SCADA-NIGC

7/26/2019 SCADA-NIGC

1/189

..TT..TT..FF

:: :: ::

Document Code: SP1-MNT-MON-001

SCADA

Rev 06


2/189

Page | 2

4 .......

12 ................ 1-

12. ..................... 1-1-

13 ................................................................ 2-

15........................SCADA

DCS

PLC 2-1-

17 ... ........................... .................... .............. (ICS OPERATIONS) -2-2

21 . ...................................... .......... ICS -2-3

22................................. 2-3-1-

31............... 2-3-2-

39.............. SCADA 2-4-

48. ....................................................... DCS 2-5-

51. ....................................................................... PLC 2-6-

54... ...... .............. 2-7-

55....... .. .......SCADA 3-

56... ..................................FIREWALL 3-1-

59.LOGICALLY SEPERATED CONTROL SYSTEM 3-2-

60 ..... ..... .......... ...........NETWORK SEGREGATION 3-3-

69........DEFENCE IN DEPTH 3-4-

72.. .......SCADA 4-

74..................................................................................................................OSI

4-1-

76..............................................................................................................FIELDBUS -2 4-

79...........................................................................................................PROFIBUS -3 4-

82..............................................................................................................MODBUS -4 4-

88................................................................................................... IEC 60870-5-101-5 4-

94........................................................................................................ ......... DNP3 -6 4-


3/189

Page | 3

104 ........................SCADA 5-

105...................... .......... ..... .... ............... ...................................... 5-1-

106............................... ....................... ..................... ......................... 5-2-

107...................... ..... ............................................ ................ ............. ........... 5-3-

110............................. ............. .............. ................................................ 5-4-

111...................... ........................... .................... ............................................ ................... 5-5-

112.................................. ........................................................... 5-6-

113.......................................... ..................................................................... VHF 5-7-

114.................................... ................................................. .............................. ...... UHF 5-8-

121 .............. ....... ..GLDS (IGAT V)SCADA 6

-

122.................................... . ...................................................... (IGAT V)SCADA 6-1-

126.................................... .. ......................................................................... GLDS

6-2-

132.................................... .. .............................................................. ......................... ..........


4/189

Page | 4

:

1ICS 2SCADA 3DCS

PLC

.

)

4SCADA.)

DCS.

.PLC

5

.

6

. 90

.

SCADA.

SCADA

Media

SCADA

.IGAT#5SCADA

7

.

.

.

1

Industrial Control System2

Supervisory Control and Data Aquisition3

Distributed Control Syatem4

Dispersed Asset5

Discrete Control6

Critical Infrastracture7

Information Technology


5/189

Page | 5

.

.ICS

.

.

.

.

.

DCS.

(DCS

).

DCS1

.

Real Time

Loop ControlDCS

. Pneumatic

.

.

PLC

.

I/O2PLC.

1

Low Latency2

Input/Output


6/189

Page | 6

PLC

.

321

.

4

. 5

.6

.

RTU

.

.

.

DCSI/O

.

7 .

DCS

.

1Remote Data

2High Latency

3Low Bandwidth

4Open-Loop Control

5Remote Terminal Unit

6Telemetry

7Closed Loop


7/189

Page | 7

PAC1

.SCADAPLCDCS

PAC

.

.ITSecured

Wireless2.

.

.

..

1Programmable Automation Controller

2Wireless


8/189

Page | 8

:

.

1

.

.

.2

.

:

3DMZ

4

.5

.

:

1

Alarm Threshold2

Malware3

De-Militrized Zone4

Firewall5

Authentication


9/189

Page | 9

:.

.

:

Patch

Port

.

:

.

.1

.

.

.

.

.2

.

1Cascading Events

2Defense in Depth


10/189

Page | 10

:

.

.

.

.

( :

Stateful Inspection Firewall.(

(DMZ

.(

.

1

.

Service

Port

.

1

Fault Tolerant


11/189

Page | 11

.

(

).

(

).

1PIV.

.

.

patch

patch

.

.

1Personal Identity Verification


12/189

Page | 12

-1

-1-1

PLC

DCS

SCADA .

SCADASCADAMedia

SCADA IGAT#5SCADA

..

:

.:1

.:2

.SCADA:3

.SCADA4:Protocol

5:

SCADA

.

.IGAT VGLDSSCADA:6

:.

o: .

o.:

o:.


13/189

Page | 13

-2


14/189

Page | 14

)1970) (1919(:2-1

2-2:

1919) (

1990(


15/189

Page | 15

SCADAPLCDCS-2-1

1

2

.

.

.

.

SensorBreaker

.

DCS

.

DCS

.

FeedforwardFeedback

3

Set Point.

654

1Distributed

2Centralized Data

3Set Point

4Proportional

5Differentional

6Integral


16/189

Page | 16

1

DCS.

(Continuous Manufacturing Processes)

.

.

(Batch Manufacturing Processes)

.

.

.

.

. ()(

.)

.

PLC

.

PLC

DCS

LAN

SCADA

SCADA.

1

Self Correction


17/189

Page | 17

.

1SCADADCS

.

SCADA

PLC

DCS

ICS

.

-2-2

:.2-3

2

Sensor

PLC 3 BreakersSwitches

.

.

4

Actuators

.

:Sensor

5

6

7

8

1

Closed Loop2Control Loop

3Actuators

4Set Point

5Temprature Sensor

6Humidity Sensor

7FlowMeasurement Sensor

8Current Sensor


18/189

Page | 18

1

2

3

-(HMI)4

-.-

.

1

Pressure Sensor2

Power Failure Sensor3

Smoke Sensor4

Human Machine Interface


19/189

Page | 19

:2-3

:2-4


20/189

Page | 20

:2-5

(Remote Diagnostics and Maintenance Utilities)

.

HMI

. 21

3

1

Cascading2

Nested3

Set Point


21/189

Page | 21

21.

.

:2-6

ICS3-2-3

.

PLCDCS

.

1Supervisory Level Loop

2Lower Level Loop

3Key SCADA Components


22/189

Page | 22

1-2-3-1

:

2

DCS

.

.

((MTU43

Master .

PLC

RTU)

(

.5

(RTU)

.RTU

.

RTUPLC

.RTUPLC

(PLC6)

1

Control Components2

Control Server3

SCADA Server4

Master Terminal Unit5

Slave6

Programmable Logic Controller


23/189

Page | 23

o(PLC)

PLC.

DCS

.1

RTU PLC

. PLC 2

RTU

.PLC.

.

.

PLC

.

)

(...

( ... )

.

PLC

PLC

1

Field2

Field Devices


24/189

Page | 24

(

Actuators(

.

PLC

PLC/.

PLC .

PLC .

I/O

/

.

I/O

.

.

Scan Time

.PLCCPU

. I/O

.

CPU ... CRT

.

:PLC

PLC:

)PS)Power Supply


25/189

Page | 25

)CPU)Control Processing Unit

))Memory

)Input Module(

))Output Module

)CP)Communication Processor

)PS)Power Supply

PLC

.

24

220110 5 .

.

PLC.

. (2/55

2/5 ). vdc24

.

110

220

Relay Board .

.

PLC

8/2

.

.

)CPU)Control Processing Unit


26/189

Page | 26

PLC .

.

CPU

.

))Memory

PLC.

CPUPLC.

.

PLC

.

)RAM(

)EPRAM,EEPROM(.

))Input Module

PLC

.

/

proximitylevel sensor... PLC

.

PLC

.

))Output Module


27/189

Page | 27

... .

PLC

.

)CP)Communication Processor

CPU .CPU

.

EthernetCAT5 Modbus TCP/IPI/O module:2-7


28/189

Page | 28

((PLC

.PLC

PLC

. .

.

PLC

PLC

.PLC

/

PLC

40/401

128/1284

4128/128

PLC

.

.PLC

PLC

.

.

.


29/189

Page | 29

..

PLC

.

PLC.

:

80

.PLC

.

PLC

.

.

.

