Info |
---|
Locking for edits Publishing Work done to is fair game |
SLAC will undergo is undergoing a DOE cybersecurity assessment in June/July of throughout this year. SLAC IT carried out some preparations for this assessment beginning in late March and early AprilMarch of this year. These preparations included hiring a security testing company, Shorebreak Security, to conduct various cybersecurity-related tests of the SLAC IT systems.
These tests included attempts to gain access to and the ability to execute processes on computing devices connected to the SLAC intranet, first from the internetpublic Internet, then from starting within the SLAC office network (e.g. a computer connected to a SLAC IT managed switch or router). This process includes a variety of attack methods including port scanning and attempts to exploit known vulnerabilities in IT equipment and software.
It was somewhat unsettling to learn about the upcoming assessment incidentally and the ongoing testing after it had begun. ECS has experienced control system disruption due to SLAC Cybersecurity's standard and regular port scanning activities in the past. This disruption has manifested in the form of outages as some network connected components may not handle port scanning traffic gracefully. ECS requested on multiple occasions to be notified anytime these kinds of probing activities are taking place so we can prepare to recover affected systems and coordinate with operations. Effects can include COTS devices becoming non-communicative until power-cycled, but there are also more dramatic possibilities which may affect physical systems causing equipment and human hazards.
Our system security and robustness is generally addressed by designing the network to be completely closed off except for a small number of explicitly identified ports. Network configuration is complex and occasionally due to misconfiguration and lack of coordination we have experienced issues as a result of the security testing. To be perfectly clear, ECS appreciates the importance and necessity of what SLAC Cybersecurity does and we understand their methodology. Together we have experienced a learning curve to get to a place where the testing can be performed and the impact to operations can be mitigated but there is still room for improvement.
In the case of the recent assessment by Shorebreak, ECS and AD EED became aware of testing after it began. After becoming aware of the ongoing assessment the Control System (Software) Working Group (CSWG) engaged with SLAC Cybersecurity to identify especially sensitive networks which would be off-limits during these tests, as well as networks which would require advance notice from Shorebreak before they began their tests so we could inform operations and prepare to recover systems. Greg White helped to ensure the SLAC Cybersecurity and relevant control system experts met to coordinate and raised awareness of these activities. McCullough, Mark became an excellent point of contact from SLAC Cybersecurity patiently working with us to balance preparation for the DOE assessment and preventing excessive disruption.
. Our system security and robustness is generally focused around the network being completely closed off except for a small number of explicitly identified ports and systems. Network configuration is complex and the test enabled us to identify areas where the intended configuration and understanding did not match the reality,
The Control System (Software) Working Group (CSWG) engaged with SLAC Cybersecurity to identify especially sensitive networks which would be off-limits during these and future tests, as well as networks which would require special handling in any security testing. Special handling may include coordination with Operations.
Greg White helped to ensure the SLAC Cybersecurity and relevant control system experts met to coordinate and raised awareness of these activities. McCullough, Mark became an excellent point of contact from SLAC Cybersecurity, patiently working with us to balance preparation for the DOE assessment and preventing excessive disruption. Future improvements in communication are planned to further enable all key parties to be aware of planned activities, provide notice of emerging threats as well as a feedback loop to discuss proposed architectures and activities.
ECS had experienced control system disruptions in the past due to port scanning. This disruption resulted in outages as some network-connected components could not handle the unexpected traffic gracefully. Effects can include COTS devices becoming non-communicative until power-cycled, but there are also more dramatic possibilities which may affect physical systems, causing equipment and human hazards.
To address these concerns, additional safety and security measures are being planned and implemented. These measures include improved overall security of interface devices, review of network segmentation to ensure isolation of systems as appropriate, as well as implementing detection methods to identify undesired network traffic before it causes a problem. Plans are also under way, initiated by CSWG and ECS, to add strong cybersecurity to EPICS as a part of SLAC's contribution to the Collaboration. We don’t intend to stop there. As the Cybersecurity team likes to say, security is a journey, not a destinationGiven the present environment at SLAC with regards to work planning and control, it is somewhat surprising that this activity would proceed without a wider broadcast and approval process. Our control systems are designed and built to operate nominally within a network environment consisting of known types of traffic. Testing during installation and commissioning confirms to the extent possible that our systems are robust in the ways we designed them to be. The introduction of cybersecurity testing, which is an aspect we don't strictly consider in our designs, is risky. That risk is compounded with poor communication. These are lessons we must learn from. On the positive side, we now have a stronger relationship with SLAC Cybersecurity than we have had before. Also, while system security was a growing concern for the CSWG, these assessments have increased our attention and perhaps motivated us to more seriously consider the topic.
