Sanitation plants generally involve low rates of automation, especially in Brazil. This review article
makes an attempt to change this scenario by demonstrating the importance of the automation of
these plants. This article describes the efficient operation of a plan submitted for the automated
control systems of a Water and Sanitation Company. Several properties and issues are observed
during the execution of the project. The properties observed include the integration of automation
systems, instrumentation, PLC (Programmable Logic Controller), SCADA (Supervisory Control
and Data Acquisition) and LIMS (Laboratory Information Management Systems). On the other
hand, issues observed include the lack of precision in the processing of data, difficulty in system
integration and security issues among other things. The aim of this paper is to analyze the
importance of process measurement and control in the operational management of the Company.
The results indicate that the use of measurement and control systems leads to improved quality of
processes and laboratory data. This study suggests technological tools to monitor the specific
parameters of the process and presents network topology automation telemetry currently in use for
executing critical analyses of the topology and security policy information employed in this
environment. It describes and analyzes the automation project, from implementation issues,
including justification, to aspects concerning purchasing and validation. Furthermore, it details
benefits of automation, such as standardization of technology, economies of scale, time savings,
increased productivity, reduced errors, increased reliability of results and the available and
accessible production of knowledge, thus transforming it into a tool for decision making.
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Instrumentation, SCADA, LIMS: Tools for efficient management the operational process of the water treatment.
1. Copyright 2010 ISA. All rights reserved. www.isa.org
Instrumentation, SCADA, LIMS: Tools for efficient
management the operational process of the water treatment.
Authors: MSc. Alaíde Barbosa Martins
Marcelo Teixeira de Azevedo
PhD. Sergio Takeo Kofuji;
PhD. Sidney Viana
Keywords: SCADA, Security, LIMS, water treatment, Securing water supply
Abstract
Sanitation plants generally involve low rates of automation, especially in Brazil. This review article
makes an attempt to change this scenario by demonstrating the importance of the automation of
these plants. This article describes the efficient operation of a plan submitted for the automated
control systems of a Water and Sanitation Company. Several properties and issues are observed
during the execution of the project. The properties observed include the integration of automation
systems, instrumentation, PLC (Programmable Logic Controller), SCADA (Supervisory Control
and Data Acquisition) and LIMS (Laboratory Information Management Systems). On the other
hand, issues observed include the lack of precision in the processing of data, difficulty in system
integration and security issues among other things. The aim of this paper is to analyze the
importance of process measurement and control in the operational management of the Company.
The results indicate that the use of measurement and control systems leads to improved quality of
processes and laboratory data. This study suggests technological tools to monitor the specific
parameters of the process and presents network topology automation telemetry currently in use for
executing critical analyses of the topology and security policy information employed in this
environment. It describes and analyzes the automation project, from implementation issues,
including justification, to aspects concerning purchasing and validation. Furthermore, it details
benefits of automation, such as standardization of technology, economies of scale, time savings,
increased productivity, reduced errors, increased reliability of results and the available and
accessible production of knowledge, thus transforming it into a tool for decision making.
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
2. Copyright 2010 ISA. All rights reserved. www.isa.org
Introduction
The treatment system must be designed to meet the requirements prescribed by the drinking laws in
force, 24-hours-a-day, as well as the time of operation required to meet demand. In this study we
detail a general structure of the units of water treatment. The choice of treatment is related to water
quality at the source.
Currently, automation networks provide information by internet, and technologies enable
monitoring by internet, so special attention is required with regards to the information security of
this environment. This paper pays special attention to the security-risk management architecture of
water treatment systems. The CRS Report to Congress entitled “Terrorism and Security Issues
Facing the Water Infrastructure Sector” describes the importance of control and security
infrastructure in the treatment system:
A fairly small number of large drinking water and wastewater utilities located primarily in urban
areas (about 15% of the systems) provide water services to more than 75% of the U.S. population.
Arguably, these systems represent the greatest targets of opportunity for terrorist attacks, while the
large number of small systems that each serve fewer than 10,000 persons are less likely to be
perceived as key targets by terrorists who might seek to disrupt water infrastructure systems.
However, the more numerous smaller systems also tend to be less protected and, thus, are
potentially more vulnerable to attack, whether by vandals or terrorists. A successful attack on even
a small system could cause widespread panic, economic impacts, and a loss of public confidence in
water supply systems. Bioterrorism or chemical attacks could wreck widespread havoc with small
amounts of microbiological agents or toxic chemicals, and could endanger the health of thousands
of people. Cyber attacks on computer operations could affect an entire infrastructure network, and
hacking into water utility systems could result in theft or corruption of information, or denial and
disruption of service. (Copeland, 2009)
Attacks against internet-based systems are currently much more serious and complex than ever
before. Thus, data storage, computing resources and, especially, protecting the reputation of an
organization, have become challenging tasks for professionals dedicated to the study of information
security.
