SCADA is the abbreviation for "Supervisory Control And Data Acquisition". It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility based as described below:
Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
* Infrastructure processes may be public or private, and include
water treatmentand distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, and large communication systems.
* Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control
HVAC, access, and energy consumption.
A SCADA System usually consists of the following subsystems:
* A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through which the human operator monitors and controls the process.
* A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process
Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.
Communicationinfrastructure connecting the supervisory system to the Remote Terminal Units
There is, in several industries, considerable confusion over the differences between SCADA systems and
Distributed control systems (DCS). Generally speaking, a SCADA system usually refers to a system that coordinates, but does not control processes in real time. The discussion on real-time control is muddied somewhat by newer telecommunications technology, enabling reliable, low latency, high speed communications over wide areas. Most differences between SCADA and Distributed control systemDCS are culturally determined and can usually be ignored. As communication infrastructures with higher capacity become available, the difference between SCADA and DCS will fade.
The term SCADA usually refers to centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas (anything between an industrial plant and a country). Most control actions are performed automatically by
remote terminal units ("RTUs") or by programmable logic controllers("PLCs"). Host control functions are usually restricted to basic overriding or "supervisory" level intervention. For example, a PLC may control the flow of cooling water through part of an industrial process, but the SCADA system may allow operators to change the set points for the flow, and enable alarm conditions, such as loss of flow and high temperature, to be displayed and recorded. The feedback control loop passes through the RTU or PLC, while the SCADA system monitors the overall performance of the loop. Data acquisitionbegins at the RTU or PLC level and includes meter readings and equipment status reports that are communicated to SCADA as required. Data is then compiled and formatted in such a way that a control room operator using the HMI can make supervisory decisions to adjust or override normal RTU (PLC) controls. Data may also be fed to a Historian, often built on a commodity Database Management System, to allow trending and other analytical auditing.
SCADA systems typically implement a distributed database, commonly referred to as a "tag database", which contains data elements called "tags" or "points". A point represents a single input or output value monitored or controlled by the system. Points can be either "hard" or "soft". A hard point represents an actual input or output within the system, while a soft point results from logic and math operations applied to other points. (Most implementations conceptually remove the distinction by making every property a "soft" point expression, which may, in the simplest case, equal a single hard point.) Points are normally stored as value-timestamp pairs: a value, and the timestamp when it was recorded or calculated. A series of value-timestamp pairs gives the history of that point. It's also common to store additional metadata with tags, such as the path to a field device or PLC register, design time comments, and alarm information.
Human Machine Interface
A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through which the human operator controls the process.
An HMI is usually linked to the SCADA system's
databases and software programs, to provide trending, diagnostic data, and management information such as scheduled maintenance procedures, logistic information, detailed schematics for a particular sensor or machine, and expert-system troubleshooting guides.
The HMI system usually presents the information to the operating personnel graphically, in the form of a mimic diagram. This means that the operator can see a schematic representation of the plant being controlled. For example, a picture of a pump connected to a pipe can show the operator that the pump is running and how much fluid it is pumping through the pipe at the moment. The operator can then switch the pump off. The HMI software will show the flow rate of the fluid in the pipe decrease in real time. Mimic diagrams may consist of line graphics and schematic symbols to represent process elements, or may consist of digital photographs of the process equipment overlain with animated symbols.
The HMI package for the SCADA system typically includes a drawing program that the operators or system maintenance personnel use to change the way these points are represented in the interface. These representations can be as simple as an on-screen traffic light, which represents the state of an actual traffic light in the field, or as complex as a multi-projector display representing the position of all of the elevators in a skyscraper or all of the trains on a railway.
An important part of most SCADA implementations are alarms. An alarm is a digital status point that has either the value NORMAL or ALARM. Alarms can be created in such a way that when their requirements are met, they are activated. An example of an alarm is the "fuel tank empty" light in a car. The SCADA operator's attention is drawn to the part of the system requiring attention by the alarm. Emails and text messages are often sent along with an alarm activation alerting managers along with the SCADA operator.
SCADA solutions often have
Distributed Control System(DCS) components. Use of "smart" RTUs or Programmable logic controllers, which are capable of autonomously executing simple logic processes without involving the master computer, is increasing. A functional block programming language,
IEC 61131-3, is frequently used to create programs which run on these RTUs and PLCs. Unlike a procedural language such as the C programming language or FORTRAN, IEC 61131-3 has minimal training requirements by virtue of resembling historic physical control arrays. This allows SCADA system engineers to perform both the design and implementation of a program to be executed on an RTU or PLC.Since about 1998, virtually all major PLC manufacturers have offered integrated HMI/SCADA systems, many of them using open and non-proprietary communications protocols. Numerous specialized third-party HMI/SCADA packages, offering built-in compatibility with most major PLCs, have also entered the market, allowing mechanical engineers, electrical engineers and technicians to configure HMIs themselves, without the need for a custom-made program written by a software developer.
