Helping provide reliable flood protection in Switzerland.

Extreme weather is becoming increasingly common throughout the world, making flooding a growing threat. Flood defence measures have traditionally been based on mechanical equipment, but innovative automation technology can now be used to provide greater protection for people and the local environment. AWA – the Office for Water and Waste in the Swiss canton of Berne – is using this latest technology to regulate water levels at the region’s Brienzersee, Thuner and Bielersee lakes, 24 hours a day, 365 days a year.

“Water level regulation must protect people from flooding and prevent damage – ideally in an economically justifiable way,” said Dr Bernhard Wehren, head of maritime regulation at AWA. “Some of our important control operations are particularly time-critical, but until recently, we relied on dataloggers that only sent the different measurements we require every few hours or so. Now, thanks to the new state-of-the-art technology we have implemented, this happens in real time. It is therefore very important that the data communications technology supports this by reliably meeting all the challenges and requirements of our unique mission-critical communications infrastructure.”

Modernising facilities
To help provide the most reliable flood protection, AWA decided to modernise its water regulation facilities for the lakes, encompassing four historic locks, the large Port of Bruggweir and accompanying hydropower plant, and a flood relief tunnel. Due to the increasing demand for the availability of more data, AWA also decided to upgrade all the measurement stations with state-of-the-art technology. The measurement stations play a crucial role in regulating water levels in the lakes.

When developing a plan to modernise the equipment, great attention was paid to both operational safety and system redundancy. There was a need to address the obsolete electrical engineering at Port of Brugg. This would include the conversion of all existing drives and the renewal of the energy supply, a large part of the cabling and the control and monitoring elements for the five weirs. Regulation and control technology also needed attention. Not only was there a need for redundancy in the event of a device failure or a line interruption, but also in case of communication disruptions, such as interruptions to the internet connection.

BKW Energie AG was appointed as the technical service provider and after a thorough review of suitable data communications technology companies, they chose Westermo to provide its robust networking solutions for the project.

Fast communication performance
“Crucial to the selection of Westermo was that their products met our high standards and requirements for the project. This included fast communication performance, multiple routing ports per device, high MTBF periods, extended temperature ranges and very low power consumption,” said Rénald Marmet, project engineer at BKW Energie. “Another factor was the operation and parameterisation of the networking hardware via the WeOS operating system. Also, the extremely efficient and time-saving update capability provided by the WeConfig network management software, which enables the central configuration and management of all Westermo devices.”

The main control network incorporates the AWA control centre in the capital, Berne,and further control centres at the water locks, Thun and Interlaken, each with one SCADA server and redundant controller. The control centres connect to 29 substations (measuring points). Eight SCADA clients access these servers. There is also a SCADA server located in the hydropower plant, providing BKW employees with access. The hydropower plant part is monitored by the BKW control centre in Mühleberg.

Westermo networking technology allows all data to be transferred in real-time between the participating sites. Should an emergency arise, this enables those responsible to take the appropriate measures immediately to ensure the best possible protection against flooding. Also, maintenance and software updates for all the installed Westermo networking devices can be performed easily and quickly with just a few mouse clicks.

In total, Westermo provided thirty of its RFIR-227 Industrial Routing Switches, twenty-seven VDSL Routers, twenty-fiveMRD-4554G Mobile Routers, thirty-five Lynx 210-F2G Managed Ethernet Switches with Routing Capability, thirty-six L110-F2G Industrial Layer -2 Ethernet Switches, and over eighty 100 Mbps and 1 Gbps SFP fibre optic transceivers via multimode and single-mode fibre for distances up to 80km.

Greater network redundancy
The three control centres all have two firewall routers connecting them to the internet providers and enabling them to receive or set up the IPsec and OpenVPN tunnels. There are also two redundant Siemens Simatic S7-400controllers installed in a demilitarized zone (DMZ) and a WinCC SCADA server connected to the local network. The AWA SCADA station has the same design, but without the control functionality.

BKW took care not only to create network redundancy, but also to set up redundant routes to the internet providers. The VDSL routers use the service provider Swisscom, and the MRD-455 4G mobile radio routers are equipped with SIM-cards from Sunrise. The heart of the main network – the three control centres and the AWA control centre- are linked by IPsec-VPN Tunnels and Generic Routing Encapsulation(GRE) and form the automation backbone via Open Shortest Path First(OSPF) technology.

The result of this is that even should there be simultaneous connection failure to an internet provider in one location and the other provider at another station, or the total failure of one provider, communication between all centres, the connected remote stations and the remote access by BKW or AWA is still possible.

For increased safety, the external zones are segmented further. The service technicians can connect to the control centres through an OpenVPN tunnel and have access to all measuring stations on the network.

There are two different types of measuring stations. The high availability station consists of two completely separate networks. Each PLC is installed ‘behind’ a Westermo Lynx 210 device, which acts as a firewall and establishes the connection to the control centre via an OpenVPN tunnel. The redundant internet access is provided either via a VDSL router, which is connected to Swisscom, or a MRD-455 with Sunrise as the provider. A ‘standard’ station has only one PLC with a Lynx 210 acting as a firewall router and building the VPN tunnels in parallel via the two internet routers.

Security requirements
As well as network redundancy, security was also part of the requirements to guarantee high communication availability. The network implemented by BKW and Westermo provides the necessary security in accordance with recommendations found in the BDEW whitepaper and IEC-62443 standard. The outstations not only form their own zone, but other areas are also segmented where necessary. The network for the SCADA servers in the control centres is also decoupled from the backbone using two VRRP routers.

The flood defence system now has one of the most modern data communication systems in Switzerland. Explaining why this is so important to AWA, Dr Bernhard Wehren said: “Protection against flooding must be guaranteed at all times. Depending on the meteorological or hydrological situation, the availability of the required measured values is critical. Because access to the measuring stations in the extensive regions of the canton is generally very time-consuming, network device failures and communication interruption must be kept to a minimum. It is therefore extremely important that all components of our communication systems meet the highest standards, offer extreme reliability and can be upgraded to meet new requirements.”

“We were able to simplify processes, make them secure, redundant and transparent for the engineering department via VPN connections. This contributes significantly to the simple, safe and efficient maintenance of the system,” Rénald Marmet said. “Thanks to the extensive cooperation with Westermo network engineers, we were able to create the ideal solution that meets all requirements and was delivered on time. Westermo’s reliable networking technologies have given AWA and BKW the opportunity to build individual data communication solutions for critical industrial applications, while providing scalable, future-proof applications. The solution also offers all involved a high degree of investment security.”

#Switzerland. @Westermo @bkw #Environment #PAuto

#ISAutowk: World-class technical content at Nashville automation event!

ISA’s Automation Week: Technology and Solutions Event 2013 wrapped up on Thursday (7/11/2013), in the well known Music City, Nashville in the USA. Three days of comprehensive technical sessions, keynote addresses, networking events, standards meetings, and training courses were availed of by hundreds of automation professionals.

