The increasing number of recent cyber-attacks demonstrates the current vulnerability of hardened Industrial Control Systems (ICSs).This affects the essential services and the critical infrastructure of any manufacturing, power plant and facility relying on an industrial process. Even the most trivial breach into the industrial process control can effect the entire system and leave companies and governments exposed to significant risks.
Historically, ICSs were kept separated from other corporate and business systems, so even though these networks may not have been effectively secured, they were completely isolated for health and safety reasons. This is not true anymore: the continuous integration of the IT business systems with ICSs on one hand provides economical and functional benefits for the companies, but on the other hand exposes the industrial infrastructure to external cyber-attacks. For this reason, it is necessary to adapt the current ICSs technologies to face with the changing threats and vulnerabilities of the cyber world. One of the joint activities carried out by CERN and Siemens within the openlab collaboration focuses on evaluating and improving the ICSs’ security. Unfortunately to achieve this, it is not possible to directly apply relative mature IT solutions, because they have been differently designed and sometimes could even interfere with the normal and correct operation of the industrial system.
CERN and Siemens have joined their efforts to design and implement an extensible test-bench, specially developed to evaluate the industrial devices robustness by taking into account their specifications and requirements. Complex systems, like CERN experiments, make use of a wide variety of communication protocols to interconnect the different applications and software modules, which, if left unpatched, expose the entire system to risk. This increases the complexity of the testing phase as it is necessary to cover all of them and ensure that they not only function as intended under ideal conditions, but that they also contain no vulnerabilities and are resilient against possible attacks. The benefits of the research and security testing activities at CERN extend beyond the goal of reducing the possibility of an attack but try to enhance the overall system reliability and to improve the robustness of Siemens products.
Relational Database Archiver
During the past year, the ACCC team kept working on the Oracle archiving module for SIMATIC WinCC Open Architecture (OA) version 4, which is the future unreleased revision of the Supervisory Control and Data Acquisition (SCADA) system currently used by CERN. The next major release is based on the architecture designed to handle Siemens products requiring data archiving. An outcome of the CERN openlab Automation and Controls Competence Centre (ACCC) activities is the so-called Oracle Storage plugin – a software module responsible for handling Oracle database archiving. The module, part of the new architecture, was partially written in 2011; and has been re?tested and adjusted to reflect updated requirements this year.
The collaboration with Siemens also includes know-how exchanges as CERN is running one of the most demanding and complex WinCC OA installations in the world and has unique experience with high-throughput data archiving. The initial work on the new logging architecture’s integration into WinCC OA 4.0 has recently been completed while the design phase of the relational database schema for Oracle has started. The work on the new system was carried out in parallel with the work for improving the current Archive Manager (version 3.X) – a part of the system responsible for storage and retrieval of alarms and process value changes from Oracle databases, which are used for data archiving at CERN. The improvements were included in the latest release of WinCC OA 3.11 and comprised better disk data buffering in the event of loss of connection with the database, as well as improved retrieval of data trend graphs by performing grouped queries.
A validation of new features in WinCC OA 3.11 has also been performed within the scope of openlab, as CERN prepares to upgrade its SCADA system to the latest available version during the of data aggregations on the database side, called RDB Compressions, has been especially welcomed by the CERN WinCC OA community. The new mechanism helps to reduce the amount of historical data by applying various functions over user-defined time intervals and has been thoroughly tested at CERN, which has led to significant performance improvements.
Centralised Deployment Tool
The WinCC Open Architecture (OA) product from ETM (Siemens) is especially well suited for the control and supervision of very large and highly distributed systems like the controls of the LHC experiments and many accelerator services. These control systems consist of many inter-cooperating WinCC OA applications, which are distributed over many computers. The unprecedented size of these control systems, as well as their long life-cycle require the setting-up of an efficient maintenance strategy. The WinCC OA Centralized Deployment Tool is largely inspired by an existing CERN solution and will aim at:
- Easing the initial set up of the control systems.
- Providing an overview of the different software packages forming each of the application in the control system.
- Providing a powerful way to push upgrades onto sets of applications in a centralised fashion with very limited resources.
Although the final specification is still under discussion with the different stakeholders (CERN, ETM and some other Siemens branches), different work packages have already been identified and the initial CERN contribution to the project in the context of openlab has been agreed on. In particular, the Central Deployment Tool will make intensive use of the so-called ASCII manager, which is a standard component of WinCC OA, to set up the real-time database of the controls applications. An efficient and robust operation of the ASCII manager is of vital importance for the success of the Central Deployment Tool. In the past few months, the team focused on benchmarking the performance of the process. Extending the current functionality of the ASCII manager by providing support for the XML file format or by implementing pre?validation of the database files prior to their import is also considered. This would facilitate the interface with the enterprise environment (e.g. application generation tools, centralised maintenance tools). Although the work performed is driven by the requirements imposed by the Central Deployment Tool, every WinCC OA user would benefit from the improvements made to the ASCII Manager.