Another great talk from Congress:
Germany has a system for remotely controlling loads (streetlights, storage heating) over radio.
It's also used for controlling generation. Including 100MW+ solar plants.
It's completely unencrypted.
https://media.ccc.de/v/38c3-blinkencity-radio-controlling-street-lamps-and-power-plants (talk currently starts ~16mins into the video)
[#]energy #38c3
=> More informations about this toot | More toots from russss@chaos.social
A while back I stumbled across the spec for an equivalent system in England, where the generator has dedicated fibre to the local substation, where the data passes through a Modbus/TCP -> 4-20mA -> Modbus/TCP "firewall" before being allowed anywhere near the network's SCADA system.
The spec noted that this did seem a bit convoluted and they would hopefully find a better way of achieving comparable security soon...
=> More informations about this toot | More toots from russss@chaos.social
@russss The UK also has* that for load control at least, RadioTeleswitch using Radio 4 LW
https://en.wikipedia.org/wiki/Radio_teleswitch
=> More informations about this toot | More toots from sammachin@chaos.social
@sammachin @russss It's kind of fun that our forced replacement is being forced by the availability of valves for the Droitwich transmitter!
=> More informations about this toot | More toots from penguin42@mastodon.org.uk
@russss cripes
=> More informations about this toot | More toots from coldclimate@hachyderm.io
@russss I'm quite familiar with both Modbus and 4-20mA stuff and I don't get how this would work at all.
Maybe a Modbus to HART over 4-20mA and back again with something doing appropriate access control in the middle. My memory of the HART system is old and I'm not sure it can support access control, although I guess it could have been cobbled on in the 25 years since I last dealt with it but it all sounds insane.
=> More informations about this toot | More toots from mw1cgg@mastodon.radio
@mw1cgg @russss I presumed that each coil / register is translated from a digital value, to an analog 4-20mA, before being re-digitised on the other side and presented to the next Modbus device.
That said, I'm also not convinced that's even remotely a sane approach... or how it offers the "total security" that seems to be touted, if the Modbus stuff on the unsecured side can't be trusted.
I've also seen a bunch of "data diodes", which seem to be mostly Serial or UDP over a one-way fibre link.
=> More informations about this toot | More toots from attie@chaos.social
@mw1cgg @russss Can you imagine the wasted power for a remotely complex Modbus interface, if each coil / register was indeed split out... I super-duper hope that's not what's going on.
=> More informations about this toot | More toots from attie@chaos.social
@attie @russss That makes my head hurt even more.
Nothing about this makes sense.
=> More informations about this toot | More toots from mw1cgg@mastodon.radio
@mw1cgg @russss For example:
https://www.datexel.com/4-20-ma-to-modbus-tcp-dat8015.html
https://www.datexel.com/modbus-tcp-to-4-20ma-dat8024.html
... and agreed, but I get the impression we both know what process control stuff looks like, and how things like this are bolted together (😭/😂)
=> More informations about this toot | More toots from attie@chaos.social
@attie @mw1cgg yeah that was it. It converted every required register (iirc there were only 6 or so) into a separate 4-20mA channel and then re-digitised it. I wish I could find the document again...
=> More informations about this toot | More toots from russss@chaos.social This content has been proxied by September (ba2dc).Proxy Information
text/gemini