2. What is SCADA?
•SCADA stands for Supervisory Control and Data Acquisition. A SCADA system is a collection of
both software and hardware components that allow supervision and control of plants, both
locally and remotely. The SCADA also examines, collects, and processes data in real time. Human
Machine Interface (HMI) software facilitates interaction with field devices such as pumps,
valves, motors, sensors, etc. Also within the SCADA software is the ability to log data for
historical purposes.
•The structural design of a standard SCADA system starts with Remote Terminal Units (RTUs)
and/or Programmable Logic Controllers (PLCs).RTUs and PLCs are microprocessors that
communicate and interact with field devices such as valves, pumps, and HMIs.
•That communication data is routed from the processors to the SCADA computers, where the
software interprets and displays the data allowing for operators to analyze and react to system
events.
3. SCADA System Security
24/7 Infrastructure availability:
The infrastructure controlled by SCADA systems and PLCs often has to be continuously available
and must operate as expected.
Continuous operation:
In some cases, it may be very disruptive to switch off PLC controlled equipment
as it is impossible to predict when the system will be required.
4. Critical SCADA systems
•Failure of controlled systems can lead to direct loss of life due to equipment
failure or indirect losses due to failure of the critical infrastructure controlled by
SCADA systems.
•SCADA must therefore be dependable:
- Safety and reliability
- Security
5. SCADA Safety and Reliability
• Needs specific safety analysis techniques for PLCs because they are
programmed in a different manner(Ladder logic).
•SCADA systems are designed with redundancy and backup, which contributes to
the availability of these systems.
6. SCADA Security vulnerabilities
•Weak passwords
•Open to port scanning to discover SCADA systems on network.
•Lack of input validation-buffer overflow and SQL poisoning.
•Unencrypted network traffic.
7. SCADA Security challenges
• SCADA systems and PLC software is normally designed by companies with very
limited experience in developing secure systems.
• The system developers are usually domain experts(oil and gas engineers, power
engineers) rather than software engineers.
•They may have had no training in security techniques.
•Security testing on process control systems may also be approached with
extreme caution - security scanning can seriously affect the operation of many
control devices.
•There are sometimes few opportunities to take the system offline for routine
testing, patching and maintenance.
8. Improving SCADA security
• Better security education and training for SCADA developers.
• Need for regulators to become involved-security certification.
9. Specialized SCADA Protocols
A Protocol controls the message format common to all devices on a network.
Common protocols used in radio communications and telemetry systems include
the HDLC, MPT1317 and Modbus protocols. The CSMA/CD protocol format is
also used.
The transmission of information (both directions) between the master station
and RTUs using time division multiplexing techniques requires the use of serial
digital messages. These messages must be efficient, secure, flexible, and easily
implemented in hardware and software.
Efficiency is defined as: Information Bits Transmitted/ Total Bits Transmitted
10. All messages are divided into three basic parts as follows:
1. Message Establishment:- Which provides the signals to synchronize the
receiver and transmitter.
2. Information:- Which provides the data in a coded form to allow the
receiver to decode the information and properly utilize it.
3. Message Termination:- Which provides the message security checks
and a means of denoting the end of the message
A typical example of commonly used asynchronous message format is
shown in
11. Master to Remote Data Transfer: Information transmitted from master to
remote is for the purpose of device control, set point control, or batch data
transfer. Due to the possible severe consequences of operating the wrong
device or receiving a bad control message, additional security is required for
control. This is provided in the form of a sequence of messages, commonly
called a select-before-operate sequence.
12. Remote to Master Data Transfer: All remote to master data transfer is
accomplished with one basic message sequence by using variations in the
field definitions to accommodate different types of data. The basic
sequence is shown.
13. High Level Data Link Control (HDLC)
Protocol
HDLC has been defined by the International Standards Organization for use on both multipoint
and point-to-point links. HDLC is a bit based protocol. The two most common modes of operation
of HDLC are:
Unbalanced Normal Response Mode (NRM): This is used with only one primary (or master)
station initiating all transactions.
Asynchronous Balanced Mode (ABM): In this mode each node has equal status and can act as
either a secondary or primary node.
15. A SCADA system performs following primary functions:
1. Data acquisition
2. Networked data communication
3. Data Presentation
4. Control
5. Tagging
6. Alarms
7. Logging
8. Load Shading
9. Trending
16. Data Acquisition
SCADA systems acquire machine data through networked devices and sensors
connected to a PLC or RTU. These devices and sensors measure parameters such
as temperature, speed, pressure, or weight as raw data. The data is then sent to
a PLC or RTU, where it is translated into comprehensible and actionable
information. Finally, the information is sent to an HMI and displayed to
operators to analyze or act on.
17. Networked Data Communication
SCADA systems may use wired or wireless communication technologies, as well
as different communication protocols to transmit data between machines and
operators. Common non-proprietary communication protocols include
distributed network protocol (DNP3), Modbus, and IEC 60870-5. There are also
numerous proprietary protocols specific to certain SCADA vendors. Additionally,
SCADA systems typically utilize either closed local area networks (LANs) for local
geographical areas, or wide area networks (WANs) for systems that need to
connect multiple local area networks that are spread across different regions.
18. Data Presentation
The only display element in our model SCADA system is the light that comes on
when the switch is activated. This obviously won’t do on a large scale — you
can’t track a lightboard of a thousand separate lights, and you don’t want to pay
someone simply to watch a lightboard, either.
