CERN needs to define approaches
for achieving the dual goals of connecting its
operational network to the Internet while at the
same time keeping its industrial control systems
secure from external and internal attacks. With this
in mind, the ISA-99 international cyber security
standard was adopted as a reference model to define
a set of implementation guidelines and a list of
security robustness criteria applicable to any
network device. Device security represents a key
link in the defense-in-depth concept (See Figure ISA
reference model for the Distributed Control
Systems), as some attacks will inevitably penetrate
security boundaries and thus require further
protection measures.
Since no solutions based on security standards
are available on the market, a wide investigation of
the current cyber security testing techniques and
systems has been performed in the first phase of the
project. The team reviewed the
Wurldtech’s "Achilles Satellite" product, a powerful
testing platform, and successfully used it to
analyse and evaluate the effectiveness of different
testing techniques. However, to overcome this
platform’s proprietary aspects and limitations in
terms of supported network protocols and attack
techniques customisation support, the Test-bench for
Robustness of Industrial Equipments ("TRoIE") was
designed and implemented. TRoIE aims at discovering
possible PLC vulnerabilities through Ethernet
communications. Such tests must not be confused with
functional testing, where only valid operations are
performed to cover all the possible "not malicious,
but operating" scenarios. On the contrary, it is
necessary to detect possible anomalies arising from
an incorrect handling of corrupt communication
channels. This approach has already been proven by
the valuable findings obtained during the analysis
of Siemens S7 PLC ranges. Thanks to this analysis,
it was possible to report critical anomalies in the
software stack to Siemens and directly contribute to
improving the security level and robustness of their
PLCs. These initial encouraging results have
motivated the team to continue following and
expanding this approach for the future of the
openlab collaboration.
Software engineering
The process visualisation and control system PVSS
is used at CERN for large distributed control
systems, some with more than 150 computers. In the
first year of collaboration between Siemens/ETM (a
subsidiary of Siemens) and CERN, the PVSS project
focused on two main areas. First, learning PVSS in
depth. Second, starting to use the acquired
knowledge for improvements and testing of upcoming
features at CERN. To attain these objectives, the
team concentrated on four main activities. The
Oracle Archiver is a solution in PVSS for storing
and retrieving historical data. CERN has been one of
the main users of this feature, requiring an
excellent performance and stability when faced with
large volumes of data and high update frequencies.
As a learning task, a number of critical issues and
improvements raised by CERN users were solved. The
result was the incorporation of code written at
openlab in a subsequent patch of PVSS released by
ETM.
Users of PVSS at CERN use SVN (a
version control system) as a revision control system
for their projects. The PVSS development environment
did not have SVN integrated, forcing users to
control their project revisions using external
tools. Within the openlab framework, a SVN plugin
for the development environment was prototyped and
then used as a showcase to other ETM clients.
The PVSS version reporting tool (PVR) is a new
tool that is now available to ETM, and in use at
CERN. Typically, users requiring support when using
PVSS report their problems through e-mail or issue
tracking systems. However, a lot of systematic
information is very often required and not sent
manually when using this report mechanism. Using the
PVSS Version Report Tool instead, a lot of typical
information, which can be as simple as the Operating
System or PVSS version number or free disk space and
project dependencies, is automatically sent. This
provides a much more efficient mechanism for
reporting.
One of the constant feature requests by CERN
users is Web Support in PVSS. ETM provided a Web
plugin with the 3.9 release, which has still not
been adopted at CERN. In order to test it for
possible future use, and provide a testing ground to
ETM with the usual CERN extreme requirements, the
Web plugin was tested in the openlab scope, tackling
both functional and performance aspects of the novel
feature. A full report with analysis of issues of
concern was sent back to ETM, providing information
on aspects to be improved before adoption at CERN.
Step7 Openness and
Deployment
The Step7 Openness and Deployment
project is sub-divided into two major topics. The
first topic focuses on the issues related to the
deployment of Step7 in large-scale environments in
an automated way. The second one concentrates on the
issue of bringing in software engineering concepts
and capabilities to enhance the features of the
Step7 software stack.
In 2009/2010, deployment of Step7
in large-scale environments was selected as first
priority. Step7 installation software is complex and
requires a dedicated installer to manage various
phases for installation and to dynamically configure
the target machine in the post-installation phase.
Allowing the system administrator to deploy,
maintain, and upgrade installations of Step7
software both remotely and in an automated fashion
on a set of target machines was thus a challenging
objective.
The team first conducted a CERN-wide survey of
PLC developers to learn about their deployment
scenarios and the possible solutions they might have
adopted to achieve this. Secondly, analysis and
evaluations of off-the-shelf tools for software
inventory management were conducted, and CFEngine
was selected as a test candidate to deploy and
automate the installation on a set of target
machines. Then, various deployment strategies were
evaluated spanning both short-term, medium-term and
long-term durations to keep in line with the
software development life-cycle of version 11 of
Step7. The team developed the prototypes for each of
these strategies and identified not only pros and
cons of each approach, but also highlighted their
impact on Step7 architecture and design to fully
utilize the benefits of software deployment tools.
All these design changes were reported to Siemens.
Finally, a strategy using Siemens Installer engine
was selected as a way forward to automate the
deployment of Step7 software that fits both with
Siemens’ short-term and long-term goals. The fact
that this strategy was approved by Siemens to be
part of their next version of Step7 software is one
of the fruitful outcomes of this collaboration.