Copyright 2010 ISA. All rights reserved. www.isa.orgInstrumentation, SCADA, LIMS: Tools for efficientmanagement the operat...
Copyright 2010 ISA. All rights reserved. www.isa.orgIntroductionThe treatment system must be designed to meet the requirem...
Copyright 2010 ISA. All rights reserved. www.isa.org                                   Figure 1 - Process of water treatme...
Copyright 2010 ISA. All rights reserved. www.isa.org       figure 3). The coagulant is affected by means of metering pumps...
Copyright 2010 ISA. All rights reserved. www.isa.orgControl and information are available to the supervisor via telemetry,...
Copyright 2010 ISA. All rights reserved. www.isa.org                             Figure 5: Model statement of ETA instrume...
Copyright 2010 ISA. All rights reserved. www.isa.org       terminals for discrete inputs and outputs and accessories (swit...
Copyright 2010 ISA. All rights reserved. www.isa.org   •   Time savings, increased productivity;   •   Error minimization;...
Copyright 2010 ISA. All rights reserved. www.isa.orgAutomation ArchitectureThis topology proposes using mainly the Modbus ...
Copyright 2010 ISA. All rights reserved. www.isa.org                 o The probability of intrusion;                 o And...
Copyright 2010 ISA. All rights reserved. www.isa.orgThe integrated control system will provide for interlocking between po...
Copyright 2010 ISA. All rights reserved. www.isa.orgwere polite e serious, and in their communities were considered to be ...
Copyright 2010 ISA. All rights reserved. www.isa.org       possible security violation of the system. An intentional threa...
Copyright 2010 ISA. All rights reserved. www.isa.org           o To be tolerant of failures and to continuously operate wi...
Copyright 2010 ISA. All rights reserved. www.isa.orginformation security area, based on the aforementioned standards, an a...
Copyright 2010 ISA. All rights reserved. www.isa.org       monitor traffic and indentify the signatures that are indicativ...
Copyright 2010 ISA. All rights reserved. www.isa.orgReferences  1. Hoover, J.E., “Water Supply Facilities and National Def...
Copyright 2010 ISA. All rights reserved. www.isa.orgBiographiesAlaíde Martins, has over 10 years of experience in automati...
Upcoming SlideShare
Loading in …5
×

Instrumentation, SCADA, LIMS: Tools for efficient management the operational process of the water treatment.

1,560 views

Published on

Sanitation plants generally involve low rates of automation, especially in Brazil. This review article
makes an attempt to change this scenario by demonstrating the importance of the automation of
these plants. This article describes the efficient operation of a plan submitted for the automated
control systems of a Water and Sanitation Company. Several properties and issues are observed
during the execution of the project. The properties observed include the integration of automation
systems, instrumentation, PLC (Programmable Logic Controller), SCADA (Supervisory Control
and Data Acquisition) and LIMS (Laboratory Information Management Systems). On the other
hand, issues observed include the lack of precision in the processing of data, difficulty in system
integration and security issues among other things. The aim of this paper is to analyze the
importance of process measurement and control in the operational management of the Company.
The results indicate that the use of measurement and control systems leads to improved quality of
processes and laboratory data. This study suggests technological tools to monitor the specific
parameters of the process and presents network topology automation telemetry currently in use for
executing critical analyses of the topology and security policy information employed in this
environment. It describes and analyzes the automation project, from implementation issues,
including justification, to aspects concerning purchasing and validation. Furthermore, it details
benefits of automation, such as standardization of technology, economies of scale, time savings,
increased productivity, reduced errors, increased reliability of results and the available and
accessible production of knowledge, thus transforming it into a tool for decision making.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,560
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
77
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Instrumentation, SCADA, LIMS: Tools for efficient management the operational process of the water treatment.

