Upload
hossein-jalali-moghaddam
View
225
Download
0
Embed Size (px)
Citation preview
7/26/2019 SCADA-NIGC
1/189
..TT..TT..FF
:: :: ::
Document Code: SP1-MNT-MON-001
SCADA
Rev 06
7/26/2019 SCADA-NIGC
2/189
Page | 2
4 .......
12 ................ 1-
12. ..................... 1-1-
13 ................................................................ 2-
15........................SCADA
DCS
PLC 2-1-
17 ... ........................... .................... .............. (ICS OPERATIONS) -2-2
21 . ...................................... .......... ICS -2-3
22................................. 2-3-1-
31............... 2-3-2-
39.............. SCADA 2-4-
48. ....................................................... DCS 2-5-
51. ....................................................................... PLC 2-6-
54... ...... .............. 2-7-
55....... .. .......SCADA 3-
56... ..................................FIREWALL 3-1-
59.LOGICALLY SEPERATED CONTROL SYSTEM 3-2-
60 ..... ..... .......... ...........NETWORK SEGREGATION 3-3-
69........DEFENCE IN DEPTH 3-4-
72.. .......SCADA 4-
74..................................................................................................................OSI
4-1-
76..............................................................................................................FIELDBUS -2 4-
79...........................................................................................................PROFIBUS -3 4-
82..............................................................................................................MODBUS -4 4-
88................................................................................................... IEC 60870-5-101-5 4-
94........................................................................................................ ......... DNP3 -6 4-
7/26/2019 SCADA-NIGC
3/189
Page | 3
104 ........................SCADA 5-
105...................... .......... ..... .... ............... ...................................... 5-1-
106............................... ....................... ..................... ......................... 5-2-
107...................... ..... ............................................ ................ ............. ........... 5-3-
110............................. ............. .............. ................................................ 5-4-
111...................... ........................... .................... ............................................ ................... 5-5-
112.................................. ........................................................... 5-6-
113.......................................... ..................................................................... VHF 5-7-
114.................................... ................................................. .............................. ...... UHF 5-8-
121 .............. ....... ..GLDS (IGAT V)SCADA 6
-
122.................................... . ...................................................... (IGAT V)SCADA 6-1-
126.................................... .. ......................................................................... GLDS
6-2-
132.................................... .. .............................................................. ......................... ..........
7/26/2019 SCADA-NIGC
4/189
Page | 4
:
1ICS 2SCADA 3DCS
PLC
.
)
4SCADA.)
DCS.
.PLC
5
.
6
. 90
.
SCADA.
SCADA
Media
SCADA
.IGAT#5SCADA
7
.
.
.
1
Industrial Control System2
Supervisory Control and Data Aquisition3
Distributed Control Syatem4
Dispersed Asset5
Discrete Control6
Critical Infrastracture7
Information Technology
7/26/2019 SCADA-NIGC
5/189
Page | 5
.
.ICS
.
.
.
.
.
DCS.
(DCS
).
DCS1
.
Real Time
Loop ControlDCS
. Pneumatic
.
.
PLC
.
I/O2PLC.
1
Low Latency2
Input/Output
7/26/2019 SCADA-NIGC
6/189
Page | 6
PLC
.
321
.
4
. 5
.6
.
RTU
.
.
.
DCSI/O
.
7 .
DCS
.
1Remote Data
2High Latency
3Low Bandwidth
4Open-Loop Control
5Remote Terminal Unit
6Telemetry
7Closed Loop
7/26/2019 SCADA-NIGC
7/189
Page | 7
PAC1
.SCADAPLCDCS
PAC
.
.ITSecured
Wireless2.
.
.
..
1Programmable Automation Controller
2Wireless
7/26/2019 SCADA-NIGC
8/189
Page | 8
:
.
1
.
.
.2
.
:
3DMZ
4
.5
.
:
1
Alarm Threshold2
Malware3
De-Militrized Zone4
Firewall5
Authentication
7/26/2019 SCADA-NIGC
9/189
Page | 9
:.
.
:
Patch
Port
.
:
.
.1
.
.
.
.
.2
.
1Cascading Events
2Defense in Depth
7/26/2019 SCADA-NIGC
10/189
Page | 10
:
.
.
.
.
( :
Stateful Inspection Firewall.(
(DMZ
.(
.
1
.
Service
Port
.
1
Fault Tolerant
7/26/2019 SCADA-NIGC
11/189
Page | 11
.
(
).
(
).
1PIV.
.
.
patch
patch
.
.
1Personal Identity Verification
7/26/2019 SCADA-NIGC
12/189
Page | 12
-1
-1-1
PLC
DCS
SCADA .
SCADASCADAMedia
SCADA IGAT#5SCADA
..
:
.:1
.:2
.SCADA:3
.SCADA4:Protocol
5:
SCADA
.
.IGAT VGLDSSCADA:6
:.
o: .
o.:
o:.
7/26/2019 SCADA-NIGC
13/189
Page | 13
-2
7/26/2019 SCADA-NIGC
14/189
Page | 14
)1970) (1919(:2-1
2-2:
1919) (
1990(
7/26/2019 SCADA-NIGC
15/189
Page | 15
SCADAPLCDCS-2-1
1
2
.
.
.
.
SensorBreaker
.
DCS
.
DCS
.
FeedforwardFeedback
3
Set Point.
654
1Distributed
2Centralized Data
3Set Point
4Proportional
5Differentional
6Integral
7/26/2019 SCADA-NIGC
16/189
Page | 16
1
DCS.
(Continuous Manufacturing Processes)
.
.
(Batch Manufacturing Processes)
.
.
.
.
. ()(
.)
.
PLC
.
PLC
DCS
LAN
SCADA
SCADA.
1
Self Correction
7/26/2019 SCADA-NIGC
17/189
Page | 17
.
1SCADADCS
.
SCADA
PLC
DCS
ICS
.
-2-2
:.2-3
2
Sensor
PLC 3 BreakersSwitches
.
.
4
Actuators
.
:Sensor
5
6
7
8
1
Closed Loop2Control Loop
3Actuators
4Set Point
5Temprature Sensor
6Humidity Sensor
7FlowMeasurement Sensor
8Current Sensor
7/26/2019 SCADA-NIGC
18/189
Page | 18
1
2
3
-(HMI)4
-.-
.
1
Pressure Sensor2
Power Failure Sensor3
Smoke Sensor4
Human Machine Interface
7/26/2019 SCADA-NIGC
19/189
Page | 19
:2-3
:2-4
7/26/2019 SCADA-NIGC
20/189
Page | 20
:2-5
(Remote Diagnostics and Maintenance Utilities)
.
HMI
. 21
3
1
Cascading2
Nested3
Set Point
7/26/2019 SCADA-NIGC
21/189
Page | 21
21.
.
:2-6
ICS3-2-3
.
PLCDCS
.
1Supervisory Level Loop
2Lower Level Loop
3Key SCADA Components
7/26/2019 SCADA-NIGC
22/189
Page | 22
1-2-3-1
:
2
DCS
.
.
((MTU43
Master .
PLC
RTU)
(
.5
(RTU)
.RTU
.
RTUPLC
.RTUPLC
(PLC6)
1
Control Components2
Control Server3
SCADA Server4
Master Terminal Unit5
Slave6
Programmable Logic Controller
7/26/2019 SCADA-NIGC
23/189
Page | 23
o(PLC)
PLC.
DCS
.1
RTU PLC
. PLC 2
RTU
.PLC.
.
.
PLC
.
)
(...
( ... )
.
PLC
PLC
1
Field2
Field Devices
7/26/2019 SCADA-NIGC
24/189
Page | 24
(
Actuators(
.
PLC
PLC/.
PLC .
PLC .
I/O
/
.
I/O
.
.
Scan Time
.PLCCPU
. I/O
.
CPU ... CRT
.
:PLC
PLC:
)PS)Power Supply
7/26/2019 SCADA-NIGC
25/189
Page | 25
)CPU)Control Processing Unit
))Memory
)Input Module(
))Output Module
)CP)Communication Processor
)PS)Power Supply
PLC
.
24
220110 5 .
.
PLC.
. (2/55
2/5 ). vdc24
.
110
220
Relay Board .
.
PLC
8/2
.
.
)CPU)Control Processing Unit
7/26/2019 SCADA-NIGC
26/189
Page | 26
PLC .
.
CPU
.
))Memory
PLC.
CPUPLC.
.
PLC
.
)RAM(
)EPRAM,EEPROM(.
))Input Module
PLC
.
/
proximitylevel sensor... PLC
.
PLC
.
))Output Module
7/26/2019 SCADA-NIGC
27/189
Page | 27
... .
PLC
.
)CP)Communication Processor
CPU .CPU
.
EthernetCAT5 Modbus TCP/IPI/O module:2-7
7/26/2019 SCADA-NIGC
28/189
Page | 28
((PLC
.PLC
PLC
. .
.
