The Best Measure of SCADA SuccessDocument Transcript
the Best Measure of
Darwin Jayson Mariano
With almost RM88 billion in assets, according to its 2012
Annual Report, Tenaga Nasional Berhad (TNB) is the largest
electric utility in Malaysia and selected as the No. 1 “Electric
Utilities in Asia” in the coveted Platts Top 250 Global Energy
Company Rankings for 2013. Employing more than 33,500
people group-wide, the company serves more than 8.3
million customers Peninsular Malaysia, Sabah and Labuan
and continues to provide reliable and efficient electricity
services for more than 60 years now.
Aside from its people, TNB’s success can also be attributed to their investment in
world-class infrastructure and top-notch systems and processes to support its growing
network of customers. And one of the key systems right at the heart of TNB’s operations
SCADA or Supervisory Control and Data Acquisition is a type of Industrial Control
System (ICS) that monitors and controls industrial processes that exist in the physical
world. SCADA systems historically distinguish themselves from other ICS systems by
being large scale processes that can include multiple sites, and large distances.
When applied properly, SCADA can help industries eliminate the need for site visits
by personnel for inspection, data collection, etc. The software tool enables real time
monitoring of operations as well as make modifications to systems, troubleshoot and
generate reports automatically. The end result is tremendous savings in time and
money, not to mention enhanced operational efficiency, which could translate to
increased revenue and profits for the company.
However, implementing successful SCADA systems require detailed planning, not to
mention massive investments of time, people and financial resources. In going about
such a major undertaking, engineers and project managers have outlined the following
‘rules’ to observe during implementation and operations of SCADA systems:
Choose your system wisely
There are two main things that should be taken into consideration when purchasing
a SCADA system: a) Which provider to opt for: legacy providers, historical reputation
and peer preference are all factors that play a part in this; and b) Sector-specific
needs: making sure that the system you choose is aligned to the requirements of your
organisation and sector is key.
Get network integration right
Migrating from one system to another can often lead to significant downtime as well
as data loss, damaged data integrity and inaccurate data transfer. In an oil & gas or
petrochemical facility, such losses could be detrimental to consumers or potentially
catastrophic, so making sure that integration is carried out efficiently and with
contingency planning in play is vital.
Prepare for environmental hazards
If remote terminal units (RTUs) are based out in the open, extreme conditions will
eventually take their toll. Improving the durability of SCADA equipment is paramount
for regions such as Asia with scorching temperatures during the day, cold nights and
abrasive and inhospitable conditions.
For maximum performance, periodic maintenance should be carried out in-line with a
10 – 15 year equipment lifespan.
Plan for replacement of obsolete units
The obsolescence of integral parts of the SCADA framework is inevitable with the
march of time and quick-fire advancements in technology, so having a replacement
plan is a must to prevent loss of money and time. This downtime can also be minimized
by initially selecting a SCADA package that improves usability, maximises flexibility and
provides for future expansion.
Keep security threats at bay
Computer viruses evolve quickly as their uploaders are diligent, and threat profiles are
updated with frightening constancy. Having regular and thorough auditing strategies is
one way to make sure that security threats are always in check and your SCADA systems
are up to the task.
Assess your vulnerability regularly
Given the myriad threats that exist out there, it is still difficult to quantify exactly
how vulnerable a SCADA system is to an attack. Assessments can be made to reduce
the causes of vulnerability through threat simulation, and the most classic of these
methods is the use of attack trees. An attack tree may be an extremely complex analysis
of thousands of different potential pathways from root threat to attack completion,
yet it would be impossible to cover all the possible routes, so running regular checks is
Ensure interoperability without sacrificing security
Many SCADA systems use their own dedicated and proprietary communication
protocols as opposed to shared and open systems. Within wide-ranging networks, the
interoperability of different systems is crucial to the smooth running of the framework
as a whole.