Nashville, TN, USA. 5-7 November 2013.Follow events on twitter #ISAutowk Releases received at Read-out from ISA and others about the event! # Industrial Security Expert Eric Byres Receives ISA Award (David Greenfield, Automation World, 4/11/2013) # Peter Martin speaks at #ISAutoWk as replacement keynote (Walt Boyes, ControlGlobal, 5/11/2013) # Preventing a Cyber Pearl Harbor (David Greenfield, Automation World, 5/11/2013) # Building an ROI for Industrial Cyber Security (Eric Knap, Security Week, 6/11/2013) #  Maverick Technologies’ Paul Galeski explains his strategy for drawing higher attendance. (Interview with Control Engineering’s Peter Welendre, 7/11/2013) # ISA104Meeting (Terry Blevins, Modelling & Control, 25/11/2013) The Automation Value Proposition (Walt Boyes, Sound Off, 10/12/2013)

The ISA Automation Week program also included 24 technical sessions, organized into six educational tracks. These tracks, which included Industrial Network Security; Creating Business Value through Automation; The Connected Enterprise; Wireless Applications; Industrial Automation and Control; and Asset Lifecycle Management and Optimization/Strategy, were organised with a focus on the critical components of successful automation – safety, people, business and technology.

This was the first time we have actually been unable to travel to the event and so we had to rely on the tweets of those who were happy to share information. The number of tweeters was surprisingly small though some were very good a keeping us informed especially Control  Global’s  Walt Boyes and Joel Don who was tweeting under the ISA Interchange identity. There were one or two sharings commenting on the paradox of an excellent high class programme and the fact that the number of delegates was small. “The program is terrific. The audience is small,” said one, and another “I don’t know what we have to do to build it up again.” It has always been a bit of a mystery to me how the incredibly valuable and unaligned resource treasure of ISA does not appear to attract American professionals in the way it seems to internationally.

The event was preceded by some governance meetings of the ISA itself which had delegates from throught the world discussing and voting on important changes in how the Societ is governed. The delegates were also treated to a pre-view of a new ISA website which is the result of mammoth work behind the scenes. This will make the virtual leviathan of information already on the ISA site more easily accessible to members and other visitor. The beta-version should be on line in matter of weeks. Watch out for it!

Eric Byres accepts his award!

Another stalwart of Automation Week is the eve event of the ISA Honours & Awards Banquet where Automation Professionals are honoured by their peers. These included Eric Byres, of Tofino, one of the pioneers in expertise and leadership in the quest for cybersecurity solutions to protect industrial control systems.

Yes! Automation can!
Dr Peter Martin, vice president of business value solutions for the Software and Industrial Automation division of Invensys, delivered the opening keynote address on the Tuesday morning, entitled “The Future of Automation.” He focused on the importance of automation professionals in solving the world’s most significant problems. “When people say you’re biting off too much of a project, they might use the expression that you’re trying to solve world hunger. I want you to understand that in the automation industry, we can solve world hunger. We can do it, and we’re the only people who can do it.”

Dr. Martin stressed that the barriers to solving the world’s most significant problems include access to energy, water, food, material goods and chemicals. Automation professionals, he said, can figure out how to solve those access problems, and “that challenge must be a rallying cry for the next generation to pursue careers in our industries and make a real difference in our futures.”

One phrase impressed our tweeters “Collaborate, it’s a nice thing to do, just doesn’t work. You need to incent for it.”

Preventing a cyber Pearl Harbour
Wednesday morning’s keynote address was delivered by an American General, Robert E. Wheeler, Deputy Chief Information Officer of the United States Department of Defense. He is responsible for Command, Control, Communications and Computers (C4) and Information Infrastructure Capabilities (DCIO for C4IIC) and serves on the executive staff of the US Secretary of Defense. This address focused on the importance of industrial infrastructure cybersecurity and the threats posed daily to our nation’s critical infrastructure networks.

General Robert Wheeler USAF

“In the Department of Defense, our job is to assure mission execution in the face of cyber warfare by the most capable adversaries in the world,” said Wheeler. “We have to get the bad guys, protect the good guys, take out insurgents, and not hurt anyone else. That’s very hard.”

Wheeler went on to discuss the protection of America’s SCADA systems, power grid, and other key infrastructure assets. “Information assurance must be baked in from the very beginning of your work as engineers and automation professionals – you can’t just bolt it on,” he said and this was reported by our tweeters. The Automation Federation and ISA cybersecurity experts have been invited by the White House and NIST to participate in developing the framework for the President Barack Obama’s executive order PPD-21 calling for the cybersecurity of industrial automation and control systems and critical infrastructure.

Other tweets: “We have not gone down the BYOD (Buy your own device) road. We don’t think it’s going to save us that much money in the long run.” and “We are always going to have some cyber weakness because it is open- this is not the same view in other countries.” Perhaps more rivetting were these:  “The closed systems of yesteryear are open today” and more bluntly  “SCADA has lost its protection by connecting to the Internet.”

When asked about the importance of training and recruiting future cybersecurity professionals, Wheeler stressed the importance of STEM education initiatives combined with mentoring programs that can ignite the curiosity and intellect of future engineers, inspiring them to become the next cyber warriors in the fight to keep American companies and infrastructure safe and secure.

Workforce Development
Thursday’s keynote address, the final keynote of the conference, featured a distinguished panel of experts discussing workforce development issues within our industries. Moderated by Maurice Wilkins, Ph.D., vice president of the Global Strategic Marketing Center, Yokogawa Corporation of America, the panel included Paul Galeski, CEO & founder of MAVERICK Technologies; Dr. Martin of Invensys; and Steve Huffman, vice president of marketing and business development for Mead O’Brien, Inc. “Workforce development is one of the largest issues facing industry and one that will have a quick and lasting impact on process automation personnel,” commented Dr. Wilkins. “We need to bring together supplier, systems integrator, and educational communities to reverse the trends and inevitabilities that will affect us all – they each bring a unique and valuable perspective.”

“Our rich technical sessions and thought-provoking keynotes provided attendees with new take-home tools, tips and techniques to help them deliver even better performance in their jobs,” said ISA Automation Week Program Chair Paul Galeski. “We are very proud of the technical content we’ve put together for this unique, world-class event.” Or as we have ready quoted above:  “The program is terrific”

Attendees agreed with Galeski’s sentiments about the depth and breadth of the technical content in the program. “I have been attending ISA Automation Week for three consecutive years. The conference offers great technical sessions, always something new, and always something to learn,” said Hector Torres, senior process and control engineer, at Eastman Chemical.

In addition to technical sessions and keynote addresses, the event also featured a networking hub with ISA partner companies, technology briefings and social events.

As the event drew to an end this somewhat plaintive tweet, “Need titles for the flight home? Check out the #ISAutoWk bookstore, across from the Networking Hub.” This is of course the indefatigable Publications Department which issues a regular supply of books, the Society Magazine, the incomparable ISA Transactions, the Journal of Automations and innumerable papers since the formation of the Society almost 70 years ago. The proceedings for this years are now available free to members for download!

“ISA Automation Week was a great opportunity to meet new prospects, spend time with our customers and network with experts,” noted Ned Espy, Technical Director at Beamex, which was announced as ISA’s Premier Strategic Partner for Calibration earlier in the week. “The presentation content was the best in years with relevant topics. I also learned we are part of an organization that is striving to end world hunger!”

