Lack of security on SCADA systems keeping NSA awake at night

MIT Technology Review posted an article about the NSA’s Rob Joyce’s, chief of the NSA’s Tailored Access Operations unit, concern about internet security.  He is worried about the Internet of Things .

Joyce said that the so-called “Internet of things” is a major boon when the TAO group needs to attack a target. He singled out heating and cooling systems as examples of Internet-connected devices that offer national-level hackers a route into organizations that computer network administrators often overlook. Joyce spoke at the Enigma security conference.

However, Joyce also said that the poor security of such devices is one of his primary concerns when it comes to the safety of U.S. networks.

However what is causing him real loss of sleep are SCADA systems or (Supervisery Control and Data systems)

“SCADA security is something that keeps me up at night,” said Joyce. He suggested that it might need new ideas from academia, which works on more fundamentally new ideas than industry, to improve the situation.

Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, California, who attended Joyce’s talk, said that he had correctly highlighted a significant problem, and an area where scary discoveries are easily made but possible solutions very scarce. “I don’t do SCADA research because I like to sleep at night,” said Weaver.

Researchers that do work on SCADA security have found evidence that there are groups trawling the Internet looking for industrial systems to infiltrate (see “Chinese Hacking Team Caught Taking Over Decoy Water Plant”). A recent report by the Nuclear Threat Initiative said that many nuclear power and weapons facilities are not adequately protected against computer-based attacks.

These are small remote small systems that control utilities, power grids, pipelines and among other things.  Most use an unsecured web interface


Posted in General | Leave a comment

The Apple Cult

Its been observed that that Apple enthusiast can take on some cultist behaviour,  Erica Robles-Anderson, presents the case that Apple is cult-like, in an Interview with Sarah Laskow.  A case is presented that this might not be accidental, but part of an intentional culture. Ms. Laskow observes:

In more ancient times, when communal experiences were mediated by religion, crowds used to gather outside temples on feast days. In Biblical times, for instance, on pilgrimage holidays like Passover, Jewish people were supposed to travel to Jerusalem, to be present at the Holy Temple, where the High Priest would make a sacrifice to God.

Nowadays, we have Apple Release Day—the Feast of St. Jobs—when faithful customers gather outside Apple stores and await the renewal of a next generation iPhone.

What Apple has achieved  can only be envied by their competition.  Google Sony, or Sampson would love to have the following and loyalty of their enthusiest Apple enjoys. Robles- Anderson doesn’t believe this is just accidental.

One of the first lessons from Erica Robles-Anderson, a professor at New York University, is that the collective experience of an Apple release does not come about by chance. Not far from the Apple Store in SoHo, one of New York’s high-end shopping districts, a Samsung store opened recently. “They had giant ropes outside, as if anticipating a giant crowd, and big bouncer-looking people in fancy suits,” she says. “And then…crickets.”

Edgar Cervantes of Fox News explains why marketing matters, and Apple has nailed it, Their competition hasn’t quite figured it out.

There’s no doubt other companies can learn a lot from Apple’s marketing and strategies. Whether you will see the company as a cult or not, we can’t deny they hold a very tight grip on the market, even if Android manufacturers have proven time and again that they can often do a better job at making a gadget.

This is why Apple doesn’t need to be first at anything, they just have to make the strongest impression with what they do, something they are amazingly good at. They target your feelings, psychology, physiology and senses.

Posted in General | Leave a comment

Python: Almost General Purpose Language.

PythonLast month we explored  spreadsheets as means to do some number crunching,  Some times the best way to crunch some numbers might be with some realtime programming.

So many programming languages today and so few projects.  At one time there were three choices available for the engineer. FORTRAN, BASIC  and Machine Language Assembly.  No, COBAL was never a reasonable choice. The differences, benefits and liabilities of each language was usually pretty clear.  FORTRAN was for complex calculations and BASIC for on the fly programs.  And Assembly for Systems type programming. Fortran was called the Engineers / Science language. Everything evolves. C is one of the older languages, but it still is used, and is one of the most commonly used programming languages.

Today most engineering people have a grasp on at least one language,   The choices vary C, HTML PHP Java, Javascript, Python and Ruby. .

Embedded projects often have code written in C or C++. Developing projects based on the Arduino and Raspberry Pi, are commonly programmed in C., But Python apps can be useful for communications and displays on a Windows Apple  or Unix Machine with these embedded accessories.

