REQUEST FOR PROPOSALS FOR DESIGN AND INSTALLATION OF …

27
REQUEST FOR PROPOSALS FOR DESIGN AND INSTALLATION OF SCADA SYSTEM City of Moab Water Facilities September 2017

Transcript of REQUEST FOR PROPOSALS FOR DESIGN AND INSTALLATION OF …

 

 

REQUEST FOR PROPOSALS 

FOR 

DESIGN AND INSTALLATION OF SCADA SYSTEM 

 

 

 

City of Moab 

Water Facilities 

 

 

 

September 2017 

 

 

 

 

 

 

2  

CITY OF MOAB 

REQUEST FOR PROPOSALS Water Facility Supervisory Control and Data Acquisition 

(SCADA) System FOR MOAB CITY WATER DEPARTMENT 

 

The City of Moab is now soliciting proposals for the design, supply, installation, commissioning and 

maintenance of a SCADA system for their potable water facilities.  Qualified organizations should have 

ample experience and expertise with all aspects SCADA systems and be capable of providing successful 

turn‐key projects for the City.   

 Request for proposal forms are available at the Moab City Offices located at 217 East Center Street, 

Moab, Utah 84532 or online at: moabcity.org. 

 

All proposals must be turned in to the Moab City Recorder’s Offices, located at 217 East Center Street, 

Moab, Utah 84532.  Moab City reserves the right to reject any or all proposals; or to accept or reject the 

whole or any part of the proposal; or to waive any informality or technicality in the interest of Moab 

City.  The Deadline for all requests for proposals is 3:00 p.m. Friday, November 3, 2017. For further 

information, please contact the Moab City Recorder’s office at: (435) 259‐5121. 

 

/s/ Rachel E. Stenta  

City Recorder/Assistant City Manager 

 

Published in the Times Independent, October 5, 12 and 19, 2017. 

   

3  

MOAB CITY 

WATER FACILITY SCADA SYSTEM 

REQUEST FOR PROPOSALS 

Invitation 

Moab City is soliciting proposals for the design, supply, installation, commissioning and maintenance of 

a SCADA system for their potable water facilities.  Qualified organizations should have ample experience 

and expertise with all aspects SCADA systems and be capable of providing successful turn‐key projects 

for the City.   

Moab City 

Moab City is a community of approximately 5,250 residents located in Grand County, Utah. The City 

owns and operates drinking water facilities that serve the City. The main components of the drinking 

water system include tanks, wells, springs, chlorination sites, and flow meters.  The City desires to 

improve the operation and control of these facilities through the addition of the proposed SCADA 

system.  

Award of Contract 

A contract, if awarded, will be executed with the respondent who proposes the most favorable solution, 

as determined by the selection committee, following the guidelines set forth in the RFP. If a respondent 

is selected, they will be notified within 30 days of the proposal due date. Respondent pricing shall be 

valid for 90 days from the date of proposal submittal. The selected respondent will be required to enter 

into an agreement with the City prior to issuance of Notice to Proceed.  The City expects to work with 

the selected respondent to determine the ultimate configuration of the SCADA system and then 

negotiate a contract. 

 

Schedule 

The following tentative schedule has been established for the selection and contracting process. It is 

subject to change by the City.  

Event  Date 

Release of Request for Proposals   October 5, 2017 

Pre‐Proposal Meeting/ Site Visit (Mandatory)  October 18, 2017 

Deadline for Questions (5:00 PM)  October 23, 2017 

Final Questions and Responses Published  October 27, 2017 

Proposal Due Date (3:00 PM)  November 3, 2017 

Selected Interviews (City’s Option)  November 15, 2017 

Final Vendor Recommendation  December 1, 2017 

Award of Contract by City Council  December 12, 2017 

4  

Obtaining the RFP The RFP may be obtained through the City’s online bid system (moabcity.org) 

 

Contact Information 

All questions regarding this solicitation should be directed, in writing, through the City’s online bid system (moabcity.org). Please do not attempt to contact other City staff members regarding your submittal or any related proposal submittal.   Rights Reserved Moab City reserves the right to reject any or all proposals, to waive technical deficiencies and to accept 

any proposal that it might deem to be in the best interest of the City. 

 

 

 

 

 

 

 

   

5  

REQUEST FOR PROPOSALS 

 

1.0 Introduction 

The City of Moab (‘City’) is soliciting written proposals from qualified organizations (‘Vendors’) 

for the design, furnishing, installation, programming, commissioning, training and support for, 

Supervisory Control and Data Acquisition (SCADA) systems for the City’s potable water facilities.  

All components and services of the proposed systems must be provided by a single Vendor to 

ensure a single source of responsibility and support.  

 

2.0 Scope of Work  

The purpose of these SCADA projects is to implement a central infrastructure for data 

communications, system monitoring and control, disturbance reporting and alarming, historic 

data recording, analysis and reporting for the City’s water facilities.  The infrastructure will be 

capable of handling the SCADA requirements of the existing facilities and will have sufficient 

capacity or be expandable to accommodate future requirements.  The City plans to negotiate 

final contract terms and scope of service with the selected Vendor.  

 

The following is a summary description of the anticipated scope of services. This information is 

provided as a framework for Vendor responses and cost analyses.   

 

2.1  Overall Control System Description 

Features/Function: 

The SCADA systems will be hosted on a virtual server provided by the City IT department.  A 

Central Control Workstation (CCW) will be located at the Public Works Building and multiple 

remote sites that are queried and controlled via the server and/or CCW.  The main workstation 

will consist of a desktop computer, terminal and typical peripheral devices‐ keyboard, mouse, 

etc. A UPS will also be provided to fully support the CCW.  The Vendor will provide all 

components required for the CCW.   