Additional ISA partners participating at ISA Automation Week included ISA’s Premier Strategic Partner for Systems Integration, MAVERICK Technologies; ISA’s Corporate Partners, Honeywell and OSIsoft; and ISA’s Automation Week Partners, aeSolutions, ARC Advisory Group, Eaton, ExperTune, and Falcon Electric.

<hr>

Automation Week 2012 – Orlando, Florida USA

Automation Week 2011 – Mobile, Alabama (USA)

Cloud Computing for SCADA

Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability, says Larry Combs, vice president of customer service and support, InduSoft.

Although cloud computing is becoming more common, it’s relatively new for SCADA (supervisory control and data acquisition) applications. Cloud computing provides convenient, on-demand network access to a shared pool of configurable computing resources including networks, servers, storage, applications, and services. These resources can be rapidly provisioned and released with minimal management effort or service provider interaction.

By moving to a cloud-based environment, SCADA providers and users can significantly reduce costs, achieve greater reliability, and enhance functionality. In addition to eliminating the expenses and problems related to the hardware layer of IT infrastructure, cloud-based SCADA enables users to view data on devices like smartphones and tablet computers, and also through SMS text messages and e-mail.

Our company (InduSoft), along with a number of others, provides SCADA software and services for firms that want to use their own IT infrastructure, the cloud, or a combination of both to deploy their applications. We provide upfront consulting and advice to help customers make the best choice depending on their specific requirements and capabilities.

A cloud can be public or private. A public cloud infrastructure is owned by an organization and sold as services to the public. A private cloud infrastructure is operated solely for a specific customer. It may be managed by the customer or by a third party; it may exist on premise or off premise. Hybrid clouds consist of private and public clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

Cloud computing can support SCADA applications in two fashions:

• The SCADA application is running on-site, directly connected to the control network and delivering information to the cloud where it can be stored and disseminated, or
• The SCADA application is running entirely in the cloud and remotely connected to the control network.

Figure 1: A public cloud formation in which the SCADA system is running onsite and delivers data via the cloud

The first method is by far the most common and is illustrated in Figure 1 (right). The control functions of the SCADA application are entirely isolated to the control network. However, the SCADA application is connected to a service in the cloud that provides visualization, reporting, and access to remote users. These applications are commonly implemented using public cloud infrastructures.

The implementation illustrated in Figure 2 (below) is common to distributed SCADA applications where a single, local SCADA deployment is not practical. The controllers are connected via WAN links to the SCADA application running entirely in the cloud. These applications are commonly implemented using private or hybrid cloud architectures.

Service Choices
Most experts divide the services offered by cloud computing into three categories: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS).

Figure 2: A private/hybrid cloud in which the controllers are connected via WAN links to the SCADA application running entirely in the cloud.

An IaaS such as Amazon Web Services is the most mature and widespread service model. IaaS enables service provider customers to deploy and run off-the-shelf SCADA software as they would on their own IT infrastructure. IaaS provides on-demand provisioning of virtual servers, storage, networks, and other fundamental computing resources.

Users only pay for capacity used, and can bring additional capacity online as necessary. Consumers don’t manage or control the underlying cloud infrastructure but maintain control over operating systems, storage, deployed applications, and select networking components such as host firewalls.

PaaS, like Microsoft’s Azure or Google Apps, is a set of software and product development tools hosted on the provider’s infrastructure. Developers use these tools to create applications over the Internet. Users don’t manage or control the underlying cloud infrastructure but have control over the deployed applications and application hosting environment configurations. PaaS is used by consumers who develop their own SCADA software and want a common off-the-shelf development and runtime platform.

SaaS, like web-based e-mail, affords consumers the capability to use a provider’s applications running on a cloud infrastructure from various client devices through a thin client interface like a web browser. Consumers don’t manage or control the underlying cloud infrastructure but instead simply pay a fee for use of the application.

SCADA vendors have been slow to adopt the SaaS service model for their core applications. This may change as the uncertainty of cloud computing begins to clear. For now, vendors are beginning to release only certain SCADA application components and functions as SaaS, such as visualization and historical reporting.

Economical Scalability
With all three service models, scalability is dynamic and inexpensive because it doesn’t involve the purchase, deployment, and configuration of new servers and software. If more computing power or data storage is needed, users simply pay on an as-needed basis.

Companies don’t have to purchase redundant hardware and software licenses or create disaster recovery sites they may never use. Instead they can provision new resources on demand when and if they need them. Add in the costs that a company would otherwise incur to manage an IT infrastructure, and the savings of moving to the cloud could be huge.

Instead of numerous servers and backups in different geographic locations, the cloud offers its own redundancy. On-demand resource capacity can be used for better resilience when facing increased service demands or distributed denial of service attacks, and for quicker recovery from serious incidents. The scalability of cloud computing facilities offers greater availability. Companies can provision large data servers for online historical databases, but only pay for the storage they’re using.

Building an IT infrastructure is usually a long-term commitment. Systems can take months to purchase, install, configure, and test. Equivalent cloud resources can be running in as little as a few minutes, and on-demand resources allow for trial-and-error testing.

The ability to easily switch back to a previous configuration makes it easier to make changes without having to start from scratch by taking a snapshot of a known working configuration. If a problem occurs when deploying a patch or update, the user can easily switch back to the previous configuration.

On-site IT projects involve significant cost, resources, and long timelines—and thus include significant risk of failure. Cloud computing deployments can be completed in a few hours with little or no financial and resource commitments, and therefore are much less risky.

Manageability, Security, and Reliability
The structure of cloud computing platforms is typically more uniform than most traditional computing centers. Greater uniformity promotes better automation of security management activities like configuration control, vulnerability testing, security audits, and security patching of platform components.

A traditional IT infrastructure environment poses the risk that both the primary and the single backup server could fail, leading to complete system failure. In the cloud environment, if one of the cloud computing nodes fails, other nodes take over the function of the failed cloud computing node without a blip.

If a company chooses to implement its own IT infrastructure, access to user data in this infrastructure generally depends on the company’s single Internet provider. If that provider experiences an outage, then users don’t have remote access to the SCADA application. Cloud computing providers have multiple, redundant Internet connections. If users have Internet access, they have access to the SCADA application.

The backup and recovery policies and procedures of a cloud service may be superior to those of a single company’s IT infrastructure, and if copies are maintained in diverse geographic locations as with most cloud providers, may be more robust. Data maintained within a cloud is easily accessible, faster to restore, and often more reliable. Updates and patches are distributed in real time without any user intervention. This saves time and improves system safety by enabling patches to be implemented very quickly.

Challenges and Risks
Cloud computing has many advantages over the traditional IT model. However, some concerns exist in regard to security and other issues. Data stored in the cloud typically resides in a shared environment. Migrating to a public cloud requires a transfer of control to the cloud provider of information as well as system components that were previously under the organization’s direct control. Organizations moving sensitive data into the cloud must therefore determine how these data are to be controlled and kept secure.

Applications and data may face increased risk from network threats that were previously defended against at the perimeter of the organization’s intranet, and from new threats that target exposed interfaces.

Access to organizational data and resources could be exposed inadvertently to other subscribers through a configuration or software error. An attacker could also pose as a subscriber to exploit vulnerabilities from within the cloud environment to gain unauthorized access. Botnets have also been used to launch denial of service attacks against cloud infrastructure providers.

