How to put SCADA on the Internet
Many companies are considering using the Internet for supervisory control and data acquisition (SCADA) to provide access to real-time data display, alarming, trending, and reporting from remote equipment. However, there are three significant problems to overcome when implementing an Internet-based SCADA system.
The first is that most devices used to control remote equipment and processes, such as gas production wells and power transformers, do not have Internet-communications capability already incorporated in their operating systems. In fact, many do not even have an electronic controller, let alone an operating system. The second is that the device still has to be physically connected to the Internet, even when equipped through retrofit or in the factory with the necessary communications protocols. These problems must be solved at low cost and high reliability before Internet-based SCADA can be implemented in industrial applications. The third is assurance of data protection and access control.
One solution to these problems is to connect the device to a PC and have the PC make the connection to the Internet via an Internet service provider using Secure Socket Layer. Unfortunately, this solution may not meet the low-cost criterion and, depending on configuration, can lack reliability.
An alternative to using a PC is an embedded solution: a small, rugged, low-cost device that provides connectivity capabilities of a PC at a lower cost and higher reliability. This device (sometimes referred to as an Internet gateway) is connected to the equipment via a serial port, communicates with the equipment in the required native protocol, and converts data to HTML or XML format. The gateway has an IP address and supports all or at least parts of the TCP/IP stack—typically at least HTTP, TCP/IP, UDP, and PPP. Once connected to the Internet, the gateway responds to an HTTP request with an HTML or XML file, just as if it were any PC server on the World Wide Web. In cases where the equipment incorporates an electronic controller, it may be possible to simply add Web-enabled functionality into the existing microcontroller.Firewalls, encryption, passwords
The open nature of the Internet requires data security measures when implementing Internet-based SCADA systems. Processes, procedures, and tools must address availability, integrity, confidentiality, and protection against unauthorized users.
- Availability: Redundant servers increase system up time. Firewall protection must be provided in the gateway and servers along with automated monitoring to detect DNS attacks.
- Integrity: System must ensure encrypted data signatures, authentication to restrict access, and similar tools do not modify or corrupt data.
- Confidentiality: System must ensure restricted access to data through encryption and to the system by employing authentication such as Secure Socket Layer.
- Protection against unauthorized users: Multi-layered password protection must be provided at all levels in the system.
The open architecture of an Internet-based SCADA system combined with appropriate field equipment makes it possible to develop an integrated system. However, interoperability requires data format and transmission protocol standardization.
Preferred data format is XML, a meta-language that provides a facility to define tags and structure. The simpler alternative markup language, HTML, has undergone continuous development to support new tags and style sheets. However, these changes are limited by backward compatibility and to what browser vendors are willing to support.
Preferred data transmission protocol is HTTP (or HTTPS when security is required) because it is firewall friendly and allows Web servers to be used to control data transmission. The alternatives, TCP/IP or UDP, require the customer's IT department to open ports on servers, introducing potential for cyber attack.
Scaling an Internet-based SCADA system from a few to thousands of assets while maintaining near real-time performance requires a system architecture that enables data to be pushed from the remote equipment without host system polls. This approach has been implemented in systems supporting simultaneous 20-second updates from 3,000 devices.
As the acronym implies, the purpose of a SCADA system is to allow asset owners and operators to monitor and control remote assets, therefore the presentation of data is a critical component of any SCADA system. Use of Internet protocols and services to collect data makes it simple to apply standard Web browsers for data presentation.
Implementation of an Internet-based SCADA system is a complex project that can be handled in three ways: the owner can purchase components and act as integrator or hire one; contract for a turnkey SCADA installation; or contract for turnkey subscription-based SCADA services.
With complex SCADA projects a single vendor can serve as system architect with total project responsibility.
Or, for a monthly fee, vendors can design the system, install field hardware if necessary, operate secure servers to host the data, and provide customers access to their data via a standard Web browser.500% ROI
Use of Internet-based SCADA systems to monitor and control gas production wells has been proven to improve production and lower maintenance costs. For example, a field operator installed proprietary gas flow computers at nine wells to record flow data and store the data for collection once every 20 minutes via a SCADA subscription service.
The operator estimated that operational efficiencies achieved through use of the SCADA service resulted in production increases of 7% per year. The subscription service fee was $25 per month per well for a period of 36 months, and the cost of field automation equipment was $30,000. Using a discount rate of 10% and $1.50 per mcf gas price, the project return on investment was calculated to be in excess of 500%.