System must have a secure remote connection via VPN.  

Software must support multiple protocols as needed including Modbus RTU, BAC net MS/TP & 

TCP/IP.  

Web access to SCADA via encrypted internet connection. 

The SCADA systems must be compatible for future expansion to other City owned infrastructure 

such as sanitary sewer, storm sewer, facilities, stream gauges, cameras etc. and the soon to be 

commissioned Water Reclamation Facility. 

 

Server/Data Back‐up: 

6  

The server must retain a complete copy of all controller configuration data and operational 

parameters such that an automatic re‐configuration of all controllers is possible at any time, as 

initiated by the operator. 

The system must provide fully automated regular backup of all data, settings, logs and 

configuration information for controllers, graphical user interface and servers. These backups 

must operate without user input or initiation and provide sufficient data to completely restore 

the system after a catastrophic failure of any or all components.  

The system must provide a reliable and user‐friendly mechanism to create a hard copy of all of 

the above information for offsite storage. (network location, flash/hard drives, and a cloud 

location) 

Note any additional back up procedures or offerings available to ensure the SCADA data is 

backed up and protected 

The UPS will need to provide a method for a minimum of 20 minutes of back‐up power for the 

server.   

HMI/GUI (Human Machine Interface/Graphical User Interface) 

No partial license or trial version will be accepted. 

RFQ shall include example screens of applications similar to those for this project. 

The system will automatically log all alarm and events.  

Alarms must be capable of customizable delay times. 

The software must be able to provide notifications to operators via standard internet 

connection, text messaging, and emails. These alerts must be capable of being sent to multiple 

devices and repeat as necessary. 

Data reports and history logs shall allow long term monitoring sample rates from 1 second to 24 

hours.  

Provide a minimum of 5 years of historical data and accessible from the HMI/GUI 

Software must have an editor that allows for the creation of text and graphic display pages.  

The software must be able to have tiered security access for different entities within the 

organization.  

o Each user must have an account that is restricted to their appropriate areas of the 

system. 

The system will automatically log all user activities. 

System communication failure monitoring. 

Software will monitor and report data in real‐time. 

Display size, resolution to be proposed by vendor. (Approved by City) 

SCADA Controllers, Hardware and Communications: 

All control panels will be sized and constructed to house all the points on the input output 

summary including spare capacity for future I/O expansion.  Spare I/O hardware will not be 

required; however, the space for future I/O expansion is required within the control panel. 

All controllers must be expandable with easily replaced fuses. 

All controllers must have their associated software stored in‐device on non‐volatile memory. 

Controllers must be programmable from the server. 

7  

Controllers need to be self‐initializing and not require operator intervention after power 

interruptions or logic component changes.  

The controller must receive set points or modified I/O points from the server without disruption 

of other processes.  

Controllers must be able to communicate Peer to Peer. In the event of server or 

communications failure controls must operate standalone from the server. 

Controllers to receive new or modified programs from the server without an onsite technician or 

laptop. 

Provide loss‐of‐power alarm and UPS back up for each panel. 

If a controller is replaced and addressed on the communications network, the server will 

automatically download, to the newly installed controller, all I/O database parameters and all 

control applications programming and set points without operator intervention. 

All hardware including appurtenances must have a 12 month warranty. 

Power 24V AC some remote locations may require DC power. 

Secured Broadband Radio network or Cellular controlled service will be evaluated for costs and 

recommendations. After the selected method is approved by the City the system will be 

designed. 

 

Owner Training: 

The vendor must provide the services of a qualified technician to offer hands‐on training of the 

system immediately following project completion.  Plan on a minimum of Five (5) full days on‐

site. 

The contractor must include cost to provide follow‐up training 3 and 6 months after project 

completion, each one full day in duration. 

Ongoing Support Services 

The vendor shall provide 24/7 access and on‐call services, technical support, and software 

updates. 

Security 

Please consider the following security related topics in your response/plan (as outlined in appendix A to this RFP):

Identify all connections/access points to the SCADA system.  Harden SCADA network by ensuring only needed devices/access is available.  Explain how features/functions of the system will be utilized to ensure security of the SCADA 

system.  Include a method of reporting system access/audit trail for monitoring.  Conduct a physical security evaluation of the completed system.  Document network architecture and identify systems that serve critical functions or contain 

sensitive information or controls.  Ensure secure passwords and access methods are used during implementation. 

8  

Provide and backup and disaster recovery plan for the system. IT Staff are available to assist in this process. 

 

 

2.2 Deliverables 

For the proposed SCADA systems, the selected Vendor will be expected to deliver the following: 

1. Management Plan  

A management plan for the SCADA system will be required from the selected Vendor. 

The plan should detail project tasks, schedules, milestones, and responsibilities for each 

project.  The plan will be submitted to the City for review and approval prior to 

commencing work on that project.  The plan shall include a Gantt‐type schedule to serve 

as the foundation of a phased approach per City priorities. 

The City’s facilities must remain operational during the work. The management plan 

should address any required downtime needed for installation and / or implementation 

of the SCADA systems. The management plan should address these requirements and 

clearly describe how downtime will be mitigated. The plan should also list and describe 

work or items to be provided by others that are necessary in order to complete the 

SCADA systems.  

2. SCADA System Design Submittals  

Vendors shall provide submittals for the proposed SCADA systems that document the 

proposed configuration of the CCW, RTU’s, I/O panel , HMI’s and any ancillary systems. 

