CAS June 2017 Newsletter

In This Issue


Part 1 – Special Feature – Automation, You & the Future

There is a hint of the smell of fear when you talk about automation now in 2017. Its become blatantly obvious to everyone that huge changes to our world are coming. The most obvious of which are Amazon’s done delivery and driver less vehicles.The change is obvious, the impact isn’t so obvious. We know they are going to change the world but there is a lack of leadership when it comes to working out how these are going to impact on us. On us a individuals, as family members, as employees, as citizens, as humans.

I for one would like to know how these things are going to affect my life and with that in mind I have decided to launch this series of features. I asked myself the question – How will driverless cars affect the value of my home ? And I found that no-one was talking about it. So here I am trying to stimulate a discussion. Please feel free to write me and contribute your point of view. I will include all respectful non-trolling points of view. I will anonymize your comments and I will not publish your name unless you specifically ask me to.

In a second series of articles we will look at how vulnerable our industry is to cyber attack.


Back to the Future – Automation and the Future

1. Will automation affect the property market?We don’t have any special expertise but we are engineers so we have some good questions. The property market is a marginal one. Minor changes in supply and demand and have large impacts on price. Demand down 5% cn result in prices dropping up to 25%. With this in mind we worry about tech driven changes to the job market and how that could affect your investment in your home.If millions of truck drivers get laid off won’t that affect property prices?

Self driving cars and trucks together with drones are likely to dramatically change the number of drivers. Long haul trucking and urban deliveries are well suited to automation and we can expect millions of job losses in the next decade. (There are approx 1.8 million heavy truck drivers and 1.3 million delivery truck drivers in the USA – so there are lots of jobs to lose.)

How about restaurant automation. Currently McDonald’s employs approx 350k people. Add all the other chains and you have millions of workers.
New McDonald’s In Phoenix Run Entirely By Robots
2. If self driving changes people’s attitudes to commuting, will that change the property market?

It’s conceivable that the longer your commute the happier you will be because it might give you enough extra time for more sleep, eat a meal, do work, interact with friends, watch a movie… Drinking and driving might become a non-issue. If you don’t have to shop anymore because Amazon delivers everything to your door by 9 p.m., then the famous “Location, Location, Location” mantra of realtors may well change.
3. Self Driving Cars and the shape of Cars
Self-driving car shape 1Self-driving car shape 2
If we spend hardly any time looking out car windows, will that mean that the appearance and shape of cars will change?
Here are some of our favorite new car options:

  1. Built in toilet
  2. Built in food prep, microwave
  3. Sleep Module
  4. Work Desk


4. Block Chain I/O – What Bitcoin Can Teach Automation

Blockchain - Scientific Research Publishing
If your government, state, city can’t provide clean drinking water (Flint Michigan style), who are you going to turn to?It’s likely that ‘trust’ is the next hottest commodity because we are all suffering from living in a ‘fake’ world.For us in the automation industry, does this mean that we need to start making ‘trustworthy’ sensors – ones whose readings cannot be changed, ignored and corrupted? CAS and no doubt others are looking at new products like ‘block chain I/O’ modules which block chain the sensor readings in the same way as Bitcoins are, ensuring publicly verifiable ledgers and audit trails.
5. High Temperature Superconductors

In last few years there has been a dramatic technology development which is having a huge impact on the chase for feasible fusion energy. High temperature super conductors unlike low temp super conductors don’t degrade in strong magnetic fields. Fusion requires huge currents to create plasma (needing super conductors) and super high magnetic fields to contain the plasma. These new materials allow for new designs of fusion containment vessels reducing their size by a factor of between 3 and 10 and increasing the practicality of designs.

The ITER project is an international $50bn project to build a huge Tokomak Reactor capable of producing more energy than it consumes. Its design is based on well-established science that has been proven on a smaller scale.  The cost is because of the size. It is expected to complete in the 2020/30’s and commercial scale reactors are expected in the 30-40’s. However, that project is about to be overtaken. With the new HTS materials, MIT thinks prototypes can be built for as little as $2bn and that there will be commercial reactors by 2030 – just a decade and a half away.

4. HTS’s and huge generators / motors. With Mag flux densities orders of magnitude higher we can expect some incredible new motor designs – We may get an order of magnitude more work out of a machine the same size as today’s. Look for stunning new marine engines, train engines and generators.

If we have commercial fusion by 2030, do we need to worry about global warming?