PLC

....A/DD/A

.

PLC

.


30/189

Page | 30

.

I/O PLC

.

(IED1)

.

.

.

-(HMI)

-

.

-

Set Point

-.

.

-.

Wireless LAN

2

.

1

Intelligent Electronic Devices2

Browser


31/189

Page | 31

1

2

.

.

/3

/

PLCRTUIED

.

/

4/.

.-

-2-3-2 5

.

.

.

.

:

1Data Historian

2Logging

3Input / Output, (I/O) Server

4Third Party

5Neywork Components


32/189

Page | 32

oFieldbus

Fieldbus

Fieldbus.

.

.Fieldbus

.

o1

.2

.

RTUMTUWANLAN

.

o

3

.

.

o

4

.

1

Control Network2

Communication Router3

Firewall4

Modem


33/189

Page | 33

MTU.

SCADAPLCDCS

.

o

1

..

PDA2

LAN

.

)BA(

)(

.

.

.

.

.

1

Remote Access Point2

Personal Digital Assistant


34/189

Page | 34

)(

. .

.

.

1LACT

.

.

.

. RTU

.MODBUS

).2-8(

1Leased Automated Custody Transfer


35/189

Page | 35

:2-8 RTU

1

.RTU

.

.

.

((PID

1

Meter Runs


36/189

Page | 36

.PAC

/

.

.

)(

.

RTU

..

Onboard .

.

( )

Backplane

/ (

)Alarm

.


37/189

Page | 37

/ . 1

.Alarm

Modbus .

Hybrid .

).2)-9(

RTU:2-9

1Ladder


38/189

Page | 38

.

.

.

168

4

. PanelCabinet

((Slot

.

Backplane Fieldbus

./

/

.

.

.

In-rack

.

.SerialEthernet TCP/IP

. HMI

.

Flow Meters

LegacyPortModbus.


39/189

Page | 39

/.EnCana

.

EnCana

.

EnCana:2-10


40/189

Page | 40

SCADA-2-4

-

.

1

.

.

.

MTU ( )

RTU

ActuatorSensor.

RTUMTU RTU

.

PLCRTUMTU .

2.

RTU

.

.

.

1

Text2

Protection Relay


41/189

Page | 41

.

2-11 . MTU

HMIData Historian-.

.LAN

HMI

. 1 .

.Actuator

WAN

Dialup

.

.

1Centralized Alarm


42/189

Page | 42

:2-11

RTU-MTU .

2-1243-21

.

.

-.

1

Point to Point2

Serial3

Serial-Star4

Multi-Drop


43/189

Page | 43

.

:2-12


44/189

Page | 44

2-12

SCADA.

RTU .1MTUMTU

.2-13

:2-13

1Sub MTU


45/189

Page | 45

2-41 .

.

.

.

.1WAN

.

WAN

.

...)605(

.

.

1Wide Area Network


46/189

Page | 46

)(:2-14


47/189

Page | 47

.2-15

.

.

.

.

(

).


48/189

Page | 48

)(:2-15


49/189

Page | 49

DCS-2-51

DCS

. .

DCS.

.

DCS

.

DCS2-16 .

.DCS

)(

.

.

.

.

Fieldbus

Fieldbus.

.Fieldbus

.

Fieldbus

.

FieldbusModbus Fieldbus

.

1Distributed Control System


50/189

Page | 50

.

.

.

DCS

.


51/189

Page | 51

2-16:


52/189

Page | 52

2-6-PLC

SCADADCSPLC

.

PLC.RTUPLC

.

PLC.

1/

PID2 .

Fieldbus .2-17

.

:.LAN3

.PLC

1Input/Output

2Proportional-Integral-Derivative

3Historian


53/189

Page | 53

2-17:

PLC


54/189

Page | 54

PLC:2-18

PLC:2-19


55/189

Page | 55

-2-7

.

.

.

DCS .

DCS.

DCS

.

.""

.

.

.

.

.

.

.


56/189

Page | 56

SCADA-3


57/189

Page | 57

:.

FTP1

.

.

DoS2

.

.

.

.

Firewall.DMZDMZ

.

.

.

Port .

.3

3-1-Firewall

.

TCP/ IP .

.

1

File Transfer Protocol2

Denial od Service3

Node


58/189

Page | 58

.

.

:

Packet Filtering Firewalls

Firewall.Packet Filtering Firewall

Session.

Packet Filtering1 3

OSI

.

Packet Data IP

Packet Data.Data Packet

Data Packet 2

Packet Filtering Firewall.

Header Field

.

Stateful Inspection Firewalls

Stateful Inspection FirewallData Packet Filtering

OSI .Stateful4

Inspection Firewall3PacketSession

TCP(4Packet

UDP5

.Stateful Inspection Firewall

Session

1

Rule Set2

Originator3

Network Layer4

Transport Layer5

User Datagram Protocol


59/189

Page | 59

Packet

.Stateful Inspection Firewall

.

.

(Application-Proxy Gateway Firewall)

Packet 1

()browser(

FTP(.

OverheadDelay

.

2ICSFirewall

.

.

.

.

:

.

.

1

Application Layer2

Corporate Network


60/189

Page | 60

.

.

.

.

.

3-2-Logically Separated Control System

:.

.

.)(

Stateful

.

ICMPPortUDPTCP

.(MAC1(

.DMZDMZ

DMZDMZ)(

.

.

1Media Access Control


61/189

Page | 61

3-3-Network Segregation

.

.

Dual-Homed/:

.Dual-Homed

.

.Dual-Homed

.

3-1

ProxyTCPPacket.

)(SMTP2MailHTTP1FTP

.Stateful

.

. Data Historian

Data Historian

.Data Packet Host

DCS

PLC

.

1Hyper Text Transfer Protocol

2Simple Mail Transfer Protocol


62/189

Page | 62

:3-1

Data Historian Rule

Host Data Historian .

SQL1

HTTP

.

Data Historian

. Node

.Worm

1Stractural Query Language


63/189

Page | 63

Packet

HTTP.

Trojan Horse

HMI

.)(

.

1

3-2

Data Packet Filtering.

ProxyStateful

.

DoS

2.

.3

1Router

2Adversory/Intruder

3Defense in Depth


64/189

Page | 64

:3-2

DMZ

DMZ

DMZ.

Data HistorianWireless Access PointRemote and Third Party Access Point.

.DMZ

DMZ

.


65/189

Page | 65

WirelessData Historian

Access PointDMZ.3-3.

DMZ:3-3

DMZ

.DMZ

DMZ

. 3-3 Data Packet


66/189

Page | 66

.

.

Patch

.DMZ

Patch.

.

.

1

.

DMZ

.DMZ2

DMZ DMZ

.

(Multi-Port).

.

Paired Firewalls

3-4 DMZ

.

Data HistorianDMZMES3

. Packet

1

Malware2

Application Traffic3

Manifacturing Execution System


67/189

Page | 67

.Data Historian

.

:3-4

IT.

.

.

.


68/189

Page | 68

. (DMZ(

.

.DMZ3

3-4-Defense in Depth

.

" "

.

DMZ

.

:

3-

5

.CSSP1

.

1Control System Security Program


69/189

Page | 69

:

:

Telemetry

Data Interface

DMZ

. 3-5

DMZ

.

Domain

.


70/189

Page | 70

CSSPDefence in Depth:3-5


71/189

Page | 71

SCADA-4


72/189

Page | 72

RTU

.

.

.

RTU

.RTU

.

Circuit breaker27RTU""

.

.

1

2

.RTURTU

3

.

RTU RTU

((IED . .

:,Profibus FoundationFieldbus,Modbus5-60870"

(IEC)"IEC 60870-5-101)101((DNP3).

,Profibus FoundationFieldbus,Modbus 113

.137

1Mster Protocols

2Master Unit

3Poll


73/189

Page | 73

OSI-4-1

Word.

(zip)

(PGP)

.TCP/IPEmail

:7Mail Server

TCP/IP7

,

.

