Recent cybersecurity testing of SLAC systems and the impact on Experiment Control Systems

Alex Wallace 

SLAC will undergo is undergoing a DOE cybersecurity assessment in June/July of throughout this year. SLAC IT carried out some preparations for this assessment beginning in late March and early AprilMarch of this year. These preparations included hiring a security testing company, Shorebreak Security, to conduct various cybersecurity-related tests of the SLAC IT systems.

These tests included attempts to gain access to and the ability to execute processes on computing devices connected to the SLAC intranet, first from the internetpublic Internet, then from starting within the SLAC office network (e.g., a computer connected to a SLAC IT-managed switch or router). This process includes a variety of attack methods including port scanning and attempts to exploit known vulnerabilities in IT equipment and software.

It was somewhat unsettling to learn about the upcoming assessment incidentally and the ongoing testing after it had begun. ECS has experienced control system disruptions due to SLAC Cybersecurity's standard and regular port scanning activities in the past. This disruption resulted in outages as some network-connected components could not handle port-scanning traffic gracefully. On multiple occasions ECS has requested to be notified any time these kinds of probing activities are taking place so we can prepare to recover affected systems and coordinate with operations. Effects can include COTS devices becoming non-communicative until power-cycled, but there are also more dramatic possibilities which may affect physical systems, causing equipment and human hazards.

Our system security and robustness is generally addressed by designing the network to be completely closed off except for a small number of explicitly identified ports. Network configuration is complex and occasionally due to misconfiguration and lack of coordination we have experienced issues as a result of the security testing. To be perfectly clear, ECS appreciates the importance and necessity of what SLAC Cybersecurity does and we understand their methodology. Together we have experienced a learning curve to get to a place where the testing can be performed and the impact to operations can be mitigated, but there is still room for improvement.

. Our system security and robustness is generally focused around the network being completely closed off except for a small number of explicitly identified ports and systems. Network configuration is complex and the test enabled us to identify areas where the intended configuration and understanding did not match the reality,

The In the case of the recent assessment by Shorebreak, ECS and AD EED became aware of testing after it began. After becoming aware of the ongoing assessment, the Control System (Software) Working Group (CSWG) engaged with SLAC Cybersecurity to identify especially sensitive networks which would be off-limits during these and future tests, as well as networks which would require advance notice from Shorebreak before they began their tests, so we could inform Operations and prepare to recover systems. special handling in any security testing. Special handling may include coordination with Operations. 

Greg White helped to ensure the SLAC Cybersecurity and relevant control system experts met to coordinate and raised awareness of these activities. McCullough, Mark became an excellent point of contact from SLAC Cybersecurity, patiently working with us to balance preparation for the DOE assessment and preventing excessive disruption.DOE assessment and preventing excessive disruption.  Future improvements in communication are planned to further enable all key parties to be aware of planned activities, provide notice of emerging threats as well as a feedback loop to discuss proposed architectures and activities.

ECS had experienced control system disruptions in the past due to port scanning.  This disruption resulted in outages as some network-connected components could not handle the unexpected traffic gracefully. Effects can include COTS devices becoming non-communicative until power-cycled, but there are also more dramatic possibilities which may affect physical systems, causing equipment and human hazards.

To address these concerns, additional safety and security measures are being planned and implemented.  These measures include improved overall security of interface devices, review of network segmentation to ensure isolation of systems as appropriate, as well as implementing detection methods to identify undesired network traffic before it causes a problem. Plans are also under way, initiated by CSWG and ECS, to add strong cybersecurity to EPICS as a part of SLAC's contribution to the Collaboration. We don’t intend to stop there.  As the Cybersecurity team likes to say, security is a journey, not a destinationGiven the present environment at SLAC with regards to work planning and control, it is somewhat surprising that this activity would proceed without a wider broadcast and approval process. Our control systems are designed and built to operate nominally within a network environment consisting of known types of traffic. Testing during installation and commissioning confirms—to the extent possible—that our systems are robust in the ways we designed them to be. The introduction of cybersecurity testing, which is an aspect we don't strictly consider in our designs, is risky. That risk is compounded with poor communication. These are lessons we must learn from. On the positive side, we now have a stronger relationship with SLAC Cybersecurity than we have had before. Also, while system security was a growing concern for the CSWG, these assessments have increased our attention and perhaps motivated us to more seriously consider the topic.