  1. 1. Copyright 2010 ISA. All rights reserved. www.isa.orgInstrumentation, SCADA, LIMS: Tools for efficientmanagement the operational process of the water treatment.Authors: MSc. Alaíde Barbosa Martins Marcelo Teixeira de Azevedo PhD. Sergio Takeo Kofuji; PhD. Sidney VianaKeywords: SCADA, Security, LIMS, water treatment, Securing water supplyAbstractSanitation plants generally involve low rates of automation, especially in Brazil. This review articlemakes an attempt to change this scenario by demonstrating the importance of the automation ofthese plants. This article describes the efficient operation of a plan submitted for the automatedcontrol systems of a Water and Sanitation Company. Several properties and issues are observedduring the execution of the project. The properties observed include the integration of automationsystems, instrumentation, PLC (Programmable Logic Controller), SCADA (Supervisory Controland Data Acquisition) and LIMS (Laboratory Information Management Systems). On the otherhand, issues observed include the lack of precision in the processing of data, difficulty in systemintegration and security issues among other things. The aim of this paper is to analyze theimportance of process measurement and control in the operational management of the Company.The results indicate that the use of measurement and control systems leads to improved quality ofprocesses and laboratory data. This study suggests technological tools to monitor the specificparameters of the process and presents network topology automation telemetry currently in use forexecuting critical analyses of the topology and security policy information employed in thisenvironment. It describes and analyzes the automation project, from implementation issues,including justification, to aspects concerning purchasing and validation. Furthermore, it detailsbenefits of automation, such as standardization of technology, economies of scale, time savings,increased productivity, reduced errors, increased reliability of results and the available andaccessible production of knowledge, thus transforming it into a tool for decision making. Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  2. 2. Copyright 2010 ISA. All rights reserved. www.isa.orgIntroductionThe treatment system must be designed to meet the requirements prescribed by the drinking laws inforce, 24-hours-a-day, as well as the time of operation required to meet demand. In this study wedetail a general structure of the units of water treatment. The choice of treatment is related to waterquality at the source.Currently, automation networks provide information by internet, and technologies enablemonitoring by internet, so special attention is required with regards to the information security ofthis environment. This paper pays special attention to the security-risk management architecture ofwater treatment systems. The CRS Report to Congress entitled “Terrorism and Security IssuesFacing the Water Infrastructure Sector” describes the importance of control and securityinfrastructure in the treatment system:A fairly small number of large drinking water and wastewater utilities located primarily in urbanareas (about 15% of the systems) provide water services to more than 75% of the U.S. population.Arguably, these systems represent the greatest targets of opportunity for terrorist attacks, while thelarge number of small systems that each serve fewer than 10,000 persons are less likely to beperceived as key targets by terrorists who might seek to disrupt water infrastructure systems.However, the more numerous smaller systems also tend to be less protected and, thus, arepotentially more vulnerable to attack, whether by vandals or terrorists. A successful attack on evena small system could cause widespread panic, economic impacts, and a loss of public confidence inwater supply systems. Bioterrorism or chemical attacks could wreck widespread havoc with smallamounts of microbiological agents or toxic chemicals, and could endanger the health of thousandsof people. Cyber attacks on computer operations could affect an entire infrastructure network, andhacking into water utility systems could result in theft or corruption of information, or denial anddisruption of service. (Copeland, 2009)Attacks against internet-based systems are currently much more serious and complex than everbefore. Thus, data storage, computing resources and, especially, protecting the reputation of anorganization, have become challenging tasks for professionals dedicated to the study of informationsecurity.The process of water treatmentThe process of water production is continuous and has three basic steps: collection, treatment anddistribution. Monitoring occurs at each step of this process. Water catchment must be monitoredwith the analysis of quality control and frequency parameters, as defined by federal, state andmunicipal legislation. It is recommended that the most significant parameters, such as the turbidity,color, pH, conductivity and chlorinity of surface water sources be carried out continuously with on-line instrumentation. Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  3. 