The process of water treatment
The process of water production is continuous and has three basic steps: collection, treatment and
distribution. Monitoring occurs at each step of this process. Water catchment must be monitored
with the analysis of quality control and frequency parameters, as defined by federal, state and
municipal legislation. It is recommended that the most significant parameters, such as the turbidity,
color, pH, conductivity and chlorinity of surface water sources be carried out continuously with on-
line instrumentation.
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
3. Copyright 2010 ISA. All rights reserved. www.isa.org
Figure 1 - Process of water treatment
Each step of this process of water production uses on-line laboratory monitoring and
instrumentation, via telemetry to an Operational Control Center:
• Catchment: This step deals with three basic properties of the water: turbidity, pH and
Dissolved Oxygen. Upper limits are established for each of these parameters. Monitoring is
carried out with on-line reading from multi-parameter probes that transmit data to the PLC,
which in turn sends it to the Control Center. This enables decision-making flexibility with
regards to the dosage of chemicals in the system or any other specific actions that need to
executed. The dosage of chlorine in pre-chlorination is controlled, so there is still a residual
minimum of 0.2 mg/l of free chlorine in the decanter. This step involves the on-line
measurement and automatic dosage of the product, controlled by a PLC chlorination
system.
• Coagulation: the use of coagulants is directly linked to the turbidity of water. This is an
input that should be well-controlled, because it directly affects the cost of production and
water quality. To ensure dosage efficiency, the Jar-Test must be executed in order to enable
decision-making with regards to the rotation, time and dosage of coagulants. The Jar-test
should be performed using the comparative times of ETA arrests in order to be effective and
to reproduce the existing operation effectively. The result of this control is logged into the
LIMS system on the operational screen itself, in order to manage decisions to interfere in
the process (see figure 2). Adjustment may be made on the operational display of the
Supervisory System. For rapid mixing, the use of a high-range Turbidimeter is
recommended for monitoring the coagulation process, as well as a pH meter, as these are
required for adjusting the chemical dosage. These variables (pH and turbidity) are
monitored by the SCADA system, which generates alerts and statistical analysis of the
process in real time, enabling the analysis of the evolution of parameters over time (see
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
4. Copyright 2010 ISA. All rights reserved. www.isa.org
figure 3). The coagulant is affected by means of metering pumps, with a 4 to 20 mA signal
in order to ensure system accuracy. These pumps are monitored by the PLC / SCADA.
Figure 2 - LIMS Jar Test Figure 3 - Process Analysis (SCADA)
• Flocculation: this involves floc formation size and density. Flocs are removed by
sedimentation, flotation or direct filtration. The efficiency of flocculation depends directly
on the previous step, and is influenced by factors like the type of coagulant, coagulation pH,
water temperature, concentration and age of the coagulant solution, time and velocity
gradient of the rapid mix, type and flocculation geometry equipment and quality of the raw
water. At this point, the process control instrument is not executed. Only SCADA is used,
which monitors the time and velocity gradient of the mixture.
• Sedimentation: the process which withdraws the flocs formed by the grouping of impurities
during flocculation. It should be fixed to a maximum of 5.0 NTU and 2.0 NTU, which is
desirable in order to avoid filter overload, or a reduction of filter durability. This step is
monitored by a low-range Turbidimeter and possibly a measuring interface that alerts the
OCC when it reaches its upper thresholds.
• Filtration: the process of removing impurities and suspended solids. Monitoring the output
of the filter that facilitates the process of identifying the wash time, thus making treatment
more efficient, is recommended to limit the maximum turbidity to 0.9 NTU. This process is
managed automatically by the SCADA.
After this step, the process monitors the pH and, if necessary, corrects it in accordance with the
standards of drinking water in Brazil. It is also necessary to control the addition of fluoride and
chlorine. Dosage and control of fluoride must be executed by automatic instrumentation equipment
– an online fluoride analyzer. The working range for the fluosilicic acid dosing pump must be
established, so that the resulting concentration of fluoride in the water remains within the 0.60 to
0.80 mg/l range.
This project defines the integration management system that will detect, alert and classify
potentially harmful contaminants that can be intentionally or accidentally added into the water
treatment system. The results parameter monitoring are compared to limits and indicators, where
exceeded user-set thresholds mean a significant water quality deviation event has occurred.
