# 'Prison PLC vulnerabilities' Wired Magazine



## Shockdoc (Mar 4, 2010)

It's OK if that happens in a minimum security facility, most everyone there is being held on moral sin laws anyway.


----------



## lefleuron (May 22, 2010)

Stuff like this is the EXACT reason to never rely on a PLC for safety reasons. No E-stops, no fire supression, nothing that can directly effect life in an emergency.


Hard wired control will never go away, as long as a computer can fault, lock, or be hacked into.

There is a lot to be said about a guy with a big ring of keys, or life-lines and mushrooms series connected into an MCR.


----------



## BBQ (Nov 16, 2010)

Shockdoc said:


> It's OK if that happens in a minimum security facility, most everyone there is being held on moral sin laws anyway.


You mean laws that the majority of voters have approved of?


----------



## BBQ (Nov 16, 2010)

lefleuron said:


> Stuff like this is the EXACT reason to never rely on a PLC for safety reasons. No E-stops, no fire supression, nothing that can directly effect life in an emergency.


You do realize that all of that currently happens all the time? 

Software is also what flies the planes over our heads.


----------



## Shockdoc (Mar 4, 2010)

BBQ said:


> You mean laws that the majority of voters have approved of?


We have these slobs that live in mansions out here called " lawmakers" who decide what we do.


----------



## Jmohl (Apr 26, 2011)

I think he's referring to such minor infractions as screwing little old ladies out of their life savings, bilking the company you work for out of vast sums of money, Selling dope to kids (not the guy on the corner, he gets the anal-rape max prison, I mean the guy behind the scenes) that kind of thing....


----------



## MDShunk (Jan 7, 2007)

If the system is not networked, I really don't see the big deal, and the Stux stuff was specially built into certain Seimens PLC's by intelligence agencies to crash the centrifuges.


----------



## Jmohl (Apr 26, 2011)

Marc, exactly. No network, no problem. Where it gets messed up is when they network because cutbacks in maintenance make it impractical for them to keep staff in each location.


----------



## MDShunk (Jan 7, 2007)

I really don't have a problem with networks between field i/o and the controller, between a couple controllers, or between controllers and stand alone HMI's or PC's. Where the problem comes in is when the system is on the building's LAN network, or accessible by VPN, RDC, or the Internet.


----------



## Jmohl (Apr 26, 2011)

'Zactly..... My ex chief elec has been integrating all tha mach. in the plant to one plc. That has a port to a wireless lan which has internet access. He is able to go online where ever he is to make edits, read I/O, force bits, etc... for this app, no problem. When you have five prisons all on a net being monitored in a remote location, vulnerabilities exist.


----------



## lefleuron (May 22, 2010)

BBQ said:


> You do realize that all of that currently happens all the time?
> 
> Software is also what flies the planes over our heads.


 
BBQ, look up a little about manual redundancy. Last I was aware, certain critical controls could still be handled with physical force and hand/eye coordination.

I suppose it would be like trying to fly a tank through a needle eye, but it still gives you a better shot then a black HMI screen with a blinking cursor in the corner.

This is the entire point of my post. Manual emergency back-up.


----------



## sparkymcwiresalot (Jan 29, 2011)

Along the same lines, the systems we've been installing the last couple of year often don't have a hard wired estop anymore. Its just inputs and outputs going back to point I/O modules. It's OSHA approved but I think it stinks. They are guard master safety modules, but I still don't trust it.


----------



## JRaef (Mar 23, 2009)

The whole Stuxnet thing was soooo overblown. Not only was it a specifically tageted worm that did no harm to anything it was not taregetted to, it ONLY propagated via BOOTLEG software packages. That's because they KNEW that the Iranians were restricted from buying the real software, so the worm was designed to look for UNREGISTERED software first, then it looked for SPECIFIC devices on the system that identified it as a centrifuge. Then all it did was alter the speed of the centrifuge via a VFD so that it wouldn't do the task properly, while allowing the user to see an HMI screen telling him it was going the correct speed. Brilliant if you ask me!

