Exploring SCADA-as-a-service

SCADA-as-a-service is a new solution to providing process control in wide area network applications. From an operations point of view, the method of system interaction remains exactly the same, which can provide a straightforward approach to adopting a service orientated SCADA system.

The latest generation of SCADA systems are a natural evolution of the traditional SCADA platform –taking a virtualised environment and hosting it in a data centre. The ability to host and access a SCADA system anywhere, via the internet, is the key that has unlocked the ability to operate SCADA-as-a-service.

With cloud computing a software system shifts from being a framed platform of certain capabilities and becomes an elastic platform that can expand and contract on demand, through the use of unlimited amounts of processing power and storage capacity provided by a data centre. 

Indeed, the concept of utilising central control rooms to host and operate SCADA systems for wide area networks was exactly how these systems used to be run. The only difference between then and now is that there was no globally-available public network.

Traditionally, SCADA systems have remained current for less than a handful of years before requiring significant capital expenditure to migrate to new software and hardware revisions.

Adopting SCADA-as-a-service provides a remedy to this problem. The system itself can remain current throughout the process lifecycle. A dedicated team of Cloud SCADA engineers can ensure minor and major revisions are tested for operational compatibility prior to system wide roll out, ensuring updates do not negatively impact operations which traditional systems are continuously open to.

It also overcomes the growing issue of limited technical resources within an organisation as well as the elimination of unpredictable external labour costs through the adoption of dedicated Cloud SCADA engineers whom can access and maintain the system remotely.

Ultimately, the system upkeep and maintenance also shifts into a continuous operational expenditure model offering cost savings over the process lifecycle, when compared to more traditional SCADA system approaches. 

In addition to the SCADA system being hosted in the cloud, the operational environment is pre-configured – typically using the international ISA101/18.2 graphical and alarm management standards.

Standardisation allows operators to quickly understand and operate a plant, regardless of their experience level. Improving an operator’s ability to predict, diagnose and respond to abnormal situations through enterprise wide standardised look and feel of HMI screens and globally interpretable alarm information, which can offer productivity benefits.

Pre-configuration also provides the flexibility for the system to expand seamlessly, through the use of automated faceplates and templates. Required system customisation can be scheduled to take place at a time that best suits site operations.

Technological change requires controlled management to protect process reliability, quality, availability and safety. These are all aspects that are subject to complex certification and validation, so new and more elaborate cybersecurity threats make protection an ongoing challenge. This level of complexity is eliminated where maximum security can be implemented, maintained and managed continuously as an integral part of a SCADA-as-a-service solution. With security already embedded within the hosted environment, the following security measures can be taken within the operating virtual environment: 

• Application whitelisting to help prevent malicious software and unapproved programs from running. 

• Patch applications such as Flash, web browsers, Microsoft Office, Java and PDF viewers.

• Patch operating systems.

• Restrict administrative privileges to operating systems and applications based on user duties.

An example of a common wide area network SCADA is Yokogawa’s FAST/TOOLS which supports open architectures and platform independence. This decouples its dependence from any particular operating systems and makes it natively suitable for hosted environments.

FAST/TOOLS secure software development is also provided in accordance to ISA/IEC 62443, giving end users vendor independent certification of a secure software development lifecycle based on this internationally accepted standard.

The cloud environment offers the ability to provision resources on demand, where only the required amount of storage capacity is used. This can reduce overall infrastructure hardware costs in comparison to making an upfront investment in server sizing and capacity with traditional systems.

The management and maintenance of the virtual environment allows the recovery of last known operation states to be backed up frequently and restored if or when required. The virtual environment on which FAST/TOOLS operates is decoupled from the hardware environment through the use of hypervisor technologies which allows the hardware layer to continuously remain state-of-the-art throughout the leased period, without disrupting the operational environment, during regular updates and upgrades.

There are a combination of methods that allow field device information to communicate to cloud-based central control rooms. However, the ultimate goal would be to reduce the reliance of the radio network as the primary communication path.

A staged migration of the radio network can be employed in such a way that it becomes a secondary fail over path or completely decommissioned; migrating onto a secure public infrastructure (4G/4GX) which provides comparatively increased availability and lower total cost of ownership versus leased radio networks.

Virtual private connections via a public network also provide a significant increase in bandwidth, overcoming the fundamental limitation of leased radio networks. Increased bandwidth is an immediate enabler to retrieve more process data as well as gather the ever expanding diagnostic information from field instruments. This level of information can now be easily served to predictive maintenance tools to decrease operational downtime.

The SCADA-as-a-service can offer a naturally evolved method of providing process control to traditional wide area network applications. End users will immediately benefit without needing to change the operational front end.

Combining public networks with a hosted environment then coupling it with an established technology partner with industrial grade software that has been employed and field proven in the global marketplace for over 40 years, provides a structured and ruggedised solution for wide area network systems.

Incorporating cyber security mitigation techniques offers  a new and disruptive approach in SCADA operations. The perception of hosting costs and exposure to the internet are no longer the primary concerns. With the shape of SCADA systems changing at an accelerated pace, all the mechanisms are now in place to allow easy migration and transition into a SCADA-as-a-service model.