February 2017, Vol. 244, No. 2
General
Experts Offer SCADA Overview for Oil & Gas Companies
Schneider Electric gathered several of its most knowledgeable experts on supervisory control and data acquisition (SCADA) to provide P&GJ readers with the latest information on the challenges of cybersecurity and trends in SCADA management, as well as discussing whether there is a demand to bring more intelligence into the field.
Participants were Helenio Gilabert, director of SCADA & Telemetry Solutions; Dale Symington, senior product manager, SCADAPack RTU/EFM; Alan Acquatella, director marketing, Gas Pipeline Applications; and Kevin Rittie, director, Pipelines Solutions Management.
Q: Is the oil and gas industry ready to employ secure architectures that support and enable cloud-based solutions that directly use real-time and historical data, e.g. asset management or CRM-related apps?
Rittie: I think the answer is “yes and no.” If you pitch a cloud-based solution without any value proposition, oil and gas businesses will be hesitant to adopt. Security of the operational network is paramount, thus Schneider Electric’s solutions push data out into a secondary tier, so you still have access to your historical and real-time information while managing access to your operations. Fundamentally, SCADA operators want to feel in control of the data they’re leveraging. For them, data needs to be controlled going out, not accessed directly from an external source.
Gilabert: There has been a trend in the market for over 10 years in which you could see newer and smaller O&G companies adopt cloud-based architectures because of the optimized capital investment profile they provide. But established companies are starting to see the value and need to change their profiles. That said, the cloud has created a conflict between field operators and IT teams in charge of the architectures themselves and the cybersecurity of the company. But we’re at a point that security is changing. The whole Internet of Things (IoT) marketing buzz in recent years has put a significant magnifying lens on this topic. Things are steadily and continuously changing to accommodate the future of automation.
Rittie: That’s right. Smaller companies have fewer regulatory demands whereas larger companies are generally more conservative. But cloud-based tools are demonstrating overwhelming value, and these cloud-service providers are producing software that is more cognizant of cybersecurity paradigms.
Acquatella: What we’ve also seen is that if you have applications that focus on monitoring, the adoption is easier. Gas customers in the pipeline have control because they use large transportation pipelines. When they need to do controller actions quickly, there’s a layer of resistance. There’s a range of openness depending on the requirements of the application. For monitoring and things a bit outside the real-time, there’s much more openness.
Gilabert: We’re also seeing different generational expectations. Younger people are more used to handheld technologies and access everywhere. They’re also becoming a bigger part of the workforce. This sort of access can only be achieved with IoT and cloud technologies.
Acquatella: And with that, we’ve seen more hybrid architecture. Refineries with traditional SCADA also include mobile worker extension capabilities. Customers are adopting these technologies to handle data collection that might have been offline before.
Q: What are the challenges around cybersecurity facing the industry from the field to the data center?
Gilabert: In certain parts of the industry, this was never a concern at all which is why it’s a huge challenge today. If you think about upstream oil and gas production, what you typically see in the field are remote terminal units (RTUs) or programmable logic controllers (PLCs) communicating without security features.
In the past few years, IT teams have been scrambling to layer security on top – perhaps through communication channels or data centers. This tends to complicate the infrastructure, sometimes significantly. More modern telemetry products offer security built in, but they’re significantly more complex.
Customers will need to start at the ground level of incorporating cybersecurity in the field. Also, customers used to have their own networks they’d control within the confines of the radio or fiber-optic networks they themselves had set up, but we’ve seen a trend toward using more public infrastructure for communication. That opens up another can of worms that customers will need to keep in mind for maintaining security.
Rittie: I think it’s also the difference between greenfield and brownfield installations along with different types of infrastructures. You used to have radio and modem technology that controlled everything and security wasn’t a consideration. Many of these older devices aren’t capable of adding encryption between protocols.
Acquatella: The challenge is what do you do with legacy devices? The way of communicating 20 years ago is still used by many in the industry. People are patching their way around the problem. This is a big topic we’ve also seen around the data center – it’s affected the architecture with how we’ve deployed SCADA. DMCs have put in additional firewalls with data flowing in only one direction to isolate the architecture.