A real SCADA system reports to human operators over a specialized computer
that is variously called a master station, an HMI (Human-Machine Interface) or
an HCI (Human-Computer Interface). The SCADA master station has several
different functions. The master continuously monitors all sensors and alerts the
operator when there is an “alarm” — that is, when a control factor is operating
outside what is defined as its normal operation.
19. Control
Automated process control based on defined set-points is another SCADA
function. SCADA systems can be programmed to perform certain control
decisions based on the parameters received from connected sensors. For
example, if SCADA detects an abnormal condition in the process, such as power
loss to a machine, and also detects an alarm that the machine’s back-up battery
power doesn’t have a charge, the SCADA system could perform a control
function to automatically turn on a generator to restore power. Additional
SCADA control functions may include turning power on or off, increasing or
decreasing speed and flow, raising or lowering temperature, and more.
20. Tagging
It prevents the device from unauthorized operation. Means it authorizes the
device to perform the specific operation.
Alarms
It informs the operator about the unnecessary events and undesired
conditions.
21. Logging (Recording):
• It logs all the operating entry, all alarms and other information. In other words
it keeps the record of all the events.
Load shading:
• It provides both the automatic and manual control tripping of
load during the emergency.
23. • There are different network characteristics for each layer within a control
system hierarchy.
• Network topologies across different ICS(Industrial control systems)
implementations vary with modern systems using Internet-based IT and
enterprise integration strategies.
• Control networks have merged with corporate networks to allow engineers to
monitor and control systems from outside of the control system network.
• The connection may also allow enterprise-level decision-makers to obtain
access to process data. The following is a list of the major components of an ICS
network, regardless of the network topologies in use:
24. Fieldbus Network
The fieldbus network links sensors and other devices to a PLC or other controller. Use of fieldbus
technologies eliminates the need for point-to-point wiring between the controller and each
device. The sensors communicate with the fieldbus controller using a specific protocol. The
messages sent between the sensors and the controller uniquely identify each of the sensors.
25. Control Network. The control network connects the supervisory control level to lower-level
control modules.
Communications Routers. A router is a communications device that transfers messages between
two networks. Common uses for routers include connecting a LAN to a WAN, and connecting
MTUs and RTUs to a long-distance network medium for SCADA communication.
26. Firewall. A firewall protects devices on a network by monitoring and controlling communication packets
using predefined filtering policies. Firewalls are also useful in managing ICS network segregation strategies.
Modems. A modem is a device used to convert between serial digital data and a signal suitable for
transmission over a telephone line to allow devices to communicate. Modems are often used in SCADA
systems to enable long-distance serial communications between MTUs and remote field devices. They are
also used in both SCADA systems, DCSs and PLCs for gaining remote access for operational functions such
as entering command or modifying parameters, and diagnostic purposes.
Remote Access Points. Remote access points are distinct devices, areas and locations of a control network
for remotely configuring control systems and accessing process data. Examples include using a personal
digital assistant (PDA) to access data over a LAN through a wireless access point, and using a laptop and
modem connection to remotely access an ICS system.
27. TYPES OF DATA COLLECTED
There are 3 common types of data collected:
Analog – used for trending
Digital (on/off) – used for alarming
Pulse (i.e. revolutions of some kind of meter) – accumulated /counted
28. Graphic mimics
The primary operator interface is a set of graphical screens which show a representation of the
equipment being monitored. Real-time data is displayed numerically or graphically as changing
bars, circles, lines or other shapes over a static background.
As the acquired data changes in real-time, the bar, circle, line or other representative shape is
updated. For instance, an analog level increase may be displayed as a lengthening of the
representative vertical bar or a valve graphic may look open to represent that it is open. A
typical MMI will have a nested tree structure of many such screens, usually with the many
overview screen on the first page with the most relevant data displayed. There are then links
that go to other pages. Users can easily configure the type of I/O point, communication protocol
driver, polling rate, alarm thresholds and notifications, trend process data as well as configure
the User and Operator screens.
29. Communication
SCADA communications can employ a diverse range of both wired (lease line,
dial-up line, fiber, ADSL, cable) and wireless media (licensed radio, spread
spectrum, cellular, WLAN or satellite). The choice depends on a number of
factors that characterize the clients existing communication infrastructure.
31. SCADA Architecture
1) First generation: "Monolithic“
2) Second generation: "Distributed“
3) Third generation: "Networked"
32. Monolithic SCADA Systems
Minicomputers are used earlier for computing
the SCADA systems. In earlier times, during the
time of first generation, monolithic SCADA
systems were developed wherein the common
network services were not available. Hence,
these are independent systems without having
any connectivity to other systems
33.
34. Distributed SCADA Systems
The processing was distributed across multiple
stations which were connected through a LAN
and they shared information in real time.
Each station was responsible for a particular
task thus making the size and cost of each
station less than the one used in First
Generation.
35.
36. Networked SCADA Systems
Open system architecture
Multiple networked systems, sharing master station functions
Utilizing open standards and protocols
Distribute SCADA functionality across a WAN
Open standards eliminate multiple limitations
Easier to connect to third party peripheral devices to the system or the network
Disaster survivability
37.
38. Integration of PLC and SCADA
While buying SCADA software, no. of device tags decide the amount of information SCADA
system will acquire, store, control and supervise.
For example in TIA portal ( a software offered by Siemens) , tags from PLC are addressed to
device tags of SCADA system and a separate program according to the graphical design. The
graphics/pictures are linked with device tags.
Change detected by
sensor
Change in value of PLC
tag
Change in value of
device tag
Graphical change on
computer screen