Remote Terminal Unit (RTU)
RTUconnects to physical equipment. Typically, an RTU converts the electrical signals from the equipment to digital values such as the open/closed status from a switchor a valve, or measurements such as pressure, flow, voltage or current. By converting and sending these electrical signals out to equipment the RTUcan control equipment, such as opening or closing a switchor a valve, or setting the speed of a pump.
Quality SCADA RTUs have these characteristics:
The term "Supervisory Station" refers to the servers and software responsible for communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI software running on workstations in the control room, or elsewhere. In smaller SCADA systems, the master station may be composed of a single PC. In larger SCADA systems, the master station may include multiple servers, distributed software applications, and disaster recovery sites. To increase the integrity of the system the multiple servers will often be configured in a dual-redundant or hot-standby formation providing continuous control and monitoring in the event of a server failure.
Initially, more "open" platforms such as
Linuxwere not as widely used due to the highly dynamic development environment and because a SCADA customer that was able to afford the field hardware and devices to be controlled could usually also purchase UNIXor OpenVMSlicenses. Today, all major operating systems are used for both master station servers and HMI workstations.
For some installations, the costs that would result from the control system failing is extremely high. Possibly even lives could be lost. Hardware for some SCADA systems is ruggedized to withstand temperature, vibration, and voltage extremes, but in most critical installations reliability is enhanced by having redundant hardware and communications channels, up to the point of having multiple fully equipped control centres. A failing part can be quickly identified and its functionality automatically taken over by backup hardware. A failed part can often be replaced without interrupting the process. The reliability of such systems can be calculated statistically and is stated as the mean time to failure, which is a variant of
mean time between failures. The calculated mean time to failure of such high reliability systems can be on the order of centuries.
Communication infrastructure and methods
SCADA systems have traditionally used combinations of radio and direct serial or modem connections to meet communication requirements, although Ethernet and IP over SONET / SDH is also frequently used at large sites such as railways and power stations. The remote management or monitoring function of a SCADA system is often referred to as
This has also come under threat with some customers wanting SCADA data to travel over their pre-established corporate networks or to share the network with other applications. The legacy of the early low-bandwidth protocols remains, though.SCADA protocols are designed to be very compact and many are designed to send information to the master station only when the master station polls the RTU. Typical legacy SCADA protocols include
ModbusRTU, RP-570, Profibusand Conitel. These communication protocols are all SCADA-vendor specific but are widely adopted and used. Standard protocols are IEC 60870-5-101 or 104, IEC 61850and DNP3. These communication protocols are standardized and recognized by all major SCADA vendors.Many of these protocols now contain extensions to operate over TCP/IP. It is good security engineeringpractice to avoid connecting SCADA systems to the Internetso the attack surfaceis reduced.
RTUs and other automatic controller devices were being developed before the advent of industry wide standards for interoperability. The result is that developers and their management created a multitude of control protocols. Among the larger vendors, there was also the incentive to create their own protocol to "lock in" their customer base. A list of
automation protocolsis being compiled here.
Recently, OLE for Process Control (OPC) has become a widely accepted solution for intercommunicating different hardware and software, allowing communication even between devices originally not intended to be part of an industrial network.
SCADA systems have evolved through 3 generations as follows:i. First Generation-"Monolithic":In the first generation computing was done by Mainframe systems. Networks didn’t exist at the time SCADA was developed. Thus SCADA systems were independent systems with no connectivity to other systems.Wide Area Networks were later designed by RTU vendors to communicate with the RTU. The communication protocols used were often proprietary at that time. The first generation SCADA System was redundant since a back-up mainframe system was connected at the bus level and was used in the event of failure of the main mainframe system.ii. Second Generation-"Distributed":The processing was distributed across multiple stations which were connected through LAN and they shared information in real time. Each station was responsible for a particular task thus making the size and cost of each station less than the one used in First Generation. The network protocols used were still mostly proprietary.iii. Third Generation-"Networked":These are the current generation SCADA systems which use open system architecture rather than a vendor controlled proprietary environment. The SCADA system utilizes open standard and protocols thus distributing functionality across a WAN rather than a LAN. It is easier to connect third party peripheral devices like printers, disk drives, tape drives due to the use of open architecture.WAN protocols such as Internet Protocol (IP) are used for communication between the master station and communications equipment. This on the other hand has put a question on the security of SCADA system which seems to be vulnerable to cyber-warfare and cyber terrorism attacks.
Trends in SCADA
There is a trend for PLC and HMI/SCADA software to be more "mix-and-match". In the mid 1990s, the typical DAQ I/O manufacturer supplied equipment that communicated using proprietary protocols over a suitable-distance carrier like
RS-485. End users who invested in a particular vendor's hardware solution often found themselves restricted to a limited choice of equipment when requirements changed (e.g. system expansions or performance improvement). To mitigate such problems, open communication protocols such as IEC870-5-101/104 and DNP 3.0 (serial and over IP) became increasingly popular among SCADA equipment manufacturers and solution providers alike. Open architectureSCADA systems enabled users to mix-and-match products from different vendors to develop solutions that were better than those that could be achieved when restricted to a single vendor's product offering.