PLC
PLC
.PLC
/
PLC
40/401
128/1284
4128/128
PLC
.
.PLC
PLC
.
.
.
7/26/2019 SCADA-NIGC
29/189
Page | 29
..
PLC
.
PLC.
:
80
.PLC
.
PLC
.
.
.
PLC
....A/DD/A
.
PLC
.
7/26/2019 SCADA-NIGC
30/189
Page | 30
.
I/O PLC
.
(IED1)
.
.
.
-(HMI)
-
.
-
Set Point
-.
.
-.
Wireless LAN
2
.
1
Intelligent Electronic Devices2
Browser
7/26/2019 SCADA-NIGC
31/189
Page | 31
1
2
.
.
/3
/
PLCRTUIED
.
/
4/.
.-
-2-3-2 5
.
.
.
.
:
1Data Historian
2Logging
3Input / Output, (I/O) Server
4Third Party
5Neywork Components
7/26/2019 SCADA-NIGC
32/189
Page | 32
oFieldbus
Fieldbus
Fieldbus.
.
.Fieldbus
.
o1
.2
.
RTUMTUWANLAN
.
o
3
.
.
o
4
.
1
Control Network2
Communication Router3
Firewall4
Modem
7/26/2019 SCADA-NIGC
33/189
Page | 33
MTU.
SCADAPLCDCS
.
o
1
..
PDA2
LAN
.
)BA(
)(
.
.
.
.
.
1
Remote Access Point2
Personal Digital Assistant
7/26/2019 SCADA-NIGC
34/189
Page | 34
)(
. .
.
.
1LACT
.
.
.
. RTU
.MODBUS
).2-8(
1Leased Automated Custody Transfer
7/26/2019 SCADA-NIGC
35/189
Page | 35
:2-8 RTU
1
.RTU
.
.
.
((PID
1
Meter Runs
7/26/2019 SCADA-NIGC
36/189
Page | 36
.PAC
/
.
.
)(
.
RTU
..
Onboard .
.
( )
Backplane
/ (
)Alarm
.
7/26/2019 SCADA-NIGC
37/189
Page | 37
/ . 1
.Alarm
Modbus .
Hybrid .
).2)-9(
RTU:2-9
1Ladder
7/26/2019 SCADA-NIGC
38/189
Page | 38
.
.
.
168
4
. PanelCabinet
((Slot
.
Backplane Fieldbus
./
/
.
.
.
In-rack
.
.SerialEthernet TCP/IP
. HMI
.
Flow Meters
LegacyPortModbus.
7/26/2019 SCADA-NIGC
39/189
Page | 39
/.EnCana
.
EnCana
.
EnCana:2-10
7/26/2019 SCADA-NIGC
40/189
Page | 40
SCADA-2-4
-
.
1
.
.
.
MTU ( )
RTU
ActuatorSensor.
RTUMTU RTU
.
PLCRTUMTU .
2.
RTU
.
.
.
1
Text2
Protection Relay
7/26/2019 SCADA-NIGC
41/189
Page | 41
.
2-11 . MTU
HMIData Historian-.
.LAN
HMI
. 1 .
.Actuator
WAN
Dialup
.
.
1Centralized Alarm
7/26/2019 SCADA-NIGC
42/189
Page | 42
:2-11
RTU-MTU .
2-1243-21
.
.
-.
1
Point to Point2
Serial3
Serial-Star4
Multi-Drop
7/26/2019 SCADA-NIGC
43/189
Page | 43
.
:2-12
7/26/2019 SCADA-NIGC
44/189
Page | 44
2-12
SCADA.
RTU .1MTUMTU
.2-13
:2-13
1Sub MTU
7/26/2019 SCADA-NIGC
45/189
Page | 45
2-41 .
.
.
.
.1WAN
.
WAN
.
...)605(
.
.
1Wide Area Network
7/26/2019 SCADA-NIGC
46/189
Page | 46
)(:2-14
7/26/2019 SCADA-NIGC
47/189
Page | 47
.2-15
.
.
.
.
(
).
7/26/2019 SCADA-NIGC
48/189
Page | 48
)(:2-15
7/26/2019 SCADA-NIGC
49/189
Page | 49
DCS-2-51
DCS
. .
DCS.
.
DCS
.
DCS2-16 .
.DCS
)(
.
.
.
.
Fieldbus
Fieldbus.
.Fieldbus
.
Fieldbus
.
FieldbusModbus Fieldbus
.
1Distributed Control System
7/26/2019 SCADA-NIGC
50/189
Page | 50
.
.
.
DCS
.
7/26/2019 SCADA-NIGC
51/189
Page | 51
2-16:
7/26/2019 SCADA-NIGC
52/189
Page | 52
2-6-PLC
SCADADCSPLC
.
PLC.RTUPLC
.
PLC.
1/
PID2 .
Fieldbus .2-17
.
:.LAN3
.PLC
1Input/Output
2Proportional-Integral-Derivative
3Historian
7/26/2019 SCADA-NIGC
53/189
Page | 53
2-17:
PLC
7/26/2019 SCADA-NIGC
54/189
Page | 54
PLC:2-18
PLC:2-19
7/26/2019 SCADA-NIGC
55/189
Page | 55
-2-7
.
.
.
DCS .
DCS.
DCS
.
.""
.
.
.
.
.
.
.
7/26/2019 SCADA-NIGC
56/189
Page | 56
SCADA-3
7/26/2019 SCADA-NIGC
57/189
Page | 57
:.
FTP1
.
.
DoS2
.
.
.
.
Firewall.DMZDMZ
.
.
.
Port .
.3
3-1-Firewall
.
TCP/ IP .
.
1
File Transfer Protocol2
Denial od Service3
Node
7/26/2019 SCADA-NIGC
58/189
Page | 58
.
.
:
Packet Filtering Firewalls
Firewall.Packet Filtering Firewall
Session.
Packet Filtering1 3
OSI
.
Packet Data IP
Packet Data.Data Packet
Data Packet 2
Packet Filtering Firewall.
Header Field
.
Stateful Inspection Firewalls
Stateful Inspection FirewallData Packet Filtering
OSI .Stateful4
Inspection Firewall3PacketSession
TCP(4Packet
UDP5
.Stateful Inspection Firewall
Session
1
Rule Set2
Originator3
Network Layer4
Transport Layer5
User Datagram Protocol
7/26/2019 SCADA-NIGC
59/189
Page | 59
Packet
.Stateful Inspection Firewall
.
.
(Application-Proxy Gateway Firewall)
Packet 1
()browser(
FTP(.
OverheadDelay
.
2ICSFirewall
.
.
.
.
:
.
.
1
Application Layer2
Corporate Network
7/26/2019 SCADA-NIGC
60/189
Page | 60
.
.
.
.
.
3-2-Logically Separated Control System
:.
.
.)(
Stateful
.
ICMPPortUDPTCP
.(MAC1(
.DMZDMZ
DMZDMZ)(
.
.
1Media Access Control
7/26/2019 SCADA-NIGC
61/189
Page | 61
3-3-Network Segregation
.
.
Dual-Homed/:
.Dual-Homed
.
.Dual-Homed
.
3-1
ProxyTCPPacket.
)(SMTP2MailHTTP1FTP
.Stateful
.
. Data Historian
Data Historian
.Data Packet Host
DCS
PLC
.
1Hyper Text Transfer Protocol
2Simple Mail Transfer Protocol
7/26/2019 SCADA-NIGC
62/189
Page | 62
:3-1
Data Historian Rule
Host Data Historian .
SQL1
HTTP
.
Data Historian
. Node
.Worm
1Stractural Query Language
7/26/2019 SCADA-NIGC
63/189
Page | 63
Packet
HTTP.
Trojan Horse
HMI
.)(
.
1
3-2
Data Packet Filtering.
ProxyStateful
.
DoS
2.
.3
1Router
2Adversory/Intruder
3Defense in Depth
7/26/2019 SCADA-NIGC
64/189
Page | 64
:3-2
DMZ
DMZ
DMZ.
Data HistorianWireless Access PointRemote and Third Party Access Point.
.DMZ
DMZ
.
7/26/2019 SCADA-NIGC
65/189
Page | 65
WirelessData Historian
Access PointDMZ.3-3.
DMZ:3-3
DMZ
.DMZ
DMZ
. 3-3 Data Packet
7/26/2019 SCADA-NIGC
66/189
Page | 66
.
.
Patch
.DMZ
Patch.
.
.
1
.
DMZ
.DMZ2
DMZ DMZ
.
(Multi-Port).
.
Paired Firewalls
3-4 DMZ
.
Data HistorianDMZMES3
. Packet
1
Malware2
Application Traffic3
Manifacturing Execution System
7/26/2019 SCADA-NIGC
67/189
Page | 67
.Data Historian
.
:3-4
IT.
.
.
.
7/26/2019 SCADA-NIGC
68/189
Page | 68
. (DMZ(
.
.DMZ3
3-4-Defense in Depth
.
" "
.
DMZ
.
