Update Week 21, 22.05.2020

Hi!

The project is pretty much done, so here are some videos that show how the program works.

The video above shows the program running on a windows machine.

Above you can see a demonstration of the program running on the Raspberry Pi. The Valve is operated by a digital signal from the wire, on rising edge it will toggle the valve. Since the point of the simulation is to connect it to a PLC, the level of the tank is represented by an analog output through an MCP4725 I2C DAC. To show that the output works, the signal was feed back into an ADC to the Raspberry Pi and printed to the terminal on the left. You may also notice that the program window is too large for the screen. That is because I developed the program on my windows machine and did not consider the fact that different machines/screens have different resolution. So, I did not bother to make the window size adjustable. In principle this is easy to fix, however it was not addressed due to time constraint.

Below you can find the report, an example lab and the guide from Exera

ProjectReport

ProjectReport Industrial_communication_labs[3865] 2001-Exera Hacking Contest-Constructeurs-Présentation[3864]

Industrial_communication_labs[3865]

 

update week 16, 17.04.20

Hi!

This week I spent reading various articles about cyber security. I’ve been looking for a topic for the scientific article which I am supposed to write, and today I made three propositions to Manuel and Hong. On Monday we’ll have a meeting and hopefully we will come to an agreement, because time is scarce and it’s a lot of work.

 

 

Progress update for week 14 05.04.20

GUI design. The sybols comes from E-draw Max.

This week was packed with things to do. First of all, I would like to mention that Hong Wu, I and my supervisor Manuel Avila has agreed that I should try to write a scientific article. The article should preferably be published in one of the journals approved by our university. This sounds like a great challenge and I hope that I can do a good job and deliver what is expected of me.

Second, I have been very occupied with programming and reading the QT-documentation. I now have many different versions of the same program with different ways of tackling the various problems that showed up. An image has been uploaded to show the visual progress of the GUI. To better tackle these problems that occurred and to structure the program in a good way, a flowchart was made for reference. You can see the chapter about the flowchart from the report below.

 

Program flow/planning

Before doing anything, it is important to have a clear idea of what you are trying to accomplish. An idea of how the GUI should look and what functions it needed to perform was formed. First the GUI needed buttons to open and close the valve. It needed a way to input and adjust the volume of the tank and the flow, so that this could be set by the user. Also, it must contain the tank illustration. Preferably with animation that shows the water flowing through the valve, into the tank and out of the tank. When the valve is closed, the animation will show that there is no water flowing into the tank and when the tank is empty the animation will show that there is no water flowing out of the tank. Using these criteria, 4 states were derived which could be used to structure the program a state machine.

State0 represents the empty tank. No water is flowing in and no water is flowing out. When the valve is opened it will change to the next state. The next state will depend on the flow. If the flow from the valve is higher than the drain flow, it will enter state1. If the flow from the valve is less than the drain flow, it will enter state2. This is because the tank level will not increase if the flow is less than the drain and the tank remain empty, but if it is greater the level will increase. Upon transitioning an animation showing the water flowing from the valve will show. Filling up the inlet and outlet pipe with water.

State1 represents the tank being filled/emptied with water. The animation shows that there is flow both into and out of the tank as well. If the water reaches the top of the tank, the tank will shut the valve, activate and alarm and transition to state3. if the valve is shut by the controller/user, it also goes to state3. Upon transitioning the valve animation should show that the valve is closed. If the tank contains water and the valve is switched to half the drain flow, it will empty and then transition to state2.

In state2 the tank has a flow into the tank less than the flow out. Meaning that the valve illustrations will show that the tank is being filled, but the level never increases. This state should be prevented by the PLC controller, but if it is not successful then this state will show. If the valve flow is changed to twice the drain, it will transition to state1. If the valve flow is turned of it will transition back to state0 and upon transitioning the intake- and drainpipes will be emptied.

In state3 the tank is emptying because the valve is closed but the drain is open. If the valve is reopened it will transition back to state 1. Upon transitioning it will then show the animation water exiting the valve. Finally, if the volume becomes zero it will transition back to state0. Upon this transition it will show the drainpipe being emptied.

Figure 1: State machine diagram

Throughout the development period there was a lot of experimentation with different ways of structuring the program and different ways of executing its various tasks. Some solutions worked better than others and eventually lead to the final result. To implement the state machine, some of the programs developed on the way ended up using sub states to perform the animations. However, the core idea remains the same. This state machine has been summarized in the figure above.

From the state machine the following program flow can be derived:

Figure 2: Basic program flow

The basic idea the flow chart shows is that the GUI is run by a loop in the main thread and the state machine is run by a separate worker thread. The worker thread checks what the current state should be and will call that function. Each state-function will perform its task, set the next state and then signal the GUI to run the transition animation before the loop returns to start. If the user pressed the Exit button on the window, the main thread will terminate the worker thread before ending itself.

