If there’s one trend made clear by the ongoing digital transformation of the industrial enterprise, it’s that one supplier’s technology offering is seldom adequate to address an organization’s full range of needs. Rather, integrated ecosystems of complementary technology solutions are required to effect desired outcomes.
While Trihedral rightly prides itself on not using any third-party software within its VTScada platform (thus avoiding potential software bill-of-material cyber vulnerabilities), a number of successful synergies of VTScada with complementary solutions were highlighted at this year’s VTScadaFest event in Orlando—from no-code analytics and augmented reality to moving-target cybersecurity capabilities.
Instant dashboards
Lee Allen, SCADA program developer for the wastewater treatment systems of the City of Lethbridge in Alberta, Canada, spoke to his boot-strap implementation of VTScada software with Itanta Analytics’ no-code dashboarding and analytics application to augment a PI historian and Excel spreadsheets.
His “one-man band” application roll-out is now successfully “hoovering up” PI data into VTScada. That data will soon be available to operators via Intanta dashboards on mobile devices. “We want them to see something SCADA-like, but not allow changes,” Allen explained. And ease of configuration? “It’s point and click, what more can I tell you?” He’s now looking to use VTScada and Itanta to build the water treatment facility’s own intrusion detection system.
Intanta, which first visited VTScadaFest in 2022, has been growing rapidly since the pandemic and now numbers 40 team members and 150 licenses in many process industry verticals around the world. “We want to give the power of analytics to citizen developers who know the domain,” said Harshad Bhagwat, CTO.
AR made easier
Another relative newcomer to the VTScadaFest scene is Aircada, a software startup that is aiming to streamline the development of augmented reality (AR) applications in the operations arena. Paul Collins, electrical supervisor for Gemini Telescopes and the twin 8.1-meter optical/infrared telescopes it manages on mountaintops in Chile and Hawaii, started deploying VTScada in 2018, then found Aircada online.
“We used to walk around with paper checklists, but now we use a smartphone to display real-time and historical trends superimposed on the relevant equipment,” Collins said. Integration of the cloud-based Aircada platform with VTScada using the REST API interface “makes it easy,” Collins said. Then, he used a VPN network connection to import VTScada tags and “we were ready to go,” he said. “The combination of VTScada and Aircada brings efficiency to AR display development.”
Aircada CTO Wylie Chenoweth credited the platform’s easier implementation in part to the “spatial anchors” the system uses to automatically associate GPS coordinates with visual features such as pieces of equipment. The accuracy of these anchors improves with continued use, and their use obviates the need for the QR-coded reference points used by other systems. The company recently added “Aircada GO” to the platform, which gives remote experts the ability to directly interact with augmented reality representations.
Vanishing networks
Another partner organization represented at VTScadaFest was cybersecurity specialist Dispel. COO Ben Burke offered a “Crash Course in Cyber Resilience” that reviewed the key strategies and tactics that can make an organization “the hardest to attack, and the fastest to recover.” Cyber criminals today are looking for easy money, he added. “Make it hard, and they’ll move on to the next.”
The first phase of building a more cyber-resilient organization is triage, which includes developing an asset inventory and governance model. Assess the risks and potential consequences of a successful cyberattack, including an incident response plan. Provide initial segmentation of networks and establish controls for operator and vendor access.
“Segmenting IT and OT is an important first step,” Burke explained. “Note that the Colonial Pipeline attack was actually limited to its IT networks, but they had to shut down their OT systems to prevent its spread.”
Phase two is all about standardizing practices across the organization. This includes access flow and controls, data feeds, continuous monitoring and topical segmentation of the OT network itself. “Establish an OT DMZ, or demilitarized zone,” Burke urged. “Use alternate pathways in. Challenge them first, then give them access.”
Phase three is about optimization. Establish an upgrade and patch management program. Unify your OT DMZs. Prune any duplicate licenses and centralize maintenance and monitoring, Burke said.
Consistent with Dispel’s value proposition, Burke also recommended moving from static defenses to a moving target defense, likening the shift to that from a castle’s static walls to a submarine’s dynamic, mobile defenses. “Like the submarine’s missile, your PLC’s mission remains the same, but the shell, the perimeter, is constantly changing.
“Time is not on your side. If you’re just sitting in one spot, with static connections, enemies can simply wait for a new zero-day vulnerability to emerge then come knocking again,” Burke said. “Rather, implement disposable intermediates that are unique for each user session, then throw them away.”