OT: Traffic Light Control (was Re: First real-world SCADA attack in US)

• Previous message (by thread): OT: Traffic Light Control (was Re: First real-world SCADA attack in US)
• Next message (by thread): OT: Traffic Light Control (was Re: First real-world SCADA attack in US)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/23/11 2:52 PM, Jay Ashworth wrote:

> Well, sure: what's the *incidence* of conflicting greens?
> 
> I wasn't suggesting that the incidence of accidents would be any different
> between conflicting greens and other types of failures (though my intuition
> is that it would be higher), but that's swamped by how often the condition
> actually occurs, which, appears to require someone physically running a
> truck into the control box, or a chain of 5 or 6 failures in cascade to 
> occur, based on other postings on this thread.

Real-world scenario that actually happened:

There is an intersection where a majority of the E/W traffic makes left
turns to N/S.  The signal there has three phases.  N/S solid green, East
solid green with left arrow (protected left turn) and West with solid
green and left arrow.  East and West are never green simultaneously,
this would be a conflict due to the full phase protected left turns.

At some time unknown the controller was replaced and a stock N/S vs. E/W
conflict monitor wound up in the box.  Nobody owned up to this. (Human
error, sloppy procedure, and lack of audit trail.)

The programming of the controller was OK, however and the intersection
ran just fine.

Time passed, probably months.  Something glitched the controller and it
crashed.  This also put the intersection into four-way flash.

A somewhat inexperienced technician arrived on scene rebooted the
controller and it went back to factory defaults which are N/S vs. E/W.
Had the conflict monitor (a circuit board with a diode array, hardware -
not software) been correctly programmed for that intersection, it would
have kicked back to flash.  No problem.

But it wasn't.

And because the left turn arrows were hard-wired in the signal heads to
the same wire as the solid green phase, there was a conflict.
Fortunately the technician heard the blaring horns and witnessed a
couple of near-misses before an accident occurred.  He put the
intersection back on flash, dug out the print for the conflict monitor
and programming, called for help, and got it fixed.

Normally sane defaults in a non-standard configuration, sloppy
procedures, and human error coupled with a failure.

>From a practical standpoint it is difficult for one person to observe
more than one or possibly two phases, especially from the location of
the controller which is typically placed a few feet away from the corner
so that it gets run over less frequently.


>> As such, I'd say that the probability of a conflicting green occurring
>> and causing an injury accident is pretty low even with (relatively)
>> modern digital signal controllers.
> 
> Yup, it does appear that's true.

But it happens.

--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

• Previous message (by thread): OT: Traffic Light Control (was Re: First real-world SCADA attack in US)
• Next message (by thread): OT: Traffic Light Control (was Re: First real-world SCADA attack in US)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]