Read on Twitter
CW: Stuxnet
Now feels like a good time for a long(?) story.
Back in 2010 I was doing a project at a small 10-15 MGD water plant that services probably 25,000 - 30,000 people. This was a full rebuild of their control system: 16 PLCs, 12 local HMIs, and one central HMI.
1/11
Now feels like a good time for a long(?) story.
Back in 2010 I was doing a project at a small 10-15 MGD water plant that services probably 25,000 - 30,000 people. This was a full rebuild of their control system: 16 PLCs, 12 local HMIs, and one central HMI.
1/11
September 27th was a wonder Monday morning. The drive along the Delaware river was beautiful, and I was all ready for a nice day. We had recently completed the last filter bay and were working on tuning the various chemical feed systems.
2/11
2/11
I get to the plant and start BSing with the operator on duty. All of the sudden the lead operator busts in the door in a huff. He slams down a story from Sunday's Wall Street Journal, and wants to know how they are going to protect against "this". https://www.wsj.com/articles/SB10001424052748704082104575515581009698978
3/11
3/11
This was my first exposure to the now famous Stuxnet, and I have to read this article and come up with concrete ideas that can help calm everyone's nerves.
At this point, I will remind the readers that many of the operators are smart men who don't know computers at all.
4/11
At this point, I will remind the readers that many of the operators are smart men who don't know computers at all.
4/11
First things first, I address the immediate concern. They don't have any Siemens equipment, so the ICS portion of the virus won't affect them.
But... this doesn't mean they are in the clear. I spend the rest of the morning explain what little I know about security.
5/11
But... this doesn't mean they are in the clear. I spend the rest of the morning explain what little I know about security.
5/11
- Don't plug that office network (points across room) into the PLC network (points to cabinet).
- Don't plug unknown USBs into the HMI server.
- Don't leave the service DSL line connected.
- Actually just don't let any plug in a USB unless absolutely necessary.
6/11
- Don't plug unknown USBs into the HMI server.
- Don't leave the service DSL line connected.
- Actually just don't let any plug in a USB unless absolutely necessary.
6/11
This municipality was incredibly fortunate. Their two most senior operators were taking their time to really dig in and learn how they can keep the plant safe. They really wanted to understand the risks and how they could help.
7/11
7/11
Over the course of that week the lead operator had similar conversations with the remaining operator and created signage and SOPs to remind the staff. Let's just say, I was impressed by the whole process.
8/11
8/11
Why do I tell this story now?
In light of recent events, I think people will benefit from some background knowledge about these water plants. These operators are generally not computer people.
9/11
In light of recent events, I think people will benefit from some background knowledge about these water plants. These operators are generally not computer people.
9/11
With my current employer we hope for process knowledge but never assume computer knowledge. This helps us build safeguard into the HMI that could have helped in recent situations.
10/11
10/11
- Limit setpoints to reasonable values (PLC & HMI)
- Two click confirmation for any discrete command
- No remote connections without confirmation first
- Train the operators on what to do if someone connects without contacting first
- Write SOPs. Operators love procedures.
11/11
- Two click confirmation for any discrete command
- No remote connections without confirmation first
- Train the operators on what to do if someone connects without contacting first
- Write SOPs. Operators love procedures.
11/11