Rittie: You can’t have 10 seconds of latency when it comes to control. Many customers are concerned and interested in exploring new technologies, but many are accepting the risk right now and trying to control access centrally.
Gilabert: As a vendor, we have a responsibility to educate customers about new technologies and ensure our own products support these new secure architectures. Even though customers may not take full advantage, we have to be able to enable them.
Symington: It’s important to also understand that there is a significant difference in cybersecurity between the different market areas – for example, when it comes to pipelines, with safety risks and issues like leak detection and shutdowns. There’s a fair bit of money at stake with the amount of product being shipped. But with upstream production facilities, you’re dealing with smaller volumes of product spread out in many locations. It’s a different level of concern in terms of the risks around cybersecurity.
Q: Do you see a trend to push more intelligence to the field, due to the inherent latency of host-to-field communications in SCADA?
Gilabert: There are a few factors. Latency is certainly a factor, due to the nature of the SCADA business itself – especially with remote applications, unless customers want to invest in fiber-optic network communications. A related factor is the issue of bringing different skill sets and employee backgrounds into this evolving industry.
One solution is to automate that expertise, and to do this closer to the process, rather than centrally in the host. With SCADA, we tend to use more cellular communications networks, but there’s a high probability of disruption. Whatever process you’re automating, you want to run it close to the asset to minimize latency or complete disconnect.
Rittie: I’ve been in other conversations about a shift in moving control logic out of field devices into the control centers, which has me scratching my head. My experience has always been that customers want control by the assets. It’s all about minimizing risk and not exposing oneself to catastrophic failure.
Symington: Flow computers need 35 days of flow history. If lightning strikes and takes out communications, things need to be able to work on their own.
Acquatella: But some of these devices are tremendously powerful, collecting information on the process, diagnostics, etc. So there is that trend of having functionality and intelligence closer to the field at some companies, and these devices are increasingly incorporating that power.
Gilabert: There is a place for both. There are applications where host-based control, logic and smarts are the way to go and others where it makes no case. The more dispersed, the more it makes sense to run it through the host. The more concentrated and specific the site is, the more it makes sense to have intelligence closer to the site, as a rule of thumb.
Q: Will local HMI become redundant as wireless IP connection to the SCADA network becomes more prevalent, allowing users to access devices or data with mobile devices from anywhere?
Symington: Local HMI can sometimes be redundant, but the need for local links between remote equipment and portable devices will not go away, even with wireless IP connections that can connect you to the central host. The need remains for communication in the field, but if it can happen from a truck without the need for wiring, that’s convenient. Even if communications are down, from a larger SCADA perspective, there’s a need for local wireless connections in the field.
Gilabert: This goes back to evolving expectations. Customers have a higher expectation now to be connected everywhere all the time. A direct connection within the field without having to rely on the communication infrastructure is important so that you can access data locally. But we still have some ground to cover to catch up on meeting expectations in the oil and gas industry.
Symington: One analogy is that if I can pick up a wireless controller for my personal video game and turn on the system and the television, and control everything from there – and if I can’t do that in the field with accessing data on equipment, there’s a great disconnect in terms of capability and expectations.
Rittie: Because of external forces, the market has changed. But there’s still a legacy mindset around security – because once you use these devices, you create a security entry point. Security is getting better, but encryption, just a few years ago when a lot of these devices were created, was minimal, so you have vulnerabilities. Also, does access involve control? It’s the read-only vs. read-write mentality. I want to see the data, but do I also want to be able to change it?
Gilabert: Yes, you want access, but not the security issues. Turning on a TV vs. controlling a pipeline with explosive gases brings different security considerations, so the ease of doing things must be weighed accordingly.
Symington: We need to make access secure through authentication, management of accounts and proper encryption on passwords. For remote assets, there has to be a central method for managing the means of access. We need to minimize pain points in keeping these accounts up-to-date and secure.
Q: Is the IoT just a new label or does it really represent change to SCADA?
Rittie: I’m a cynic and optimist at the same time. As a cynic I think the industry is doing a lot of rebranding of existing technology as IoT or IIoT. Many in the industry are struggling to get on the bandwagon and check the IoT box. Long term, we’re on the cusp of change, driven by access anywhere, anytime.
