Technical FAQs

Ask a Question

PowerLogic Gateway Devices Experiencing Sporadic Communication Dropouts in PowerSCADA

Issue
Multiple EGX100 gateways are experiencing connection issues with a third party SCADA system

Product line
EGX100, EGX300, Com'X210, Com'X510, Link150

Cause
SCADA system shows gateway devices as offline for a duration of about two minutes. This does not happen to all gateways at once. This causes the SCADA system to alarm.
We were able to attribute the issue to a network intrusion detection software program.

Resolution
Taking the gateway devices off the scan list resolved the issue. 
The customer may be able to modify the intrusion scan to alleviate the communications losses. 
On the surface it appears as though the scanning software is maxing out the number of connections the gateway can handle. This results in a denial of service (DOS) from the devices web server.

If the SCADA software supports it ,  It may be beneficial to place the meters on a Schedule. This would prevent the system from alarming if the devices were unresponsive during the intrusion scan.

Excerpt taken from a white paper published by Tenable network security 
During the past decade, the "network vulnerability scanner" has become a standard tool for quickly and actively discovering all hosts on a network, 
which services they are running and which vulnerabilities are present. Unfortunately, the techniques of port scanning, service fingerprinting and 
rapidly probing hosts to determine the present vulnerabilities have had negative impact on SCADA networks. Vulnerability scans and network 
discovery scans have been responsible for locking devices, disrupting processes and causing erroneous displays in control centers. (Tenable Network Security)

http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/uploads/documents/whitepapers/Tenable_SCADA_Solutions-new.pdf
Was this helpful?
What can we do to improve the information ?