PowerLogic Gateway Devices Experiencing Sporadic Communication Dropouts in PowerSCADA
Issue Multiple EGX100 gateways are experiencing connection issues with a third party SCADA system
Product line EGX100, EGX300, Com'X210, Com'X510, Link150
Cause SCADA system shows gateway devices as offline for a duration of about two minutes. This does not happen to all gateways at once. This causes the SCADA system to alarm. We were able to attribute the issue to a network intrusion detection software program.
Resolution Taking the gateway devices off the scan list resolved the issue. The customer may be able to modify the intrusion scan to alleviate the communications losses. On the surface it appears as though the scanning software is maxing out the number of connections the gateway can handle. This results in a denial of service (DOS) from the devices web server.
If the SCADA software supports it , It may be beneficial to place the meters on a Schedule. This would prevent the system from alarming if the devices were unresponsive during the intrusion scan.
Excerpt taken from a white paper published by Tenable network security During the past decade, the "network vulnerability scanner" has become a standard tool for quickly and actively discovering all hosts on a network, which services they are running and which vulnerabilities are present. Unfortunately, the techniques of port scanning, service fingerprinting and rapidly probing hosts to determine the present vulnerabilities have had negative impact on SCADA networks. Vulnerability scans and network discovery scans have been responsible for locking devices, disrupting processes and causing erroneous displays in control centers. (Tenable Network Security)
PowerLogic Gateway Devices Experiencing Sporadic Communication Dropouts in PowerSCADA
Issue Multiple EGX100 gateways are experiencing connection issues with a third party SCADA system
Product line EGX100, EGX300, Com'X210, Com'X510, Link150
Cause SCADA system shows gateway devices as offline for a duration of about two minutes. This does not happen to all gateways at once. This causes the SCADA system to alarm. We were able to attribute the issue to a network intrusion detection software program.
Resolution Taking the gateway devices off the scan list resolved the issue. The customer may be able to modify the intrusion scan to alleviate the communications losses. On the surface it appears as though the scanning software is maxing out the number of connections the gateway can handle. This results in a denial of service (DOS) from the devices web server.
If the SCADA software supports it , It may be beneficial to place the meters on a Schedule. This would prevent the system from alarming if the devices were unresponsive during the intrusion scan.
Excerpt taken from a white paper published by Tenable network security During the past decade, the "network vulnerability scanner" has become a standard tool for quickly and actively discovering all hosts on a network, which services they are running and which vulnerabilities are present. Unfortunately, the techniques of port scanning, service fingerprinting and rapidly probing hosts to determine the present vulnerabilities have had negative impact on SCADA networks. Vulnerability scans and network discovery scans have been responsible for locking devices, disrupting processes and causing erroneous displays in control centers. (Tenable Network Security)