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
5. Copyright 2010 ISA. All rights reserved. www.isa.org
Control and information are available to the supervisor via telemetry, using SCADA software and
LIMS software, thus enabling remote monitoring via the internet.
The tools to monitor specific parameter processes, and other related auxiliary systems, are
indicative of the state of the equipment. For satisfactory configuration of the instruments, the
automated unit and its mode of operation must be well understood. SCADA provides continuous
monitoring of the process, purchasing and registering information and signaling alerts and failures
occurring within the units.
Figure 4: SCADA (Screen for synoptic ETA)
The synoptic screen is shown in the instrumentation and process diagram, featuring a reading of the
variables and states of equipment, access buttons to the main screen and sub-screen commands, as
well as alert and failure messages.
Below are the general flowcharts, demonstrating the controls and instrumentation for the proposed
improvement of production systems and procedure in water treatment plants.
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
6. Copyright 2010 ISA. All rights reserved. www.isa.org
Figure 5: Model statement of ETA instrumentation
For this project, a control instrument is necessary. Control Equipment in use in this plant:
• High-range turbidity sensor (0-9999 NTU). This can accurately measure very high and very
low turbidity levels. As the sample flows to the upper body of the turbidimeter, a photocell
measures the light scattered by suspended particles. It has two alert set-points for turbidity,
as well as instruments and a system outage warning alert. Turbidity and suspended solids
sensor (0-4000 NTU). These provide accurate measurements of turbidity and independent
color and suspended solids. It has a self-cleaning device that prevents measurement errors
caused by the accumulation of residues.
• Low-range turbidity sensor (0-100 NTU). This is a more precise sensor. As the sample
flows continuously through the bubble-removal system, it eliminates the bubbles in the
sample, which are the greatest hindrance for a low rate of turbidity. A record of embedded
data collection measures turbidity at user-defined intervals (from 1 to 15 minutes), and the
record of points of calibration and verification and alerts can change the instrument
configuration for up to 6 months at a time.
• Chlorine Analyzer – this instrument obtains a sample and applies a DPD colorimetric
method based on an approved USEPA method, and gives either a free or total chlorine
reading, depending on the reagent in use at the time.
• pH – The pH sensor provides information on the acid/base nature of the water.
• Conductivity – the electrode conductivity sensor measures ionic concentration in the water.
• Fluoride Analyzer (0.1-10 mg/l) - Executes accurate fluoride readings, regardless of
changes in ionic strength, pH or temperature of the sample. It is virtually immune to
interference. There is no need to replace the entire, fluoride-only sensitive electrode-tip.
• Temperature is measured to ensure the probes are measuring correctly and for other generic
water quality information.
• Ultrasonic level transmitter with a range of 0.3 to 13 m, suitable for measuring flow in
gutters / weir. It has a 4-20mA analog output.
• Control Panel - Electrical panel 600x500x200 (HxWxD), IP-55 protection grade, equipped
with PLC (defined below) devices, surge protection (DPS) for supply and analog inputs,
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
7. Copyright 2010 ISA. All rights reserved. www.isa.org
terminals for discrete inputs and outputs and accessories (switches, terminals, wiring,
terminals and handles). With Programmable Logic Controller - PLC with integrated
ethernet port, comprising of the modules and related accessories, as well as the number of
discrete inputs and outputs, in addition to analog inputs.
Some equipment for laboratory control in use in this case:
• Digital spectrophotometer microprocessor to perform spectral analysis in ultraviolet and
visible ranges, with touch screen calibration curves on the display. Designed for 200
parameters with 50 containing more curves for the user; the results appear on the
display in terms of Concentration, Absorbance and Transmittance.
• Portable Spectrophotometer, touch screen display with interactive interface, works in
the visible range from 340 to 900 nm. Ability to record more than 240 analytical
methods in memory, including more than 20 tests with an automatic recognition method
for bar codes. The device can store 50 curves and 500 readings, including sample and
operator identification. Data transfer and software upgrades can be executed via a USB
cable or pen drive. It can be used in the laboratory with autosensing power supply, or in
the field with an optional battery.
• Portable pH Meter with kit, ip 67 (can be soaked in water for about 1 hour), works on
batteries that provide approximately 2,000 hours of continuous operation, 1 to 5
calibration points, auto-pattern recognition of buffers. Manual and automatic calibration
of temperature compensation. With 200 data points, storage holds up to 10 methods of
analysis, bidirectional RS232 output interface with USB cable.
