BEKA introduce 8 variable Profibus PA Indicators

BEKA associates have introduced a new range of cost effective eight variable Profibus PA indicators with 20mm high digits and a 31 segment bargraph, models include field and panel mounting, intrinsically safe, Type n and safe area indicators.

Each indicator may be configured as a fieldbus Listener or as a Node.   When used as a Listener the indicator is not visible to the fieldbus host; may not be subject to a Node Licence Fee and is configured and controlled via the instrument’s push buttons.   As a fieldbus Node configuration is via the fieldbus host, but the indicator’s fieldbus address may be entered via the instrument’s push buttons, which may also be used to return operator acknowledgements to the host.

The intrinsically safe models have ATEX, IECEx, FM and cFM approvals; the Type n indicator has ATEX and IECEx approval permitting installation in Zone 2 without an intrinsically safe segment isolator.

For further information please visit http://www.beka.co.uk/pb or phone 01462 438301

Crisp work by Tetra Pak CPS

When the Australian division of one of the world’s leading manufacturers of food processing and packaging equipment systems needed bespoke machines for a well known UK crisps manufacturer it knew just who to call – Tetra Pak CPS Ltd.

The long-distance collaboration between Heat and Control Pty Ltd’s manufacturing site down under and Dorset-based Tetra Pak CPS resulted in a custom-built tempered water system with heat exchanger, pump and steam equipment on a process line for manufacturing crisps in the West Midlands.

Heat and Control had used Tetra Pak CPS for a similar order in 2003 so were confident that despite their project team being based in Australia, work on the new equipment would be delivered without a hitch.

The rapid and seamless sign-off of the first concepts sent to Australia enabled Tetra Pak CPS to run the project ahead of deadline. Tetra Pak CPS supplied the original equipment to match Heat and Control’s exact requirements and managed the complete project from initial design concepts through to delivery within 10 weeks.

Heat and Control’s Project Manager in Australia commented: “Our previous experience of Tetra Pak CPS meant that we had no hesitation in returning to them. The company was very helpful in supplying equipment with an extremely short lead time.”

Renowned for its flexibility and cost effective solutions, Tetra Pak CPS has been delivering cutting edge processing solutions for over 80 years. The company prides itself on developing bespoke systems that are robust and use only the highest quality components to ensure continual operation, reliability and efficiency.

Tetra Pak CPS has a global reputation for delivering value for money, quality service and equipment – so it is no surprise that, despite the distance, this latest collaboration turned out to be so successful.

ISA100 standard compliant: but which one?

A really interesting view from Walt Boyes, on his Sound Off! blog, poses the question we have all been wondering about: when a standard is acknowledged as having errors, and is being corrected, what does compliance with that standard imply? See the original on http://community.controlglobal.com/content/isa-announces-wci-certified-isa10011a-field-devices-which-standard-pauto-isa-wireless

ISA announced a couple of days ago that a whole group of Honeywell and Yokogawa instruments and devices had completed WCI-compliance testing and were now certified ISA100.11a devices. That’s cool.

Or is it?

Which ISA100.11a were these devices certified against?

ISA100.11a-2009, which was withdrawn from the ANSI approval process?

ISA100.11a-2010, which is being re-written with some significant changes from the 2009 model year and hasn’t been approved yet?

ISA100.12, the converged ISA100 and WirelessHART standard which an RFP is just about to go out for proposals to create specifications to produce? (If you think that sentence is convoluted, just go watch the process).

Or are they certified to a variation of the ISA100.11a standard that the WCI has ginned up amongst themselves? Remember that WCI has no direct connection to the ISA100 standard committee and is a private, not for profit, member organization (just like the HART Communication Foundation).

Who knows?

The fact is, though, that announcements like these make the ISA100.12 committee feel like the Palestinian-Israeli peace talks. They certainly are not helping the cause of convergence one single bit, and they tend to make other vendors quite paranoid about the process.