Complete design submittals shall be provided to the City for approval prior to system 

fabrication. Submittals will include but are not limited to:  

Network diagram 

Product data sheets for each instrument and component to be supplied in the 

system  

Panel layout Drawings  

Installation Drawings  

GUI Displays, Screens, Menus and Output drawings  

Software 

Hardware and Ancillary Equipment 

 

3. SCADA Panel Fabrication 

The selected contractor will fabricate SCADA panels containing the controller, 

communications equipment, and all other required components in accordance with the 

9  

approved design. SCADA panels shall be manufactured and assembled according to UL 

requirements.  

4. Installation and Integration 

Vendor will perform installation of its systems at the Owner’s facilities in accordance 

with the approved design submittals. Establish communications between remote sites 

and CCW.  Provision of external power supply and communications will be the 

responsibility of the Vendor.  Vendor will be responsible for integration of the SCADA 

system with the specified equipment and instrumentation.   

5. System Start‐Up and Acceptance Testing 

 

Vendor will provide start‐up services to prepare the SCADA systems for commissioning. 

Acceptance testing of the system, in the presence of the owner, will also be performed 

by the Vendor.   

  

6. Training and Documentation 

Training for the owner’s personnel in the operation and maintenance of the SCADA 

systems will be performed by the Vendor. In conjunction with this effort, Operation and 

Maintenance manuals and documentation that describe the system architecture, 

control logic and operating requirements in sufficient detail to allow the owner’s 

personnel to understand and troubleshoot the system shall be provided. Five (5) bound 

hardcopies of the O&M manual and system documentation shall be provided to the 

owner.   

7. Maintenance and Support 

Proposals should include maintenance and support services for all components of the 

SCADA system including hardware, software and communications for a period of one 

year following owner’s acceptance.  Proposals shall also include information regarding 

long term support options and opportunities. 

3.0 Proposal Content  and Evaluation 

3.1 Format 

Proposals shall be printed on standard 81/2” x 11” paper, single sided printing. All pages of the 

proposal, excluding any divider tabs, cover sheets and appendices, shall be sequentially 

numbered.  Minimum font size for text is 12 pt. 

The proposal shall be separated into five individual sections as follows: 

Section 1‐ Introductory Letter 

Section 2‐ Project Approach and Team  

10  

Section 3‐ Related Experience and References 

Section 4‐ Cost Analyses/Proposal 

Section 5‐ Resumes 

Each section shall be separated by numbered tabs corresponding with that particular section.  

The total number of pages for sections 1 through 4 is limited to 20 pages, excluding divider tabs.  

3.2 Content 

SECTION 1‐ Introductory Letter 

An introductory letter shall be prepared by each Vendor and included as the first page 

of the proposal.  The introductory letter is limited to one page in length.  The letter shall 

clearly identify the Vendor including their mailing address, e‐mail address, telephone 

and cell phone numbers and the primary contact person. The letter should express the 

Vendor’s interest in the Project and summarize any key qualifications, the project 

approach, or other relevant information.  The letter must also acknowledge the receipt 

of any addenda to the RFP.  

SECTION 2‐Project Approach and Team 

This section will describe the overall project approach for the proposed SCADA systems 

and the project team. Information concerning the design and configuration of the 

SCADA system(s) should be provided and convey a clear understanding of the controlled 

systems and Owner requirements.  

Multiple aspects of the project approach should be addressed including but not limited 

to; design/hardware, software/platform, installation, maintenance, training, future 

upgrades/expandability. Proposers should clearly illustrate how they intend to execute 

each of these elements for this project.  

All key personnel and their roles on the project should be clearly identified. 

SECTION 3‐ Experience and References 

Proposer shall provide a list of at least five (5) similar projects performed within the last 

five (5) years. For each project provide the following information: 

Project Title/Name 

Date of award and  substantial completion 

Name and address of client 

Client contact person and contact information 

Summary of the project scope and services provided 

Total contract amount for SCADA system and related services 

11  

SECTION 4‐ Cost Analyses 

Vendors shall submit a cost proposal that addresses various cost elements.  Results of 

the cost analyses will be used in scoring the proposals.  

 

1) Capital Cost 

2) Operating Costs 

License cost per month, per year 

License cost per seat fee 

License cost per tag block 

Controller replacement cost 

Telephone support cost 

VPN support cost 

Onsite support cost 

After hours support cost 

Training cost 

System hardware and software costs (minimum system requirements) 

3) Life Cycle Costs 

SECTION 5 ‐ Resumes 

Proposer may include resumes of any key team personnel.  Resumes are not included in 

the page limit. 

 

3.3 Evaluation and Selection 

Proposals will be reviewed and ranked by the selection committee according to the following 

system. A maximum combined score of 100 points will be possible. Scoring for each category is 

as follows: 

1. Introductory Letter      Included 

2. Project Approach and Team    20 points 

3. Experience and References    35 points 

4. Cost Analysis        35 points 

5. Proximity of Field Support to City  10 points 

Total Available Points‐  100 points 

Each committee member will calculate a total combined score for each Vendor proposal based 

on the above criteria. The proposal with the highest ranked score may, at the discretion of the 

City, be selected as the preferred Vendor. The City may, at its discretion, use additional criteria 

or information to select the preferred Vendor.  The City reserves the right to reject all proposals 

and not award the project.  

12  

The City may elect to ‘short list’ a handful of Vendors and conduct interviews in order to make a 

final decision. Short listed Vendors will be notified and a schedule for interviews, if necessary, 

will be determined at a later date.  

