Monday, November 29, 2010

The Integration of Scada and Corporate IT


In recent years there has been a trend towards Integration of SCADA and Corporate IT. A look in any industry magazine reveals that articles discussing this integration are commonplace. eg the Instrument Society of America’s Intech magazine has recently published articles titled:

§  How will XML impact industrial automation?
§  Computerheads romp past geeks?
§  How about some Java with your automation?
§  Leveraging Internet protocol without breaking the bank

The Intech article “Computerheads Romp Past Geeks” quoted Glenn Harvey, a past executive director of ISA "Computing hardware and software, Internet, and wireless technologies," he said, "are playing more dominant roles in control these days. This, along with corporate shedding of engineering departments and the integration of plant data with MIS, is moving the responsibility for control technologies into the IT groups."

When engineers don't want computer geeks tinkering with their control systems, and IT doesn't want rogue systems compromising the complex network of systems they are responsible for, why would anyone be moving towards this integration?

The answer in some cases is simple economics. Sharing networks, support tools and organisations, and workstations can save large amounts of the cost of either system.

However the strategic driver for this integration is that the sum of the whole is more than the sum of the individual parts. When these systems are integrated it allows the business to integrate data from the process, with financial, and customer service data, and allows the business to manage on the basis of information. The opportunities will vary from business to business.

As an historical aside, within Australia in the late 1970s and 1980s there were two major vendors of IT mainframe computers. These were Digital Equipment Corporation (DEC) and IBM. Most utilities based their IT applications on the IBM mainframe, and it was accepted that these were not suited for SCADA applications. Two organisations in the water industry based their mainframe on the DEC mainframes and used these for SCADA as well. Integration was a non issue – they both run in the same environment.  The SCADA departments of these two organisations were highly regarded in their organisations and each went on to become one of the larger SCADA vendors in the world. These were MITS (ex Melbourne Board of Works) and HWT (ex Hunter Water Corporation).

Not in my lifetime! When hell freezes over!

These are common reactions from a SCADA Engineer when the topic of integration of SCADA and IT is raised. There are many reasons for this, but the main one is that  it is hard enough installing SCADA without opening up all sorts of project interfaces. Any good project manager will try to draw a boundary to the project, and ensure all parts of the project are under their control. Avoiding integration reduces the number of interfaces the project must deal with, and this is good project management. However the project manager might just find the SCADA system is obsolete before the project is finished if he ignores the issue.

Traditional SCADA acquisition processes need to change to accomodate this integration. For example during FAT (Factory Acceptance Testing ) the vendor can’t have a network domain called SCADA. The system must now comply with the customer’s Corporate IT standards (including naming standards) which weren’t designed with SCADA in mind. These standards may not even be well defined, and the SCADA project will wind up formalising the IT network standards. Corporate IT may have a standard build of  a PC for servers/ workstations that SCADA needs to comply with. The SCADA software must be compatible with the Corporate “Standard Operating Environment” (SOE). This will probably need to be tested by those who maintain the SOE to certify it is compatible. Examples of problems are

§  SCADA uses Windows 2000, but Corporate IT standard is XP.
§  Corporate IT have software on C: drive, data on D: drive – is the SCADA configured this way.
§   SCADA will need to comply with the Corporate security model – including logons, password discipline etc.

All of this is easy to see afterwards, but when the tender specification is being written which SCADA software will be offered by the winning tenderer is often unknown.

These interdependencies will have  contractual implications. When Corporate IT hold up the contractor who pays for the extension of time? Whose responsibility is it when the Corporate SOE and the SCADA software turn out to be incompatible? What happens if the Corporate IT naming and security standards cause the SCADA software to fail? What happens if Corporate IT decide to upgrade part of the network mid contract, or change their naming standards, security model, or SOE mid contract? The well defined SCADA world becomes complex with numerous interfaces and dependencies on Corporate IT, who may not even be aware of their impact on the SCADA contract.

Security is a major issue when SCADA and IT integrate. Corporate IT almost certainly will not allow the modem plugged into the SCADA system so that an operator can dial in from home. What is going to happen when an operator needs to dial in from home during an incident? Corporate IT may have a secure token based dial in service that  can be used, but this is targeted  at office systems users. It will be unlikely to have been designed as a 24 x 7 high availability service.  There may be  a limited number of ports into this system and Corporate IT cannot guarantee that a SCADA user  can get one of these in an emergency before casual office users dial in for a look.

By connecting SCADA to Corporate IT you are likely to have indirectly connected SCADA to the Internet. It  will be via a firewall, but the SCADA engineer will be unsure as to whether this is safe (Answer – if you are connected to the Internet you are 8 times more likely to be hacked. ref Kyas 1997.)

