but, again, I'm not sure what the reason for it is (although 4gb/s is crazy fast). Bent pins have never been that much of a concern to me. The whole idea is way out there, it's like some PC designer/security geek who had never worked with a PLC designed one from scratch. Nothing wrong with that, they just don't do a good job on the website of explaining the customer benefits of the features they brag about.
 
Last edited:
mk42 said:
And the wacky thing about bedrock kicks it up a few notches. they seem to be claiming to actually encrypt data OVER ITS OWN BACKPLANE, which is a new level of paranoid. That's on the same level as someone reading data off your monitor via the signals it emits. Hypothetically possible, but a super impractical exploit.

On a related note, I think encrypting IO data is a great idea. It's one of the best ways to secure the local network. It seems like it could be incorporated into EIP or PN, but the trick would be whether it should be implemented in hw, and therefore fast, or software, and therefore upgradable if/when exploits are discovered. Siemens has already introduced some kind of encrypted programming comms to the PLC in the new 1200/1500, and I think Rockwell added some kind of security in the whole 20.3 fiasco.

The pinless backplane is a cool concept, but, again, I'm not sure what the reason for it is (although 4gb/s is crazy fast). Bent pins have never been that much of a concern to me. The whole idea is way out there, it's like some PC designer/security geek who had never worked with a PLC designed one from scratch. Nothing wrong with that, they just don't do a good job on the website of explaining the customer benefits of the features they brag about.
Click to expand...

The magnetic backplane took me aback, too. It's a neat concept, but I/O cards aren't removed and replaced all that often, so there's no real tangible benefit other than getting ooohs and aaahs at trade shows.
 
Quote from company CEO at 0:52 in their ARC 2015 video:
The first innovation we did is we eliminated one of the most popular attack vectors for industrial control systems which is the pins on a backplane...which allows anybody to reverse engineer and insert counterfeit or third party modules into any control system around the world.
Click to expand...
Seriously? Are people really sneaking into factories and busting into control panels to replace I/O modules? This seems like a tactic designed to scare management types. Encryption aside, I fail to see any practical benefit to a pinless backplane.
 
The benefit of having a pinless backplane (they claim, anyway), is that you can't reverse engineer it. With backplane pins, you could in theory buy one of the PLC's and set it up on the bench, and put analytic tools on all the backplane signals to work out how everything works. With that knowledge, and enough skills, you could mount a stuxnet-type attack on that type of PLC anywhere you can get access to it, without your evil deeds being visible. But if you can't even analyse the traffic to the backplane, it's going to be very difficult to create a virus to attack it silently.

Doesn't answer the question of whether it's really necessary, but there is at least merit in the idea, if not the marketing.
 
kolyur said:
Quote from company CEO at 0:52 in their ARC 2015 video:
Seriously? Are people really sneaking into factories and busting into control panels to replace I/O modules? This seems like a tactic designed to scare management types. Encryption aside, I fail to see any practical benefit to a pinless backplane.
Click to expand...

Not quite that - but it seems plausible that if you had a high-enough value target, you could supply a replacement card to them that might act just like the card it replaced, but also phone home and do all sorts of physically or commercially destructive things very quietly. Who would suspect a lowly input card of that?

Again, it seems hard to justify the need for it right now - but makes for an interesting conversation.
 
ASF said:
The benefit of having a pinless backplane (they claim, anyway), is that you can't reverse engineer it. With backplane pins, you could in theory buy one of the PLC's and set it up on the bench, and put analytic tools on all the backplane signals to work out how everything works. With that knowledge, and enough skills, you could mount a stuxnet-type attack on that type of PLC anywhere you can get access to it, without your evil deeds being visible. But if you can't even analyse the traffic to the backplane, it's going to be very difficult to create a virus to attack it silently.

Doesn't answer the question of whether it's really necessary, but there is at least merit in the idea, if not the marketing.
Click to expand...

I mean, I kinda see it, but Stuxnet mostly attacked the engineer's programming PC, not the PLC. Nothing they've done would prevent a virus from infecting their Codesys based programming software, and then downloading a slightly modified project to the controller.

To me, reverse engineering prevention is protection for the vendor, not the customer.
 

Similar Topics

D
Bedrock Automation - New PAC
Just wondering everyones thoughts on Bedrock Automation, I ran across their website. Looks like they are developing a hell of a PAC. I love the...
Replies
14
Views
8,937
RussB
RussB
D
I buy surplus PLCs, automation controls, industrial and MRO.
What's the best way to connect with more suppliers?
Replies
0
Views
48
Devlin
D
M
Can not select other drive in Automation License Manager
Im trying to install a Siemens upgrade license using Automation License Manager v6.0. I clicked D: mistakedly, and now I can not find a way to...
Replies
2
Views
41
Michael385
M
A
Rockwell Automation Process Objects Library - Auto Discovery
I noticed in Rockwell AOIs, they add a BOOL Output parameter at the end of the "Parameters" list of each AOI that carries the same name as the...
Replies
1
Views
74
cardosocea
C
J
I'm looking for a long term buyer for automation control equipment. Located in Alberta. Willing to ship if it's paid for.
I have Allen Bradley plcs, I have had Circuit breakers and other automation equipment in the past. There's no solid buyers local. How much do you...
Replies
2
Views
201
James Mcquade
J
Back
Top Bottom