3. Copyright 2010 ISA. All rights reserved. www.isa.org Figure 1 - Process of water treatmentEach step of this process of water production uses on-line laboratory monitoring andinstrumentation, via telemetry to an Operational Control Center: • Catchment: This step deals with three basic properties of the water: turbidity, pH and Dissolved Oxygen. Upper limits are established for each of these parameters. Monitoring is carried out with on-line reading from multi-parameter probes that transmit data to the PLC, which in turn sends it to the Control Center. This enables decision-making flexibility with regards to the dosage of chemicals in the system or any other specific actions that need to executed. The dosage of chlorine in pre-chlorination is controlled, so there is still a residual minimum of 0.2 mg/l of free chlorine in the decanter. This step involves the on-line measurement and automatic dosage of the product, controlled by a PLC chlorination system. • Coagulation: the use of coagulants is directly linked to the turbidity of water. This is an input that should be well-controlled, because it directly affects the cost of production and water quality. To ensure dosage efficiency, the Jar-Test must be executed in order to enable decision-making with regards to the rotation, time and dosage of coagulants. The Jar-test should be performed using the comparative times of ETA arrests in order to be effective and to reproduce the existing operation effectively. The result of this control is logged into the LIMS system on the operational screen itself, in order to manage decisions to interfere in the process (see figure 2). Adjustment may be made on the operational display of the Supervisory System. For rapid mixing, the use of a high-range Turbidimeter is recommended for monitoring the coagulation process, as well as a pH meter, as these are required for adjusting the chemical dosage. These variables (pH and turbidity) are monitored by the SCADA system, which generates alerts and statistical analysis of the process in real time, enabling the analysis of the evolution of parameters over time (see Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  4. 4. Copyright 2010 ISA. All rights reserved. www.isa.org figure 3). The coagulant is affected by means of metering pumps, with a 4 to 20 mA signal in order to ensure system accuracy. These pumps are monitored by the PLC / SCADA. Figure 2 - LIMS Jar Test Figure 3 - Process Analysis (SCADA) • Flocculation: this involves floc formation size and density. Flocs are removed by sedimentation, flotation or direct filtration. The efficiency of flocculation depends directly on the previous step, and is influenced by factors like the type of coagulant, coagulation pH, water temperature, concentration and age of the coagulant solution, time and velocity gradient of the rapid mix, type and flocculation geometry equipment and quality of the raw water. At this point, the process control instrument is not executed. Only SCADA is used, which monitors the time and velocity gradient of the mixture. • Sedimentation: the process which withdraws the flocs formed by the grouping of impurities during flocculation. It should be fixed to a maximum of 5.0 NTU and 2.0 NTU, which is desirable in order to avoid filter overload, or a reduction of filter durability. This step is monitored by a low-range Turbidimeter and possibly a measuring interface that alerts the OCC when it reaches its upper thresholds. • Filtration: the process of removing impurities and suspended solids. Monitoring the output of the filter that facilitates the process of identifying the wash time, thus making treatment more efficient, is recommended to limit the maximum turbidity to 0.9 NTU. This process is managed automatically by the SCADA.After this step, the process monitors the pH and, if necessary, corrects it in accordance with thestandards of drinking water in Brazil. It is also necessary to control the addition of fluoride andchlorine. Dosage and control of fluoride must be executed by automatic instrumentation equipment– an online fluoride analyzer. The working range for the fluosilicic acid dosing pump must beestablished, so that the resulting concentration of fluoride in the water remains within the 0.60 to0.80 mg/l range.This project defines the integration management system that will detect, alert and classifypotentially harmful contaminants that can be intentionally or accidentally added into the watertreatment system. The results parameter monitoring are compared to limits and indicators, whereexceeded user-set thresholds mean a significant water quality deviation event has occurred. Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  5. 5. Copyright 2010 ISA. All rights reserved. www.isa.orgControl and information are available to the supervisor via telemetry, using SCADA software andLIMS software, thus enabling remote monitoring via the internet.The tools to monitor specific parameter processes, and other related auxiliary systems, areindicative of the state of the equipment. For satisfactory configuration of the instruments, theautomated unit and its mode of operation must be well understood. SCADA provides continuousmonitoring of the process, purchasing and registering information and signaling alerts and failuresoccurring within the units. Figure 4: SCADA (Screen for synoptic ETA)The synoptic screen is shown in the instrumentation and process diagram, featuring a reading of thevariables and states of equipment, access buttons to the main screen and sub-screen commands, aswell as alert and failure messages.Below are the general flowcharts, demonstrating the controls and instrumentation for the proposedimprovement of production systems and procedure in water treatment plants. Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  6. 6. Copyright 2010 ISA. All rights reserved. www.isa.org Figure 5: Model statement of ETA instrumentationFor this project, a control instrument is necessary. Control Equipment in use in this plant: • High-range turbidity sensor (0-9999 NTU). This can accurately measure very high and very low turbidity levels. As the sample flows to the upper body of the turbidimeter, a photocell measures the light scattered by suspended particles. It has two alert set-points for turbidity, as well as instruments and a system outage warning alert. Turbidity and suspended solids sensor (0-4000 NTU). These provide accurate measurements of turbidity and independent color and suspended solids. It has a self-cleaning device that prevents measurement errors caused by the accumulation of residues. • Low-range turbidity sensor (0-100 NTU). This is a more precise sensor. As the sample flows continuously through the bubble-removal system, it eliminates the bubbles in the sample, which are the greatest hindrance for a low rate of turbidity. A record of embedded data collection measures turbidity at user-defined intervals (from 1 