:
3-
5
.CSSP1
.
1Control System Security Program
7/26/2019 SCADA-NIGC
69/189
Page | 69
:
:
Telemetry
Data Interface
DMZ
. 3-5
DMZ
.
Domain
.
7/26/2019 SCADA-NIGC
70/189
Page | 70
CSSPDefence in Depth:3-5
7/26/2019 SCADA-NIGC
71/189
Page | 71
SCADA-4
7/26/2019 SCADA-NIGC
72/189
Page | 72
RTU
.
.
.
RTU
.RTU
.
Circuit breaker27RTU""
.
.
1
2
.RTURTU
3
.
RTU RTU
((IED . .
:,Profibus FoundationFieldbus,Modbus5-60870"
(IEC)"IEC 60870-5-101)101((DNP3).
,Profibus FoundationFieldbus,Modbus 113
.137
1Mster Protocols
2Master Unit
3Poll
7/26/2019 SCADA-NIGC
73/189
Page | 73
OSI-4-1
Word.
(zip)
(PGP)
.TCP/IPEmail
:7Mail Server
TCP/IP7
,
.
ISO/OSI
-Ethernet232RS..
-RS. .12Ethernet1232
TCP/IP341
.baseT102
Application7
.
AdobePDFEmail
Acrobat.Application
.
..
Presentation6
)(
.ASCII.
.
7/26/2019 SCADA-NIGC
74/189
Page | 74
6.
.
5
Session
..
.
Transport4
..
Network3
.
..
2
Data Link
(.
Checksum)
.
Physical Layer1
HUB
.
7/26/2019 SCADA-NIGC
75/189
Page | 75
Transmission
.
.
,ISO/OSI
.
7/26/2019 SCADA-NIGC
76/189
Page | 76
4-2-FIELDBUS
Honeywell1980
.Field device204
: Field device
.
I/O
.PLC
204 .
.
Field device
. .
.
Field device
.
.
.
.
.
)20)4.
.
.
.
.
7/26/2019 SCADA-NIGC
77/189
Page | 77
OSI
.data link
.
.CSMA/CDToken passing
:
BACNet, FIP/WEIP, BitBUS, P-NET, ProfiBUS, LonWorks, CANbus
Seriplex, MODBUS, Mester Fieldbus, Interbus, ISP, HART, DeviceNet
Field device:
204
..
.204
.
RS232,RS485
..
.
7/26/2019 SCADA-NIGC
78/189
Page | 78
.FF
Foundation Field bus
.FF
.
FF .
.
:FF
7/26/2019 SCADA-NIGC
79/189
Page | 79
4-3-PROFIBUS
PADPFMSProfibus
MODBUS
Master
Slave.RS232
))8CAN.
. Fieldbus
OSI
CAN OpenNet DeviceCan
Sos .
Profibus
1Mb/sFoundation.12Profibus
Fieldbus
31.25Kb/s
.
.
EN50170EN50234FieldbusProfibus
.Profibus
:3
Profibus DP
7/26/2019 SCADA-NIGC
80/189
Page | 80
Device
RS48512Mb/s
10ms""
.
PLC.10msPLC
16 2
12Mb/sPLC
1ms FoundationProfibus PA
Fieldbus300ms.
Profibus PA
4-20MA....
.10%
31.25Kb/s
.
.Foundation Field Bus
Profibus FMS
PC ,Manage system.
Multi-Master
.
FMS.
Object Object
:FMS.
7/26/2019 SCADA-NIGC
81/189
Page | 81
Object-1
.-2
FMS
...
.
7/26/2019 SCADA-NIGC
82/189
Page | 82
4-4-MODBUS
Modbus
OSI
.Modbus
Client/ServerDevice
Bus.
Modbus
Request/Reply
Function Code
.
Function Code/PDUs.
.Function CodeModbus
Modbus:
TCP/IP
Ethernet
Media
Modbus PlusToken Passing
ModbusRS232 RS485
. -Multi
drop.
ModbusMaster/SlaveMasterSlave
Modbus RTU.SlaveDCSPLCPC.Master
Filed DeviceMulti-drop.
MessageMasterFiled DeviceMaster
ChecksumDevice
.
Device
Message
Device
Master
ModbusSlave.Device
7/26/2019 SCADA-NIGC
83/189
Page | 83
.Message.
.
Modbus
:
Modbus ASCII
Modbus RTU
Modbus/TCP
MessageModbus.
Message.ASCIIMessageHexadecimal
4-Bit ASCII
.
Byte
2Byte
Modbus/TCPModbus RTUByte2.
.
Modbus ASCII .
((RFTelephone Modem .
Modbus RTU Modbus RTU.
(RS485RS232.
)115Kbaud1200Kbaud . 9600Kbaud
19200Kbaud..Modbus RTU
Modbus/TCP .EthernetModbus
DeviceIP.Modbus/TCPModbus
TCP/IP Ethernet.Encapsulation
TCP/IP .Modbus/TCP
Modbus RTU
.MessageMasterSlaveDevice
7/26/2019 SCADA-NIGC
84/189
Page | 84
Device-1
2-Function Code
3-Data
4-Error Check
(0(Broadcasting Address.Message2550Device
Slave . 2471
Device . Slave Device0
Modbus Message Master. Message
.
Function CodeSlave Device . Read
DataAccept DataReport Status....
Function Code1255.Function Code Sub-Function Code
.
Data
Device
Read Function
Data
ValueFunctionDevice(
.)
Error Check16-BitCRC.CRCMaster
Device DeviceCRC.
.Parity Check.
Slave Device MasterMessage
.Message SlaveFunction Code
.Error Check
7/26/2019 SCADA-NIGC
85/189
Page | 85
PDUModbus
BusModbus.Mapping Field
ADU . )Master(ClientADU
.
4-1:
Modbus
Function1.))Slave
.Client
Function Code.((1-255 Decimal.
(128-255)
Exception Response
.
Message
Client
Server Device Function Code
Function.Sub-Function.Function Code
.
Data FieldServer DeviceClient
Function Code .
HandleDiscreteRegister
Data Field.
Function CodeServer.((Zero Length
1
MODBUS application protocol
7/26/2019 SCADA-NIGC
86/189
Page | 86
Data Field.
ClientServer . Field
Exception.
DiscreteOn/OffClient
Register ServerClientServer.
Field((Error FreeFunction Code
.((Exception Response
(4-2:MODBUS Transaction (Error Free
.Function Code
.)Function Code(
7/26/2019 SCADA-NIGC
87/189
Page | 87
(4-3:MODBUS Transaction (Exception Response
7/26/2019 SCADA-NIGC
88/189
Page | 88
4-5-IEC 60870-5-101
IEC 60870-5
.IEC 60870-5 ((EPA
RTU
Relay
(IEDs)
)
4-4(.IEC 60870-5
(OSI).
5.
.IEC 60870-5
IEC 60870-5 .
.
. 101
.
4-4
7/26/2019 SCADA-NIGC
89/189
Page | 89
IEC 60870-5-1
.
IEC 60870-5-2
.
IEC 60870-5-3 Farme
.
. IEC 60870-5
.
IEC 60870-5-4
.
IEC 60870-5-5
)(7(
)ISO .
IEC 60870-5.
.
7/26/2019 SCADA-NIGC
90/189
Page | 90
.
1.
2
3
Synchronization
Station
Configuration.
101 RTU IED
101.
.
51014
RS-4852, RS-2321
((EIA ((Fiber Optic Interface
.
IEC 60870-5-1FT 1.2101
.FT 1.2 .UARTs6
.
Ballanced1017
Point to Point Unballanced Multi-drop
.
IEC 60870-5-21
/
/
/
.
1
Station Initialization2
Cyclic Data Transmission3
Data Acquisition by Polling4
Physical Layer5
Internation Telecommunication Union6
Universal Asynchronous Transmitter/receiver7
Date Link Layer
7/26/2019 SCADA-NIGC
91/189
Page | 91
)(101
.)(
2ASDUs101
IEC 60870-5-3 ASDUs.
.IEC 60870-5-4
3
.
IEC 60870-5-4
101.101
IED
.RTU
IEC 60870-5-5101
:
((Station Initialization)
(
(Cyclic Data Transmission)
((Generalla Interoggation)
((Command Transmission)
((Data Acquisition by Polling)
((Acquisition of Events)
((Parametr Loading)
1Link Transmission Procedure
2Application Service Data Unit
3Type Information
7/26/2019 SCADA-NIGC
92/189
Page | 92
((File Transfer)
(
(Synchronization)
(
(Transmission of Integrated Totals)
((Test Procedure)
101
. -60870-560870-5-102
105110.
. ((Baud Rate
ASDU
.
.ASDU
.
ASDU1014-5
.
ASDU.
)
)
((
.
101 60870-5
60870-5-1IEC.
.
IEC 60870-5-101ASDU4-5.
.