...
We want to remind everyone that anything ordered for integration or inclusion in the control system needs to be listed in the Supported Device List Supported Devices: Long Term Support. There is a process for adding new component components to this list but there is no guarantee a component you order will be accepted and integrated. Furthermore, ordering an unlisted component before preliminary evaluation is is strongly discouraged. If a nearly equivalent part already exists in the SDL, and there is not a very strong case and specific reason to use the new part number you ordered, then ECS will insist that you return the unlisted component and use a standard, already supported component. If a component is rejected or receives an unfavorable evaluation the same will apply.
The process for new component evaluation can take at least a month, depending on competing priorities, so please plan accordingly. You can begin the process of component evaluation here: Submit a Proposal for New Supported Device.
...
We are closing out to the effort to move from EVRs to TPRs for all devices expected to run triggered in the controls system. In addition, we added support to receive the LCLS1 timing from the LCLS2 fiber which sits behind the DAQs XPM as well as support for the DAQ partition bit.
PMPS Readiness
Margaret Ghaly Zachary L LentzDAQ partition bit.
...
This project kicked off with Jakob Sagatowski, the author of the world renowned -renowned All TwinCAT Blog, and leading expert in all things Beckhoff/TwinCAT, in late March/early April. We're very excited to be working with Jakob to advance our PLC workflows, making it easier to achieve a high degree of quality.
...
We started testing the new TwinCAT BSD operating system for the Beckhoff PLCs. This OS will replace our Windows Compact Embedded 7 PLC image which is standard on all PLCs. Eventually all of our PLCs will migrate to this new OS, and it will be glorious.
TC BSD TCBSD is based on FreeBSD, a derivative of Unix, which makes it very similar to our typical linux operating environment. There are We get many enhancements we get from using TCBSD including:
Given the current focus on cybersecurity we expect to upgrade systems on an as-needed basis to TCBSD. All new projects using PLCs are directed to use the new CX5240 with TCBSD as the OS.
...
The LCLS-II-HE controlsteam continue continues to advance designs for the various instrument areas. CXI instrument PDR review review was conducted April 19th. FXT, FEE, and XRT Transport , Engineering Peer Review has also been was conducted April 28th. The team is awaiting the committee's report from those two reviews in order to address any recommendation and move forward into the next activity. Common Components EPR is targeted for mid- to late May. The team also finalized the BCR for Lasers with the XES lasers scope changes.
...
The MEC-U team is also looking forward to meeting with various rack vendors such as Rittal and Steven Engineering in May June as well as future suppliers (tbd). The rack visits with Rittal and Steven Engineering will consist of an initial visit at SLAC where we will provide them with a tour to see our current rack implementations and discuss the best path forward to improving this for future projects. The second visit will happen onsite at Steven Engineering in South San Francisco where we will be able to play/tinker with their Rittal rack hardware to obtain hands-on experience with their various solutions. They are encouraging SLAC visitors to bring any hardware we wish to test fit or use to spec out their solutions.
NNSA, The National Nuclear Security Administration , are (NNSA) sponsors for an additional project, the Dynamic Material Properties Laser (DMPL) Project, to upgrade MEC-U's long pulse laser capacity. DMPL would add additional long pulse beamlines to the existing HE-LP laser in MEC-U scope, summing to four beamlines at 1.25kJ per beamline , (5kJ total). In April, Controls participated in a cost estimate for this additional scope which will be presented to NNSA in the coming months.
...
In order to prepare for this, we are collaborating with LLNL and LLE to compile a deliverables list to present to the FAC to sufficiently answer their question. Tangential to this list, Alex is actively working on an overall MEC-U controls architecture diagram so that we can present this to the FAC and to ensure each lab has a clear picture of the path forward. He will also be compiling compile a Software Quality Assurance Plan for MEC-U that will also prove to will be useful in regular ECS development and operations.
...
The intention of this release is to fulfill some long-standing package requests and to get us ready for the new run with a stable python foundation.
...
The architecture pages serves discussed below serve as a one-stop reference references to make aid in making design decisions and also help maintain as well as maintaining consistencies within the system.
...
The motion control architecture page serves as a guide to use using the standard connectors from the motor all the way to the beckhoff Beckhoff components. The Page page covers all the standard architecture to follow for Stepper stepper motors & and encoders. It also consists of covers architecture for specialized motion and legacy devices. The page is still a work in progress as there are new motors added for different applicationapplications. Any new motor/encoder is first approved by the Motion SME and the ECS-QA team before getting being added to the Motion Architecture page.
...