Manufacturers are disseminating so many data points, and SCADA systems are taking in much more data than in the past. More businesses are considering cloud and new technologies to manage data, because ultimately, IoT is about driving value from data for your operations.
Gilabert: SCADA has been all about bringing in data for decades and is a perfect base for where IoT came from. But SCADA has been focused mostly on collecting that data alone while doing little with it. IoT is forcing us to do more with that data – making more connections and delivering more intelligence.
Rittie: Playing devil’s advocate, it can also represent a threat to SCADA in the traditional sense. As devices get smarter, they may bypass any gathering system and instead report information into a cloud-based Hadoop data repository that is siloed. Where does that leave SCADA? Some customers want the data-acquisition layer independent from SCADA. So it will be an interesting time going forward.
Acquatella: You’re absolutely correct. SCADA is historically the way to communicate with data and the field. But data acquisition is becoming democratized. The impact on our traditional SCADA is a question mark. Companies are increasingly trying to improve reliability and maintenance practices through IoT. Oil and gas will likely be later adopters than other industries, but they’ll get there.
Q: Is there movement to bring more than just traditional SCADA information into the operational center for situational awareness?
Gilabert: Yes. In upstream specifically, this trend is called integrated operations – multi-disciplinary teams that come together to look at an asset holistically and find the best optimization methods, taking into account all the disciplines, instead of a siloed approach. It’s imperative to bring more information into the operations – especially if there’s an accident, as maintaining safety is key.
Rittie: You bring up a good point about leveraging video. The question is: Is it being worked into SCADA or the control room? This goes back to the previous question about IoT. Are the architectures going to expand SCADA or change its role? SCADA is historically integers, bits, floating values, etc. – essentially fundamental data. Now with these other sources, it may be able to act as a consolidating data platform for alarm and events from an external system.
Gilabert: In upstream, I’ve seen that this extra information is not coming in through SCADA, it’s arriving through other systems. SCADA tends to be more operational platform in terms of field operations themselves. It’s about what my process is doing, not necessarily video feeds. It goes back to the infrastructure we discussed before – low-bandwidth communication channels. They’re not the best options for the new types of data that we’re compiling.
Symington: What’s provided some value is being able to provide wireless sensors onto wells when they’re being completed. This gives early access to information that’s important to reservoir engineers to ensure their modeling is correct. Wireless enables this by providing reasonably reliable data even though there’s other equipment running around a wellpad, including drilling rigs.
Rittie: There is a desire for more data. We’ll see if SCADA is isolated because devices are smarter and you don’t need the same data architectures. But operators still prioritize security. The jury is still out, and we’re on the cusp of some interesting changes.
Authors: Helenio Gilabert is director of SCADA & Telemetry Solutions for Process Automation in the Industry Business of Schneider Electric. He has over 16 years of experience in the oil and gas industry with positions in R&D, Portfolio Management and International Business Development in companies such as Hyprotech, Aspen Technology, WorleyParsons, 3esi, Zedi Inc. and now Schneider Electric.
Kevin Rittie is director of Solutions Management for ePLMS at Schneider Electric. He Rittie has nearly 30 years of experience in the midstream market and experience in all aspects of the business. For the past 15 years, he has been an R&D Director, first for SimSuite, OpenVECTOR and S/3 and then for ePLMS as a whole, overseeing the full development lifecycle of Schneider’s Midstream Oil and Gas applications.
Dale Symington is senior product manager of SCADAPack RTU/EFM in Marketing at Schneider Electric. His current focus is on Oil & Gas measurement solutions within the scope of Process Automation, Telemetry and SCADA. He has 30 years of experience with Schneider Electric.
Alan Acquatella is director of Gas Pipeline Applications in Marketing at Schneider Electric, responsible for outlining gas software solutions and its roadmap for the gas transportation and distribution market. He is an electrical engineering graduate from the Universidad Simon Bolivar and has an MBA from Cornell University. He has over 20 years of experience on the vendor and technology-supplier side working with the upstream/midstream oil and gas sector.
Comments