The benefits of Advanced Process Control (APC) technology are deemed so significant that many manufacturing experts consider the use of APC a necessary requirement to remain competitive. A closer look into the technology may reveal the reason.02/26/2007
Developing Operating Procedures For Projects Involving Multiple Organizations Using a Linear Responsibility Chart
One of the difficulties of managing projects that involve several organizations is that the group has no pre-established procedures for handling actions that cross organizational boundaries. Read this white paper to learn tips that can resolve cross organizational boundaries.02/11/2008
Why is tracking actual costs and resource usage on a project ever worth the effort required to accomplish it?02/11/2008
This paper focuses on the resource that is of greatest concern to most organizations personnel.02/11/2008
The upgrade of an existing operational plant to a new control system can be full of uncertainties, especially in the areas of operability, downtime, and benefit. Cabot Corporation recently upgraded their Treated Silica operations in Tuscola, Illinois to Batch software, new PLC processors, and an upgrade of the existing HMI's to the latest version of the vendors software. The previous system was using older PLC's with HMIs in a semi-automatic configuration. The system relied heavily on the operators to make critical batch decisions and mechanical equipment adjustments. Cabot utilized the services of a batch software provider/developer, who developed the new system using S88 standards. The system started up with minimal downtime and has delivered as promised. The Units have seen as much as 30% increased throughput, production record keeping has become more accurate, and the product has become more consistent. These gains were achieved by the automation of a great majority of the operators former manual tasks, which included the use of batching technology and the addition of more automation equipment in the field. Additionally, to speed production and fulfill Cabot's production needs for greater throughput, recipe entry onto the batch list is now handled using specialized campaign software.08/26/2008
The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC, S7 and PCS 7 control systems. The worm used both known and previously unknown vulnerabilities to spread, and was powerful enough to evade state-of-the-practice security technologies and procedures.
Since the discovery of the Stuxnet worm in July 2010, there has been extensive analysis by Symantec, ESET, Langner and others of the worms internal workings and the various vulnerabilities it exploits. From the antivirus point of view, this makes perfect sense. Understanding how the worm was designed helps antivirus product vendors make better malware detection software.
What has not been discussed in any depth is how the worm might have migrated from the outside world to a supposedly isolated and secure industrial control system (ICS). To the owners and operators of industrial control systems, this matters. Other worms will follow in Stuxnet's footsteps and understanding the routes that a directed worm takes as it targets an ICS is critical if these vulnerable pathways are to be closed. Only by understanding the full array of threats and pathways into a SCADA or control network can critical processes be made truly secure.
It is easy to imagine a trivial scenario and a corresponding trivial solution:
Scenario: Joe finds a USB flash drive in the parking lot and brings it into the control room where he plugs it into the PLC programming station.
Solution: Ban all USB flash drives in the control room.
While this may be a possibility, it is far more likely that Stuxnet travelled a circuitous path to its final victim. Certainly, the designers of the worm expected it to - they designed at least seven different propagation techniques for Stuxnet to use. Thus, a more realistic analysis of penetration and infection pathways is needed.
This White Paper is intended to address this gap by analyzing a range of potential "infection pathways" in a typical ICS system. Some of these are obvious, but others less so. By shedding light on the multitude of infection pathways, we hope that the designers and operators of industrial facilities can take the appropriate steps to make control systems much more secure from all threats.02/28/2011
This application note describes how to use the Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.
What is Stuxnet?
Stuxnet is a computer worm designed to target one or more industrial systems that use Siemens PLCs. The objective of this malware appears to be to destroy specific industrial processes.
Stuxnet will infect Windows-based computers on any control or SCADA system, regardless of whether or not it is a Siemens system. The worm only attempts to make modifications to controllers that are model S7-300 or S7-400 PLCs. However, it is aggressive on all networks and can negatively affect any control system. Infected computers may also be used as a launch point for future attacks.
How Stuxnet Spreads
Stuxnet is one of the most complex and carefully engineered worms ever seen. It takes advantage of at least four previously unknown vulnerabilities, has multiple propagation processes and shows considerable sophistication in its exploitation of Siemens control systems.
A key challenge in preventing Stuxnet infections is the large variety of techniques it uses for infecting other computers. It has three primary pathways for spreading to new victims:
- via infected removable USB drives;
- via Local Area Network communications
- via infected Siemens project files
Within these pathways, it takes advantage of seven independent mechanisms to spread to other computers.
Stuxnet also has a P2P (peer-to-peer) networking system that automatically updates all installations of the Stuxnet worm in the wild, even if they cannot connect back to the Internet. Finally, it has an Internet-based command and control mechanism that is currently disabled, but could be reactivated in the future.11/30/2010
This White Paper explains:
- What the 3S CoDeSys vulnerabilities are and what an attacker can do with them
- How to find out what control/SCADA devices are affected
- The risks and potential consequences to SCADA and control systems
- The compensating controls that will help block known attack vectors
A number of security vulnerabilities in the CoDeSys Control Runtime System were disclosed in January 2012. In October 2012, fully functional attack tools were also released to the general public.