to 15 minutes), and the record of points of calibration and verification and alerts can change the instrument configuration for up to 6 months at a time. • Chlorine Analyzer – this instrument obtains a sample and applies a DPD colorimetric method based on an approved USEPA method, and gives either a free or total chlorine reading, depending on the reagent in use at the time. • pH – The pH sensor provides information on the acid/base nature of the water. • Conductivity – the electrode conductivity sensor measures ionic concentration in the water. • Fluoride Analyzer (0.1-10 mg/l) - Executes accurate fluoride readings, regardless of changes in ionic strength, pH or temperature of the sample. It is virtually immune to interference. There is no need to replace the entire, fluoride-only sensitive electrode-tip. • Temperature is measured to ensure the probes are measuring correctly and for other generic water quality information. • Ultrasonic level transmitter with a range of 0.3 to 13 m, suitable for measuring flow in gutters / weir. It has a 4-20mA analog output. • Control Panel - Electrical panel 600x500x200 (HxWxD), IP-55 protection grade, equipped with PLC (defined below) devices, surge protection (DPS) for supply and analog inputs, Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  7. 7. Copyright 2010 ISA. All rights reserved. www.isa.org terminals for discrete inputs and outputs and accessories (switches, terminals, wiring, terminals and handles). With Programmable Logic Controller - PLC with integrated ethernet port, comprising of the modules and related accessories, as well as the number of discrete inputs and outputs, in addition to analog inputs.Some equipment for laboratory control in use in this case: • Digital spectrophotometer microprocessor to perform spectral analysis in ultraviolet and visible ranges, with touch screen calibration curves on the display. Designed for 200 parameters with 50 containing more curves for the user; the results appear on the display in terms of Concentration, Absorbance and Transmittance. • Portable Spectrophotometer, touch screen display with interactive interface, works in the visible range from 340 to 900 nm. Ability to record more than 240 analytical methods in memory, including more than 20 tests with an automatic recognition method for bar codes. The device can store 50 curves and 500 readings, including sample and operator identification. Data transfer and software upgrades can be executed via a USB cable or pen drive. It can be used in the laboratory with autosensing power supply, or in the field with an optional battery. • Portable pH Meter with kit, ip 67 (can be soaked in water for about 1 hour), works on batteries that provide approximately 2,000 hours of continuous operation, 1 to 5 calibration points, auto-pattern recognition of buffers. Manual and automatic calibration of temperature compensation. With 200 data points, storage holds up to 10 methods of analysis, bidirectional RS232 output interface with USB cable. • Conductivity meter bench, powered by 2 cell electrodes, digital microprocessor, with temperature compensation; DirectCal calibration system that eliminates the need for constant cell adjustment and with a 0 to 199.990 conductivity range.Detailing the LIMS projectLIMS applications are based on the capacity of the database to be able to store and manageinformation associated with the laboratory. This class of solution contains information such asresults, test methods, limits and calibration of equipment, etc. The core features of a system are theLIMS sample tracking system, information retrieval, integrated QA/QC (Quality Assurance/QualityControl) functions, data auditing, reporting and flexible integration with enterprise systems.The purpose of the implementation and use of LIMS applications is to improve the quality of datain the laboratory, to increase productivity, to use resources more efficiently and to reduce costs.These benefits arise as a result of process automation, easier access to data, standardization,tracking, and integration. LIMS applications can provide a secure environment for sharinginformation from a laboratory by eliminating the time spent entering data into differentspreadsheets and systems. Automatic data acquisition can increase the accuracy of the results byeliminating transcription errors. Thus, through proper management, data can be converted intoinformation and knowledge so that better decisions can be taken. Some benefits of LIMS: • Reduction in the use and circulation of paper; Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  8. 8. Copyright 2010 ISA. All rights reserved. www.isa.org • Time savings, increased productivity; • Error minimization; • Increased reliability of the results produced; • Facilitation of the process of accreditation to ISO/IEC 17025. • Knowledge is more available and accessible, transforming it into a tool for decision making;Results indicate that the implementation and use of a single LIMS technology for organizationleads to improved quality of data processing and laboratory findings whilst increasing productivity,ensuring more efficient use of resources and aiding in managing loss reduction during the process.Further benefits include easier access to data, standardization and improved tracking andintegration. Thus, with proper management, data can be converted into information and knowledge,so that better decisions can be taken.The automated interface between the enterprise and control systems conform to ANSI/ISA-95, orISA-95, the most commonly accepted international standard for developing automated integration.LIMS is one application for operational management, level 3, see figure 6: Figure 6: ISA 95 Control of Hierarchy LevelsThis project evaluated data quality during the LIMS implementation process, as a backup to theprocess of water treatment. It defined the indicators, methods and standardization of parameters.Data quality is a complex concept because it has many different meanings; there is a predominantlysubjective aspect, whose assessment may vary depending on the function of the observer, thecontext and the objectives of the evaluation. Moreover, quality often cannot be expressedquantitatively, and must be described. Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  9. 9. Copyright 2010 ISA. All rights reserved. www.isa.orgAutomation ArchitectureThis topology proposes using mainly the Modbus TCP protocol for communication between thefield control, which, in the physical environment, may either be the two-wire (Modbus-2W), or thefour-wire (4W-Modbus) RS485. In some situations we have an RS232 serial interface with point-to-point communication. The development of a setup project is also desirable to survey fieldmeasurements and the details of the implementation potential of an Ethernet network, for thedeployment of this network automation. Figure 7: Automation Architecture in this caseThe systems that complement automation and are relevant to its assessment are: • Anti-lightning strike protection system; • System for detection and protection against intruders– this system can be a stand alone system or may require the existence of an automation system, both implementing the tasks of monitoring sites as well as communications to the control center, in the event of an intruder alert. Moreover, the following factors should be observed: o The degree of vulnerability of the facility; Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  10. 10. Copyright 2010 ISA. All rights reserved. www.isa.org o The probability of intrusion; o And the impact of intrusion on the operation of the station, in terms of potential material damage and the personal safety of the intruder.For the implementation of a fully automated solution, facilities and management control systemsare required at all stages of treatment. The proposed ETA automation should follow therecommendation shown in Figure 8, which initially implements Level 1 automation, involving fielddevices, sensors and actuators, and then Level 2, which involves equipment that automaticallycontrols the activities of the treatment process. Finally Level 3 automation, which involves thesupervision of the process and the creation of the database for the procedure. Figure 8: Automation Architecture Source: Moraes e Castrucci. Engenharia de Automação Industrial, RJ, LTC, 2007. P. 16.The fully automated solution involves the deployment of an ETA Control Center, with redundantservers and web access to on-line monitoring of the treatment plant. It must include failure alerts, arecord of all events and alerts triggered in the units themselves, in addition to information on theprocess and equipment status.In addition to automation, the development of an electrical project for the replacement of the gameengine is recommended, currently executed by key compensating for soft starters (soft-starters).The use of soft-starters improves engine-start performance, allowing progressive smooth andcontrolled starting and stopping, whilst simultaneously preventing mechanical shock duringstarting and stopping that may lead to damage. Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  11. 11. Copyright 2010 ISA. All rights reserved. www.isa.orgThe integrated control system will provide for interlocking between points of the case. In additionto greater availability of services and operational control performed by the PLC. The process data,alerts and events, which will be stored in the procurement and supervisory system, allow theanalysis of process behavior and enable the development of plans for preventive and predictivemaintenance consistent with the needs of each ETA.Historical records will enable the analysis of failures, as well as the quantity and frequency of theprocess, and their consequences. Priorities can be set, working in a coordinated manner on the mainweaknesses identified in the process. It also enables analysis of pump behavior, such as operatingtime and number of starts, among other things, as well as a study of the optimization process forreduced power consumption.Principles for Secure ArchitectureThe concept of sabotage directed against U.S water supplies is not new. In 1941, Federal Bureau ofInvestigation (FBI) Director J. Edgar Hoover wrote the following: “Among public utilities, watersupply facilities offer a particularly vulnerable point of attack to the foreign agent, due to thestrategic position they occupy in keeping the wheels of industry turning and in preserving thehealth and morale of the American populace.” Figure 9: analysis of vulnerabilitiesThe "people" layer is known to be one of the most complex. The members of this layer can beclassified as: the virtual criminal; the end user or the security officer.The virtual criminal, according to IETF (Internet Engineering Task Force), RFC (Request forComments) nº 2828 – Internet Security Glossary - Cracker : “Someone who tries to break thesecurity of, and gain access to, someone else’s system without being invited to do so.” (IETF, 2006,p. 46).Nasra Hassan noted in The Times: “None of the suicide bombers – they ranged in age from 18-38,conformed to the typical profile of the suicidal personality. None of them was uneducated,desperately poor, simple-minded, or depressed. Many were middle-class and help paying job. Twowere the sons of millionaires. They all seemed entirely normal members of their families. They Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  12. 