Decalogue of Good Practices for the Communication, Control, and Supervision of Unattended Facilities (Part 2)

Part two of the Decalogue of good practices for the communication, control, and supervision of unattended facilities that we saw in the previous post:

6) Homogenize, standardize, and document working methods. Although the different sites may have different elements of different technologies, you should always try to work in a replicable way, decoupling each device and how it integrates with the others. That is why, once a working methodology is decided, each new action must be directed to implement it as far as possible.

There are procedures of this type at all levels, regardless of their function:

• Electrical level, how to group the elements of an electrical cabinet, how to label the cables, what plans should be required from the installer…
• RTU programming level, data structures, tag nomenclature, programming language, level of comments, what graphic control diagrams to require from the integrator…
• SCADA level, use of templates, object nomenclature, standardization of graphics…

7) Prevent bad communications. As mentioned, the facilities must be as autonomous as possible because communications cannot be guaranteed. Therefore, it is highly recommended to have alternatives to report correctly or, at least, not lose information.

To ensure that no data is lost, action can be taken from three fronts:

• Redundancy of communication channel. This means that there must be a primary route through which to normally communicate the bulk of the information, but in case of failure of this, there is a second security route for critical information.
  The combinations are multiple, from using a multi-operator SIM card, redundancy of modems with several operators, satellite communication, WIMAX or conventional radio. Special mention must be made for critical operators as they have access to the different TETRA security networks of the territories to guarantee their correct operation.

• Telemetry protocols. Due to the different needs of infrastructure environments, different specific industrial protocols were developed focused on optimizing communication and avoiding information loss.

These protocols, unlike the vast majority of them, usually work by events and timestamp, have an information buffer to dump it in a single transaction and the ability to send messages – again, Push vs Pull strategy . Today, the leading telemetry protocols are DNP3 and IEC-60870-101/104.

• Reports and data files. For that non-critical information, it is always recommended that the control elements of the facility are capable of generating reports where the data that should not be sent in real time or consolidated data such as measurements of a counter, of a totalizer, etc. is collected.
  Typically these reports should be saved on the device itself – in its FTP services, for example – and will be searched once a day, week… in a moment of supervision and control without planned actions.

8) Security at all levels. It is evident that the facilities that control the management of water or energy are a strategic point to secure. Cybersecurity threats can be classified into internal or external threats. Unlike other environments, the risk of internal threats is relatively low since there are no wireless communications, only authorized personnel have the corresponding keys or passwords, there are usually no flat networks that connect all the sites… on the contrary, there are great risks of external threats.

The two major risks of external threats would be the threat of interference in communications and a physical threat. Avoiding the threat of impersonating identities or sniffing information from communications is always very complicated, so all available tools should be added to avoid it. A list could be:

• Use of protocols with security and authentication.
• Use of VPNs within the same communication channels, that is, between RTU and Control Center.
• Use of private APNs provided by telephone operators.

As can be seen, all these measures require IP-based communication, or at least digital communication, which is why it can be said that analog radio-based communication today is not secure.

Regarding physical security, it must be aware that it can never be avoided since, due to the same casuistry of a scenario of many geographically separated facilities, it will not be possible to have personnel always in each of them. Therefore, it should be approached from two perspectives, be informed when someone enters the site and avoid damage once inside. For this, a set of actions could be:

Presence sensors inside the same facility. Given the nature of the scenario, where they would hardly be used, it is possible to study the use of low-consumption sensors. This sensor would notify the CC that the site has been entered, from here it is easy to know if it is a scheduled visit or not.
Prevent them from interacting with the control, either by using remotes with firewalls in their ports to avoid computer attacks or by requiring passwords in those elements that interact with the RTU, such as the HMI.

9) Try to minimize travel. As mentioned, the nature of the scenario makes constant visits to the site very unproductive in case of problems, therefore, it is recommended to use remote control tools in case of having a structure that allows it, either to avoid all travel or at least that of the control engineers.

Take advantage of remote control. It is very useful and recommended to use control tools that allow establishing connections with the RTUs even if the bandwidth or communication is limited. This will allow not only a good connection and data refresh, but also the luxury of OTAP – Over The Air Programming -. This possibility is not a simple chimera, although it is very common to program in the office, do the commissioning and if it works, not touch it, the OTAP has a further derivative, the updating of firmwares. Whether because generic failures or security breaches have been detected in the previous version or simply because functionalities have been added in the new one, in a technological world in constant evolution, the updating of firmwares is considered indispensable.

Add a local control. This option, although it does not excessively increase the cost of projects either in HW or in programming, is often forgotten, although it presents great advantages. The fact of having a local HMI that allows starting, turning on, stopping… the elements that the RTU controls allows that when there is an error, the maintenance operators can make a first assessment of a failure or test a replacement without the need for a programmer in the connected CC. In short, this option, allows to avoid major evils or unnecessary guards providing the maintenance operators with simple tools of interaction with the control.

10) Use of appropriate exploitation tools. Once the facility is functional, autonomous, secure and communications are stable, that information that reaches the CC must be treated appropriately. Nowadays, under the banner of IoT and Industry 4.0, typical visualization tools have taken an appreciable leap in quality.

Specifically in the world of infrastructures you can find new solutions that allow you to locate information geographically in GIS systems, not in an image of a map located as a background, filter according to different layers or elements, visualization on tablets or mobiles, integration with virtual reality… that is, the evolution has also reached the world of SCADAs for infrastructures.

You can consult the first part of the post again from here.

You can download from here the Decalogue of good practices for the communication, control and supervision of unattended facilities.