ISO/OSI

-Ethernet232RS..

-RS. .12Ethernet1232

TCP/IP341

.baseT102

Application7

.

AdobePDFEmail

Acrobat.Application

.

..

Presentation6

)(

.ASCII.

.


74/189

Page | 74

6.

.

5

Session

..

.

Transport4

..

Network3

.

..

2

Data Link

(.

Checksum)

.

Physical Layer1

HUB

.


75/189

Page | 75

Transmission

.

.

,ISO/OSI

.


76/189

Page | 76

4-2-FIELDBUS

Honeywell1980

.Field device204

: Field device

.

I/O

.PLC

204 .

.

Field device

. .

.

Field device

.

.

.

.

.

)20)4.

.

.

.

.


77/189

Page | 77

OSI

.data link

.

.CSMA/CDToken passing

:

BACNet, FIP/WEIP, BitBUS, P-NET, ProfiBUS, LonWorks, CANbus

Seriplex, MODBUS, Mester Fieldbus, Interbus, ISP, HART, DeviceNet

Field device:

204

..

.204

.

RS232,RS485

..

.


78/189

Page | 78

.FF

Foundation Field bus

.FF

.

FF .

.

:FF


79/189

Page | 79

4-3-PROFIBUS

PADPFMSProfibus

MODBUS

Master

Slave.RS232

))8CAN.

. Fieldbus

OSI

CAN OpenNet DeviceCan

Sos .

Profibus

1Mb/sFoundation.12Profibus

Fieldbus

31.25Kb/s

.

.

EN50170EN50234FieldbusProfibus

.Profibus

:3

Profibus DP


80/189

Page | 80

Device

RS48512Mb/s

10ms""

.

PLC.10msPLC

16 2

12Mb/sPLC

1ms FoundationProfibus PA

Fieldbus300ms.

Profibus PA

4-20MA....

.10%

31.25Kb/s

.

.Foundation Field Bus

Profibus FMS

PC ,Manage system.

Multi-Master

.

FMS.

Object Object

:FMS.


81/189

Page | 81

Object-1

.-2

FMS

...

.


82/189

Page | 82

4-4-MODBUS

Modbus

OSI

.Modbus

Client/ServerDevice

Bus.

Modbus

Request/Reply

Function Code

.

Function Code/PDUs.

.Function CodeModbus

Modbus:

TCP/IP

Ethernet

Media

Modbus PlusToken Passing

ModbusRS232 RS485

. -Multi

drop.

ModbusMaster/SlaveMasterSlave

Modbus RTU.SlaveDCSPLCPC.Master

Filed DeviceMulti-drop.

MessageMasterFiled DeviceMaster

ChecksumDevice

.

Device

Message

Device

Master

ModbusSlave.Device


83/189

Page | 83

.Message.

.

Modbus

:

Modbus ASCII

Modbus RTU

Modbus/TCP

MessageModbus.

Message.ASCIIMessageHexadecimal

4-Bit ASCII

.

Byte

2Byte

Modbus/TCPModbus RTUByte2.

.

Modbus ASCII .

((RFTelephone Modem .

Modbus RTU Modbus RTU.

(RS485RS232.

)115Kbaud1200Kbaud . 9600Kbaud

19200Kbaud..Modbus RTU

Modbus/TCP .EthernetModbus

DeviceIP.Modbus/TCPModbus

TCP/IP Ethernet.Encapsulation

TCP/IP .Modbus/TCP

Modbus RTU

.MessageMasterSlaveDevice


84/189

Page | 84

Device-1

2-Function Code

3-Data

4-Error Check

(0(Broadcasting Address.Message2550Device

Slave . 2471

Device . Slave Device0

Modbus Message Master. Message

.

Function CodeSlave Device . Read

DataAccept DataReport Status....

Function Code1255.Function Code Sub-Function Code

.

Data

Device

Read Function

Data

ValueFunctionDevice(

.)

Error Check16-BitCRC.CRCMaster

Device DeviceCRC.

.Parity Check.

Slave Device MasterMessage

.Message SlaveFunction Code

.Error Check


85/189

Page | 85

PDUModbus

BusModbus.Mapping Field

ADU . )Master(ClientADU

.

4-1:

Modbus

Function1.))Slave

.Client

Function Code.((1-255 Decimal.

(128-255)

Exception Response

.

Message

Client

Server Device Function Code

Function.Sub-Function.Function Code

.

Data FieldServer DeviceClient

Function Code .

HandleDiscreteRegister

Data Field.

Function CodeServer.((Zero Length

1

MODBUS application protocol


86/189

Page | 86

Data Field.

ClientServer . Field

Exception.

DiscreteOn/OffClient

Register ServerClientServer.

Field((Error FreeFunction Code

.((Exception Response

(4-2:MODBUS Transaction (Error Free

.Function Code

.)Function Code(


87/189

Page | 87

(4-3:MODBUS Transaction (Exception Response


88/189

Page | 88

4-5-IEC 60870-5-101

IEC 60870-5

.IEC 60870-5 ((EPA

RTU

Relay

(IEDs)

)

4-4(.IEC 60870-5

(OSI).

5.

.IEC 60870-5

IEC 60870-5 .

.

. 101

.

4-4


89/189

Page | 89

IEC 60870-5-1

.

IEC 60870-5-2

.

IEC 60870-5-3 Farme

.

. IEC 60870-5

.

IEC 60870-5-4

.

IEC 60870-5-5

)(7(

)ISO .

IEC 60870-5.

.


90/189

Page | 90

.

1.

2

3

Synchronization

Station

Configuration.

101 RTU IED

101.

.

51014

RS-4852, RS-2321

((EIA ((Fiber Optic Interface

.

IEC 60870-5-1FT 1.2101

.FT 1.2 .UARTs6

.

Ballanced1017

Point to Point Unballanced Multi-drop

.

IEC 60870-5-21

/

/

/

.

1

Station Initialization2

Cyclic Data Transmission3

Data Acquisition by Polling4

Physical Layer5

Internation Telecommunication Union6

Universal Asynchronous Transmitter/receiver7

Date Link Layer


91/189

Page | 91

)(101

.)(

2ASDUs101

IEC 60870-5-3 ASDUs.

.IEC 60870-5-4

3

.

IEC 60870-5-4

101.101

IED

.RTU

IEC 60870-5-5101

:

((Station Initialization)

(

(Cyclic Data Transmission)

((Generalla Interoggation)

((Command Transmission)

((Data Acquisition by Polling)

((Acquisition of Events)

((Parametr Loading)

1Link Transmission Procedure

2Application Service Data Unit

3Type Information


92/189

Page | 92

((File Transfer)

(

(Synchronization)

(

(Transmission of Integrated Totals)

((Test Procedure)

101

. -60870-560870-5-102

105110.

. ((Baud Rate

ASDU

.

.ASDU

.

ASDU1014-5

.

ASDU.

)

)

((

.

101 60870-5

60870-5-1IEC.

.

IEC 60870-5-101ASDU4-5.

.


93/189

Page | 93

IEC 60870-5-101ASDU:4-5


94/189

Page | 94

4-6-DNP31

DNP32

.

.DNP3

.

IEDsTerminal

.DNP3 RTUIED

.

DNP3-4-6

1Distributed Network Protocol

2Process Automation


95/189

Page | 95

DNP3

BA

.

.

DNP3RTU-to-IEDRTU

EPA1.DNP3Master-to-RTU/IED

.-IEC 60870-5

:DNP3

:

DNP3

frameFT3IEC 60870-5-1.Data Link Layer

Application Layer .

Flexible Structur:DNP3Object

.

Multiple Application:DNP3:

1-Polled only

2-Polled Report by Exception

)(-3

321-4

Physical Layer

.

1Enhanced Performance Architecure


96/189

Page | 96

Minimum OverheadDNP3 Wire-Pair: Data Link

1200bit/ s

Minimum Overhead .

1

Overhead

.

Open Standard:DNP3

Main StationIED

RTU.

.

.

