scada for the new world

Standards

Certification

Education & Training

Publishing

Conferences & Exhibits

SCADA for the new world

Network Security – PLC – HMI TrafficSegregation– Maintainability,Scalability, and Up time

2014 ISA Water / Wastewater and Automatic Controls SymposiumAugust 5-7, 2014 – Orlando, Florida, USA

Speakers:Marios Iacovou

2014 ISA WWAC SymposiumAug 5-7, 2014 – Orlando, Florida, USA 2

Marios Iacovou

• Marios Iacovou is an Electrical and Computer engineerfocusing in SCADA systems. He has more than 6 yearsof experience in PLC, HMI, and network (virtual andnon-virtual) configuration and programming with Brownand Caldwell where he has been supporting the SCADAneeds of several water and wastewater treatmentmunicipalities in the Mid-eastern USA.

• SCADA implementation

• PLC programming

• Network design

• I&C design

• Construction Services

Marios Iacovou,Electrical and Instrumentation Engineer

Brown and Caldwell | Columbus, [email protected] 614.923.5010 | C 614.256.1740


Presentation Outline

• Backbone – Fiber Loops• IP addressing scheme• Security

Network

• Redundancy• Traffic Segregation

PLC – HMI

Development

• New Devices• Up time

Scalability

Maintainability


Network

Backbone - Fiber Loops 1 GB or higher

MM or SM?

• How far? How much bandwidth?

Do I need spare fibers?

• The availability of bandwidth allows the integration of new devicesinto the SCADA system.

• Enables the addition of cameras, security systems, badge readers,and fire alarm panels.


Network

Ethernet/IP based networks Ethernet is become increasingly standardized in the industry

among designers, integrators, vendors, and manufacturers.

Reduces the complexity of multiple communication protocols andallows better connectivity and easier integration.


Risks

Lack of Security

Complexity

Broadcast storms

Single points of Failure


Network

IP addresses Do I need to manage all four octets?

• How many sub-networks?

Using the mask address to add security

• Limit third party devices from interfering with each other.

• Reduce accessibility of critical information.


Modem Firewall IndustrialRouter/VLAN

IndustrialEthernetSwitch

Remote SitePLC

IP-based RTUsrequire increasedsecurity

RTU

Network


Security is a process, not a product

RiskAssessment

DigitalAsset ID

ProfileModel

Identify/Remove

Vulnerabilities

StandardizePolicies

IncidentResponse

Training

MapArchitecture

ProactiveSecurityModel


Network

Security Security by abstraction

• Do we need to bridge remote sites?

• VPN, Firewalls, Routers?

Creating isolated networks

• PLC – HMI data segregation

Effective use of Active directory and domain controller


PLC Network

Drive the SCADAsystemimplementation

Redundancy

AOIsAdd On Instructions

Database - tags


PLC Network

Redundancy Adding more than one server allows the polling to be split

between the multiple servers that hold the application.

• Eliminate the server as a single point of failure.

• Reduce the traffic on the servers during “normal” operation.

• Utilize the redundant “ring” more efficiently.


PLC Network – AOIs:PLC custom logic function blocks

One of the most powerful newer features of the various PLC platforms is the ability tocreate Add-On Instructions. This allows a programmer to define an instruction thatcontains a commonly used function or algorithm (as a set of instructions), and use itas one instruction.


PLC – HMI : DatabasePLC and HMI Tagname’s Conventions

Example 1

Example 2


PLC – HMI

Network Segregation Separate the PLC and the HMI traffic.

• PLC traffic : controller communicating with the RIO racks.

• HMI traffic : HMI application polling of the various controllerregisters (or tags).


HMI Network: Client/Server Architecture

ArchestrAAOS1

ArchestrAAOS2

Redundant System

Redundant server maintainsynchronized data throughdedicated network. If the primary server is lost, the

backup server will take over. The switch between the servers

is transparent to the clients.

THMRDT

THMRDT

Thin Clients

Thin Manager Servers

ObjectServers


New HMI graphics trend – 3D

3D Pros

• More realistic, better visualization from operators.• “wow factor” – looks neat and futuristic.

• Informative for less trained staff.

2D Pros• No space restrictions.

• Better way to explain the process.

• Simpler, plain, and more familiar to experiencedoperators


PLC – HMI

Network Segregation Adding communication modules on the Primary and Redundant

Controller racks.

• Enables the separation of the PLC traffic (Controllers) from the HMItraffic.

• As new devices are introduced in the network and new terminalsare created through VPN tunnels the risk is reduced by not allowinga direct path to the controllers.


PLC Network

Internal RIO Network Redundancy Utilize the DLR ring that several PLC manufacturers offer.

• Eliminate the physical Remote IO connections as single point offailure within each enclosure.

• Reduce the traffic on the network and avoid data collisions.

• Reduce the risk of a communication module failure by allowing theprimary or redundant controller to have multiple paths to the IOracks.


Scalability

Introducing New devices The configuration outlined enables a more secure approach in

introducing new devices.

• New terminals added on the HMI network will not have a path to thePLC controllers.

• The SCADA application is developed to comply with the integrationof new devices such as iPads, tablets, smart MCCs, and other.


Scalability

Ability to bridge remote sites with 3G/4G Cellular data packages are becoming more competitive in

pricing, maintainability, and bandwidth.

• SCADA are integrated more commonly through third parties (cellphone providers)

• The SCADA application needs to be flexible and able to beintegrated through intelligent gateways, which will significantlyincrease it’s scalability and surface more evolved ways of using theinformation that we already have.


Maintainability

The separated Networks are easier to be maintained It’s easier to determine whether an issue is PLC based, HMI

based, or neither.

• We can monitor the health of the several PLC loops.

• Single points of failure are reduced and the risk for a broadcaststorm is smaller.

• HMI and PLC updated are easier to be implemented by differentintegrators.

• Being proactive by taking into consideration future needs reducesthe need of costly major updates.


Best Approach

Deliver acomprehensiveSCADA systemflexible enough toaccommodatefuture requirements

Use proven and relevanttechniques

Gain knowledge of aMunicipality processesand automation systems

Understanding of futureimplications

Think about the futurenow


Expand SCADA

Enterprise &Traditional ControlTechnologies

Real-Time PlantFloor ControlTechnologies

Business &CommercialTechnologies


Open communication provides forcollaboration between stakeholders

2014 ISA WWAC SymposiumAug 5-7, 2014 – Orlando, Florida, USA

Questions

26

• Thanks foryour time

• Feel free tostop by anddiscuss aboutthepresentationmaterial

M.I.WhatQuestionsdo youhave?

Marios Iacovou,Electrical and Instrumentation Engineer

Brown and Caldwell | Columbus, [email protected] 614.923.5010 | C 614.256.1740

scada for the new world

Documents