IDENTIFYING SINGLE POINTS OF FAILURE IN SCADA SYSTEMS

Identifying Single Points of Failure in SCADA Systems

Periodically reviewing your SCADA System Architecture is crucial in maintaining a reliable oil or gas pipeline system. No matter how thoroughly the system was designed and implemented, or how carefully change processes have been managed, problems can creep into the system as it is modified and updated, leading to unforeseen consequences. Regularly scheduled SCADA System Architecture reviews can identify and address issues such as single points of failure, gaps in cybersecurity, communication reliability, and performance issues before they interrupt the control center’s ability to monitor and control pipelines, potentially resulting in millions of dollars of savings in incident prevention.

What is SCADA?

SCADA (Supervisory Control and Data Acquisition) is a combination of software and hardware that allows industrial organizations to monitor, gather, and process real-time data, then use that information to control devices such as valves, pumps, and motors to manage industrial processes. SCADA Systems help industrial organizations maintain efficiency, make smarter decisions, and identify potential issues to help mitigate downtime. Historical data from a SCADA system can also be logged in a historical database, allowing personnel to analyze data and identify trends. Modern SCADA systems allow real-time data to be accessed remotely, making it a particularly powerful tool for the pipeline industry, where even a minor issue could result in major losses.

The Possible Pitfalls of Not Performing a SCADA Architecture Review

  • Thinking there is no review needed – SCADA systems are not “set it and forget it.” They are active systems that report real-time information, but as with any complex system, they need to be regularly monitored and maintained to ensure the flow of information remains uninterrupted and reporting is accurate.
  • Excessive data – The SCADA system used to support the Control Center should ideally be focused exclusively on the needs of the Control Center. Acquiring and processing other field data for corporate users outside the Control Center adds unnecessary complexity and frequency of changes to the SCADA system. Collection and processing of field data not required by the Control Center should be handled by other systems, which are not subject to regulations and have the advantage of being cheaper and easier to maintain.
  • Not being proactive – The cost of a review is relatively low. The cost of correcting a system that has failed, on the other hand, can be huge and the extended effects catastrophic.
  • Security issues – Whenever a system has a connection to the outside world, the potential for malicious sabotage performed by disgruntled workers or cyber-attacks from hackers is increased. These connections should be reviewed periodically to ensure proper cybersecurity is in place to protect the SCADA system.
  • System inefficiencies – Bottlenecks, obsolescence, and weak points may inadvertently work their way into a system as it is maintained and augmented over time.

Find a Partner to Periodically Review Your SCADA Architecture

An integrator may only have experience with one or two specific systems, severely limiting the expertise they bring to the table. UTSI, on the other hand, is a vendor-independent consulting and engineering services company that has worked with over 200 customers and resolved a vast number of challenges on projects worldwide. This gives UTSI the background and experience necessary to pinpoint critical issues in an existing SCADA system and then guide our customers to the best solution available. In addition, as an independent consultant, UTSI can dedicate the time, personnel, and resources to quickly and efficiently conduct a SCADA Architecture Review for existing systems without jeopardizing day-to-day operations.

The Process of a UTSI SCADA Architecture Review

UTSI uses a comprehensive 11-step process when performing a SCADA Architecture Review:

    1. Discuss with the client their particular concerns and any specific problems they may have encountered.
    1. Collect drawings for primary, backup, and tertiary control rooms and data centers which house SCADA and communication equipment, including network configuration with IP addresses.
    1. Verify whether drawings are current and accurate — the level of verification will depend upon the client and the state of the drawings. While spot checking may be all that is required, if drawings are poorly done or out of date, a thorough check of all equipment and connections may be warranted.
    1. Determine if the network is properly segmented for cybersecurity and performance issues.
    1. Identify any single points of failure in applications, equipment, and network circuits.
    1. Review communication circuits for adequate capacity and choke points.
    1. Review utilization of communication circuits.
    1. Review network routers and firewalls for reasonable configuration and rules.
    1. Verify the SCADA network is properly isolated from the corporate IT network.
    1. Evaluate the risk of any wireless portions of the SCADA network.
    1. Determine if adequate Management of Change (MOC) procedures are in place and being followed for any changes to the SCADA Architecture.

UTSI is an industrial control system engineering and consulting firm specializing in automated system design, implementation, project engineering, cybersecurity, and remote infrastructure monitoring services for oil and gas pipelines. With over 30 years of experience, UTSI has been responsible for the design and implementation of sophisticated industrial control systems and related technologies for many of the world’s largest energy corporations. To find out more about how UTSI can help with a SCADA Architecture Review, visit https://www.utsi.com/what-we-do/.

Follow us on social media for the latest updates in B2B!

Image

Latest

cargo theft
Beyond Cargo: Protecting Drivers, Assets, and the Bottom Line with AI
December 6, 2024

In the first half of 2024, cargo theft in the United States surged by 49% compared to the same period in 2023, with an average loss per incident of $115,23, according to an August 2024 report by Overhaul. Freight hubs and urban centers like California and Texas remain hot spots, exposing long-standing gaps in supply…

Read More
Stadium Security
From Gates to Game Time: Lessons in Proactive Stadium Security
December 6, 2024

Safety sells—and 69.3% of fans are buying in. According to the National Center for Spectator Sports Safety and Security, nearly three out of four eventgoers factor security into their decision to attend, and many are willing to pay extra for peace of mind. For those charged with event and stadium security, this isn’t just a…

Read More
Perimeter Security
Beyond the Fence: Proactive Perimeter Security with Video Analytics
December 5, 2024

Your facility’s perimeter is not just a boundary—it’s the first line of defense against potential threats. If you manage security for a corporate headquarters, manufacturing site, transportation facility, or university campus, you have felt the pressure to get ahead of those looking to do harm. We talk with your colleagues every day and they live…

Read More
AI in Physical Security
AI in Physical Security: Expert Success Stories Dispel Falsehoods
December 5, 2024

The fall of 2024 raises security concerns around events public and private. Increased foot traffic and high-profile events including an election make it harder to maintain a secure environment, especially in busy places like schools, universities, public gathering spaces/events, and healthcare facilities. Every day, security teams face the task of identifying and responding to threats…

Read More