( )

.)()(

.

.

.

DNP3

2.DNP3

.

.

.

.

1Report by Exception

2Open Standard Protocol


97/189

Page | 97

Substation Computer Master Station

:

12.

Breaker

.

3 .

4.

Configuration

:

gateValve

.

Analogue Input

Data

SynchronizationHistorian DataLogged.

DNP3

HypertextMultimedia.DNP3

.

client4-7

.Master

slave

4-4

.

1Binary Input Data

2Two State Devices

3Analogue Input Data

4Count Input Data


98/189

Page | 98

.

.

.Boolean

. 1

.Control Outputs

Trip- Close

Raise- Lower

on- offAnalogue.

OutputsSet points

.

clientDNP3:4-71

Counters


99/189

Page | 99

NN-10

Point IndexDNP3.

DNP3.

)

.(

ClientDNP3Master

( Client.Master)

...Closed Loop ControlAlarm Notification Billing

. Client .Client

Slave .

Polling

.

Client

.

)Client()(4-7

slave.

.

Client 4-7 .

Client.DNP3((Top Layer

.

Client .

Client

Client.DNP3

DNP3.DNP3

DNP3 .DNP3

.

.DNP3


100/189

Page | 100

4-8 .

. .Dial-up

DNP34-8

1

(Slave).Client.

1Multi-Drop Design


101/189

Page | 101

Slave Slave

.Slave

.

Slave

.Slave

.

.1

.Client

.

.4-8

Client Client . -Sub

Master.

4-8

.

Client

.

.

DNP3

.TCP/IP

Frame TCP/IP

DNP3.

.

1Peer to Peer


102/189

Page | 102

DNP3.

.DNP34-9.

Frame DNP3Frame.

Frame.

.

.HeaderFrameDNP3

FrameDNP3 FrameDNP3 Frame

. Payload

.

FrameSync BytesFrame

. Frameoctet -

.Octet((CRCoctet

.

DNP3

DNP3 .

((Peer-to-Peer

. DNP3

.

DNP3FrameDNP3All-Call

.

.


103/189

Page | 103

DNP3:4-9

PayloadFrame 16OctetoctetCRC

.

. (OctetCRC250PayloadOctet

Octet

Header

CRC ).292octetFrame


104/189

Page | 104

SCADA-5


105/189

Page | 105

.

.

.

.

.

.

.

-5-11

-Twisted Pair

.

(Pairs).

.

-Twisted5-1. Pair

.

1Twisted Pair


106/189

Page | 106

)54/1(

-twisted:5-1 pair

-5-21

2

PVC .

Twisted-Pair

.

.

:2-5.

1Coaxial

2PVC


107/189

Page | 107

Twisted-pair

(RF)

Twisted-Pair

:5-2

-5-31

1970 .

.db/km3.0

.140

2:.

.3

.

1Fiber Optic Cable

2Multi Mode

3Single Mode


108/189

Page | 108

( )

relaying .

-Twisted Pair

.

.

.

OPGW1.

.

DielectricAllADSS2

WOC3.

.

5-3.

.

1Optical Power Ground Wire

2All-Dielectric Self-Supporting

3Wrapped Oprical Cable


109/189

Page | 109

Novel

.

:5-3

.

.

.

.

Diode

LEDs

.

850

1310

.1550nm

.

.

:

OOGWADSSWOC.

Duct) (DNSS

.ArmorDuct


110/189

Page | 110

-5-41

2

30.

.5000

.(

kV230/220kV115/110relaying

kV66.

PLC .

.

.

.

.

PLC .

PLC(RF) PLCSSB3

.

4 .PLCCoupling

.RF

.5-4

1Power Line Carrier

2Lease Line

3Single Side Band

4Dual Frequency Trap


111/189

Page | 111

PLC 43 (

)

PLC (

)Speech Plus

)4(

((PLC5-4

-5-51

. 2

.

.

.

.Low-Noise Amplifier

1Sattelite

2geo-stationary orbits


112/189

Page | 112

-KuC-band Band.1VSAT

( -Ku) band.

-Ku Band VSAT.

.

.

.

.5-5

5-5

5-6

-

2

.

1Very Small Aperture Terminal

2Leased Line


113/189

Page | 113

.1PSTN

.

.

.5-6.

5-6

5-7-VHF2

30030((VHF

Point to Point

.

.

.

1

Public Switch Telephone Network2

Very High Frequency


114/189

Page | 114

VHF

.

.VHF5-7.

UHF

VHF5-7

5-8-UHF1

UHF.3000300UHF

.900400

900 . ((FCC

928

952

UHF.

1

Ultra High Frequency


115/189

Page | 115

(PTP)(PTM)TrunkSpread Spectrum.

.MARS1PTM

a/b/g11/802

.UHF.

Point to Point

UHF.

.

.

.

UHF5-8.

.

Bit Rate

UHF5-8

1Multiple Address Radio System


116/189

Page | 116

1

)(

Slave360

.)(

MARSMHz900/400RemoteSlave

.

MARS /

.)(

MARS

RF

.

RF

MARS.

MTBF2

9600Baud300MARS.

.

FCC

5/12

.MARS

.MARS9-5

1MARS

2Mean Time Beetwen Failure


117/189

Page | 117

Bite Rate

UHF

UTIFMARS5-9

1

3/5GHz4/2MHz928-9022

Packet Type

4DMS3

.)(

.MHz470-450

900

DMS 10-5.

.

1Spread Spectrum

2Low Power Spread Spectrum

3Digital Multiple System

4Distribution Automation


118/189

Page | 118

-Co

Channel

((RF

:5-10

1

GHz1UHF

GHz1

.

.

.

. Multiplexer

. Cross-Connect

PBXs .

.

.

1Microwave


119/189

Page | 119

.

)( CompressedRelaying Frame Relay

(B-ISDN)

T1.

.

.

.

.

. .

.

.

.

.

(FDMA1)

(TDMA2)

(CDMA3)

FDMA.

TDMACDMA.

1

Frequency Division Multiple Access2

Time Division Multiple Access3

Code Division Multiple Access


120/189

Page | 120

.

.5-11.

5-11

.

.

.


121/189

Page | 121

GLDS(SCADA(IGAT V-6


122/189

Page | 122

(SCADA(IGAT V-6-1

:SCADA

1.

SCADA

((BCGS 1,2,3,4.2

.3

VALVEIGAT VVALVE.4

.5

ModbusDCS.6

7

.RTU,ESD

VALVE

RedundantSCADA

RTUESD

.Historical DataSCADASCADA

SCADA

.

SCADA

Timinig

Timing

.ESD,RTUSCADA

HMI(EWS)Client-Server.

,

SCADA Tag Set-point

.AlarmVALVE

EthernetESDRTU Redundant

.Multiplexer.

TCP/TPTCP/TP.RTU

.:PS232


123/189

Page | 123

Remotly.RTU,ESDRTU)1

Lap tap(VALVE

.)

2(

RTU

.

Diagnostics

RTU

.SCADAMonitoring

)3 HMI . VS

Fast/Tools SCADAHMI)VALVE(

.

SCADARTU)4 19.2KBO/S

PS232 STM-1.

.100MBP/S10MBP/S

ProgrammingRTU)5

)CCTV(VOICEvideo)6

FFHARTDiagnostic)7

.FFHART

SCADA

SCADA

RTUSCADA.SCADA

.RTU

Ethernet TCP/TP

FAST/TOOLS SCADA

.

.RTUESD

SCADA

:SCADA


124/189

Page | 124

1-HMI

-2

3-Alarm Handing

4-

Historical Data-5

-6

-7

SCADA

.

:

Fast/ToolsSCADA

Real Time.

Set Point .

.

:

ESDRTUSCADA

Fast/Tools.

Fast/Tool Configurater .

.Downloadonline

.SCADA

.

RTU

ESD

.

:RTU

RTURTURedundant STARDOM FCN

.RTU Redundant PSU Redundant CPU RTU.