ITER Project

ITER fusion experiment
ITER Cryostat
Fusion and High Temp Superconductors

MIT's Pathway to Fusion Energy

MIT SuperConductors


Part 2 – Special Feature – Cyber Attack – The Looming Automation Crisis

Ask us for an article to introduce the cyber attack series!!!

This is the launch of a ongoing series. We will focus on Cyber attacks as related to the automation industry.

Almost all efforts to date when it comes to cyber attacks and automation involve the following

1. Perimeter Defenses
2. Honeypot Sensors
3. Network segmentation
4. Good practices.

Bring large critical systems to their knees by attacking non-critical components.

I bet you this is a Data Center. I bet you it has all kinds of perimeter defenses – to the site itself and to its data servers. However one single RPG to the roof will take out all the air conditioning and that will shut down the data center.  Perhaps you could do the same damage by corrupting the firmware.

Data Center critical systems

Here are some other examples of critical systems being dependent on unprotected systems.
The Looming Automation Crises
Fukushima Dai-ichi Nuclear Power Station

Failure = Backup diesel generators

Potential Catastrophe = Meltdown and nuclear explosion, radiation leakage to ocean and atmosphere.
Siberian Gas Pipeline

Failure = “In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire after a decent interval. Programmed to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds”.

Actual Catastrophe = “the most monumental non-nuclear explosion and fire ever seen from space” in the summer of 1982.
Data Centers

Failure = Attack non-critical systems such as HVAC cooling systems which are essential to the operation of the servers. No cooling means no processing.

Potential Catastrophe = Data Center shutdowns, Banking shutdowns, E-commerce shutdowns.
Spot the Data Center: The roof is covered in cooling equipment. Turn off the air conditioning and turn off the data center.
Data Centers

How Can Attacks Cause Harm

If your system is attacked what’s the worst that can happen?
How easy is it to cause? To stop? Cyber attacks can cause harm. The harm can be extreme such as when permanent damage is caused to equipment or when they cause a cascading effect – to the electrical grid for instance. They have even been used to stop Iran from completing its nuclear program – that attack was known as the Stuxnet Virus. We can expect terror cyber attacks and we can expect them to attack important institutions and infrastructure.
First, understand the harm and the risk. After that, we can look at how BACnet opens the door to attack.
Source of Risks

  • Purposeful attacks: Hacker, malicious attack, competitor attacks/spying, ex-employees, disgruntled employees, autonomous robots. These attacks can be coordinated and scheduled.
  • Accidental: deletion of data, flood the market, improper installation of cables, unprepared installing of new equipment.
In CAS’s opinion the most serious vulnerabilities allow for attacks which can be broadly categorized as:
  1. Denial of Service Attacks (DOS)  
  2. Re-initialization Attacks, and
  3. Seizing Control


Denial of Service attacks are those in which the network is flooded with messages which cause collisions preventing control and monitoring messages from being transmitted between devices. By flooding a device’s microprocessor with commands and tasks, one can limit the ability of the device to operate normally. Do this on a large enough scale and you can shut down a campus, a factory etc. Attacks like these can be co-ordinated.
Risk Profile = Moderate harm (e.g. In-operable building, water damage) easily achieved.
Re-initialization Attacks are those that cause devices to restart which in itself presents a number of attackable vulnerabilities. If a device’s configuration or firmware can be altered prior to the re-initialization then the device could permanently lose its ability to operate or could be turned into a Zombie device and perform other attacks. Done on a large enough scale or to systems which are no longer supported, these attacks could take the target systems out for weeks and even months. Recovery may be dependent on the quality of backups.
Risk Profile = Possible extreme effect (Bricking devices, provide pathways for viruses to spread, lost configurations) achieved with a moderate challenge, Moderate harm can easily be caused.
Control Seizure attacks are those that exploit BACnet’s Peer to Peer system allowing any device to write at the highest priority to writable objects in other devices. These objects may control physical equipment such as motors, generators… It is easy to cause permanent damage  to some equipment by making it operate outside its design limits. Alarms can be suppressed, data can be changed, sequences of operation can be broken. Systems can be made inoperable presenting a risk profile of moderate harm easily achieved.


The 18 Attack Types Below Outline the Harm and Severity that Attacks Can Cause Using the Vulnerabilities of BACnet


1. Energy-demand shock

Turning on a large number of energy-consuming devices (e.g. Heating/cooling/lights) at the same time by direct command or by altering schedules, can dramatically increase the load on an electrical grid causing disconnects or even grid failure in extreme cases. Could your institution shut down your entire city or state?


