What could possibly go wrong?
Someone had to say it...
General Electric thinks that as much as $US15 billion could be added to global industrial output, merely by connecting global industrial operations to the Internet. The report (PDF), Unleashing the Industrial Internet: "Pushing the Boundaries of Minds and Machines", paints the kind of futuristic picture that Vulture South …
Someone had to say it...
That depends on whether or not it is BOTH telemetry data and control commands.
I do not see much of a problem for OUTBOUND telemetry data; but, I sure as hell would not want the control of a jet engine in flight to be even remotely possible.
Imagine the panic if some hackers were able to randomly shut down engines of jets in flight?
I shudder to even contemplate that possibility.
The server presenting the telemetry data could be compromised. I don't pretend to be an expert in this area, but it seems to me that the presentation server would likely have back-end connectivity to more sensitive/dangerous pieces of the infrastructure... so while this setup might not mean a direct threat, it could present an indirect threat, and therefore a threat nonetheless.
Could be wrong of course... I guess it would be possible to have a secure connection between the front and back-end. Just seems so much easier and safer to not expose those systems to the public network in the first place.
does this story fill me with fear?
It must be something the beancounters have seen and thought "great that will save us money" only to be taken up by the directors who see " save us money" and filter down to the engineers who bang their collective heads on the tables while crying "god nooooooooooooooooooooooooo"
And thusly the first scada worm arrives in power distribution net and all of a sudden we're running on 352V at 35Hz
"does this story fill me with fear?"
Because you know quite a lot about what can happen if things go wrong?
"And thusly the first scada worm arrives in power distribution net and all of a sudden we're running on 352V at 35Hz"
As usual, a vendor with a product or service to sell will only tell you the supposed benefits. It's up to you to find out the downside. A bit unbalanced, really.
Sometimes companies buying things is like watching children at play - they've no idea, they're just attracted to the twinkling lights.
> The Register can’t help but wonder whether the public Internet can
> ever be a good place for industrial control systems.
Fuck no. You can broadcast the telemetry from systems and you'll get results from the internet. If you allow control from the internet then sooner or later a 12-year-old will tap in and turn everything up to 11 just to see what will happen.
Or so I would hope. If you want to send data to it, do a hardwired connection while it's parked for service.
I'm not really sure why being able to monitor jet engines in realtime will save money. I would assume the airplane already routes the data in question (and far more) to the black box, so presumably the data is already being collected. How is having it in realtime saving money?
I suppose they could have a realtime uplink to a satellite that allows the ground to have a copy of black box data, in case the plane sinks in a deep trench where it's unrecoverable. The ground could also have computers monitoring engine performance, to possibly know about problems developing because they become obvious to the pilots. Maybe that's where the money savings comes in, though when selling it to the regulators and public you'd talk about the possibility for saving lives.
The funny bit is that Rolls Royce already do this.
They can call up the airline to tell them about increased wear in the engines before the aircraft even lands, so that the airline can plan maintenance and arrange alternate aircraft, routing etc.
I recall hearing somewhere that they have even been the ones to inform air traffic control about aircraft crashes, and their data is often the first the investigators get.
Once again, the Americans are touting something the Brits have done for years as "new".
You two are talking about proprietary networks, not "TheInternet[tm]".
A couple examples from the USofA ... Boeing's internal network was vastly larger than the fledgling "Internet" until roughly 1986; IBM's internal network was larger than the fledgling "Internet" until roughly 1989. Ford's internal network was larger until roughly 1991.
Don't play the nationality-card. Play the tech-card, or you look silly in a forum like this.
 Whatever that means these days ...
Rolls called one of Qantas's A380s over Jakarta when the compressor on their inboard engine blew up and took most of the wing. From the interview with the pilot, they asked if the engine had blown up and if the wing was damaged.
How about build an engine that doesn't fucking explode next time Rolls.
"Rolls called one of Qantas's A380s over Jakarta when the compressor on their inboard engine blew up and took most of the wing"
"'m not really sure why being able to monitor jet engines in realtime will save money. I would assume the airplane already routes the data in question (and far more) to the black box, so presumably the data is already being collected. How is having it in realtime saving money?"
You'd be wrong. Airlines carry 3 types of recorder. Maintenance, flight (the black box) and the cockpit voice recorder. The latter 2 (I'm not sure if they are combined into 1 "box") are designed to survive a crash and drop into an ocean.
AFAIK data items are set by law and actually quite limited. Any other parameters are at the mfg discretion.
