Cybersecurity for pipelines, other SCADA systems

It’s critical to stay up-to-date with cybersecurity measures to improve defenses against cyberattacks.

08/18/2017


Remote condition and performance monitoring for large pieces of critical equipment by the OEM already is happening. The result is often multiple SCADA systems working in parallel at the same site. The way these systems interact must be carefully controlled. Courtesy: Yokogawa CorporationSupervisory control and data acquisition (SCADA) systems have been part of the process industries for many decades and cybersecurity measures need to grow as technology advances. SCADA systems are used in oil and gas pipeline and other remote control and monitoring applications, such as electrical transmission and distribution, and water/wastewater.

While the technology continues to evolve, the underlying use case remains: gathering and transmitting data from distributed sensor networks and sending control commands. The term SCADA itself has come to mean many things and often is used interchangeably with distributed control system (DCS) and other automation system configurations.

A SCADA system supports bi-directional communication between distributed field devices and a central control area. For example, an oil and gas company might use a DCS to control a refinery, but a SCADA system will be used to control the pipelines coming into and leaving the refinery. As a result, the SCADA system can cover longer, more linear distances than a DCS, like supporting a pipeline. In many respects, SCADA systems are a proto-Industrial Internet of Things (IIoT) application with respect to their basic functionality.

Traditional deployments

For example, refer to Figure 1, a hypothetical remote pipeline pumping station. All the field instruments and actuators connect to a remote terminal unit (RTU), which serves as a data consolidation and translation point. The RTU also works with whatever backhaul transmission medium is in use, such as 900 MHz radio, satellite, or any other media necessary to handle the required bandwidth and distance.

The various field devices may use assorted communication methods to connect to the RTU, but the RTU serves as a gateway, converting it all to one protocol—such as Modbus or something proprietary—so it can transmit everything in one data stream. Some local control functions may be necessary at the site. Additionally, the RTU can perform the local functions or a programmable logic controller (PLC) or other small controller may be used, but it too will report its activity through the RTU.

Older radio communication methods for many of these systems often proved unreliable with 900 MHz systems susceptible to interference. New approaches offer improvements, but many pipeline operators retain the older platforms, problems and all, for cost reasons.

The RTU frequently serves as the focus for cyber-attack methods. Hackers often find older RTUs poorly defended with unsecured communication, so they become the path of least resistance into the network.

One of the most famous hacks relating to this cyber-attack method was in western Ukraine. In December 2015, attackers started shutting down an electrical grid by gaining access to devices similar to RTUs spread among substations. In this particular case, the units themselves were the weak links and were targeted because of their poor defenses and strategic positions. Once reached, tripping one caused a high level of disruption.

SCADA 2.0, IIoT development

As old as the SCADA concept is, it has not lost any of its importance. In fact, the role of SCADA systems is growing, which is broadening their definition. With a higher degree of protocol standardization and greater connectivity to corporate information technology (IT) networks, the potential for a cyber-attack also increases and is growing.

The trends toward business systems using and processing SCADA data create new avenues and reasons for system exploitation. Sharing data is often the lifeblood for many companies, but new threats can emerge in the process.

On the other hand, developing technologies also are changing the current situation as the IIoT merges with SCADA to become “SCADA 2.0.” This still has some time before development is complete, but there are many possibilities, including its design and how it could affect security considerations (Figure 2).

The RTU, at least as a gateway, no longer will be included since it won’t be needed. The individual field instruments and actuators at the hypothetical pipeline pump station will all communicate directly with the ubiquitous network, just as a technician visiting the site might call back to the office on a smartphone. The data from the devices goes to the cloud and can be captured and used by whichever part of the company needs it, from anywhere. At this point it’s difficult to say exactly what the network might look like, however it most likely will be 4G or 5G capable, but the communication will be direct. New networking technologies like low power wide area network (LoRa WAN) may be included as well.

Setup for these installations will be easier than with current SCADA systems. It will be as easy as installing the field device, turning it on, and connecting it to the cloud. This will get rid of all the expensive and dangerous manual operations still being done at many sites. If a level instrument is added to the storage tank, the need for a worker to be sent out for maintenance no longer will be necessary. 

However, there may still be a need for control functions at the site. A natural gas compressor or other complex equipment may need fast-loop control, which will require a local PLC. Control via the cloud is still under development. These installations may use the PLC as a data consolidator, but it depends on each use case.

If the cloud architectures are what they need to be, this type of system should be very secure. By eliminating the RTU/gateway and less-reliable backhaul communication methods, a hacker will have to gain access to multiple field devices one at a time rather than gaining access through the RTU. A single IIoT device is not connected to the network in the traditional sense as its wired predecessors are, so while it might be possible for a hacker to disrupt the individual device, this will not provide a means to access the larger network.

The reality of this concept is some time away since the networks with the necessary requirements don’t currently exist. Coverage and speed are improving all the time, but 5G or even 4G in all the areas where pipeline pumping stations are located is not there yet.


<< First < Previous Page 1 Page 2 Next > Last >>

The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me