125/189

Page | 125

deviceI/ORedundant I/O

.RTU

SCADA

Monitoring.

RTUSCADA Ethernet SDH Multiplexer .

.SCADAFCNEthernet TCP/TP

:ESD

RTUESD .Redundant.ESDOTN

ESD

.

ESD

Prosafe RS

.

Leak Detection:

.OPCSCADA


126/189

Page | 126

GLDS-6-2

.

1-Non Routine Event

-2

Non Routine Event:

. .

:

.:

:/

.

.

ESDValveRange

Shutdown

.

Gas CompositionInternal Pitting:

Coupon.

Routine Check

Metal LossPig.

.

Site Survey

.


127/189

Page | 127

Valve:

Routine.

:

ESD Valve Actuation.

FlangeFlange) .AGI`s(

.Routine

Metering:

Metering

.

Metering

:

Orifice Based Skid

Orifice Based Skid..

Metering Drawback.

.TurndownHandle

Multipath Ultrasonic Metering:

Meter Skid .

.

Turbine Metering

TurndownOrificeMeteringMetering

.

:

Dynamic Pressure Leak Detection System


128/189

Page | 128

PC Based

.

TrunkDensity Flow

Lines.

.Transitional Effect

Statistical Leak Detection System

OutletInlet

.

.

.

Mathematical Model Based Leak Detection System

Real Time Profile

.

.

.

:

SCADA

Hybrid.

.

Shutdown.


129/189

Page | 129

System Accuracy

Function

.

Shut-In

.

.

Accuracy Repeatability

Temperature 0.5C 0.05C

Pressure 0.1% of span 0.025%

.

Accuracy Repeatability

Density 0.5% 0.05%

.

.

(BGCS (Booster Gas Compressor StationOutlet

.Fuel Gas

.%0.05%0.5

:

30(

.)1005

:


130/189

Page | 130

.%0.5

Typical

:

Response Time

4 Min for 50% leak rate




30/45 Min. for 1% leak rate, depending on the steady state

characteristics

Leak Location Accuracy

5% of the section length between pressure transmitters, for leaks

greater than 20%.

10% of section length between pressure transmitters, for leaks

greater than 10%.

20% of section length between pressure transmitters, for leaks

greater than 5%.

:

Typical.

100 %2

.10

A/D:

A/D

Resolution

.

Updating Time:


131/189

Page | 131

DT.Update Time

:

DT < 0.1 L/c

Where

L = Overall pipeline length

c = speed of sound (approx. 1000 m/s in liquids and 300 m/s in gas).

This equates to a update frequency of 66 seconds from the each of

the Remote Terminal Units (RTUs)


132/189

Page | 132

:

:

:

.

.:

.


133/189

Page | 133

:


134/189

Page | 134

desktop

. .

.

"

"((RMA

.

(Console).

((Microprocessor

19901980

1990 .

.

..

.

(IP)

.


135/189

Page | 135

((OS

.

.

.

.

.

.

.

(

).

:

:

.

.

.


136/189

Page | 136

:

.

. .

.

.

.

.

:

.

.

.

:

--

.

. Client

.

)Server(

.


137/189

Page | 137

:

.

.

:

.

.

HMI

.

.

.

:

. Legacy

.

(

.(

.

.

:

-

.

.


138/189

Page | 138

.

:

.

:

Unpatched.

.

Patch

.

.

/.

.

.

Firmware .

.

:

.

.


139/189

Page | 139

: .53

.

15

20

.

:

.

.

.

.

.

.

.

.

.

.

.

.

.


140/189

Page | 140

.

.

.

.

.

.

.

.

.

Client

(

) .

.

.

.

.

.


141/189

Page | 141

.

-

.

.

.

.

.

.

.

)(


142/189

Page | 142

.

.

.

.

.

.

.

.53 2015

.

.

.

.

)}}CPU(

.


143/189

Page | 143

.

.

.

.((Reliability

.

.

-(Defense-in)(

Depth).

.

.

Cracking.

.

.

.


144/189

Page | 144

.

.PhishingSpam

(

Spam

Phishing.(

.

SpamPhishing

On-line .

.

.

.

. .

.

.

.


145/189

Page | 145

.

.

.

.

PhishersPhishers

Phishing .

Phishers Spam

.

SpammersSpammers

Phishing /

. (

)DoS

/

.

(Worm) Hard Drives

(Melissa Macro)((Nimda(CIH(ChernobylExplore.zip

.((Blaster((Slammer((Code Red

.

Phishing./

.


146/189

Page | 146

.

.

.

..

.

. )(

.)(

:

)

)


147/189

Page | 147

.

.

.

.

.

.

.

.

.

.

.


148/189

Page | 148

.

.

.

/ .

(DRP)

.

.

firmware .

.


149/189

Page | 149

:

Patching.

.)(

:


150/189

Page | 150

:


151/189

Page | 151

AC Access Control

AC Alternating Current

ACL Access Control List

AGA American Gas Association

API American Petroleum Institute

ARP Address Resolution Protocol

BCP Business Continuity Plan

CC Common Criteria

CD Compact Disc

CHAP Challenge Handshake Authentication Protocol

CIDX Chemical Industry Data Exchange

CIGRE International Council on Large Electric SystemsCIP Critical Infrastructure Protection

CIPC Critical Infrastructure Protection Committee

CMVP Cryptographic Module Validation Program

COTS Commercial Off-the-Shelf

CPU Central Processing Unit

CSE Communications Security Establishment

CSRC Computer Security Resource Center

CSSC Control System Security CenterCVE Common Vulnerabilities and Exposures

DCOM Distributed Component Object Model

DCS Distributed Control System

DETL Distributed Energy Technology Laboratory

DHS Department of Homeland Security

DMZ Demilitarized Zone

DNP Distributed Network Protocol

DNS Domain Name System

DOE Department of Energy

DoS Denial of Service

DRP Disaster Recovery Plan

DVD Digital Video Disc


152/189

Page | 152

EAP Extensible Authentication Protocol

EMS Energy Management System

EPRI Electric Power Research Institute

ERP Enterprise Resource Planning

FIPS Federal Information Processing Standards

FISMA Federal Information Security Management Act

FTP File Transfer Protocol Ap

GAO Government Accountability Office

GPS Global Positioning System

HMI Human-Machine Interface

HSARPA Homeland Security Advanced Research Projects Agency

HSPD Homeland Security Presidential Directive

HTTP Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol Secure

HVAC Heating, Ventilation, and Air Conditioning

I/O Input/Output

I3P Institute for Information Infrastructure Protection

IAONA Industrial Automation Open Networking Association

ICS Industrial Control System

IDS Intrusion Detection System

IEC International Electrotechnical Commission

IED Intelligent Electronic Device

IEEE Institute of Electrical and Electronics Engineers

IETF Internet Engineering Task Force

IGMP Internet Group Management Protocol

INL Idaho National Laboratory

IO Input/OutputIP Internet Protocol

IPS Intrusion Prevention System

IPsec Internet Protocol Security

ISA ISA-The Instrumentation Systems and Automation Society

ISAC Information Sharing and Analysis Center


153/189

Page | 153

ISID Industrial Security Incident Database

ISO International Standards Organization

IT Information Technology

ITL Information Technology Laboratory

LAN Local Area Network

MAC Media Access Control

MES Manufacturing Execution System

MIB Management Information Base

MTU Master Terminal Unit (also Master Telemetry Unit)

