Discussing why pipeline companies might want to design SCADA systems for maintainability, he says, “Missed alarms and downtime can easily lead to spills that cost over $30,000 per barrel of oil in a transmission line. And regulators often can tack large fines on already expensive incidents. A system designed for cost-effective upgrades and maintenance is more likely to be available and operating at a highly effective level.”
SCADA maintenance can range from installing operating system updates to adding new users and field instrumentation. Basic maintenance can quickly become complex when business rules are not in place to limit the number of user roles and configurations in field equipment such as remote terminal units (RTUs). System expansions often result in more advanced tasks, including the development of new database tables, human machine interfaces (HMIs) and even new applications and algorithms.
These expansions, when complete, will also need to be maintained, and new users and administrators will need to be trained. Ongoing key performance indicators (KPIs) will need to be measured and adjusted to meet business needs. “When a company is able to effectively and efficiently handle these maintenance and expansion challenges, they will have a truly maintainable SCADA system,” says Ginther.
Maintainability is the key factor for creating a sustainable SCADA system and is comprised of the following sub-characteristics, says Ginther:
- Analyzability—ability to identify root cause in the system by examining components.
- Changeability—the amount of effort involved in making changes to the system.
- Stability—the sensitivity of the system to any changes that create adverse behavior.
- Testability—the effort involved in validating a change to the system.
Analyzability is the ability for maintenance personnel to find and explore the components in the system to make the appropriate configuration changes or modifications. Ginther says, “The design of components can make a big difference in analyzability: too many components can overwhelm the user and make it difficult to find an issue, too few and it is difficult to isolate the problem to one particular area for debugging. More components can also mean more servers. Each additional server adds to the overall amount of equipment and software that needs to be maintained and analyzed.”
If changes to the SCADA system are time-consuming or overly complex, the system’s changeability is inadequate. Not only does this increase costs for the operator, it may delay critical updates needed to reduce security vulnerabilities. “The server’s operating system must continuously get the latest security patches to prevent malicious attacks,” says Ginther. “Often, this requires an update to the SCADA software itself. However, if the SCADA update or upgrade is time-consuming and cost-prohibitive, the changes will often be delayed. These delays drastically reduce the overall security of the SCADA platform.”
Changeability is largely dependent on how the SCADA platform is architected. An object-oriented approach can help here by designing components that are largely autonomous.
Stability is impacted by the object-oriented model in a similar way. The loose coupling of components can ensure a stable system and isolate failures to just a single component or service. Ginther says other SCADA design choices, such as the database, also can impact stability.
“Today’s Big Data problems are being solved, in part, with in-memory databases,” says Ginther. “A side benefit of an in-memory database is that it can improve system stability because it is much faster than traditional databases. Faster data access means fewer risks with system latencies and timing delays.”
Modern SCADA designs also leverage modern messaging and event-driven protocols. “The publish-subscribe software pattern allows a SCADA platform to scale to very large systems,” explains Ginther. “In SCADA systems, replication of data in a hierarchical topology with a publish-subscribe mechanism can minimize data transfer over the networks to only what is necessary.”
Changes to SCADA systems in regulated environments must be tested and verified. “Using RTU simulators and other tools, this verification can be performed rather easily,” says Ginther. “However, the architecture of the SCADA system can greatly impact the amount of test coverage that these tests provide.”
A well-designed SCADA system will have templates that cover basic configurations that ultimately associate HMI controls with the appropriate database values that are linked to the correct users and poll the correct devices. This template structure can limit the variations that need to be tested, and can yield much higher test coverage with point-to-point verification test cases. Higher test coverage means the system is testable with less effort and complexity.
>> Read Automation World's complete coverage on SCADA systems