A TNB Case Study
For Tenaga Nasional, operational efficiency is clearly an
important aspect of the business – and one that TNB is
exceptionally good at. In an interview with Michael Khor,
TNB’s Deputy Chief Engineer for SCADA, he explained the
‘indispensable’ role of SCADA systems:
“SCADA systems bring significant value to organizations such as power utilities. It is the
indispensable technology that enables the safe, secure and economic operation of the
Together with the relevant suite of power applications, SCADA is typically utilised in
the form of Energy Management Systems for transmission grids and as Distribution
Management Systems for the distribution system. The ultimate just-in-time supplydemand paradigm of power grids perhaps bring forth many folds of benefit, to more
than justify the direct cost of SCADA ownership. There is significant contribution to the
bottom line when operations are made more efficient, mistakes are reduced and costly
blackouts are averted,” he explains.
While the indispensable role of SCADA systems couldn’t be overemphasised, Mr. Khor
also noted that threats, in relation to SCADA systems, continue to exist and should be
managed on a regular basis. One of which is the threat on cyber security.
“Cyber security should be viewed in respect to how it can potentially disrupt business
continuity. Be it traditional hackers, careless or disgruntled employees, organisations
need to recognise the multi-dimensional security threats from both internal and
“The risks associated with these threats can be mitigated by, for instance, carrying out
an assessment, which will provide the relevant directions and drive the strategies that
will best address the threats. Having adequate security does come at a cost, in terms of
procurement and also in terms of ownership. It certainly helps to procure from vendors
that have incorporated security features in their design. Better still are vendors that get
their SCADA system design security certified,” enthused Mr. Khor.
In its 2012 Annual Report, TNB revealed that it “has completed the installation of
the Supervisory Control and Data Acquisition (SCADA) system in 94% of its primary
substations. All primary distribution substations are targeted to be equipped with
SCADA by 2015.”
If further reveals that “secondary substations in prime areas are also equipped with
The installation of SCADA across almost all primary substations gives TNB the ability to
have monitoring and control capabilities in even the most remote areas. This enables
“personnel at the control centres to restore electricity supply quickly in the event of an
unscheduled power outage, thereby reducing the duration of outage as measured by
SAIDI (System Average Interruption Duration Index).
The table below indicates a significant reduction in SAIDI over the last two
Source: Tenaga Nasional Berhad Annual Report 2012
TNB’s Michael Khor couldn’t have said it more simply: “Having an effective SCADA
can be viewed perhaps as one of the more significant contributors to a power utility
keeping the lights ON.”
In its purest, most basic form, the best measure of SCADA success for utility firms
– electricity, gas, water and telecommunications – is not tied to the number of
installations done within a given period nor the percentage uptime per location/per
quarter. It is essentially the ability of utilities to deliver the promised service to the
consuming public in the most cost-effective and efficient manner.
Learning how to achieve this goal using industry best practices as well as
discovering the latest trends in SCADA implementation in your specific industries is
Interview with Mr. Michael Khor
Mr. Michael Khor, Deputy Chief Engineer - SCADA for Tenaga
Nasional Berhad (TNB) spoke to IQPC’s Darwin Jayson Mariano
and discussed how exactly a power utility company like TNB,
the largest energy and utility company in Malaysia, benefit
Darwin Jayson Mariano: Please talk about some of the benefits of having a SCADA
system in place to Tenaga Nasional Berhad’s operations.
Michael Khor: SCADA systems bring significant value to organizations such as power
utilities. It is the indispensable technology that enables the safe, secure and economic
operations of the power grid. Together with the relevant suite of power applications,
SCADA is typically utilised in the form of Energy Management Systems for transmission
grids and as Distribution Management Systems for the distribution system. The
ultimate just-in-time supply-demand paradigm of power grids perhaps bring forth
many folds of benefit, to more than justify the direct cost of SCADA ownership. There is
significant contribution to the bottom line when operations are made more efficient,
mistakes are reduced and costly blackouts are averted. Essentially having an effective
SCADA can be viewed perhaps as one of the more significant contributors to a power
utility keeping the lights ON.
