Supervisory Control And Data Acquisition

HP plans to unveil a network-monitoring appliance that captures event data generated in systems-control and data-acquisition networks to help energy-sector companies comply with federally required security standards.

The appliance, Trusted Compliance Solution for Energy (TCS-e), uses SenSage security-event management software to collect and analyze log data. According to HP and SenSage, TCS-e generates reports related to the auditing that’s now required under the Critical Information Protection standards of the North American Electric Reliability Corporation. Those standards require energy-sector companies, including electric power companies and oil and gas suppliers, to demonstrate a wide range of security controls, including security-event monitoring.

The TCS-e appliance makes use of HP’s Atalla hardware to apply cryptographic operations when recording information from SCADA networks to ensure confidentiality and non-repudiation of data. The HP encryption hardware has been certified under the federal government’s Federal Information Processing Standards’ FIPS 140-2 product-testing program.

Source and more info: cio

The distinction between SCADA (supervisory control and data acquisition) and DCS (distributed control system) is becoming blurred as the two technologies move increasingly into each other`s territories.

For example, DCS systems are shifting from traditional process control duties into areas such as production and information management and documentation, while SCADA systems have improved IT capabilities and support for higher-level systems such as MES (manufacturing execution systems) and ERP (enterprise resource planning).

“New SCADA systems increasingly offer features traditionally associated with DCS products, such as in-built redundancy,” says Jonas Westlund, an analyst with Frost & Sullivan, which has recently published a report* on Europe`s SCADA and DCS markets. “This enables a primary host computer to switch automatically to a secondary computer in the event of a system failure, thereby ensuring that the data remains available to clients in the event of server disruptions.”

Another trend identified by F&S is the growing share of revenues coming from upgrades and retrofits. Over the period 2005-2011, it expects that the European DCS and SCADA markets to expand by $691m, with the bulk of this growth ($476m) coming from retrofits. Most of the growth will be in the DCS market ($503m), with SCADA sales expected to rise by $188m.

Source and more info: drives

A US Congressman has warned of the dangers posed to America`s national security by widespread dependence on SCADA systems. Republican Congressman Adam Putman says that these systems “are undeniably vulnerable to cyber attack or terrorism”.

Putman chairs the Congress Subcommitee for Technology, Information Policy, Intergovernmental Relations and the Census, which is investigating the potential threats to US security posed by SCADA systems.

Speaking before a closed meeting of the committee in October, at which it heard evidence from SCADA experts, Putman pointed out that SCADA systems “underlie most of the infrastructure that makes everyday life possible in the United States”. He cited, in particular, water supply and treatment plants, pipeline distribution systems, power stations, and food and medical manufacturing plants.

“The nation`s health, wealth and security rely on these systems,” he said, “but, until recently, computer security for these systems has not been a major focus.

“The more I know, the more concerned I become,” Putman added. It was apparent, he said, that “we have not developed a comprehensive strategy for addressing this weakness in our critical infrastructure.”

Source and more info: drives

A group of US organisations has begun an $8.5m project intended to reduce the vulnerability of SCADA systems to terrorist attacks. The two-year project, partly funded by the US Department of Homeland Security (DHS), aims to provide a better understanding of SCADA flaws, and how they could be overcome.

Since the 11 September attacks, the US Government has been worried about the security of the nation`s water supply, electricity, and oil and gas infrastructures – all of which depend on vulnerable SCADA (supervisory control and data acquisition) systems, mostly developed before security was considered a serious issue.

“Securing SCADA systems is one of the most pressing cyber-security priorities because successful attacks against the SCADA infrastructure could result in substantial economic consequences,” warns Douglas Maugham, programme manager at the DHS` Science and Technology Directorate.

The group of ten research institutions, led by the Institute for Information Infrastructure Protection (I3P), will help to identify SCADA vulnerabilities, as well as inter-dependencies between SCADA systems and other critical infrastructures

Source and more info: drives

Siemens Automation and Drives (A&D) recently briefed ARC about their Oil & Gas business, which can be seen as three segments: upstream (oil and/or gas recovery and production), midstream (gas processing, pipeline and transportation – whether to or from the refinery, and storage) and downstream (refining). Upstream is the first segment to attract investment within an overall project lifecycle followed by the midstream and downstream segments.

Siemens, presently in the upstream and midstream segments, has the firm belief that it will attract the next wave of investments. Siemens’ presence includes a wide range of technologies and services that collectively support their claim. Besides DCS and SCADA offerings, the company supplies field instrumentation and analytical equipment and systems, such as gas chromatographs, AC and DC Motors and Variable Speed Drives, electrical power distribution components and systems, and safety technology.

Another large area for Siemens is security systems and services. Siemens has invested heavily in this sector. For example, not only do they have controls and measurement technology for pipeline operations, but they also have built their own pipeline “test bed”. It includes a pipeline simulation installation presenting all of Siemens offerings for a pipeline transmission system, including valve stations, compressor stations (both electrically and traditionally driven) that allows the demonstration of the process and controls of various configurations in normal and abnormal circumstances. This is part of their Competence Center for Oil and Gas, located in Fuerth, Germany.

