WEBVTT 00:00.000 --> 00:03.630 >> Sector-specific technology concerns. 00:03.630 --> 00:06.150 The learning objectives for this lesson are to 00:06.150 --> 00:08.250 define embedded systems and components, 00:08.250 --> 00:10.890 to explore industrial computer systems, 00:10.890 --> 00:14.310 and to examine HVAC's use of embedded systems. 00:14.310 --> 00:18.345 Let's get started. Internet of Things, or IoT. 00:18.345 --> 00:20.130 This describes a global network of 00:20.130 --> 00:21.930 appliances and personal devices. 00:21.930 --> 00:23.115 They contain sensors, 00:23.115 --> 00:25.275 network connectivity, and software. 00:25.275 --> 00:27.480 They can collect information and then pass 00:27.480 --> 00:29.580 it between themselves and other systems. 00:29.580 --> 00:32.865 This is referred to as machine-to-machine, or M2M. 00:32.865 --> 00:35.505 Each device will have a unique identifier 00:35.505 --> 00:37.170 that allows it to operate on the Internet, 00:37.170 --> 00:39.940 or through intermediary devices. 00:40.370 --> 00:44.330 IoT networks are usually composed of the following. 00:44.330 --> 00:46.430 First, you need a hub or a control system. 00:46.430 --> 00:47.810 This is a communications hub 00:47.810 --> 00:49.775 for Z-Wave or Zigbee networking. 00:49.775 --> 00:51.830 It is a control system accessed 00:51.830 --> 00:54.115 usually by an app on your mobile device. 00:54.115 --> 00:56.285 Then you add smart devices. 00:56.285 --> 00:58.610 These are the endpoint devices such as your light bulbs, 00:58.610 --> 01:01.625 doorbells, cameras, and smart home automation. 01:01.625 --> 01:03.740 They often come built-in 01:03.740 --> 01:05.360 with their own security vulnerabilities. 01:05.360 --> 01:06.770 One of the things that happens here is that 01:06.770 --> 01:09.050 manufacturers do not often go and 01:09.050 --> 01:10.220 release new firmware that 01:10.220 --> 01:11.990 patches vulnerabilities that have 01:11.990 --> 01:13.835 been discovered in their devices. 01:13.835 --> 01:16.520 Also with IoT, we can add in wearables. 01:16.520 --> 01:19.055 These are watches, bracelets, rings, pendants, 01:19.055 --> 01:22.250 glasses designed as personal accessories. 01:22.250 --> 01:26.425 All of them allow connectivity to the IoT mesh network. 01:26.425 --> 01:28.095 Finally, we have sensors. 01:28.095 --> 01:30.170 These are able to measure the temperature, 01:30.170 --> 01:32.000 the humidity, light, pressure, 01:32.000 --> 01:34.230 and many other variables. 01:34.700 --> 01:39.260 Microcontrollers. These perform sequential operations 01:39.260 --> 01:42.425 from a vendor-determined dedicated instruction set. 01:42.425 --> 01:45.350 These embedded in systems often only 01:45.350 --> 01:48.310 need to perform the same basic task over and over again, 01:48.310 --> 01:49.670 so the hardware controllers can be 01:49.670 --> 01:52.310 programmed with these instructions when they're created. 01:52.310 --> 01:55.665 Field programmable gateway array, or FPGA, 01:55.665 --> 01:57.140 is a controller that can have 01:57.140 --> 01:58.715 its own program logic 01:58.715 --> 02:02.280 configured to run specific applications. 02:03.530 --> 02:06.830 System on a chip. This integrates 02:06.830 --> 02:09.265 parts of a chipset into a single chip. 02:09.265 --> 02:11.570 Chipsets can include up to four chips. 02:11.570 --> 02:14.180 They control the communications between the CPU, 02:14.180 --> 02:16.325 RAM, and storage, and peripherals. 02:16.325 --> 02:18.170 Systems on a chip contain 02:18.170 --> 02:20.570 the processor along with a graphics processor, 02:20.570 --> 02:22.320 or GPU, memory, 02:22.320 --> 02:25.485 USB controller, power management, and wireless radios. 02:25.485 --> 02:28.980 It uses low power and offers really good performance. 02:28.980 --> 02:31.700 A Raspberry Pi is a very good example of this, 02:31.700 --> 02:33.920 and that's what's in the picture here. 02:34.730 --> 02:38.280 Industrial control systems, ICS. 02:38.280 --> 02:40.100 These provide mechanisms for 02:40.100 --> 02:42.500 workflow and process automation. 