7/26/2019 SCADA-NIGC
93/189
Page | 93
IEC 60870-5-101ASDU:4-5
7/26/2019 SCADA-NIGC
94/189
Page | 94
4-6-DNP31
DNP32
.
.DNP3
.
IEDsTerminal
.DNP3 RTUIED
.
DNP3-4-6
1Distributed Network Protocol
2Process Automation
7/26/2019 SCADA-NIGC
95/189
Page | 95
DNP3
BA
.
.
DNP3RTU-to-IEDRTU
EPA1.DNP3Master-to-RTU/IED
.-IEC 60870-5
:DNP3
:
DNP3
frameFT3IEC 60870-5-1.Data Link Layer
Application Layer .
Flexible Structur:DNP3Object
.
Multiple Application:DNP3:
1-Polled only
2-Polled Report by Exception
)(-3
321-4
Physical Layer
.
1Enhanced Performance Architecure
7/26/2019 SCADA-NIGC
96/189
Page | 96
Minimum OverheadDNP3 Wire-Pair: Data Link
1200bit/ s
Minimum Overhead .
1
Overhead
.
Open Standard:DNP3
Main StationIED
RTU.
.
.
( )
.)()(
.
.
.
DNP3
2.DNP3
.
.
.
.
1Report by Exception
2Open Standard Protocol
7/26/2019 SCADA-NIGC
97/189
Page | 97
Substation Computer Master Station
:
12.
Breaker
.
3 .
4.
Configuration
:
gateValve
.
Analogue Input
Data
SynchronizationHistorian DataLogged.
DNP3
HypertextMultimedia.DNP3
.
client4-7
.Master
slave
4-4
.
1Binary Input Data
2Two State Devices
3Analogue Input Data
4Count Input Data
7/26/2019 SCADA-NIGC
98/189
Page | 98
.
.
.Boolean
. 1
.Control Outputs
Trip- Close
Raise- Lower
on- offAnalogue.
OutputsSet points
.
clientDNP3:4-71
Counters
7/26/2019 SCADA-NIGC
99/189
Page | 99
NN-10
Point IndexDNP3.
DNP3.
)
.(
ClientDNP3Master
( Client.Master)
...Closed Loop ControlAlarm Notification Billing
. Client .Client
Slave .
Polling
.
Client
.
)Client()(4-7
slave.
.
Client 4-7 .
Client.DNP3((Top Layer
.
Client .
Client
Client.DNP3
DNP3.DNP3
DNP3 .DNP3
.
.DNP3
7/26/2019 SCADA-NIGC
100/189
Page | 100
4-8 .
. .Dial-up
DNP34-8
1
(Slave).Client.
1Multi-Drop Design
7/26/2019 SCADA-NIGC
101/189
Page | 101
Slave Slave
.Slave
.
Slave
.Slave
.
.1
.Client
.
.4-8
Client Client . -Sub
Master.
4-8
.
Client
.
.
DNP3
.TCP/IP
Frame TCP/IP
DNP3.
.
1Peer to Peer
7/26/2019 SCADA-NIGC
102/189
Page | 102
DNP3.
.DNP34-9.
Frame DNP3Frame.
Frame.
.
.HeaderFrameDNP3
FrameDNP3 FrameDNP3 Frame
. Payload
.
FrameSync BytesFrame
. Frameoctet -
.Octet((CRCoctet
.
DNP3
DNP3 .
((Peer-to-Peer
. DNP3
.
DNP3FrameDNP3All-Call
.
.
7/26/2019 SCADA-NIGC
103/189
Page | 103
DNP3:4-9
PayloadFrame 16OctetoctetCRC
.
. (OctetCRC250PayloadOctet
Octet
Header
CRC ).292octetFrame
7/26/2019 SCADA-NIGC
104/189
Page | 104
SCADA-5
7/26/2019 SCADA-NIGC
105/189
Page | 105
.
.
.
.
.
.
.
-5-11
-Twisted Pair
.
(Pairs).
.
-Twisted5-1. Pair
.
1Twisted Pair
7/26/2019 SCADA-NIGC
106/189
Page | 106
)54/1(
-twisted:5-1 pair
-5-21
2
PVC .
Twisted-Pair
.
.
:2-5.
1Coaxial
2PVC
7/26/2019 SCADA-NIGC
107/189
Page | 107
Twisted-pair
(RF)
Twisted-Pair
:5-2
-5-31
1970 .
.db/km3.0
.140
2:.
.3
.
1Fiber Optic Cable
2Multi Mode
3Single Mode
7/26/2019 SCADA-NIGC
108/189
Page | 108
( )
relaying .
-Twisted Pair
.
.
.
OPGW1.
.
DielectricAllADSS2
WOC3.
.
5-3.
.
1Optical Power Ground Wire
2All-Dielectric Self-Supporting
3Wrapped Oprical Cable
7/26/2019 SCADA-NIGC
109/189
Page | 109
Novel
.
:5-3
.
.
.
.
Diode
LEDs
.
850
1310
.1550nm
.
.
:
OOGWADSSWOC.
Duct) (DNSS
.ArmorDuct
7/26/2019 SCADA-NIGC
110/189
Page | 110
-5-41
2
30.
.5000
.(
kV230/220kV115/110relaying
kV66.
PLC .
.
.
.
.
PLC .
PLC(RF) PLCSSB3
.
4 .PLCCoupling
.RF
.5-4
1Power Line Carrier
2Lease Line
3Single Side Band
4Dual Frequency Trap
7/26/2019 SCADA-NIGC
111/189
Page | 111
PLC 43 (
)
PLC (
)Speech Plus
)4(
((PLC5-4
-5-51
. 2
.
.
.
.Low-Noise Amplifier
1Sattelite
2geo-stationary orbits
7/26/2019 SCADA-NIGC
112/189
Page | 112
-KuC-band Band.1VSAT
( -Ku) band.
-Ku Band VSAT.
.
.
.
.5-5
5-5
5-6
-
2
.
1Very Small Aperture Terminal
2Leased Line
7/26/2019 SCADA-NIGC
113/189
Page | 113
.1PSTN
.
.
.5-6.
5-6
5-7-VHF2
30030((VHF
Point to Point
.
.
.
1
Public Switch Telephone Network2
Very High Frequency
7/26/2019 SCADA-NIGC
114/189
Page | 114
VHF
.
.VHF5-7.
UHF
VHF5-7
5-8-UHF1
UHF.3000300UHF
.900400
900 . ((FCC
928
952
UHF.
1
Ultra High Frequency
7/26/2019 SCADA-NIGC
115/189
Page | 115
(PTP)(PTM)TrunkSpread Spectrum.
.MARS1PTM
a/b/g11/802
.UHF.
Point to Point
UHF.
.
.
.
UHF5-8.
.
Bit Rate
UHF5-8
1Multiple Address Radio System
7/26/2019 SCADA-NIGC
116/189
Page | 116
1
)(
Slave360
.)(
MARSMHz900/400RemoteSlave
.
MARS /
.)(
MARS
RF
.
RF
MARS.
MTBF2
9600Baud300MARS.
.
FCC
5/12
.MARS
.MARS9-5
1MARS
2Mean Time Beetwen Failure
7/26/2019 SCADA-NIGC
117/189
Page | 117
Bite Rate
UHF
UTIFMARS5-9
1
3/5GHz4/2MHz928-9022
Packet Type
4DMS3
.)(
.MHz470-450
900
DMS 10-5.
.
1Spread Spectrum
2Low Power Spread Spectrum
3Digital Multiple System
4Distribution Automation
7/26/2019 SCADA-NIGC
118/189
Page | 118
-Co
Channel
((RF
:5-10
1
GHz1UHF
GHz1
.
.
.
. Multiplexer
. Cross-Connect
PBXs .
.
.
1Microwave
7/26/2019 SCADA-NIGC
119/189
Page | 119
.
)( CompressedRelaying Frame Relay
(B-ISDN)
T1.
.
.
.
.
. .
.
.
.
.
(FDMA1)
(TDMA2)
(CDMA3)
FDMA.
TDMACDMA.
1
Frequency Division Multiple Access2
Time Division Multiple Access3
Code Division Multiple Access
7/26/2019 SCADA-NIGC
120/189
Page | 120
.
.5-11.
5-11
.
.
.
7/26/2019 SCADA-NIGC
121/189
Page | 121
GLDS(SCADA(IGAT V-6
7/26/2019 SCADA-NIGC
122/189
Page | 122
(SCADA(IGAT V-6-1
:SCADA
1.
SCADA
((BCGS 1,2,3,4.2
.3
VALVEIGAT VVALVE.4
.5
ModbusDCS.6
7
.RTU,ESD
VALVE
RedundantSCADA
RTUESD
.Historical DataSCADASCADA
SCADA
.
SCADA
Timinig
Timing
.ESD,RTUSCADA
HMI(EWS)Client-Server.
,
SCADA Tag Set-point
.AlarmVALVE
EthernetESDRTU Redundant
.Multiplexer.
