| Paper |
Title |
Page |
| MOPA01 |
Summary of the Control System Cyber-Security (CS)2/HEP Workshop
|
18 |
| |
|
|
| |
Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data be altered. The (CS)2/HEP workshop held the week-end before ICALEPCS2007 was intended to present, share, and discuss countermeasures deployed in HEP laboratories in order to secure control systems. This presentation will give a summary overview of the solution planned, deployed and the experience gained.
|
|
|
Slides
|
|
| MOPA02 |
LHC@FNAL – A New Remote Operations Center at Fermilab
|
23 |
| |
- W. F. Badgett, K. B. Biery, E. G. Gottschalk, S. R. Gysin, M. O. Kaletka, M. J. Lamm, K. M. Maeshima, P. M. McBride, E. S. McCrory, J. F. Patrick, A. J. Slaughter, A. L. Stone, A. V. Tollestrup, E. R. Harms
Fermilab, Batavia, Illinois
- Hadley, Nicholas J. Hadley, S. K. Kunori
UMD, College Park, Maryland
- M. Lamont
CERN, Geneva
|
|
| |
Commissioning the LHC accelerator and experiments will be a vital part of the worldwide high-energy physics program beginning in 2007. A remote operations center, LHC@FNAL, has been built at Fermilab to make it easier for accelerator scientists and experimentalists working in North America to help commission and participate in operations of the LHC and experiments. We report on the evolution of this center from concept through construction and early use. We also present details of its controls system, management, and expected future use.
|
|
|
|
Slides
|
|
| MOPA03 |
Redundancy for EPICS IOCs
|
26 |
| |
- L. R. Dalesio
SLAC, Menlo Park, California
- G. Liu, B. Schoeneburg, M. R. Clausen
DESY, Hamburg
|
|
| |
High availability is driving the reliability demands for today’s control systems. Commercial control systems are tackling these requirements by redundant implementations of major components. Design and implementation of redundant Input Output Controllers (IOCs) for EPICS will open new control regimes also for the EPICS collaboration. The origin of this development is the new XFEL project at DESY. The demands on the availability for the machine uptime are extremely high (99.8%) and can only be achieved if all the utility supplies are permanently available 24/7. This paper will describe the implementation of redundant EPICS IOCs at DESY that shall replace the existing redundant commercial systems for cryogenic controls. Special technical solutions are necessary to synchronize continuous control process databases (e.g., PID). Synchronization of sequence programs demands similar technical solutions. All of these update mechanisms must be supervised by a redundancy monitor task (RMT) that implements a hard-coded expert system that has to fulfill the essential failover criteria: A failover may only occur if the new state is providing more reliable operations than the current state.
|
|
|
|
Slides
|
|