02:42.500 --> 02:44.990 ICS is controlled machinery that is used 02:44.990 --> 02:47.480 in critical infrastructure such as power utilities, 02:47.480 --> 02:49.359 water utilities, telecoms, 02:49.359 --> 02:51.770 health providers, and national defense. 02:51.770 --> 02:54.570 Distributed control systems, 02:55.360 --> 02:57.900 these are an ICS that manage 02:57.900 --> 03:00.530 process automation within a single site. 03:00.530 --> 03:04.280 Think of this as the main controller for 03:04.280 --> 03:06.020 a specific site that has 03:06.020 --> 03:09.900 many integrated control systems embedded throughout. 03:11.200 --> 03:14.750 Programmable logic controller, PLC. 03:14.750 --> 03:16.610 This is a type of computer that 03:16.610 --> 03:18.320 enables automation in settings 03:18.320 --> 03:19.610 such as assembly lines and 03:19.610 --> 03:22.225 autonomous field operations and robotics. 03:22.225 --> 03:24.530 PLCs can interact with a variety of 03:24.530 --> 03:27.920 sensors to connect the digital and real worlds together. 03:27.920 --> 03:29.990 PLCs can also be programmed to 03:29.990 --> 03:32.645 perform actions in response to triggers. 03:32.645 --> 03:35.855 Ladder logic is the sequential control language 03:35.855 --> 03:38.135 that dictates how a PLC operates. 03:38.135 --> 03:43.200 It uses a graphical flowchart-like interface. 03:44.780 --> 03:48.560 ICSs are made up of plant devices and 03:48.560 --> 03:49.955 equipment embedded 03:49.955 --> 03:52.595 programmable logic controllers, or PLCs. 03:52.595 --> 03:56.150 PLCs are linked by OT fieldbus serial network, 03:56.150 --> 03:59.555 or with an industrial Ethernet to actuators. 03:59.555 --> 04:02.960 Actuators are the devices that operate motors, 04:02.960 --> 04:04.760 circuit breakers, valves, 04:04.760 --> 04:07.470 and other sensors like temperature. 04:08.600 --> 04:11.570 PLC configuration is performed by 04:11.570 --> 04:14.525 human machine interfaces, or HMIs. 04:14.525 --> 04:17.285 HMIs may be local control panels 04:17.285 --> 04:18.895 or software on a computer. 04:18.895 --> 04:21.275 PLCs are also connected in a loop, 04:21.275 --> 04:22.970 and process automation is 04:22.970 --> 04:25.805 run by a central control server. 04:25.805 --> 04:28.235 The data historian is a database of 04:28.235 --> 04:31.920 all information generated by the control loop. 04:32.770 --> 04:37.010 Supervisory control and data acquisition or SCADA. 04:37.010 --> 04:40.145 This is large scale multi-site ICS, 04:40.145 --> 04:41.690 where you use a SCADA system in 04:41.690 --> 04:44.105 place of a control server. 04:44.105 --> 04:47.120 SCADA are usually software 04:47.120 --> 04:49.160 running on computers that gather data from 04:49.160 --> 04:51.530 management plant devices and equipment 04:51.530 --> 04:54.415 with embedded PLCs known as field devices. 04:54.415 --> 04:57.845 SCADA usually have a WAN connections such as satellite, 04:57.845 --> 05:00.990 cellular, or links to the field devices. 05:02.560 --> 05:06.110 Heating, ventilation, and air conditioning, or HVAC. 05:06.110 --> 05:08.750 This uses temperature and moisture sensors for 05:08.750 --> 05:12.265 humidity control to manage the environment of a building. 05:12.265 --> 05:14.360 These can be remotely controlled, 05:14.360 --> 05:16.940 and management is often outsourced to third parties. 05:16.940 --> 05:19.430 This is a major security concern since 05:19.430 --> 05:21.080 these embedded systems are network 05:21.080 --> 05:23.560 connected and accessed by third parties. 05:23.560 --> 05:26.840 Keep in mind that often the third parties do not have 05:26.840 --> 05:30.565 the same level of security as the source organization. 05:30.565 --> 05:32.795 If you remember back to the Target breach, 05:32.795 --> 05:34.625 this is exactly what happened with them. 05:34.625 --> 05:37.610 Their third party HVAC vendor was breached, 05:37.610 --> 05:40.010 and then that allowed them to go straight into Target. 