• Conductivity meter bench, powered by 2 cell electrodes, digital microprocessor, with
temperature compensation; DirectCal calibration system that eliminates the need for
constant cell adjustment and with a 0 to 199.990 conductivity range.
Detailing the LIMS project
LIMS applications are based on the capacity of the database to be able to store and manage
information associated with the laboratory. This class of solution contains information such as
results, test methods, limits and calibration of equipment, etc. The core features of a system are the
LIMS sample tracking system, information retrieval, integrated QA/QC (Quality Assurance/Quality
Control) functions, data auditing, reporting and flexible integration with enterprise systems.
The purpose of the implementation and use of LIMS applications is to improve the quality of data
in the laboratory, to increase productivity, to use resources more efficiently and to reduce costs.
These benefits arise as a result of process automation, easier access to data, standardization,
tracking, and integration. LIMS applications can provide a secure environment for sharing
information from a laboratory by eliminating the time spent entering data into different
spreadsheets and systems. Automatic data acquisition can increase the accuracy of the results by
eliminating transcription errors. Thus, through proper management, data can be converted into
information and knowledge so that better decisions can be taken. Some benefits of LIMS:
• Reduction in the use and circulation of paper;
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
8. Copyright 2010 ISA. All rights reserved. www.isa.org
• Time savings, increased productivity;
• Error minimization;
• Increased reliability of the results produced;
• Facilitation of the process of accreditation to ISO/IEC 17025.
• Knowledge is more available and accessible, transforming it into a tool for decision
making;
Results indicate that the implementation and use of a single LIMS technology for organization
leads to improved quality of data processing and laboratory findings whilst increasing productivity,
ensuring more efficient use of resources and aiding in managing loss reduction during the process.
Further benefits include easier access to data, standardization and improved tracking and
integration. Thus, with proper management, data can be converted into information and knowledge,
so that better decisions can be taken.
The automated interface between the enterprise and control systems conform to ANSI/ISA-95, or
ISA-95, the most commonly accepted international standard for developing automated integration.
LIMS is one application for operational management, level 3, see figure 6:
Figure 6: ISA 95 Control of Hierarchy Levels
This project evaluated data quality during the LIMS implementation process, as a backup to the
process of water treatment. It defined the indicators, methods and standardization of parameters.
Data quality is a complex concept because it has many different meanings; there is a predominantly
subjective aspect, whose assessment may vary depending on the function of the observer, the
context and the objectives of the evaluation. Moreover, quality often cannot be expressed
quantitatively, and must be described.
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
9. Copyright 2010 ISA. All rights reserved. www.isa.org
Automation Architecture
This topology proposes using mainly the Modbus TCP protocol for communication between the
field control, which, in the physical environment, may either be the two-wire (Modbus-2W), or the
four-wire (4W-Modbus) RS485. In some situations we have an RS232 serial interface with point-
to-point communication. The development of a setup project is also desirable to survey field
measurements and the details of the implementation potential of an Ethernet network, for the
deployment of this network automation.
Figure 7: Automation Architecture in this case
The systems that complement automation and are relevant to its assessment are:
• Anti-lightning strike protection system;
• System for detection and protection against intruders– this system can be a stand alone
system or may require the existence of an automation system, both implementing the
tasks of monitoring sites as well as communications to the control center, in the event of
an intruder alert. Moreover, the following factors should be observed:
o The degree of vulnerability of the facility;
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
10. Copyright 2010 ISA. All rights reserved. www.isa.org
o The probability of intrusion;
o And the impact of intrusion on the operation of the station, in terms of potential
material damage and the personal safety of the intruder.
For the implementation of a fully automated solution, facilities and management control systems
are required at all stages of treatment. The proposed ETA automation should follow the
recommendation shown in Figure 8, which initially implements Level 1 automation, involving field
devices, sensors and actuators, and then Level 2, which involves equipment that automatically
controls the activities of the treatment process. Finally Level 3 automation, which involves the
supervision of the process and the creation of the database for the procedure.
Figure 8: Automation Architecture
Source: Moraes e Castrucci. Engenharia de Automação Industrial, RJ, LTC, 2007. P. 16.
The fully automated solution involves the deployment of an ETA Control Center, with redundant
servers and web access to on-line monitoring of the treatment plant. It must include failure alerts, a
record of all events and alerts triggered in the units themselves, in addition to information on the
process and equipment status.
In addition to automation, the development of an electrical project for the replacement of the game
engine is recommended, currently executed by key compensating for soft starters (soft-starters).
The use of soft-starters improves engine-start performance, allowing progressive smooth and
controlled starting and stopping, whilst simultaneously preventing mechanical shock during
starting and stopping that may lead to damage.
