Bryan Owen

Glass Doors and Security Reflections

Blog Post created by Bryan Owen on Jul 3, 2020

Some of you have repaired a sliding glass door and my hat is off to you. The onset of summer months increased door traffic to the point we could no longer cope with a sliding glass door that resisted sliding.  Repairing the door would be my chance for success or glorious failure.


Fortunately sliding glass doors are a simple design. A single screw holds the rolling wheel assembly to the door. Kind of like it’s just a single click to install a software patch, how hard could it be?

But wait, the door has no label from the manufacturer. What part do I need to order? There is all manner of style and wheel assembly size.  Similarly, software updates need to match up with your production environment.  Bitness, version and other prerequisite details need to be considered.  


The wheel assembly is hidden from view except the screw location.  This hint narrows my search to about a dozen potential matches for a replacement assembly but that’s not really good enough. The door will have to come off rails for inspection before repair. 

Software updates can have similar preparation steps.  Sometimes you can inspect and practice on a test system. This was not an option for my door. Unfortunately, performing maintenance tasks on production systems with no practice is also a reality for some customers.  It may be necessary to take a system offline before repair. In the case of a PI Server you’ll have help from data buffering services and confidence in your backups.


Removing a heavy glass door from its rails is a certain safety hazard. Decades of a ‘safety first’ mindset comes in handy. Family is available for helper and spotter.  Copious padding is in place and then comes the big lift. Oops, the door just won’t clear the valence so there is frustration and an unplanned pause to get a ladder and unfasten the valence.  This is a bit like an unexpected error popup that blocks a software update. Unexpected errors are typically addressed in a straight-forward manner (if the error is informative) although it might take a few more resources and, of course, downtime is longer than originally planned.


Wheel assembly inspection was a bit puzzling as nothing obvious was faulty. Resisting the urge to find the root cause I proceeded measure for replacement.  Conveniently a local hardware store had a close match – same housing size with a slightly bigger wheel diameter (.125 inch taller).


Have you ever applied a software update even though the supported operating system versions don’t match exactly?  It sure would have been comforting to have support from the sliding glass door manufacturer. I decided to proceed because the wheel assembly housing was an exact match and wheel height was adjustable. 


New right and left wheel assemblies are mounted and after a big lift this repair project is finally on the home stretch. Wheel height is adjusted and sure enough the door glides with the touch of a finger, hooray!


Later that evening we discover the locking mechanism is misaligned. Fortunately, a ‘Charlie bar’ is the main security measure; the lock is just an extra layer and I can fix it later come daylight.


So, there you have yet another example of unexpected outcome for what on the surface appears to be a simple system and simple task. NERC CIP standards have specific provisions to ensure security control effectiveness is verified for every change – very sage advice, especially for complex digital systems!


Thanks for having read this far.  While not everything is about engineering or security it’s a passion for many of us. A parting thought is about the root cause failure.  The rollers seemed ok when inspected without load from the mass of the door but needed to be replaced regardless.  Many security faults only appear under the stress of an attack and complex exploit sequences.  It’s far too easy to be complacent about software updates.  Since even simple updates tend to have unexpected consequences, the collective industry needs to do more to make it easier to maintain complex systems.


PI for Critical Operations is our mindset for innovation on this shared challenge.  Browse PI World 2020 Online sessions for 'Critical Operations' themed presentations.  I think you'll like our direction and progress so far!


Have a great Independence Day holiday,