Note to all other teams: Purchasing new hardware

...

Silke Nelson 

We are closing out to the effort to move from EVRs to TPRs for all devices expected to run triggered in the controls system. In addition, we added support to receive the LCLS1 timing from the LCLS2 fiber which sits behind the DAQs XPM as well as support for the DAQ partition bit. 

PMPS Readiness

Margaret Ghaly Zachary L Lentz 

PLC Continuous Integration Testing Pipeline

...

This project kicked off with Jakob Sagatowski, the author of the world renowned -renowned All TwinCAT Blog, and leading expert in all things Beckhoff/TwinCAT, in late March/early April. We're very excited to be working with Jakob to advance our PLC workflows, making it easier to achieve a high degree of quality.

...

We started testing the new TwinCAT BSD operating system for the Beckhoff PLCs. This OS will replace our Windows Compact Embedded 7 PLC image which is standard on all PLCs. Eventually all of our PLCs will migrate to this new OS, and it will be glorious.

TC BSD TCBSD is based on FreeBSD, a derivative of Unix, which makes it very similar to our typical linux operating environment. There are We get many enhancements we get from using TCBSD including:

• bash
• python
• Ansible management (remote management and provisioning of the PLC image)
• Package management for PLC and OS libraries
• Improved potential security
• TCBSD can be virtualized, leading to possibilities for CI pipelines
• Remote recovery of the realtime task, ; ie., the realtime task can crash terribly and we can still recover the PLC remotely
• etc.

Given the current focus on cybersecurity we expect to upgrade systems on an as-needed basis to TCBSD. All new projects using PLCs are directed to use the new CX5240 with TCBSD as the OS.

...

The LCLS-II-HE controlsteam continue continues to advance designs for the various instrument areas. CXI instrument PDR review  review was conducted April 19th. FXT, FEE, and XRT Transport , Engineering Peer Review has also been was conducted April 28th. The team is awaiting the committee's report from those two reviews in order to address any recommendation and move forward into the next activity. Common Components EPR  is targeted for mid- to late May. The team also finalized the BCR for Lasers with the XES lasers scope changes. 

...

The MEC-U team is also looking forward to meeting with various rack vendors such as Rittal and Steven Engineering in May June as well as future suppliers (tbd). The rack visits with Rittal and Steven Engineering will consist of an initial visit at SLAC where we will provide them with a tour to see our current rack implementations and discuss the best path forward to improving this for future projects. The second visit will happen onsite at Steven Engineering in South San Francisco where we will be able to play/tinker with their Rittal rack hardware to obtain hands-on experience with their various solutions. They are encouraging SLAC visitors to bring any hardware we wish to test fit or use to spec out their solutions.  

NNSA and DMPL:

NNSA, The National Nuclear Security Administration , are (NNSA) sponsors for an additional project, the Dynamic Material Properties Laser (DMPL) Project, to upgrade MEC-U's long pulse laser capacity. DMPL would add additional long pulse beamlines to the existing HE-LP laser in MEC-U scope, summing to four beamlines at 1.25kJ per beamline , (5kJ total). In April, Controls participated in a cost estimate for this additional scope which will be presented to NNSA in the coming months. 

...

In order to prepare for this, we are collaborating with LLNL and LLE to compile a deliverables list to present to the FAC to sufficiently answer their question. Tangential to this list, Alex is actively working on an overall MEC-U controls architecture diagram so that we can present this to the FAC and to ensure each lab has a clear picture of the path forward. He will also be compiling compile a Software Quality Assurance Plan for MEC-U that will also prove to will  be useful in regular ECS development and operations.  