   

13  

Preliminary I/O List – Final I/O list shall be coordinated with City 

Location Use QTY Provided by

Mountain View Tank Tank-Float-High Level 1 Future

Mountain View Tank Tank-Hatch-Intrusion 1 Future

Mountain View Tank Tank-Level-Pressure-Sensor 1 Existing

Mountain View Tank Communications-Broadband-Radio 1 SCADA

Mountain View Tank SCADA-Panel-1 Card-Solar 1 SCADA

Old City Park Chlorine-CL2 1-Weight-Sensor 1 Existing

Old City Park Chlorine-CL2 2-Weight-Sensor 1 Existing

Old City Park SCADA-Panel-AC-Power-Contact 1 SCADA Old City Park  SCADA‐Panel‐Temperature  1  SCADA 

Old City Park  Well‐Flow‐Meter‐Accumulator  1  Future 

Old City Park  Well‐Flow‐Rate‐Sensor  1  Future 

Old City Park  SCADA‐Panel‐Heater  1  SCADA 

Old City Park  SCADA‐Panel‐1 Card  1  SCADA 

Old City Park  Communications‐Broadband‐Radio  1  SCADA 

Power House Tank  Tank‐Float‐High Level  1  Future 

Power House Tank  Tank‐Hatch‐Intrusion  1  Future 

Power House Tank  Tank‐Level‐Pressure‐Sensor  1  Existing 

Power House Tank  Communications‐Broadband‐Radio  1  SCADA 

Power House Tank  SCADA‐Panel‐1 Card‐Solar   1  SCADA 

Public Works Office  Communications‐Server‐Data base  1  SCADA 

Public Works Office  Communications‐Broadband‐Radio  1  SCADA 

Pump 10  Building‐Man Door‐Intrusion  1  Future 

Pump 10  Building‐Space‐Temperature‐Sensor  1  Future 

Pump 10  Well‐Flow‐Meter‐Accumulator  1  Future 

Pump 10  Well‐Flow‐Rate‐Sensor  1  Future 

Pump 10  Well‐Pump‐Auto‐Switch  1  Existing 

Pump 10  Well‐Pump‐Command  1  Future 

Pump 10  Well‐Pump‐Hand‐Switch  1  Existing 

Pump 10  SCADA‐Panel‐AC‐Power  1  SCADA 

Pump 10  Well‐Power‐Meter‐Power  1  SCADA 

Pump 10  Well‐Power‐Amps L1  1  Interface 

Pump 10  Well‐Power‐Amps L2  1  Interface 

Pump 10  Well‐Power‐Amps L3  1  Interface 

Pump 10  Well‐Power‐Power Cost  1  Interface 

Pump 10  Well‐Power‐KWH  1  Interface 

Pump 10  Well‐Power‐Voltage L1  1  Interface 

Pump 10  Well‐Power‐Voltage L2  1  Interface 

Pump 10  Well‐Power‐Voltage L3  1  Interface 

Pump 10  Well‐Pump‐Control‐Relay  1  SCADA 

Pump 10  Communications‐Owner  1  Owner 

Pump 10  SCADA‐Panel‐1 Card  1  SCADA 

14  

Pump 6  Building‐Man Door‐Intrusion  1  Future 

Pump 6  Building‐Space‐Temperature‐Sensor  1  Future 

Pump 6  Well‐Flow‐Meter‐Accumulator  1  Future 

Pump 6  Well‐Flow‐Rate‐Sensor  1  Future 

Pump 6  Well‐Level‐Pressure‐Sensor  1  Future 

Pump 6  Well‐Pump‐Auto‐Switch  1  Existing 

Pump 6  Well‐Pump‐Backspin Timer  1  Future 

Pump 6  Well‐Pump‐Command  1  Future 

Pump 6  Well‐Pump‐Hand‐Switch  1  Existing 

Pump 6  SCADA‐Panel‐AC‐Power  1  SCADA 

Pump 6  Well‐Power‐Meter  1  SCADA 

Pump 6  Well‐Power‐Amps L1  1  Interface 

Pump 6  Well‐Power‐Amps L2  1  Interface 

Pump 6  Well‐Power‐Amps L3  1  Interface 

Pump 6  Well‐Power‐Power Cost  1  Interface 

Pump 6  Well‐Power‐KWH  1  Interface 

Pump 6  Well‐Power‐Voltage L1  1  Interface 

Pump 6  Well‐Power‐Voltage L2  1  Interface 

Pump 6  Well‐Power‐Voltage L3  1  Interface 

Pump 6  Well‐Pump‐Control‐Relay  1  SCADA 

Pump 6  Communications‐Broadband‐Radio  1  SCADA 

Pump 6  SCADA‐Panel‐1 Card  1  SCADA 

Pump 7  Building‐Man Door‐Intrusion  1  Future 

Pump 7  Building‐Space‐Temperature‐Sensor  1  Future 

Pump 7  Well‐Flow‐Meter‐Accumulator  1  Future 

Pump 7  Well‐Flow‐Rate‐Sensor  1  Future 

Pump 7  Well‐Level‐Pressure‐Sensor  1  Future 

Pump 7  Well‐Pump‐Auto‐Switch  1  Existing 

Pump 7 Well-Pump-Backspin Timer 1 Future Pump 7  Well‐Pump‐Command  1  Future 

Pump 7  Well‐Pump‐Hand‐Switch  1  Existing 

Pump 7  SCADA‐Panel‐AC‐Power  1  SCADA 

Pump 7  Well‐Power‐Meter  1  SCADA 

Pump 7  Well‐Power‐Amps L1  1  Interface 

Pump 7  Well‐Power‐Amps L2  1  Interface 

Pump 7  Well‐Power‐Amps L3  1  Interface 

Pump 7  Well‐Power‐Power Cost  1  Interface 

Pump 7  Well‐Power‐KWH  1  Interface 

Pump 7  Well‐Power‐Voltage L1  1  Interface 

Pump 7  Well‐Power‐Voltage L2  1  Interface 

Pump 7  Well‐Power‐Voltage L3  1  Interface 

Pump 7  Well‐Pump‐Control‐Relay  1  SCADA 

Pump 7  Communications‐Broadband‐Radio  1  SCADA 

Pump 7  SCADA‐Panel‐1 Card  1  SCADA 

