SCADA Saves the World – One kWh at a Time

Let me start by saying I am not trying to promote any particular theories or ideologies. When it comes to global climate change, I don’t have a dog in the fight. I’m not a climatologist. I’m not a producer of industrial waste. I’m just a casual observer taking note of what I see, and what I see is a new trend in SCADA usage: energy management.

As more and more of the objects in our world are gaining intelligence, and as we continue to find new ways of monitoring our environments, one immediate advantage is called to mind. SCADA systems allow us to pay attention to things that we just didn’t have time to pay attention to before. It has suddenly become a simple matter to track our energy consumption – recognizing periods of high demand and other patterns that lead to higher consumption. Now, I’m not about to suggest you should be concerned about your energy consumption because you’re killing the planet and bankrupting our children’s future – I’ll let someone else point that finger. There are plenty of good reasons to reduce your energy consumption that have nothing to do with melting icebergs.

The most obvious and most compelling reason is simple: money. I think it’s fair to say that most of us would like to have more and spend less. If you can reduce your monthly electric bill by 20%, why not do it? Imagine a small company that spends $1000 a month on electricity. That’s $12000 a year. A 20% reduction would lower that expense to $9600 a year. If you can do that without taking anything away from your productivity then there is really no good reason not to.

You try to get the most value for your investment in everything you do – whether it’s buying office supplies or advertising. If your production monitoring system will allow you to save money by simply monitoring your energy consumption as well, then do it. And don’t worry about people thinking you're some tree-hugging communist (not that there’s anything wrong with that). To hell with the rainforests and whales – I’m saving money!

And while we’re using SCADA to reduce our consumption, utility companies are using it to create a smarter, more efficient power grid, eventually reducing the overall cost of generating and distributing electricity. So SCADA is making power cheaper and helping us use less of it. Now, that’s some helpful software.

Thank you SCADA! 

SCADA and Security: Are Our Systems Safe?

In the last 30 years, major advances have been made in both SCADA technology and security. Yet, somehow, the security of SCADA systems has changed very little. Even though SCADA systems are deployed all over the world – with the number of current deployments trending consistently upward, security has not been a primary concern of the software engineers. There are a number of reasons that could be cited, but the primary one relates to the ways that the software is being used. Frequently the same SCADA software can be used to automate various types of processes, from water treatment and power distribution to building automation and energy management. Furthermore, SCADA customers who have invested numerous hours into designing and implementing their systems however many years ago are not especially excited about the idea of making the sweeping changes that would be required to make the systems more secure. Basically: “If it ain’t broke, don’t fix it”.

The problem with this philosophy is that – when it comes to security – many times the system is “broke”. Just because a system has not fallen victim to an attack doesn’t imply that it’s not vulnerable. And once an attack has occurred it will likely be too late to “fix it”.

The Legacy of Stuxnet

When the Stuxnet worm was discovered in 2010, it called attention to the scope of the potential danger inherent in attacks on SCADA systems. Though Stuxnet is a very sophisticated worm created by sophisticated minds with virtually unlimited resources at their disposal, it is a plain fact that if a group or organization is sufficiently motivated there are very few (if any) barriers that cannot be overcome.

The fact that some very sensitive and necessary processes are currently controlled by some sort of SCADA software – from electrical grids to mass transit systems – an effective attack could be absolutely devastating. For this reason there are some very legitimate concerns.

I.T. departments are frequently tasked with designing and implementing the security parameters of SCADA systems – not an easy task since a functional SCADA system relies on easy accessibility. If it is not easy for multiple people to access multiple data points at any given time, the SCADA system is not going to be effective, and it could in fact be dangerous. So, it is often a delicate balancing act to make a system simultaneously accessible and secure, and it would be naïve to not think that some security is compromised for the sake of accessibility.

SCADA in the Cloud

The latest conversation as it relates to SCADA and security centers around cloud-based deployment of SCADA systems. The inherent dangers of cloud-based deployment are well-known and well-documented, so I will leave it to the reader to ascertain the details. Suffice it to say that terrestrial SCADA systems have not be thoroughly secured against all attacks, so I think it’s safe to assume there are some valid security concerns associated with publishing operational data to the cloud. That’s not to say it won’t be happening; it almost certainly will. When cloud-based SCADA becomes the norm, you can be fairly certain that a whole new array of security concerns will surface. The good news is changes in technology will eventually force users of older SCADA and HMI systems to strongly consider upgrading. And when that happens, let’s just hope they make security a top priority.

New Ideas In Security

Scada developers at B-Scada have integrated some new security features into their latest software product, Status Enterprise Edition. Status will allow users to be assigned to specific roles with access limited according to the permissions of the role - something like user groups in Windows. Additionally, specific aspects of the SCADA system wil be organized into Workgroups. Users will be limited to accessing the assets and information that have been made available to the workgroup(s) to which their role has access. 

This allows for easy enforcement of essential security principles such as the Principle of Least Privilege, and restrict users accounts to the least amount of information rewuired to do their jobs.

It will be possible for organizations to divide access to key data among multiple personnel, so that no one person can access everything at once; this will make it very difficult for unauthorized parties to make any potentially dangerous changes to the SCADA system without the support of multiple people on the inside. 

Is There a Place for Independent SCADA Developers?

An undeniable growing trend in the SCADA (Supervisory Control and Data Acquisition) industry is the consolidation of SCADA developers under larger corporate brands. It seems that when a small company develops a SCADA product that has any success at all, it’s not long before a larger company with more resources acquires the smaller company and their software.

Now, I’m not about to judge whether this is good or bad – and there are valid arguments for both sides. I am simply calling attention to an obvious fact. The trend is illustrated on the timeline below:

As time goes by, the mergers and acquisitions become increasingly frequent, and this trend shows no signs of changing any time soon.

So, the question is: Is there a place for independent SCADA developer’s in today’s market?

The short answer is yes. There is a place and a real need for independent developers who create quality software and are able to sell the software at a more accessible price. There are several reasons why this is the case:

• Many industries in developing nations have a need for process automation and monitoring software, but the offerings of the larger companies are cost prohibitive.
• Systems Integrators all over the world have projects with very specific needs, and the larger SCADA products and their excessive cost are not entirely necessary.
• Some customers place a greater value on service and support, and the more personalized attention they can receive from a smaller company outweighs the perceived value of a well-known brand.

There are several other reasons why smaller, independent SCADA developers have a place in today’s market. The important point, though, is that SCADA customers need to have options. There are so many different industrial processes and so many types of data to monitor, that it is bordering on preposterous to think that one SCADA solution – or even a small set of similar solutions – can accommodate all of the varied needs of today’s consumers.

(For more on SCADA, visit: www.scada.com)