Having to share an infrastructure with unknown outside parties can be a major drawback for some applications, and requires a high level of assurance for the strength of the security mechanisms used for logical separation.

Ultimately to make the whole idea workable, users must trust in the long-term stability of the cloud provider and must trust the cloud provider to be fair in terms of pricing and other contractual matters. Because the cloud provider controls the data to some extent in many implementations, particularly SaaS, it can exert leverage over customers if it chooses to do so.

As with any new technology, these issues must be addressed. But if the correct service model (IaaS, PaaS, or SaaS) and the right provider are selected, the payback can far outweigh the risks and challenges. The cloud’s implementation speed and ability to scale up or down quickly means businesses can react much faster to changing requirements.

The cloud is creating a revolution in SCADA system architecture because it provides very high redundancy, virtually unlimited data storage, and worldwide data access—all at very low cost.

Remote SCADA with Local HMI Look and Feel
Vipond Controls in Calgary provides control system and SCADA solutions to the oil and gas industry, including Bellatrix Exploration. To keep up with customer demand for faster remote data access, Vipond developed iSCADA as a service to deliver a high-performance SCADA experience for each client.

One of the greatest challenges in developing iSCADA was the state of the Internet itself as protocols and web browsers weren’t designed for real-time data and control. Common complaints of previous Internet-based SCADA system users included having to submit then wait, or pressing update or refresh buttons to show new data.

Many systems relied only on web-based technologies to deliver real-time data. Because the HTTP protocol was never designed for real-time control, these systems were always lacking and frustrating to use whenever an operator wanted to change a setpoint or view a process trend.
Users were asking for an Internet-based SCADA system with a local HMI look and feel, and that became the goal of Vipond Controls. This goal was reached with iSCADA as a service by giving each customer an individual virtual machine within Vipond’s server cloud.

All data is now kept safe and independent of other machines running in the cloud. A hypervisor allows multiple operating systems or guests to run concurrently on a host computer, and to manage the execution of the guest operating systems. The hypervisors are highly available and portable, so in the event of a server failure, the virtual machine can be restarted on another hypervisor within minutes.

All the SCADA software runs within the virtual machine, and users are offered a high degree of personal customization. Customers can connect directly to on-site controllers, and Vipond can also make changes to controllers and troubleshoot process problems.

This cloud-based SCADA solution can reduce end-user costs up to 90% over a traditional SCADA system, thanks to the provision of a third-party managed service and the reduction of investment required for IT and SCADA integration, development, hardware, and software.

A handy compilation of expert cybersecurity resources!

“…the latest cybersecurity strategies, recommendations and tools that can immediately be applied to protect your industrial control systems and process control networks..”

A complete list of inclusions in the Cybersecurity Tech Pack.

Technical papers
Cyber Security Implications of SIS Integration with Control Networks
Practical Nuclear Cyber Security
Establishing an Effective Plant Cybersecurity Program
LOGIIC Benchmarking Process Control Security Standards
Stronger than Firewalls: Strong Cyber-Security Protects the Safety of Industrial Sites
Integrated Perimeter and Critical Infrastructure Protection with Persistent Awareness
Applying ISA/IEC 62443 to Control Systems
Establishing an Effective Plant Cybersecurity Program
Getting Data from a Control System to the Masses While Maintaining Cybersecurity–The Case for “Data Diodes”
Reconciling Compliance and Operation with Real Cyber Security in Nuclear Power Plants
Wastewater Plant Process Protection—Process Hazard Analysis
Water/Wastewater Plant Process Protection: A different approach to SCADA cyber security
Using Cyber Security Evaluation Tool (CSET) for a Wastewater Treatment Plant
Improving Water and Wastewater SCADA Cyber Security
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Technical books
Industrial Automation and Control Systems Security Principles by Ronald L. Krutz
Industrial Network Security, Second Edition by David J. Teumim

InTech magazine articles
“ISA Fully Engaged in Cybersecurity”
“Leveraging DoD wireless security standards for automation and control”
“13 ways through a firewall: What you don’t know can hurt you”
“Defense in Depth”
“Executive Corner: What’s on YOUR mind?”
“The Final Say: Securing industrial control systems”
“Uninterruptible power supplies and cybersecurity”
“Physical Security 101: Evolving ‘defense in depth’”
“Web Exclusive: Control network secure connectivity simplified”
“The Final Say: Network security in the Automation world”
“Executive Corner: Defense in depth: It’s more than just the technology”
“Web Exclusive: Stuxnet: Cybersecurity Trojan horse”

To help manufacturers and plant and facility operators improve their cybersecurity defenses and better confront the growing dangers of cyberwarfare, the International Society of Automation (ISA) has produced the ISA Cybersecurity Tech Pack.

“The ISA  Cybersecurity Tech Pack is an assembly of the latest technical papers, PowerPoint presentations, technical books and InTech articles developed by some of the world’s leading experts in cybersecurity and industrial automation and control systems security,” says Susan Colwell, manager of publications development at ISA. “These materials—which can be downloaded from the ISA website—include the latest cybersecurity strategies, recommendations and tools that can immediately be applied to protect your industrial control systems and process control networks.”

As a widely recognized, world leader in cybersecurity standards development, training and educational resources, ISA provides the proven technical expertise and know-how to help safeguard industrial automation and control systems.

For instance, the ANSI/ISA99 (IEC 62433), Industrial Automation and Control Systems Security standards—developed by a cross-section of international cybersecurity subject-matter experts from industry, government and academia—represent a comprehensive approach to cybersecurity in all industry sectors. ISA and its sister organization, the Automation Federation, is currently assisting the Obama administration and US federal agency officials develop the initial version of a national cybersecurity framework—as called for by President Obama in February of this year.

The ISA Cybersecurity Tech Pack also includes two cybersecurity-focused ISA books: the popular Industrial Network Security by David J. Teumim; and the recently introduced Industrial Automation and Control Systems Security Principles by Ronald L. Krutz, Ph.D. As an added bonus, the compilation includes many highly relevant and informative cybersecurity articles published in InTech magazine, ISA’s bi-monthly magazine for automation and control professionals.

• See also our ICS & SCada Security page

Your plan for better cyber security!

If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organization can get moving on more robust cyber security practices.

Since that early monday morning in July 2010 when we had that e-mail from Eric Byres, forshadowed in a tweet from Gary Mintchel slightly earlier we have tried to follow the “fortunes” of this malware, this Security threat to the control system world (July 2010)! We have written a few blogs and have listed as many links to stories on Stuxnet in particular in our Abominable security commitment! #Stuxnet (August 2011) when Eric expressed his alarm at the way in which Siemens in particular, but indeed not uniquely, appeared to be treating this problem.

Indeed the past two years may be said to have been a real wakeup call for the industrial automation industry both users and vendors. For the first time ever it has been the target of sophisticated cyber attacks like Stuxnet, Night Dragon and Duqu. As we said we have endevoured to follow the varios updates on this story and Byres Security have been well in the forefront in the battle to get this “little varmint!”

In addition to the actual attacks, an unprecedented number of security vulnerabilities have been exposed in industrial control products. In response regulatory agencies are demanding compliance to complex and confusing regulations. Cyber security has quickly become a serious issue for professionals in the process and critical infrastructure industries.