12. Copyright 2010 ISA. All rights reserved. www.isa.orgwere polite e serious, and in their communities were considered to be model youths. Most werebearded. All were deeply religious.”Dan Kroll wrote the following: “International terrorists and fringe groups are not the only sabotageconcerns in the water industry. A possible attack orchestrated by an insider is also a vulnerabilitythat needs to be addressed. An insider, such as a disgruntled worker, would be familiar with watersupply systems and would know the vulnerable points for attack. While the danger of attempts bysuch individuals to cause mass casualties is slight, they do represent a distinct possibility as far asnuisance attacks and denial of service actions are concerned. The question remains, however:regardless of who the terrorists are or what their goals are, is water a viable terrorist target?”Information SecurityInformation security refers to the protection of information belonging to an enterprise or a privateindividual. The overall subject of information security is very wide-ranging and includes severalareas of knowledge and, by the same measure, several types of issues. Most security issues arecaused intentionally by ill-intentioned individuals attempting to obtain material advantages, attractattention or harm somebody else. Network security issues can be sub-divided into the followinginterconnected aspects (TANENBAUM, 2003): • Confidentiality: guaranteeing that the content of privileged information is accessed only by authorized individuals; • Authenticity: guaranteeing the validity of the sender before exhibiting privileged information or undertaking a transaction of any kind; • Integrity: ensuring that the information transmitted by the sender is the same as that received by the receiver; • Irrevocability: No denial of authentication on the part of the receiver with regards to information content; • Auditing: continuously verifying logs, with the purpose of identifying possible invasions or incorrect use of the system; • Availability: guaranteeing that a service remains available for a period of time; • Access Control: ensuring that only authorized users have access to privileged information.Information security is related to the necessity to protect against intentional or unintentional accessor manipulation of confidential information by unauthorized individuals, and the unauthorized useof a computer and its peripherals. Protection necessities should be defined in terms of possiblethreats, risks and the objectives of an organization, which are formalized in the terms of its securitypolicy (SOARES, LEMOS and COLCHER, 1995). Information assets are subject to differentevents, which can potentially compromise their security. These can be divided into threecategories: threats, vulnerabilities and incidents, all of which characterize risk (MARCIANO,2006): • A threat can be considered as an undesirable event or action, either accidental or intentional. A threat may occur by means of several malicious agents and it consists of a Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  13. 13. Copyright 2010 ISA. All rights reserved. www.isa.org possible security violation of the system. An intentional threat is regarded as an attack (SOARES, LEMOS and COLCHER, 1995). The production of scenarios and the creation of classification lists can identify threats. The classification of risks consists of defining categories and sub-categories of classification, thus creating a “tree”, in which the branches represent the types of threats and the leaves are the threats themselves. (SILVA, CARVALHO and TORRES, 2003). • Vulnerabilities are elements related to information that could potentially be exploited by some threat, thus representing a potential point of failure (MARCIANO, 2006). The exploitation of vulnerabilities may occur if a certain service or system, possibly a server or operational system, a physical installation or an application with a failure, is operating in the environment. • An incident is an event that involves a violation of security, which may compromise the confidentiality, integrity and availability of information. The exploitation of vulnerabilities gives rise to security incidents.Security MethodsThe protective mechanisms of a system may be either technical or non-technical. To define thesecurity method, it is necessary to analyze the security requirements and understand the protectivemechanisms that best suit the environment analyzed. (BISHOP, 2009). Among these weemphasize: • Firewall: A firewall can be software or a combination of software and hardware, known as a firewall appliance. Its main purpose is to control access to a certain network, permitting or denying certain types of access. Authorization or denial of access is based on the security policy that governs the firewall (BISHOP, 2009). • VPN: The initials VPN stand for Virtual Private Network. This is a private information network that uses the resources of a public communications network. Secure VPNs use tunneling cryptography protocols in order to be considered secure (TANENBAUM, 2003). • Cryptography: The word cryptography is a portmanteau of two Greek words meaning “hidden writing”, and it refers to a technique by which information is transformed into something illegible, which only the receiver has the mechanisms to decipher. It is a manner of making information more difficulty to be read by unauthorized individuals (BISHOP, 2009). • Intrusion Detection System: The word detection means revealing or perceiving the existence of something hidden, whilst intrusion refers to someone or something that is introduced into some part of a system without having any business being there (FERREIRA, 2009). Intrusion Detection Systems (IDS) are software or hardware systems that automate the process of event monitoring occurring in a computer or a network, and analyze such events in search of security breaches (BACE and MELL, 2001). As previously mentioned, attacks on computer networks have significantly increased and intrusion detection systems have become an essential tool for infrastructure security as a whole. According to (CHEBROLU, ABRAHAM and THOMAS, 2004), the main properties of an IDS are: Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  14. 