Everybody who is involved in the “peace talks”– I mean, the convergence effort, would take it as a great relief if WCI and ISA stood down for a while instead of continuing to try to ram what is by all accounts a seriously flawed and unworkable standard down our throats.

I am speaking for all the end users here, and I quote Pat Schweitzer of ExxonMobil just as I did in the August cover story: “Technically there is no issue…The basic question is can the supplier community ever come together to meet the users’ expectations.”

End users want and need a single wireless field device standard. Based on results so far, IEC62591-WirelessHART is winning handily. If ISA100 doesn’t want to become irrelevant due to market forces, everybody had better up and support the ISA100.12 convergence effort.

If you are an end user, please write your favorite vendors and tell them you want a single wireless standard and you want a converged standard between WirelessHART and ISA100.

If you don’t make yourself heard now, you– and not the vendors– will pay for it in the future.

Statoil selects Emerson for automation and safety systems

Emerson Process Management is one of three suppliers chosen for a long-term frame agreement with Norway’s Statoil that positions Emerson to bid on future automation and safety systems for the international oil and gas producer.

The agreement supports Statoil’s strategy of using innovative technologies to solve the energy needs of the future, including making the most of emerging opportunities in shale gas, heavy oil, and deep-water production, as well as further development of the Norwegian Continental Shelf. Emerson’s integrated safety and automation system – which includes its DeltaV digital automation system and DeltaV SIS process safety system – will help Statoil maximise production, while reducing operating costs and minimising safety and environmental risks.

Statoil and Emerson recently collaborated to apply Emerson’s Smart Wireless technology on two offshore platforms. Emerson has found that wireless measurement networks offer significant cost and weight savings in such applications.

“It’s exciting to work with customers as forward-thinking as Statoil,” said Steve Sonnenberg, president of Emerson Process Management. “We expect this new agreement to strengthen our existing relationship – and open the door to new opportunities for improved results.”

The five-year frame agreement covers process safety and automation systems, including engineering services, for new capital projects as well as upgrades to existing facilities, and includes the option to renew for two additional two-year terms. Emerson will continue to provide control valves, measurement instruments, asset management solutions, and related services to help Statoil optimise its operations.

New LNG Plant Technology

As liquefied natural gas (LNG) advances towards widespread commercial use, the prospect of producing it where it will be distributed commercially has become increasingly attractive.

An invention by the LNG research team at the U.S. Department of Energy’s Idaho National Laboratory has made this prospect a reality by developing a small-scale methane liquefaction plant. Small-scale liquefaction plants are advantageous because their compact size enables the production of LNG close to the location where it will be used. This proximity decreases transportation and LNG product costs for consumers.

The small-scale LNG plant could also allow localized peak-shaving to occur – balancing the availability of natural gas during high and low periods of demand. It also makes it possible for communities without access to natural gas pipelines to install local distribution systems and have them supplied with stored LNG.

The INL liquefaction technology is designed to draw natural gas from a transmission pipeline at a point where the pressure is dropped to accommodate commercial distribution. The plant is powered mainly by the energy created through this pressure drop. As the gas enters the plant, some of it is allowed to expand, and as it expands, it cools. This allows the process to use the natural gas as a coolant in the liquefaction process.

A demonstration plant installed in Sacramento also removes contaminants from the methane stream as it progresses through the plant. The stream is injected with methanol, which bonds to any water. When the temperature drops to the point where the methanol vapor becomes liquid – the water and methanol are separated out of the methane stream. During the final cooling of the LNG product, solid CO₂ is formed and separated from the methane stream.

This significantly decreases the work needed in pre-cleaning the methane. It appears that the separated water/methanol mix and solid CO₂ are then vaporized and returned into the original distribution line, without significantly changing the BTU of that line.

The natural gas is liquefied and moved into a storage tank where it stays until used, trucked away, or re-injected into the original distribution pipeline (if the system is used for peak shaving).