 

 

 

 

 

Prototype of tank using python

The tank in the images was made using Edraw Max.

 

Two days ago, I started reding in a textbook about simulation of process systems in general and specifically simulation gravity flow tanks. The material was interesting but after a whole day of reading I realized that the specifications set by Exera was contradicting with what I was reading. I realized that I was not supposed to model the tank in a realistic or precise way because it is just a dummy process for the tournament. At first, I thought that even though it was quite interesting, it was just a waste of time. However, after thinking about it, I realize that I saved a week of work just avoiding the true complexity of process simulation. So, I happily continued with the next task.

Yesterday I started looking for various solutions for my system. Specifically, I looked into how I could eliminate the process station by using a raspberry pi for both the signal processing and the simulation of the tank. I found that using python with a GUI-framework could be a good idea, so I started tinkering a little. If I choose this solution, I could write everything in one python program where I could directly access the GPIO-pins of the raspberry pi. This would eliminate any difficulty with communication between the signal conditioner, the process station and the simulation program. The raspberry pi could run everything itself and could be connected to its own dedicated screen or a monitor via the HDMI-port. However, to go further with this idea I needed to prove that I could make a nice display of the tank, and that it was not too much work.

There were many different GUI-frameworks, but I needed this to go fast so I selected PyQt5 with QT-designer. The QT-designer lets you drag and drop objects that you need onto the window, then it generates all the code that you need to display it so that you can take that code and manipulate it. I spent that day making a basic proof of concept code which I then turned into an executable for easy use. I will attach the folder with the executable to this post. To try it out it can be extracted from the rar-file and then you can run the file «tank prototype.exe» in the qt-folder. The Executable file must be in the folder for it to work, because it depends on the images in the folder to run. I will attach some images of the program as well.

 

Prototype executable:
https://drive.google.com/file/d/1UeJju0DTtpm1aUE5GinHQlEFiZonj08c/view?usp=sharing

 

 

Simulated operative process: Monitoring of tank level

Hi!

This blog has been created as part of the subject «Bacheloroppgave med vitenskapsteori og metode», where I will be posting updates on my bachelors project. To find out more about my project you can read the introduction from my pre project report, which I finished today.  You can find the complete document attached in this post, or you can read the Problem definition and background below.

Pre project report

 

Problem definition and background

In 2010 the uncovering of the Stuxnet-attack shocked the whole world. The complex computer worm was used as a weapon causing havoc on the Iranian uranium enrichment facility in Natanz. By targeting the PLC’s that control the electromechanical components in the facility, it was able to destroy several centrifuges by causing them to burn themselves out. (McAfee, n.d.)

The malware was using undiscovered weaknesses in windows software to spread from USB-sticks to various Microsoft computers. Once the malware was on the computer it searched for a specific Siemens PLC software. From the PLC it was able to manipulate the speed of the centrifuges, periodically spinning the centrifuges too fast while manipulating the feedback so that the operators believed everything was fine. This made the virus practically invisible. (The New Jersey Cybersecurity and Communications Integration Cell, 2017)

This first of its kind attack paved the way for a wave of similarly functioning malwares often referred to as “sons of Stuxnet”.  Some of these include Duqu, Flame, Havex, BlackEnergy, Industroyer, Triton and most recently in 2018, an unnamed malware also attacking Iran. The threat from these kinds of attacks is severe. They can be used to target critical infrastructure such as, powerplants as seen in Iran, they can be used to hit the electrical grids, water treatment facilities, military equipment and more. (McAfee, n.d.) As a matter of fact, Duqu has been observed in energy facilities in eight different countries and both Industroyer and BlackEnergy has been reported to cause power outages in Ukraine. Blackenergy left 1,4 million people without power. (Piggin, 2016)

Since the Stuxnet-attack, the frequency of cyber-attacks has increased. The integration of IT and OT systems has facilitated the problem, making industries more vulnerable to cyber-attacks, both large and small. (Piggin, 2016) One of the most common motivations for cyber-attacks is extorsion and one in four power companies globally has been victim of this. (McAfee, n.d.) Ransomware is a good example of this.

In response to cyber threats such as these, Exera created the cyber security of industrial systems commission in 2013, CT CSI for short. Exera is an association for companies/industries involved in measurement, regulation/control and automation technology. The main purpose of the commission is to monitor the evolution of the legislative and regulatory environment in France, as well as sharing rules of good practice and knowledge of the cybersecurity market. (Commission technique « Cybersécurité des systèmes industriels » Exera, 2020)

To increase awareness among its members and complement efforts undertaken by other security actors, the commission is arranging a hacking tournament. Through discovering security vulnerabilities, the tournament will hopefully contribute to improvements of the equipment from the participating members as well as asses the role of the hardware and software from other suppliers.

