so you can't really trust that little padlock thingy ... big surprise ...

Ron Beaufort

Lifetime Supporting Member
Ron Beaufort
Join Date
Jul 2002
Location
Charleston, SC
Posts
5,701
more fun and games with internet security – or lack thereof ...

http://money.msn.com/top-stocks/post--heartbleed-bug-spreads-to-routers-and-other-gear

I found the following statement to be particularly entertaining ...

Since writing encryption code is complex, developers often use a free, open-source version called OpenSSL. It's a barebones project managed by four European coders.
Click to expand...

http://money.msn.com/business-news/...9&feed=AP&id=17512015&ocid=Outbrain=obnetwork

I've always said that once a device is connected to the internet, it can NOT be made secure ... people often tell me that I'm paranoid ... well, maybe so ... but ...
 
Ron Beaufort said:
I've always said that once a device is connected to the internet, it can NOT be made secure ... people often tell me that I'm paranoid ... well, maybe so ... but ...
Click to expand...


I agree. Another thing that bothers me about connecting a process network to the Internet is software updates. Some of my regular local clients have their process networks connected to their corporate domains. All of the HMI workstations are regularly updating Windows and antivirus software.

This not only creates unnecessary network traffic, it also consumes processing resources and can compromise the response times of operator interactions on the HMIs.

If my application is fully functional while operating on the current version of Windows, then there is no need to enable Windows Updates on a private network. Nor is there any need to use antivirus software, since the plant operators aren't allowed to install software on HMI workstations.

Keeping HMI workstation software updated for the purpose of enhancing Internet security often requires reboots that would have otherwise been unnecessary and one never knows when a software update is going to break something totally unrelated to the intended purpose of the update.

I'll stop complaining now. Dial up access is too slow, and going on-site to make program modifications is just so 1980s.

I know... I know... o_O
 
Bit_Bucket_07 said:
Nor is there any need to use antivirus software, since the plant operators aren't allowed to install software on HMI workstations.
Click to expand...

They may not be allowed to, but if they can, they will.

One of my previous jobs had a mobile scale that used a small Windows XP touch screen as an HMI. One day I got called down to look at it because they were complaining about pop-ups. When I looked at it, someone had installed fake anti-virus malware and had changed Internet Explorer's homepage to some "MUSICA LATINA!" website. Of course, since there were no security cameras, nobody admitted to messing with it and the floor supervisors covered for them. Problem is, because security in Windows XP was either "do nothing" or "do everything," we needed to have admin rights on the Panel PC for the actual scale program to do what it needed to do. As far as why that scale had internet access at all, that was a question for the single, overworked IT employee who also had three other titles. The company didn't want to invest in IT staff.
 
I think the days of physically isolated control networks is coming to an end rather quickly. There is too much valuable information to be gathered from the plant floor to not be "integrated" with all of the office systems.

Controls and IT continue to merge....

As a result, all SCADA providers need to vastly improve their compatibility updates. We are getting into an age where not running antivirus software or firewalls on plant floor machines and networks will simply not be an option. Operators may not install software, but maintenance, vendor support can all introduce malware/virus via their laptop or usb device.
 

Similar Topics

A
Is the MicroLogix 1400 really going away?
Local Rockwell distributor was in today. He says that the MicroLogix 1400 will likely be unavailable to purchase sometime around the end of this...
2 3 4
Replies
58
Views
16,595
theColonel26
theColonel26
C
Really struggling understanding some Rockwell Automation programming instructions.
Good Morning , I've taken on a job that is truly over my head with a engineering group. The standards of Rockwell programming is much more...
2
Replies
15
Views
7,015
cardosocea
C
A
Who really makes this temperature transmitter?
I’ve been looking at buying a quantity of signal converters to take a type J or k thermocouple or RTD and convert it to a 4-20mA signal. In...
Replies
10
Views
2,988
EICS
EICS
E
Factorytalk View Alarm Summary showing old alarms. REALLY old alarms.
Doing some consulting work using factorytalk view studio and RSLogix5000. We set up alarms for the system a while ago and they work fine, as do...
Replies
5
Views
3,619
celichi
celichi
Steve Etter
1783-NATR: Can it really be this hard?
I spent the entire day trying and failing to setup my 1783-NATR. It appeared, time and again, to be correct and happy but no matter what I did...
Replies
11
Views
5,010
Steve Etter
Steve Etter
Back
Top Bottom