IDENTIFYING SINGLE POINTS OF FAILURE IN SCADA SYSTEMS

Identifying Single Points of Failure in SCADA Systems

Periodically reviewing your SCADA System Architecture is crucial in maintaining a reliable oil or gas pipeline system. No matter how thoroughly the system was designed and implemented, or how carefully change processes have been managed, problems can creep into the system as it is modified and updated, leading to unforeseen consequences. Regularly scheduled SCADA System Architecture reviews can identify and address issues such as single points of failure, gaps in cybersecurity, communication reliability, and performance issues before they interrupt the control center’s ability to monitor and control pipelines, potentially resulting in millions of dollars of savings in incident prevention.

What is SCADA?

SCADA (Supervisory Control and Data Acquisition) is a combination of software and hardware that allows industrial organizations to monitor, gather, and process real-time data, then use that information to control devices such as valves, pumps, and motors to manage industrial processes. SCADA Systems help industrial organizations maintain efficiency, make smarter decisions, and identify potential issues to help mitigate downtime. Historical data from a SCADA system can also be logged in a historical database, allowing personnel to analyze data and identify trends. Modern SCADA systems allow real-time data to be accessed remotely, making it a particularly powerful tool for the pipeline industry, where even a minor issue could result in major losses.

The Possible Pitfalls of Not Performing a SCADA Architecture Review

• Thinking there is no review needed – SCADA systems are not “set it and forget it.” They are active systems that report real-time information, but as with any complex system, they need to be regularly monitored and maintained to ensure the flow of information remains uninterrupted and reporting is accurate.

• Excessive data – The SCADA system used to support the Control Center should ideally be focused exclusively on the needs of the Control Center. Acquiring and processing other field data for corporate users outside the Control Center adds unnecessary complexity and frequency of changes to the SCADA system. Collection and processing of field data not required by the Control Center should be handled by other systems, which are not subject to regulations and have the advantage of being cheaper and easier to maintain.

• Not being proactive – The cost of a review is relatively low. The cost of correcting a system that has failed, on the other hand, can be huge and the extended effects catastrophic.

• Security issues – Whenever a system has a connection to the outside world, the potential for malicious sabotage performed by disgruntled workers or cyber-attacks from hackers is increased. These connections should be reviewed periodically to ensure proper cybersecurity is in place to protect the SCADA system.

• System inefficiencies – Bottlenecks, obsolescence, and weak points may inadvertently work their way into a system as it is maintained and augmented over time.

Find a Partner to Periodically Review Your SCADA Architecture

An integrator may only have experience with one or two specific systems, severely limiting the expertise they bring to the table. UTSI, on the other hand, is a vendor-independent consulting and engineering services company that has worked with over 200 customers and resolved a vast number of challenges on projects worldwide. This gives UTSI the background and experience necessary to pinpoint critical issues in an existing SCADA system and then guide our customers to the best solution available. In addition, as an independent consultant, UTSI can dedicate the time, personnel, and resources to quickly and efficiently conduct a SCADA Architecture Review for existing systems without jeopardizing day-to-day operations.

The Process of a UTSI SCADA Architecture Review

UTSI uses a comprehensive 11-step process when performing a SCADA Architecture Review:

1. 1. Discuss with the client their particular concerns and any specific problems they may have encountered.

1. 2. Collect drawings for primary, backup, and tertiary control rooms and data centers which house SCADA and communication equipment, including network configuration with IP addresses.

1. 3. Verify whether drawings are current and accurate — the level of verification will depend upon the client and the state of the drawings. While spot checking may be all that is required, if drawings are poorly done or out of date, a thorough check of all equipment and connections may be warranted.

1. 4. Determine if the network is properly segmented for cybersecurity and performance issues.

1. 5. Identify any single points of failure in applications, equipment, and network circuits.

1. 6. Review communication circuits for adequate capacity and choke points.

1. 7. Review utilization of communication circuits.

1. 8. Review network routers and firewalls for reasonable configuration and rules.

1. 9. Verify the SCADA network is properly isolated from the corporate IT network.

1. 10. Evaluate the risk of any wireless portions of the SCADA network.

1. 11. Determine if adequate Management of Change (MOC) procedures are in place and being followed for any changes to the SCADA Architecture.

UTSI is an industrial control system engineering and consulting firm specializing in automated system design, implementation, project engineering, cybersecurity, and remote infrastructure monitoring services for oil and gas pipelines. With over 30 years of experience, UTSI has been responsible for the design and implementation of sophisticated industrial control systems and related technologies for many of the world’s largest energy corporations. To find out more about how UTSI can help with a SCADA Architecture Review, visit https://www.utsi.com/what-we-do/.