Thursday, 22 July 2010

Why industrial control and machinery needs open source

I was going to write up a blog about how to use the Beagle Board gadget with the new wifi module that will, chris, and I have gotten up and running. But then I started browsing around the web for open source industrial design projects (aka ISC's) to demonstrate on it, and ran into something quite interesting...

Dun dun dun....

So just to get this straight... I'm looking for open source industrial design control systems, and within minutes, I find an article that is the perfect example of why industrial control systems need more open source? Yup.

What is Stuxnet?

It's a pretty ridiculous virus that someone wrote to infect engineering systems and control systems designed by Siemens. This is no joke, and I'm not trying to be coy, but every once in a while, I can appreciate well written code. stuxnet finds a way to bootstrap into the auto-read-from-USB code of Siemens' engineering terminals, and then spreads. Brilliant!

Here's a little chart from technet that shows how quickly stuxnet spread:

There's one problem, though...

Anyone who ever programmed an open source project would have known that this is a ridiculous thing to do. I mean, you can't seriously expect to just run the contents of an inserted USB drive - you have to at least do some kind of checks on it.

Alas, Siemens' SCADA, or "supervisory control and data acquisition" is still under threat, and so I figured I'd so some research on what SCADA does.

Here's my best attempt, after wading through a bunch of marketing hoopla:

It's a visualization system. Like this:

Connected to a bunch of pressure sensors that measure water pressure. Like these:

With an occasional GPS sensor thrown in the mix. Like this:

Ummm.... ok. I can make one of those Open Source pretty easily... in fact, here's a writeup of connecting the BeagleBoard to a GPS visualization system.

And here are some of the cool interfaces you can run in the Linux environment using that tool:

It's not quite there, but over the next couple weeks, I'm going to try my best to recreate a fully Open Source pressure and gps monitoring visualization system :-)

That's not vulnerable to USB host snooping attacks... ha!


Post a Comment