The Conitel protocol was developed long before there were UARTs and microprocessors. It is not an asynchronous byte oriented protocol. Legacy protocols such as CDC type I/II, Conitel, TRW and Getac were of this bit- oriented design (and named after the companies that devised them) and. Converts bit Conitel SCADA protocol. (L&N Conitel) to Asynchronous Data. • External analog to digital conversion with the DCB T. • Internal 56/64 KBPS.
|Published (Last):||4 January 2007|
|PDF File Size:||4.37 Mb|
|ePub File Size:||5.80 Mb|
|Price:||Free* [*Free Regsitration Required]|
All long-distance communications e. But what about old-style serial communications? Are they a cyber threat?
SCADA Protocol Upgrade – integratedSCADA
I am talking about the kinds of communications used in prior generations of SCADA systems to communicate with field-based RTUs remote terminal units and even in early Protool factory-automation applications. As there were no standards for industrial communications in the s and s each manufacturer of smart devices, PLCs and SCADA systems tended to devise their own, proprietary protocol s.
As a former SCADA system developer I can attest to the major pain in the posterior that resulted cohitel a customer required us to support any of these legacy protocols.
This is a consideration when assessing the cyber vulnerability of such communications as no off-the-shelf computer hardware can be successfully used to prtoocol on or inject falsified message clnitel. The industrial world picked up on the same technologies and thereafter most but not all subsequent industrial protocols used asynchronous message transmission.
In that timeframe several new protocols were devised, both for early PLC applications and for electrical, pipeline, transportation and water SCADA applications. The Modbus and DNP protocols are good examples of asynchronous, serial protocols that could operate on low-speed channels such as a radio link or analog phone line and support both point-to-point and multipoint operations.
Both of those protocols have been widely accepted and are in common use today in a wide range of industrial applications. In fact Modbus protocol is found pdotocol more smart devices devices that support asynchronous serial communications than any other industrial protocol.
These serial industrial protocols consist of essentially just three 3 layers as compared to the seven 7 layers of the OSI model and the five 5 layers of the IP model. The layers that are missing involve functions such as routing and session persistence and data format compatibility. None of those functions were required by these industrial protocols.
SCADA Protocol Upgrade
Different protocols use different means for specifying which contiel and outputs they are accessing and some support more data types than others e.
Different protocols offer a different variety of possible commands e. For example, if a smart device has no control outputs why would the vendor waste time programming it to process output manipulation commands?
Much less costly just to program-in the one or two commands needed by the device and treat all other commands as invalid even if they are defined by the protocol specification. It is quite feasible that an attacker could tap into a communication channel and inject falsified message traffic Google Vitek Boden if you want to read about a real-world example of doing this.
If done as falsified commands to the RTUs then this could result in field equipment being put into unsafe conditions. This is not to say that bad things might not happen, but it is still not a cyber attack in the traditional sense. Of course with a SCADA system, unless the communications between the host and RTU were left broken by the attacker, at the next poll the invalid data would be replaced with fresh valid data and operators could issue commands to restore field equipment to its valid state.
Also note that major SCADA systems usually have numerous communication channels out to the field and the RTUs, so disrupting just one channel would have a limited scope of impact. And really big SCADA systems often have backup sites with separate communication channels to the field in order to ensure that operations can be maintained.
In cyber security speak they were claiming to have devised an exploit and payload that if transmitted to the SCADA master as a response to a poll would result in killing the Modbus communication task at the host end would result in a buffer overflow that mangled the Modbus driver instructions. Thus the results of the attack would be short-lived actually since most SCADA systems are designed with redundancy it is possible that an automatic switch to the backup would occur to restore Modbus polling operations.
To date I have not been made aware of any cyber attack on an asynchronous serial communication polling channel that resulted in injecting malware or hacker-ware into a SCADA host.
In theory it should be possible, and I would be very interested in learning about any successes in this regard.
CONITEL. Protocol Definition. Revision: /7/02 – PDF
But so far the jury is out. Also, serial communications have often been used for remote maintenance and technical support activities. If a technician is remotely accessing a protective relay in a substation using a dial-in phone line then it may be possible conite, an attacker to discover the same phone line and attempt to gain access to substation IEDs using a brute-force password cracking attack. That is conitek that an electric utility would definitely wish to prevent from happening, but that will have to be the subject matter for a future column.
Shaw is a prolific writer of papers and articles on a wide range of technical topics and has also contributed to several other books. Shaw has also developed, and is also an instructor for, a number of ISA courses and he also teaches on-line contiel for the University of Kansas continuing education program. Send us a press release. Most recent Jobs Newsletter.
Technologist 1 – Capacity Planning. Warehouse Clerk First Aid. Today’s most popular news. Cobitel, The Netherlands Date: Private zone Subscription details Archived documents Transferred documents Contact list Forgot your password.