A series of objectives for the hackers are defined which relates to the security concerns of the members. Each participant defines and installs an OT-loop which conforms to the standards of Exera. Each OT-loop has its own access and its own equipment, including supervision console, automation/PLC, sensors, actuators and process station simulating an industrial process.

As seen on the figure below, the architecture for the tournament allows direct access to the OT-loop or access via a router which represents a bridge between the IT and OT network. The first scenario is where attackers have direct access to the IT-network. The second scenario is with an additional difficulty, where the attackers have penetrated the company’s IT-network, but still must cross from the IT-to OT network. The attackers in the tournament are selected professional security experts and will try their best to break through the security or discover any vulnerability.

Figure 1: Network schematic of the system. Made using Edraw max and images. (Hipel, n.d.)  (Raspberry Pi, 2020)  (ipc2u, n.d.)

The idea for the project came from a collaboration between IUT and Exera. I will be working on the simulation on the process station and the signal conditioner which interfaces with the I/O module. The name of the project is Simulated operative process: Monitoring of tank, and when it comes to simulations of process systems there are many benefits.

Industrial equipment is incredibly expensive and having the capability of simulating it will lead to great savings and can also give access to systems that previously were too expensive. In a simulation you are in control of every parameter and can easily manipulate and change things in no time. This contrasts to the real world, where for example the changing of physical components can take hours or days and has an associated cost. A simulation has no extra requirement for utilities. No extra water, sewage, power, gas/heat or anything else. It is compact and scalable, allowing multiple systems to be simulated on only one computer. It is safe for the operator and for everyone else, emitting no gasses, fumes or heat, and having no moving parts. The advantages are nearly endless.

To satisfy the requirements of Exera, an industrial solution based on PLC and an industrial network driving and supervising a process is needed. The process itself does not need to be complex, which is why a simple water tank has been chosen. This solution will be very small, can easily be replicated and will allow many participating manufacturers to install their solution in the same room.

IUT is interested in this project because it could be used as a lab exercise for their students, where the students can practice using PID-control (which is part of the curriculum) on the simulated process. An example lab has already been provided from IUT. The lab, as well as a presentation of the tournament and the rules can be found under attachments.

Project objective and tasks


Figure 2: Tank schematic. Made using Edraw max.

The objective of the project is to create a simulation of a water tank on a computer the way described in appendix 2 of the tournament document. It states:

The outflow shall be constant, Dout = Constant. The inflow Din will be randomly selected between Dout/2 and 2*Dout when the valve is open. The height, H is measured continuously by a sensor which provides the information to the plc. If the height is less or equal to Hmin, the plc will command the inflow valve to open. When H is equal to or greater than Hmax, the plc will command the inflow valve to shut. The information about the state of the valve and the flow as well as Hmax and Hmin shall be sent to the plc.  The simulation shall have a graphical display as well, illustrating the state of the tank and its parameters.

The suggested solution by IUT is to use Matlab on the process station in combination with D-space or preferably raspberry pi as the signal processor. There are many possible solutions and robustness of the system is a priority.

References

Commission technique « Cybersécurité des systèmes industriels » Exera. (2020, January 21). TOURNOI EXERA DE HACKING TESTS D’INTRUSION SUR AUTOMATES ET ÉLÉMENTS ASSOCIÉS.

Hipel. (n.d.). hmi-icon. Retrieved from Hipel.

ipc2u. (n.d.). Softlink Distributed Fieldbus I/O modules. Retrieved from ipc2u: https://ipc2u.com/news/productnews/softlink-distributed-fieldbus-i-o-modules/

McAfee. (n.d.). What is Stuxnet. Retrieved from McAfee: https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/what-is-stuxnet.html

Piggin, R. (2016). Cyber security trends: What should keep CEOs awake at night. Retrieved from ResearchGate: https://www.researchgate.net/profile/Richard_Piggin/publication/293809327_Cyber_security_trends_What_should_keep_CEOs_awake_at_night/links/5df11e8b299bf10bc3544759/Cyber-security-trends-What-should-keep-CEOs-awake-at-night.pdf

Raspberry Pi. (2020, 03 13). Retrieved from Wikipedia: https://en.wikipedia.org/wiki/Raspberry_Pi

The New Jersey Cybersecurity and Communications Integration Cell. (2017, August 10). Stuxnet. Retrieved from NJCCIC: https://www.cyber.nj.gov/threat-profiles/ics-malware-variants/stuxnet