IIRC BEA started carrying data recorders back in the early 70's which allowed them to re-schedule maintenance and keep more aircraft flying longer (BEA seem to have been pretty innovative in IT). These were not designed to be crashworthy. It's very handy if they do as they carry many more parameters.
"The Register can’t help but wonder whether the public Internet can ever be a good place for industrial control systems."
The plan is less about about connecting industrial systems to the internet, but more about integrating industrial systems with enterprise systems.
One of the reasons that industrial systems traditionally have such lousy security is that for many years they were considered isolated from other systems so didn't have to follow the same rules. Then someone stuck them on the internet for convenience and voila, all the insecurities were suddenly writ large.
Ironically by looking at industrial systems as part of a whole, security has to embedded from the outset rather than adding it on as an after thought. At the same time you vastly increase the services provided such as advanced prognostics, better robustness, and easier configuration.
The truth is industrial automation is no longer confined to small areas of a factory. Things like the next generation smart electrical grid which will require integration across a huge number of industrial and management devices require a rethink on how we access and control our devices. The advantages are to huge to be ignored, but it has to be done right from the outset using the latest techniques in both security and technology.
Sorry, bit of a boring comment really....
A key problem here is a lot, in fact almost all, of existing control systems were NOT designed to be secure enough to have world+dog probing their nether regions over t'Internet. Even when bugs are found most operators are loathed to change a fully commissioned working system due to the risks of other unexpected side effects, the possible lack of current personnel fully understanding an older system, and the difficulties of testing everything on a safe simulator/system before you go live with it.
With expected life times of 10-20 years do you really think they will replace them sooner to fix the deep seated design problems, or just ignore the risks because its the "done thing" in this new business model?
Not quite sure about "continuous" or if it's a downloaded log off the FADEC on landing.
IIRC GEC were big on proposing some kind of industrial LAN standard in the 1980s. I think Ford were on board but I'm not sure how popular it really became. I dimly recall "Manufacturing Automated Protocol?"
Perhaps Boris can shed more light.
Remote control of large industrial networks (gas, electricity, phone). SOP for *decades*.
Use of internet protocols Vs closed source proprietary. Not unreasonable.
Routing that data over the *public* internet. WTF? I think the phrase " *grossly* expanded attack surface" is appropriate.
"some kind of industrial LAN standard in the 1980s."
That would be Manufacturing Automation Protocol, MAP, for the shop floor. GM were big supporters. GE Fanuc also were players. GEC Rugby were big supporters too, with their GEM family PLCs, although at the same time GEC Kidsgrove were backing something different based on their existing messaging structure transported over DECnet-connected PLCs. Gould Modicon were also in the game with a Modbus followon. There were other companies too whose names didn't start with G.
From folks like Boeing and maybe Xerox there was the Technical Office Protocol for multivendor exchange of technical documents (files, X.400 email, etc).
Both were based on multivendor networking using OSI lower layers (fixing the problems IPv6 fixes, but long before IPv6 was ever dreamed of), data encoding using ASN.1, and other open standards on top (the original OSI 7 layer model) which was quite heavy (for its day) in compute power terms. The compute power would have been a piece of cake a few years later but everyone has now been persuaded that the teletype-era protocols such as TCP and SMTP and ftp are perfectly capable of doing secure plausible multivendor integration given a sufficiently large collection of semi-standardised band-aids and elastoplasts.
"downloaded log off the FADEC on landing."
I believe that's how it works; I have a vague recollection it can (and will) be done over WiFi (though a different name may be used to confuse the naive e.g. ARINC664/AFDX vs plain ordinary 100BaseT). There are separate mechanisms for in-flight remote error logging (read about the events logged by AF447 for more info).
Ok, so this isnt new? Well in fact it is new - this is about MONITORING systems and NOT control systems. Dont ask me how I know, I just do. The scale of this is far greater than anything anyone has done before. Yes, Rolls Royce may do a small amount of this, but whilst currently a certain amount of data goes back to the black box, that is tip of the iceberg. What's being looked at here is ADDING new monitoring systems that can be fitted in areas of both engines and the rest of the craft, that dont currently exist, and getting, as earlier comment says Rolls do, this information out in real time. Its all about accident prevention and maintenance. Its likely to allow engineers and designers to trend failures, to extend maintenance intervals or reduce them as appropriate. It is likely to result in a)reduced cost of flights b)extended life of aircraft c)reduced failure and accident rates. All of these are real, measureable deliverables in this field.
I'm all for it - If the stress fractures on one plane immediately resulted in vibration in the turbine - and the plan im on has vibration in the turbine. I'd want to know right now. And someone to tell the pilot, and get that plan out of the sky before it falls of its own accord!