TCP/TPTCP/TP.RTU
.:PS232
7/26/2019 SCADA-NIGC
123/189
Page | 123
Remotly.RTU,ESDRTU)1
Lap tap(VALVE
.)
2(
RTU
.
Diagnostics
RTU
.SCADAMonitoring
)3 HMI . VS
Fast/Tools SCADAHMI)VALVE(
.
SCADARTU)4 19.2KBO/S
PS232 STM-1.
.100MBP/S10MBP/S
ProgrammingRTU)5
)CCTV(VOICEvideo)6
FFHARTDiagnostic)7
.FFHART
SCADA
SCADA
RTUSCADA.SCADA
.RTU
Ethernet TCP/TP
FAST/TOOLS SCADA
.
.RTUESD
SCADA
:SCADA
7/26/2019 SCADA-NIGC
124/189
Page | 124
1-HMI
-2
3-Alarm Handing
4-
Historical Data-5
-6
-7
SCADA
.
:
Fast/ToolsSCADA
Real Time.
Set Point .
.
:
ESDRTUSCADA
Fast/Tools.
Fast/Tool Configurater .
.Downloadonline
.SCADA
.
RTU
ESD
.
:RTU
RTURTURedundant STARDOM FCN
.RTU Redundant PSU Redundant CPU RTU.
7/26/2019 SCADA-NIGC
125/189
Page | 125
deviceI/ORedundant I/O
.RTU
SCADA
Monitoring.
RTUSCADA Ethernet SDH Multiplexer .
.SCADAFCNEthernet TCP/TP
:ESD
RTUESD .Redundant.ESDOTN
ESD
.
ESD
Prosafe RS
.
Leak Detection:
.OPCSCADA
7/26/2019 SCADA-NIGC
126/189
Page | 126
GLDS-6-2
.
1-Non Routine Event
-2
Non Routine Event:
. .
:
.:
:/
.
.
ESDValveRange
Shutdown
.
Gas CompositionInternal Pitting:
Coupon.
Routine Check
Metal LossPig.
.
Site Survey
.
7/26/2019 SCADA-NIGC
127/189
Page | 127
Valve:
Routine.
:
ESD Valve Actuation.
FlangeFlange) .AGI`s(
.Routine
Metering:
Metering
.
Metering
:
Orifice Based Skid
Orifice Based Skid..
Metering Drawback.
.TurndownHandle
Multipath Ultrasonic Metering:
Meter Skid .
.
Turbine Metering
TurndownOrificeMeteringMetering
.
:
Dynamic Pressure Leak Detection System
7/26/2019 SCADA-NIGC
128/189
Page | 128
PC Based
.
TrunkDensity Flow
Lines.
.Transitional Effect
Statistical Leak Detection System
OutletInlet
.
.
.
Mathematical Model Based Leak Detection System
Real Time Profile
.
.
.
:
SCADA
Hybrid.
.
Shutdown.
7/26/2019 SCADA-NIGC
129/189
Page | 129
System Accuracy
Function
.
Shut-In
.
.
Accuracy Repeatability
Temperature 0.5C 0.05C
Pressure 0.1% of span 0.025%
.
Accuracy Repeatability
Density 0.5% 0.05%
.
.
(BGCS (Booster Gas Compressor StationOutlet
.Fuel Gas
.%0.05%0.5
:
30(
.)1005
:
7/26/2019 SCADA-NIGC
130/189
Page | 130
.%0.5
Typical
:
Response Time
4 Min for 50% leak rate
7 Min for 20% leak rate
12 Min for 10% leak rate
20 Min for 5% leak rate
30/45 Min. for 1% leak rate, depending on the steady state
characteristics
Leak Location Accuracy
5% of the section length between pressure transmitters, for leaks
greater than 20%.
10% of section length between pressure transmitters, for leaks
greater than 10%.
20% of section length between pressure transmitters, for leaks
greater than 5%.
:
Typical.
100 %2
.10
A/D:
A/D
Resolution
.
Updating Time:
7/26/2019 SCADA-NIGC
131/189
Page | 131
DT.Update Time
:
DT < 0.1 L/c
Where
L = Overall pipeline length
c = speed of sound (approx. 1000 m/s in liquids and 300 m/s in gas).
This equates to a update frequency of 66 seconds from the each of
the Remote Terminal Units (RTUs)
7/26/2019 SCADA-NIGC
132/189
Page | 132
:
:
:
.
.:
.
7/26/2019 SCADA-NIGC
133/189
Page | 133
:
7/26/2019 SCADA-NIGC
134/189
Page | 134
desktop
. .
.
"
"((RMA
.
(Console).
((Microprocessor
19901980
1990 .
.
..
.
(IP)
.
7/26/2019 SCADA-NIGC
135/189
Page | 135
((OS
.
.
.
.
.
.
.
(
).
:
:
.
.
.
7/26/2019 SCADA-NIGC
136/189
Page | 136
:
.
. .
.
.
.
.
:
.
.
.
:
--
.
. Client
.
)Server(
.
7/26/2019 SCADA-NIGC
137/189
Page | 137
:
.
.
:
.
.
HMI
.
.
.
:
. Legacy
.
(
.(
.
.
:
-
.
.
7/26/2019 SCADA-NIGC
138/189
Page | 138
.
:
.
:
Unpatched.
.
Patch
.
.
/.
.
.
Firmware .
.
:
.
.
7/26/2019 SCADA-NIGC
139/189
Page | 139
: .53
.
15
20
.
:
.
.
.
.
.
.
.
.
.
.
.
.
.
7/26/2019 SCADA-NIGC
140/189
Page | 140
.
.
.
.
.
.
.
.
.
Client
(
) .
.
.
.
.
.
7/26/2019 SCADA-NIGC
141/189
Page | 141
.
-
.
.
.
.
.
.
.
)(
7/26/2019 SCADA-NIGC
142/189
Page | 142
.
.
.
.
.
.
.
.53 2015
.
.
.
.
)}}CPU(
.
7/26/2019 SCADA-NIGC
143/189
Page | 143
.
.
.
.((Reliability
.
.
-(Defense-in)(
Depth).
.
.
Cracking.
.
.
.
7/26/2019 SCADA-NIGC
144/189
Page | 144
.
.PhishingSpam
(
Spam
Phishing.(
.
SpamPhishing
On-line .
.
.
.
. .
.
.
.
7/26/2019 SCADA-NIGC
145/189
Page | 145
.
.
.
.
PhishersPhishers
Phishing .
Phishers Spam
.
SpammersSpammers
Phishing /
. (
)DoS
/
.
(Worm) Hard Drives
(Melissa Macro)((Nimda(CIH(ChernobylExplore.zip
.((Blaster((Slammer((Code Red
.
Phishing./
.
7/26/2019 SCADA-NIGC
146/189
Page | 146
.
.
.
..
.
. )(
.)(
:
)
)
7/26/2019 SCADA-NIGC
147/189
Page | 147
.
.
.
.
.
.
.
.
.
.
.
7/26/2019 SCADA-NIGC
148/189
Page | 148
.
.
.
/ .
(DRP)
.
.
firmware .
.
7/26/2019 SCADA-NIGC
149/189
Page | 149
:
Patching.