Some of the reasons that Python is ideal for a lot of these MMI (Man Machine Interface) applications.:

  • Its an interpreted  language,  that runs scripts. This means that it doesn’t need to be compiled., This speeds up development time whether you are protoyping or developing for a product.
  • It’s fast. On most machines most applications will be indistinguishable from C/C++  when run Most of the supported functions are written in C .
  • Well supported  with tons of Libraries
  • Well supported with tutorials,, and Code Academy are good places to start.
  • Its universal. the same program can be run on Apple, Windows, or Unix machines.

There are two versions of Python. 2.xx and 3.xx 2.xx is the version that people have been using for years.  it is stable and probably still the most popular. version to write in. Python 3.0 final was released on December, 2008. It offers better structure and consistency. There is a choice 2.10 is offers the best library support. although 3.5 is rapidly catching up. Contributers are modifying librarys. and there wide support. One can down load and use either into their machines without conflict.

In the next few weeks I would like to explore some of the options one has in selecting packaging, libraries and tutorials.


Posted in General, Software, Technical Tips | Leave a comment

Spreadsheets and Engineering Notation

SpreadWas a long time ago when engineers ran around with their trusty slide rules. We would probably still be using them if it weren’t for the three digit accuracy and trying to keep exponents straight,  Cheap calculators resolved this problem Giving 6, 8, 9 or more  digits of accuracy.  Most good calculators would offer a choice of scientific or engineering notation.   Even if the choice were not there it is easy enough to adjust the exponent when we put it on paper.   The thing is, engineering type people like their exponents expressed in numbers divisible by three.  It works out well for conversions to mil, micro, nano, kilo, and mega that engineers and other technical people are so fond of.

Today most calculations are done on a computer or notepad. Many (most?) of these calculations are done with a spreadsheet.  Excel being the most popular.  While LibreOffice Calc is developing a following.   Its free and it is portable or loadable from a thumbdrive .   Featurewise, it stands pretty tall compared to its competitor, Excel.  The big issue with me though was Calc’s lack of support for  ‘Engineering Notation’,  Excels support wasn’t so great but inserting the proper code one could get decent formatting

This can be done with a custom format such as ##0.00E+0 or ##0.0E+0 but this gives poor results with number less than 1,000.

This custom format works better: [<0.01]##0.00E+0;[<1000] #0.00;##0.00E+0

With Excel 2013 It doesn’t seem possible to get any Engineering Notation directly through menuing and mouse clicks.  But you can set the format through the number | custom menu.  Its been possible to use engineering notation with Excel for several years and previous versions.

LibreOffice came out with a new release 5 this month. I was surprised to note that one of the enhancements was Engineering Notation. Kewl!  I really liked Libre Office’s Spreadsheet program but did find the lack of Engineering notation annoying. While the Calc version does offer menu selection for a crude Engineering Notation style it uses the simple format code ##0.0E+0 the more complex   [<0.01]##0.00E+0;[<1000] #0.00;##0.00E+0 performs marvelously and displays in a more acceptable manor.  But must manually typed or pasted as done in Excel.

LibreOffice is a valuable tool to have on hand. It is cross platform, running on Linux, Windows and Apple devices, there is even an Android version available although it is claimed to be a read only version, some editing can be done with it. The other nice thing about LibreOffice is that it is portable, it can be loaded on a thumb drive and be run on any computer without actually installing on the computer.

Oh yeah did I mention its free?

Posted in General, Software, Technical Tips | 1 Comment

Providing Solutions

Since PCO’s birth in 1995, PCO has strived not only to repair and supply electronic/electrical equipment, but also to provide solutions to problems or issues. PCO’s mission is to solve your problem from the transmitter in the field to the DCS, PLC, or computer station in the control room.

These solutions come in many forms, such as innovative hardware or software solutions, enhanced testing capabilities, and electronic design and redesign of obsolete products and integrated circuits.

PCO has received many items that were deemed unrepairable by other organizations. In most cases, PCO was able to repair the item.  In cases where the part was beyond repair we provided a solution such as exchange of the item or sale of a replacement. In rare occurrences an immediate upgrade is needed to get the end user back running at optimum levels safely.

Let us know your problem; chances are we have your solution.

Posted in General | Leave a comment

PCO’s ABB Product Support Ramps Up

ABB_logoIn 2009, with the hiring of Jim Seifert and subsequent opening of our Tampa facility, PCO has increased our support level for many ABB product lines. This includes, Bailey Net90 & Infi90, Mod300, Analytics, Instrumentation, and many more.