If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organisation can get moving on more robust cyber security practices.

In order to provide you with guidance in this area, Byres have condensed material from numerous industry standards and best practice documents. They also combined our experience in assessing the security of dozens of industrial control systems.

The Paper & The Authors

7 Steps to ICS and SCADA Security 

Two industry veterans, Eric Byres and John Cusimano, combine industry standards, best practice materials, and their real-world experience to provide an easy-to-follow 7-step process for improved ICS and SCADA security.

Eric Byres, P. Eng., ISA Fellow, CTO and VP Engineering, Tofino Security, Belden Inc.
John Cusimano,CISSP, CFSE, Director of Security, exida Consulting LLC

The result is an easy-to-follow 7-step process. These are outlined below and a more extensive white paper they have just published, 7 Steps to ICS and SCADA Security by Eric Byres (Byres Security) & John Cusimano (Exida Consulting). Downloading the paper requires registration but it is free to do so.

The 7 Steps

Step 1 – Assess Existing Systems
Your first step is to do a risk assessment to quantify and rank the risks that post a danger to your business. This is necessary so you know how to prioritize your security dollars and efforts. Far too often we see the assessment step skipped and companies throw money into a solution for a minor risk, leaving far more serious risks unaddressed.

While risk assessment might seem daunting, it can be manageable if you adopt a simple, lightweight methodology. Our white paper provides an example, as well as tips on how to do this.

Step 2 – Document Policies and Procedures
Byres Security highly recommend that organisations develop ICS-specific documents describing company policy, standards and procedures around control system security. These documents should refer back to corporate IT security documents. In their experience, separate ICS security documents greatly benefit those responsible for ICS security, helping them clearly understand their security-related expectations and responsibilities.

You should also become familiar with applicable security regulations and standards for your industry.

Step 3 – Train Personnel & Contractors
Once policies and procedures have been documented, you need to make sure that your staff is aware of them and is following them. An awareness program should be carried out, with the support of senior management, to all applicable employees. Then, a training program should be conducted. It is highly recommend that A role-based training program for control systems security is highly recommended, and Byres provide an example of one in the white paper.

Step 4 – Segment the Control System Network
Network segmentation is the most important tactical step you can take to improve the security of your industrial automation system. Eric Byres wrote about this in the article “…No More Flat Networks Please…” (Nov 2010). The white paper explains the concepts of “zones” and “conduits” and provides a high level network diagram showing them.

Step 5 – Control Access to the System
Once you’ve partitioned your system into security zones, the next step is to control access to the assets within those zones. It is important to provide both physical and logical access controls.

Typical physical access controls are fences, locked doors, and locked equipment cabinets. The goal is to limit physical access to critical ICS assets to only those who require it to perform their job.

The same concepts apply to logical access control, including the concept of multiple levels of control and authentication. Once authenticated, users can be authorised to perform certain functions.

Step 6 – Harden the Components
Hardening the components of the system means locking down the functionality of the various components in your system to prevent unauthorised access or changes, remove unnecessary functions or features, and patch any known vulnerabilities.

This is especially important in modern control systems which utilize extensive commercial off-the-shelf technology. In such systems, it is critical to disable unused functions and to ensure that configurable options are set to their most secure settings.

Step 7 – Monitor & Maintain System Security
As an owner or operator of an industrial control system, you must remain vigilant by monitoring and maintaining security throughout the lifecycle of your system. This involves activities such as updating antivirus signatures and installing security patches on Windows servers. It also involves monitoring your system for suspicious activity.

It is important to periodically test and assess your system. Assessments involve periodic audits to verify the system is still configured for optimal security as well as updating security controls to the latest standards and best practices.

Not a One-Time Project
Now the bad news – effective ICS and SCADA security is not a one-time project. Rather it is an ongoing, iterative process. You will need to repeat the 7 steps and update materials and measures as systems, people, business objectives and threats change.

Your hard work will be rewarded with the knowledge that your operation has maximum protection against disruption, safety incidents and business losses from modern cyber security threats.

• Download the White Paper  in pdf  format – 7 Steps to ICS and SCADA Security!

#SPS 2012: Successful if not quite hitting secure note!

“Arriving at #SPS/IPC/DRIVES. Looking forward to a great show”

Busy entrance area! (IE Book)

This was one of the first tweets we saw on this, possibly the biggest automation exhibition in the world this year. The SPS/IPC/Drives show is held annually in the Northern Bavarian city of Nuremberg. This year the dates were the 27 to 29th of November, As last year we were unable to make it this time, however there were some excellent reports which we have used (and linked to) in compiling this brief impression.

As might be expected the automation industry presented its capabilities in full force at the exhibition. There was a record number of 1.429 exhibitors which attracted more visitors than in the past, as 56.321 trade visitors filled the 12 halls to gather information about the latest products and solutions in electric automation. Well may it be said that SPS IPC Drives 2011 set a clearly positive sign for the future despite the gale-force winds blowing in financial circles for the last three years.

The conference which took place in parallel to the exhibition also recorded an increase this year with an attendance of 349 delegates. For three days the conference provided a platform for intensive discussions between product developers, suppliers and users. The opportunities for users to exchange information and knowledge were at the heart of the newly introduced user sessions.

Attendance: 2011 (2010)
Exhibitors: 1,429 (1,323)
Visitors: 56,321 (52.028)
Conference delegates: 349 (302))

Like a lot of European events there was not a small number of tweets from various sources and in various languages, but those that did tweet helped form an impression of how things were. One of the most prolific of these was Leo Ploner of the IE Book who gave us a sort of running commentary on his day interspersed with twitpics of stands and products which impressed him. This comprehensive collection of pictures have been added to the IE Book Facebook Page and we recommend that you pay a visit and see who you know and what products impressed him. “#SPS/IPC/Drives very busy on the first day of the show. Big crowds at all the stand” he reported after day one.

Put on those cans!
Also present on the first day was Control’s Walt Boyes, who gave up his Thanksgiving to be in Europe for the show. This is an interesting account in that it gives an American take on how things are done in Europe, simultaneous translations and the non-English keyboards (Now he knows how Europeans might feel in the U.S!)

Gary Mintchel of Automation World also found himself in Nuremberg during this week. His blog, Feed Forward,  provides us with “a roundup of various announcements that I gathered during my sprint around the halls and press conferences.” He managed to squeeze in a visit to the Siemens plant in Amberg on the day before the show opened!

The Control Engineering Europe team attended the show in force, collecting a great deal of feature ideas, as well as details about some of the most innovative launches at the show. They promise that further details of the most exciting product launches from the event will be presented in the February issue of the magazine.

ARC Reports
ARC Advisory also discuss day one in an article by Florian Gueldnerwhich looks at the Automation Outlook for 2012.  He bases this report on that of the ZVEI, as well as companies interviewed at the event. Their David Humphrey reports on The big trends in a further report on day two.

A busy corner at the show!

Come hither!
Of course exhibitors tweeted on their own stands and new products. Heading the posse was Siemens, who were on their home ground and virtually occupied one complete hall (There were twelve halls in all!). They mounted an impressive press conference on the first day. Their “big” announcement was the naming of their full motor range, now called “Simotics”. They also introduced some extensions to their TIA (Totally Integrated Automation) portal. Jochun Koch’s blog features some video presentations with English voice-over – Automation and IT (their Scalance range) – take a look and remember to click for the English translation if needed!