14. Copyright 2010 ISA. All rights reserved. www.isa.org o To be tolerant of failures and to continuously operate with minimum human supervision, as well as being capable of recovering from system failures, whether accidental or caused by malicious activities. o To have the capacity to resist and detect any alteration forced by an attacker. o To operate with the minimum of resources in order to avoid interfering in the normal operation of the system. o To be configured precisely and in accordance with security policies. o To be easy to install and operate within different architectures and operational systems. o To detect different types of attack and to be capable of recognizing legitimate activity, not confusing it with an attack. oScada System ArchitectureThe architecture of a SCADA system is variable in accordance with the necessity of differententerprises, however security aspects must be followed in order to attain a more secure and robustenvironment. Starting from this principal and apparent necessity, security standards wereestablished for this purpose, as follows: • ANSI/ISA–TR99.00.01–2007 - Security Technologies for Manufacturing and Control Systems; • ANSI/ISA–TR99.00.02–2007 - Integrating Electronic Security into the Manufacturing and Control Systems Environment; • ANSI/ISA 99.02.01-2009 - Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program.The purpose of ISA technical reports is to categorize and define currently available securitytechnologies, in order to provide technological knowledge and standardization, as well as helpingto identify and solve vulnerabilities and reduce the risk of systems being invaded (ANSI-ISA –TR.99.00.01 – 2007) and (ANSI-ISA – TR.99.00.02 – 2007). Based on these standards andspecifications, a SCADA environment will be analyzed and solutions will be recommended for theimprovement of the system, with information security as the premise.Currently, information security is a constant concern for many institutions and countries that usecomputer resources for communications and the provision of services. Protective measures andcountermeasures for SCADA systems are known, although they are not often used to their fullpotential. These include firewalls, intrusion detection, cryptography and VPN, among other things.In the early days, these systems were based on mainframes with closed architectures; in otherwords, they were manufacturer-dependent and were isolated from other systems (XIAO andKWIAT, 2008). Nowadays, SCADA systems are converging more and more towards platformsbased on open systems that have architectures firmly supported by connectivity. Accordingly, theinterconnection of such systems with the corporate network, and in some cases with the internetitself, is usual. From this issue and with the current technological development scenario of the Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  15. 15. Copyright 2010 ISA. All rights reserved. www.isa.orginformation security area, based on the aforementioned standards, an approach to security is carriedout, in this case on a water treatment system.In figure 10, we can observe a diagram of the SCADA system architecture. Figure 10 – Diagram of the SCADA architecture (ANSI-ISA – TR.99.00.02 – 2007).As previously mentioned, SCADA system architectures vary from enterprise to enterprise.Accordingly, the application of a questionnaire in order to detail the risks to a particularenvironment is recommended in (ANSI-ISA – TR.99.00.02 – 2007). Recommendations forimprovements to the environment and mitigation of risks arise from the results of thisquestionnaire.Based on standards (ANSI-ISA – TR.99.00.01 – 2007) and (ANSI-ISA – TR.99.00.02 – 2007), it isrecommended that the criteria below be followed: • Segmentation of the data network with regards to the automation network. The creation of a virtual local area network (VLAN), for the segmentation of the data network from the automation network. Accordingly, a physical network is divided into small logical networks. Gains are to be found in the increase in performance, improved management and simplicity of access. • Use of firewalls in addition to IDS. The use of firewalls to control access and protect against unauthorized access. The use of two layers of firewalls (front-end and back-end) is recommended. The front-end firewall protects internet access, whilst the back-end firewall protects inter-network access. Furthermore, an IDS should be placed within the network to Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  16. 16. Copyright 2010 ISA. All rights reserved. www.isa.org monitor traffic and indentify the signatures that are indicative of an attack. Similarly, it is important that the IDS be positioned in two layers: internet and internal. • Counting access (success and failure). Every attempted access, whether successful or not, must be counted by an external authentication manager. The purpose of this is to store information on which devices authentication was executed for, and what the level of privilege is. • Log storage: The existence of a syslog to store traffic that passes through the firewall, external manager and intrusion detector, so that access attempts can later be counted or studied, with the purpose of identifying system users. • Use of VPN: For the purposes of remote access to computer resources, the use of VPN is strongly recommended. This guarantees greater confidentiality of data traffic, as it is cryptographed. The VPN solution for remote access is a practice that has been increasing considerably, and it enables the use of geographically distant resources, as if they were local. • A vulnerability verification mechanism for the elements that make up the network, as well as regular updates. Vulnerabilities are the greatest causes of the unavailability of resources that make up the network. Accordingly, it is necessary that all installed programs be accounted for and versions verified for failures. In the event of failures, the necessary updates must be executed. • Data cryptography: All traffic must have a mechanism that makes the visualization of transmitted data difficult. For this to be possible, the use of cryptography for any type of transmission is strongly recommended.ConclusionIn this study, the stages of the water treatment process were demonstrated, along with its criticalityparameters. Furthermore, the article describes the efficient operation and automated control of