| Paper |
Title |
Page |
| MOPA01 |
Summary of the Control System Cyber-Security (CS)2/HEP Workshop
|
18 |
| |
|
|
| |
Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data be altered. The (CS)2/HEP workshop held the week-end before ICALEPCS2007 was intended to present, share, and discuss countermeasures deployed in HEP laboratories in order to secure control systems. This presentation will give a summary overview of the solution planned, deployed and the experience gained.
|
|
|
Slides
|
|
| MOPA02 |
LHC@FNAL – A New Remote Operations Center at Fermilab
|
23 |
| |
- W. F. Badgett, K. B. Biery, E. G. Gottschalk, S. R. Gysin, M. O. Kaletka, M. J. Lamm, K. M. Maeshima, P. M. McBride, E. S. McCrory, J. F. Patrick, A. J. Slaughter, A. L. Stone, A. V. Tollestrup, E. R. Harms
Fermilab, Batavia, Illinois
- Hadley, Nicholas J. Hadley, S. K. Kunori
UMD, College Park, Maryland
- M. Lamont
CERN, Geneva
|
|
| |
Commissioning the LHC accelerator and experiments will be a vital part of the worldwide high-energy physics program beginning in 2007. A remote operations center, LHC@FNAL, has been built at Fermilab to make it easier for accelerator scientists and experimentalists working in North America to help commission and participate in operations of the LHC and experiments. We report on the evolution of this center from concept through construction and early use. We also present details of its controls system, management, and expected future use.
|
|
|
|
Slides
|
|
| MOPA03 |
Redundancy for EPICS IOCs
|
26 |
| |
- L. R. Dalesio
SLAC, Menlo Park, California
- G. Liu, B. Schoeneburg, M. R. Clausen
DESY, Hamburg
|
|
| |
High availability is driving the reliability demands for today’s control systems. Commercial control systems are tackling these requirements by redundant implementations of major components. Design and implementation of redundant Input Output Controllers (IOCs) for EPICS will open new control regimes also for the EPICS collaboration. The origin of this development is the new XFEL project at DESY. The demands on the availability for the machine uptime are extremely high (99.8%) and can only be achieved if all the utility supplies are permanently available 24/7. This paper will describe the implementation of redundant EPICS IOCs at DESY that shall replace the existing redundant commercial systems for cryogenic controls. Special technical solutions are necessary to synchronize continuous control process databases (e.g., PID). Synchronization of sequence programs demands similar technical solutions. All of these update mechanisms must be supervised by a redundancy monitor task (RMT) that implements a hard-coded expert system that has to fulfill the essential failover criteria: A failover may only occur if the new state is providing more reliable operations than the current state.
|
|
|
|
Slides
|
|
| WPPB03 |
Software Interlocks System
|
403 |
| |
- V. Baggiolini, D. Garcia Quintas, J. Wenninger, J. P. Wozniak
CERN, Geneva
|
|
| |
In the year 2006, a first operational version of a new Java-based Software Interlock System (SIS) was introduced to protect parts of the SPS (Super Proton Synchrotron) complex, mainly CNGS (CERN Neutrinos to Gran Sasso), TI8 (SPS transfer line), and for some areas of the SPS ring. SIS protects the machine through surveillance and by analyzing the state of various key devices and dumping or inhibiting the beam if a potentially dangerous situation occurs. Being a part of the machine protection, it shall gradually replace the old SPS Software Interlock System (SSIS) and reach the final operational state targeting LHC (Large Hadron Collider) in 2008. The system, which was designed with the use of modern, state-of-the-art technologies, proved to be highly successful and very reliable from the very beginning of its existence. Its relatively simple and very open architecture allows for fast and easy configuration and extension to meet the demanding requirements of the forthcoming LHC era.