NAT Network Address Translation

NCSD National Cyber Security Division

NERC North American Electric Reliability CouncilNFS Network File System

NIAP National Information Assurance Partnership

NIC Network Interface Card

NISAC National Infrastructure Simulation and Analysis Center

NISCC National Infrastructure Security Coordination Centre

NIST National Institute of Standards and Technology

NSTB National SCADA Testbed

OEA Office of Energy Assurance

OEM Original Equipment Manufacturers

OLE Object Linking and Embedding

OMB Office of Management and Budget

OPC OLE for Process Control

OS Operating System

OSI Open Systems Interconnection

PCN Process Control NetworkPCSF Process Control System Forum

PCSRF Process Control Security Requirements Forum

PDA Personal Digital Assistant

PEAP Protected Extensible Authentication Protocol

PIN Personal Identification Number


154/189

Page | 154

PID Proportional Integral - Derivative

PIV Personal Identity Verification

PLC Programmable Logic Controller

PP Protection Profile

PPP Point-to-Point Protocol

R&D Research and Development

RADIUS Remote Authentication Dial In User Service

RBAC Role-Based Access Control

RF Radio Frequency

RFC Request for Comments

RMA Reliability, Maintainability, and Availability

RPC Remote Procedure CallRPO Recovery Point Objective

RTO Recovery Time Objective

RTU Remote Terminal Unit (also Remote Telemetry Unit)

SC Security Category

SCADA Supervisory Control and Data Acquisition

SCP Secure Copy

SIS Safety Instrumented System

SMTP Simple Mail Transfer ProtocolSNL Sandia National Laboratories

SNMP Simple Network Management Protocol

SP Special Publication

SPP-ICS System Protection Profile for Industrial Control Systems

SQL Structured Query Language

SRP Salt River Project

SSH Secure Shell

SSID Service Set Identifier

SSL Secure Sockets Layer

TCP Transmission Control Protocol

TCP/IP Transmission Control Protocol/Internet Protocol

TFTP Trivial File Transfer Protocol


155/189

Page | 155

TLS Transport Layer Security

UDP User Datagram Protocol

UPS Uninterruptible Power Supply

US-CERT United States Computer Emergency Readiness TeamUSB Universal Serial Bus

USSR Union of Soviet Socialist Republics

VFD Variable Frequency Drive

VLAN Virtual Local Area Network

VPN Virtual Private Network

WAN Wide Area Network

XML Extensible Markup Language


156/189

Page | 156

:


157/189

Page | 157

Alternating Current (AC) Drive Synonymous with Variable

Frequency Drive (VFD)

Access Control List (ACL) A mechanism that implementsaccess control for a system

resource by enumerating the

identities of the system entities

that are permitted to access the

resources

Accreditation The official management

decision given by a senior

agency official to authorize

operation of an information

system and to explicitly accept

the risk to agency operations

(including mission, functions,

image, or reputation), agency

assets, or individuals, based onthe implementation of an

agreed-upon set of security

controls

Actuator A pneumatic, hydraulic, or

electrically powered device that

supplies force and motion so as

to position a valves closure

member at or between the

open or closed position

Alarm A device or function that signals


158/189

Page | 158

the existence of an abnormal

condition by making an audible

or visible discrete change, or

both, so as to attract attention

to that condition

Antivirus Tools Software products and

technology used to detect

malicious code prevent it from

infecting a system, and remove

malicious code that has infected

the system

Application Server A computer responsible for

hosting applications to user

workstations

Attack An attempt to gain unauthorized

access to system services,resources, or information, or an

attempt to compromise system

integrity, availability, or

confidentiality

Attackers Someone with a strong interest in

computers, who enjoys learning

about them and experimenting

with them

Authentication Verifying the identity of a user,

process, or device, often as a


159/189

Page | 159

prerequisite to allowing access

to resources in an information

system

Authorization The right or a permission that is

granted to a system entity to

access a system resource

Backdoor An undocumented way of

gaining access to a computer

system. A backdoor is a

potential security risk

Batch Process A process that leads to the

production of finite quantities of

material by subjecting quantities

of input materials to an ordered

set of processing activities over a

finite time using one or morepieces of equipment

Broadcast Transmission to all devices in a

network without any

acknowledgment by the

receivers

Buffer Overflow A condition at an interface

under which more input can be

placed into a buffer or data

holding area than the capacity

allocated, overwriting other


160/189

Page | 160

information. Adversaries exploit

such a condition to crash a

system or to insert specially

crafted code that allows them

to gain control of the system

Certification A comprehensive assessment of

the management, operational,

and technical security controls in

an information system, made in

support of security accreditation,

to determine the extent to whichthe controls are implemented

correctly, operating as intended,

and producing the desired

outcome with respect to

meeting the security

requirements for the system

Clear Text Information that is not

encrypted.

Confidentiality Preserving authorized restrictions

on information access and

disclosure, including means for

protecting personal privacy and

proprietary information

Configuration (of a system or

device)

Step in system design; for

example, selecting functional

units, assigning their locations,

and defining their


161/189

Page | 161

interconnections

Configuration Control Process for controlling

modifications to hardware,firmware, software, and

documentation to ensure the

information system is protected

against improper modifications

before, during, and after system

implementation

Continuous Process A process that operates on the

basis of continuous flow, as

opposed to batch, intermittent,

or sequenced operations

Control Algorithm A mathematical representation

of the control action to be

performed

Control Center An equipment structure of group

of structures from which a

process is measured, controlled,

and/or monitored

Control Loop A combination of field devices

and control functions arranged

so that a control variable is

compared to a set point and

returns to the process in the form

of a manipulated variable


162/189

Page | 162

Control Network Those networks of an enterprise

typically connected to

equipment that controls physical

processes and that is time or

safety critical. The control

network can be subdivided into

zones, and there can be multiple

separate control networks within

one enterprise and site

Control Server A server that hosts the

supervisory control system,typically a commercially

available application for DCS or

SCADA system

Control System A system in which deliberate

guidance or manipulation is

used to achieve a prescribedvalue for a variable. Control

systems include SCADA, DCS,

PLCs and other types of industrial

measurement and control

systems

Controlled Variable The variable that the control

system attempts to keep at the

set point value. The set point

may be constant or variable

Controller A device or program that


163/189

Page | 163

operates automatically to

regulate a controlled variable

Cycle Time The time, usually expressed inseconds, for a controller to

complete one control loop

where sensor signals are read

into memory, control algorithms

are executed, and

corresponding control signals

are transmitted to actuators that

create changes the processresulting in new sensor signals

Database A repository of information that

usually holds plantwide

information including process

data, recipes, personnel data,

and financial data. [28]

Data Historian A centralized database

supporting data analysis using

statistical process control

techniques

DC Servo Drive A type of drive that works

specifically with servo motors. It

transmits commands to the

motor and receives feedback

from the servo motor resolver or

encoder


164/189

Page | 164

Denial of Service (DoS) The prevention of authorized

access to a system resource or

the delaying of system

operations and functions

Diagnostics Information concerning known

failure modes and their

characteristics. Such information

can be used in troubleshooting

and failure analysis to help

pinpoint the cause of a failure

and help define suitablecorrective measures

Disaster Recovery Plan (DRP) A written plan for processing

critical applications in the event

of a major hardware or software

failure or destruction of facilities

Discrete Process A type of process where a

specified quantity of material

moves as a unit (part or group of

parts) between work stations

and each unit maintains its

unique identity

Distributed Control System

(DCS)

In a control system, refers to

control achieved by intelligence

that is distributed about the

process to be controlled, rather

than by a centrally located


165/189

Page | 165

single unit

Distributed Plant A geographically distributed

factory that is accessiblethrough the Internet by an

enterprise

Disturbance An undesired change in a

variable being applied to a

system that tends to adversely

affect the value of a controlled

variable

Domain Controller A server responsible for

managing domain information,

such as login identification and

passwords

Encryption Cryptographic transformation ofdata (called plaintext) into a

form (called ciphertext) that

conceals the datas original

meaning to prevent it from

being known or used. If the

transformation is reversible, the

corresponding reversal process is

called decryption, which is a

transformation that restores

encrypted data to its original

state

Enterprise An organization that coordinates


166/189

Page | 166

the operation of one or more

processing sites

Enterprise Resource Planning(ERP) System

A system that integratesenterprise-wide information

including human resources,

financials, manufacturing, and

distribution as well as connects

the organization to its customers

and suppliers

Extensible Markup Language

(XML)