The Sacramento plant is designed to interact with the distribution line at a pressure let-down station, remove water and CO₂, and liquefy 10-20% of the gas entering the plant. Other plant models are being designed to adapt to higher CO₂ concentrations, nitrogen content, higher and lower pressure distribution lines, connections at non let- down points, and to liquefy a higher percentage of incoming gas.

No gas is consumed by the plant during this process. The plant requires little oversight, and future plants may require very little manual operation, if any.

A full-scale methane liquefaction plant can require hundreds of acres and cost billions of dollars. A small-scale liquefaction plant can fit into a cargo container at a cost of less than two million dollars.

The Sacramento plant was developed and designed under the terms of a Cooperative Research and Development Agreement (CRADA) with Pacific Gas and Electric Company and Southern California Gas Company. The technology has been success- fully tested and is now available to be licensed for commercial manufacturing.

INL is a multiprogram national laboratory dedicated to supporting DOE’s missions in energy and national security, environmental quality, and science.

Baumer offer an alternative to vibrating fork level switch

With the level switch LBFS, Baumer claims to offer a cost-efficient and reliable alternative to the widely-used vibrating fork level switches. The Baumer device appears to use the RF probe principle to monitor the dielectric properties of the surrounding medium. It is designed to detect the level of viscous or dry substances as well as liquids, and can be mounted in any position in tanks or pipelines. The sensor is unaffected by flow, turbulence, bubbles, foam, and suspended solids. As the sensor head is smooth and very small, even adhesive media do not stick to it. The sensor offers a fast response time to enable fast filling processes as well as an accurate and reliable level control.

The level switch detects high and low levels in tanks and pipelines. Furthermore, it can be used for overfill protection, dry running protection of pumps. There are many fields of applications: drinking water, wastewater, filtration, HVAC, hydraulics, oil and gas, bio energy, wood pellets, flour mills, railway transportation or pump systems.

The sensor is mounted in a compact, very robust, and corrosion-resistant stainless steel housing. It can be installed and sealed easily with Teflon tape. It can be easily configured on PC via the FlexProgrammer 9701. Due to its fast response time of just 0.2 seconds, the sensor offers reliable level detection even in fast filling processes. The device can be used at a wide operation temperature range from -40 up to 115 °C.

The LBFS uses frequency sweep technology whereby a drive frequency is swept by the transmitter and becomes subject to a phase shift depending on the medium. When in contact with the medium, which has a different dielectric constant (DC) to the normal air, an electronic switch is triggered. The high sensitivity over a large sensing range from DC values of 1.5 up to more than 100 allows the level detection of all kinds of powders, granulates and liquids. Even difficult substances like polyamide granulate or paper can be detected reliably. Phase separation in oil-water mixtures is also possible by tuning out the low DC value presented by the oil.

Compared to other measuring methods like vibrating forks, conductive ultrasonic or optical sensors, this technology has further important advantages: it has no vibrating parts and is not sensitive to changes based on conductivity, temperature or pressure.

LNG future in short sea shipping

According to DNV ’s summer students, LNG could easily become the most feasible means of fuel in short sea shipping. The students ’ report was presented today in front of an audience of 200 people – including shipowners, representatives from the supply industry and Norwegian authorities.

Ten master ’s students from Norway, Sweden and Nigeria, chosen among 150 applicants, have worked on this year’s summer project assignment – “LNG in short-sea shipping ”– for the past six weeks. The scope of the project was to set up a fictitious ship owning company operating ships fuelled on liquefied natural gas (LNG) in the Nordic region. The students, who study technology and economics, have investigated challenges and opportunities of operating vessels on LNG. During the six weeks the students have investigated the preferable trade and ship type for LNG operations, made specification to ship design and provided a viable fuel logistics solution. They have proven this to be safe, environmentally friendly and economically profitable.

