Especially if you have a separate emergency shutdown (ESD) system that is fully up and running...
Goes something like this:
"Shit, close that valve we're getting an over-pressure on line 3"
"Valve closed"
"Bah, too slow, we're in a blowdown..."
Aaaand you have 300 feet of flame coming from the flare. Fun times for all
If only I wasnt under multiple NDAs I'd love to describe how insane the offshore oil business really is when it comes to security....
Some examples:
We have people accessing the secure clients from onshore using RDP, the security for that is implemented as read-only users on the domain offshore... so it assumes there are no flaws in the RDP client for an unpatched Windows 2003 server... yay.....
They gave access to the raw OPC servers for a data logging service that is managed from a 3rd party office on shore... With no access control implemented so that they could save 5000 dollars... this on a rig that produces 50 million USD worth of product -a day-.
Nobody get security at these companies, nobody. It is painful to watch your audit get marginalized because any fix will cost money.
Especially if the whole security upgrade to patch up at least 20 serious issues cost less than 10 minutes of downtime... sigh.
These rigs tend to have a top-level operator system based on windows, with limited patching and a variety of issues. Why?
Building a custom system is expensive, and any losses from breaches are gambled on by managers who are not personally responsible for anything. All they care about is short term goals and their next bonus...
I stopped feeling bad for them years ago when yet another security flaw was reported and ignored. It will bite them in the ass eventually, until then, they wont learn a thing.
We bring new software on usb sticks, get em scanned and then inserted into clients on the secure network.
Hell, we even bring windows updates in
And this is for oil rig control systems.
Practicality and immediate cost seems to win everywhere sadly...
They dont need internet access, but it usually goes something like this...
Secure network ---firewall--- plant network ---firewall--- corporate network ---firewall --- internet!
Becaaause....
Plant network people need access to the secure network.. so they link em
Corporate network epople need access to the plant network... so they link em..
Corporate ALSO needs internet for obvious reasons and link to that...
Technical people and security people scream bloody murder at the security implications, but are overruled for financial reasons and we end up with a hodgepodge of connections possible... sigh
If a full copy of the environment would cost tens of millions of dollars, it is hard to justify it.. sadly.
Now look at this system:
DC1/DC2, handles SMB shares for users and general data storage for the engineering staff
DB1/DB2/DB3, has 50+ services running that handles everything from antivirus updates to OPC data
OPC1/OPC2/OPC3/OPC..
History logger, runs an oracle DB for logging every single action in the plant, required by law in this field.
BACKUP1/2, SMB shares on raid for backups of all servers and clients.
How exactly are you going to do what you propose without firewalling or air-gapping this from the rest of the networks?
In a perfect world you can limit everything to just the secure messages... in the real world you end up with DCOM communication set up to allow anything on the network to start and stop processes on anything on the domain.. *cringe*
Oh... and this is the top level of an oil rig control system, fancy that *wimper*
Except BB gives access to governments if required to do so
I run such a 5760x1080 gaming machine and it can be a pain.
Especially since the 'automatic' settings of so many games assume I am using 1920x1080 and set the settings accordingly.. giving me 3fps *grump*
Worse still, adding another card in crossfire has a bad solution due to the bottlenecks in the architecture. You get maybe 25-30% increased performance from adding a second card in games like BF3.. that was a huge disappointment.
Games with less activity on screen (GW2, WoW) seem to handle the resolution well. I still want more power... hoping to snag a new card soon...
The problem here is not the resolution but the stupidity of software not being able to scale on a high resolution display.
I also have excellent eye-sight but reach for the browser 'zoom' functionality more often than I would like on my high res work display. *sigh*
Passively cooled means that there are no "active" elements in the cooling. There would be no fans or water blocks on the card.
Just a heat sink relying on ambient air.
Pretty much every control system in the world relies on 'backups' for safety.
Building a system where the regular "process control" wont fail if equipment breaks is prohibitively expensive and is rarely done.
You build a system that works unless something breaks, then you add a second "Process Shutdown" or "Emergency Shutdown" system on top of that to handle all the safety functions.
For instance, at most oil rigs you have emergency shutdown solenoids on valves to the flare boom. If an emergency shutdown is triggered these solenoids open the valves and normalize the pressurized systems. This ESD system logic is usually completely separate in function from the process control system.
In essence it is what you could call a "backup" system.
The simplicity of shutting down the pumps would have no safety-issue in a properly design system.
Many process control systems designers do levels of protection:
Level 3: Process Control
This level handles the normal operation of the plan. Regulates coolant flow to the pools and announces alarms if you get into a "high temp" state.
Most of the time Offshore in the oil business this level does not take any actions other than notifying the operator.
Level 2: Process Shutdown (PSD)
This level WILL take action on a "high high" event by starting redundant coolant pumps or other actions to cool down the material. This is automatic but usually take into account the speed of which the system could be normalized after a shutdown. This is primarily to protect equipment and not really the process.
Level 1: Emergency Shutdown (ESD)
Offshore this usually means a blow-down of pressurized systems and closing off wellheads. This is a hugely expensive thing... To be avoided!
This level ignores completely the cost of operation a trip will cause and is entirely about securing the systems and avoiding damage to people, environment and plant.
Thing is... Most people would refer to both PSD and ESD levels as 'backup systems' when in fact they are integral parts of the system design. PSD is something that happens routinely in most plants due to anything from equipment failure to network outages. It is what is supposed to happen when the normal operation is not stable. NOT NEWS....
ESD on the other hand usually makes the news over here due to the ramifications of a rig shutting down in an emergency.
So the fact that you can push a button and shut down a pump isnt really the issue. It should cause audible alarms of course, but you WANT to be able to kill off a pump rapidly if something unexpected happens.
The terminology here is confusing to say the least. I highly doubt it was a "backup system" that did this. More likely process safety functions took over for process control functions...
And sadly most of the time the only people who profit from class-action suits are the lawyers involved...
Unless you're impersonating user A to get users B, C and D to do something stupid, or share something important.
And of course you do not want to leave anything in audit logs to prove that you did, because the only legal protection you have impersonating user A is that nobody knows how your agency is interpreting the law. Until they do, you act in good faith that what you are doing is legal...
Or some bullshit reason like that.... I do not agree, but I see how it tends to be explained away these days *sigh*
The rate at which a disease spreads through a corn field is a precise measurement of the speed of blight.