Another  major area of concern for the SCADA engineer is the issue of availability and reliability. SCADA is designed for 24 x 7 availability. IT is an office system, 9-5 with best endeavours after hours. This is reflected in many ways –

§  IT systems often need to be scheduled down over the weekend to be upgraded.
§  IT systems rarely have redundancy – recovery can be undertaken out of normal office hours if the need arises
§  IT systems may need to be taken down for backups.
§  Support arrangements may be inadequate for 24 x 7 operation
§  Network monitoring and diagnostics may  be inadequate

SCADA systems are also often are designed to be deterministic. This means that the system must respond to any event within a predefined time. Now lets look at the IT network. Corporate IT automatically download a new versions of the accounting software to every PC they have – over a 1 hour period 2000 PC s are upgraded by downloading this multi megabyte file. No-one gets much response during this time. It’s acceptable for the office users – they can usually do other things. There are some solutions which would reserve a certain percentage of the bandwidth for some users, but that relies on the next level router which costs a lot more, and Corporate IT are unlikely to be  prepared to fund it.

SCADA have found that having software systems that automatically monitor the health of the network are essential for maintaining a highly reliable network. Corporate IT have similar but different systems. For example SCADA needs to run the radio manufacturers diagnostics as a minimum, and want to use a third party tool for the rest of the SCADA network, as it can integrate the diagnostics from a number of sources. The SCADA system is actually a network management system anyway so now we have three or four tools each of which is different.

This issue is closely related to maintenance, monitoring and callouts. The IT people are not on 24 hour call, and wont want to put on 3 shifts to achieve this. SCADA has  a 24 hour alarm monitoring centre (which may not include monitoring the network management systems). When a fault arises, who monitors it, who calls in the service provider (who could be Telstra, the SCADA Vendor, the accounting system Vendor who provided part of the network, or a contracted maintenance provider ). How  do they decide who to call?  Whose manages the maintenance contract – IT or the SCADA people? This becomes even more difficult if any part of the system is under defects liability. To make things more confusing, Corporate IT may  be  outsourced with only a small in-house group. There are some interesting contractual triangles with this scenario.

These are all issues, difficulties, whatever. If this is what happens together with turf wars, mutual distrust, conflicting objectives and so on, why would anyone ever want to Integrate SCADA and IT.

Before delving further into this integration, we must first define exactly what we mean by this apparently simple concept of integration. Unfortunately it is not as easy as it seems. There are a variety of areas in which SCADA and IT can be integrated, and this can lead to misunderstandings. Potential areas of Integration include:-

  •  SCADA Workstation network (SCADA Master to HMI workstations)
  •   The SCADA Data network (SCADA Master to RTU’s)
  •   SCADA Data to IT systems
  •   Integrated Applications.

  SCADA Networks


Firstly the SCADA workstation network.

We can look at putting the SCADA servers on the Corporate IT network together with the operator and engineering workstations. There is normally an existing network there for IT use, and the cheapest way to get a SCADA network is to use this. It will be necessary  to consider 24 x 7, redundancy, capacity and bandwidth requirements, the potential for IT users to choke the network and shut out SCADA users. It will probably need to be upgraded to meet SCADA requirements. SCADA will have to comply with Corporate network standards.

Overall the savings are so overwhelming it is difficult to mount any argument against this sort of integration. Remember that the first 500k of capacity on a Wide Area Network (WAN) may cost $x to lease but the second 500k may cost .2x. The organisation benefits as a whole, not just the operational users of SCADA. As time goes on, IT systems are finding they require more than 9 to 5 availability, and some of the cost of upgrading would have been required eventually.

SCADA also benefits by being forced to comply with the Corporate IT standards including security standards. The PC fleet is being managed by Corporate IT and they can  take over this role for SCADA workstations. This avoids getting stuck with a variety of oddball PCs in depots and operations centres as many discovered during the Y2K effort. SCADA also benefits by having an architecture that makes it easy for example to distribute SCADA data around the organisation eg by publishing it to a web server, or sending it to a Data Historian, and from there through the organisation through the Microsoft tools.

The second area to consider is the data collection network for SCADA.

Here the situation is not so clear-cut. The view that you could use the general purpose IT network for this purpose in some quarters would draw the response – “over my dead body”. The SCADA network has specialised requirements – or has it? In the past when slow speed radio was the norm, then this was true. SCADA networks were required to be deterministic. This was easy to accomplish with a polled network. Then the industry adopted report by exception, and unsolicited reporting, all of which in the right circumstances made more efficient use of the available bandwidth. Communications speeds crept up. Every network is to all intents and purposes deterministic if there is  sufficient bandwidth. Data services have become widely available and cheaper. You can use the same data services that the IT department use and at a realistic cost. (Installing a radio network for SCADA is only done when leasing the same network in copper from a telecommunications company is more expensive).

