Hirose: Connecting the future
Industrial Ethernet Book Issue 71 / 41
Request Further Info   Print this Page   Send to a Friend  

A new era of mobility using mobile devices for SCADA

SCADA systems have been in use since the 1950s and their essential contribution to the process industry continues. However, a new breed of mobile SCADA systems, which offer the same functionality but via mobile devices, are quickly gaining ground as organisations realise the limitations inherent in the traditional model of fixed visualisations within a dedicated control room. Christian Schad explains.

MOBILE DEVICES - smartphones, tablets and Blackberrys etc - influence every aspect of our lives, both in the workplace and at home. According to Ofcom (the independent regulator for the UK communications sector), a quarter of all adults now use a smartphone.

Moreover, new research commissioned by global financial services firm Morgan Stanley implies that soon, sales of smartphones and tablets will overtake that of PCs.

This sets the scene for another major shift in the extent to which mobile working will continue to change the way organisations operate. Already the ˇ®enterprise mobility' generation of business people expect to have 'anytime anywhere' access to information systems. It is now the turn of process automation, with 'engineering mobility' software bringing much needed support to automation engineers.

The latest mobile SCADA systems, provide the same level of functionality as traditional systems, but via a mobile device. These systems are fast becoming more popular because they can help overcome the limitations inherent in the conventional model.

Benefits of mobile SCADA

By using an existing Wi-Fi and GPRS infrastructure with an ordinary smartphone or tablet, skilled process engineers can monitor single or many SCADA and PLCs that monitor and control complex automation systems from a single mobile device. It is now possible for engineers to have live remote access to monitor and control operations and respond quickly unplanned downtime.

With the addition of CCTV cameras, he or she can also video stream live pictures of the location where the problem has occurred right onto his/her mobile device, enabling an immediate visual appreciation and examination of the severity of the issue whilst en route to fix the problem (Fig. 1).


Fig. 1: Mobile SCADA network. Showing how client mobile devices can link to the SCADA network. Using an existing Wi-Fi / GPRS infrastructure with an ordinary smartphone or tablet, engineers can monitor single or many SCADA and PLCs that monitor and control complex automation systems from a single mobile device.

As a result, engineering staff can effectively have a 100% remote control room in their hand, which can either make an existing control operation more efficient, or avoid the need for manning a fixed control room altogether.

Although the mobile SCADA system is not intended to replace or replicate existing SCADA, it works independently of an existing main SCADA system, so if the latter fails for any reason, the mobile SCADA provides a level of contingency and will continue monitoring.

ROI figures from existing users show mobile SCADA systems can significantly reduce the cost of unscheduled downtime by up to 60%, with the extra benefits of faster throughput levels, up to 30% greater productivity and all round better resource utilisation.

Promising results

Reports from these early adopters have shown that engineering mobility applications clearly benefit the bottom line. For example, Munich Airport can handle 12 more aircraft a day, and Lugato, a chemicals manufacturer, ships an extra truckload of finished goods daily. Such gains have been made simply because of lower unplanned system downtime through early problem detection and faster response.

  Consider the following process scenarios:

• High levels of process automation;

• Many conveyors and sorting stations;

• A reliance on minimal human intervention;

• A requirement to process high volumes with;

• a very high throughput;

• Tight shipment deadlines or a requirement to supply 'just-in-time' to production;

• A dependence on the reliability of its automation systems to meet service level agreements and KPIs;

• The high financial impact resulting from unscheduled downtime;

  A mobile SCADA system can deliver significant ROI to an organisation in well under a year.

Tighter SCADA security

Is security a concern? Following recent compromises to the security of traditional SCADA systems, it is natural to wonder whether mobile SCADA could leave an organisation exposed to the same issues. The idea of mobile SCADA security could be regarded as an oxymoron; looking more closely at the way
such systems work reveals a different picture.

Secure mobile data communication can now be simply implemented through end-to-end encryption methods, either based on 256 bit AES encryption keys or through hardware encryption via smart card authentication. These methods bring very high security to mobile data communications, which independent organisations, such as the Frauenhofer Institute, have verified exceeds that required for wired data communications.

Provided that the architectural design has ensured that security has been implemented correctly, introducing mobile SCADA will not increase security risks according to this independent assessment.

Advanced Encryption Standard (AES) is a specification for the encryption of electronic data, which is now used worldwide because of the high security provided. AES is a security standard based on a symmetric-key algorithm, so the same key is used for both encrypting and decrypting the data.

AES was originally introduced in 2001 after beating 15 other security standard designs. It has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits. Until May 2009, the only successful published attacks against the full AES were side-channel attacks on some specific implementations. The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths.

To test mobile SCADA security, Research In Motion (RIM) asked the Fraunhofer Institute for Secure Information Technology (SIT) to conduct an in-depth security evaluation of the BlackBerry Enterprise Solution in the institute's IT Security Testlab with EXTEND7000. The aim was to evaluate this solution against well-accepted principles of the IT security community by performing an extensive hands-on analysis of the components, interfaces, software platform, environment and protocols.

Fraunhofer Institute inspected all aspects of encryption, key exchange, smartphone management and server security using accredited SIT testing tools. The organisation confirmed that this solution complied with state-of-the-art security and recommended that companies should change the standard BlackBerry smartphone encryption setting to use AES encryption. This provides strong protection against known attack methods. There is some loss of some management features, but core functionality is not reduced.

Security loopholes

Even today, SCADA visualisation systems and terminals are often implemented with little consideration as to security. Systems may be left open and accessible, so that every employee, irrespective of qualification, has access to the workstation and can freely perform tasks. User authentication is often not required; even when this is so, our experience has shown that employees will leave systems logged on or share user names and passwords.

Some systems provide no security functionality to assign permissions to employees. Even where role based permissions are supported, because of the high engineering labour required, this is usually only crudely implemented.

Also, authorisation structures can be overly complex and need assistance from external
service providers, so authorisation structures are not kept up-to-date with daily operational changes (frequently not even corrected later).Without user authentication, logging operational events is fairly pointless, since it is impossible to prove who carried them out.

Mobile SCADA systems can intelligently enhance the security of existing systems by granting or denying access to individual users or user groups. In this way, employees will not have access to systems and processes that fall outside his or her responsibility. Mobile SCADA allows different employees to be reliably identified by the hardware ID of the mobile terminal assigned to them.

Unlike a fixed workstation, a mobile device is carried with the employee and cannot be used by anyone else without their knowledge. This can directly prevent unauthorised access.

Today, IT security systems are mainly concerned with making a system 'safe' from external attack. Internal security is often neglected, even though damage caused by employees can far exceed any damage caused by external attacks. It is exactly here, that mobile SCADA can improve overall system security. By cutting unscheduled downtime, improving response times and resource utilisation levels to resolve inherent security issues present within traditional SCADA systems, we can expect many more organisations to investigate this potential.

schad-automation.com


Source: Industrial Ethernet Book Issue 71 / 41
Request Further Info    Print this Page    Send to a Friend  

Back

Sponsors:
Analog Devices: Time Sensitive Networking
DINSpace fiber optic and Cat 6 patch panels
Japan IT Week Autumn

Get Social with us:



© 2010-2018 Published by IEB Media GbR · Last Update: 18.11.2018 · 43 User online · Privacy Policy · Contact Us