Selecting The Right SCADA Technology

Uploaded on 2018-12-04 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Manufacturing

Modern SCADA technologies offer choices that satisfy functionality and security requirements while improving performance for remote users.

Supervisory control and data acquisition (SCADA) systems have an important role on automation projects. Though a lot has changed in 60 years, not many improvements have been made to SCADA systems in the past 20 years. 

Some important changes have taken place, such as the move from DOS to Windows platforms, as well as the adoption of open protocols and high-performance HMI, but SCADA systems have often lagged behind other types of software.

When supervisory control and data acquisition (SCADA) systems were first developed and deployed on mainframe and mini computers, access was limited to local displays and to data terminals, which were typically located in close proximity to the main computing platform. 

Networking was proprietary and limited to connections to the data terminals, with no concept of open systems or remote access. 

Much has changed since those early days, as SCADA and automation systems are now usually connected to an extensive and open communications network within a plant or facility. With fewer staff tasked with more responsibilities, it’s often necessary to extend the SCADA system to remote users, either through the plant network or via other means. 

Modern, networked SCADA systems offer many advantages over their predecessors, most notably in terms of the functionality, speed, and low cost of remote access. 

They are designed to provide easy data collection and control for remote sites, and extensive options for remote access to perform monitoring and control. Web-based SCADA has taken this paradigm to the next level as it supplies users, regardless of their location, with similar access to what they would have in the control room. 

Modern SCADA systems provide local control and monitoring along with global access, giving workers crucial information when and where they need it. They include valuable tools, such as configurable alarms, that help personnel prevent small issues from escalating into major problems. 

In addition, these advanced solutions deliver powerful visualization capabilities to help identify the root cause of alarms. SCADA systems also offer impressive trending and reporting capabilities to improve overall operations and maintain compliance with government regulations. 

There are three main methods for accessing SCADA systems remotely: secure viewer thin clients, Web-based thin clients, and mobile clients. This article provides an overview of these methods, and also examines the best option for different applications. 

Secure viewer thin clients

A secure viewer replicates the local SCADA run time screens on a thin client, typically a PC or a less powerful embedded computing device. When a PC is used, it often is used for multiple functions in addition to SCADA remote access. When an embedded computing device is used, it functions as a dedicated remote access terminal. 

Many consider this the most secure method for remote viewing because the thin clients are connected to the server via a secure corporate network, typically with no Internet connectivity allowed. 

Thin client screen navigation and interaction can also be restricted to specific HMI/SCADA functions to further safeguard the system. For example, a particular user could be assigned a password commensurate with his or her access requirements, with more extensive access prohibited. 

While this solution can’t be accessed over the Internet, it is compatible with both wired and wireless networks. In addition, it offers encryption capabilities using secure socket layer (SSL-RC6 Standard) 128-bit encryption technology to provide a high level of security. 

Web-based thin clients

For remote access far from the control room, the Internet often provides low-cost networking with acceptable performance, making Web-based thin clients a better choice than secure viewers, which require their own dedicated network. 

Web-based thin clients lower networking costs, as one of the most expensive components of many SCADA systems is the communications infrastructure, particularly as the distance between the control room and the thin client increases. 

Mobile Clients

Mobile clients take the Web-based thin client concept to another level by providing access to the SCADA system via handheld devices such as smartphones and tablets. Not only does this promote exceptional mobility, it can also lower both communications and hardware costs.

Communication costs are lower because many cell network providers charge less than Internet providers. Cell providers are able to provide inexpensive data access because this type of traffic doesn’t have the real-time requirements of voice calls, making it possible for providers to use data traffic as a fill-in to wring the most out of their network capacity. 

Hardware costs are lower because smartphones and tablets are less expensive than PCs and embedded computing platforms. Some companies are reducing costs further by implementing bring-your-own-device policies, which require employees to use their personal cell phones and tablets for SCADA remote access and other tasks. 

In most cases, employees already have these devices, and companies pay employees a fixed amount, typically amounting to a portion of their monthly provider fees. 

Browsers or Apps?

If remote users are going to be accessing many screens or graphics, an app is often a better choice than browser-based access in terms of speed and usability. Apps are designed specifically for smartphones and other handheld devices, so screens are generally sized correctly, eliminating the need for excessive scrolling and long retrieval times. 