.)(
:
7/26/2019 SCADA-NIGC
150/189
Page | 150
:
7/26/2019 SCADA-NIGC
151/189
Page | 151
AC Access Control
AC Alternating Current
ACL Access Control List
AGA American Gas Association
API American Petroleum Institute
ARP Address Resolution Protocol
BCP Business Continuity Plan
CC Common Criteria
CD Compact Disc
CHAP Challenge Handshake Authentication Protocol
CIDX Chemical Industry Data Exchange
CIGRE International Council on Large Electric SystemsCIP Critical Infrastructure Protection
CIPC Critical Infrastructure Protection Committee
CMVP Cryptographic Module Validation Program
COTS Commercial Off-the-Shelf
CPU Central Processing Unit
CSE Communications Security Establishment
CSRC Computer Security Resource Center
CSSC Control System Security CenterCVE Common Vulnerabilities and Exposures
DCOM Distributed Component Object Model
DCS Distributed Control System
DETL Distributed Energy Technology Laboratory
DHS Department of Homeland Security
DMZ Demilitarized Zone
DNP Distributed Network Protocol
DNS Domain Name System
DOE Department of Energy
DoS Denial of Service
DRP Disaster Recovery Plan
DVD Digital Video Disc
7/26/2019 SCADA-NIGC
152/189
Page | 152
EAP Extensible Authentication Protocol
EMS Energy Management System
EPRI Electric Power Research Institute
ERP Enterprise Resource Planning
FIPS Federal Information Processing Standards
FISMA Federal Information Security Management Act
FTP File Transfer Protocol Ap
GAO Government Accountability Office
GPS Global Positioning System
HMI Human-Machine Interface
HSARPA Homeland Security Advanced Research Projects Agency
HSPD Homeland Security Presidential Directive
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
HVAC Heating, Ventilation, and Air Conditioning
I/O Input/Output
I3P Institute for Information Infrastructure Protection
IAONA Industrial Automation Open Networking Association
ICS Industrial Control System
IDS Intrusion Detection System
IEC International Electrotechnical Commission
IED Intelligent Electronic Device
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IGMP Internet Group Management Protocol
INL Idaho National Laboratory
IO Input/OutputIP Internet Protocol
IPS Intrusion Prevention System
IPsec Internet Protocol Security
ISA ISA-The Instrumentation Systems and Automation Society
ISAC Information Sharing and Analysis Center
7/26/2019 SCADA-NIGC
153/189
Page | 153
ISID Industrial Security Incident Database
ISO International Standards Organization
IT Information Technology
ITL Information Technology Laboratory
LAN Local Area Network
MAC Media Access Control
MES Manufacturing Execution System
MIB Management Information Base
MTU Master Terminal Unit (also Master Telemetry Unit)
NAT Network Address Translation
NCSD National Cyber Security Division
NERC North American Electric Reliability CouncilNFS Network File System
NIAP National Information Assurance Partnership
NIC Network Interface Card
NISAC National Infrastructure Simulation and Analysis Center
NISCC National Infrastructure Security Coordination Centre
NIST National Institute of Standards and Technology
NSTB National SCADA Testbed
OEA Office of Energy Assurance
OEM Original Equipment Manufacturers
OLE Object Linking and Embedding
OMB Office of Management and Budget
OPC OLE for Process Control
OS Operating System
OSI Open Systems Interconnection
PCN Process Control NetworkPCSF Process Control System Forum
PCSRF Process Control Security Requirements Forum
PDA Personal Digital Assistant
PEAP Protected Extensible Authentication Protocol
PIN Personal Identification Number
7/26/2019 SCADA-NIGC
154/189
Page | 154
PID Proportional Integral - Derivative
PIV Personal Identity Verification
PLC Programmable Logic Controller
PP Protection Profile
PPP Point-to-Point Protocol
R&D Research and Development
RADIUS Remote Authentication Dial In User Service
RBAC Role-Based Access Control
RF Radio Frequency
RFC Request for Comments
RMA Reliability, Maintainability, and Availability
RPC Remote Procedure CallRPO Recovery Point Objective
RTO Recovery Time Objective
RTU Remote Terminal Unit (also Remote Telemetry Unit)
SC Security Category
SCADA Supervisory Control and Data Acquisition
SCP Secure Copy
SIS Safety Instrumented System
SMTP Simple Mail Transfer ProtocolSNL Sandia National Laboratories
SNMP Simple Network Management Protocol
SP Special Publication
SPP-ICS System Protection Profile for Industrial Control Systems
SQL Structured Query Language
SRP Salt River Project
SSH Secure Shell
SSID Service Set Identifier
SSL Secure Sockets Layer
TCP Transmission Control Protocol
TCP/IP Transmission Control Protocol/Internet Protocol
TFTP Trivial File Transfer Protocol
7/26/2019 SCADA-NIGC
155/189
Page | 155
TLS Transport Layer Security
UDP User Datagram Protocol
UPS Uninterruptible Power Supply
US-CERT United States Computer Emergency Readiness TeamUSB Universal Serial Bus
USSR Union of Soviet Socialist Republics
VFD Variable Frequency Drive
VLAN Virtual Local Area Network
VPN Virtual Private Network
WAN Wide Area Network
XML Extensible Markup Language
7/26/2019 SCADA-NIGC
156/189
Page | 156
:
7/26/2019 SCADA-NIGC
157/189
Page | 157
Alternating Current (AC) Drive Synonymous with Variable
Frequency Drive (VFD)
Access Control List (ACL) A mechanism that implementsaccess control for a system
resource by enumerating the
identities of the system entities
that are permitted to access the
resources
Accreditation The official management
decision given by a senior
agency official to authorize
operation of an information
system and to explicitly accept
the risk to agency operations
(including mission, functions,
image, or reputation), agency
assets, or individuals, based onthe implementation of an
agreed-upon set of security
controls
Actuator A pneumatic, hydraulic, or
electrically powered device that
supplies force and motion so as
to position a valves closure
member at or between the
open or closed position
Alarm A device or function that signals
7/26/2019 SCADA-NIGC
158/189
Page | 158
the existence of an abnormal
condition by making an audible
or visible discrete change, or
both, so as to attract attention
to that condition
Antivirus Tools Software products and
technology used to detect
malicious code prevent it from
infecting a system, and remove
malicious code that has infected
the system
Application Server A computer responsible for
hosting applications to user
workstations
Attack An attempt to gain unauthorized
access to system services,resources, or information, or an
attempt to compromise system
integrity, availability, or
confidentiality
Attackers Someone with a strong interest in
computers, who enjoys learning
about them and experimenting
with them
Authentication Verifying the identity of a user,
process, or device, often as a
7/26/2019 SCADA-NIGC
159/189
Page | 159
prerequisite to allowing access
to resources in an information
system
Authorization The right or a permission that is
granted to a system entity to
access a system resource
Backdoor An undocumented way of
gaining access to a computer
system. A backdoor is a
potential security risk
Batch Process A process that leads to the
production of finite quantities of
material by subjecting quantities
of input materials to an ordered
set of processing activities over a
finite time using one or morepieces of equipment
Broadcast Transmission to all devices in a
network without any
acknowledgment by the
receivers
Buffer Overflow A condition at an interface
under which more input can be
placed into a buffer or data
holding area than the capacity
allocated, overwriting other
7/26/2019 SCADA-NIGC
160/189
Page | 160
information. Adversaries exploit
such a condition to crash a
system or to insert specially
crafted code that allows them
to gain control of the system
Certification A comprehensive assessment of
the management, operational,
and technical security controls in
an information system, made in
support of security accreditation,
to determine the extent to whichthe controls are implemented
correctly, operating as intended,
and producing the desired
outcome with respect to
meeting the security
requirements for the system
Clear Text Information that is not
encrypted.
Confidentiality Preserving authorized restrictions
on information access and
disclosure, including means for
protecting personal privacy and
proprietary information
Configuration (of a system or
device)
Step in system design; for
example, selecting functional
units, assigning their locations,
and defining their
7/26/2019 SCADA-NIGC
161/189
Page | 161
interconnections
Configuration Control Process for controlling
modifications to hardware,firmware, software, and
documentation to ensure the
information system is protected
against improper modifications
before, during, and after system
implementation
Continuous Process A process that operates on the
basis of continuous flow, as
opposed to batch, intermittent,
or sequenced operations
Control Algorithm A mathematical representation
of the control action to be
performed
Control Center An equipment structure of group
of structures from which a
process is measured, controlled,
and/or monitored
Control Loop A combination of field devices
and control functions arranged
so that a control variable is
compared to a set point and
returns to the process in the form
of a manipulated variable
7/26/2019 SCADA-NIGC
162/189
Page | 162
Control Network Those networks of an enterprise
typically connected to
equipment that controls physical
processes and that is time or
safety critical. The control
network can be subdivided into
zones, and there can be multiple
separate control networks within
one enterprise and site
Control Server A server that hosts the
supervisory control system,typically a commercially
available application for DCS or
SCADA system
Control System A system in which deliberate
guidance or manipulation is
used to achieve a prescribedvalue for a variable. Control
systems include SCADA, DCS,
PLCs and other types of industrial
measurement and control
systems
Controlled Variable The variable that the control
system attempts to keep at the
set point value. The set point
may be constant or variable
Controller A device or program that
7/26/2019 SCADA-NIGC
163/189
Page | 163
operates automatically to
regulate a controlled variable
Cycle Time The time, usually expressed inseconds, for a controller to
complete one control loop
where sensor signals are read
into memory, control algorithms
are executed, and
corresponding control signals
are transmitted to actuators that
create changes the processresulting in new sensor signals
Database A repository of information that
usually holds plantwide
information including process
data, recipes, personnel data,
and financial data. [28]
Data Historian A centralized database
supporting data analysis using
statistical process control
techniques
DC Servo Drive A type of drive that works
specifically with servo motors. It
transmits commands to the
motor and receives feedback
from the servo motor resolver or
encoder
7/26/2019 SCADA-NIGC
164/189
Page | 164
Denial of Service (DoS) The prevention of authorized
access to a system resource or
the delaying of system
operations and functions
Diagnostics Information concerning known
failure modes and their
characteristics. Such information
can be used in troubleshooting
and failure analysis to help
pinpoint the cause of a failure
and help define suitablecorrective measures
Disaster Recovery Plan (DRP) A written plan for processing
critical applications in the event
of a major hardware or software
failure or destruction of facilities
Discrete Process A type of process where a
specified quantity of material
moves as a unit (part or group of
parts) between work stations
and each unit maintains its
unique identity
Distributed Control System
(DCS)
In a control system, refers to
control achieved by intelligence
that is distributed about the
process to be controlled, rather
than by a centrally located
7/26/2019 SCADA-NIGC
165/189
Page | 165
single unit
Distributed Plant A geographically distributed
factory that is accessiblethrough the Internet by an
enterprise
Disturbance An undesired change in a
variable being applied to a
system that tends to adversely
affect the value of a controlled
variable
Domain Controller A server responsible for
managing domain information,
such as login identification and
passwords
Encryption Cryptographic transformation ofdata (called plaintext) into a
form (called ciphertext) that
conceals the datas original
meaning to prevent it from
being known or used. If the
transformation is reversible, the
corresponding reversal process is
called decryption, which is a
transformation that restores
encrypted data to its original
state
Enterprise An organization that coordinates
7/26/2019 SCADA-NIGC
166/189
Page | 166
the operation of one or more
processing sites
Enterprise Resource Planning(ERP) System
A system that integratesenterprise-wide information
including human resources,
financials, manufacturing, and
distribution as well as connects
the organization to its customers
and suppliers
Extensible Markup Language
(XML)
A specification for a generic
syntax to mark data with simple,
human-readable tags, enabling
the definition, transmission,
validation, and interpretation of
data between applications and
between organizations
Fault Tolerant Of a system, having the built-in
capability to provide continued,
correct execution of its assigned
function in the presence of a
hardware and/or software fault
Field Device Equipment that is connected to
the field side on an ICS. Types of
field devices include RTUs, PLCs,
actuators, sensors, HMIs, and
associated communications
7/26/2019 SCADA-NIGC
167/189
Page | 167
Field Site A subsystem that is identified by
physical, geographical, or
logical segmentation within the
ICS. A field site may contain
RTUs, PLCs, actuators, sensors,
HMIs, and associated
communications
Fieldbus A digital, serial, multi-drop, two-
way data bus or communication
path or link between low-level
industrial field equipment suchas sensors, transducers,
actuators, local controllers, and
even control room devices. Use
of Fieldbus technologies
eliminates the need of point-to-
point wiring between the
controller and each device. A
protocol is used to define
messages over the Fieldbus
network with each message
identifying a particular sensor on
the network
File Transfer Protocol (FTP) FTP is an Internet standard for
transferring files over the Internet.FTP programs and utilities are
used to upload and download
Web pages, graphics, and other
files between local media and a
remote server which allows FTP
7/26/2019 SCADA-NIGC
168/189
Page | 168
access.