A specification for a generic

syntax to mark data with simple,

human-readable tags, enabling

the definition, transmission,

validation, and interpretation of

data between applications and

between organizations

Fault Tolerant Of a system, having the built-in

capability to provide continued,

correct execution of its assigned

function in the presence of a

hardware and/or software fault

Field Device Equipment that is connected to

the field side on an ICS. Types of

field devices include RTUs, PLCs,

actuators, sensors, HMIs, and

associated communications


167/189

Page | 167

Field Site A subsystem that is identified by

physical, geographical, or

logical segmentation within the

ICS. A field site may contain

RTUs, PLCs, actuators, sensors,

HMIs, and associated

communications

Fieldbus A digital, serial, multi-drop, two-

way data bus or communication

path or link between low-level

industrial field equipment suchas sensors, transducers,

actuators, local controllers, and

even control room devices. Use

of Fieldbus technologies

eliminates the need of point-to-

point wiring between the

controller and each device. A

protocol is used to define

messages over the Fieldbus

network with each message

identifying a particular sensor on

the network

File Transfer Protocol (FTP) FTP is an Internet standard for

transferring files over the Internet.FTP programs and utilities are

used to upload and download

Web pages, graphics, and other

files between local media and a

remote server which allows FTP


168/189

Page | 168

access.

Firewall An inter-network gateway that

restricts data communicationtraffic to and from one of the

connected networks (the one

said to be inside the firewall)

and thus protects that networks

system resources against threats

from the other network (the one

that is said to be outside the

firewall)

Human-Machine Interface

(HMI)

The hardware or software

through which an operator

interacts with a controller. An

HMI can range from a physical

control panel with buttons and

indicator lights to an industrial PC

with a color graphics display

running dedicated HMI software

Identification The process of verifying the

identity of a user, process, or

device, usually as a prerequisite

for granting access to resources

in an IT system

Incident An occurrence that actually or

potentially jeopardizes the

confidentiality, integrity, or


169/189

Page | 169

availability of an information

system or the information the

system processes, stores, or

transmits or that constitutes a

violation or imminent threat of

violation of security policies,

security procedures, or

acceptable use policies.

Incidents may be intentional or

unintentional.

Input/Output (I/O) A general term for theequipment that is used to

communicate with a computer

as well as the data involved in

the communications.

Insider An entity inside the security

perimeter that is authorized to

access system resources but uses

them in a way not approved by

those who granted the

authorization.

Integrity Guarding against improper

information modification or

destruction, and includesensuring information non-

repudiation and authenticity.

Intelligent Electronic Device Any device incorporating one or


170/189

Page | 170

(IED) more processors with the

capability to receive or send

data/control from or to an

external source (e.g., electronic

multifunction meters, digital

relays, controllers)

Internet The single interconnected world-

wide system of commercial,

government, educational, and

other computer networks that

share the set of protocolsspecified by the Internet

Architecture Board (IAB) and the

name and address spaces

managed by the Internet

Corporation for Assigned Names

and Numbers (ICANN)

Intrusion Detection System

(IDS)

A security service that monitors

and analyzes network or system

events for the purpose of finding,

and providing real-time or near

real-time warning of, attempts to

access system resources in an

unauthorized manner

Intrusion Prevention System

(IPS)

A system that can detect an

intrusive activity and can also

attempt to stop the activity,

ideally before it reaches its


171/189

Page | 171

targets

Jitter The time or phase difference

between the data signal andthe ideal clock

Key Logger A program designed to record

which keys are pressed on a

computer keyboard used to

obtain passwords or encryption

keys and thus bypass other

security measures

Light Tower A device containing a series of

indicator lights and an

embedded controller used to

indicate the state of a process

based on an input signal

Local Area Network (LAN) A group of computers and other

devices dispersed over a

relatively limited area and

connected by a

communications link that

enables any device to interact

with any other on the network

Machine Controller A control system/motion network

that electronically synchronizes

drives within a machine system

instead of relying on


172/189

Page | 172

synchronization via mechanical

linkage

Maintenance Any act that either prevents thefailure or malfunction of

equipment or restores its

operating capability

Malware Software or firmware intended to

perform an unauthorized process

that will have adverse impact on

the confidentiality, integrity, or

availability of an information

system. A virus, worm, Trojan

horse, or other code-based

entity that infects a host.

Spyware and some forms of

adware are also examples of

malicious code (malware)

Management Controls The security controls (i.e.,

safeguards or countermeasures)

for an information system that

focus on the management of risk

and the management of

information security

Manipulated Variable In a process that is intended to

regulate some condition, a

quantity or a condition that the

control alters to initiate a

change in the value of the


173/189

Page | 173

regulated condition

Manufacturing Execution

System (MES)

A system that uses network

computing to automateproduction control and process

automation. By downloading

recipes and work schedules and

uploading production results, a

MES bridges the gap between

business and plant-floor or

process-control systems

Master Terminal Unit (MTU) See SCADA Server.

Modem A device used to convert serial

digital data from a transmitting

terminal to a signal suitable for

transmission over a telephone

channel to reconvert the

transmitted signal to serial digitaldata for the receiving terminal

Motion Control Network The network supporting the

control applications that move

parts in industrial settings,

including sequencing, speed

control, point-to-point control,

and incremental motion

Network Interface Card (NIC) A computer circuit board or

card that is installed in a

computer so that it can be


174/189

Page | 174

connected to a network

Object Linking and

Embedding (OLE) for ProcessControl (OPC)

A set of open standards

developed to promoteinteroperability between

disparate field devices,

automation/control, and

business systems

Operating System An integrated collection of

service routines for supervising

the sequencing of programs by

a computer. An operating

system may perform the

functions of input/output control,

resource scheduling, and data

management. It provides

application programs with the

fundamental commands for

controlling the computer

Operational Controls The security controls (i.e.,

safeguards or countermeasures)


are primarily implemented and

executed by people (as

opposed to systems)

Password A string of characters (letters,

numbers, and other symbols)

used to authenticate an identity


175/189

Page | 175

or to verify access authorization

Phishing Tricking individuals into disclosing

sensitive personal informationthrough deceptive computer-

based means

Photo Eye A light sensitive sensor utilizing

photoelectric control that

converts a light signal into an

electrical signal, ultimately

producing a binary signal based

on an interruption of a light

beam

Port The entry or exit point from a

computer for connecting

communications or peripheral

devices

Port Scanning Using a program to remotely

determine which ports on a

system are open (e.g., whether

systems allow connections

through those ports)

Pressure Regulator A device used to control the

pressure of a gas or liquid

Pressure Sensor A sensor system that produces

an electrical signal related to the


176/189

Page | 176

pressure acting on it by its

surrounding medium. Pressure

sensors can also use differential

pressure to obtain level and flow

measurements.

Printer A device that converts digital

data to human-readable text on

a paper medium

Process Controller A proprietary computer system,

typically rack-mounted, that

processes sensor input, executes

control algorithms, and

computes actuator outputs

Programmable Logic

Controller (PLC)

A solid-state control system that

has a user-programmable

memory for storing instructionsfor the purpose of implementing

specific functions such as I/O

control, logic, timing, counting,

three mode (PID) control,

communication, arithmetic, and

data and file processing

Protocol A set of rules (i.e., formats and

procedures) to implement and

control some type of association

(e.g., communication) between

systems


177/189

Page | 177

Protocol Analyzer A device or software application

that enables the user to analyze

the performance of networkdata so as to ensure that the

network and its associated

hardware/software are

operating within network

specifications

Proximity Sensor A non-contact sensor with the

ability to detect the presence of

a target within a specified range

Real-Time Pertaining to the performance of

a computation during the actual

time that the related physical

process transpires so that the

results of the computation canbe used to guide the physical

process

Redundant Control Server A backup to the control server

that maintains the current state

of the control server at all times

Relay An electromechanical device

that completes or interrupts an

electrical circuit by physically

moving conductive contacts.

