OSIsoft’s PI may be the most widely deployed application in the energy sector. Depending how you segment the market, PI is in somewhere between 60% and 85% of all medium to large energy control systems. So the team at Digital Bond investigated how we could leverage this installed base to increase security, and fortunately OSIsoft was highly interested in adding security capabilities to PI.
Our solution – – add the ability to detect security events to PI. This will make PI a SCADA Security Event Manager (SEM).
PI is a natural for this role. It already collects data from a very large list of sources. The challenges are:
- identifying the security log entries in this large amount of data
- correlating multiple security log entries to identify a true security event
This ties into past proof of concept work we have done in the area of a data dictionaries to identify security related log entries and meta events, but leveraging the PI system is a great way to add this SCADA intelligence without asset owners needing to purchase or deploy an additional system.
PI has developed an ACE framework that makes it straightforward to code up and implement any meta events, or templates, into PI.
The deliverables from this project will be both documentation of the data dictionary and meta events and, more importantly, the ACE modules that asset owners will be able to implement into their existing PI system. Two of our asset owner participants have PI and will be testing the results.
Of course not everyone uses PI and one of the goals of the project is to generalize all solutions. As part of Part 2, we will write a conversion toolkit that will ease migrating the data dictionary and meta security event language from PI’s ACE language to a different format. One of our three bulk electric system participants has an internally developed application that provides historian and other PI-like services. We will test the success of this conversion toolkit by converting some of the meta events to the participant’s proprietary historian.