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
11. Copyright 2010 ISA. All rights reserved. www.isa.org
The integrated control system will provide for interlocking between points of the case. In addition
to greater availability of services and operational control performed by the PLC. The process data,
alerts and events, which will be stored in the procurement and supervisory system, allow the
analysis of process behavior and enable the development of plans for preventive and predictive
maintenance consistent with the needs of each ETA.
Historical records will enable the analysis of failures, as well as the quantity and frequency of the
process, and their consequences. Priorities can be set, working in a coordinated manner on the main
weaknesses identified in the process. It also enables analysis of pump behavior, such as operating
time and number of starts, among other things, as well as a study of the optimization process for
reduced power consumption.
Principles for Secure Architecture
The concept of sabotage directed against U.S water supplies is not new. In 1941, Federal Bureau of
Investigation (FBI) Director J. Edgar Hoover wrote the following: “Among public utilities, water
supply facilities offer a particularly vulnerable point of attack to the foreign agent, due to the
strategic position they occupy in keeping the wheels of industry turning and in preserving the
health and morale of the American populace.”
Figure 9: analysis of vulnerabilities
The "people" layer is known to be one of the most complex. The members of this layer can be
classified as: the virtual criminal; the end user or the security officer.
The virtual criminal, according to IETF (Internet Engineering Task Force), RFC (Request for
Comments) nº 2828 – Internet Security Glossary - Cracker : “Someone who tries to break the
security of, and gain access to, someone else’s system without being invited to do so.” (IETF, 2006,
p. 46).
Nasra Hassan noted in The Times: “None of the suicide bombers – they ranged in age from 18-38,
conformed to the typical profile of the suicidal personality. None of them was uneducated,
desperately poor, simple-minded, or depressed. Many were middle-class and help paying job. Two
were the sons of millionaires. They all seemed entirely normal members of their families. They
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
12. Copyright 2010 ISA. All rights reserved. www.isa.org
were polite e serious, and in their communities were considered to be model youths. Most were
bearded. All were deeply religious.”
Dan Kroll wrote the following: “International terrorists and fringe groups are not the only sabotage
concerns in the water industry. A possible attack orchestrated by an insider is also a vulnerability
that needs to be addressed. An insider, such as a disgruntled worker, would be familiar with water
supply systems and would know the vulnerable points for attack. While the danger of attempts by
such individuals to cause mass casualties is slight, they do represent a distinct possibility as far as
nuisance attacks and denial of service actions are concerned. The question remains, however:
regardless of who the terrorists are or what their goals are, is water a viable terrorist target?”
Information Security
Information security refers to the protection of information belonging to an enterprise or a private
individual. The overall subject of information security is very wide-ranging and includes several
areas of knowledge and, by the same measure, several types of issues. Most security issues are
caused intentionally by ill-intentioned individuals attempting to obtain material advantages, attract
attention or harm somebody else. Network security issues can be sub-divided into the following
interconnected aspects (TANENBAUM, 2003):
• Confidentiality: guaranteeing that the content of privileged information is accessed only by
authorized individuals;
• Authenticity: guaranteeing the validity of the sender before exhibiting privileged
information or undertaking a transaction of any kind;
• Integrity: ensuring that the information transmitted by the sender is the same as that
received by the receiver;
• Irrevocability: No denial of authentication on the part of the receiver with regards to
information content;
• Auditing: continuously verifying logs, with the purpose of identifying possible invasions or
incorrect use of the system;
• Availability: guaranteeing that a service remains available for a period of time;
• Access Control: ensuring that only authorized users have access to privileged information.
Information security is related to the necessity to protect against intentional or unintentional access
or manipulation of confidential information by unauthorized individuals, and the unauthorized use
of a computer and its peripherals. Protection necessities should be defined in terms of possible
threats, risks and the objectives of an organization, which are formalized in the terms of its security
policy (SOARES, LEMOS and COLCHER, 1995). Information assets are subject to different
events, which can potentially compromise their security. These can be divided into three
categories: threats, vulnerabilities and incidents, all of which characterize risk (MARCIANO,
2006):
• A threat can be considered as an undesirable event or action, either accidental or
intentional. A threat may occur by means of several malicious agents and it consists of a
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
13. Copyright 2010 ISA. All rights reserved. www.isa.org
possible security violation of the system. An intentional threat is regarded as an attack
(SOARES, LEMOS and COLCHER, 1995). The production of scenarios and the creation of
classification lists can identify threats. The classification of risks consists of defining
categories and sub-categories of classification, thus creating a “tree”, in which the branches
represent the types of threats and the leaves are the threats themselves. (SILVA,
CARVALHO and TORRES, 2003).