DJM: Can you brief us on the key milestones of your SCADA Systems
implementation? What are the important lessons learned along the way?
Michael Khor: It is always quite important for the requirements analysis
phase to start by considering user requirements, so that they can derive the
optimum benefit when the new SCADA is implemented. Essentially the existing
weaknesses are addressed while the best features are maintained. This is
followed by translating these into specifications, followed by procurement; for
us this is normally by tender. Later once awarded, there is need to agree with
the proposed detail design and functional implementation. The acceptance
tests in the factory and later on site are major milestones before the SCADA
can commence commercial operations. Overall this is typically some 18 to 24
months from contract award.
DJM: Can you talk about cyber security threats in relation to SCADA systems
and what are the things that can be done in order to mitigate these threats?
Michael Khor: Cyber security should be viewed with respect to threats that
can potentially disrupt business continuity. Be it traditional hackers, careless
or disgruntled employees, organizations need to recognize the multidimensional security threats from both internal and external sources. The
risks associated with these threats can be mitigated by, for instance, carrying
out an assessment, the analysis of which will provide the relevant directions
and drive the strategies that will best address the threats. Having adequate
security does come at a cost, in terms of procurement and also in terms of
ownership. It certainly helps to procure from vendors that have incorporated
security features in their design; better still are vendors that get their SCADA
system design security certified. Consider too the vendors who have dedicated
teams tasked to review security vulnerabilities and address these via patches or
DJM: In your opinion, what is the typical lifecycle of a SCADA System?
Michael Khor: A while back, SCADA systems were like “married” to their
hardware. Then it was not uncommon to consider upgrades after some 10 or
even 20 years. While this is mostly no longer true, nevertheless the upgrade
path remains much less simplistic than desired. SCADA systems comprise
applications that typically reside on hardware developed for the increasing fast
evolving IT industry. This implies an increasingly shorter hardware lifecycle.
From a different perspective, consider the pairing of SCADA applications with
operating system versions, which in a way dictates the choice of hardware.
Consider also the typical 3 to 5 year procurement through implementation
period. Thus to seriously attain even a 10-year upgrade cycle, the activities
leading to the next upgrade need to commence perhaps almost back to back
with the just completed upgrade.
DJM: What are the key considerations in upgrading or replacing obsolete
Michael Khor: Just like aging, obsolescence is unavoidable, but can be managed. In
practice, some part of the SCADA is likely already to be superseded by newer versions
the very first day the operators get to use it. As it would neither be practical nor
economical to immediately replace any obsolete component, the strategy would be
to manage such circumstances. A key consideration is the availability of support. Thus
the so called drop dead upgrade by or replace by date is before end of support. It
would also make sense today to select vendors that can provide an upgrade strategy
or roadmap to steer through newer technology, in essence to as far as practical avoid
being caught in the obsolescence trap. Unless absolutely required, it is thus better to
avoid dependencies on proprietary technology or special customizations.
Michael Khor, Deputy Chief Engineer – SCADA
for Tenaga Nasional Berhad will be speaking
at the 6th Annual SCADA Asia happening on
26-27 February 2014 at the Grand Millennium
Kuala Lumpur, Malaysia. Discover the latest
trends in SCADA implementation for Oil & Gas
and Utilities and learn how to enhance security
while communicating efficiently across a
scalable SCADA network.
Resources: Tenaga Nasional Berhad Annual Report 2012 (http://www.tnb.com.my/investorsmedia/annual-reports.html)
Disclaimer: Please note that we do all we can to ensure accuracy and timeliness of the information
presented herein but errors may still understandably occur in some cases. If you believe that a
serious inaccuracy has been made please let us know. This article is provided for information
purposes only. IQPC accepts no responsibility whatsoever for any direct or indirect losses arising
from the use of this report or its contents.