The Risks And Rewards Of Cloud Connected Scada
CIOREVIEW >> CioReview100 >>

The Risks And Rewards Of Cloud Connected Scada

Tom Craven, VP of Product Strategy, RRAMAC Connected Systems
Tom Craven, VP of Product Strategy, RRAMAC Connected Systems

Tom Craven, VP of Product Strategy, RRAMAC Connected Systems

Intro - The promises of SCADA

SCADA (Supervisory Control and Data Acquisition) systems have always promised improvements in efficiency, productivity, and reliability. If you just collect lots of data from the production floor and throw it into a database you can use this information to eliminate downtime, optimize production rates, prevent quality defects, etc. Right? Well, in theory yes. In reality most SCADA systems have been collecting data for years while failing to deliver on these promises.

A common phrase among SCADA users is “There is no R in SCADA”, referring to the lack of reporting capability. Sure, you can ask your IT department to write a bunch of queries, or you can buy reporting packages to put the data into charts and tables, but this falls well short of providing the actionable business intelligence you need to improve productivity. What you need are things like OEE software (Overall Equipment Effectiveness) that can provide interactive tools to analyze downtime, quality, and production rates with drill downs to uncover root causes. From there you can add artificial intelligence (AI) software for predictive maintenance, predictive quality, digital twins, etc.

The problem is that most companies struggle just to maintain their SCADA systems. Every security patch to the Windows operating system or virus software can have a ripple effect that requires you to upgrade your SCADA system. When there is any software error in the SCADA system, your engineer needs to call into the SCADA hotline where they typically are told “Try installing our latest upgrade. Maybe that will fix it.” These frequent upgrades are time consuming for the engineer and may actually increase the downtime you were hoping to prevent in the first place.

Telling your engineers that they now need to also support OEE and AI software, makes the local support requirements orders of magnitude worse. So what’s the solution?

The Benefits of Software as a Service

Software as a Service (SaaS) is a cloud hosted architecture where the cloud vender manages not only the physical servers but also the software including the OS, middleware, and applications. Using SaaS eliminates most of the local support issues associated with traditional on-premise software. The cloud hosting company is responsible for maintaining all the software including the upgrades to the operating system, reporting and analytic packages (OEE, predictive maintenance, and other AI), communication drivers, database maintenance, etc. Since most cloud systems run on redundant servers with backup power generation the system rarely if ever goes offline.

But how do you run the equipment if your plant temporarily loses it’s internet connection? There are two ways to address this. One option is to maintain your local SCADA system for local operator interface functionality. The SCADA system would continue to provide operators with a local view of the system and allow them to start and stop equipment, change setpoints, and acknowledge alarms. The SCADA system would collect data from the PLCs and push it to the cloud server.

The other option is to eliminate local SCADA entirely by using local operator interface touch screen to start and stop your equipment or change setpoints. In this scenario edge node devices would collect data locally, buffer it during network outages, and push it to the cloud server.

What about Cybersecurity?

When I talk to people about cloud hosted services for industrial equipment,often times the immediate response is “The IT department will never let us connect”. The IT department’s cybersecurity concerns are well founded. We should absolutely be cautious when it comes to connecting industrial manufacturing equipment to the internet. The IIoT is like fire - extremely dangerous if used carelessly, but incrediblyvaluable if used safely and responsibly for a specific purpose.

Most IT departments will object to firewall holes and VPN access by third party companies, and they should. When you do online banking, you never ask the bank for a VPN connection into their network. You connect to your account using an encrypted TLS tunnel with signed security certificates. This same approach can be used by an edge node or a local SCADA server to connect to the cloud. The outbound connection from the SCADA PC or from the edge node is made either via an open port or through a proxy server. This approach should be the minimum security level for connecting equipment to the cloud.

For even greater security, you could consider using a data diode. A data diode contains two separate processors. One connects to the plant floor network, the other to the cloud via the internet. The only connection between the two processors is a single fiber cable that allows data to be sent from the plant side to the cloud side. The plant has full control over what data values are sent out, and it is physically impossible for any data or security threats to come into the plant thru this device. Data diodes are commonly used in the most security conscious applications such as aerospace and power generation utilities and are becoming more common in manufacturing environments as well.


Using cloud based Software as a Service (SaaS) for reporting and analyticscan streamline your path to downtime analytics, production efficiency, and predictive maintenance while reducing operating costs. All this comes at a fraction of the price of traditional in house software and a timeline of weeks rather than months.

Read Also

Building Safe Communities

Keith Meadows, Chief Of Police, City of South Fulton

The Six Pillars Of 21st Century Policing

Derrick Peterson, Chief Deputy, Multnomah County Sheriffs Office

Change Management: Part 1: Don’t Bump The Fish Bowl

Cory Godwin, Director of Jail Operations,Walton County Sheriff's Office

Technology In Corrections “Things Are Only Impossible Until...

Steve Harrelson, Assistant Sheriff Detention, Judicial Services and Re-Entry, Leon County Sheriff’s Office

Putting The Awareness In Security Awareness

Paul Jones, CIO, City of West Palm Beach

Prudent Policing Through Information Literacy (Il)

John Bennett, Chief Of Staff, City of Tampa