Supervisory control and data acquisition (SCADA) systems are vital for automating and remotely monitoring industrial processes. In the oil and gas industry, SCADA systems improve operational efficiency, safety and reliability by enabling real-time data collection and control. The shift from conventional to virtualised and cloud-integrated SCADA solutions addresses high infrastructure and maintenance costs. Technologies such as edge computing, industrial internet of things (IIoT), artificial intelligence/machine learning (AI/ML) and digital twins enhance SCADA capabilities, enabling predictive maintenance and real-time anomaly detection. In addition, robust cybersecurity measures are essential to protect these systems. By leveraging advanced SCADA systems, the oil and gas sector can achieve higher efficiency, reduced downtime and enhanced safety.
Emerging trends
Conventional and virtualised SCADA system
Conventional SCADA systems consist of one machine for both software and hardware components, enabling remote and on-site data gathering from industrial equipment. Each application requires a separate machine, and redundant architectures necessitate deploying redundant set-ups. If the customer opts for an annual maintenance contract (AMC), responsibility for maintenance and support shifts to automation contractors or original equipment manufacturers (OEMs). Otherwise, end users manage maintenance independently. This involves high infrastructure and maintenance costs, with redundancy further adding to the expense.
However, to overcome the redundant costs, the concept of virtualisation has been introduced. Although multiple virtual machines can run on one host machine with a single operating system, balancing equal ownership between the end customer and automation OEM remains a key challenge. OEMs are required for integrating system logging protocols (syslogs) for visualisation set-up. Syslog is a protocol used for sending and receiving log messages in a network. OEMs help in reducing infrastructure and redundancy costs, facilitating easier maintenance. It is essential to get the AMC validated with the automation provided by OEMs.
There are three types of virtualisations:
vSphere HA (VMware high availability) is a set-up where if one virtual machine (VM) fails, it can be revived via a backup stored in a storage area network (SAN) or network attached storage (NAS). It enhances availability with automated detection and eliminates manual intervention. However, it increases the risk of data loss and extended downtime.
vSphere FT (VMware fault tolerance) has zero downtime. Continuous availability for VMs is ensured by maintaining an identical secondary VM that can seamlessly replace the primary VM in case of a failure.
vSphere V Motion enables the live and hot migration of an entire running VM from one host to another without any downtime or interruption to the VM. For this, a dedicated server or vMotion enterprise licence running on SAN or NAS storage is required. If a machine fails in host A, it automatically moves to host B with minimal downtime and a few minutes of data loss.
Edge computing and IIoT
Edge computing and IIoT are transforming SCADA set-ups, especially in widely distributed geographies where latency issues arise as data travels to central control rooms. Edge gateways are placed near remote terminal unit devices where data processing takes place, depending on the risks that the organisations are ready to take.
Cloud-integration-SCADA-as-a-service
Cloud-integration-SCADA-as-a-service is another emerging trend. Cloud integration is becoming increasingly important for applications that require remote monitoring. For example, a city water distribution centre can benefit from cloud integration by remotely monitoring primary facilities and distribution lines. However, it is not recommended to place data on the cloud if the system includes safety-instrumented systems that operate on a millisecond basis, as cloud latency can pose risks.
Some industries are cautiously adopting cloud integration. For instance, a major oil and gas company conducted a proof of concept for their nitrogen plant by deploying IoT sensors and enabling control via iPads.
AI/ML integration
AI and ML are emerging trends revolutionising SCADA systems by enhancing predictive maintenance, anomaly detection and operational efficiency. For effective AI/ML implementation, organisations need to create scalable data lakes that integrate data from multiple vendors (for instance, Emerson, Yokogawa and Honeywell). This integration is essential as time-series data from different systems need to be synchronised on a common platform for meaningful analysis. There would be a common database, and data would be pulled into a SCADA data lake. From the data lake, depending on an organisation’s risk appetite, they can either opt for cloud solutions or maintain on-premises infrastructure. Integration with SAP ERP (systems, applications and products in data processing – enterprise resource planning) can further enable automated reporting, including management information system reports and web reports.
Automation requirements
Automation is crucial in the oil and gas sector, requiring systems to be remotely controlled or equipped with integrated control and safety systems.
Currently, some facilities, such as Pipeline Infrastructure Limited’s sectionalising valve stations, are operated manually, but plans are in place to motorise them by the end of 2024. Key requirements for automation include enhancing cybersecurity with robust network and perimeter security, intrusion detection systems or intrusion prevention systems and a 24/7 operational technology security operations centre, tailored specifically for operational technology (OT) environments given the diverse protocols from different vendors.
Implementing digital twins and creating data lakes are essential for real-time anomaly detection and predictive maintenance, especially for critical equipment like centrifugal gas compressors.
Further, integration with SAP ERP can streamline automated reporting, while mobile monitoring via tablets and iPads can reduce the need for central control rooms, cutting infrastructure costs.
SCADA systems require high availability to facilitate continuous operations and minimise downtime. Automation includes fault tolerance, redundancy and failover strategies to ensure reliability. Ensuring resilience and disaster recovery with proper recovery time objectives and recovery point objectives, following compliance guidelines, and maintaining high availability through fault tolerance are vital. The firewall-friendly standard open platform communications unified architecture is increasingly being, facilitating interoperability among SCADA systems and devices.
Key issues and challenges
Integrating automated systems in the oil and gas sector increases cyber vulnerability, risking operational disruptions, financial losses and environmental hazards. Some challenges include ensuring compatibility among multiple OEMs and protocols, which complicates integration and cybersecurity, among others. IT-OT convergence exposes systems to IT threats, necessitating robust anomaly detection and monitoring. Legacy OT systems, reliant on OEMs, face cybersecurity risks, necessitating resilient strategies. Operational disruptions from downtime due to updates underscore the need for comprehensive cybersecurity measures, though it remains a challenge to implement vulnerability assessment and penetration testing.
Towards securing network
It is essential to adopt a structured framework to address cybersecurity issues, such as adopting an IT-OT unified cybersecurity framework that considers standards and regulations (such as ISO 27001, NIST800-52, NIST800-82, IEC 62443, CERT-IN and NCIIPC).
The oil and gas sector can also enhance cybersecurity with the zero trust security model (ZTSM), which ensures thorough authentication for every access request to mitigate threats from both inside and outside the network. However, implementing ZTSM in remote plant locations may pose challenges for multifactor authentication access. Additionally, it remains crucial to deploy multiple layers of security controls such as network firewalls, endpoint protection and user authentication.
When dealing with legacy systems in plants, it is important to implement perimeter and network security since endpoint security may not be feasible. Validation by OEMs before deploying malware protection tools is necessary. Careful access controls, including OT firewalls and perimeter security, should be applied to legacy systems. Continuous monitoring of OT systems for unusual activity and conducting risk assessments to identify vulnerabilities are essential. Other critical components of effective cybersecurity measures in industrial environments include employee training, regulatory compliance and adherence to standards.
Based on remarks by Nikhil Mittal, Senior General Manager (CISO) – Cyber Security and Digitalisation, Pipeline Infrastructure Limited, at a recent India Infrastructure conference