...

The intention of this release is to fulfill some long-standing package requests and to get us ready for the new run with a stable python foundation.

...

Purpose

The architecture pages serves discussed below serve as a one-stop reference references to make aid in making design decisions and also help maintain as well as maintaining consistencies within the system. 

...

The motion control architecture page serves as a guide to use using the standard connectors from the motor all the way to the beckhoff Beckhoff components. The Page page covers all the standard architecture to follow for Stepper stepper motors & and encoders. It also consists of covers architecture for specialized motion and legacy devices. The page is still a work in progress as there are new motors added for different applicationapplications. Any new motor/encoder is first approved by the Motion SME and the ECS-QA team before getting being added to the Motion Architecture page. 

...

The DC system architecture page consists of architecture drawings which depicts depicting the connection connections from the supply to the end device which can be a component or a DinDIN-Railrail. The page goes over the covers which cables to be used use with which component with the components and links to the released cable drawing page, . A example of the architecture can be shown as below is shown in the image below. 

Stepper Motor Torque Calculations and Serial Impedance Matching

...

1. Stepper Motor Sizing: This page is intended to help determine the pullout torque required for a particular application, given some mechanical parameters. The page also covers the effect that microstepping has on the motor torque, and why it should not be used for increasing resolution. 
2. Cable Impedance Mismatches: This page is intended to help evaluate the effects of an impedance mismatch between a signal's source, cable, and destination. Some mismatches are tolerable, while others are not. This page provides resources and a built in calculator to help with these evaluations.

Record of

...

Decision regarding Micronix systems

Tyler Johnson 

After much discussion and evaluation, a Record of Decision has been written regarding the use of Micronix piezo systems in future designs. The RoD has yet to be finalized, but is discussed in more detail here, but is and outlined below:. 

• The Micronix MMC-100 has a history of communication issues, requiring specialized controller knowledge , and leading to a burden on operationsOperations.
• The MMC-100 control has therefore been deemed EOL (end-of-life) in the Supported Devices List, and is considered to be legacy equipment. This means:
  
  • The MMC-100 may only be purchased to replace non-functional units that have already been put into operations.
  • Any It is strongly suggested that any units that are already in operations are strongly suggested to already in operation be replaced with LTS (long term support) equipment.
  • The MMC-100, even if the hardware is already in use in LCLS-I, may not be re-used in upcoming projects such as LCLS-II HE. 

...

Despite these challenges, the project has reached a prototype stage where it is ready for use, and the team is eager to receive feedback from users. 

A recent demonstration with major users Bill and Stefan , for Vacuum and GMD and XGMD fields was successfully completed.

If you're interested in trying out NALMS, there is a see this dedicated web page for installation.

You can find more information about NALMS on Confluence, including a description of what NALMS is and how and an explanation of the NALMS workflow works. The team is committed to delivering NALMS in the next weeks.

...

ATEF continues to make steady progress toward becoming a useful tool for guiding and documenting checkouts.

Since the last time ATEF it was featured in the newsletter (Aug/Sept2022), ATEF has received a reworked GUI,
added report generation, and begun implementing active checkout support.

What does this mean?

•  GUI rework: ATEF now sports a GUI that not only allows users to edit and compose their checkouts, but also run said checkoutsthem. The GUI is also being expanded to support active checkout steps as they are added.
  The passive checkout GUI also now supports more complex groupings of passive checks, allowing checks to be grouped by device, PV, or tool type.
• Report auto-generation: Reports can now be generated from completed checkouts. These reports summarize the checkout settings, results, and collected data if applicabale. As more checkout steps are added, their corresponding report output styles will also be updated.
• Active Checkoutscheckouts: In contrast to passive checkouts, active checkouts involve making changes to the controls system (setting PV'sPVs, moving motors, etc). This is the current focus of our development, so please be patient with us!