The only reason it propagated was because a lot of Siemens PLC sales specialists and support engineers used their own bootleg copies of software as secret giveaways to cheap customers, not knowing that this worm was there and it got all over the world that way. It had NOTHING to do with spreading over the internet. Yet the myth lives on and is fodder for the media types who want to get readers (like the above) and reactionaries who want things to be the way they were 25 years ago...

I have done a dozen or so prison door control interlock systems with PLCs over the years, I have NEVER heard of an issue. There is a basic concept called "fail safe" as far as the lock mechanisms go, meaning nobody relies ONLY on the PLC for control. But when I would go out and start the installs, the marshalling cabinets for the old hard wired systems were a complete nightmare, a rat's nest of wires and relays that was incredibly vulnerable to errors. One prison I did in Washington State had *3-4 failures per month* that resulted in potential release / escape (had the prisoners known), but after we installed the PLCs, not one in the 5 years that I was still up there after that. 

Last comment: Anyone who connects a PLC on a prison door control system to an internet connected LAN should be locked up with the prisoners! As has been said now several times, no connection, no risk.


----------



## Jlarson (Jun 28, 2009)

We've been dealing with security issues like this since 9/11. Physical and software/network security.


----------



## BBQ (Nov 16, 2010)

lefleuron said:


> BBQ, look up a little about manual redundancy. Last I was aware, certain critical controls could still be handled with physical force and hand/eye coordination.


I don't believe that is so with planes. Although as far as I have read they use 3 controllers that watch each other and two can shut down one when there if there a problem.

But if the electronics go down entirely the plane will follow, the stick has no physical link to any control surfaces.


----------



## kaboler (Dec 1, 2010)

BBQ said:


> I don't believe that is so with planes. Although as far as I have read they use 3 controllers that watch each other and two can shut down one when there if there a problem.
> 
> But if the electronics go down entirely the plane will follow, the stick has no physical link to any control surfaces.


Usually 4, and almost all airplanes have some way of mechanically flying the airplane, probably even the 777.


----------



## Spannerz (Aug 13, 2011)

Jmohl said:


> 'Zactly..... My ex chief elec has been integrating all tha mach. in the plant to one plc. That has a port to a wireless lan which has internet access. He is able to go online where ever he is to make edits, read I/O, force bits, etc... for this app, no problem. When you have five prisons all on a net being monitored in a remote location, vulnerabilities exist.


Pretty sure in one half our visit, I could identify the brand of PLC/ IO controllers outputs, and have a working iPhone app that intermittently pulsed all outputs on/off every few seconds. Hope he remembered to put a firewall or a really good passcode (4 digit?) on that wifi.


----------



## BBQ (Nov 16, 2010)

kaboler said:


> Usually 4, and almost all airplanes have some way of mechanically flying the airplane, probably even the 777.


Keep believing that.:laughing::laughing::laughing:


----------



## lefleuron (May 22, 2010)

BBQ said:


> Keep believing that.:laughing::laughing::laughing:


 FAIL.:whistling2: :laughing::laughing::laughing:


The Boeing 777 is a true fly-by-wire system in the sense that in normal operation the control inputs are relayed electronically to the flight control actuators.

In the unlikely event of a complete electrical system or multiple computer system failure, the 777 retains a mechanical backup connecting the pilots to select spoilers (#4 and # 11) and the stabilizer actuators VIA a direct cable link. The alternate pitch trim levers are used to move the stabilizer.

The triple 7's inclusion of a mechanical backup does differ from the Airbus fly-by-wire system - which is why most consider Airbus as having the true (and entirely electronic) fly-by-wire FCS. Look Ma - no cables !
EDIT: Referring to twin-aisle models here. 

The 767 (all models) employs a traditional cable/hydraulic actuator FCS.




BBQ, this crap is all over the internet after the problems Boeing had in Perth Australia with the 777. ONLY the 777 has any true fly by wire in the Boeing line, and even it has manual back-up redundancy.


----------

