cd1307-embedded
cd1307-embedded
cd1307-embedded
cd1307-embedded
cd1307-embedded

Does an Inconvenient Mistrust Exist in Automation and Discrete Control?

July 9, 2013
Can We Trust Anything Besides Certain Scribes of Very Highly Regarded Automation Magazines?
About the Author
Jeremy Pollard, CET, has been writing about technology and software issues for many years. Pollard has been involved in control system programming and training for more than 25 years.Remember truth or dare? How about Truth or Consequences? Maybe both.

I can't believe what I experienced and observed in the past 30 days. For one, I was asked how much it should cost to put in a dual wireless microphone system in an industrial cafeteria environment.

As a bit of background, I was a musician on the road for three years, so I know my audio. Based on the quote from the experts (read as "we know more than you do"), the mics alone were top-of-line Shure Hi Response at $700+ each. The quote went on to regurgitate cables, mixer, patch cables, cart, and the taker is almost $500 for engineering and layout.

SEE ALSO: How to Trust Your Integrator-Part I, How to Trust Your Integrator–Part II

My "professional" solution was a simple, non-amplified mixer, $60 worth of cables, and two $200 transceiver/receivers, which included the mic.

If my customer believed the expert, they would have spent $5,000 more than they needed to. Remember, it's voice…like phone…like 0-3 Khz. Some people.

So, it brings me to this: Believe at your own peril. And if you ever think I am part of that problem, then tell me. I will send you the two equipment quotes.

Trust with verification. We have to.

Then there's Edward Snowden, the NSA whistleblower who says "X." True? Possibly. Based on what's going on, the likelihood is yes.

The U.S. President says Internet surveillance is OK. And good. There's the Verizon debacle. And then PRISM, the software application that monitors, parses, stores, and reports on the activity on the major search sites.

I hear that sales of George Orwell's 1984 have shot up dramatically lately.

So imagine my surprise when I read and substantiated the report that game developers and an E-Sports league connection software had Bitcoin mining software embedded. Money from A goes to B because they send you there — free money? FPGAs have been developed to be Bitcoin miners as well, maybe coming to an HMI near you.

Beware of the AVG search bar. No one can tell me it isn't revenue centric in the search results.

So where does that leave us? Can we trust anything besides certain scribes of very highly regarded automation magazines?

We do trust. We pay people to write code for PLC control, HMI interfacing and data logging. We trust that databases are stored accurately, with no backend corollary software being executed. We trust that data is safe.

With vendors pounding the table on Internet-connected devices, I get nervous. No one combs the code to see if there is an nefarious application of instructions that can lead to intellectual property theft, company secrets leaving the building, or even worse, external control.

The U.S. Navy cancelled a large order for Apple iPads because part of the OS was written by a Russian firm. As the saying goes, "What could go wrong with that?" Probably nothing. But a few lines of embedded code could connect outside forces to the inside.

When we receive production lines or machines or even partial processes, we check them against what they're supposed to do, but usually not how they do it. Who has the time to check and see if that database logger is sending your independent and private data to the NSA?

Read your credit card agreement. Here in Canada, anything bought using your PIN and the card chip is your responsibility.

The onus and responsibility is squarely on our shoulders. We should protect our things. People talk to their own interests, so be careful.

While I am nervous, I don't think the nefarious code threat as such exists in automation and discrete control. Is secret production data from Kellogg's essential for Post to know how many raisins actually go into a box of Raisin Bran?

The reasons are many for not being as trusting as we once were. Becoming cynical is an offshoot from that. From experience, I guess I would rather be cynical than trust too much.
Is it a stretch to think that PLC firmware on a network enabled PLC can't monitor network traffic and packets? Embedded Wireshark, maybe.

There is desperation out there. Be wise and follow your gut. It might be the only thing you can trust without compromise.

About the Author

Jeremy Pollard | CET

Jeremy Pollard, CET, has been writing about technology and software issues for many years. Pollard has been involved in control system programming and training for more than 25 years.