Results

The market analysis conducted by the students showed that four oil tankers of Aframax size shipping crude oil were the most promising options when taking market attractiveness, technical feasibility, economic advantage and environmental impact into account. The most relevant ports within the trade were identified, and Primorsk, Mongstad and Teesport stood out as exporters while Rotterdam stood out as importer. While the major advantages of LNG as fuel are superior environmental performance and a lower price, the weaknesses are the immature LNG market as well as the limited distribution infrastructure. However, the students identified and presented a realistic approach to deal with these weaknesses.

Among other things the students suggested that, in order to make LNG available at a competitive price, large volumes of LNG are bought on the global market and then distributed to an onshore storage facility near Rotterdam. Bunkering of other vessels is then provided by a refuelling barge.

DNV CEO Henrik O. Madsen says “I was very impressed to see what the students presented here today. At times I have found it difficult to understand why the shipping industry has not switched to LNG – given the great commercial and environmental advantages. Today, with their presentation the students have provided ship owners with a blueprint, showing us all that it is 100% realistic to overcome the challenges with regard to LNG as fuel.”

New Crowcon LIBRA battery for Triple Plus+ gas detectors

Crowcon’s new LIBRA (Lithium Ion Battery Replacement Assembly) battery is now available for use with all existing and new-build Triple Plus+ (TRP+) and Triple Plus +IR (TRP+IR) gas detectors. This makes the detectors even more versatile and dependable, with extended lifetime and charge cycles.

LIBRA is more than just a Li-ion battery. It contains a microprocessor and circuitry to mimic the previous Lead Acid battery pack – this means users can simply replace on their Lead Acid battery pack with a LIBRA without needing to do any modifications to their TRP+/TRP+IR or change the charger, even though the battery technologies are generations apart. LIBRA also provides power for 20-30 minutes after low battery warning, allowing users to complete their task and to replace the battery.

Core to the development was the need to offer existing users a solution compliant to their existing operating procedures. For example, there is no impact on the requirement to see the minimum operating voltage of 6.3V.

At the same time Crowcon has introduced a more forceful low battery alarm indication, based on customer feedback, demonstrating the company’s commitment to supporting the many tens of thousands of TRP+/TRP+IR users in the field. This improvement is available as standard in all new-builds (after November 2009) and also in the form of a service replaceable Eprom upgrade.

Lithium on (Li-ion) batteries have a number of advantages over competing technologies. Firstly, they are generally lighter than Lead Acid equivalent batteries; secondly, they provide much more energy than Lead Acid batteries; thirdly, Li-ion batteries hold their charge (even on the shelf) and can be more effectively controlled by electronics; finally, they have no ‘memory effect’ and so can be recharged at any time without losing any overall life or cycle time – this means increased lifetime and charge cycles.

Assuming a five day working week, a 48 week year and a gas detector being charged overnight after every working day, the battery will experience 240 charging cycles per year. Under these conditions LIBRA guarantees a full two years of charge cycles without any reduction in run time. At the end of the following 240 charge cycles, a 25% reduction in run time may be experienced. LIBRA therefore offers, at the very minimum, three years of reliable use, assuming extreme recharging patterns. This time will be extended if the battery is not used completely or not charged as frequently.

Because Lead Acid batteries are declining in popularity due to their negative environmental impact, LIBRA Li-ion batteries are also more environmentally friendly than alternatives.

Crowcon’s TRP+/+IR detectors have been industry favourites worldwide due to their robust construction and reliability. Using the most advanced technologies they have always proven themselves as ‘fit for purpose’ in the field.

Diesel fuel optimisation uses miniature ultrasonic flowmeter

Royston Diesel has championed a device to reduce fuel consumption and cut back costs for customers by adopting a specialist ultrasonic flowmeter from Titan Enterprises in Dorset.

