MS Windows controls our power stations

Mad Mike

I got a plant tour of one of the ESB's power stations yesterday. Very interesting.

One thing surprised me. The consoles used to control the running of of the power station are all MS windows based. Some were running XP and some were running Windows 2000 (at least I hope it was 2000 and not 9x).

The control terminals are networked and used to control remote generating sites (some of which are not manned).

Didn't get a chance to ask the operator if they ever got blue screen of death problems but given the importance of electricity supply I am surprised that they don't use a more secure interface.

Kali

I'd assume any control mechanisms would have failsafes built-in anyway in case of software errors (i.e. w2k reboots/crashs.. remote machine keeps doing what its doing till told otherwise)... I can't imagine them not having such methods implemented.

aidan_walsh

Properly configured versions of 2000 and XP are amongst the most stable versions of Windows. Windows2000 is the fore-runner is business desktop operating system because of this...

I've used 2000 in college for 3 years now, and XP for the best part of 2 at home, and I have never had either go BSOD on me.

If they were using Windows 98 \ ME, then I'd have cause to worry...

Mad Mike

Before Microsoft issue a libel writ I should point out that my concerns are not just MS Windows related.

Any industry standard general purpose operating system is a risk in such a situation. The fact that an operating system such as Windows tries to do so many things means that there will always be back doors which expose the system to interference either malicious or otherwise. The fact that the computers are networked greatly increases that risk.

aidan_walsh

Originally posted by Mad Mike
Before Microsoft issue a libel writ I should point out that my concerns are not just MS Windows related.

Thats certainly how it read. You only mentioned the Windows platforms, not mentioning anything about the underlying hardware or software, made a point of the BSOD and asked how they don't use a secure interface...

And of course there are going to be unmanned generating sites controlled by terminal, the same system is used throughout the world. And the ESB must know what they're doing as they are often sub-contracted to do works in other countries, Eurpoean and otherwise...

Mad Mike

Well doodle_sketch my initial reaction did arise from the general perception that windows is less secure than other platforms. My second post reflects my own realisation that a proprietary interface would actually be better than any industry standard operating system for such a critical piece of infrastructure.

I accept your point that the ESB know what they are doing and that similar systems are likely to be used throughout the world. Power system throughout the works are not always secure however. Even in the most advanced nations power systems have failed with catastrophic results (eg New York 2003).

I really don't know enough about the details of the system to offer any kind of informed opinion on its operation. I am surprised that common or garden windows is a key component.

ColmOT [MSFT]

It's widely accepted that the 'perception' is that Windows is one of the most insecure dektop/server operating systems.

In actual fact, it's the complete opposite, with Windows topping many polls and charts with regard to the relative low numbers of patches released per annum compared to other operating systems.

A properly configured Windows Server 2003 system on supported hardware has an uptime of 99.999% (the magical 5 9's) which is an extremely high level of reliability. Properly configured, it is as secure as any other server OS.

Mad Mike

Hello Colm

Its great to hear from a real Microsoft person who is ready to defend their product.

I am a hardware engineer myself and one lesson I learned early on was that penny components made by the million for consumer applications are often more reliable than supposedly high reliability expensive military grade components.

The sheer number of people using the volume component means that any defects are likely to be revealed and sorted out.

Applying a parallel to windows - it is possible that the sheer number of people using windows means that any bugs are likely to be found and (we hope) sorted out. Less popular operating systems may appear to be less buggy simply because fewer people are using them and therefore fewer bugs are found.

Mind you that still doesn't excuse the sodding paperclip nor the fact that it is virtually impossible to get an inserted graphic to stay where you want it to in an MSWord document. (Sorry - just couldn't let a real live MS person go without getting those particular gripes off my chest).

ColmOT [MSFT]

hehe - I agree with what you say about Word!

I'm not going to defend MS because I work for them, but I genuinely do believe that what we make is good...but too often it's a malconfigured system that is the weakest link.
It's a difficult job learning the ins and outs of an OS and securing it, but people need to be more vigilent when it comes to security.