awater treatment enterprise, and the best practices adopted in order to guarantee the security of theenvironment were also detailed, with basis in the following standards: ANSI-ISA – TR.99.00.01 –2007 and ANSI-ISA – TR.99.00.02 – 2007.Monitoring is a critical component of any water security program, and Dan Kroll wrote thefollowing: “With the current state of technology, there is no need for us to operate our watersystems as if blindfolded. Admittedly, the instrumentation available today isn’t going to give us x-ray vision, but it will allow us a clear enough picture to avoid many of the hazards that we wouldsurely encounter if we left the blindfold securely in place.”It can be observed that the exchange of information between business processes and managementsystems leads to improved integration, thus making it a key process for the success of an enterprise,as well as creating and maintaining a competitive advantage. Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  17. 17. Copyright 2010 ISA. All rights reserved. www.isa.orgReferences 1. Hoover, J.E., “Water Supply Facilities and National Defense,” 1941. Jour. Awwa, 33:11:1861 2. Sherma, R.E. Analytical Instrumentation. 1996. 3. Richter,Carlos A, Azevedo, J.M . Tratamento de Água. 2000. 4. Di Bernardo, Luiz. Seleção de Tecnologias de Tratamento de Água. 2006. 5. Tsutiya, Milton Tomoyuki. Abastecimento de água, 3ª Ed. São Paulo, Departamento de Engenharia Hidráulica e Sanitária da Escola Politécnica da Universidade de São Paulo, 2006 6. IEC 61508-n, Functional safety of eletrical/electronic/programmable electronic safety- related systems. Commission Electrotechnique Internationale, 1998. 7. IETF – Internet Engineering Task Force. Request for coments (RFC) nº 2828. GTE/BBN Technologies, 2000. Disponível em: <http://www.ietf.org/ rfc/rfc2828.txt>. Acessado em: 01 maio 2006. 8. PIPINO, Leo L., LEE, Yang W., WANG, Richard Y. Data Quality Assessment. Communicatons of the ACM, vol. 45, April, 2002. 211p. 9. TANENBAUM, A. S. Redes de Computadores. 4a. Edição. ed. Rio de Janeiro: Elsevier, 2003. 10. SOARES, L. F. G.; LEMOS, G.; COLCHER, S. Redes de Computadores das LANs MANs e WANs às Redes ATM. 2a Edição. ed. Rio de Janeiro: Campus, 1995. 11. MARCIANO, J. L. P. Segurança da Informação - uma abordagem social. Universidade Federal de Brasília. Brasília, p. 211. 2006. 12. SILVA, P. T.; CARVALHO, H.; TORRES, C. B. Segurança dos Sistemas de Informação - Gestão Estratégica da. 1a Edição. ed. Lisboa: Centro Atlântico, 2003. 13. FERREIRA, A. B. D. H. Novo Dicionário Aurélio da Língua Portuguesa. 3ª Edição. ed. [S.l.]: Positivo, 2009. 14. BACE, R.; MELL, P. NIST Special Publication on Intrusion Detection Systems. National Institute of Standards and Technology – Computer Security Resource Center. [S.l.], p. 51. 2001. 15. CHEBROLU, S.; ABRAHAM, A.; THOMAS, J. P. Feature deduction and ensemble design of intrusion detection systems. Computers & Security, p. 13, 2004. 16. BISHOP, MATT. Computer Security – Art and Science. 11th Edition. ed. Massachusetts: Addison-Wesley, 2009 17. XIAO, K.; KWIAT, K. Retrofitting Cyber Physical Systems for Survivability through External Coordination. 41st Hawaii International Conference on Systems Sciences, Hawaii, 2008. 18. ANSI/ISA-TR99.00.01-2007. Security Technologies for Manufacturing and Control Systems.The Instrumentation, Systems, and Automation Society. North Carolina: Instrument Society of America, 2004. 19. ANSI/ISA-TR99.00.02-2007. Integrating Eletronic Security into the Manufacturing and Control System Enviroment, Systems, and Automation Society. North Carolina: Instrument Society of America, 2004 Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY
  18. 18. Copyright 2010 ISA. All rights reserved. www.isa.orgBiographiesAlaíde Martins, has over 10 years of experience in automation, instrumentation, and processcontrol design and applications. During her career, Mrs. Martins has worked for several largecompanies, including Brahma, Cetrel, and some Universities. She is currently Automation ProjectManager at Foz the Brazil, in São Paulo, where she is responsible for the front-end engineering forWater and Sanitation Company projects and Researcher at Faculdade Dom Pedro II. Mrs. Martinsholds a BS in Computer Science from the University of Salvador and MSc. in Network Securityand PhD Student Electric Engineering from the University of Sao Paulo and Chemical Analystfrom the Federal Center of Technological of Bahia. She is a member of ISA, IEEE and RegionalCouncil of Chemistry.Marcelo Teixeira de Azevedo, has over 5 years of experience in security information. During hiscareer, Mr. Azevedo has worked for several large companies, including EDS, IBM, AT&T andsome Universities. He is currently IT System Specialist at AT&T, in Brazil. Has experience indefinitions of security practices and implementation of network projects. He teaches computernetwork at ITA and UNIP. Mr. Azevedo holds a BS in Computer Science from theUniversity Santa Cecília and currently is MSc. Student in Electric Engineering from the Universityof Sao Paulo. He has a certified professional like CCNA, CCDA, CCSA and CCSE.Sergio Takeo Kofuji is doctoral degree in Electrical Engineering teaches of the postgraduatecourse at Electrical Engineering of USP. Researcher at University of Sao Paulo. He is a member ofIntegrated Systems Laboratory – LSI and group coordinator PAD - Pervasive Systems Group andHigh Performance.AA Electronic Engineering and Information Technology, such as Computer Architecture and DistributedSystems, Cyber-Physical Systems and Embedded Systems and advanced imaging.Sidney Viana concluded the graduate course in Electrical Engineering, and the master degree inElectrical Engineering, after that the Doctoral degree in Computer Science, both, masterand Doctoral degree at the Polytechnic school of University of São Paulo - USP. Currently, isinvited professor of the postgraduate course at Computer Engineering of USP. Presented at the 56th International Instrumentation Symposium 10-14 May 2010, Rochester, NY

×