|
|
| WPPB07 |
Machine Protection and Advanced Plasma Control in TORE SUPRA Tokamak
|
412 |
| |
- S. P. Bremond, J. Bucalossi, G. Martin, P. H. Moreau, F. Saint-Laurent
EURATOM-CEA, St Paul Lez Durance
|
|
| |
A tokamak is a complex device combining many sub-systems. All of them must have high reliability and robustness to operate together. A sub-system includes its own safety protections and a more integrated level of protection to ensure the safety of the full device. Moreover, plasma operation with several megawatts of additional injected power requires a highly reliable and performing control because uncontrolled plasma displacements and off-normal events could seriously damage the in-vessel components. Such an integrated control system is installed on Tore Supra. It can develop an alternative plasma operation strategy when margins to technological sub-system limits become too small. The control switches to more and more degraded modes, from the nominal one to a fast plasma shutdown. When sub-system limits are nearly reached, the system tries to balance the loads over less solicited parts. Then a modification of the plasma parameters is performed to preserve the plasma discharge in a degraded mode. The third step is a soft and controlled plasma shutdown, including a stopping of additional heating systems. When loads are closed to be uncontrolled, a fast plasma shutdown is initiated.
|
|
| WPPB08 |
Role-Based Authorization in Equipment Access at CERN
|
415 |
| |
- P. Gajewski, K. Kostro
CERN, Geneva
- S. R. Gysin
Fermilab, Batavia, Illinois
|
|
| |
Given the significant dangers of LHC operations, Role-Based Access Control (RBAC) is designed to protect from accidental and unauthorized access to the LHC and injector equipment. Role-Based Authorization is part of this approach. It has been implemented in the Controls Middleware (CMW) infrastructure so that access to equipment can be restricted according to Access Rules defined jointly by the equipment and operation groups. This paper describes the authorization mechanism, the definition and management of Access Rules and the implementation of this mechanism within the CMW.
|
|
| WPPB10 |
Virtually There: The Control Room of the Future
|
418 |
| |
- F. Bonaccorso, A. Busato, A. Curri, D. Favretto, M. Prica, M. Pugliese
ELETTRA, Basovizza, Trieste
|
|
| |
Imagine the ILC is up and running. Electrons and positrons collide happily, and scientists are taking data. Suddenly there's a problem with one of the laser wires. All experts are at a meeting on a different continent, but the problem needs to be fixed immediately. Difficult? Not when there's a Global Accelerator Network Multipurpose Virtual Lab (GANMVL) in place. High-speed, high-resolution cameras would allow the faraway experts to look at the fault, a web-based portal would let them access the controls and tools of the system with a simple "single-sign-on" procedure. However, the virtual lab is not just about remote operation. In principle it is already possible to run a control room remotely. This system is radically different in that it takes into account the human aspect of teamwork around the world. The implications of a working virtual control room are enormous. It might revolutionise virtual collaboration in completely different areas. The paper presents the GANMVL tool and the results of the evaluation of the Virtual Lab in production environment and real operations.
* http://www.eurotev.org/, “European Design Study Towards a Global TeV Linear Collider.” ** http://www.linearcollider.org/cms/, “International linear collider.”
|
|
| WPPB11 |
Secure Remote Operations of NSLS Beamlines with (Free)NX
|
421 |
| |
- D. P. Siddons, Z. Yin
BNL, Upton, Long Island, New York
|
|
| |
In light source beamlines, there are times when remote operations from users are desired. This becomes challenging, considering cybersecurity has been dramatically tightened throughout many facilities. Remote X-windows display to Unix/Linux workstations at the facilities, either with straight x-traffic or tunneling through ssh (ssh -XC), is quite slow over long distance, thus not quite suitable for remote control/operations. We implemented a solution that employs the open source FreeNX technology. With its efficient compression technology, the bandwidth usage is quite small and the response time from long distance is very impressive. The setup we have, involves a freenx server configured on the linux workstation at the facility and free downloadable clients (Windows, Mac, Linux) at the remote site to connect to the freenx servers. All traffic are tunneled through ssh, and special keys can be used to further security. The response time is so good that remote operations are routinely performed. We believe this technology can have great implications for other facilities, including those for the high energy physics community.