“Using new technology has allowed us to keep our focus upon the valued relationships with key companies in the industry sector. The flowmeters from Titan Enterprises have enabled Royston to accurately measure the fuel consumption of our customers’ engines and ultimately provide vital data in order to lower fuel costs for our customers.”

Robin Shaw, Technical Manager at Royston Diesel

With the cost of fuel at an all time high, many companies are concerned about the impact it may have on success, profit and effectiveness. Fleet owners and operators require ways to identify where problems occur, monitor fuel consumption and rate performance in terms of which ships are proving most profitable

Major shipping companies need to somehow monitor performance and reduce fuel consumption. This would only be possible by implementing a new monitoring system. What is a routine job for some companies, such as deploying tugs to bring a container ship into dock is proving too expensive due to the speed at which they travel and the power they use to direct larger ships. A monitoring system needed to be installed to measure ‘best speed’ and ‘best economy’. This way the optimal trade off between consumption and speed will be attained without wasting fuel.

Royston Diesel, based in the North East of the UK, is committed to offer diesel engine support to companies across the globe. They are experts in the field and are devoted to providing care aspects for customers. One of Royston’s major clients and industry leader wished to incorporate a technology to advance measurement within towage and emergency response operations. Robin Shaw, Technical Manager at Royston therefore developed a new concept in conjunction with the University of Newcastle which would provide a solution and an aid for engine performance.

Following three years of research and innovative invention, The “Enginei” monitoring system was born which is a new fuel and engine monitoring system, presenting logged engine and fuel consumption data. The Enginei system, which can be fitted to any engine from the smallest, older generators to the newest high speed engine manufacturers, provides recorded engine data sent over satellite to a web based management dashboard. Sensors monitoring engine parameters such as exhaust temperatures, boost pressure and oil pressure, log engine performance and can be downloaded via USB onboard or sent remotely via satellite to show any worrying engine trends before they becomean issue. This helps the onboard crew and office based technical staff to make informed decisions and reduce the time and cost associated with vessel maintenance and vessel downtime.

An essential part of the monitoring technology is a flowmeter provided by Titan Enterpises. With over 40 years of experience in supplying flowmeters for a variety of industries, Titan was able to deliver a key element in the offering which met all specifications to measuring the flow of diesel.

After an extensive study of the available flowmeter technologies, Royston placed an order with Titan Enterprises for one of its unique stainless steel flowmeters. Stainless steel is the preferred material for marine applications which are subject to approval by classification societies such as Lloyds Register. Royston initially ordered just two OG4 stainless steel flowmeters with female BSP threads for evaluation and following a quick implementation stage, they then placed a much larger order for use on 15 different ships including tugs and oil tankers, with the intention to roll this out across a much broader fleet by the end of 2010.

The meter performance on diesel is 0.5 to 50 litres per minute with accuracy of ± 0.1%. The 316 steel material is fitted with Hall effect magnet detector and is used in a vast array of applications, varying from highly critical jet engine oil to diesel generator fuel consumption. Titan flowmeters are already used as fuel performance test measures for offshore rescue boats and the French Navy. Other versions are used for hydraulic test rigs and aggressive chemicals.

Titan Enterprises, based in Sherborne, Dorset, is a manufacturer of flow measurement devices which measure flow of a fluid and are used in a wide variety of automotive, medical, aerospace, pharmaceutical and hospitality sector applications.

Founded by Trevor and June Forster in 1981, the company has developed tremendous expertise in its specialist area of manufacturing and a reputation for being at the forefront of flow measurement technology and design.

It has supplied high performance equipment to major oil and manufacturing companies and has recently launched a brand new ultrasonic flowmeter titled the Atrato which uses patented technology.

Production has continued to grow, due to an increasing demand for the measurement of low flow in liquids from an array of industry sectors including; medical, industrial, food & drink, laboratory and pharmaceutical. Sales of Titan products have now totalled over 250,000 and a trusted re-sale percentage of 95% is something owner Trevor and his family are particularly proud.

