India’s Mobile Potential

I am not sure if any other country has this. India’s internet mobile users are higher than desktop users. Though the trend towards mobile is increasing worldwide the gap is still to high. Most of the countries have similar trends and may be India is the only one to have higher web usage thru mobile than desktop.

Results from statcounter

http://gs.statcounter.com/#mobile_vs_desktop-IN-monthly-201201-201301

StatCounter-mobile_vs_desktop-IN-monthly-201201-201301

StatCounter-mobile_vs_desktop-ww-monthly-201201-201301

 

Share

World Cup – Welcome Home!

9

1983 – We the last of the Generation X were born before India won its first cricket world cup and were too young to experience that victory. But we grew up hoping to experience it, not for a year or two but for 28 yrs. By this time my son is of the age I was during the first victory. Cricket to us is more than just sport, it is hope. It gives more hope than what any of the self motivation books or talks can provide, It gives more hope than real world success stories; coz in cricket you are not hearing a story, you are part of the game. Though not essentially playing it you participate in it making predictions, ball by ball. And like the stock market it is highly unpredictable, no matter how hard you try to do it and always end up missing some factor. No other game in history has the chances of victory less significant on capability of the players.  From the sun and rain gods, the chances of head or tail at the toss of a coin, geography of the venue, the crowd factor, several factors can play spoil sport. To win the game it is not just required to defeat the opponent but defeat nature itself. 600 balls of strategy by players on the field and off the field, every ball is a game by itself.

Cricket in India has grown along with us, along with our economy. During those times we were not yet there on the global stage. Cricket gave us hope that we could demonstrate ourselves equally on the global stage. Many of my friends would argue what cricket could do anything to India rather waste some productive hours. I would still argue that the ‘hope’ factor is more important to reach horizons, to challenge the impossible rather than just do hard work. That’s the game of cricket, you predict something and there would arise a player who would prove it all wrong, not just your predictions but nature and science itself. What else could give you more hope.

What could the statistics do to the victory of Srilanka. Right from the beginning the statistics decided Srilanka’s victory and at 31-2 how many could genuinely predict India’s victory. As if history did rewrite itself to challenge the capability of humans India won when it was least expected.

No other place in the world can you see the gods of India together, No other victory is celebrated so much. The cricketers, the politicians, the businessmen, the shining stars of Bollywood and a billion plus spectators; nothing would have seen the whole of India praying for a common goal, The victory of India. For there are no different religions, no different languages, it is a feeling that the whole nation has in common.

2011 – There was indeed one factor that predicted India’s win. The calendars of 1983 and 2011 were the same Smile. Against all odds India did win. To prove that we are very much in the global stage and give the next generation the hope to do more. Let this victory challenge all that’s been decided impossible in this country.

Share

More on Stuxnet – Some Views

 

Stunxnet is beyond imagination. Bloggers claim its targets are beyond process, power and nuclear plants. Siemens systems are also being used in Space as well as Traffic control systems like railways. If you have seen Die Hard 4.0 you can have your imagination rolling!  Now its clear why hackers targeted Siemens systems. But still I have my doubts.

One of the blogs claim it could have even attacked India’s INSAT-4B satellite. Jeffery Carr on his blog says “On July 7, 2010, a power glitch in the solar panels of India’s INSAT-4B satellite resulted in 12 of its 24 transponders shutting down. As a result, an estimated 70% of India’s Direct-To-Home (DTH) companies’ customers were without service. India’s DTH operators include Sun TV and state-run Doordarshan and data services of Tata VSNL.

What does this have to do with the Stuxnet worm that’s infected thousands of systems, mostly in India and Iran? India’s Space Research Organization is a Siemens customer. According to the resumes of two former engineers who worked at the ISRO’s Liquid Propulsion Systems Centre, the Siemens software in use is Siemens S7-400 PLC and SIMATIC WinCC, both of which will activate the Stuxnet worm.”

The blogger has indicated that the PLC’s were used in Liquid Propulsion Systems Centre. Might be that these PLC’s were used as safety systems for gas handling. Whether these PLC’s were used to control satellites is a real question.

 

And there has been lot of talk about SIL. SIL only represents reliability of the system and not security.

 

What is a SIL? (ref: http://www.dyadem.com/services/additional-engineering-services/sil/)

A SIL is a statistical representation of the reliability of the SIS when a process demand occurs. It is used in both ANSI/ISA-S84.01 and IEC 61508 to measure the reliability of SIS. Both ISA and IEC have agreed that there are three categories: SILs 1, 2 and 3. IEC also includes an additional level, SIL 4, that ISA does not. The higher the SIL is, the more reliable or effective the system is.

