Modernizing SCADA vessel control systems with Ignition

Setting out to make better use of data and workflows in the remote, a maritime company adopts data-driven technology.

By Arlen Nipper September 8, 2022
Courtesy: Cirrus Link.

SCADA Insights

  • The Ignition SCADA platform has high availability and full suite of tools, including SCADA systems, I/O servers, firewall and router, and it also give support for most legacy and modern protocols.
  • A message queuing telemetry transport (MQTT) modules was designed for Ignition to integrate data from OT to IT to have back up if the system ever disconnected due to a spotty connection.

A multinational energy corporation is working to adopt technology to increase efficiency and improve data-driven decision making throughout its fleet of vessels. The vessels are equipped with on board systems including navigation, cargo management, vibration monitoring, engine monitoring and more. The company set out to make better use of data and workflows in a maritime environment.

The company was looking for a solution to limit the amount of bandwidth used to send data, while consolidating data into a single repository on each vessel and sending it once to a cloud environment where it could be made available for internal and external use. They aimed to implement a solution with operational technology (OT) gateways on the vessels to solve key OT challenges and accomplish their goals for modernization.

Project goals and four challenges

The goal of the project was to adopt a scalable, reliable, secure and efficient way to share data among various users and applications without affecting the vessel’s mission critical performance. The data would be sent to the cloud for advanced analytics and used to increase efficiency at multiple levels of the vessel from engine performance to maintenance.

The company faced several implementation challenges and needed a flexible and open solution. First, the many OT systems on the vessel were siloed and maintained by various vendors, making data extraction difficult. Second, some data workflows were redundant since the data paths were being built for each separate use case. Third, network bandwidth was a major challenge because the vessels use a very small aperture terminal (VSAT), which is an expensive satellite communication channel.

Last and certainly not least, the infrastructure on the vessels subscribed to the Purdue Model of Computer Integrated Manufacturing, meaning each vessel housed levels 3 (operations), 3.5 (DMZ) and 4 (business systems). To maintain a secure architecture, no level above can talk to the levels below. The customer needed a solution that could push data upstream without any security vulnerabilities.

Seven requirements for project

To meet the project’s goals, the customer set out seven requirements for the solution:

  1. Hardware independent with the ability to run in a Docker environment
  2. Able to integrate multiple data sources from various vendors on a vessel
  3. Support for standard OT protocols including Modbus, OPC-UA, message queuing telemetry transport (MQTT) and more
  4. Remote configuration capabilities since vessels have no information technology (IT) or OT staff
  5. Able to send a single stream of data to the cloud without duplication
  6. Provide local temporary storage on the vessel for data buffering
  7. Scalable and cost-effective without changing the core vessel architecture

To solve these challenges and meet the requirements, the customer began to look for a software platform and associated protocols that could handle data efficiently while giving various data consumers secure access. They chose the Ignition SCADA software from Inductive Automation with MQTT and Sparkplug modules from Cirrus Link.

Ignition

The customer chose the Ignition SCADA platform as the main navigation program and integration layer primarily for its high availability and full suite of tools, including SCADA systems, I/O servers, firewall and router. The ability to customize the modular solution using open standards was a draw. The customer chose the more general Ignition and Cirrus Link modules over other solutions built specifically for the vessel industry because they wanted support for most legacy and modern protocols. The customer did not want to be tied into one proprietary solution. Ignition Edge was deployed at the OT layer, demilitarized zone (DMZ) layer and business layer to serve as a data broker to both the customer’s proprietary cloud and vendor cloud. Deployed via OT gateway, it offered a common SCADA platform where users and applications could securely access the data from various OT systems.

MQTT and Ignition

Cirrus Link Solutions designed message queuing telemetry transport (MQTT) modules for Ignition to integrate data from OT to IT. MQTT is a machine-to-machine (M2M) data transfer protocol that is becoming a leading messaging protocol for the Industrial Internet of Things (IIoT).

MQTT was ideal for this use case as a publish and subscribe because it is designed for intermittent connection with a queuing system baked in and remedies for unexpected disconnects. Due to its pub and sub nature, MQTT can efficiently broadcast and only send a message when the value of a signal changes – or report by exception.

The infrastructure on the vessels subscribed to the Purdue Model of Computer Integrated Manufacturing, which meant the information was protected and could travel up the chain. Courtesy: Cirrus Link.

The infrastructure on the vessels subscribed to the Purdue Model of Computer Integrated Manufacturing, which meant the information was protected and could travel up the chain. Courtesy: Cirrus Link.

MQTT is based on top of transport control protocol/internet protocol TCP/IP and benefits from best-in-class security standards. The MQTT connection is always outbound from the lower level to the higher level as shown in the diagram above requiring no open ports, creating a virtual air gap for data to transit across the Purdue Model. The encrypted outbound transport layer security (TLS) connection offers the methodology to move data up from lower levels.

The MQTT Sparkplug connection to the MQTT server on each level creates an open standard for interoperability without opening itself up to security breaches. Another benefit it offers the modeling and unified name space needed to make the data useful to those processes upstream.

Sparkplug

While the data is pushed up to any number of data consumers with MQTT, it is auto-discovered with Sparkplug B so the customer can operate safely and securely across each of the levels on the vessel where safety is critical. Sparkplug is an open-source software specification that facilitates serving OT data up to applications via MQTT with contextualization, so any subscriber can learn everything about the device and data immediately without compromising security. Sparkplug defines a standard MQTT topic namespace, payload and session state management for the MQTT message, and decouples the data to enable a one-to-many approach for unlimited data consumers.

Together, the solution allows the customer to establish a single source of truth for the data, while making it easy to consume without giving outside systems. If tags change or new devices are added, the applications using the data are automatically subscribed to all new information.

Results

The solution allowed the customer to connect and pull data from all their OT systems and get the data upstream to the cloud to analyze it and make improvements. The customer was able to consolidate useful OT system data for use cases onboard or off-board the ship. They also have begun to look at engine management data and analyze it for better predictive maintenance, improved operations and fuel savings.

Since MQTT only sends data on exception, the solution reduces the amount of bandwidth required to get the needed data from the vessels to the cloud. Only relevant data needed by the user and application make it to the cloud.

The project was originally slated to be deployed on tens of vessels in a three-year period ending in 2023. The project moved swiftly and is now expected to be completely implemented on all vessels one year early, by the end of 2022. Ignition with MQTT and Sparkplug is fast and easy to scale – the customer simply adds the OT gateways to the vessels, starts to collect data via MQTT. Then, the customer adds context with Sparkplug and enables cloud and enterprise systems to use the data immediately.

Within the Purdue Model, data is always available and sent on exception to drastically reduce the communications over the limited network while still providing the data applications need to drive cloud analytics and efficiencies.


Author Bio: Arlen Nipper is president and CTO of Cirrus Link. He brings more than 40 years of experience in the SCADA industry to Cirrus Link as President and CTO. He was one of the early architects of pervasive computing and the Internet of Things and co-invented MQTT, a publish-subscribe network protocol that has become the dominant messaging standard in IoT. Arlen holds a bachelor’s degree in Electrical and Electronics Engineering (BSEE) from Oklahoma State University.