Phoenix Contact have a video tour of their stand – as it was being set-up – which they entitle “Solutions for the future – Phoenix Contact.” There are in fact a number of other videos from Phoenix Contact on theie YouTube site. Their final tweet from the show as they rolled up the tent was, “What innovation! More than 3,000 visitors @ Phoenix Contact.”

The Pilz Stand!

Also using video to press their message is Beckhoff who have produced reports for each day. This is Day One.  They exhibited their complete range of PC- and EtherCAT-based control technology and a large number of new products in all technological areas (IPC, I/O, Automation and Motion). The focus was on their new generation of controllers from the CX2000 series, the new proprietary-developed AM8000 servomotors and the release of the TwinCAT 3 software.

News of PROFINET and PROFIBUS at SPS/IPC/Drives is trickling out  said Carl Henning of his ProfiBlog reports.

Suzanne Gill of Control Engineering Europe reports here on some of the latest innovations that were introduced, which evidenced consumer technology moving into the industrial space and multi product combinations continuing to gain momentum.

We give some more releases from exhibitors on our Conf/Exhibitors pages.

Eric & Joann Byres at the show!

No security!
Another American braving the Bavarian winter was Eric Byres of Byres Technology, recently acquired by Belden (see our article Major acquisition strengthens war on Stuxnet and other malware Sept20’11). It is I suppose unusual that a supplier reports on an exhibition so his viewpoint is welcome. Obviously he has a certain slant on things viewing the exhibits from the security standpoint. He advises that SCADA Security Solutions were scarce at show. “What concerned me was the lack of booth space dedicated to security of any type. Of the 1,429 exhibitors, only 16 reported supplying ‘Industrial security’ technologies or services according to the show guide. This is a hopelessly small number.” He was proud to report however that their “Tofino Security technology accounted for nearly 25% of that total!” More alarmingly he reports that many vendors stated that security wasn’t a concern for them, while users were very concerned and indeed did not quite know what to do about it! Not a pretty picture! He concludes “If the automation world is going to adopt industrial Ethernet with such enthusiasm (which I support), it might want to consider securing it too!”

We referred to the excellent tweeting by Leo Ploner of the IE Book earlier and his very comprehensive report Industrial networking still looking good  tells in great detail what he saw as he moved through the halls. We’ve referred to their pictures above and here is a video which he took of an exhibit at the Sercos Stand.

Re-inventing the electric guitar

Equipped with an MLP industrial control from Bosch Rexroth, the robot guitar can read and play MIDI files. Bus terminals from Phoenix Contact are used to actuate lifting solenoids. Six to pluck the strings and 24 to operate the finger board. The automation bus from Sercos ensures the optimum operation of all components.

One final tweet from KUHNKE Automation sums up one impression “SPS/IPC/DRIVES was a complete success for us! Thank you for coming and the great constructive high-level talks!”

Next year’s automation filled show is scheduled for  Nov. 27. – 29 2012. Will you be there?

---

 Releases received at the Read-out Offices!

#SPS11: Cybersecurity, certification, safety & other highlights from Wind River – Wind River made several exciting announcements at this year’s faire. On day one of the event, they announced a strategic partnership with ISaGRAF, headquartered in Canada and part of the Rockwell Automation Company, a global leading automation software partner. Together, Wind … Continue reading →

#SPS11 Test drive industry’s first virtual target for software development on SoC FPGAs – Altera Corporation demonstrated its latest industrial embedded solutions for energy-efficient and safety-integrated drive systems. They highlighted how its Cyclone® series of FPGAs enables integrated, high-performance industrial systems such as drive systems with a high-performance control loop in floating point. Visitors … Continue reading →

#SPS11: Industrial Networking and Motor Control Systems from Xilinx – New capabilities for boosting design productivity and using Spartan-6 FPGAs for better system performance and lower bill-of-materials Xilinx announced new Ethernet protocol support and motor control building blocks for its Industrial Targeted Design Platforms, including new EtherCAT, Ethernet POWERLINK, PROFINET … Continue reading →

#SPS11: Hydrostatic actuation desifn concept from Moog – Reliable hybrid technology used in a new energy-saving solution for a variety of industrial applications Moog Industrial Group featured a prototype for a new Electro Hydrostatic Actuator (EHA). Combining hydraulic and electric technology in a self-contained system, Moog’s innovative EHA … Continue reading →

#SPS11: Minicarrier board! – congatec AG presented the conga-QMCB, a new mini carrier baseboard for space-critical applications based on the Qseven standard. The baseboard is ideal for fast prototype design and compact, mobile applications. Measuring just 145×95 mm, the easy-to-integrate mini carrier board is … Continue reading →

#SPS11: TE Connectivity solutions – TE Connectivity showcases its Hybrid Connectivity Solutions Both the Power4Net and the Motorman hybrid connectors integrate several functions into a single compactly designed connector. The flexible Power4Net hybrid connector has space for up to eight power and four Ethernet contacts … Continue reading →

#SPS11: Siemens extends TIA and unveils Simotics as full motor range – Siemens showcased the latest extension to its TIA (Totally Integrated Automation) Portal and unveiled the new name of its full motor range which will be called “Simotics” from now on. In advancing its automation and drives portfolio, Siemens is placing … Continue reading →

#SPS11 Dynamic reporting in process or energy management – COPA-DATA is to present their zenon Analyzer to the public for the first time COPA-DATA will present its new product for dynamic reporting, the zenon Analyzer, for the first time at the SPS/IPC/DRIVES 2011 trade fair. The software is designed … Continue reading →

#SPS11 Green automation initiative
Industrial communication technology facilitates plant-wide energy management within automation systems. HMS Industrial Networks presented a number of solutions targeting energy management in automation systems. Recent research from the AIDA group of German automobile manufacturers (Audi, BMW, Daimler, Porsche, VW) and … Continue reading →

SCADA, ICS and HMI vulnarabilities

Last week an Italian researcher, Luigi Auriemma published thirty-four SCADA product vulnerabilities against four SCADA products. “Selling the concept of security for SCADA and ICS might still be struggling, but publishing vulnerabilities for SCADA and ICS equipment seems to be a growth industry.” according to the Eric Byres of Byres Security on their blog The Italian job!, on 23rd March 2011.

Last Friday Joel Langill CSO of  SCADAhacker.com blogged on Protecting your ICONICS GENESIS SCADA HMI System from Security Vulnerabilities as they published a white paper providing six actions (also known as compensating controls) that users of ICONICS GENESIS products should take to protect their systems. Operators of other HMI products were advised to consider similar measures.

This morning Byes and Langill have released another White Paper, Analysis of the 7-Technologies IGSS Security Vulnerabilities for Industrial Control System Professionals, that may be important in protecting Industrial Control and SCADA Systems.