• Vulnerabilities are elements related to information that could potentially be exploited by
some threat, thus representing a potential point of failure (MARCIANO, 2006). The
exploitation of vulnerabilities may occur if a certain service or system, possibly a server or
operational system, a physical installation or an application with a failure, is operating in
the environment.
• An incident is an event that involves a violation of security, which may compromise the
confidentiality, integrity and availability of information. The exploitation of vulnerabilities
gives rise to security incidents.
Security Methods
The protective mechanisms of a system may be either technical or non-technical. To define the
security method, it is necessary to analyze the security requirements and understand the protective
mechanisms that best suit the environment analyzed. (BISHOP, 2009). Among these we
emphasize:
• Firewall: A firewall can be software or a combination of software and hardware, known as
a firewall appliance. Its main purpose is to control access to a certain network, permitting or
denying certain types of access. Authorization or denial of access is based on the security
policy that governs the firewall (BISHOP, 2009).
• VPN: The initials VPN stand for Virtual Private Network. This is a private information
network that uses the resources of a public communications network. Secure VPNs use
tunneling cryptography protocols in order to be considered secure (TANENBAUM, 2003).
• Cryptography: The word cryptography is a portmanteau of two Greek words meaning
“hidden writing”, and it refers to a technique by which information is transformed into
something illegible, which only the receiver has the mechanisms to decipher. It is a manner
of making information more difficulty to be read by unauthorized individuals (BISHOP,
2009).
• Intrusion Detection System: The word detection means revealing or perceiving the
existence of something hidden, whilst intrusion refers to someone or something that is
introduced into some part of a system without having any business being there
(FERREIRA, 2009). Intrusion Detection Systems (IDS) are software or hardware systems
that automate the process of event monitoring occurring in a computer or a network, and
analyze such events in search of security breaches (BACE and MELL, 2001). As previously
mentioned, attacks on computer networks have significantly increased and intrusion
detection systems have become an essential tool for infrastructure security as a whole.
According to (CHEBROLU, ABRAHAM and THOMAS, 2004), the main properties of an
IDS are:
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
14. Copyright 2010 ISA. All rights reserved. www.isa.org
o To be tolerant of failures and to continuously operate with minimum human
supervision, as well as being capable of recovering from system failures, whether
accidental or caused by malicious activities.
o To have the capacity to resist and detect any alteration forced by an attacker.
o To operate with the minimum of resources in order to avoid interfering in the normal
operation of the system.
o To be configured precisely and in accordance with security policies.
o To be easy to install and operate within different architectures and operational
systems.
o To detect different types of attack and to be capable of recognizing legitimate
activity, not confusing it with an attack.
o
Scada System Architecture
The architecture of a SCADA system is variable in accordance with the necessity of different
enterprises, however security aspects must be followed in order to attain a more secure and robust
environment. Starting from this principal and apparent necessity, security standards were
established for this purpose, as follows:
• ANSI/ISA–TR99.00.01–2007 - Security Technologies for Manufacturing and Control
Systems;
• ANSI/ISA–TR99.00.02–2007 - Integrating Electronic Security into the Manufacturing and
Control Systems Environment;
• ANSI/ISA 99.02.01-2009 - Security for Industrial Automation and Control Systems:
Establishing an Industrial Automation and Control Systems Security Program.
The purpose of ISA technical reports is to categorize and define currently available security
technologies, in order to provide technological knowledge and standardization, as well as helping
to identify and solve vulnerabilities and reduce the risk of systems being invaded (ANSI-ISA –
TR.99.00.01 – 2007) and (ANSI-ISA – TR.99.00.02 – 2007). Based on these standards and
specifications, a SCADA environment will be analyzed and solutions will be recommended for the
improvement of the system, with information security as the premise.
Currently, information security is a constant concern for many institutions and countries that use
computer resources for communications and the provision of services. Protective measures and
countermeasures for SCADA systems are known, although they are not often used to their full
potential. These include firewalls, intrusion detection, cryptography and VPN, among other things.
In the early days, these systems were based on mainframes with closed architectures; in other
words, they were manufacturer-dependent and were isolated from other systems (XIAO and
KWIAT, 2008). Nowadays, SCADA systems are converging more and more towards platforms
based on open systems that have architectures firmly supported by connectivity. Accordingly, the
interconnection of such systems with the corporate network, and in some cases with the internet
itself, is usual. From this issue and with the current technological development scenario of the
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
15. Copyright 2010 ISA. All rights reserved. www.isa.org
information security area, based on the aforementioned standards, an approach to security is carried
out, in this case on a water treatment system.