SCADA data can be carried on general purpose communications protocols such as the Internet suite of protocols, and consequently sharing has become feasible and practical. You can even reserve capacity for an application such as SCADA, ensuring other users can not block SCADA data. Upgrading an IT network to accomodate SCADA data can be very cost effective in the right circumstance for similar reasons that upgrading the network to meet the requirements of the users of engineering workstations is cost effective. Currently it is far more likely to be contemplated for the long links eg substation to central master, remote community water supply to central SCADA Master.

In the US a wireless service called CDPD is in widespread use for SCADA. This is the same network that the IT department would use for mobile data applications. As the costs of leased general purpose links continue to drop, there will be fewer “owner built” networks. If you were to look inside the Telco’s system you would find you are sharing capacity with IT, other peoples IT and so on.


SCADA Data  available to Corporate IT.

When talking about Integration of SCADA and IT, the sharing of data networks is a relatively minor issue. Making SCADA data available to the Corporate IT world, and integrating IT applications and SCADA is the integration that could revolutionize the business. This is where the main benefits are, and the benefits may be strategic. Managing your business on the basis of information from SCADA could give you a competitive edge. 

Making SCADA data available to Corporate IT systems is frequently done via a Data Historian. A Dat Hiistorian is a suite of programs designed to efficiently store large volumes of time series data, and which provide easy end user access to this data. SCADA data is normally automatically fed into the data historian, and stored for many years. The feed can be real time or batch (it is worth going to some effort to get this feed in real time even if you don’t currently think you need it.) The Data Historian will typically allow data to be sent on to further applications, sometimes on the basis of “triggers”. It will allow data to be retrieved on an adhoc basis to the desktop of your staff. Automated reports can be produced based on the data. There are savings in the cost of data collection for the reports, savings in the cost of producing the reports. But these savings are minor compared to the value of being able to run your business on the basis of information.

SCADA is the Information System that is most closely related to the assets of your business. Your business will typically have a number of basic core competancies. In the water industry reliably providing water is one such competancy. SCADA data allows operations staff to develop a high level of understanding the effects their actions have on the supply of water, by providing feedback. Most water utilities would have had some form of such feedback even without SCADA eg being able to interrogate tank levels. It is rare for a water utility to fail to supply water.

Another core competancy of a water utility is ensuring the water quality is maintained. This means ensuring an appropriate chlorine residual is maintained throughout the system. The basic information to do this is the chlorine residual, the rate of turnover of water in the system, the temperature of the water, and the raw water quality. Much of this information is expensive to collect and rarely provided in a comprehensive manner with or without SCADA. If this information is routinely provided you can see that the competancy of the utility in this area would improve dramatically by increasing the understanding of operations staff of the impact of their operating decisions on water quality.

Making SCADA data available to the wider audience in your business allows your organisation to run on the basis of information. It provides QA on operations just by being there. The things your business thought they knew accurately may well prove to be approximations. It provides the data for the “back room” boys to develop tools to run your business better. Without this data you cannot hope to be better at your business than your competitors.

I do not advocate simply dumping SCADA data into a data historian. Such data is unstructured, and difficult to interpret without detailed knowledge of the individual sites. It will have a variety of units, levels of accuracy, meanings, and descriptions. An understanding of a  complex tag naming system may be necessary to find any data. There will be gaps in the data – typically the SCADA systems primary purpose is seen as “operations”. The instrument calibration and maintenance may be curtailed when budgets are cut, with a consequent loss of quality in the data.

What is required is that from the outset the value of the data be recognised. A client for the data must be identified, and the installation and commissioning process must include formal handover and acceptance of the data as well as the control aspects of the system. A data model is required. I recommend  the Utilities Communications Architecture (UCA) concept of Device Object Models to be used as the vehicle for the data model.  The Device Object Model can be thought of as a template similar to a Microsoft Word template. Most people can relate to the physical devices in their industry  eg a pump is well understood in the water business. Conventional attribute / entity models are often too complex and employ abstract concepts that are distrusted by engineers. Attribute/ Entity models require a good understanding of the uses the data will be put to, and this is often not available. So the Device Object Model is a way to ensure everyone has a common understanding of the data. Device Object Models still need some of the concepts of data modelling – good definitions of the data to be collected especially any derived data to be calculated, consistency in units, consistent descriptions and tag naming, definition of required  accuracy, automated quality tagging and so on. If this is not done the Data Historian will become the equivalent of the National Library with no index to what is inside. The aim should be to collect data of sufficient quality that it can be programmatically retrieved and used eg in simulations, or analysis tools. To get this far someone must take responsibility for the data, and edit/quality tag the data when necessary.