While CoDeSys is not widely known in the SCADA and ICS field, its product is embedded in many popular PLCs and industrial controllers. Many vendors are potentially vulnerable, and include devices used in all sectors of manufacturing and infrastructure. As a result, there is a risk that criminals or political groups may attempt to exploit them for either financial or ideological gain.
This White Paper summarizes the currently known facts about these vulnerabilities and associated attack tools. It also provides guidance regarding a number of mitigations and compensating controls that operators of SCADA and ICS systems can take to protect critical operations.12/26/2012
Traditional process models typically view a transfer line between Units either as a physical extension of the batching vessel or as a shared equipment module. The valves in the transfer line are then convenient places to establish the boundary of the upstream or downstream Unit.06/23/2008
The Control article "Six Sigma Alarm Management" highlights an end user's experience applying Six Sigma practices to his alarm management effort. This white paper by TiPS, explores why Six Sigma is such a good companion for an alarm management program and outlines various ways Six Sigma can be incorporated into the alarm management workflow.03/21/2008
When considering the dizzying array of factors that influence alarm design and performance, it becomes clear that the alarm system is a hotly contested item. This technical paper notes the many factors that impact the performance of an alarm system and where alarm management fits in.08/15/2006
Flameproof enclosure (Ex d) and intrinsic safety (Ex i) are very common equipment protection methods in Process Automation. One reason to use Ex d is the amount of energy which could not be provided via Ex i. This disadvantage has gone with the introduction of intrinsically safe, dynamic methods of arc prevention such as DART or Power-i. This white paper shows that when using intrinsic safety, installation, maintenance and inspection costs will be reduced.
This paper addresses decision makers and professionals responsible for automation systems in hazardous areas. A good understanding of the principles of explosion protection is required.07/10/2012
The benefits of applying the S88.01 standard have been well proven in the industry, although most users have only scratched the surface on achieving these benefits. Some of this dilemma can be attributed to poor application of the standard by users; much can be traced to deficiencies in current tools that are available to the user. The S88.01 batch control standard has been around for five years. Ample time has been available to allow the appropriate tools to be developed that will allow users to take full advantage of the S88.01 standard. Most tools still do not provide enough needed features and flexibility. This paper will discuss ways of improving user application of the S88.01 standard and some of the deficiencies of currently available tools.08/26/2008
This paper analyzes two methods of deferring costs associated with the installation of batch automation systems. The first defers cost by postponing the configuration of recipes and batch management until after start-up. With this method operations personnel manually coordinate the execution of phases and maintain a paper batch record. Often this leads to a design that uses larger and more specialized phases since the execution of the recipe is not automated. A batch management package and recipes can be added at some later time to create a fully automated process. The alternative design implements the batch management package up-front, postponing the configuration of automatic phases until later. Operations personnel would then use the batch management package to guide them through the process as they manipulate the control modules at the direction of the batch management package. Automated phases are implemented in stages deferring costs over time. This implementation can be carried out in a prioritized order, based on operator input, specifying which process operations are the most time consuming and difficult. The two methodologies are examined for potential pitfalls and benefits of each. Compromises that must be made, as well as the functional advantages and deficiencies of each approach will be discussed.08/26/2008
In the early days of batch automation there was usually a central computer that controlled everything. This computer ran recipes, executed sequential logic, did data acquisition of process variables and also performed direct digital control (DDC) of analog and discrete devices. Since one computer did every thing from sequencing to DDC it was only natural to imbed the shutdown and safety logic into the batch sequential code that was running normal operations. And since one huge monolithic program ran the entire process, the safety logic was always running. In modern S88 (IEC61512) based modular batch automation systems the monolithic code has been replaced by smaller reusable phases controlled by a batch manager that runs recipes. Many who have grown up with DDC imbed safety logic inside the phases. This approach requires an active equipment phase at all times to keep safety logic available at all times. There is a problem with this approach. Phases are transient by nature. They have a beginning and an end. You cannot guarantee that there will always be an active equipment phase. Although there may be some holding logic associated only with a specific phase, often this logic is generic and should be moved up to the unit level. This paper looks at methods available to the user for safety and exception recovery logic in current modular batch systems. Included are case studies of five separate batch projects where recognizing exception conditions and executing safety shutdown logic was essential.08/28/2008
This article describes two independent techniques for ensuring strong security in systems using OPC Classic technology01/14/2013
The purpose of this paper is to explain the general concepts, purposes, specific responsibilities and requirements associated with an effective project management office.07/14/2008
Automation designers face many challenges and tradeoffs in the development of a successful network solution. This White Paper discusses the necessary choices in selecting a network technology appropriate for various specific applications.09/23/2005
Gainsville Regional Utility Leverages Limited Maintenance Resources By Adding an Asset Management System as Part of a Repowering Project.
To meet growing power demans in the area, the John R. Kelly Generating Station in Gainsville, Fla., repowered an existing 48 MW steam unit by constructing a combined cycle facility. It uses a General Electric gas turbine and an ATS heat recovery steam generator to drive the existing steam turbine.06/07/2012
There is a significant difference when it comes to birds and control systems from a perspective of migration. While some of the birds migrate back to its original place after the seasonal change, the reasons of migration does not change! This paper describes a successful approach towards migration of legacy control systems and draws analogy from the above for the purpose of illustration.05/18/2007