Introduction
SCADA as a Service is a new but naturally evolved method of providing process control to traditional wide area network applications. From an operations point of view, the method of system interaction (view & control) remains exactly the same. This provides a straight forward approach to adopting a service orientated SCADA system. Due to the increased availability & reliability of the internet in remote areas and the continued focus for councils to operate in the most cost efficient manner for rate payers, the water, waste water industry is the most logical and immediate beneficiary of cloud based industrial solutions across the Australia and New Zealand region. This paper provides an understanding of how SCADA as a Service has naturally evolved to become the new standard for wide area applications. It outlines the technical and commercial benefits organisations can expect to achieve through early adoption.
Evolution
SCADA systems have been in existence for close to 60 years. From the early stages running on mainframe computers, communicating to remote devices through dedicated radios, to now being hosted in a data centre, communicating to remote devices through a secure public network (public network being a common I.T term for internet infrastructure). The timeline below briefly describes the evolution of SCADA systems since inception alongside the introduction and evolution of the internet within the industrial automation landscape.
Image 1: evolution of SCADA timeline
The fifth generation of SCADA systems is a natural evolution to the traditional SCADA platform by taking a virtualised environment and hosting it in a data centre. The ability to host and access the SCADA system anywhere using the internet unlocks the capability for SCADA as a Service.
In the sky
IBM’s definition of the cloud
“Cloud computing, often referred to as simply “the cloud,” is the delivery of on-demand computing resources — everything from applications to data centres — over the internet on a pay-for-use basis.
- Elastic resources — Scale up or down quickly and easily to meet demand
- Metered service so you only pay for what you use
- Self-service — All the IT resources you need with self-service access”
With cloud computing a software system shifts from being a framed platform of certain capabilities, to being an elastic platform that expands and contracts on demand, through the use of “unlimited” amount of processing power and storage capacity provided by a data centre. A hosted virtual environment coupled with the near ubiquitous nature of the internet, unlocks and gives rise to SCADA as a Service which can be quickly and easily adopted into the industry. Whilst hosted or cloud systems may sound like a new concept to some, it actually isn’t at all. Cloud computing is a result of the evolution within the IT environment. The concept of utilising central control rooms to host and operate SCADA systems for wide area networks was exactly how SCADA systems used to be run. The only difference was; the industry didn’t have a globally available public network.
Water, Waste Water distribution
The method in which an operator controls and monitors the process remains the same. What changes is the mode in which field information is gathered and processed, as shown in image 2 below.
Image 2: Traditional vs. SCADA as a Service wide area network system
Evergreen
Traditional SCADA systems remain current for less than a handful of years before requiring significant capital expenditure to migrate to new software & hardware revisions. Adopting SCADA as a Service allows an immediate remedy to this problem, where the system itself remains evergreen throughout the process lifecycle. A dedicated team of Cloud SCADA engineers ensure minor and major revisions are tested for operational compatibility prior to system wide roll out, ensuring updates don’t negatively impact operations which traditional systems are continuously open to. With limited technical resources within regional and rural councils, the ongoing challenge to continuously train internal staff on software & engineering is dramatically simplified. This also caters for staff movements or loss of experience that the industry is exposed to. As well as the elimination of unpredictable external labour costs through the adoption of dedicated Cloud SCADA engineers whom can access and maintain the system nationwide. Ultimately the system upkeep and maintenance is shifted into a continuous operational expenditure model saving councils thousands of dollars over the process lifecycle versus the traditional SCADA system approach.
Pre-configured
In addition to the SCADA system being hosted in the cloud, the operational environment is pre-configured typically using the international ISA101/18.2 graphical and alarm management standards ready to use immediately. Standardisation allows operators to quickly understand and operate a plant regardless of their experience level. Improving the operator’s ability to predict, diagnose and respond to abnormal situations through enterprise wide standardised look and feel of HMI screens and globally interpretable alarm information, which is an enormous productivity bonus Pre-configuration also provides the flexibility for the system to expand seamlessly, through the use of automated faceplates and templates. Required system customisation can take place to suit site operations, whilst maintaining the enterprise wide standardisation.
Secure
Technological change requires controlled management to protect process reliability, quality, availability and safety. These are all aspects that are subject to complex certification and validation, so new and more elaborate cybersecurity threats make protection an ongoing challenge. This level of complexity is eliminated where maximum security can be implemented, maintained and managed continuously as an integral part of the SCADA as a Service solution. With leading edge perimeter security already embedded within the hosted environment, the following four field proven security measures are taken within the operating virtual environment.
- Application whitelisting to help prevent malicious software and unapproved programs from running
- Patch applications such as Flash, web browsers, Microsoft Office, Java and PDF viewers
- Patch operating systems
- Restrict administrative privileges to operating systems and applications based on user duties.