Towards the late 1990s, the shift towards open communications continued with individual I/O manufacturers as well, who adopted open message structures such as Modbus RTU and Modbus ASCII (originally both developed by Modicon) over RS-485. By 2000, most I/O makers offered completely open interfacing such as Modbus TCP over Ethernet and IP.
SCADA systems are coming in line with standard networking technologies.
Ethernetand TCP/IP based protocols are replacing the older proprietary standards. Although certain characteristics of frame-based network communication technology (determinism, synchronization, protocol selection, environment suitability) have restricted the adoption of Ethernet in a few specialized applications, the vast majority of markets have accepted Ethernet networks for HMI/SCADA.
"Next generation" protocols such as OPC-UA, Wonderware's SuiteLink, GE Fanuc's Proficy and Rockwell Automation's FactoryTalk, take advantage of
XML, web services and other modern web technologies, making them more easily IT supportable.
With the emergence of
software as a servicein the broader software industry, a few vendors have begun offering application specific SCADA systems hosted on remote platforms over the Internet, for example, PumpView by MultiTrode. This removes the need to install and commission systems at the end-user's facility and takes advantage of security features already available in Internet technology, VPNs and SSL. Some concerns include security, [cite web |title=How to put SCADA on the Internet |publisher=Control Engineering |author=Donald Wallace |date=2003-09-01 |accessdate=2008-05-30 |url=http://www.controleng.com/article/CA321065.html ("Note: Donald Wallace is COO of M2M Data Corporation, a SCADA vendor.")] Internet connection reliability, and latency.
SCADA systems are becoming increasingly ubiquitous.
Thin clients, web portals, and web based products are gaining popularity with most major vendors. The increased convenience of end users viewing their processes remotely introduces security considerations.
The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems and office networks and the
Internethas made them more vulnerable to attacks. Consequently, the security of SCADA-based systems has come into question as they are increasingly seen as extremely vulnerable to cyberwarfare/cyberterrorism attacks. [cite web |url=http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf |title=SCADA Security and Terrorism: We're Not Crying Wolf
author=D. Maynor and R. Graham] [cite web
title=SCADA system makers pushed toward security
In particular, security researchers are concerned about:
* the lack of concern about security and authentication in the design, deployment and operation of existing SCADA networks
* the mistaken belief that SCADA systems have the benefit of
security through obscuritythrough the use of specialized protocols and proprietary interfaces
* the mistaken belief that SCADA networks are secure because they are purportedly physically secured
* the mistaken belief that SCADA networks are secure because they are supposedly disconnected from the Internet
Because of the mission-critical nature of a large number of SCADA systems, such attacks could, in a worst case scenario, cause massive financial losses through loss of data or actual physical destruction, misuse or theft, even loss of life, either directly or indirectly. Whether such concerns will cause a move away from the use of existing SCADA systems for mission-critical applications towards more secure architectures and configurations remains to be seen, given that at least some influential people in corporate and governmental circles believe that the benefits and lower initial costs of SCADA based systems still outweigh potential costs and risks.Fact|date=May 2007 Recently, multiple security vendors, such as Byres Security, Inc., Industrial Defender Inc.,
Check Pointand Innominate, and N-Dimension Solutionshave begun to address these risks by developing lines of specialized industrial firewalland VPNsolutions for TCP/IP-based SCADA networks.
Also, the ISA Security Compliance Institute (ISCI) is emerging to formalize SCADA security testing starting as soon as 2009. ISCI is conceptually similar to private testing and certification that has been performed by vendors since 2007, such as the Achilles certification program from Wurldtech Security Technologies, Inc. and MUSIC certification from
Mu Dynamics, Inc. Eventually, standards being defined by ISA SP99 WG4 will supersede these initial industry consortia efforts, but probably not before 2011.
The increased interest in SCADA vulnerabilities also results in numerous new vulnerabilities in SCADA software (e.g. disclosures by Core Security and C4 Security) and more general offensive SCADA techniques presented to the general security community. [cite web |url=http://www.digitalbond.com/wp-content/uploads/2007/10/S4_2008_Agenda.pdf |title=S4 2008 Agenda] [cite web |url=http://www.c4-security.com/SCADA%20Security%20-%20Generic%20Electric%20Grid%20Malware%20Design%20-%20SyScan08.pps |title=SCADA Security - Generic Electric Grid Malware Design]
Industrial Control Systems
* [http://www.cpni.gov.uk/ProtectingYourAssets/scada.aspx UK SCADA security guidelines]
Wikimedia Foundation. 2010.