05:40.010 --> 05:42.365 When you're outsourcing these types of things, 05:42.365 --> 05:44.045 you want to make sure that 05:44.045 --> 05:46.220 the vendor understand security, 05:46.220 --> 05:48.725 or at least will allow you to help lock things down. 05:48.725 --> 05:50.780 We had a customer that when we were doing 05:50.780 --> 05:52.895 the initial assessment and takeover of the site, 05:52.895 --> 05:54.685 we discovered a Raspberry Pi. 05:54.685 --> 05:56.090 We wanted to know what it did, 05:56.090 --> 05:57.470 and we dug a little deeper and 05:57.470 --> 05:59.000 found out that it was the device that 05:59.000 --> 06:02.840 the third-party HVAC company used to control the system. 06:02.840 --> 06:04.670 The problem was, it 06:04.670 --> 06:06.650 had not been updated in over four years. 06:06.650 --> 06:09.200 It was running a very outdated version of 06:09.200 --> 06:12.030 Debian that had so many vulnerabilities in it. 06:12.030 --> 06:13.700 We contacted the HVAC vendor, 06:13.700 --> 06:15.800 and they said that we weren't allowed to access it, 06:15.800 --> 06:16.820 that if we made any changes 06:16.820 --> 06:18.265 to it it'd mess up the system. 06:18.265 --> 06:20.270 I spoke with our customer 06:20.270 --> 06:21.470 and let them know the situation, 06:21.470 --> 06:22.640 how serious this was, and 06:22.640 --> 06:24.320 for example, what happened to Target, 06:24.320 --> 06:25.925 and they decided that 06:25.925 --> 06:28.640 either the HVAC vendor needed to update it, 06:28.640 --> 06:29.720 or they would have to remove 06:29.720 --> 06:31.070 it and come up with some other way. 06:31.070 --> 06:32.810 In the end, it turns out that there was 06:32.810 --> 06:34.730 an update available for the Raspberry Pi, 06:34.730 --> 06:36.290 but the HVAC vendor wasn't 06:36.290 --> 06:38.030 aware of it because it wasn't their wheelhouse. 06:38.030 --> 06:39.920 This wasn't something they specialized in. 06:39.920 --> 06:41.225 They got these devices, 06:41.225 --> 06:42.805 they put them in, and that was it. 06:42.805 --> 06:44.810 We finally got it updated, 06:44.810 --> 06:45.860 and we were able to install a 06:45.860 --> 06:47.030 monitoring agent on it so that 06:47.030 --> 06:49.370 we can make sure that we had some level of access to it, 06:49.370 --> 06:50.930 at least for the logging to 06:50.930 --> 06:53.820 ensure that nothing was coming in. 06:53.820 --> 06:57.230 The key point to remember is that you can't rely 06:57.230 --> 06:58.400 on your third-party vendors 06:58.400 --> 06:59.990 because IT is not their thing. 06:59.990 --> 07:02.255 Even if they're installing some form of technology, 07:02.255 --> 07:04.470 it's not likely their thing. 07:05.240 --> 07:09.120 Let's summarize. We discussed the Internet of Things. 07:09.120 --> 07:12.185 We also went over microcontrollers and system on chip. 07:12.185 --> 07:14.900 We went over industrial control systems and SCADA, 07:14.900 --> 07:17.615 along with programmable logic controllers. 07:17.615 --> 07:21.285 Let's do some sample questions. Question 1. 07:21.285 --> 07:23.300 This type of system takes the place of 07:23.300 --> 07:27.030 a control server in large, multi-site ICS. 07:27.400 --> 07:31.735 Supervisory control and data acquisition, or SCADA. 07:31.735 --> 07:35.390 Question 2. A blank is necessary for 07:35.390 --> 07:39.420 the Z-Wave or Zigbee networking in an IoT environment. 07:39.520 --> 07:42.325 Hub or control systems. 07:42.325 --> 07:46.880 Question 3. This type of device has a full chipset and 07:46.880 --> 07:52.315 a CPU on a single chip. System on a chip. 07:52.315 --> 07:55.340 Question 4. This is used to program 07:55.340 --> 07:59.730 PLCs and uses a flowchart graphical interface. 08:00.370 --> 08:02.870 Ladder logic. I hope 08:02.870 --> 08:03.890 this lesson was helpful for 08:03.890 --> 08:06.180 you, and I'll see you in the next one.