nanog mailing list archives
Re: First real-world SCADA attack in US
From: Jimmy Hess <mysidia () gmail com>
Date: Tue, 22 Nov 2011 20:51:46 -0600
On Tue, Nov 22, 2011 at 5:23 PM, Brett Frankenberger <rbf+nanog () panix com> wrote:
On Tue, Nov 22, 2011 at 06:14:54PM -0500, Jay Ashworth wrote: in a manner that removes voltage from the relays). It doesn't protect against the case of conflicting output from the controller which the conflict monitor fails to detect. (Which is one of the cases you seemed to be concerned about before.)
Reliable systems have triple redundancy. And indeed... hardwired safety is a lot better than relying on software. But it's not like transistors/capacitors don't fail either, so whether solid state or not, a measure of added protection is in order beyond a single monitor. There should be a "conflict monitor test path" that involves a third circuit intentionally creating a safe "test" conflict at pre-defined sub-millisecond intervals, by generating a conflict in a manner the monitor is supposed to detect but won't actually produce current through the light, and checking for absence of a test signal on green; if the test fails, the test circuit should intentionally blow a pair of fuses, breaking the test circuit's connections to the controller and conflict monitor. In addition the 'test circuit' should generate a pair of clock signals of its own, that is a side effect and only possible with correct test outcomes and will be verified by both the conflict monitor and the controller; if the correct clock indicating successful test outcomes is not detected by either the conflict monitor or by the controller, both systems should independently force a fail, using different methods. So you have 3 circuits, and any one circuit can detect the most severe potential failure of any pair of the other circuits.
-- Brett
-- -JH
Current thread:
- Re: First real-world SCADA attack in US, (continued)
- Re: First real-world SCADA attack in US Joe Hamelin (Nov 22)
- Re: First real-world SCADA attack in US Mike Andrews (Nov 23)
- Re: First real-world SCADA attack in US Valdis . Kletnieks (Nov 22)
- Re: First real-world SCADA attack in US Steven Bellovin (Nov 22)
- Re: First real-world SCADA attack in US Steven Bellovin (Nov 22)
- Re: First real-world SCADA attack in US Michael Painter (Nov 22)
- Re: First real-world SCADA attack in US Ryan Pavely (Nov 22)
- Re: First real-world SCADA attack in US andrew.wallace (Nov 22)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 22)
- Re: First real-world SCADA attack in US Brett Frankenberger (Nov 22)
- Re: First real-world SCADA attack in US Jimmy Hess (Nov 22)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 22)
- Re: First real-world SCADA attack in US Valdis . Kletnieks (Nov 22)
- Re: First real-world SCADA attack in US Michael Painter (Nov 23)