2. Building made uninhabitable on a temporary basis preventing use

A building’s HVAC system can be driven to a state where there is no heating or cooling. Pipes may burst and other damage can occur.  This presents commercial and reputational risk. Your hotel brand is damaged and you have no room revenue for a few days because the HVAC won’t work.


3. Building made uninhabitable on a temporary basis requiring evacuation

A building’s HVAC system can be driven to a state where there is no heating or cooling. Pipes may burst and other damage can occur.  In hospitals, for example, safety protocols may require evacuation of patients.


4. Building driven to extreme temperatures – no heat , max heat, condensing humidity to cause equipment malfunction and possible permanent damage

If external temperatures are very low (Boston in Winter) or high (Arizona in summer) and HVAC system is driven off or to max heating the ambient temperature may be outside the operating range of equipment in the building or even to the point where equipment is damaged.  In humid environments, a system can be driven to be heavily condensing – water damage and short circuits could occur.


5. HVAC failure causing computer / super computer / server farms shutdown

Computer equipment is extremely temperature sensitive. Mildly elevated temperatures can cause decreases in performance. Temperature extremes can cause failures and shutdowns. Many data centers are located in extremely cold places (Facebook – Sweden) to save on cooling energy costs. HVAC failures will drive interior ambient temperatures to low points.


6. HVAC failure causing computer / super computer / server farms damage

Temperature extremes can cause damage to CPU’s. Burst pipes can cause water damage.


7. Changing protection settings and limits

Many electrical devices have settings and operation limits used to protect the device from being operated in a way which will damage the device. For example, a motor controller may have operations which set the maximum speed. Changing the settings can cause devices to shut down or failing to protect themselves resulting in damage.


8. Driving pumps and motors and other devices to failure states

Many electrical devices have settings and limits which prevent the device from being operated in a way in which damage can occur. For example, a device may shut down or limit operation to ensure that it doesn’t run too hot. Changing these types of settings can allow devices to be damaged by normal operation. Motors can be driven to speeds which cause damage to equipment. Alarm set points can be changed so that alarms are not generated.


9. Synchronized failure

By changing schedules, equipment can be turned on / off en masse.


10. Data theft

Critical data from sensors and other equipment can be monitored.


11. Data corruption

Sensors may provide important or even critical data to control systems or management systems. False data can be served. False alarms can be generated. Alarms can be acknowledged before humans become aware of them.


12. Out of service

Sensors and Control devices can be put out of service. That is – to stop sensors reporting the measured values or to stop a control device responding to commands such as set point changes.


13. Command contention

BACnet has a priority system to resolve command contention. It is possible to drive devices to states at a higher priority than the normal operation is configured for, thus preventing the control system from operating equipment until the problem is identified and resolved. A fair degree of expertise is required to identify this problem.  Whoever commands last, wins.


14. Gateway failure

Communication protocol gateways connect subsystems and allow them to inter-operate. Driving these devices to a failed state can result in overall control / monitoring system failure.


15. Firmware update / corruption

Some devices allow firmware to be delivered using the file transfer services supported by BACnet. It is conceivable that on such devices the firmware can be corrupted making the device inoperable and difficult to recover to an operable state. If such a device is no longer manufactured or supported there may be no path to recovery other than implementing a new system.It is also possible that devices can be turned into zombie devices – i.e play some new, destructive role.


16. Configuration update / corruption

Some devices allow configuration to be delivered using the file transfer services supported by BACnet. It is conceivable that on such devices the behavior of the device can be changed or that the device is made inoperable until the configuration is restored. It is rare to have backups that are current in HVAC systems.


17. False alarms

False alarms can cause automated systems to shut down processes. False alarms can divert operator attention and mask real alarms.


18. Network attacks – Denial Of Service

Generating false alarms. Oversubscribing for change of value, alarm and event notifications and misconfiguration. BACnet BBMD devices can cause message deluges which consume all the bandwidth and which can cross sub-nets.


19. Critical infrastructure attacks

Lights Off, Fuel Pumping Systems, Standby Generator Shutdowns, Transfer Switch Operation etc.
It may be possible to operate transfer switches disconnecting buildings from the grid and at the same time change settings to prevent standby generators from starting.It may be possible to operate breakers and shut systems down.

Next Page

If you liked this post;
  • Please consider subscribing to our RSS feed