For more information, see the atef summary page.

ATEF is still in pre-release, but if you are interested in testing it out and providing feedback on its functionality, let us know! 

- Robert Tang-Kong

Standards, Guides, and Quality Assurance Plans

...

We think we may aim to validate these plans at the lab-wide level if possible.

...

More details about the trial and how to use GHE will emerge in the coming months. Very exciting!

EPLAN and TeamcenterTeamcenter 

Federica Murgia 

We're planning to integrate Teamcenter PLM and EPLAN. This integration will bring several advantages, such as improved efficiency by through automatically reflecting changes made in EPLAN to Teamcenter, better part tracking through Teamcenter's BOM, improved lifecycle management with a complete view of history provided by Teamcenter, and enhanced document control through specific repositories and tags.
Furthermore, Teamcenter offers a document control that will check all the blocks (check, revision, approval) and then release the drawing in order to have always a complete ad update version. Moreover, after the release, only an official revision can modify the drawing, ensuring consistency of updates. 

The Teamcenter admins will ensure that the integration module is updated with EPLAN to maintain compatibility and optimize system performance. 

To properly manage Teamcenter content, several tutorials are accessible with a Teamcenter license. We'll start getting familiar familiarizing ourselves with the software soon.

Several meetings are scheduled to present the last version of Teamcenter to the ECS group and to start integrating Teamcenter and EPLAN.

...

Some new considerations are being made in the area of UI/UX development. In particular the team is considering new software that allows for quick GUI wire framing wireframing and mock ups. These methods originated in the form of pencil and paper and allow enabled a designer to quickly deploy and demonstrate the flow and appearance of an application. In this way stake holders can stakeholders could quickly identify areas of the GUI that need improvement. That is, what areas of the GUI do they get stuck in and don't know what to do? More broadly, where does the GUI fail to adhere to the common GUI heuristicswere confusing and failed to adhere to common GUI heuristics such as the ones listed here: https://www.nngroup.com/articles/ten-usability-heuristics/.

This pen-and-pencil wire framing wireframing method has made the jump to modern day web application. In recent years, the number of available applications has balloonedmodern-day web applications. One can find a multitude of available easy-to-use applications with a quick google Google search.

These tools allow not only the enable a designer to create a wire framewireframe, but also allow lets the stake holder to stakeholder join in. Whats What's more, multiple users can edit the GUI wire frame a wireframe at the same time!

Here's an example of a Figma session with a quick mock up for the Compound Refractive Lens.

Image Removed 

Image Added 

We’ll be evaluating a number of prototyping tools and processes, if you have thoughts about this topic let us know!

Hannover Messe

Vincent Esposito 

A detachment of ECS engineers headed to Germany April 17-21 to attend the Hannover Messe, an industry automation fair. In addition of getting to know the latest developments made by some of our usual suppliers (Beckhoff, Phoenix Contact), the team also investigated solutions for wireless sensors, power supplies or , and new motions and position measurement systems.

...

Deployed EPICS IOCs and module usage statistics

Ken Lauer 

To view information on all currently deployed EPICS IOCs, see the following document:

EPICS IOCs Deployed in IOC Manager

To see statistics regarding EPICS modules and versions, see the following document:

EPICS Module Version Usage

SLAC IT's Newsletter

We wanted 'd like to highlight the SLAC IT newsletter and site and give props, it . It looks great and has a lot of useful information. Check it out!

...

We had to say goodbye to Ortiz, Jose on May 1st and wish him and his family all the best for their lives (back) on ) the east coast. He will remain with us on a casual basis to ensure continuity for DXS/XCS.

Hill, Bruce officially retired on March 24th. He still works casually, but please go through ECS to request work that he used to take on!

On the plus - side, we hired Josue Zamudio as an SEA starting in that role on . He started March 17th.

Jira Results

08 Mar 2023 to 08 May 2023 

...