We have enhanced our Bailey products by creating a NPSI Series Power Supply replacement. This replaces the OEM version that was susceptible to thermal induced failures. The PCO version features solid state technology that is commonly used in the military and aerospace industries. Another enhancement we have made is the Bailey LCD. This replaces outdated CRT Displays with current LCD/LED technology. The contrast ratio has improved, the longevity has increased, and the strain on the operator’s eyes is reduced. It also has a reduced thermal signature with less power consumption.

Our Mod300 enhancements include an SC Power Supply replacement that has current monitoring, ORing diodes, LED display, locking power switch, LED indicators, and power fail alarm systems. PCO’s ABB Mod300 LCD replaces outdated CRT displays with current LCD/LED technology. The contrast ratio has improved, the longevity has increased, and it also has a reduced thermal signature with less power consumption. In addition, the Mod300 Bus Mouse Converter allows for the use of a standard PS2 mouse on the ABB Bus.

PCO has expanded our capabilities for process analytics and instrumentation as well. At our facilities we are able to perform quality services such as system testing, calibration, and process simulation on instrumentation and analytic products. We support a comprehensive range of instrumentation including pressure, temperature, flow, and level devices. As for process analytics, we can help maintain your continuous gas analyzers and process gas chromatographs.

All of the product lines we support go through rigorous repair and test procedures as we follow Isoqual criteria. We incorporate system testing, functional testing, in-circuit testing, manufacturing defects analysis, and visual inspection. Each product line has specific testing and calibration requirements. These are developed by our engineering department. Introduced earlier, Jim Seifert, our resident test engineer, has over 30 years of experience. He has an extensive background developing test procedures for QCS/DCS systems, drives, and process analytics and may be able to assist you in diagnosing a problem. Feel free to contact him at the information below.

Contact Information:

Process Control Outlet
11232 Challenger Ave.
Ste. B
Odessa, FL 33556
Phone: 727-807-7068


Posted in General | Tagged | Leave a comment

Tell Your Doctor!

Your process is controlled by hundreds, if not thousands of circuit board assemblies, frequently called modules. As long as everything is optimized and functioning properly, your products and profits are flowing. However, sooner or later a failure will occur in one or more of your modules. When that failure occurs, it is critical that you capture all available information related to the failure. Why you may ask?

Well, from time to time we all go to the doctor because of illness. So, now imagine sitting in the exam room, the doctor walks in, and asks you “how are you doing?” And then proceeds to ask “what’s wrong?” You just sit there and don’t say a word. Now, the doctor has a real dilemma. Since you will not tell him what is wrong, the doctor has no idea of where to start to resolve your illness. The analogy is similar to your failed process control modules.

It is highly likely you will want to repair the failed module and use it as a spare for the next failure. Capturing the failure information will allow the repair supplier….your “module doctor”…to more quickly and accurately diagnose and repair the failed module.

Boards usually exhibit “hard failures,” meaning even if you pull the module from a rack and re-insert it, the module still exhibits the same failure. Less frequently (fortunately) modules exhibit intermittent and thermal types of failures. Intermittent / thermal failures can be very difficult to diagnose. When your module doctor is aware up front the failure is thermal / intermittent, it saves time for you and your module doctor. Perhaps more importantly, knowing the module has an intermittent problem guarantees that your module doctor will be looking for an intermittent problem, eliminating the possibility of a missed diagnosis and getting back the same intermittent module.

Bottom line: Regardless of what doctor you use to repair your failed modules, always provide the information you have regarding the nature of the failure and follow these simple steps:

  1. Treat the modules same as you would a new module. Don’t inflict more damage!
  2. Use a ground strap and place the module in an ESD safe bag.
  3. Package the ESD protected module into a suitable box for shipping.
  4. Provide information pertaining to the failure…..Tell Your Doctor!
Posted in General | Leave a comment

Xerox and Dropbox Make for Easy Mobile Printing

I’m sure at some point we have all wished we could print something from our phones without having to email it to ourselves and then open it on our computers. Well Xerox may have inadvertently solved all of our mobile printing conundrums.

Recently while installing a new Xerox 6010N, I found a program called Xerox PrintBack. It allows you to print from your iOS or Android device to your printer no matter where you are. I have used a similar program from Canon. The catch with the Canon program is you have to be on the same WiFi network as the printer and it only works with some Canon printers. While that might work for some folks, sometimes we need to print something from our phones while we are out of the office or where there is no WiFi. The nice thing about PrintBack is that you can use it while on WiFi or a cell network and it will work with any brand of printer. So, I decided to check out this PrintBack program.

