As the design life of these systems is usually 20+ years whether by being compromised or for some other reason at some point the SCADA/automatic control system will fail/become erratic, so instead I'd suggest you ask how they expect to cope with such failures.
To start you off
* Is there a UPS backed independent hardwired telemetry system to alert operators to control system failure, instrument failures and hazardous conditions? * Is any chemical dosing controlled and logged by separate hardwired systems with physical security? * Is there a hardwired fallback mode of control? (using float switches, level probes, timers and relay logic, etc to enact simple control) * Are there local operator controls to run the plant in hand when the automatic control system has failed? * In the event to automatic and hardwired control failure are the plant operators trained to be able to run the plant in manual? * How quickly can you restore the PLCs? * How quickly can you restore the system's last known good setpoints? * How quickly can you restore the SCADA? * Is there a gen-set, does it have fuel, it is regularly exercised, does it have automatic incomer switching, it that regularly tested? * Are there exercised spares and someone to fit them?
Slashdot Mirror
As the design life of these systems is usually 20+ years whether by being compromised or for some other reason at some point the SCADA/automatic control system will fail/become erratic, so instead I'd suggest you ask how they expect to cope with such failures.
To start you off
* Is there a UPS backed independent hardwired telemetry system to alert operators to control system failure, instrument failures and hazardous conditions?
* Is any chemical dosing controlled and logged by separate hardwired systems with physical security?
* Is there a hardwired fallback mode of control? (using float switches, level probes, timers and relay logic, etc to enact simple control)
* Are there local operator controls to run the plant in hand when the automatic control system has failed?
* In the event to automatic and hardwired control failure are the plant operators trained to be able to run the plant in manual?
* How quickly can you restore the PLCs?
* How quickly can you restore the system's last known good setpoints?
* How quickly can you restore the SCADA?
* Is there a gen-set, does it have fuel, it is regularly exercised, does it have automatic incomer switching, it that regularly tested?
* Are there exercised spares and someone to fit them?