|
|
| WPPB28 |
Remote Operation of Large-Scale Fusion Experiments
|
454 |
| |
- G. Abla, D. P. Schissel
GA, San Diego, California
- T. W. Fredian
MIT, Cambridge, Massachusetts
- M. Greenwald, J. A. Stillerman
MIT/PSFC, Cambridge, Massachusetts
|
|
| |
This paper examines the past, present, and future remote operation of large-scale fusion experiments by large, geographically dispersed teams. The fusion community has considerable experience placing remote collaboration tools in the hands of real users. Tools to remotely view operations and control selected instrumentation and analysis tasks were in use as early as 1992 and full remote operation of an entire tokamak experiment was demonstrated in 1996. Today’s experiments invariable involve a mix of local and remote researchers, with sessions routinely led from remote institutions. Currently, the National Fusion Collaboratory Project has created a FusionGrid for secure remote computations and has placed collaborative tools into operating control rooms. Looking toward the future, ITER will be the next major step in the international program. Fusion experiments put a premium on near real-time interactions with data and among members of the team and though ITER will generate more data than current experiments, the greatest challenge will be the provisioning of systems for analyzing, visualizing and assimilating data to support distributed decision making during ITER operation.
|
|
| WPPB30 |
Cybersecurity and User Accountability in the C-AD Control System
|
457 |
| |
- S. Binello, T. D'Ottavio, R. A. Katz, J. Morris
BNL, Upton, Long Island, New York
|
|
| |
A heightened awareness of cybersecurity has led to a review of the procedures that ensure user accountability for actions performed on the computers of the Collider-Accelerator Department (C-AD)Control System. Control system consoles are shared by multiple users in control rooms throughout the C-AD complex. A significant challenge has been the establishment of procedures that securely control and monitor access to these shared consoles without impeding accelerator operations. This paper provides an overview of C-AD cybersecurity strategies with an emphasis on recent enhancements in user authentication and tracking methods.
|
|
| WPPB32 |
Cybersecurity in ALICE DCS
|
460 |
| |
- A. Augustinus, L. S. Jirden, P. Rosinsky, P. Ch. Chochula
CERN, Geneva
|
|
| |
In the design of the control system for the ALICE experiment much emphasis has been put on cyber security. The control system operates on a dedicated network isolated from the campus network and remote access is only granted via a set of Windows Server 2003 machines configured as application gateways. The operator consoles are also separated from the control system by means of a cluster of terminal servers. Computer virtualization techniques are deployed to grant time-restricted access for sensitive tasks such as control system modifications. This paper will describe the global access control architecture and the policy and operational rules defined. The role-based authorization schema will also be described as well as the tools implemented to achieve this task. The authentication based on smartcard certificates will also be discussed.
|
|
| WPPB34 |
Information Technology Security at the Advanced Photon Source
|
463 |
| |
- W. P. McDowell, K. V. Sidorowicz
ANL, Argonne, Illinois
|
|
| |
The proliferation of “bot” nets, phishing schemes, denial-of-service attacks, root kits, and other cyber attack schemes designed to capture a system or network creates a climate of worry for system administrators, especially for those managing accelerator and large experimental-physics facilities as they are very public targets. This paper will describe the steps being taken at the Advanced Photon Source (APS) to protect the infrastructure of the overall network with emphasis on security for the APS control system.
|
|
| WPPB38 |
Update on the CERN Computing and Network Infrastructure for Controls (CNIC)
|
472 |
| |
|
|
| |
Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data be altered. During the two years following the presentation of the CNIC Security Policy at ICALEPCS2005, a “Defense-in-Depth” approach has been applied to protect CERN's control systems. This presentation will give a review of its thorough implementation and its deployment. Particularly, measures to secure the controls network and tools for user-driven management of Windows and Linux control PCs will be discussed.
|
|