Ancestors

Written by Russ Garrett on 2024-12-29 at 11:10

Another great talk from Congress:

Germany has a system for remotely controlling loads (streetlights, storage heating) over radio.

It's also used for controlling generation. Including 100MW+ solar plants.

It's completely unencrypted.

https://media.ccc.de/v/38c3-blinkencity-radio-controlling-street-lamps-and-power-plants (talk currently starts ~16mins into the video)

[#]energy #38c3

=> More informations about this toot | More toots from russss@chaos.social

Written by Russ Garrett on 2024-12-29 at 16:47

A while back I stumbled across the spec for an equivalent system in England, where the generator has dedicated fibre to the local substation, where the data passes through a Modbus/TCP -> 4-20mA -> Modbus/TCP "firewall" before being allowed anywhere near the network's SCADA system.

The spec noted that this did seem a bit convoluted and they would hopefully find a better way of achieving comparable security soon...

=> More informations about this toot | More toots from russss@chaos.social

Written by JamesB on 2024-12-29 at 19:28

@russss I'm quite familiar with both Modbus and 4-20mA stuff and I don't get how this would work at all.

Maybe a Modbus to HART over 4-20mA and back again with something doing appropriate access control in the middle. My memory of the HART system is old and I'm not sure it can support access control, although I guess it could have been cobbled on in the 25 years since I last dealt with it but it all sounds insane.

=> More informations about this toot | More toots from mw1cgg@mastodon.radio

Written by Attie Grande on 2024-12-29 at 19:48

@mw1cgg @russss I presumed that each coil / register is translated from a digital value, to an analog 4-20mA, before being re-digitised on the other side and presented to the next Modbus device.

That said, I'm also not convinced that's even remotely a sane approach... or how it offers the "total security" that seems to be touted, if the Modbus stuff on the unsecured side can't be trusted.

I've also seen a bunch of "data diodes", which seem to be mostly Serial or UDP over a one-way fibre link.

=> More informations about this toot | More toots from attie@chaos.social

Toot

Written by JamesB on 2024-12-29 at 19:57

@attie @russss That makes my head hurt even more.

Nothing about this makes sense.

=> More informations about this toot | More toots from mw1cgg@mastodon.radio

Descendants

Written by Attie Grande on 2024-12-29 at 20:04

@mw1cgg @russss For example:

https://www.datexel.com/4-20-ma-to-modbus-tcp-dat8015.html

https://www.datexel.com/modbus-tcp-to-4-20ma-dat8024.html

... and agreed, but I get the impression we both know what process control stuff looks like, and how things like this are bolted together (😭/😂)

=> More informations about this toot | More toots from attie@chaos.social