DMT

Hospitals also use Windows - that should be of even more concern than power stations....

Victor

One of the advantages of the ESB system, is they use their own, more or less standalone system for controlling the grid.

Now if only they could do something about their website.

[edit] Whoot! they have, if only all the links worked :rolleyes:

Explosive_Cornflake

Did anyone see 2DTV, i think it was 2 nights ago?
Bill gates was plauged by the paper clip and killed himself. Twas quite funny.:D

Red Alert

Is MS is so secure then why does everywhere use Novell for the servers?

Specky

Power stations are not controlled by Windows.

The control systems that actually control the stations, the sub-stations and the distribution network are based around embedded controller running real time operating systems.

Windows may well be used for presentation graphics on the PCs that run the front ends for economy reasons but you can rest assured that the equipment actually doing the work is not.

Mad Mike

That is a very good point specky. The guys I was talking to were just the operators who oversee the plant operation - they didin't tell me too much about what went on behind the display screens.

Nevertheless the operators do have a lot of authority over the system and the windows display terminal is their critical interface - From what I could see the system has become increasingly centalised whrereby an operator in Dublin might have control over power plants throughout the country.

In this scenario the windows display terminal is still a mission critical part of the system - If the operator cannot trust his display screen then anything might happen.

Specky

The system may appear centralised but it isn't. Monitoring functions are, but the control of equipment ie where the intelligence is that does the stuff is actually becoming more decentralised through a process called "distribution automation".

The equipment out in the field is all embedded. It's actually pretty sophisticated and knows what it should be allowed to do and what it should not be allowed to do. There are lots of safety interlocks on the systems to prevent nasty accidents happening....and believe me when there are accidents they can be very nasty indeed. More often than not it is because these systems are so "fail safe" that we experience outages because if anything odd happens they are more likely to switch off than anything else.

So although you may believe that if one of those windows based control machines goes haywire (or its operator does) the entire grid could be sent into dissarray, all that can actually happen is these systems can send off some commands to a much more robust system that will be the arbitor of whether the commands should be sent or not, and when they reach the equipment in the field they willbe checked again against specific operating characteristics to see if they are sensible things to do.

Yes, in a way it is a worry that even the presentation graphics should be left to machines as inherently unstable as PCs running windows. I've been in sub-stations where the PCs refuse to boot and everyone sits around head scratching until the blue screens can be got rid of, but I'm afraid it is very common for the cost of purchase mentality to influence the simple economics of many purchasing decisions.

The grid works. It requires very little human intervention, and when things do need to happen although the process may be initiated by the click of a mouse on a PC there are many much more reliable and robust pieces of equipment doing the real work down the line.

Mad Mike

Very interesting stuff specky. If I understand you correctly there is enough distrbuted intelligence at a local level in each power plant that even if the commands coming from the control room get garbled the power plant will stay safe. I have to admit the system does work and power outages are a relatively rare phenomenon nowadays.

Specky

If I understand you correctly there is enough distrbuted intelligence at a local level in each power plant

Essentially yes.

The majority of control is done at the substation level (there are several different levels of substation from the generating plant down to the local sub) and increasingly there are also pole-top controls for extreme localisation as part of the distribution automation process. This is somewhat analogous to the "unbundling of the local loop" in telecoms.

ZENER

Interesting stuff specky. In the 38KV sub at Dublin Airport they have a Sun Workstation/Solaris combo which appears to be networked to a higher control system. Wasn't allowed get too close but could see what appeared to be a graphic of the local subs and switches/trafos.

ZEN

iasc

Originally posted by DMT
Hospitals also use Windows - that should be of even more concern than power stations....

Beaumont is running alot of things on linux
and most hospitals would have a novell backbone, but run the workstation mahcines on windows...why because its familiar to most users, the servers, the important stuff is probabaly run a linux kernel