First it requires you to have an e-mail or Dropbox account in order to work. I recommend Dropbox because the integration is seamless. You have to first install the software on your computer that the printer is connected to. When you run through the installation it asks you how you want to setup the delivery service. I chose Dropbox. Then you need to select a printer to print to. It automatically uses your default printer selection as the printer to print to. In this case, I have a Cannon MX410. Once you have linked your Dropbox and PrintBack program together, you need to install the app on your mobile device. This is as easy as searching for PrintBack in your app store and downloading the app. The setup on the mobile device is pretty the same as the computer minus choosing a printer. You just need to link your delivery account to the app. Again I chose Dropbox.

Now let’s try to print something. I have an iPhone so I will be using those steps. (I imagine that it would be similar on an Android device.) Once you have selected something to print, this can be a Microsoft Office* (Word, PowerPoint®, Excel®), Adobe® PDF, etc, you select the “Open In” button. This will bring up a list of icons. Select the “Open in PrintBack” icon. You will then see the print settings screen for PrintBack.

iOS Open In DialogThey are pretty self-explanatory. Once you have chosen your settings go ahead and click “Print”.

If all goes well your document should be printing. All in all it is a pretty simple program to use. I would even recommend it to my grandma.

I’m not sure if Xerox intended for this program to work with any printer, but it does solve the problem of having to have different apps for different printer manufacturers or having to buy an Airprint compatible printer. Best of all it’s free.

Posted in Software | Tagged , , , | Leave a comment

Paul Allen’s Patent Infringment Woes

Interesting news since we last spoke. It turns out that the co-founder of Microsoft Corp. Paul Allen has decided to go forward in a patent lawsuit against a myriad of companies; such as Apple Inc., Google Inc., Facebook, AOL, and even eBay.

Paul Allen helped start up Microsoft with Bill Gates in 1975 before resigning as a Microsoft Executive in 1983. He then went on to start a company of his own known as Interval Licensing LLC in 1992, which is a research company. It looks like he’s been researching all over the internet to find possible patent infringements which he says are being used by most of the internet giants these days. He claims that Interval was a key player in the research and development of the advancement of the internet in the early 1990’s, where they worked and produced over 300 patents for various projects.  The four patents in question all relate to how data on the web is sorted and presented to a user.

The claims against Google are that the search engine company is using a user’s search queries to match advertisements that would appeal to that particular person. This is similar to what AOL does to match news stories to a user’s interest. Interval also says that Apple’s iTunes, eBay Inc, Facebook, Netflix, Yahoo Inc, and Office Depot’s websites have infringed this particular patent that they hold.

Interval also feels that two of their patents were used to provide certain features in AOL’s Instant Messenger, Google talk, Apple’s Dashboard, Gmail Notifier, the Android phone system and Yahoo Widgets.

The last patent relates to Web browsers being alerted to new items of interest based on the activity of other users. Interval says that AOL uses this technology on its shopping sites, while Apple’s iTunes uses it to recommend music.

No comment by the lawsuit or Interval on whether or not Microsoft is included as a patent holder or infringer, even though they offer similar products as all of the other companies.

Paul Allen has pleaded with the court for damages and a ban on all the products that use the disputed technology. This would be his second time trying to see the end of this lawsuit as it was thrown out by a Judge earlier in the year on the grounds that it did not specify specific products or devices.

A Facebook Spokesman has gone on to say in an email “We believe this suit it completely without merit and we will fight it vigorously.”

It will be an interesting case to keep an eye on. Please if you have any comments or new updates about this article keep us posted.

Posted in Consumer Electronic News, General | Tagged , , , , , , , | Leave a comment

A Group Effort

There are traces of at least 30 different programmers in the Stuxnet Worm source code.

At a small conference on cybersecurity sponsored by TechAmerica, Symantec’s Brian Tillett put a number on the size of the team that built the virus. He said that traces of more than 30 programmers have been found in source code.

Another tidbit that I hadn’t seen reported elsewhere is that the peer-to-peer network built into the worm was encrypted. And not only was it encrypted, Tillett noted, but encrypted to FIPS 140-2 standards, which — judging by the noise of the crowd — is very impressive to security geeks.

Emphasis is mine.

Funding, and operating a project this size while keeping it secret is powerful indication that this was a state run thing.   Where and how did they they get the source code for this thing?

Posted in Industry Related News | Leave a comment