This paper analyses the vulnerabilities of the 7-Technologies IGSS SCADA/HMI system published by Auriemma. Moreover they state even if readers do not have this vendor’s products, it may be helpful to review the six Compensating Controls recommended, and apply ones that are relevant for their systems. They say: “Initial analysis seems to indicate that these vulnerabilities only affect IGSS Versions 8 and 9.  This is due primarily to the fact that these vulnerabilities focus on a single IGSSdataServer application that is not believed to have existed in prior versions of the software.  Until the vendor has posted an official response to these vulnerabilities, increased security diligence should be used based on the recommendations provided in this document.”

Due to the sensitive nature of this white paper, Analysis of the 7-Technologies IGSS Security Vulnerabilities for Industrial Control System Professionals, you must be logged in to the tofino.com site to access it.

See also: SCADA Vulnerabilities for 7-Technologies on the ISS Source website.

Growth of the European HMI Market

Frost and Sullivan appear very active these past few days as far as the automation sector is concerned. A few days ago they came out with the Top Ten Energy Trends which included the observation that, amongst the others noted that most energy producers are seeking to “improve their measurement and monitoring network structure by implementing smart technologies.”

Now in a new paper they examine the HMI market in Europe and the opportunites and challenges that is and will present to industry.

Factors such as the need for technically enhanced human machine interface (HMI) in Europe and the availability of growth opportunities in price-sensitive markets such as Eastern Europe will intensify the competition among vendors in the HMI market. Although the financial crisis affected most end-user sectors across the world, the demand for HMI has been sustained through government-aided stimulus packages in key end-user segments. Steady market expansion will derive from end users looking beyond conventional HMI functionalities to more advanced technical features.

Their study Strategic Analysis of the European Human Machine Interface Market, finds that the market earned revenues of $541.9 million in 2009 and estimates this to reach $819.7 million in 2016. The study covers discrete and process industries.

The increasing importance of sophisticated and high-definition displays will support market prospects. The visualisation factor, which communicates the system parameters and displays the execution of the process on a screen, is highly valued by shop floor operators.

“The need for newer and more sophisticated displays is gaining importance,” notes Industry Analyst Sivakumar Narayanaswamy. “The ability of an HMI to fulfill this demand is continuing to drive the growth of the HMI market.”

Increased government spending on infrastructure, including power and water, is also strengthening the market’s growth potential. As an effect of the recession of 2008-2009, governments of developed economies have been aiding investments in infrastructure development, primarily in the power segment and for smart grid projects. This has resulted in a boom in the utilities segment, especially in the use of HMI applications.

A main challenge relates to the fact that end users are looking beyond the conventional functionality of HMI. Currently, customers are not satisfied with the usual features of data monitoring offered by HMI. They want the system to be more intelligent and intuitive.

“Software is the key to intelligent HMI solutions,” states Narayanaswamy.

Additionally, the advent of HMI integrated with video capabilities will enable proactive diagnostics in the event of a fault. HMI vendors need to focus on such intuitive trends to meet customer requirements.

Growth in World SCADA market

The Supervisory Control and Data Acquisition (SCADA) market is among the most rapidly growing control systems markets in the world. Markets in Western Europe and North America will continue expanding over the next few years due to the increasing demand to modernise power and water and wastewater infrastructure. New infrastructure investments in the Middle East, Africa, Asia Pacific, Latin America and Russia in sectors like oil and gas, power, water and wastewater, will also spur SCADA markets to grow rapidly in these regions. The key market challenge manufacturers have to face is ensuring enhanced cyber security.

New analysis from Frost & Sullivan, Strategic Analysis of the World SCADA Market, finds that the market earned revenues of $4,584.5 million in 2009 and estimates this to reach $6,902.4 million in 2016. The following end user sectors are covered in this research: oil and gas, power, water and wastewater and others covering plant level SCADA (food and beverage, pharmaceuticals, chemicals, pulp and paper) and automotive and transportation. Software, hardware and services are some of the product categories covered in this research.

“Oil exploration in Siberia, the North Sea, the Gulf of Mexico and North Western Africa has gained renewed interest,” notes Frost & Sullivan Research Analyst Katarzyna Owczarczyk. “The need to control geographically dispersed assets drives cash rich oil majors to invest in SCADA systems, thereby supporting market expansion.”

Moreover, natural gas is becoming increasingly important in the energy market globally due to its comparatively clean emissions, relatively low price, and abundant availability, therefore being an alternative to oil and coal for electricity generation. The gas pipelines needed to reach end users require SCADA monitoring for leaks, flow, and routing, further promoting market expansion.

“The concept of piped distribution, when implemented, will create numerous opportunities for automation companies in terms of supplying SCADA systems,” remarks Owczarczyk. “Demand for SCADA solutions will surge since distribution will involve the transportation of gas for long distances.”

One of the key challenges that manufacturers face in the world SCADA market is ensuring enhanced cyber security. “A great majority of SCADA vendors have started to address the risks of cyber threats by developing lines of specialised industrial firewall and VPN solutions for TCP/IP-based SCADA networks,” states Owczarczyk. “Additionally, more and more applications are being implemented to the control systems in order to prevent unauthorized application changes without impacting the performances of common antivirus scans.”

Furthermore, the ISA Security Compliance Institute (ISCI) is emerging to formalise SCADA security testing. Standards defined by ISA99 WG4 will supersede the previous industry testing and certification efforts, but probably not before 2011.

“Manufacturers that recognise challenges such as the need for cyber security, flexible and open systems while meeting rising customer expectations for advanced software at competitive prices will survive over the next decade” – concludes Owczarczyk. “Vendors should also educate plant engineers and operators, as well as system integrators and other SCADA developers about the importance of security.”

Improving SCADA operations using wireless instrumentation

by Hany Fouda, Control Microsystems

The purpose of this paper is to explore the particular ways in which operators can tightly integrate wireless instrumentation networks with SCADA and realize the full benefits of such an integrated solution.

Introduction

Hany Fouda is the VP of Marketing at Control Microsystems and is responsible for developing and executing global marketing strategies across the brand portfolio to further drive growth. From 1995 to 2007, Hany held various sales and marketing positions within the company. Prior to Control Microsystems, Hany worked for Digital Equipment Corp., Yokogawa Electric Corp., and more recently, General Electric Company. He has a B. Eng in Telecommunications and a Masters Degree in Engineering from Carleton University.

Integrating wireless instrumentation with SCADA systems can drive operational efficiency and reduce deployment costs.

The use of wireless instruments in pipelines and gas production operations has been gaining momentum over the past few years. Driven by cost cutting measures and the need to gain more operational visibility to meet regulatory requirements, wireless instruments eliminate expensive trenching and cabling while providing access to hard-to-reach areas using self-contained, battery-powered instruments. However, SCADA engineers and operators are facing the challenge of integrating wireless instrumentation networks with other communication infrastructure available in the field. Managing and debugging dispersed wireless networks presents a new level of complexity to field operators that could deter them from adopting wireless instrumentation despite the exceptional savings.

This paper will look into the particular ways in which operators can tightly integrate wireless instrumentation networks with SCADA and realize the full benefits of such an integrated solution.