15  

Skakel Tank  Tank‐Float‐High Level  1  Future 

Skakel Tank  Tank‐Hatch‐Intrusion  1  Future 

Skakel Tank  Tank‐Level‐Pressure‐Sensor  1  Existing 

Skakel Tank  Communications‐Broadband‐Radio  1  SCADA 

Skakel Tank  SCADA‐Panel‐1 Card‐Solar  1  SCADA 

Skakel Well  Building‐Man Door‐Intrusion  1  Future 

Skakel Well  Building‐Space‐Temperature‐Sensor  1  Future 

Skakel Well  Ventilation Air‐Fan‐Amp‐Sensor  1  SCADA 

Skakel Well  Well‐Flow‐Meter‐Accumulator  1  Future 

Skakel Well  Well‐Flow‐Rate‐Sensor  1  Future 

Skakel Well  Well‐Level‐Pressure‐Sensor  1  Future 

Skakel Well  Well‐Well Pump 1‐Auto‐Switch  1  Existing 

Skakel Well  Well‐Well Pump 1‐Backspin Timer  1  Future 

Skakel Well  Well‐Well Pump 1‐Command  1  Existing 

Skakel Well  Well‐Well Pump 1‐Fault  1  Future 

Skakel Well  Well‐Well Pump 1‐Hand‐Switch  1  Existing 

Skakel Well  Well‐Well Pump 2‐Auto‐Switch  1  Existing 

Skakel Well  Well‐Well Pump 2‐Backspin Timer  1  Future 

Skakel Well  Well‐Well Pump 2‐Command  1  Existing 

Skakel Well  Well‐Well Pump 2‐Fault  1  Future 

Skakel Well  Well‐Well Pump 2‐Hand‐Switch  1  Existing 

Skakel Well  Panel‐AC‐Power  1  SCADA 

Skakel Well  Chlorine‐CL2 1‐Weight‐Sensor  1  Existing 

Skakel Well  Chlorine‐CL2 2‐Weight‐Sensor  1  Existing 

Skakel Well  Well‐Power‐Meter  2  SCADA 

Skakel Well  Well‐Power‐Amps L1  2  Interface 

Skakel Well  Well‐Power‐Amps L2  2  Interface 

Skakel Well  Well‐Power‐Amps L3  2  Interface 

Skakel Well  Well‐Power‐Power Cost  2  Interface 

Skakel Well  Well‐Power‐KWH  2  Interface 

Skakel Well  Well‐Power‐Voltage L1  2  Interface 

Skakel Well  Well‐Power‐Voltage L2  2  Interface 

Skakel Well  Well‐Power‐Voltage L3  2  Interface 

Skakel Well  Ventilation Air‐Fan‐Control‐Relay  1  SCADA 

Skakel Well  Well‐Well Pump 1‐Control‐Relay  1  SCADA 

Skakel Well  Well‐Well Pump 2‐Control‐Relay  1  SCADA 

Skakel Well  Communications‐Broadband‐Radio  1  SCADA 

Skakel Well  SCADA‐Panel‐2 Card  1  SCADA 

Spring Box 3  Well‐Flow‐Meter‐Accumulator  1  Future 

Spring Box 3  Well‐Flow‐Rate‐Sensor  1  Future 

Spring Box 3  SCADA‐Panel‐Temperature   1  SCADA 

Spring Box 3  SCADA‐Panel‐Heater  1  SCADA 

Spring Box 3  Communications‐Broadband‐Radio  1  SCADA 

Spring Box 3  SCADA‐Panel‐1 Card‐Solar   1  SCADA 

16  

White CL2  Chlorine‐Scale‐Weight‐Sensor  1  Existing 

White CL2 SCADA‐Panel‐AC‐Power  1  SCADA 

White CL2  SCADA‐Panel‐Temperature  1  SCADA 

White CL2  SCADA‐Panel‐Heater  1  SCADA 

White CL2  Communications‐Broadband‐Radio  1  SCADA 

White CL2  SCADA‐Panel‐1 Card  1  SCADA 

 

 

 

Appendix A

For further information, please contact:

The President’s Critical Infrastructure Protection Board

Office of Energy AssuranceU.S. Department of Energy

202/287-1808

Office of Independent Oversight and Performance AssuranceU.S. Department of Energy

301/903-3777

cover_comp_01 9/9/02 5:01 PM Page 1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Background. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

21 Steps

1. Identify all connections to SCADA networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2. Disconnect unnecessary connections to the SCADA network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

3. Evaluate and strengthen the security of any remaining connections to the SCADA network . . . . . . . . . . . 3

4. Harden SCADA networks by removing or disabling unnecessary services. . . . . . . . . . . . . . . . . . . . . . . . 4

5. Do not rely on proprietary protocols to protect your system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

6. Implement the security features provided by device and system vendors . . . . . . . . . . . . . . . . . . . . . . . . 4

7. Establish strong controls over any medium that is used as a backdoor into the SCADA network. . . . . . . 4

8. Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

9. Perform technical audits of SCADA devices and networks, and any other connectednetworks, to identify security concerns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios. . . . . . . . . . . . . . . . . . 5