The use of data in this way requires a level of absolute accuracy in the data that is not necessary if the data is simply used for control purposes. If the instruments are not accurate, then the control setpoints can be adjusted, providing the data is not used for corporate reporting for example.

This implies that standards be developed and applied in the design of the SCADA system. The UCA approach is for industry to develop standard Device Object Models eg for pumps and valves. Then industry will supply UCA compliant pumps and valves, and the SCADA system will have “plug and play” capability. Most utility groups in the US are adopting UCA eg electricity, gas and water, but outside the electricity industry there is still a long way to go to get widespread adoption of these standards.

Putting SCADA data into a Data Historian has the effect of placing the data somewhere where the IT people can get to it. They no longer need to go to the SCADA people and ask for the data. The organisation can now develop downstream applications and interfaces to utilise the data.

Integrated Applications


This leads to the last and most valuable form of Integration. Integration of SCADA and IT applications. Imagine an aluminium smelter refining bauxite  and producing raw aluminium. The process will be controlled by a SCADA like system (A Distributed Control System or DCS system). If the data from this system flows in real time down through a number of IT applications and into the company’s accounting system, then the operations manager can know in real time how much profit is being made. He can get information in real time about the impact decisions on tuning the production process have on the profit. The best example I know of this sort of system is Honeywell’s “Uniformance” system.

This type of use of the SCADA data applies to most industries. Electricity utilities run models using SCADA data to ensure the system is performing. Water utilities are not as advanced, but the day will come when SCADA data is fed into a simulator/ optimiser which will calculate optimised configuration data based on forecasted demand. This optimisation may take into account cost, water quantity, and water quality. Compliance with the new drinking water guidelines being adopted throughout Australia will probably require this level of sophistication in even moderately complex schemes.

Standards


Wherever you look the Integration of IT and SCADA implies standards. The IT world (and the telecommunications world) are based on standards. Standards are an enabling mechanism that has fuelled the growth of the Telecommunications industry and the IT industry. It would be interesting for example to compare the growth in IT between 1975 and now, and the growth in SCADA in the same time. Until recently SCADA vendors have been reluctant to adopt standards, preferring to supply proprietary systems. Adoption of standards especially standard industry agreed object models would drive the SCADA industry forward.

Security


The increased importance of SCADA when integrated with Corporate IT means there is even more reason to protect this valuable resource, which now includes the data. Using a Data Historian which can make SCADA data available in a spreadsheet opens the possibility that someone can simply email an Excel spreadsheet to a competitor. 

With the growth in the use of published standards comes some risks. Security by obscurity does not apply any more. It never did – by asking in the right quarters on the Internet it is possible to get details of most proprietary communications protocols within a few days. Use of either published standards for SCADA communications protocols potentially opens the system up to attack as intruders can emulate these protocols. Users of proprietary protocols are probably equally vulnerable.

The SCADA industry generally have not applied the same level of security as the IT industry.
Good housekeeping practices are not always followed in SCADA operations. Simple things like enforced rotation of passwords, individual user logons, removal of accounts when individuals leave the job are frequently ignored.  September 11 ensured we can never be as complacent again. Integration of SCADA and IT will force the IT departments to mandate new levels of security for SCADA.

Summary


The traditional distrust between IT and the SCADA engineer is being broken down. IT is becoming widespread and the traditional IT expert is replaced by a wide variety of specialists. The growth of the Internet and its associated technologies has allowed IT solutions to be applied to SCADA eg ethernet, the IP suite of protocols. IT hardware and software has developed and improved its performance to the extent that specialised SCADa systems are being replaced by generic IT solutions (eg SQL databases, PC’s). The relative ease of interface between systems allows data to be readily transferred from SCADA into other business applications.

These drivers have paved the way for integration of SCADA and IT. This integration covers a number of areas which include the integration of the SCADA data network with the IT network, the integration of the SCADA workstation network with the IT network, the provision of SCADA data to Corporate IT, and the Integration of SCADA and IT applications. The network integration is a matter of economics. Integration of SCADA with Corporate IT applications, even if this integration simply consists of the provision of SCADA data is an area in which the business can benefit most, facilitating the merging of process and financial data and allowing management by information.

All these areas of integration have their own problems. The major problems relate to the differing standards  SCADA and IT use. These are resolvable, but they add complexity to a SCADA project. The benefits far outweigh the costs, but to realise these benefits a long tradition  of separate development must be overcome.