Transcript
Sound Transit – Seattle WA SCADA Overview Presented by: Ted Ellis IT Department SCADA Team Lead
What We Do • Plan, Build and Operate Express
Bus Light Rail Commuter Train
• Where we operate – Seattle urban area – 3 counties – King, Pierce and Snohomish
Service – County MAP
Light Rail Focus • The Only Sound Transit SCADA system • Diverse territory • Unique in Nature Downtown tunnel shared with bus traffic • Substantial ridership growth • Alignment expanding • Endless challenges
Elevated, At-Grade, & Underground Service
Young, Developing & Expanding • Look ahead - 10+ years of expansion • 2015-16 – new stations North and South • 2020 and beyond moving East
What our SCADA Monitors
• • • •
Train Control Building Management Fire/Life/Safety – Emergency Ventilation Possibly only USA location with shared bus and train operations within Tunnels
Train and Bus locations Ventilation Systems Track Switches and Signals Emergency Phones and Electrical Systems Cameras Building Systems Fire Control Systems
Image represents approx. 1/20th of the existing rail alignment
Structure or Spaghetti?
• • • • •
Do departments work in silos? Operations has to make it work; needs help around systems Does IT support SCADA? Defining roles and responsibilities Operational maintenance and operations outsourced?
What is Behind the Locked Door?
Responsible Organization Activity
1st Tier
2nd Tier
3rd Tier
IT
Vendor
IT
Vendor
Radio/Mobile Systems
Managing SCADA
Preventative maintenance (batteries, test functions, etc.)
KCLR
Tunnel Radio Equipment Preventative maintenance
KCLR
Antennas
KCLR
Portable and Mobile Radio service
KCLR
Base Stations and controllers
KCLR
Radio alarms
KCLR
Radio software updates
KCLR
CCTV Preventive maintenance (clean lens, etc.)
KCLR
Camera and cabling maintenance
KCLR
Server support
KCLR
PA/VMS
• How do you cover everything? • What happens if the “SCADA Guru” disappears?
Preventive maintenance (speakers, signs, etc.)
KCLR
Testing and Inspection (check speakers, etc.)
KCLR
Server support
KCLR
Building Management Card key access service
KCLR
Intrusion detection performance check
KCLR
Maintenance and Electrical Testing and Preventive Maintenance on Batteries
KCLR
Testing and Preventive Maintenance on Power Supplies
KCLR
Testing and Preventive Maintenance on UPS systems
KCLR
Telephony Systems Agency PBX
IT
Field PBX (testing, housekeeping, etc.)
KCLR
Agency desktop telephone sets
IT
Field telephone sets (testing, housekeeping, etc.)
KCLR
Emergency telephone sets, including blue light phones: admin, configuration, records, releases, etc.
KCLR
Passenger Emergency Telephones: admin, configuration, records, releases, etc.
KCLR
Network Cable Plant records, assignments, testing, etc.
KCLR
Cabling plant configure, test, maintain, etc.
KCLR
Maintain circuit assignments
IT
SCADA Network Switches, etc. (e.g. GarretCom, Moxa, Edge), maintain and repair
KCLR
IT
Station Network Switches, etc., maintain and repair
KCLR
IT
Agency Network Switches, etc., maintain and repair
IT
Monitor for alarms on SCADA and Station networks
KCLR & IT
Respond to alarms on SCADA and Station networks
KCLR
Network device configuration
IT
Tunnel Wireless (Wi-Fi) equipment, software, configuration, etc.
Vendor
VPN, Firewalls, other security devices
IT
Monitor usage statistics and augment as necessary
KCLR & IT
IT
IT
IT
SCADA SCADA Field Device (e.g. PLCs) break/fix, preventive maintenance
KCLR
Preventive Maintenance of physical SCADA devices, servers, workstations, overview displays, etc.
KCLR
Preventive Maintenance of operating systems, database products, etc.
IT
Vendor
SCADA Major Enhancements (Hardware & Software)
IT
DECM
Vendor
SCADA Minor Changes (Hardware & Software)
IT
DECM
Vendor
OS and ARINC patching
IT
Vendor
Data administration
IT
DECM
Configuration Management of Field Devices
KCLR
Configuration Management of Servers, Workstations & Laptops
IT
Disaster Recovery (network, servers, etc.)
KCLR & IT
Monitoring of Servers, Workstations, etc.
KCLR & IT
Network Storage systems management (backups, etc.)
IT
Antivirus Management
IT
Email Management
IT
Administrative Business and IT Systems Antivirus Management
IT
Email Management
IT
Patch Management
IT
Database servers
IT
Report Servers
IT
Application Servers
IT
IT
DECM
Vendor
IT’s Role in SCADA • Does IT play critical role in SCADA? • IT as a collaboration resource between various departments • ST IT plays a SCADA Router and SCADA Network Switch Role in the Real World • Cyber-Security • Start-up & Commissioning, Testing, Maintenance, Standards development & implementation…….
Collaboration vs Separation • The current norm is separation – Corporate/Agency IT and SCADA Operations do not typically work together • The future… perhaps:
Collaboration Opportunities • Cyber-Security, to include network security assessments • Procurement – hardware and software • IT knowledge – new technology (ie. Virtualization, tablets) • Data sharing for ever increasing report requirements and customer service (real-time reporting)
Defense in Depth Architecture (APTA Part 3b)
SCADA Network
File-Life-Safety network separation
For Sound Transit – IT Work in Progress Complete
Cyber-Security work
Closed
Questions?