SCADA- Supervisory Control And Data

Acquisition

Submitted by- Sushant Kamboj

0912221123EN-64

INTRODUCTIONSCADA stands for Supervisory Control And Data Acquisition. As the name indicates, it is not a full control system, but rather focuses on the supervisory level. As such, it is a purely software package that is positioned on top of hardware to which it is interfaced, in general via Programmable Logic Controllers (PLCs), Remote terminal Units(RTUs) or other commercial hardware modules.SCADA is a system that allows an operator to monitor and control processes that are distributed among various remote sites. SCADA systems allow remote sites to communicate with a control facility and provide the necessary data to control processes.

ARCHITECHTUREOne distinguishes two basic layers in a SCADA system: the "client

layer" which caters for the man machine interaction and the "data server layer" which handles most of the process data control activities.

The data servers communicate with devices in the field through process controllers. Process controllers, e.g. PLCs, RTUs etc. are connected to the data servers either directly or via networks or fieldbuses that are proprietary, or non-proprietary.

Data servers are connected to each other and to client stations via a Communication System.

Continued…A SCADA system usually consists of the following subsystems:A Human–Machine Interface or HMI is the apparatus which presents

process data to a human operator, and through this, the human operator monitors and controls the process.

A Supervisory System(MTU), gathering (acquiring) data on the process and sending commands (control) to the process.

Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.

Programmable Logic Controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.

Communication Infrastructure connecting the supervisory system to the remote terminal units.

Various process and analytical instrumentation.

MASTER TERMNAL UNIT(MTU)At the heart of the system is the Master Terminal Unit (MTU). The

master terminal unit initiates all communication, gathers data, stores information, sends information to other systems, and interfaces with operators.

The MTU also communicates with other peripheral devices in the facility like monitors, printers, and other information systems. The primary interface to the operator is the monitor or CRT that portrays are presentation of valves, pumps, etc. As incoming data changes, the screen is updated.

Continued…The MTU monitors Information from remote sites and displays information for the Operator.

Inputs and Outputs of an MTU

Programmable Logic Controller (PLCs)Prior to the advent of the PLC in the early 1970’s, digital automation

was performed by relay based control panels.

This is how PLC panels looks in early days.

Continued…

• A PLC is a special purpose computer used for plant automation that was initially created to replace the functions of relay control panels.

• Device that performs work on or controls the process. Equipment are the PLC’s arms and legs.

Continued…A PLC’s interface to process equipment and instruments mainly occurs in four ways:Digital Input/Discreet InputDigital Output/Discreet OutputAnalog InputAnalog Output

General Layout of a PLC

Remote Terminal Units(RTUs)Remote terminal Units gather information from their remote site

from various input devices, like valves, pumps, alarms, meters, etc. Essentially, data is either analog (real numbers), digital (on/off), or pulse data (e.g., counting the revolutions of a meter).

Many Remote Terminal Units hold the information gathered in their memory and wait for a request from the MTU to transmit the data.

Like a PLC, the RTU functions at the remote location wherever a SCADA system needs equipment monitoring or control. The optimal RTU system is modular—integrating the two-way data acquisition interface for process equipment control, and the interface to the communication subsystem.

Continued…

COMPARING PLCs and RTUs

COMMUNICATION INFRASTRUCTURE SCADA systems have traditionally used combinations of radio and direct wired connections. Some users want SCADA data to travel over their pre-established corporate networks or to share the network with other applications.Communication equipment is required for bi-directional

communications between an RTU and the MTU. This can be done through public transmission media or atmospheric means.

SCADA systems are capable of communicating using a wide variety of media such as fiber optics, dial-up, or dedicated voice grade telephone lines, or radio.

Recently, some utilities have employed Integrated Services Digital Network (ISDN).

Since the amount of information transmitted is relatively small (less than 50K), voice grade phone lines, and radio work well.

Topology of a SCADA

WEB ACCESS HMI

Using a standard Web-Browser, user scan view and control automation equipment used in manufacturing facilities, industrial process plants, and building automation systems. Data is displayed to Operators and Users in real-time with dynamically updated graphics using full motion animation. A plug-in is required for the full-animation client.

CURRENT THREAT- STUXNETIt is a “worm” designed to sabotage a specific industrial process. It

penetrates a particular subsystem of a SCADA industrial control systems of a single producer. Once injected, it spreads silently in the Windows/SCADA infrastructure looking for specific Programmable Logic Controllers (PLC) and reprogram them to alter the functionality, showing at the same time normal running conditions to the monitoring system.

Reported in June 2010, first example of a precision military-grade cyber weapon, deployed to seek and damage a real world physical target.

Stuxnet intercepts communications with the PLC, determines whether the system is the intended target, modifies the existing PLC code to change the operational parameters. It hides the PLC infection from the operator using rootkit functionality.

Worm Propagation During 24h following release ..

CONTINUED…Stuxnet code is sophisticated, incredibly large (about 0.5MB), mostly

bug-free. Probably assembled by a large team of highly qualified experts in different fields with control system expertise, working during an extended period of time, with specific hardware equipment available for testing.

The worm “very likely” responsible for disruption of Iran's nuclear program by damaging centrifuges at uranium enrichment facility in Natanz (no other targets). Iranian President acknowledged the damage from the worm (distribution of infected hosts: 59% Iran, 18% Indonesia, 8% India).

One more cyber-weapon? DUQU (Remote Access Trojan, not self-replicating, missing component?). Discovered in 2011, code very similar to Stuxnet but targeting computers rather than ICS. Probably built for information gathering.

FUTURE TRENDS IN SCADAThe Promise of Wireless Sensor NetworkingThe static, inflexible and centralized architecture of the system further limits

the interoperability of a SCADA system with other systems as well as their coverage of data. Wireless Sensor Networking is an emerging area that can tackle this problem. With this technology, sensors can be deployed with more ease and flexibility.

With wireless sensor networking technology, sensors can be placed at other crucial places like pipelines and tanks at relatively lower costs. This greatly enhances the efficiency of the SCADA system by making more information available.

The current SCADA systems are not enabled to be integrated with wireless networking systems and new systems and software with this capability may have to be developed to exploit this possibility.

CONTINUED…Another area where the current SCADA systems are found lacking is extensibility.

In other words they are not equipped to be connected to new applications like safety alarm systems, real-time communication networks based on new technology etc. This in turn limits the ability of the RTUs to take proactive measures to prevent accidents.

What Needs to be Done:The communication architecture has to move on from being rigidly centralized-

they have to develop a flexible structure that allow communication between different RTUs and other systems like embedded sensor networks and mobile users on field. This can be achieved by adopting internet technologies for networking.

Open protocols for communication and data management have to be developed. The protocols have to address the issue of what types of data is sent and to whom.

the RTUs and other components have to be designed in such a way that unauthorized accessing and altering is not possible. In other words, data security has to be maintained. Use of IP and open protocols especially can cause more vulnerability security threats.

REFERENCEShttp://www.vanityfair.com/culture/features/2011/04/stuxnet-201104 http://www.securityinfowatch.com/Features/hackers-targeting-critical-

infrastructure Trends in SCADA for Automated Systems by- Synchrony(Published:

November 2010). SCADA & PLC VULNERABILITIES IN CORRECTIONAL FACILITIES White Paper

by- Teague Newman , Tiffany Rad, (ELC networks), John Strauchs, Strauchs,(7/30/2011)

THANK YOU!!!