Firewall An inter-network gateway that
restricts data communicationtraffic to and from one of the
connected networks (the one
said to be inside the firewall)
and thus protects that networks
system resources against threats
from the other network (the one
that is said to be outside the
firewall)
Human-Machine Interface
(HMI)
The hardware or software
through which an operator
interacts with a controller. An
HMI can range from a physical
control panel with buttons and
indicator lights to an industrial PC
with a color graphics display
running dedicated HMI software
Identification The process of verifying the
identity of a user, process, or
device, usually as a prerequisite
for granting access to resources
in an IT system
Incident An occurrence that actually or
potentially jeopardizes the
confidentiality, integrity, or
7/26/2019 SCADA-NIGC
169/189
Page | 169
availability of an information
system or the information the
system processes, stores, or
transmits or that constitutes a
violation or imminent threat of
violation of security policies,
security procedures, or
acceptable use policies.
Incidents may be intentional or
unintentional.
Input/Output (I/O) A general term for theequipment that is used to
communicate with a computer
as well as the data involved in
the communications.
Insider An entity inside the security
perimeter that is authorized to
access system resources but uses
them in a way not approved by
those who granted the
authorization.
Integrity Guarding against improper
information modification or
destruction, and includesensuring information non-
repudiation and authenticity.
Intelligent Electronic Device Any device incorporating one or
7/26/2019 SCADA-NIGC
170/189
Page | 170
(IED) more processors with the
capability to receive or send
data/control from or to an
external source (e.g., electronic
multifunction meters, digital
relays, controllers)
Internet The single interconnected world-
wide system of commercial,
government, educational, and
other computer networks that
share the set of protocolsspecified by the Internet
Architecture Board (IAB) and the
name and address spaces
managed by the Internet
Corporation for Assigned Names
and Numbers (ICANN)
Intrusion Detection System
(IDS)
A security service that monitors
and analyzes network or system
events for the purpose of finding,
and providing real-time or near
real-time warning of, attempts to
access system resources in an
unauthorized manner
Intrusion Prevention System
(IPS)
A system that can detect an
intrusive activity and can also
attempt to stop the activity,
ideally before it reaches its
7/26/2019 SCADA-NIGC
171/189
Page | 171
targets
Jitter The time or phase difference
between the data signal andthe ideal clock
Key Logger A program designed to record
which keys are pressed on a
computer keyboard used to
obtain passwords or encryption
keys and thus bypass other
security measures
Light Tower A device containing a series of
indicator lights and an
embedded controller used to
indicate the state of a process
based on an input signal
Local Area Network (LAN) A group of computers and other
devices dispersed over a
relatively limited area and
connected by a
communications link that
enables any device to interact
with any other on the network
Machine Controller A control system/motion network
that electronically synchronizes
drives within a machine system
instead of relying on
7/26/2019 SCADA-NIGC
172/189
Page | 172
synchronization via mechanical
linkage
Maintenance Any act that either prevents thefailure or malfunction of
equipment or restores its
operating capability
Malware Software or firmware intended to
perform an unauthorized process
that will have adverse impact on
the confidentiality, integrity, or
availability of an information
system. A virus, worm, Trojan
horse, or other code-based
entity that infects a host.
Spyware and some forms of
adware are also examples of
malicious code (malware)
Management Controls The security controls (i.e.,
safeguards or countermeasures)
for an information system that
focus on the management of risk
and the management of
information security
Manipulated Variable In a process that is intended to
regulate some condition, a
quantity or a condition that the
control alters to initiate a
change in the value of the
7/26/2019 SCADA-NIGC
173/189
Page | 173
regulated condition
Manufacturing Execution
System (MES)
A system that uses network
computing to automateproduction control and process
automation. By downloading
recipes and work schedules and
uploading production results, a
MES bridges the gap between
business and plant-floor or
process-control systems
Master Terminal Unit (MTU) See SCADA Server.
Modem A device used to convert serial
digital data from a transmitting
terminal to a signal suitable for
transmission over a telephone
channel to reconvert the
transmitted signal to serial digitaldata for the receiving terminal
Motion Control Network The network supporting the
control applications that move
parts in industrial settings,
including sequencing, speed
control, point-to-point control,
and incremental motion
Network Interface Card (NIC) A computer circuit board or
card that is installed in a
computer so that it can be
7/26/2019 SCADA-NIGC
174/189
Page | 174
connected to a network
Object Linking and
Embedding (OLE) for ProcessControl (OPC)
A set of open standards
developed to promoteinteroperability between
disparate field devices,
automation/control, and
business systems
Operating System An integrated collection of
service routines for supervising
the sequencing of programs by
a computer. An operating
system may perform the
functions of input/output control,
resource scheduling, and data
management. It provides
application programs with the
fundamental commands for
controlling the computer
Operational Controls The security controls (i.e.,
safeguards or countermeasures)
for an information system that
are primarily implemented and
executed by people (as
opposed to systems)
Password A string of characters (letters,
numbers, and other symbols)
used to authenticate an identity
7/26/2019 SCADA-NIGC
175/189
Page | 175
or to verify access authorization
Phishing Tricking individuals into disclosing
sensitive personal informationthrough deceptive computer-
based means
Photo Eye A light sensitive sensor utilizing
photoelectric control that
converts a light signal into an
electrical signal, ultimately
producing a binary signal based
on an interruption of a light
beam
Port The entry or exit point from a
computer for connecting
communications or peripheral
devices
Port Scanning Using a program to remotely
determine which ports on a
system are open (e.g., whether
systems allow connections
through those ports)
Pressure Regulator A device used to control the
pressure of a gas or liquid
Pressure Sensor A sensor system that produces
an electrical signal related to the
7/26/2019 SCADA-NIGC
176/189
Page | 176
pressure acting on it by its
surrounding medium. Pressure
sensors can also use differential
pressure to obtain level and flow
measurements.
Printer A device that converts digital
data to human-readable text on
a paper medium
Process Controller A proprietary computer system,
typically rack-mounted, that
processes sensor input, executes
control algorithms, and
computes actuator outputs
Programmable Logic
Controller (PLC)
A solid-state control system that
has a user-programmable
memory for storing instructionsfor the purpose of implementing
specific functions such as I/O
control, logic, timing, counting,
three mode (PID) control,
communication, arithmetic, and
data and file processing
Protocol A set of rules (i.e., formats and
procedures) to implement and
control some type of association
(e.g., communication) between
systems
7/26/2019 SCADA-NIGC
177/189
Page | 177
Protocol Analyzer A device or software application
that enables the user to analyze
the performance of networkdata so as to ensure that the
network and its associated
hardware/software are
operating within network
specifications
Proximity Sensor A non-contact sensor with the
ability to detect the presence of
a target within a specified range
Real-Time Pertaining to the performance of
a computation during the actual
time that the related physical
process transpires so that the
results of the computation canbe used to guide the physical
process
Redundant Control Server A backup to the control server
that maintains the current state
of the control server at all times
Relay An electromechanical device
that completes or interrupts an
electrical circuit by physically
moving conductive contacts.
