[time-nuts] Time security query

Javier Serrano javier.serrano.pareja at gmail.com
Tue Aug 25 14:36:46 UTC 2009


Hi, from a timing perspective we treat CERN as a factory of particle beams,
so probably our ideas on timing systems apply to industrial control systems
as well. We have a single GPSDO with Rubidium for holdover and our Central
Timing Generator only looks at it at power up to get its first PPS and UTC
time. From then on it runs counting 10 MHz (or multiples of it) off the same
GPSDO. UTC compliance is important in case of accidents but not absolutely
needed for routine operation. We've seen our GPSDO drift and the
accelerators kept working flawlessly. Our timing generator drives an
internal timing network, and because all critical equipment listens to time
on this network GPS jamming/spoofing would be of no concern in principle.
There are some exceptions to this, with PLCs and other pieces of hardware
getting sync from NTP. We've had problems in our Post Mortem system in the
past, with a PLC not receiving NTP traffic because of router
misconfiguration and this resulting in incoherent time tags. Our proposed
solution for that is to feed a PPS from one of our timing receivers to the
critical PLCs and ask them to time-tag it with their internal NTP-derived
time base.
I agree with Hal that protection through diversity is very effective. We do
checks of our timing system vs. GPS, NTP and a free-running Cesium. If
something goes wrong, we get a warning, diagnose the problem and schedule an
intervention at the earliest convenient time. There was some debate about
installing a distributed system of GPS receivers in the past, but for our
particular application a single source (even if "wrong") is best.

Cheers,

Javier

On Mon, Aug 24, 2009 at 8:30 PM, Bill Hawkins <bill at iaxs.net> wrote:

> Group,
>
> The questions of network and radio security are being applied to industrial
> control systems, which is my field of endeavor.
>
> Control systems also require an accurate sense of time of day, to stamp the
> time of events occurring in the controlled process. GPS is the preferred
> way
> to get accurate time, even though process sensors seldom sample faster than
> 120 times per second. These time stamps are required by government
> regulations
> in some industries.
>
> So, what are the threats to a GPS time receiver? Jamming is possible, or
> just
> overloading the receiver, but the receiver goes into holdover mode and
> keeps
> on ticking with the disciplined oscillator. This does little damage
> compared
> with jamming the transmissions of wireless sensors.
>
> Spoofing the time from a remote location seems impossible. Or is it just
> difficult? Security by obscurity is not secure. Continual time changes
> could
> confuse a control system that had scheduled activities, as well as mess up
> the trends and logs that record the history of the process.
>
> Thanks for any comments I can pass on in a talk on this subject.
>
> Bill Hawkins
>
> Observation: Passwords are merely obscure.
>
>
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to
> https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.
>


More information about the time-nuts mailing list