Everyone seems to be confused about what GE is proposing here. This is mainly about monitoring of equipment. The idea is that if you can collect large amounts of data and correlate them, you can start to make predictions about what will happen before it happens. This will only work if all those devices can be connected somehow and Ethernet and related technologies are the way to do it.
The report also mentions software. Collecting data is one thing, but then it needs to be stored and analysed.
However, should you wish to control over the Internet, I don't see why not. There are technologies that exist that allow secure communications over the Internet (ever used Skype or Internet banking?). Obviously they need to be implemented correctly and we may need a new breed of control engineer that understands network security, but it can be and is being done.
Overall this should be seen as a good thing for the industry. More hardware sales, more software needing to be written, more systems to be maintained, more people to do the work, all justified and paid for by savings being made in other areas.
As far as i can see this paper isn't saying 'lets connect our existing systems to the existing internet'. If they did that then the comments in this section are valid. What it does seem to be saying is "What should we be doing to connect our systems and the people who manage and maintain them together?".
One of the things that clearly comes out is 'we need secure connections'. This might mean a redesigned internet, new protocols built for security rather than robustness. What GE seems to be doing is setting out a challenge. "If we are to do this properly, how are we to do it?"
The need for such systems is growing. Operators want more reliable systems with minimum down time. They want experts available 24 hours a day 7 days a week so that if something does go wrong it can be fixed immediately. They want to be able to operate in more remote locations (think deep water drilling or offshore windfarms or remote pumping stations). Preferably, the operators want to know if something is going to go wrong before it actually does so they can be ready with a maintenance schedule and the appropriate equipment, particularly if the thing which has to be maintained is in the middle of the North sea.
Given these pressures from operators the suppliers have responded by bolting on interconnection to existing kit. This, as has been pointed out, is a recipe for disaster.
Like it or not we are now in a globalised world where the expert on a system may live on the other side of the planet. We are in a data centric world, where what the plant is doing RIGHT NOW is of importance to the operators and where there is a need to respond rapidly to changing conditions.
And I'm beginning to sound like GE now so I'll get my coat. It's the one with a bunch of fibre optic cables and thermocouples in the pocket.
Not much on cost.
Retrofitting these kind of detailed sensors will be expensive.
As for fuel saving I'd thought FADEC and plant control systems on stationary generators do this anyway
Are they suggesting 2nd order analysis of results to tune the tuning constants?
"As for fuel saving I'd thought FADEC and plant control systems on stationary generators do this anyway"
My mate with Derby connections says the smarter flight systems do already do this, but I've heard from two sources that the CCGT systems in power stations etc are controlled by little more than bog standard PLCs and the site operators can twiddle with the settings to suit their personal preferences in any given set of circumstances.
Seems vaguely plausible, but cbw.
"My mate with Derby connections says the smarter flight systems do already do this, but I've heard from two sources that the CCGT systems in power stations etc are controlled by little more than bog standard PLCs and the site operators can twiddle with the settings to suit their personal preferences in any given set of circumstances."
I guessed aircraft would be up for anything that cut their fuel bills.
As for PLC's, robust for control but not exactly the system of choice for an optimisation algorithm.
might be an opportunity there for a service (I thought RR did quite a lot of the stationary gas powered generators sets as well) but running an app on a PC in the site office seems just as possible.
"As for PLC's, robust for control but not exactly the system of choice for an optimisation algorithm."
PLCs (note lack of apostrophe) are the bit of kit that does the grunt work, not the brains of the operation. Think Privates in the Army, or pawns in Chess. The optimization (note spleling) of code is done by the operators of the computers controlling them. PLCs don't do much on their own ... They pretty much just measure & report.
Side-note: RR's gensets are crap. Get a custom Generac if you're serious ...
"PLCs (note lack of apostrophe) are the bit of kit that does the grunt work, not the brains of the operation."
Which confirms my experience of Programmable Logic Controllers.
Do people still use relay ladder logic to program them?
"The Register can’t help but wonder whether the public Internet can ever be a good place for industrial control systems."
Well... Ready or not, here she comes!
Burying your head in the sand on this issue will get you/us a couple things.
1. A huge missed opportunity in terms of a business. Stop whining about how bad an idea it is, and start solving problems.
2. A lot of nasty industrial scale surprises.
The thing is, this data is often quite valuable. People / companies want it, and they are going to have it; one way or another. It WILL happen on the public internet, if, for no other reason than the way that the incumbent telecom industry has treated any sort of non-standard request.
For those who did not know.
Does anyone doubt where this is going?
Biting the hand that feeds IT © 1998–2017