The four measures outlined above are mandatory cyber security mitigation strategy points outlined by the ASD and NCSC. An example of a common wide area network SCADA is Yokogawa’s FAST/TOOLS, which has been established in the international market for 40 years (at the time of writing) which supports open architectures and platform independence. This decouples its dependence of any particular operating systems such as Microsoft Windows and makes it natively suitable for hosted environments. FAST/TOOLS secure software development is also provided in accordance to ISA/IEC 62443, giving end users vendor independent certification of a secure software development lifecycle based on this internationally accepted standard.
Provisioning, uptime, recovery
The cloud environment offers the ability to provision resources on demand where only the required amount of storage capacity is used. This reduces overall infrastructure hardware costs in comparison to making an upfront investment in server sizing and capacity with traditional systems. The hardware infrastructure is monitored and maintained 24 hours a day, 365 days a year. Whilst our Australian data centre partner has experience zero unplanned downtime in the last 5+ years, the guarantees we extend to end users are 99.99% system uptime. The management and maintenance of the virtual environment allows the recovery of last known operation states to be backed up frequently and restored if or when required. Further to this the virtual environment which FAST/TOOLS operates on is decoupled from the hardware environment through the use of hypervisor technologies. This allows the hardware layer to continuously remain state of the art throughout the leased period, without disrupting the operational environment, during regular updates and upgrades. Maximum availability comes as standard ensuring the system can sustain multiple failure without impacting operations. This is coupled with encrypted disaster recovery providing assurance of data storage and recovery under adverse scenarios.
With a hosted environment the need to
- House local SCADA servers
- Provide ventilation (heating, cooling)
- Ensure uninterruptible power
- Assure availability server availability
- Facilities security and access control
- Scale local servers
Is all taken care of, relieving council I.T team(s) of trying to ensure 24/7 operation and technology uptime.
Networking
There is a combination of methods that allow the field device information to communicate to the cloud based central control room. However, the ultimate goal would be to reduce the reliance of the radio network as the primary communicating path. A staged migration of the radio network can be employed, such that it becomes a secondary fail over path or completely decommissioned; migrating onto a secure public infrastructure (4G/4GX) which provides comparatively increased availability and lower total cost of ownership versus leased radio networks. Virtual private connections via a public network also provide a significant increase in bandwidth overcoming the fundamental limitation of leased radio networks. Increased bandwidth is an immediate enabler to retrieve more process data as well as gather the ever expanding diagnostic information from field instruments. This level of information can now be easily served to predictive maintenance tools such as PRM to decrease operational downtime. Low bandwidth buffering protocols with secure authentication such as DNP3 Secure has become synonymous with the water, waste water industry for all the right reasons. Complementing DNP3’s success OPC UA (Unified Architecture) is now making headway into the industry, with a new and holistic information model approach. The OPC UA information model also expands on device connectivity, which is very similar to how USB devices connect today. Where information of a particular USB is on the device itself including how it should be connected to the HOST computer; when connected the device is ready to use automatically with all functionality available. In a similar method OPC UA enabled field devices provide their information to the SCADA system, that can allow automatic connection and near immediate use, reducing the man hours traditionally required to map variables and graphics between field device and SCADA.
Technology partner
As councils reduce costs, the strain on project engineering and service departments increases exponentially. This leads to the need to contract in external labour to fulfill the gaps in technical resources, which invariable does not reduce engineering costs or capacity to completely test and validate a traditional SCADA solution prior to enterprise wide roll out. Partnering with a technology partner, that has both a national and international pool of dedicated Cloud SCADA engineers and support personal, as well as direct control of R&D and the SCADA roadmap, an entirely new level of expertise is provided to councils. One that ensures the operational system is tested, validated ready to operate on system wide deployment, as well as ensuring maximum security has been provisioned for in accordance to local governmental guidelines.
Conclusion
The SCADA as a Service offering is a relatively new but naturally evolved method of providing process control to traditional wide area network applications. End users can immediately benefit simply and easily without changing the operational front end. Combining public networks with a hosted environment then coupling it with an established technology partner with industrial grade software that has been employed and field proven in the global market place for over 40 years, provides a structured and ruggedised solution for wide area network systems. Incorporating cyber security mitigation techniques, that are aligned to both the Australian & New Zealand governments recommendations, offers water, waste water industries the advantage of a new and disruptive approach in SCADA operations. The perception of hosting costs and exposure to the internet are no longer the primary concerns. With the shape of SCADA systems changing at an accelerated pace, all the mechanisms are in place to allow easy migration and transition into a SCADA as a Service model, to meet the needs of the smallest to the largest council within the Australia & New Zealand region.
Contact us: enquiries@au.yokogawa.com
Resources
Looking for more information on our people, technology and solutions?
Contact Us