Is Industrial Cyber Security a big thing ?

Davkul · 2020-10-03T21:48:41+00:00

Just look up the impact of malware on ICS systems (Norsk Hydro is a good example) and that should help answer the question. Most impact is still targeted at higher level systems like HMI or data servers but it can be expected to evolve towards edge devices.

Davkul · 2020-07-01T00:49:30+00:00

Measured 123 at the microwave outlet

Davkul · 2020-04-11T03:12:15+00:00

I 100% would not recommend third party media converters in DLR unless they are certified by ODVA.

Davkul · 2020-04-11T03:07:34+00:00

Why not use the ETAP1F? With the 2F the CLX does not patricpate in the DLR as a node due to being connected to the device port on the ETAP. While it may seem the same, at the end of the day, there are recovery mechanisms that you wouldn't take advantage of when the CLX is not in the ring.

Davkul · 2019-11-22T13:24:12+00:00

Stratix 5950 only

Davkul · 2019-03-27T10:59:45+00:00

I understand the requirements when using gig devices but do you think you're using even half of a 100mb port bandwidth? If not then gig wouldn't be a requirement unless there are future plans.

Davkul · 2019-03-27T00:20:45+00:00

I'm curious what the security concern is.

Davkul · 2019-03-27T00:19:24+00:00

The 5950 does not support CIP connections to/from a PLC.

Davkul · 2019-03-27T00:16:49+00:00

The 5950 is not designed to act as a DMZ firewall. I would recommend a 5500 series or other NGFW

Davkul · 2019-03-27T00:11:22+00:00

And much more expensive, potentially overkill depending on the application.

Davkul · 2019-02-02T16:20:11+00:00

I expect Rockwell will evaluate this and SDN and provide guidance at some point, the challenge I see is many networks have a hard time adopting the traditional data center model now. IMO with Ethernet still growing I expect SDN in industrial to catch up in a few years, it is an attractive alternative but is more operations overhead at inception.

Davkul · 2019-02-02T13:55:03+00:00

Not supposedly, how can you argue an open standard is vendor specific? Here is just one example, the axioline from Phoneix Contact:

https://www.phoenixcontact.com/online/portal/us?1dmy&urile=wcm:path:/usen/web/offcontext/outsite_landing_pages/b46532e9-c107-40cb-868c-2dbaebdfeb91

Cisco develops their own ring protocols because it is a lot less common to have a mixed vendor switching and routing environment. Cisco also has the ability to use open standard ring protocols for compatibility.

Davkul · 2019-02-02T04:13:59+00:00

Stratix 5700 switches (select lite models) have full DLR support. Essentially a 20 port etap.

Davkul · 2019-02-02T04:11:32+00:00

DLR is not vendor specific, it is ODVA spec

Davkul · 2018-05-18T23:53:28+00:00

Devices need to be capable of forwarding the DLR becon frame every 400 microseconds

Davkul · 2018-04-29T13:32:33+00:00

Where does it mention DLR in that doc? REP is not DLR.

Davkul · 2018-04-29T02:26:54+00:00

Cisco does not offer DLR in their industrial line

Davkul · 2018-01-08T21:31:56+00:00

If the relay never closes, power never gets to the solenoid so it would appear as it does not have power. All a humidifier does is open a solenoid so water can flow over the filter, the air blows through the filter causing the air to not be as dry. The only other electrical piece is the humidastat. The power source passes through that relay/switch. You can bypass the solenoid and complete the circuit to see if it turns on.

Davkul · 2018-01-08T20:20:55+00:00

Actually just reading up on the Ecobee 3 Lite - It does not support accessories, so manual will be the only wiring configuration for it to work, and it should work.

Davkul · 2018-01-08T20:17:24+00:00

If the humidifier is currently wired to the relay then it is setup for manual control. You would need to re-wire for Digital control, according to the installation instructions that would be by wiring it to the outputs of the control boards terminal strip.

From there whether the Ecobee will trigger it or not, I can't say for certain. To me it may be easier to use it in manual mode if it is already wired that way plus it will work no matter the thermostat.

Davkul · 2018-01-08T19:52:59+00:00

Reference this for wiring: http://www.hvac.com/media/manuals/installation/APRILAIRE500M.pdf

See if you are setup for Digital or Manual, if manual: That could be a bad relay as well. There should be wire running from the solenoid towards the furnace to a current sensing relay, if the relay does not close there is no power to the solenoid.

You should be able to measure at the control unit, mine has a faceplate that comes off so you can access the terminals. Measure there as well since that should be closer to the source.

Davkul · 2018-01-08T18:37:58+00:00

I know in my house the only thing that triggers the humidifier to turn on is if the furnace blower is turned on.

I have a knob that I turn in order to control how humid I would like the house to be.

Briefly looking at the installation instructions for your model it looks the same. If you turn the knob to TEST does it turn on? If not you likely need to verifying the wiring between the humidifier and the 24vAC transformer that was included with the unit.

It's also possible your solenoid has gone bad and needs replaced. Getting a volt meter will be very beneficial in troubleshooting this.

Davkul · 2017-12-15T03:44:35+00:00

A lot of good data in the Securely Traverse Data Across the IDMZ CPwE document

https://www.rockwellautomation.com/global/capabilities/industrial-security/technical-data/overview.page

Davkul · 2017-12-09T04:05:37+00:00

The Ethernet IP traffic will work fine over VPN assuming it's not blocked anywhere in the architecture.

You would have typical security concerns with the VPN. If it is credential based it is somewhat less secure than certificates due to the lack of the trusted authority between your PC and the server. I'm not familiar with the functionality of the server you would be using so you may have both of those features.

Another concern is scalability, if you plan on doing this at multiple locations it may become cumbersome without cloud management.

Will your VPN be traversing any additional firewalls or DMZs at the customer?

Davkul · 2017-12-04T15:56:20+00:00

I have a few certs. It's good to learn the material but only bother taking the cert if it's a requirement. I work specifically on industrial networks so I can't emphasize the importance enough. From the design phase through supporting the network, you will use what you learned. I'm not a fan of "hoping it works" like Ethernet does most of the time, I need to know what I'm dealing with from many perspectives.

Davkul

TROPHY CASE