Abstract: Systems and methods include a computer-implemented method for displaying future trends of evaporation pond wastewater quantity and quality. A distributed float network is managed using a wastewater evaporation pond management (WEPM) system with an embedded supervisory control and data acquisition (SCADA) system. The WEPM collects data, including sensory information, from evaporation ponds. A configuration data upload for remote terminal units (RTUs) managed by the WEPM is automated using the WEPM system and the embedded SCADA system. Evaporation pond wastewater quantity and quality and adherence to environmental standards and regulations are monitored using the WEPM system. Environmental compliance data is collected from the distributed float network. The environmental compliance data collected from the distributed float network managed by the WEPM system is analyzed. A dashboard is provided displaying future trends of the evaporation ponds wastewater quantity and quality.

Abstract: Systems and methods include a method for protecting data for a remote terminal unit (RTU) and providing audit trail information for forensics procedures. Monitoring is performed for conditions detected at an RTU that warrant a data protection operation at the RTU. The monitoring is performed by an instrumented security function (ISF) chip communicating with the RTU in a supervisory control and data acquisition system (SCADA) network. Upon determining that conditions are warranted, the data protection operation is initiated by the ISF chip. The system also provides audit trail information for forensics procedures upon detecting a threat in the vicinity of the RTU. The system invokes the forensics procedure by initiating the localization services (HBL) embedded as part of the RTU's disk apparatus triggered by a change to the disk apparatus such as a power disconnect or by receiving a security signal from the NAC or local occupancy sensors.

Abstract: Systems and methods include a computer-implemented method for displaying future trends of evaporation pond wastewater quantity and quality. A distributed float network is managed using a wastewater evaporation pond management (WEPM) system with an embedded supervisory control and data acquisition (SCADA) system. The WEPM collects data, including sensory information, from evaporation ponds. A configuration data upload for remote terminal units (RTUs) managed by the WEPM is automated using the WEPM system and the embedded SCADA system. Evaporation pond wastewater quantity and quality and adherence to environmental standards and regulations are monitored using the WEPM system. Environmental compliance data is collected from the distributed float network. The environmental compliance data collected from the distributed float network managed by the WEPM system is analyzed. A dashboard is provided displaying future trends of the evaporation ponds wastewater quantity and quality.

Abstract: Receiving, by a first communication device, an internet protocol (IP) packet via a first synchronous multi-application application programming interface (API) running on a first computer, dividing, by a splitting unit in the first communication device, the IP packet into a command portion and a data portion, encoding, by a data encoding unit in the first communication device, the data portion into a text delimited non-IP format, transmitting, by a transmitting unit in the first communication device, the encoded data portion and the command portion, receiving, by a second communication device, the encoded data portion and the command portion, decoding, by a data decoding unit in the second communication device, the encoded data portion into IP format, combining, by a constructor unit in the second communication device, the decoded data portion and the command portion to regenerate the IP packet, and receiving, by a second synchronous multi-application API running on a second computer, the regenerated IP packet

Abstract: Systems and methods include a method for configuring, without intervention by a Control System Engineer, a remote terminal unit (RTU) in a “raw” condition from a centralized system in a supervisory control and data acquisition system (SCADA) network augmented by authentication controls from existing Network Access Control or site occupancy sensors. An RTU configuration request is received to configure an RTU in a remote location and pre-configured with an embedded remote configuration assignment capability. A low-level communication channel with the RTU is established through an initial data communication relay apparatus for using a low-level communication protocol. A SCADA Communication Protocol address for the RTU to support a high-level communication channel is assigned. The RTU is connected to the SCADA network and configured for use in the SCADA network. Configuration is done using high-level communication after authenticating the identity of the RTU and the integrity of the configuration request.

Abstract: Systems and methods include a method for protecting data for a remote terminal unit (RTU) and providing audit trail information for forensics procedures. Monitoring is performed for conditions detected at an RTU that warrant a data protection operation at the RTU. The monitoring is performed by an instrumented security function (ISF) chip communicating with the RTU in a supervisory control and data acquisition system (SCADA) network. Upon determining that conditions are warranted, the data protection operation is initiated by the ISF chip. The system also provides audit trail information for forensics procedures upon detecting a threat in the vicinity of the RTU. The system invokes the forensics procedure by initiating the localization services (HBL) embedded as part of the RTU's disk apparatus triggered by a change to the disk apparatus such as a power disconnect or by receiving a security signal from the NAC or local occupancy sensors.

Abstract: Systems and methods include a method for configuring, without intervention by a Control System Engineer, a remote terminal unit (RTU) in a “raw” condition from a centralized system in a supervisory control and data acquisition system (SCADA) network augmented by authentication controls from existing Network Access Control or site occupancy sensors. An RTU configuration request is received to configure an RTU in a remote location and pre-configured with an embedded remote configuration assignment capability. A low-level communication channel with the RTU is established through an initial data communication relay apparatus for using a low-level communication protocol. A SCADA Communication Protocol address for the RTU to support a high-level communication channel is assigned. The RTU is connected to the SCADA network and configured for use in the SCADA network. Configuration is done using high-level communication after authenticating the identity of the RTU and the integrity of the configuration request.