Trevor Forster Comments:

“Our oval gear flowmeters which are used on the new software developed by Royston Diesel are accurate enough to make flow consumption engine installations worthwhile.

“By measuring both the supply and return flows and subtracting the difference the flowmeters offer accurate measurements, couple this with Royston’s technology and this can lead to significant savings in fuel useage and cost reduction in the fleet operation.”

In order to advance the usage of the flowmeters within the Enginei, Titan will be supplying flanged meters to Royston which will make the servicing and assembly even more straightforward for engineers. No stranger to innovation, Titan Enterprises launched a breakthrough in flowmeter technology this year. The patented technology uses ultrasonic technology measuring low flow. The high accuracy and usb interface makes it one of the talked about products around this year.

For more information visit http://www.atratoflowmeters.com/

Since the Enginei software came to fruition, Royston have now introduced an internal team of electronic and software specialists to ensure the product is sustainable. For major clients, the typical expenditure on fuel per year can be in the region of £8-10 million. The new Enginei system will allow customers to make savings of up to 10% and according to Robin Shaw: “Whilst there is no magic bullet, the Enginei system can change the way ships are driven and the measurement of fuel and consumption is essential in minimising wastage.”

The most important benefits of the new advances include the following;

• Reduced fuel consumption
• Improved engine reliability
• Reduced engine emissions
• Prevention of fuel theft
• Improved operational efficiency

“Stuxnet” malware targetted at automation

This article by Andrew Bond is taken from the Industrial Automation Insider August 2010 issue

Last month’s cyber attack on Siemens SCADA systems and DCSs has reopened the question of how responsibility for ensuring the security of automation systems in general and those controlling potentially hazardous industrial processes and critical infrastructure in particular should be shared between users and vendors and, indeed, vendors’ suppliers.

Few people in the automation industry, and precious few more in the user community, can now be unaware of the bare bones of what has now become known as the ‘Stuxnet’affair. According to Siemens it was on July 14th last that the company was notified of a security breach within Windows which could potentially affect its Simatic WinCC SCADA software and the PCS7 DCS which uses WinCC as its HMI. Among the first to identify the threat was Byres Security chief technology officer Eric Byres who confirmed that what Siemens and its users were experiencing was “a zero-day exploit against all versions of Windows including Windows XP SP3, Windows Server 2003 SP 2, Windows Vista SP1 and SP2, Windows Server 2008 and Windows 7.” (see Security threat to the control system world! – this also contains links to other comments on the Stuxnet affair!)

For those, including us, who are not fully familiar with the jargon, a “zero day” exploit is one which is exploiting a hitherto unidentified security breach which only becomes apparent because of and at the same time as the original attack and leaves all other users of the same system or systems at risk until such time as the vulnerability is eliminated.

Spread by USB keys
In this case the ‘malware’, variously described as a Trojan and a worm, seems to have been spread by USB keys, although it seems possible that it could also be propagated via network shares from other computers. It exploits a previously unidentified vulnerability in the way Windows displays icons for shortcuts via .lnk files with the result that, in order to become infected, the user does not even need to open any file or run any application on the USB stick; just viewing the contents via Windows Explorer is sufficient. As a result, disabling AutoRun doesn’t provide any protection either.

Given the ‘zero day’ nature of the attack, it was hardly surprising that no patch was available from Microsoft although it is hoped that one will be prepared by the next due date, for patches to be made available in early August. In the meantime Microsoft outlined a series of ‘work arounds’ which included, not surprisingly, not installing USB keys, disabling the display of icons for shortcuts and disabling the WebClient service.

It also rapidly released a tool which would disable the vulnerability in most cases but would affect the way Windows displayed shortcut icons: and a clean-up tool which would sanitize infected systems but, it warned, might adversely affect the performance of a control system.