The DC system architecture page consists of architecture drawings which depicts depicting the connection connections from the supply to the end device which can be a component or a DinDIN-Railrail. The page goes over the covers which cables to be used use with which component with the components and links to the released cable drawing page, . A example of the architecture can be shown as below is shown in the image below.
...
...
After much discussion and evaluation, a Record of Decision has been written regarding the use of Micronix piezo systems in future designs. The RoD has yet to be finalized, but is discussed in more detail here, but is and outlined below:.
...
Despite these challenges, the project has reached a prototype stage where it is ready for use, and the team is eager to receive feedback from users.
A recent demonstration with major users Bill and Stefan , for Vacuum and GMD and XGMD fields was successfully completed.
If you're interested in trying out NALMS, there is a see this dedicated web page for installation.
You can find more information about NALMS on Confluence, including a description of what NALMS is and how and an explanation of the NALMS workflow works. The team is committed to delivering NALMS in the next weeks.
...
ATEF continues to make steady progress toward becoming a useful tool for guiding and documenting checkouts.
Since the last time ATEF it was featured in the newsletter (Aug/Sept2022), ATEF has received a reworked GUI,
added report generation, and begun implementing active checkout support.
What does this mean?
For more information, see the atef summary page.
ATEF is still in pre-release, but if you are interested in testing it out and providing feedback on its functionality, let us know!
- Robert Tang-Kong
...
Jira | ||||||
---|---|---|---|---|---|---|
|
We think we may aim to validate these plans at the lab-wide level if possible.
...
More details about the trial and how to use GHE will emerge in the coming months. Very exciting!
We're planning to integrate Teamcenter PLM and EPLAN. This integration will bring several advantages, such as improved efficiency by through automatically reflecting changes made in EPLAN to Teamcenter, better part tracking through Teamcenter's BOM, improved lifecycle management with a complete view of history provided by Teamcenter, and enhanced document control through specific repositories and tags.
Furthermore, Teamcenter offers a document control that will check all the blocks (check, revision, approval) and then release the drawing in order to have always a complete ad update version. Moreover, after the release, only an official revision can modify the drawing, ensuring consistency of updates.
The Teamcenter admins will ensure that the integration module is updated with EPLAN to maintain compatibility and optimize system performance.
To properly manage Teamcenter content, several tutorials are accessible with a Teamcenter license. We'll start getting familiar familiarizing ourselves with the software soon.
Several meetings are scheduled to present the last version of Teamcenter to the ECS group and to start integrating Teamcenter and EPLAN.
...
Some new considerations are being made in the area of UI/UX development. In particular the team is considering new software that allows for quick GUI wire framing wireframing and mock ups. These methods originated in the form of pencil and paper and allow enabled a designer to quickly deploy and demonstrate the flow and appearance of an application. In this way stake holders can quickly identify areas of the GUI that need improvement. That is, what areas of the GUI do they get stuck in and don't know what to do? More broadly, where does the GUI fail to adhere to the common GUI heuristicsstakeholders could quickly identify areas of the GUI that were confusing and failed to adhere to common GUI heuristics such as the ones listed here: https://www.nngroup.com/articles/ten-usability-heuristics/.
This pen-and-pencil wire framing wireframing method has made the jump to modern day web applications and in recent years, the number of available applications has ballooned. -day web applications. One can find a multitude of easy-to-use applications with a quick Google search.
These tools not only enable a designer to create a wireframe, but also lets the stakeholder join in. What's more, multiple users can edit a wireframe at the same time!
Here's an example of a Figma session with a quick mock up for the Compound Refractive Lens.
We’ll be evaluating a number of prototyping tools and processes, if you have thoughts about this topic let us know!
A detachment of ECS engineers headed to Germany April 17-21 to attend the Hannover Messe, an industry automation fair. In addition of getting to know the latest developments made by some of our usual suppliers (Beckhoff, Phoenix Contact), the team also investigated solutions for wireless sensors, power supplies or , and new motions and position measurement systems.
...
To view information on all currently deployed EPICS IOCs, see the following document:
EPICS IOCs Deployed in IOC Manager
To see statistics regarding EPICS modules and versions, see the following document:
We wanted 'd like to highlight the SLAC IT newsletter and site and give props, it . It looks great and has a lot of useful information. Check it out!
...
We had to say goodbye to Ortiz, Jose on May 1st and wish him and his family all the best for their lives (back) on ) the east coast. He will remain with us on a casual basis to ensure continuity for DXS/XCS.
Hill, Bruce officially retired on March 24th. He still works casually, but please go through ECS to request work that he used to take on!
On the plus - side, we hired Josue Zamudio as an SEA starting in that role on . He started March 17th.
to
...