Abstract: The present disclosure describes computer-implemented methods, computer program products, and computer systems, for role-based plants unattended premises occupancy monitoring, mapping, and events logging. One computer implemented method includes unlocking a mechanical door controllable by a computing device upon successfully validating login information input by an occupant, performing an occupancy footprint mapping (OFM) by periodically calculating the occupant's location using a triangulation process, determining an identity of the occupant based a received RFID signal, identifying a job role for the occupant based on the occupant's identity, identifying a normal OFM associated with the occupant's job role, calculating a deviation between the OFM and the normal OFM, sending a security event including the OFM to a Syslog server and an object linking, and sending an embedding for process control alarm to a human machine interface if the deviation exceeds a predetermined deviation tolerance threshold.

Abstract: Receiving, by a first communication device, an internet protocol (IP) packet via a first synchronous multi-application application programming interface (API) running on a first computer, dividing, by a splitting unit in the first communication device, the IP packet into a command portion and a data portion, encoding, by a data encoding unit in the first communication device, the data portion into a text delimited non-IP format, transmitting, by a transmitting unit in the first communication device, the encoded data portion and the command portion, receiving, by a second communication device, the encoded data portion and the command portion, decoding, by a data decoding unit in the second communication device, the encoded data portion into IP format, combining, by a constructor unit in the second communication device, the decoded data portion and the command portion to regenerate the IP packet, and receiving, by a second synchronous multi-application API running on a second computer, the regenerated IP packet

Abstract: Systems and methods for securely transmitting data between terminals include receiving, by a first communication device, an internet protocol (IP) packet via a first application programming interface (API) running on a first computer, dividing, by a splitting unit in the first communication device, the IP packet into a command portion and a data portion, encoding, by a data encoding unit in the first communication device, the data portion into a text delimited non-IP format, transmitting, by a transmitting unit in the first communication device, the encoded data portion and the command portion, receiving, by a second communication device, the encoded data portion and the command portion, decoding, by a data decoding unit in the second communication device, the encoded data portion into IP format, combining, by a constructor unit in the second communication device, the decoded data portion and the command portion to regenerate the IP packet, and receiving, by a second API running on a second computer, the rege

Abstract: The present disclosure describes computer-implemented methods, computer program products, and computer systems, for role-based plants unattended premises occupancy monitoring, mapping, and events logging. One computer implemented method includes unlocking a mechanical door controllable by a computing device upon successfully validating login information input by an occupant, performing an occupancy footprint mapping (OFM) by periodically calculating the occupant's location using a triangulation process, determining an identity of the occupant based a received RFID signal, identifying a job role for the occupant based on the occupant's identity, identifying a normal OFM associated with the occupant's job role, calculating a deviation between the OFM and the normal OFM, sending a security event including the OFM to a Syslog server and an object linking, and sending an embedding for process control alarm to a human machine interface if the deviation exceeds a predetermined deviation tolerance threshold.

Abstract: Systems and methods for securely transmitting data between terminals include receiving, by a first communication device, an internet protocol (IP) packet via a first application programming interface (API) running on a first computer, dividing, by a splitting unit in the first communication device, the IP packet into a command portion and a data portion, encoding, by a data encoding unit in the first communication device, the data portion into a text delimited non-IP format, transmitting, by a transmitting unit in the first communication device, the encoded data portion and the command portion, receiving, by a second communication device, the encoded data portion and the command portion, decoding, by a data decoding unit in the second communication device, the encoded data portion into IP format, combining, by a constructor unit in the second communication device, the decoded data portion and the command portion to regenerate the IP packet, and receiving, by a second API running on a second computer, the rege

Abstract: A first message from a remote terminal unit (RTU) is received, where the first message indicates that a motion has been detected. In response to receiving the first message, a timer is started at a supervisory control and data acquisition (SCADA) server. Whether a personal identification number (PIN) verification and a radio-frequency identification (RFID) verification have succeeded is determined before the timer expires. In response to determining that at least one of the PIN verification or the RFID verification fails, a communication port connecting the RTU with the SCADA server is disabled.

Abstract: A system for centrally controlling access by computers in a corporate network to a plant network that runs plant applications. The system includes an access control computer in communication with the corporate network and includes a memory, a processor coupled to the memory and a multi-user application stored in the memory and executable by the processor. The multi-user application communicates with a plurality of computers in the corporate network concurrently and communicates with at least one plant application running in the plant network to retrieve data from and pass data to the plant application on behalf of the plurality of computers in the corporate network concurrently. Since all communication from the plurality of computers is tunneled through the access control computer, the likelihood of any virus or worm spreading into the plant network is minimized.

Abstract: A system for centrally controlling access by computers in a corporate network to a plant network that runs plant applications. The system includes an access control computer in communication with the corporate network and includes a memory, a processor coupled to the memory and a multi-user application stored in the memory and executable by the processor. The multi-user application communicates with a plurality of computers in the corporate network concurrently and communicates with at least one plant application running in the plant network to retrieve data from and pass data to the plant application on behalf of the plurality of computers in the corporate network concurrently. Since all communication from the plurality of computers is tunneled through the access control computer, the likelihood of any virus or worm spreading into the plant network is minimized.