12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection. . . . . . . . . . . . . . . . . . . . . . . 6

14. Establish a rigorous, ongoing risk management process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

15. Establish a network protection strategy based on the principle of defense-in-depth. . . . . . . . . . . . . . . . . 6

16. Clearly identify cyber security requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

17. Establish effective configuration management processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

18. Conduct routine self-assessments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

19. Establish system backups and disaster recovery plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

20. Senior organizational leadership should establish expectations for cyber securityperformance and hold individuals accountable for their performance . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive information regarding SCADA system design, operations, or security controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

21 Steps to Improve Cyber Security of SCADA Network

Table of Contents

spread_comp_02 TOC 9/9/02 5:15 PM Page 1

IntroductionSupervisory control and data acquisition (SCADA) networks contain computers and applications that performkey functions in providing essential services and commodities (e.g., electricity, natural gas, gasoline, water, wastetreatment, transportation) to all Americans. As such, they are part of the nation’s critical infrastructure andrequire protection from a variety of threats that exist in cyber space today. By allowing the collection and analysisof data and control of equipment such as pumps and valves from remote locations, SCADA networks providegreat efficiency and are widely used. However, they also present a security risk. SCADA networks were initiallydesigned to maximize functionality, with little attention paid to security. As a result, performance, reliability,flexibility and safety of distributed control/SCADA systems are robust, while the security of these systems isoften weak. This makes some SCADA networks potentially vulnerable to disruption of service, process redirec-tion, or manipulation of operational data that could result in public safety concerns and/or serious disruptions tothe nation’s critical infrastructure. Action is required by all organizations, government or commercial, to securetheir SCADA networks as part of the effort to adequately protect the nation’s critical infrastructure.

The President’s Critical Infrastructure Protection Board, and the Department of Energy, have developed thesteps outlined here to help any organization improve the security of its SCADA networks. These steps are notmeant to be prescriptive or all-inclusive. However, they do address essential actions to be taken to improve theprotection of SCADA networks. The steps are divided into two categories: specific actions to improve imple-mentation, and actions to establish essential underlying management processes and policies.

BackgroundPresident Bush created the President’s Critical Infrastructure Protection Board in October 2001 throughExecutive Order 13231 to coordinate all Federal activities related to the protection of information systems andnetworks supporting critical infrastructures, including:

✶ Federal departments and agencies

✶ Private Sector companies that operate critical infrastructures

✶ State and local government’s critical infrastructures

✶ Related national security programs.

The Department of Energy plays a key role in protecting the critical energy infrastructure of the nation as speci-fied in the National Strategy for Homeland Security. In fulfilling this responsibility, the Secretary of Energy’sOffice of Independent Oversight and Performance Assurance has conducted a number of assessments of organi-zations with SCADA networks to develop an in-depth understanding of SCADA networks and steps necessaryto secure these networks. The Office of Energy Assurance also fulfills Energy Department responsibilitiesthrough their work with Federal, State, and private partners to protect the National Energy Infrastructure,improve energy reliability, and assist in energy emergency response efforts.

2

21 Steps to Improve Cyber Security of SCADA Networks

spread_comp_02 TOC 9/9/02 5:15 PM Page 2

The following steps focus on specific actions to be taken to increase the security of SCADA networks:

1. Identify all connections to SCADA networks.

Conduct a thorough risk analysis to assess the risk and necessity of each connection to the SCADA network.Develop a comprehensive understanding of all connections to the SCADA network, and how well these connec-tions are protected. Identify and evaluate the following types of connections:

• Internal local area and wide area networks, including business networks

• The Internet

• Wireless network devices, including satellite uplinks

• Modem or dial-up connections

• Connections to business partners, vendors or regulatory agencies

2. Disconnect unnecessary connections to the SCADA network.

To ensure the highest degree of security of SCADA systems, isolate the SCADA network from other networkconnections to as great a degree as possible. Any connection to another network introduces security risks, partic-ularly if the connection creates a pathway from or to the Internet. Although direct connections with other net-works may allow important information to be passed efficiently and conveniently, insecure connections are sim-ply not worth the risk; isolation of the SCADA network must be a primary goal to provide needed protection.Strategies such as utilization of “demilitarized zones” (DMZs) and data warehousing can facilitate the securetransfer of data from the SCADA network to business networks. However, they must be designed and imple-mented properly to avoid introduction of additional risk through improper configuration.

3. Evaluate and strengthen the security of any remaining connections to the SCADA network.

Conduct penetration testing or vulnerability analysis of any remaining connections to the SCADA network toevaluate the protection posture associated with these pathways. Use this information in conjunction with riskmanagement processes to develop a robust protection strategy for any pathways to the SCADA network. Sincethe SCADA network is only as secure as its weakest connecting point, it is essential to implement firewalls,intrusion detection systems (IDSs), and other appropriate security measures at each point of entry. Configurefirewall rules to prohibit access from and to the SCADA network, and be as specific as possible when permittingapproved connections. For example, an Independent System Operator (ISO) should not be granted “blanket”network access simply because there is a need for a connection to certain components of the SCADA system.Strategically place IDSs at each entry point to alert security personnel of potential breaches of network security.Organization management must understand and accept responsibility for risks associated with any connection tothe SCADA network.