SILs are correlated to the probability of failure of demand (PFD), which is equivalent to the unavailability of a system at the time of a process demand.

 

There has also a lot of SIL4 discussed on these blogs.

What is SIL 4? (ref: http://www.gmigasandflame.com/sil_faqs.html#SIL4)

SIL 4 is the highest level of risk reduction that can be obtained through a Safety Instrumented System. However, in the process industry this is not a realistic level and currently there are few, if any, products / systems that support this safety integrity level.
SIL 4 systems are typically so complex and costly that they are not economically beneficial to implement. Additionally, if a process includes so much risk that a SIL 4 system is required to bring it to a safe state, then fundamentally there is a problem in the process design which needs to be addressed by a process change or other non-instrumented method.

Quotes one of my Colleagues who is Safety Systems professional “To attain SIL 4 the system has to be non micro processor based and hence more secure. It is true that it is more secure as there is no software involved. However practically SIL4 are not used currently”

This discussion on Siemens website supports it (http://www.automation.siemens.com/WW/forum/guests/PostShow.aspx?PageIndex=1&PostID=181715&Language=en)

However there has been some work on SIL using Linux (Ref: SIL4LINUX). And some claims on Software supporting SIL 4 (www.firmafrance.com/Documents_Produits/Produit3396.pdf)

 

To conclude the SIL standards really do not ensure how secure the system should be from hacking attempts.

 

One more question! How come Windows in Iran. Noted this on Microsoft’s Website (http://www.microsoft.com/exporting/faq.htm)

Are there certain countries you cannot ship Microsoft products to?

Yes.  In general, Microsoft products may not be exported to Cuba, Iran, North Korea, Sudan, or Syria.

 

For automation professionals who would like to know more on the infection process read Symantec’s Exploring Stuxnet’s PLC Infection Process

Share

Stuxnet – The New Generation Control Systems Computer Worm

Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes.Stuxnet includes the capability to reprogram the programmable logic controllers (PLCs) and hide the changes. (Ref: Wikipedia)

It is the first-ever computer worm to include a PLC rootkit.It is also believed to be the first worm to target critical industrial infrastructure. Furthermore the worm’s probable target has been said to have been high value infrastructures in Iran using Siemens control systems. It has also been said that the infestation by this worm might have delayed the start up of Iran’s Bushehr nuclear power plant. (Ref: Wikipedia)

As of end September 2010 the virus has widely affected Iran, Indonesia and India (Source: Stuxnet Under the Microscope)

image

(Image Source: Stuxnet Under the Microscope)

A high volume of detections in a single region may mean that it is the major target of attackers. However, multiple targets may exist, and the promiscuous nature of the infective mechanism is likely to targeting detail.

With its ability to attack industrial control systems, Stuxnet is the first computer virus that causes real-life harm.

Being a control systems professional I can imagine how much damage these little piece of software can create. It is beyond the imagination of Hollywood movies. With its ability to modify the engineering done in Control or Safety systems it can defeat the very purpose it was built for by turning the Plant to a potential weapon of Mass Destruction (WMD). The disaster may not be a boom & fire as shown in movies. A poisonous gas leak or nuclear spill can be more dangerous, Bhopal Gas tragedy an example of it. Oops! this is more threatening than the Google Threat discussed in my earlier blog. And yes, there are new themes available for Die Hard, War Games, Enemy of State, Eagle Eye……

This also calls for nations to strengthen their Cyber Security. And soon cyber security will become a multi bullion dollar industry, multiple times its current volume. I feel the control systems should move back to proprietary operating systems. Gone are the days when these systems were designed and considered to be more secure. With these systems getting more open day by day with insecure implementation of Microsoft dominated OPC (OLE for Process Control) and integration with upper level solutions like ERP the probability of risk is even higher. The strength of the chain is as strong as the weakest link. With new versions of Windows coming up there has been no increased security. A better solution may be to design Windows operating systems catering to automation platforms.

While it is being claimed that there is remedy for Stuxnet, we really need to wait and see if it is yet to unfold. While this worm has been discovered for Siemens systems and if it is true that it is a nation state sponsored project there are many to come targeting all platforms taking a nation’s defense and economy to its control.

Share