The resultant motion can be


178/189

Page | 178

coupled to another mechanism

such as a valve or breaker

Remote Access Access by users (or informationsystems) communicating

external to an information

system security perimeter

Remote Diagnostics Diagnostics activities conducted

by individuals communicating

external to an information

system security perimeter

Remote Maintenance Maintenance activities

conducted by individuals

communicating external to an

information system security

perimeter.

Remote Terminal Unit (RTU) A computer with radio

interfacing used in remote

situations where

communications via wire is

unavailable. Usually used to

communicate with remote field

equipment. PLCs with radio

communication capabilities are

also used in place of RTUs.

Resource Starvation A condition where a computer

process cannot be supported by


179/189

Page | 179

available computer resources.

Resource starvation can occur

due to the lack of computer

resources or the existence of

multiple processes that are

competing for the same

computer resources.

Risk The level of impact on agency

operations (including mission,

functions, image, or reputation),

agency assets, or individualsresulting from the operation of

an information system, given the

potential impact of a threat and

the likelihood of that threat

occurring.

Risk Assessment The process of identifying risks to

agency operations (including

mission, functions, image, or

reputation), agency assets, or

individuals by determining the

probability of occurrence, the

resulting impact, and additional

security controls that would

mitigate this impact. Part of risk

management, synonymous withrisk analysis. Incorporates threat

and vulnerability analyses.

Risk Management The process of managing risks to

agency operations (including


180/189

Page | 180

mission, functions, image, or

reputation), agency assets, or

individuals resulting from the

operation of an information

system. It includes risk

assessment; cost-benefit analysis;

the selection, implementation,

and assessment of security

controls; and the formal

authorization to operate the

system. The process considers

effectiveness, efficiency, andconstraints due to laws,

directives, policies, or

regulations.

Router A computer that is a gateway

between two networks at OSI

layer 3 and that relays and

directs data packets through

that inter-network. The most

common form of router operates

on IP packets.

Router Flapping A router that transmits routing

updates alternately advertising a

destination network first via oneroute, then via a different route.

Safety Instrumented System

(SIS)

A system that is composed of

sensors, logic solvers, and final


181/189

Page | 181

control elements whose purpose

is to take the process to a safe

state when predetermined

conditions are violated. Other

terms commonly used include

emergency shutdown system

(ESS), safety shutdown system

(SSD), and safety interlock

system (SIS).

SCADA Server The device that acts as the

master in a SCADA system.

Security Audit Independent review and

examination of a systems

records and activities to

determine the adequacy of

system controls ensure

compliance with established

security policy and procedures,

detect breaches in security

services, and recommend any

changes that are indicated for

countermeasures.

Security Controls The management, operational,

and technical controls (i.e.,safeguards or countermeasures)

prescribed for an information

system to protect the

confidentiality, integrity, and


182/189

Page | 182

availability of the system and its

information.

Security Plan Formal document that provides

an overview of the security

requirements for the information

system and describes the

security controls in place or

planned for meeting those

requirements.

Security Policy Security policies define the

objectives and constraints for

the security program. Policies

are created at several levels,

ranging from organization or

corporate policy to specific

operational constraints (e.g.,

remote access). In general,

policies provide answers to the

questions what and why

without dealing with how.

Policies are normally stated in

terms that are technology-

independent.

Sensor A device that produces a

voltage or current output that isrepresentative of some physical

property being measured

(speed, temperature, flow, etc.)

Servo Valve An actuated valve whose


183/189

Page | 183

position is controlled using a

servo actuator.

Set Point An input variable that sets thedesired value of the controlled

variable. This variable may be

manually set, automatically set,

or programmed.

Simple Network Management

Protocol (SNMP)

A standard TCP/IP protocol for

network management. Network

administrators use SNMP to

monitor and map network

availability, performance, and

error rates. To work with SNMP,

network devices utilize a

distributed data store called the

Management Information Base

(MIB). All SNMP-compliant

devices contain a MIB which

supplies the pertinent attributes

of a device. Some attributes are

fixed or hard-coded in the MIB,

while others are dynamic values

calculated by agent software

running on the device.

Single Loop Controller A controller that controls a very

small process or a critical

process.


184/189

Page | 184

Social Engineering An attempt to trick someone into

revealing information (e.g., a

password) that can be used to

attack systems or networks.

Solenoid Valve A valve actuated by an electric

coil. A solenoid valve typically

has two states: open and closed.

Spyware Software that is secretly or

surreptitiously installed onto an

information system to gather

information on individuals or

organizations without their

knowledge; a type of malicious

code.

Statistical Process Control

(SPC)

The use of statistical techniques

to control the quality of aproduct or process.

Steady State A characteristic of a condition,

such as value, rate, periodicity,

or amplitude, exhibiting only

negligible change over an

arbitrarily long period of time.

Supervisory Control A term that is used to imply that

the output of a controller or

computer program is used as

input to other controllers.


185/189

Page | 185

Supervisory Control and Data

Acquisition (SCADA)

A generic name for a

computerized system that is

capable of gathering andprocessing data and applying

operational controls over long

distances. Typical uses include

power transmission and

distribution and pipeline systems.

SCADA was designed for the

unique communication

challenges (delays, dataintegrity, etc.) posed by the

various media that must be

used, such as phone lines,

microwave, and satellite. Usually

shared rather than dedicated.

Technical Controls The security controls (i.e.,safeguards or countermeasures)


are primarily implemented and

executed by the information

system through mechanisms

contained in the hardware,

software, or firmware

components of the system.

Temperature Sensor A sensor system that produces

an electrical signal related to its

temperature and, as a


186/189

Page | 186

consequence, senses the

temperature of its surrounding

medium.

Threat Any circumstance or event with

the potential to adversely

impact agency operations

(including mission, functions,

image, or reputation), agency

assets, or individuals through an

information system via

unauthorized access,destruction, disclosure,

modification of information,

and/or denial of service.

Transmission Control Protocol

(TCP)

TCP is one of the main protocols

in TCP/IP networks. Whereas the

IP protocol deals only with

packets, TCP enables two hosts

to establish a connection and

exchange streams of data. TCP

guarantees delivery of data and

also guarantees that packets will

be delivered in the same order in

which they were sent.

Trojan Horse A computer program that

appears to have a useful

function, but also has a hidden

and potentially malicious


187/189

Page | 187

function that evades security

mechanisms, sometimes by

exploiting legitimate

authorizations of a system entity

that invokes the program.

Unauthorized Access A person gains logical or

physical access without

permission to a network, system,

application, data, or other

resource.

Valve An in-line device in a fluid-flow

system that can interrupt flow,

regulate the rate of flow, or

divert flow to another branch of

the system.

Variable Frequency Drive(VFD)

A type of drive that controls thespeed, but not the precise

position, of a non-servo, AC

motor by varying the frequency

of the electricity going to that

motor. VFDs are typically used

for applications where speed

and power are important, but

precise positioning is not.

Virtual Private Network (VPN) A restricted-use, logical (i.e.,

artificial or simulated) computer

network that is constructed from


188/189

Page | 188

the system resources of a

relatively public, physical (i.e.,

real) network (such as the

Internet), often by using

encryption (located at hosts or

gateways), and often by

tunneling links of the virtual

network across the real network.

Virus A hidden, self-replicating section

of computer software, usually

malicious logic, that propagatesby infecting (i.e., inserting a

copy of itself into and becoming

part of) another program. A virus

cannot run by itself; it requires

that its host program be run to

make the virus active.

Virus Definitions Predefined signatures for known

malware used by antivirus

detection algorithms.

Vulnerability Weakness in an information

system, system security

procedures, internal controls, or

implementation that could be

exploited or triggered by athreat source.

Wide Area Network (WAN) A physical or logical network

that provides data


189/189

communications to a larger

number of independent users

than are usually served by a

local area network (LAN) and

that is usually spread over a

larger geographic area than

that of a LAN.

Wireless Device A device that can connect to a

manufacturing system via radio

or infrared waves to typically

collect/monitor data, but also incases to modify control set

Documents

SCADA-NIGC