3

spread_comp_02 TOC 9/9/02 5:16 PM Page 3

4. Harden SCADA networks by removing or disabling unnecessary services.

SCADA control servers built on commercial or open-source operating systems can be exposed to attack throughdefault network services. To the greatest degree possible, remove or disable unused services and network daemonsto reduce the risk of direct attack. This is particularly important when SCADA networks are interconnected withother networks. Do not permit a service or feature on a SCADA network unless a thorough risk assessment ofthe consequences of allowing the service/feature shows that the benefits of the service/feature far outweigh thepotential for vulnerability exploitation. Examples of services to remove from SCADA networks include automat-ed meter reading/remote billing systems, email services, and Internet access. An example of a feature to disable isremote maintenance. Numerous secure configuration guidelines for both commercial and open source operatingsystems are in the public domain, such as the National Security Agency’s series of security guides. Additionally,work closely with SCADA vendors to identify secure configurations and coordinate any and all changes to oper-ational systems to ensure that removing or disabling services does not cause downtime, interruption of service, orloss of support.

5. Do not rely on proprietary protocols to protect your system.

Some SCADA systems use unique, proprietary protocols for communications between field devices and servers.Often the security of SCADA systems is based solely on the secrecy of these protocols. Unfortunately, obscureprotocols provide very little “real” security. Do not rely on proprietary protocols or factory default configurationsettings to protect your system. Additionally, demand that vendors disclose any backdoors or vendor interfaces toyour SCADA systems, and expect them to provide systems that are capable of being secured.

6. Implement the security features provided by device and system vendors.

Most older SCADA systems (most systems in use) have no security features whatsoever. SCADA system ownersmust insist that their system vendor implement security features in the form of product patches or upgrades.Some newer SCADA devices are shipped with basic security features, but these are usually disabled to ensureease of installation.

Analyze each SCADA device to determine whether security features are present. Additionally, factory defaultsecurity settings (such as in computer network firewalls) are often set to provide maximum usability, but mini-mal security. Set all security features to provide the maximum level of security. Allow settings below maximumsecurity only after a thorough risk assessment of the consequences of reducing the security level.

7. Establish strong controls over any medium that is used as a backdoor into the SCADAnetwork.

Where backdoors or vendor connections do exist in SCADA systems, strong authentication must be implement-ed to ensure secure communications. Modems, wireless, and wired networks used for communications andmaintenance represent a significant vulnerability to the SCADA network and remote sites. Successful “war dial-ing” or “war driving” attacks could allow an attacker to bypass all other controls and have direct access to theSCADA network or resources. To minimize the risk of such attacks, disable inbound access and replace it withsome type of callback system.

4

spread_comp_02 TOC 9/9/02 5:16 PM Page 4

8. Implement internal and external intrusion detection systems and establish 24-hour-a-dayincident monitoring.

To be able to effectively respond to cyber attacks, establish an intrusion detection strategy that includes alertingnetwork administrators of malicious network activity originating from internal or external sources. Intrusiondetection system monitoring is essential 24 hours a day; this capability can be easily set up through a pager.Additionally, incident response procedures must be in place to allow an effective response to any attack. To com-plement network monitoring, enable logging on all systems and audit system logs daily to detect suspiciousactivity as soon as possible.

9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns.

Technical audits of SCADA devices and networks are critical to ongoing security effectiveness. Many commercialand open-source security tools are available that allow system administrators to conduct audits of theirsystems/networks to identify active services, patch level, and common vulnerabilities. The use of these tools willnot solve systemic problems, but will eliminate the “paths of least resistance” that an attacker could exploit.Analyze identified vulnerabilities to determine their significance, and take corrective actions as appropriate. Trackcorrective actions and analyze this information to identify trends. Additionally, retest systems after correctiveactions have been taken to ensure that vulnerabilities were actually eliminated. Scan non-production environ-ments actively to identify and address potential problems.

10. Conduct physical security surveys and assess all remote sites connected to the SCADAnetwork to evaluate their security.

Any location that has a connection to the SCADA network is a target, especially unmanned or unguardedremote sites. Conduct a physical security survey and inventory access points at each facility that has a connectionto the SCADA system. Identify and assess any source of information including remote telephone/computer net-work/fiber optic cables that could be tapped; radio and microwave links that are exploitable; computer terminalsthat could be accessed; and wireless local area network access points. Identify and eliminate single points of fail-ure. The security of the site must be adequate to detect or prevent unauthorized access. Do not allow “live” net-work access points at remote, unguarded sites simply for convenience.

11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios.

Establish a “Red Team” to identify potential attack scenarios and evaluate potential system vulnerabilities. Use avariety of people who can provide insight into weaknesses of the overall network, SCADA systems, physical sys-tems, and security controls. People who work on the system every day have great insight into the vulnerabilitiesof your SCADA network and should be consulted when identifying potential attack scenarios and possible con-sequences. Also, ensure that the risk from a malicious insider is fully evaluated, given that this represents one ofthe greatest threats to an organization. Feed information resulting from the “Red Team” evaluation into riskmanagement processes to assess the information and establish appropriate protection strategies.

5

spread_comp_02 TOC 9/9/02 5:16 PM Page 5

The following steps focus on management actions to establish an effectivecyber security program:

12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users.

Organization personnel need to understand the specific expectations associated with protecting informationtechnology resources through the definition of clear and logical roles and responsibilities. In addition, key per-sonnel need to be given sufficient authority to carry out their assigned responsibilities. Too often, good cybersecurity is left up to the initiative of the individual, which usually leads to inconsistent implementations andineffective security. Establish a cyber security organizational structure that defines roles and responsibilities andclearly identifies how cyber security issues are escalated and who is notified in an emergency.

13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection.

Develop and document a robust information security architecture as part of a process to establish an effectiveprotection strategy. It is essential that organizations design their networks with security in mind and continue tohave a strong understanding of their network architecture throughout its lifecycle. Of particular importance, anin-depth understanding of the functions that the systems perform and the sensitivity of the stored information isrequired. Without this understanding, risk cannot be properly assessed and protection strategies may not be suf-ficient. Documenting the information security architecture and its components is critical to understanding theoverall protection strategy, and identifying single points of failure.