The resultant motion can be
7/26/2019 SCADA-NIGC
178/189
Page | 178
coupled to another mechanism
such as a valve or breaker
Remote Access Access by users (or informationsystems) communicating
external to an information
system security perimeter
Remote Diagnostics Diagnostics activities conducted
by individuals communicating
external to an information
system security perimeter
Remote Maintenance Maintenance activities
conducted by individuals
communicating external to an
information system security
perimeter.
Remote Terminal Unit (RTU) A computer with radio
interfacing used in remote
situations where
communications via wire is
unavailable. Usually used to
communicate with remote field
equipment. PLCs with radio
communication capabilities are
also used in place of RTUs.
Resource Starvation A condition where a computer
process cannot be supported by
7/26/2019 SCADA-NIGC
179/189
Page | 179
available computer resources.
Resource starvation can occur
due to the lack of computer
resources or the existence of
multiple processes that are
competing for the same
computer resources.
Risk The level of impact on agency
operations (including mission,
functions, image, or reputation),
agency assets, or individualsresulting from the operation of
an information system, given the
potential impact of a threat and
the likelihood of that threat
occurring.
Risk Assessment The process of identifying risks to
agency operations (including
mission, functions, image, or
reputation), agency assets, or
individuals by determining the
probability of occurrence, the
resulting impact, and additional
security controls that would
mitigate this impact. Part of risk
management, synonymous withrisk analysis. Incorporates threat
and vulnerability analyses.
Risk Management The process of managing risks to
agency operations (including
7/26/2019 SCADA-NIGC
180/189
Page | 180
mission, functions, image, or
reputation), agency assets, or
individuals resulting from the
operation of an information
system. It includes risk
assessment; cost-benefit analysis;
the selection, implementation,
and assessment of security
controls; and the formal
authorization to operate the
system. The process considers
effectiveness, efficiency, andconstraints due to laws,
directives, policies, or
regulations.
Router A computer that is a gateway
between two networks at OSI
layer 3 and that relays and
directs data packets through
that inter-network. The most
common form of router operates
on IP packets.
Router Flapping A router that transmits routing
updates alternately advertising a
destination network first via oneroute, then via a different route.
Safety Instrumented System
(SIS)
A system that is composed of
sensors, logic solvers, and final
7/26/2019 SCADA-NIGC
181/189
Page | 181
control elements whose purpose
is to take the process to a safe
state when predetermined
conditions are violated. Other
terms commonly used include
emergency shutdown system
(ESS), safety shutdown system
(SSD), and safety interlock
system (SIS).
SCADA Server The device that acts as the
master in a SCADA system.
Security Audit Independent review and
examination of a systems
records and activities to
determine the adequacy of
system controls ensure
compliance with established
security policy and procedures,
detect breaches in security
services, and recommend any
changes that are indicated for
countermeasures.
Security Controls The management, operational,
and technical controls (i.e.,safeguards or countermeasures)
prescribed for an information
system to protect the
confidentiality, integrity, and
7/26/2019 SCADA-NIGC
182/189
Page | 182
availability of the system and its
information.
Security Plan Formal document that provides
an overview of the security
requirements for the information
system and describes the
security controls in place or
planned for meeting those
requirements.
Security Policy Security policies define the
objectives and constraints for
the security program. Policies
are created at several levels,
ranging from organization or
corporate policy to specific
operational constraints (e.g.,
remote access). In general,
policies provide answers to the
questions what and why
without dealing with how.
Policies are normally stated in
terms that are technology-
independent.
Sensor A device that produces a
voltage or current output that isrepresentative of some physical
property being measured
(speed, temperature, flow, etc.)
Servo Valve An actuated valve whose
7/26/2019 SCADA-NIGC
183/189
Page | 183
position is controlled using a
servo actuator.
Set Point An input variable that sets thedesired value of the controlled
variable. This variable may be
manually set, automatically set,
or programmed.
Simple Network Management
Protocol (SNMP)
A standard TCP/IP protocol for
network management. Network
administrators use SNMP to
monitor and map network
availability, performance, and
error rates. To work with SNMP,
network devices utilize a
distributed data store called the
Management Information Base
(MIB). All SNMP-compliant
devices contain a MIB which
supplies the pertinent attributes
of a device. Some attributes are
fixed or hard-coded in the MIB,
while others are dynamic values
calculated by agent software
running on the device.
Single Loop Controller A controller that controls a very
small process or a critical
process.
7/26/2019 SCADA-NIGC
184/189
Page | 184
Social Engineering An attempt to trick someone into
revealing information (e.g., a
password) that can be used to
attack systems or networks.
Solenoid Valve A valve actuated by an electric
coil. A solenoid valve typically
has two states: open and closed.
Spyware Software that is secretly or
surreptitiously installed onto an
information system to gather
information on individuals or
organizations without their
knowledge; a type of malicious
code.
Statistical Process Control
(SPC)
The use of statistical techniques
to control the quality of aproduct or process.
Steady State A characteristic of a condition,
such as value, rate, periodicity,
or amplitude, exhibiting only
negligible change over an
arbitrarily long period of time.
Supervisory Control A term that is used to imply that
the output of a controller or
computer program is used as
input to other controllers.
7/26/2019 SCADA-NIGC
185/189
Page | 185
Supervisory Control and Data
Acquisition (SCADA)
A generic name for a
computerized system that is
capable of gathering andprocessing data and applying
operational controls over long
distances. Typical uses include
power transmission and
distribution and pipeline systems.
SCADA was designed for the
unique communication
challenges (delays, dataintegrity, etc.) posed by the
various media that must be
used, such as phone lines,
microwave, and satellite. Usually
shared rather than dedicated.
Technical Controls The security controls (i.e.,safeguards or countermeasures)
for an information system that
are primarily implemented and
executed by the information
system through mechanisms
contained in the hardware,
software, or firmware
components of the system.
Temperature Sensor A sensor system that produces
an electrical signal related to its
temperature and, as a
7/26/2019 SCADA-NIGC
186/189
Page | 186
consequence, senses the
temperature of its surrounding
medium.
Threat Any circumstance or event with
the potential to adversely
impact agency operations
(including mission, functions,
image, or reputation), agency
assets, or individuals through an
information system via
unauthorized access,destruction, disclosure,
modification of information,
and/or denial of service.
Transmission Control Protocol
(TCP)
TCP is one of the main protocols
in TCP/IP networks. Whereas the
IP protocol deals only with
packets, TCP enables two hosts
to establish a connection and
exchange streams of data. TCP
guarantees delivery of data and
also guarantees that packets will
be delivered in the same order in
which they were sent.
Trojan Horse A computer program that
appears to have a useful
function, but also has a hidden
and potentially malicious
7/26/2019 SCADA-NIGC
187/189
Page | 187
function that evades security
mechanisms, sometimes by
exploiting legitimate
authorizations of a system entity
that invokes the program.
Unauthorized Access A person gains logical or
physical access without
permission to a network, system,
application, data, or other
resource.
Valve An in-line device in a fluid-flow
system that can interrupt flow,
regulate the rate of flow, or
divert flow to another branch of
the system.
Variable Frequency Drive(VFD)
A type of drive that controls thespeed, but not the precise
position, of a non-servo, AC
motor by varying the frequency
of the electricity going to that
motor. VFDs are typically used
for applications where speed
and power are important, but
precise positioning is not.
Virtual Private Network (VPN) A restricted-use, logical (i.e.,
artificial or simulated) computer
network that is constructed from
7/26/2019 SCADA-NIGC
188/189
Page | 188
the system resources of a
relatively public, physical (i.e.,
real) network (such as the
Internet), often by using
encryption (located at hosts or
gateways), and often by
tunneling links of the virtual
network across the real network.
Virus A hidden, self-replicating section
of computer software, usually
malicious logic, that propagatesby infecting (i.e., inserting a
copy of itself into and becoming
part of) another program. A virus
cannot run by itself; it requires
that its host program be run to
make the virus active.
Virus Definitions Predefined signatures for known
malware used by antivirus
detection algorithms.
Vulnerability Weakness in an information
system, system security
procedures, internal controls, or
implementation that could be
exploited or triggered by athreat source.
Wide Area Network (WAN) A physical or logical network
that provides data
7/26/2019 SCADA-NIGC
189/189
communications to a larger
number of independent users
than are usually served by a
local area network (LAN) and
that is usually spread over a
larger geographic area than
that of a LAN.
Wireless Device A device that can connect to a
manufacturing system via radio
or infrared waves to typically
collect/monitor data, but also incases to modify control set