Targetted at automation
So far, so Windows generic. Within days if not hours of the existence of the malware, by then dubbed ‘Stuxnet’, becoming known, a number of less sophisticated lookalikes had been identified, a pattern which is apparently the norm for such attacks. However what seems to set this incident apart from the general run of malicious tomfoolery is that the malware displays an unusual degree of professionalism, incorporating a seemingly authentic but fraudulently copied certificate and, even more unusually, specifically targeting industrial automation software. As Byres explained, it “uses the Siemens default password of the MSSQL account
WinCCConnect to log into the PCS7/ WinCC database and extract process data and possibly HMI screens” which it then attempts to export via an internet connection to a remote server. However, Siemens warned against what might have seemed the most obvious solution, changing the password, because of potential knock on effects elsewhere in a system.

Adding a sinister twist to the story, again according to Byres, is the fact that discovery of the malware coincided with “a concerted Denial of Service attack against a number of the SCADA information networks such as (the) SCADASEC and ScadaPerspective mailing lists, knocking at least one of these services off line”. That seems to suggest that those responsible had prepared sophisticated plans in advance, not only to release the malware targeting the Siemens systems, but to frustrate users’ and vendors’ attempts to counter the threat.

Control system infection
At the time of writing, Siemens claimed to have identified just one user, a site in Germany, where a control system had actually been infected. More-over, even in that case, while it attempted to export data, it was apparently unable to do so because the server to which it was sent either did not exist or was off-line.

Had the objective been actual sabotage, rather than what appears to have been industrial espionage, the consequences could have been very much more serious. Clearly, there is a shared responsibility here. Microsoft has a duty to ensure that its products are as secure as is reasonably possible and to act to eliminate vulnerabilities as soon as is practical after they have been identified. What they can’t reasonably be held responsible for is the consequences of their customers, or their customers’ customers, using those products in a manner which dramatically magnifies the consequences of such unknown vulnerabilities being discovered and exploited by malevolent third parties.

Clearly a Siemens user whose WinCC or PCS7 installation has become infected has at one level been extremely unlucky. Not only has an infected USB stick had to find its way onto the site, presumably via one of its own, a contractor’s or a vendor’s employee, but that stick has to find an unprotected USB slot on or with access to the control system. The fact that, thus far, this has only happened once suggests either that, at least initially, the number of copies ‘in the wild’ was relatively small, or that users’ basic security precautions, including locking down or eliminating USB slots, are in general reasonably effective.

Dangerous software error
Nevertheless, while Siemens enjoyed some initial sympathy for being targeted and even a degree of admiration for the speed with which they have responded, fingers are now beginning to be pointed both at them for the vulnerability of their systems and at the users themselves for adopting such systems without apparently questioning their security. Chris Wysopal, CTO of cyber security specialist Veracode, is particularly critical of Siemens’ use of a hard-coded password which, he says, comes eleventh in what he calls the industry standard ‘CWE/SANS Top 25 Most Dangerous Software Errors.’ Writing on his ZeroDay Labs Blog and alleging that Siemens was aware of the issue as much as two years ago, he asks, “Why didn’t Siemens fix the hard coded password vulnerability when it was first publicly disclosed?”

Wysopal has no doubt where the ultimate responsibility lies. “Software customers that are operating SCADA systems on critical infrastructure on their factories with the WinCC Software had a duty to their customers and shareholders to not purchase this software without proper security testing,” he says. Although the incident will once again raise the bigger issue of whether Windows is in fact a suitable vehicle for mission critical industrial and infrastructure applications, more immediately other vendors and their customers will be examining not just their systems’ susceptibility to this particular vulnerability but whether they provide a similar
‘Open Sesame’ to their applications. Software, argues Wysopal, should be subjected to independent security testing before it is deployed if users are to rely on anything more than the hope that someone else falls victim to the next piece of malware and that a patch is released before their own system is attacked. “With the sophistication shown through this multi-stage USB attack, it is clear that hope is not a viable option,” he concludes.