14. Establish a rigorous, ongoing risk management process.

A thorough understanding of the risks to network computing resources from denial-of-service attacks and thevulnerability of sensitive information to compromise is essential to an effective cyber security program. Riskassessments form the technical basis of this understanding and are critical to formulating effective strategies tomitigate vulnerabilities and preserve the integrity of computing resources. Initially, perform a baseline risk analy-sis based on a current threat assessment to use for developing a network protection strategy. Due to rapidlychanging technology and the emergence of new threats on a daily basis, an ongoing risk assessment process isalso needed so that routine changes can be made to the protection strategy to ensure it remains effective.Fundamental to risk management is identification of residual risk with a network protection strategy in placeand acceptance of that risk by management.

15. Establish a network protection strategy based on the principle of defense-in-depth.

A fundamental principle that must be part of any network protection strategy is defense-in-depth. Defense-in-depth must be considered early in the design phase of the development process, and must be an integral consid-eration in all technical decision-making associated with the network. Utilize technical and administrative con-trols to mitigate threats from identified risks to as great a degree as possible at all levels of the network. Single

6

spread_comp_02 TOC 9/9/02 5:16 PM Page 6

points of failure must be avoided, and cyber security defense must be layered to limit and contain the impact ofany security incidents. Additionally, each layer must be protected against other systems at the same layer. Forexample, to protect against the insider threat, restrict users to access only those resources necessary to performtheir job functions.

16. Clearly identify cyber security requirements.

Organizations and companies need structured security programs with mandated requirements to establish expec-tations and allow personnel to be held accountable. Formalized policies and procedures are typically used toestablish and institutionalize a cyber security program. A formal program is essential for establishing a consistent,standards-based approach to cyber security throughout an organization and eliminates sole dependence on indi-vidual initiative. Policies and procedures also inform employees of their specific cyber security responsibilitiesand the consequences of failing to meet those responsibilities. They also provide guidance regarding actions to betaken during a cyber security incident and promote efficient and effective actions during a time of crisis. As partof identifying cyber security requirements, include user agreements and notification and warning banners.Establish requirements to minimize the threat from malicious insiders, including the need for conducting back-ground checks and limiting network privileges to those absolutely necessary.

17. Establish effective configuration management processes.

A fundamental management process needed to maintain a secure network is configuration management.Configuration management needs to cover both hardware configurations and software configurations. Changesto hardware or software can easily introduce vulnerabilities that undermine network security. Processes arerequired to evaluate and control any change to ensure that the network remains secure. Configuration manage-ment begins with well-tested and documented security baselines for your various systems.

18. Conduct routine self-assessments.

Robust performance evaluation processes are needed to provide organizations with feedback on the effectivenessof cyber security policy and technical implementation. A sign of a mature organization is one that is able to self-identify issues, conduct root cause analyses, and implement effective corrective actions that address individualand systemic problems. Self-assessment processes that are normally part of an effective cyber security programinclude routine scanning for vulnerabilities, automated auditing of the network, and self-assessments of organiza-tional and individual performance.

19. Establish system backups and disaster recovery plans.

Establish a disaster recovery plan that allows for rapid recovery from any emergency (including a cyber attack).System backups are an essential part of any plan and allow rapid reconstruction of the network. Routinely exer-cise disaster recovery plans to ensure that they work and that personnel are familiar with them. Make appropri-ate changes to disaster recovery plans based on lessons learned from exercises.

7

spread_comp_02 TOC 9/9/02 5:16 PM Page 7

20. Senior organizational leadership should establish expectations for cyber securityperformance and hold individuals accountable for their performance.

Effective cyber security performance requires commitment and leadership from senior managers in the organiza-tion. It is essential that senior management establish an expectation for strong cyber security and communicatethis to their subordinate managers throughout the organization. It is also essential that senior organizationalleadership establish a structure for implementation of a cyber security program. This structure will promote con-sistent implementation and the ability to sustain a strong cyber security program. It is then important for indi-viduals to be held accountable for their performance as it relates to cyber security. This includes managers, sys-tem administrators, technicians, and users/operators.

21. Establish policies and conduct training to minimize the likelihood that organizationalpersonnel will inadvertently disclose sensitive information regarding SCADA systemdesign, operations, or security controls.

Release data related to the SCADA network only on a strict, need-to-know basis, and only to persons explicitlyauthorized to receive such information. “Social engineering,” the gathering of information about a computer orcomputer network via questions to naive users, is often the first step in a malicious attack on computer net-works. The more information revealed about a computer or computer network, the more vulnerable the com-puter/network is. Never divulge data related to a SCADA network, including the names and contact informa-tion about the system operators/administrators, computer operating systems, and/or physical and logical loca-tions of computers and network systems over telephones or to personnel unless they are explicitly authorized toreceive such information. Any requests for information by unknown persons need to be sent to a central net-work security location for verification and fulfillment. People can be a weak link in an otherwise secure network.Conduct training and information awareness campaigns to ensure that personnel remain diligent in guardingsensitive network information, particularly their passwords.

8

spread_comp_02 TOC 9/9/02 5:16 PM Page 8

For further information, please contact:

The President’s Critical Infrastructure Protection Board

Office of Energy AssuranceU.S. Department of Energy

202/287-1808

Office of Independent Oversight and Performance AssuranceU.S. Department of Energy

301/903-3777

cover_comp_01 9/9/02 5:01 PM Page 1