The Evolution of Wireless
Since Guglielmo Marconi sent the first telegraph signal across the Atlantic, wireless became part of our everyday lives.  However, the last ten years have seen a dramatic change not only in the radio technology but more importantly in how we use it as consumers and oil and gas professionals. Gas producers and pipeline companies have relied for many years on long range wireless technology to transmit and distribute critical operational data using a wide range of technologies, including satellite, VHF, UHF and license-free spread spectrum.  As more consumers lined up to acquire the latest Smart Phones with embedded Wi-Fi, Bluetooth and broadband capabilities, the price of radio modules have plummeted over the past three years. This has made it easy on industrial vendors to integrate radio modules into a long list of devices and sensors. As a result, the O&G industry has seen an increase in wireless instrumentation, also broadly known as wireless sensor networks, offered from major process control and SCADA suppliers. Wireless became the holy grail of the industry with editors and pundits predicting double digit annual growth and a $1.2 billion market by 2012.

The business case behind deploying wireless instrumentation is a compelling one. By eliminating cabling and trenching, you can dramatically reduce the cost of deployment by as much as 70%. Since wireless instrumentation is battery powered, they are much easier to deploy in the field relative to their conventional counterparts.  Wired systems can take days or weeks to be properly installed. Wireless instruments require only the sensor to be installed in the process, saving hours or days and valuable resources. Other instruments can be added as needed.

Safety and compliance with environmental requirements are major driving factors. In gas production, during the initial flowback period, using wireless pressure sensors reduces the risk to personnel who would otherwise need to be in close proximity to a volatile and toxic well in order to read manual pressure gauges and to report on production readiness. During the flowback period before a wired solution can be installed, wireless pressure sensors put the well analyst in touch with the well enabling remote trending and analysis. EPA regulations in many regions require the use of a Vapour Recovery Unit (VRU) to burn off residual gases from separators and condensate tanks. An easy to install wireless temperature sensor can monitor the VRU and report an alarm condition if the flame goes out.

Wireless Instrumentation is a Different Game
So if the business case is that strong and the return on investment is solid, why are some still reluctant to deploy wireless instrumentation in their facilities? There are three main reasons:

1. 1. Reliability
In industrial applications, reliability is a major concern. Wireless instrumentation must be as reliable as conventional wired units. Even in simple applications like remote monitoring, users come to expect a certain level of reliability and network availability. Wired systems are much easier to diagnose and trace because the medium, the wire, is physically there or could be dug out. Wireless, on the other hand, uses the invisible free space as a medium. Radio signals are subject to free space attenuation, where the signal loses strength at a rate proportional to the square of the distance travelled. Radio signals are subject to reflection as a result of structure, trees, water bodies and buildings. Furthermore, interference from near-by wireless systems such as cell towers adds more challenges.

RF design is getting better in addressing many of these issues. By designing highly sensitive radio receivers, using the transmit power more efficiently and high gain antennas, engineers were able to establish highly reliable RF point-to-multipoint links.

1. 2. Adaptability
Wireless instrumentation networks are required to adapt to the existing environment. It is not practical to move a well head, a compressor, tank or a separator just to create a reliable wireless link. In long range SCADA networks, it would be much easier to locate a 30 foot tower in the field to allow for line-of-sight consideration. It might also be easier to increase the height of the tower to extend the range and avoid obstruction. Wireless instrumentation networks do not have that luxury. It is sometimes difficult to find a location for an access point or base radio that provides reliable communication with the wireless instruments. Relocating the access point or base radio to improve the RF link with one sensor could result in degrading the links with other sensors in the same network.

Adaptability can be addressed by using lower frequency bands, such as the license-free 900 MHz, which tend to provide better coverage, longer range and better propagation characteristics allowing the signal to penetrate obstacles. Also, high gain external antennas that can be mounted as high as possible on a structure allow access to hard-to-reach sensors which could be located at the bottom of a tank. Improved receive sensitivity of radio modules also plays a crucial role in ensuring network adaptability to various industrial environments.

1. 3. Integration
Most gas production, processing plants and pipeline facilities have some level of wireless capability in place. Long range proprietary SCADA networks, backhaul point-to-point networks and local wireless area networks are some of the common systems deployed. Each of these networks is being used for a specific purpose such as control data transmission, high bandwidth communication and video surveillance. Engineers and operators are facing the challenge of integrating wireless instrumentation networks with other communication infrastructure available in the field. Managing and debugging dispersed wireless networks presents a new level of complexity to field operators that could deter them from adopting wireless instrumentation despite the exceptional savings.

The wireless networks integration dilemma is more apparent in SCADA systems. Since wireless instrumentation networks are supposed to tie into the same SCADA infrastructure available at site in order to relay valuable operating data to the SCADA host, having the ability to manage the complete infrastructure as one network becomes essential.

Moreover, having the ability to access hard-to-reach areas and gather new data points that were not economically viable before, gives the operator better visibility into the process and plant operations. However, this data has to end up somewhere in the system in order to be monitored, analyzed and leveraged. SCADA systems are normally designed to handle a certain number of data points or tags. Scaling up the system to handle additional data points and integrate them in trends and reports could be costly.

Despite the abundance of tools to capture, process and analyze data in the process control market, ensuring data integration is still a major problem. Some SCADA systems even have a separate historian module that must be purchased as an add-on to handle the flood of data as a result of adding wireless instrumentation networks.

Addressing the Wireless and Data Integration Challenges
A new breed of advanced wireless instrumentation base station radios or gateways is now emerging in the marketplace to address this need. This new generation of gateways integrate both a wireless instrumentation base radio and a long range industrial radio in the same device.  The wireless instrumentation base radio has a Modbus data port, allowing an external Modbus Master to poll information from the base radio about its own status as well as the status and process values of its field units. It also has a diagnostics port, allowing the connection of the network management software for sensor configuration and diagnostics. Both of these data streams are sent simultaneously through an advanced long range serial or Ethernet radio network. This is how it works in practice:

• The wireless instrumentation base radio and all field units must have the RF Channel and Baud Rate set identically.
• Each field unit must then have its RF ID set to a unique value. This value will be used later for Modbus polling of the data.
• The base radio’s Modbus serial port baud rate must be set to match that of the long range radio.
• The base radio’s Device ID must be set. This value will be required later for Modbus polling of the system.

The integrated long range remote radio is configured as a remote device relaying information to a Master radio at the main SCADA center. The available two serial ports on the radio are configured to tunnel Modbus polling and diagnostic data simultaneously to the wireless instrumentation base radio. This allows operators to manage and diagnose the wireless instrumentation network through the existing long range SCADA infrastructure. Live data and status information for all field units are displayed in a separate view or integrated in the SCADA host.

On the data integration front, modern SCADA host software offers a fully integrated environment that includes an integrated and scalable historian to handle more additional data without going through expensive and sometimes lengthy upgrades. Developing the SCADA screens based on templates allow engineers to add data points easily and rapidly in their systems.

Conclusion
As the adoption of wireless instrumentation networks increases, users will be faced with a number of challenges to ensure the reliability, adaptability and tight integration with their existing infrastructure.  New RF and antenna designs help to address reliability and adaptability challenges. This leaves wireless and data integration with the existing SCADA infrastructure as one of the critical challenges to be resolved. Luckily, hybrid gateways, where sensor network base radio and long range radio are integrated, allow users to view, manage and diagnose their dispersed wireless systems from a single point. Similarly, advanced SCADA host software, with an integrated historian and rapid development environment using templates, can facilitate the integration of new data points generated by a growing network of wireless sensors.