1. Company & SCADA Project Overview
Background
Pacific Coast Energy Company (PCEC) acquired a dozen mature oil leases, each connected through a distributed SCADA system. The system relied on a cloud-based Ignition Gateway that pulled data from multiple PLCs linked over a network of cellular radios. Operators could securely log in from the field, monitor conditions, adjust setpoints, and respond to alarms.
Although minimal in scope, this system was critical for monitoring remote assets cost-effectively, keeping costs down, and ensuring projects stayed on schedule.
Project Motivation
The SCADA system was critical for monitoring remote assets cost-effectively, but depended on a managed VPN service. When that VPN service was retired, PCEC faced the risk of higher costs, operational disruption, and reduced system viability.
2. Problem Definition
Key Challenges
- Subscription service retirement threatened secure connectivity
- Potential downtime for remote monitoring and alarming
- Increased operating costs if staying with Cradlepoint
- Limited internal IT/network resources for a large-scale redesign
Interim Work-Arounds
Operators continued using the existing VPN platform while evaluating alternatives, but this was not sustainable long-term.
3. Decision-Making & Solution Selection
Selection Criteria
|
Priority |
Requirement |
|
Reliable transition |
Cutover with minimal downtime |
|
Secure communications |
Encrypted Isolations of SCADA traffic |
|
Cost-effective |
Avoid rising subscription costs |
|
Scalable |
Support for multiple sites and expansion |
|
Easy deployment |
Minimal IT/network engineering overhead |
Process
Avadine presented several replacement options. After review, PCEC selected Tosibox for its affordability, simple deployment, and secure architecture.
4. Implementation Process
Execution Strategy
- Procured Tosibox units to replace VPN dependency.
- Worked with electricians to install Tosibox Locks in panels between PLCs and cellular modems.
- Deployed 15 Tosibox units across 10+ sites in a single day.
- Verified Ignition Gateway connectivity and alarm delivery.
Challenges & Solutions
|
Challenge |
Solution |
|
Retiring VPN service created risk of disruption |
Tosibox Locks provided immediate secure replacement |
|
Multi-site coordination |
Standardized deployment across panels |
|
Limited time for cutover |
Transition completed in less than a day |
5. Technical Architecture & Components
|
Layer |
Component |
Purpose |
|
Edge |
Tosibox Locks |
Secure VPN tunnels between PLCs and cloud gateway |
|
Data |
Cellular radios |
Maintain existing connectivity path |
|
Core |
Tosibox Hub Cloud |
Hosting Ignition Gateway application server |
|
UI |
Ignition Vision |
Operator dashboards, alarming, data monitoring |
|
Security |
Tosibox encryption & isolation |
Ensures SCADA traffic is encrypted and isolated from Internet traffic |
6. Results & Impact (First 6 Months)
|
Metric |
Before (Legacy VPN) |
After (Tosibox) |
|
Cutover downtime |
Risk of weeks |
< 1 day |
|
Gateway uptime |
Limited by VPN reliability |
Improved stability |
|
Maintenance costs |
Rising |
Reduced |
|
SCADA traffic security |
Dependent on subscription VPN |
Encrypted isolations from internet traffic |
7. Customer & Stakeholder Feedback
“Data disruption during cutover was measured in hours rather than weeks. Uptime has improved, maintenance costs have dropped, and Tosibox enables SCADA communications to be encrypted and isolated traffic from other internet-bound traffic.”
— PCEC Operations Team
8. Future Prospects
- Expand Tosibox deployment to additional sites.
- Test and adopt Tosibox mobile client capabilities.
- Continue refining cybersecurity strategy with Tosibox as the secure access layer.
9. Lessons Learned & Recommendations
- Simplicity matters: hardware VPNs accelerated deployment and reduced engineering overhead.
- Standardized rollout across sites ensured consistent results.
- Encrypted isolations of SCADA traffic strengthened security posture.
10. Operational & Business Metrics Impact
- Seamless migration preserved SCADA visibility during a critical transition.
- Improved uptime reduced operational risk and response delays.
- Lower recurring costs ensured long-term sustainability of the SCADA system.
