Post AcRlt7rHULb4i3PrFY by SP4RKY@noagendasocial.com
(DIR) More posts by SP4RKY@noagendasocial.com
(DIR) Post #AcP3YiVFGV1XypeBNI by SP4RKY@noagendasocial.com
2023-12-02T13:12:44Z
0 likes, 0 repeats
Water treatment plants, internet connected - PLC industrial controls. My "facility" we use the same multiple A-B SLC500's. "Data Highway" connected in mid 2000s. But as ethernet became available, myself and team members resisted. Even in recent "WFH" culture" we've resisted. Asking for trouble to put your industrial controls on the internet. Go to the site! We've "resisted much!" but most brain dead engineers have caved.
(DIR) Post #AcP3YjZtGiKlJWpPFo by Wy7usa@noagendasocial.com
2023-12-02T15:30:16Z
0 likes, 0 repeats
@SP4RKY So you don't use ethernet? You don't share IT infrastructure?
(DIR) Post #AcP3Yk9h7ayR6Za03s by SP4RKY@noagendasocial.com
2023-12-02T13:36:17Z
0 likes, 0 repeats
Stuxnet: most of the other I&C engineering types I'm with, remember Stuxnet. Not a PC "virus", per se, brought in on a thumb drive, etc. But it was clever "PLC code" that changed timers such that the centrifuge overheated. You lock the gate to your site, but put your WIndows-based control system on the internet??? Absolutely foolish...but result of "wokeness" in Engineering today.
(DIR) Post #AcP630Vh4xKgQNQcAS by SP4RKY@noagendasocial.com
2023-12-02T15:58:10Z
0 likes, 0 repeats
@Wy7usa Correct, not at our Facility. Now we are not a Municipality, we do MFG. We can connect via ethernet and do our ladder-logic programming. But we physically disconnect cables, no plant ethernet connected, when not used. Get your plant controls infrastructure off the internet ASAP.
(DIR) Post #AcP6ma7zV3X3vE4aZM by SP4RKY@noagendasocial.com
2023-12-02T16:06:21Z
0 likes, 0 repeats
@Wy7usa By contrast, our IT dept had been SAVAGED by a ransomware attack earlier this year. Completely took the entire plant network down. Yes, for real. Took over 1 month to salvage "clean"/not-infected files from network drives, copy to C: (or*gasp* Cloud storage/Sharepoint locations). PC-MFG equip literally stopped, until local drive enabled, workers standing around doing nothing for +1month. Ransom$ plus lost$ is epic.
(DIR) Post #AcPOebQMavmeni0mEy by mhjohnson@noagendasocial.com
2023-12-02T19:26:39Z
0 likes, 0 repeats
@Wy7usa @SP4RKY You could use Ethernet - only to connect the machines on an isolated network. There are plenty of other data transfer interfaces you could use that are plenty fast enough for most uses.I've deployed a LOT of isolated systems - yeah it means you need to go there to do stuff but it is far more secure.Heck we had two independent networks at the office we had in Houston. One that went to NASA, the other to our corporate systems.
(DIR) Post #AcQ70jMIAhOflLT8L2 by Jagahati@noagendasocial.com
2023-12-03T03:43:40Z
0 likes, 0 repeats
@mhjohnson @Wy7usa @SP4RKY My vote is usually for a Ethernet to RS485 converter for all request originating from off location. Use local Ethernet, make anybody who wants to cause trouble go through a serial gateway, worst they can do is lock up a comm port and force somebody to go reset it, (if it isn’t on a auto-reset on comm-fail setup anyway). Of course AB won’t just use modbus like EVERYONE else… so you have to work at it a bit more.
(DIR) Post #AcQmjPgyEZMVv6ZA3s by SP4RKY@noagendasocial.com
2023-12-03T11:31:09Z
0 likes, 0 repeats
@Jagahati @mhjohnson @Wy7usa I complain about AB too. But there's pro's and con's not being like everyone else. Our PLC systems don't need much intervention, so offline they are. We use PC's to control processes (IO, DAQ, I&C) and that's the weak point. The ransomware "hack" basically offline'd all PC-run equipment. Cleaned C: off network, , ran isolated for many weeks like that. Just like 1996 again!
(DIR) Post #AcQo4FBKbdm7MHGPnk by Evillarry@noagendasocial.com
2023-12-03T11:46:07Z
0 likes, 0 repeats
@SP4RKY but it makes life easier and if the network NEVER touches the “internet” your intranet should be safe and NO WIFI.
(DIR) Post #AcR1sC6HdTPNgW3EG0 by SP4RKY@noagendasocial.com
2023-12-03T14:20:49Z
0 likes, 0 repeats
@Evillarry Perfect! The company (green tech, 20's and 30s) will never accept no wifi, BT, etc. Culturally unacceptable now. FWIW I previously worked for NNL (gov, no connectivity 'outside the razor wire fence') and even that community (IT, etc) is getting weak, soft. Pro's/con's. I'm not IT, just Electronics I&C test lab rig builder guy, ~27yrs. Grouchy old tech guy like JCD LOL. Once your wire leaves the bldg,,,it's public..
(DIR) Post #AcRMbHXmF3tKgKgiH2 by Evillarry@noagendasocial.com
2023-12-03T18:13:03Z
0 likes, 0 repeats
@SP4RKY ours is a government place can’t go much more than that but if you get past the guys with guns…try and jack into the right cat5 then guess the network (all static) nmap’in will take some time, you would be had by the cameras and other security. But yes critical infrastructure doesn’t need to be on the internet. But even harden systems can be crippled if the payoff is worth it.
(DIR) Post #AcRlt7rHULb4i3PrFY by SP4RKY@noagendasocial.com
2023-12-03T22:56:24Z
0 likes, 0 repeats
@Evillarry Worked in a place just like that for about 3yrs. Don't miss it. In civilian life now. Back at a "green tech" gig I did many years ago. Gov loonies or green energy loonies, not much choice left for engineering types here in Upstate NY LOL!