To provide centralized visibility, modern industrial environments increasingly integrate SCADA or SCADA-like approaches but must take care not to introduce new IT risks to existing systems. To mitigate both accidents and threats, a monitoring-only SCADA approach offers an effective alternative to traditional SCADA deployments by enabling secure, read-only access to critical data while preserving validated logic and legacy system behavior. The following use case, authored by Control and Automation Engineer, Eddy Alan, documents a real-world implementation of a monitoring-only SCADA integration for a critical energy system, focused strictly on monitoring, cybersecurity, and system governance.
Problem
The challenge was to integrate a remote, critical energy system into a SCADA environment with a strict focus on monitoring only. The objective was to eliminate silent failures and improve operational visibility, without introducing remote control or any additional risk to the protection system.
Architecture and Approach
- Secure MQTT was used as the transport layer, with AWS IoT Core acting as the broker.
- The G01 was deployed as an edge gateway, bridging MQTT to OPC UA and abstracting integration complexity from the SCADA.
- Within the critical energy system, a Weintek cMT-2078X HMI was used as a bridge between Modbus RTU and MQTT, allowing safe data extraction from legacy equipment without any modification to protection or control logic.
- The SCADA (in this case, Weintek FHDX-820, although the approach is SCADA-agnostic) consumes data strictly in read-only mode.
- No commands or control logic are exposed; all protection and control functions remain fully local to the energy system.
A key aspect of the solution was IT security and governance. Due to restrictive IT policies, the G01 stood out by acting as a physical DMZ, isolating the critical system from the corporate network and the cloud. This enabled integration without requiring changes to IT security policies, firewall rule modifications, or additional port openings.
Another decisive factor was architectural simplicity. There was no need for an industrial PC, external middleware, or tools such as Node-RED. The entire solution was implemented exclusively using the Weintek ecosystem, reducing failure points, software dependencies, and maintenance effort.
Additionally, the use of EasyAccess 2.0 enabled secure remote access to the system, allowing navigation, operation, diagnostics, and configuration changes when required, without additional licensing or subscription costs, greatly simplifying long-term support and maintenance.
For broader visibility, Weincloud was used as a web-based SCADA, allowing the substation status to be viewed by different users from any location, strictly for monitoring and decision-making purposes, while preserving the principle of observation without control.
Results
- Continuous 24/7 monitoring of the critical energy system.
- Active notifications using Weintek’s native push notification service, integrated with Telegram, ensuring alerts reach responsible personnel at any time.
- Practical tests under real conditions confirmed reliable alarm delivery and expected system behavior.
- The solution moved beyond a proof of concept and became an operational asset within the company’s risk management strategy.
- Compared to traditional architectures based on industrial PCs and corporate SCADA systems, the solution achieved an approximately six-times lower cost, while also significantly simplifying diagnostics due to fewer software layers and fewer potential points of failure.
- The solution has no recurring costs (monthly or annual fees), making it economically viable over the entire lifecycle of the system.
Overall Value
Overall, the value of the solution was not in adding intelligence or control, but in achieving reliable visibility, secure remote access, and timely notifications, without increasing operational risk.
What This Means for HMI-Based SCADA Architecture
This use case illustrates how an HMI and protocol gateway may be utilized to provide secure monitoring-only SCADA integration for a critical energy system, delivering centralized visibility and operational insight without compromising system integrity. By prioritizing read-only access, secure communication methods such as industrial MQTT monitoring, and architectural simplicity, the solution demonstrates that legacy system modernization does not require centralized control or reengineering of existing control logic. Instead, a well-structured HMI-based SCADA architecture can provide visibility, security, and reliability while respecting the constraints of critical and legacy infrastructure.
Key Takeaways:
- Supporting multiple protocols is essential for meeting strict application needs.
- The protocol chosen should always reflect the structure, processing speed, and feature requirements of the application.