In figure 10, we can observe a diagram of the SCADA system architecture.
Figure 10 – Diagram of the SCADA architecture (ANSI-ISA – TR.99.00.02 – 2007).
As previously mentioned, SCADA system architectures vary from enterprise to enterprise.
Accordingly, the application of a questionnaire in order to detail the risks to a particular
environment is recommended in (ANSI-ISA – TR.99.00.02 – 2007). Recommendations for
improvements to the environment and mitigation of risks arise from the results of this
questionnaire.
Based on standards (ANSI-ISA – TR.99.00.01 – 2007) and (ANSI-ISA – TR.99.00.02 – 2007), it is
recommended that the criteria below be followed:
• Segmentation of the data network with regards to the automation network. The creation of a
virtual local area network (VLAN), for the segmentation of the data network from the
automation network. Accordingly, a physical network is divided into small logical
networks. Gains are to be found in the increase in performance, improved management and
simplicity of access.
• Use of firewalls in addition to IDS. The use of firewalls to control access and protect
against unauthorized access. The use of two layers of firewalls (front-end and back-end) is
recommended. The front-end firewall protects internet access, whilst the back-end firewall
protects inter-network access. Furthermore, an IDS should be placed within the network to
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
16. Copyright 2010 ISA. All rights reserved. www.isa.org
monitor traffic and indentify the signatures that are indicative of an attack. Similarly, it is
important that the IDS be positioned in two layers: internet and internal.
• Counting access (success and failure). Every attempted access, whether successful or not,
must be counted by an external authentication manager. The purpose of this is to store
information on which devices authentication was executed for, and what the level of
privilege is.
• Log storage: The existence of a syslog to store traffic that passes through the firewall,
external manager and intrusion detector, so that access attempts can later be counted or
studied, with the purpose of identifying system users.
• Use of VPN: For the purposes of remote access to computer resources, the use of VPN is
strongly recommended. This guarantees greater confidentiality of data traffic, as it is
cryptographed. The VPN solution for remote access is a practice that has been increasing
considerably, and it enables the use of geographically distant resources, as if they were
local.
• A vulnerability verification mechanism for the elements that make up the network, as well
as regular updates. Vulnerabilities are the greatest causes of the unavailability of resources
that make up the network. Accordingly, it is necessary that all installed programs be
accounted for and versions verified for failures. In the event of failures, the necessary
updates must be executed.
• Data cryptography: All traffic must have a mechanism that makes the visualization of
transmitted data difficult. For this to be possible, the use of cryptography for any type of
transmission is strongly recommended.
Conclusion
In this study, the stages of the water treatment process were demonstrated, along with its criticality
parameters. Furthermore, the article describes the efficient operation and automated control of a
water treatment enterprise, and the best practices adopted in order to guarantee the security of the
environment were also detailed, with basis in the following standards: ANSI-ISA – TR.99.00.01 –
2007 and ANSI-ISA – TR.99.00.02 – 2007.
Monitoring is a critical component of any water security program, and Dan Kroll wrote the
following: “With the current state of technology, there is no need for us to operate our water
systems as if blindfolded. Admittedly, the instrumentation available today isn’t going to give us x-
ray vision, but it will allow us a clear enough picture to avoid many of the hazards that we would
surely encounter if we left the blindfold securely in place.”
It can be observed that the exchange of information between business processes and management
systems leads to improved integration, thus making it a key process for the success of an enterprise,
as well as creating and maintaining a competitive advantage.
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
17. Copyright 2010 ISA. All rights reserved. www.isa.org
References
1. Hoover, J.E., “Water Supply Facilities and National Defense,” 1941. Jour. Awwa,
33:11:1861
2. Sherma, R.E. Analytical Instrumentation. 1996.
3. Richter,Carlos A, Azevedo, J.M . Tratamento de Água. 2000.
4. Di Bernardo, Luiz. Seleção de Tecnologias de Tratamento de Água. 2006.
5. Tsutiya, Milton Tomoyuki. Abastecimento de água, 3ª Ed. São Paulo, Departamento de
Engenharia Hidráulica e Sanitária da Escola Politécnica da Universidade de São Paulo,
2006
6. IEC 61508-n, Functional safety of eletrical/electronic/programmable electronic safety-
related systems. Commission Electrotechnique Internationale, 1998.