Source and more info: arcweb

The first remotely-exploitable vulnerabilities in Supervisory Control And Data Acquisition (SCADA) systems have been identified by researchers. Five problems have been discovered in the OPC protocol – the Object Linking and Embedding for Process Control industry standard – which is used to enable plant data to be communicated between control devices made by different manufacturers. SCADA technologies are employed to remotely manage the distributed measurement and control systems that form the operational backbone in industrial organisations operating electrical power grids and oil and gas refineries, for example. The vulnerabilities mean that industrial organisations are vulnerable to denial-of-service and performance-reducing attacks. Companies need to act now and take measures to secure their SCADA systems, as this threat is set to increase warns Innominate’s CEO, Joachim Fietz.

“Concerns regarding the security of SCADA systems has often been overlooked by IT directors, but the confirmation of five different remotely-exploitable vulnerabilities should set alarm bells ringing,” comments Joachim Fietz, CEO, Innominate. “While the situation is currently not critical, ageing operational technologies are being linked to more and more IP-based tools which increases the scope and variety of IT attacks they are exposed too. If an industrialised company’s SCADA systems suffer a denial-of-service attack, the financial losses and damage to reputation are massive. To prevent this potential disaster, we strongly recommend that IT directors implement holistic industrial security measures such as Innominate’s mGuard solution.”

Source and more info: automation

After fighting for the top time in the KONI Challenge Street Tuner (ST) throughout Friday’s 15-minute qualifying session, Kenny Wilden put the No. 01 Scada Pack Chevrolet Cobalt owned by Georgian Bay Motorsports on the pole for Saturday’s Monterey 200 with a time of 1:42.018 (78.974 mph).
Wilden—who is co-driving the No. 01 machine with Jamie Holtom—was among the top seven drivers throughout the 15-minute session, and put together his best lap with two minutes remaining. He had previously been seventh after putting together a couple slower laps than he had turned early in the session.
But when Wilden noticed he had fallen out of the top five, he mashed the pedal as hard as he could, and swept through the famed “Corkscrew” the smoothest he had during the session, grabbing a two-tenths advantage over Joe Scarbrough’s No. 63 Tolliver House Restaurant/Winterhaven Farms, LLC Mazda RX-8, owned by Roar Racing.
“I’m a little bit surprised, actually,” Wilden said. “We were sitting second and I figured that was about as much as we were going to get out of it. I did a cool-down, probably two cool-down laps, and by that time, I was sitting seventh, so I had a little panic going. I got real nice lap in, probably the best I’ve gotten through The Corkscrew and the left-hander right after The Corkscrew.

Source and more info: theautochannel

Former White House staffer Marcus Sachs believes that there are thousands of critical infrastructure attacks that go unreported, demonstrating the need to educate critical asset owners.

As deputy director of SRI International’s computer science laboratory, Sachs said access to critical infrastructure control systems is easier than originally thought.

Sachs is responsible for the U.S. Department of Homeland Security’s cybersecurity R&D centre, which is operated by SRI International under contract. In addition to 20 years in the military, Sachs has also worked at the National Security Council.

Speaking at AusCERT 2007 about the risks and challenges facing SCADA systems, he said control systems in decades past have traditionally been private, and not connected to the Internet.

This has certainly changed today as connectivity has grown, he said.

“Weak security protocols that characterize the Internet have now transferred to industrial control system,” Sachs said.

Source and more info: computerworld

ARC Informatique has released the latest version of its flagship SCADA product PcVue version 8.10. This will be available throughout ARC’s worldwide subsidiary and distributor network.

The major functionality in PcVue 8.10 is a Historical Data Server (HDS) based on a Microsoft SQL Server 2005 database. This offers the user an industry standard database format for data and alarm logging. Compatibility with other applications such as MES and ERP combined with ARC Informatique’s redundancy capabilities give end users access to key data with maximum application availability.

Several new communication protocols have been added: Siemens S7 ISO and PPI protocol, ABB SPA-bus serial, Unitelway, Hilscher Netlink MPI Slave with new updated protocols for Wago-Dali, MODBUS IP, SAIA IP and serial.

Further enhancements include the ability to display multiple mimics as tabs in a single window, text import and increased communication facilities. These bring benefits for today’s demanding users such as CERN, Airbus Industry and Schneider Electric.

ARC Informatique has enhanced its Smart Generator – the automatic tag generator for PcVue. Smart Generator reduces configuration time and errors by importing the tag database directly from the PLC. Communication to Schneider Unity, Wago Codesys and a generic XML interface is already supported and work is underway on interfaces to other platforms.

PcVue 8.10 has integrated email for users to receive data by email directly from the system.

Source and more info: automation