By Chris Little
This heated debate continues to rage on in boardrooms, online forums, and tradeshow floors around the world.
It pits SCADA teams, seeking to maximize system uptime, against IT departments, working to keep their systems secure. The divide has become especially acute as municipal monitoring and control infrastructure rapidly expands towards an Industrial Internet of Things (IIoT).
What follows is a very brief overview of why water and wastewater utilities choose to allow remote access and what steps should be taken to minimize the risk.
SCADA Through “Thick” and “Thin”
To understand how SCADA systems provide remote access, we should define the difference between thick and thin clients.
So Why Take the Risk?
With record numbers of utilities being targeted for some form of cyber-attack, why open another potential vulnerability?
Increased Response Time – This is one of the most common arguments made for allowing remote access. The ability to remotely view alarms and live process data and immediately take appropriate control actions can make all the difference to an emerging situation. In many jurisdictions, the consequences of a major spill or loss of service can be stiff fines for the utility and in some cases serious legal consequences for managers and superintendents.
Changing Operator Roles – It is becoming less common for operators to spend their days sitting in front of SCADA screens waiting to be told when something goes wrong. They are more likely to be out in the field adding new sites, dealing with current issues, or performing preventative maintenance. On-site access to real-time and historical data can drastically reduce maintenance time and improve operator safety.
Weathering Storms – Thin clients can also play an important role during dangerous weather events like those recently experienced in the southern United States. Remote access allows operators to manage their systems in real-time in situations where traveling to site is unsafe or impossible. Bryan Sinkler provides technical sales support to VTScada software users across the southeast US from our office in Orlando, Florida. Following Hurricane Irma, Bryan made a point of following up with his affected customers. Many reported the important role that remote access played before, during, and after that weather event. “The City of Ocala, where I came from, uses that extensively. During the storm, that was one of the key benefits of VTScada for them. They called and told me that it was a life saver.” For some, the storm was a wake-up call that they needed to expand their remote access. “Several utilities ran out of mobile client connections. They use them quite a bit for going out to the sites and checking on their phones, their tablets, their laptops; so that they don’t have to rely on the dispatchers to give them information.”
“SCADA in the Cloud” or “Head in the Clouds”?
Hosted or “cloud-based” SCADA systems take the idea of Thin Client access even further. In this approach, an integrator hosts a single application that serves multiple end users who access their private data using Thin Clients. This subscription model makes it possible for utilities with limited means to quickly adopt an enterprise-level SCADA solution without dipping into their capital budgets.
Ben Manlongat is a controls engineer with Kennedy Industries Inc. in Michigan. They have been operating their own cloud-based SCADA system for over nine years using VTScada software. “Hosted solutions eliminate the upfront hardware costs and software licensing fees required to install a traditional SCADA system,” explains Manlongat. “In addition, there is no need to maintain licensing support contracts, server computers, or an IT department. These are replaced with simple monthly fees for each online site.”
Though some worry about the security of hosted systems, Manlongat maintains that security is one of their most important selling points. “I often come across utilities with an existing SCADA system running on an unloved Windows XP computer collecting dust on somebody’s desk,” relates Manlongat. “Sure, there may be no Internet connection but there’s also no Windows updates, no anti-virus, no redundancy, and no backups. That is an insecure SCADA system.” Kennedy runs their hosted application at a local server farm, with automatic local and off-site failover plus guaranteed 24/7 power and Internet connection. “Customers have peace of mind knowing that their system is supported by a team of dedicated experts.”
Best Practices for Online SCADA Applications
If you do decide to connect your application to the Internet, here are some best practices that you should keep in mind.
Doug Spurrell, a familiar voice at the end of the VTScada support line for decades, has the following advice for configuring Thin Clients.
But My SCADA is Offline, So I’m Safe, Right?
No. Keeping your system secure is a process that must be taught to all users and regularly re-examined even if your servers are not connected to the Internet. This includes physically securing server locations, applying Windows® security updates, running anti-virus scans, creating individual SCADA user accounts with strong passwords, deleting accounts when employees leave, and taking care with USB drives or other external media, and maintaining the latest version of the SCADA software. VTScada customers with valid support can move to the latest version anytime. Never assume that a single technical decision will protect your application.
Risk vs. Benefit.
Simply put, if there is no benefit to connecting your SCADA system to the Internet then don’t. Online risks are real. However, remote access can allow you to respond to developing issues in time to prevent costly spills or service interruptions. This assumes that you have done your due diligence in protection for your system, which you should be doing even if your system is isolated. Talk to your systems integrator about what best practices they recommend. To learn more about the unique ways that VTScada helps you protect remote connectivity contact Trihedral at email@example.com.
About VTScada Software
VTScada is award winning software that represents over 32 years of dedication to SCADA and HMI excellence. Over 50 million North Americans currently rely on VTScada for their water and wastewater needs. This instantly intuitive platform removes frustration from every stage of the SCADA software lifecycle; from pricing and licensing, to development and support. Its unique architecture integrates all core SCADA components into one easy-to-use package. Finely crafted tools and training options combined with the most reliable support in the industry allow you to confidently start creating fully-featured applications immediately.