7. IETF – Internet Engineering Task Force. Request for coments (RFC) nº 2828. GTE/BBN
Technologies, 2000. Disponível em: <http://www.ietf.org/ rfc/rfc2828.txt>. Acessado em:
01 maio 2006.
8. PIPINO, Leo L., LEE, Yang W., WANG, Richard Y. Data Quality Assessment.
Communicatons of the ACM, vol. 45, April, 2002. 211p.
9. TANENBAUM, A. S. Redes de Computadores. 4a. Edição. ed. Rio de Janeiro: Elsevier,
2003.
10. SOARES, L. F. G.; LEMOS, G.; COLCHER, S. Redes de Computadores das LANs MANs
e WANs às Redes ATM. 2a Edição. ed. Rio de Janeiro: Campus, 1995.
11. MARCIANO, J. L. P. Segurança da Informação - uma abordagem social. Universidade
Federal de Brasília. Brasília, p. 211. 2006.
12. SILVA, P. T.; CARVALHO, H.; TORRES, C. B. Segurança dos Sistemas de Informação -
Gestão Estratégica da. 1a Edição. ed. Lisboa: Centro Atlântico, 2003.
13. FERREIRA, A. B. D. H. Novo Dicionário Aurélio da Língua Portuguesa. 3ª Edição. ed.
[S.l.]: Positivo, 2009.
14. BACE, R.; MELL, P. NIST Special Publication on Intrusion Detection Systems. National
Institute of Standards and Technology – Computer Security Resource Center. [S.l.], p. 51.
2001.
15. CHEBROLU, S.; ABRAHAM, A.; THOMAS, J. P. Feature deduction and ensemble design
of intrusion detection systems. Computers & Security, p. 13, 2004.
16. BISHOP, MATT. Computer Security – Art and Science. 11th Edition. ed. Massachusetts:
Addison-Wesley, 2009
17. XIAO, K.; KWIAT, K. Retrofitting Cyber Physical Systems for Survivability through
External Coordination. 41st Hawaii International Conference on Systems Sciences, Hawaii,
2008.
18. ANSI/ISA-TR99.00.01-2007. Security Technologies for Manufacturing and Control
Systems.The Instrumentation, Systems, and Automation Society. North Carolina:
Instrument Society of America, 2004.
19. ANSI/ISA-TR99.00.02-2007. Integrating Eletronic Security into the Manufacturing and
Control System Enviroment, Systems, and Automation Society. North Carolina: Instrument
Society of America, 2004
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY
18. Copyright 2010 ISA. All rights reserved. www.isa.org
Biographies
Alaíde Martins, has over 10 years of experience in automation, instrumentation, and process
control design and applications. During her career, Mrs. Martins has worked for several large
companies, including Brahma, Cetrel, and some Universities. She is currently Automation Project
Manager at Foz the Brazil, in São Paulo, where she is responsible for the front-end engineering for
Water and Sanitation Company projects and Researcher at Faculdade Dom Pedro II. Mrs. Martins
holds a BS in Computer Science from the University of Salvador and MSc. in Network Security
and PhD Student Electric Engineering from the University of Sao Paulo and Chemical Analyst
from the Federal Center of Technological of Bahia. She is a member of ISA, IEEE and Regional
Council of Chemistry.
Marcelo Teixeira de Azevedo, has over 5 years of experience in security information. During his
career, Mr. Azevedo has worked for several large companies, including EDS, IBM, AT&T and
some Universities. He is currently IT System Specialist at AT&T, in Brazil. Has experience in
definitions of security practices and implementation of network projects. He teaches computer
network at ITA and UNIP. Mr. Azevedo holds a BS in Computer Science from the
University Santa Cecília and currently is MSc. Student in Electric Engineering from the University
of Sao Paulo. He has a certified professional like CCNA, CCDA, CCSA and CCSE.
Sergio Takeo Kofuji is doctoral degree in Electrical Engineering teaches of the postgraduate
course at Electrical Engineering of USP. Researcher at University of Sao Paulo. He is a member of
Integrated Systems Laboratory – LSI and group coordinator PAD - Pervasive Systems Group and
High Performance.
AA Electronic Engineering and Information Technology, such as Computer Architecture and Distributed
Systems, Cyber-Physical Systems and Embedded Systems and advanced imaging.
Sidney Viana concluded the graduate course in Electrical Engineering, and the master degree in
Electrical Engineering, after that the Doctoral degree in Computer Science, both, master
and Doctoral degree at the Polytechnic school of University of São Paulo - USP. Currently, is
invited professor of the postgraduate course at Computer Engineering of USP.
Presented at the 56th International Instrumentation Symposium
10-14 May 2010, Rochester, NY