Exporting Ovation Point Data over a serial link using an OPC Server

S

Thread Starter

Sarmad

Hi,

I'm working at a Combined Cycle Power Plant as an I&C Engineer. We use Ovation DCS for plant control. We are evaluating the viability of a proposal in which we will be exporting (sharing) a few analog points to a third party (Gas Supply Company).

We intend to provide some point data (Approximately 6 Analog Points) to a third party. We want to export the data via an OPC Server over a wireless link using TCP/IP. Can anyone advise me regarding the viability of this scheme?

Personally I'm not sure whether connecting my network (Ovation Highway) to an external network is a smart idea. What are the possible risks involved in such a scenario?

Apart from viruses, is there a possibility that the 3rd party may be able to influence/disrupt the operation of my plant? Is it possible to mitigate all the possible risks and threats present in this scheme by using a properly configured firewall?

Any help or advice will be appreciated.

Regards,
Sarmad
 
S
It's only six points. If you're within 802.11 range it shouldn't be prohibitively expensive to just hardwire them if you want to be confident in the security of the link. If the third party won't install the hardwire to interface in that way, you could do it yourself as a sort of firewall. IOW have your critical system send out the AO's over individual twisted pairs to a small PLC which then sends them back out digitally over the WiFi to the gas company, but doesn't connect to anything but the WiFi and the analogs and doesn't control anything at all.
 
This sounds like a potential security problem. A firewall will limit which sockets can be connected to, but that may not be much help when you consider that the one you have to let through (MS COM/DCOM) is by itself one of the biggest security risks.

The suggestion from Steve Myres may be workable if done properly. This is potentially the cheapest and quickest solution.

You can also set up a separate computer that acts as a middleman which is *outside* of your inner security perimeter, but still under your control. The gas company is then allowed to talk to that computer, and that computer is allowed to talk to your control system. This is the type configuration used on a lot of web sites where the web server and the database sit on opposite sides of a security "wall". If you are going to use this approach however, get someone who is experienced in computer security to set things up properly. Even the best security ideas won't work unless they are properly set up and actively maintained.
 
Thanks. Your replies were quite helpful. We talked with the local Emerson reps the other day and they also advised us not to provide an OPC connection to the third party (gas company). We have asked them to provide alternate solutions, lets see what we get.

Regards,
Sarmad
 
A

Arthur Mayclin

With Ovation, the OPC software resides on one of the control system computers, which creates the security risk. Another method of sending data is via serial, which can be done via an RLC. That effectively segregates the DCS network, but would still require the use of third party equipment for the remote link. This can be done via microwave, cell, satellite, or leased line....to name a few. The design is generally built around the area and distance in question, and the cost (for six points, bandwidth is not an issue).
 
A
Sarmad,
Were you able to get a solution for your requirement?

Regards,
Arif

> Thanks. Your replies were quite helpful. We talked with the local Emerson reps the other day and they also
> advised us not to provide an OPC connection to the third party (gas company). We have asked them to provide
> alternate solutions, lets see what we get.
 
Dear Sarmad

At our CCPP output from DCS is given to AB PLC and through SCADA. we send & receive the information to gas supplier which is at distant of 35 KM. we have local PC with RS-view 32 installed, where we can see the data coming from gas supplier.

AVANCEON lahore Pakistan is vendor who installed that system

ashiq
 
Top