Many HMI/SCADA software packages provide a mobile phone app for free or for a very nominal charge. As with thin client and mobile browser access, remote users benefit from full-featured two-way communication. As compared to a browser, these SCADA apps connect and load screens faster to deliver more rapid response times. 

While many of these apps don’t require users to do screen conversions, there is a small level of effort required for setup, typically similar to what a user would execute when loading an app for his or her cell phone. 

Whether implementing browser or app access, it’s important to select the right SCADA development package. Because the programming languages used for Apple products are different from those used for Android-based and other tablets and smartphones, less innovative SCADA suppliers must write apps and browser-based applications separately for each operating system type. 

This means users often have to wait months for their smartphone or tablet application to be developed or upgraded. 

Improving Security

SCADA security is of utmost importance. The general media has publicised alarming stories on the vulnerability of SCADA systems, and enabling Internet or cell network access to SCADA systems does require additional security measures such as firewalls, passwords, and possibly encrypted virtual private networks. 

Most SCADA users are familiar with the Stuxnet worm that was discovered in June 2010. In addition to gaining access to the SCADA system, it was the first major instance of malware used to destroy equipment. 

Stuxnet was an important wake-up call to many companies. However, many continue to erroneously believe it demonstrates the dangers of the Internet. The Stuxnet worm initially spread using infected removable drives (USB flash drives), and it then used peer-to-peer remote procedure calls to infect other computers inside private networks that weren’t connected to the Internet. 

This example is used to show that any network, regardless of how it’s accessed, is vulnerable to attacks if it’s not properly protected. It’s equally important to prohibit unauthorized access from the PCs connected to a private network as it is to create firewalls for Web-based and cell network access. 

Industrial security experts advise treating SCADA security with an in-depth strategy that leverages common IT practices and security measures including firewalls, encryption, and proper procedures. 

Many companies use a virtual private network (VPN) to secure communications between multiple networks or multiple hosts. A VPN establishes a protected tunnel across the Internet or other communication network that keeps data safe from unauthorised access. 

Communications are safeguarded regardless of the path taken or the distance traveled. Fortunately, today’s advanced SCADA systems offer a high level of protection and functionality for remote access if implemented correctly, and if correct security procedures are followed.

Regardless of the device and method used, inevitably the vast majority of SCADA systems need to provide some sort of remote access. The very nature of these systems is to facilitate the monitoring and control of remote processes and operations, so trying to isolate the SCADA system creates a real risk of falling behind competitors. 

The good news is now SCADA users have many options for providing that remote access, with different ones to suit each application.

Control Engineering:

You Might Also Read:

Industrial Control Systems Are A Soft Target For Cyber Attackers

US Homeland Security Warns Of Dangerous SCADA Flaw

« Five Trends In Attacks On Industrial Control Systems
PAS Global Named Leader In Industrial Control Systems Cyber Market »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Secure Forum

Cyber Secure Forum

The Cyber Secure Forum is a premier cybersecurity event dedicated to bringing together experts, and professionals to explore the latest trends, share knowledge, and discuss strategies.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

Romanian Association for Electronic Industry & Software (ARIES)

Romanian Association for Electronic Industry & Software (ARIES)

ARIES is the Romanian Association for Electronic Industry and Software, the biggest and most influental organization created for the IT&C industry in Romania.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

SHe CISO Exec

SHe CISO Exec

SHe CISO Exec is a sustainable global training and mentoring platform in information security and leadership.

Polymer Solutions

Polymer Solutions

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Orchestrate Technologies

Orchestrate Technologies

Orchestrate Technologies provides computer network and IT managed services for small and mid-market clients as well as small enterprise businesses.

RIoT Secure

RIoT Secure

RIoT Secure AB is a technology enabler within the IoT industry - created with a vision to ensure security technology exists in the foundations of software development for IoT solutions.

Cyber Security Certification Australia (CSCAU)

Cyber Security Certification Australia (CSCAU)

CSCAU is the world’s first 'for mission' industry council set up to address small and medium-sized business (SMB) cyber resilience through annually updated certifiable standards.

Layer 8 Security

Layer 8 Security

Layer 8 Security is a cybersecurity advisory, consulting, and technical services firm that arms businesses with practical compliance, risk management, and security program strategies.

Valmet

Valmet

Valmet is a leading global developer and supplier of process technologies, automation and services for the pulp, paper and energy industries.