SCADA (an acronym for supervisory control and data acquisition ) is a control system architecture comprising computers , networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers , which interface with process plant or machinery.
63-475: The operator interfaces which enable monitoring and the issuing of process commands, such as controller setpoint changes, are handled through the SCADA computer system. The subordinated operations, e.g. the real-time control logic or controller calculations, are performed by networked modules connected to the field sensors and actuators . The SCADA concept was developed to be a universal means of remote-access to
126-501: A low pass filter that removes frequency content above about 1/3 of the sampling frequency (a relay A/D converter needs to sample faster than twice per cycle of the highest frequency that it is to monitor). The AC signal is then sampled by the relay's analog-to-digital converter from 4 to 64 (varies by relay) samples per power system cycle. As a minimum, magnitude of the incoming quantity, commonly using Fourier transform concepts ( RMS and some form of averaging) would be used in
189-430: A LAN. Information was shared in near real time. Each station was responsible for a particular task, which reduced the cost as compared to First Generation SCADA. The network protocols used were still not standardized. Since these protocols were proprietary, very few people beyond the developers knew enough to determine how secure a SCADA installation was. Security of the SCADA installation was usually overlooked. Similar to
252-454: A SCADA device by sending commands over a network. In many cases SCADA users have assumed that having a VPN offered sufficient protection, unaware that security can be trivially bypassed with physical access to SCADA-related network jacks and switches. Industrial control vendors suggest approaching SCADA security like Information Security with a defense in depth strategy that leverages common IT practices. Apart from that, research has shown that
315-482: A contractor installed a SCADA system in January 2000, system components began to function erratically. Pumps did not run when needed and alarms were not reported. More critically, sewage flooded a nearby park and contaminated an open surface-water drainage ditch and flowed 500 meters to a tidal canal. The SCADA system was directing sewage valves to open when the design protocol should have kept them closed. Initially this
378-419: A distributed architecture, any complex SCADA can be reduced to the simplest components and connected through communication protocols. In the case of a networked design, the system may be spread across more than one LAN network called a process control network (PCN) and separated geographically. Several distributed architecture SCADAs running in parallel, with a single supervisor and historian, could be considered
441-511: A fault condition is detected, output contacts operate to trip the associated circuit breaker(s). The logic is user-configurable and can vary from simply changing front panel switches or moving of circuit board jumpers to accessing the relay's internal parameter setting webpage via communications link on another computer hundreds of kilometers away. The relay may have an extensive collection of settings, beyond what can be entered via front panel knobs and dials, and these settings are transferred to
504-425: A given time t {\displaystyle t} , S P {\displaystyle SP} is the setpoint, P V ( t ) {\displaystyle PV(t)} is the process variable at time t {\displaystyle t} . The PID controller uses this error signal to determine how to adjust the control output to bring the process variable as close as possible to
567-401: A low pass filter that numerically removes the frequency content that is above the fundamental frequency of interest (i.e., nominal system frequency), and uses Fourier transform algorithms to extract the fundamental frequency magnitude and angle. The relay analyzes the resultant A/D converter outputs to determine if action is required under its protection algorithm(s). Protection algorithms are
630-447: A modern SCADA system. One is the threat of unauthorized access to the control software, whether it is human access or changes induced intentionally or accidentally by virus infections and other software threats residing on the control host machine. Another is the threat of packet access to the network segments hosting SCADA devices. In many cases, the control protocol lacks any form of cryptographic security , allowing an attacker to control
693-455: A network architecture. This allows for a more cost-effective solution in very large scale systems. The growth of the internet has led SCADA systems to implement web technologies allowing users to view data, exchange information and control processes from anywhere in the world through web SOCKET connection. The early 2000s saw the proliferation of Web SCADA systems. Web SCADA systems use internet browsers such as Google Chrome and Mozilla Firefox as
SECTION 10
#1732771993875756-473: A screen (that might act in a similar way to the "fuel tank empty" light in a car); in each case, the role of the alarm indicator is to draw the operator's attention to the part of the system 'in alarm' so that appropriate action can be taken. "Smart" RTUs, or standard PLCs, are capable of autonomously executing simple logic processes without involving the supervisory computer. They employ standardized control programming languages (such as those under IEC 61131-3 ,
819-408: A set of logic equations in part designed by the protection engineer, and in part designed by the relay manufacturer. The relay is capable of applying advanced logic. It is capable of analyzing whether the relay should trip or restrain from tripping based on parameters set by the user, compared against many functions of its analogue inputs, relay contact inputs, timing and order of event sequences. If
882-399: A simple relay function. More advanced analysis can be used to determine phase angles , power , reactive power , impedance , waveform distortion , and other complex quantities. Only the fundamental component is needed for most protection algorithms, unless a high speed algorithm is used that uses subcycle data to monitor for fast changing issues. The sampled data is then passed through
945-510: A standard attack type leveraging access to the Tomcat Embedded Web server . Security researcher Jerry Brown submitted a similar advisory regarding a buffer overflow vulnerability in a Wonderware InBatchClient ActiveX control . Both vendors made updates available prior to public vulnerability release. Mitigation recommendations were standard patching practices and requiring VPN access for secure connectivity. Consequently,
1008-422: A suite of five programming languages including function block, ladder, structured text, sequence function charts and instruction list), that are frequently used to create programs which run on these RTUs and PLCs. Unlike a procedural language like C or FORTRAN , IEC 61131-3 has minimal training requirements by virtue of resembling historic physical control arrays. This allows SCADA system engineers to perform both
1071-399: A variable from its setpoint is one basis for error-controlled regulation using negative feedback for automatic control. A setpoint can be any physical quantity or parameter that a control system seeks to regulate, such as temperature, pressure, flow rate, position, speed, or any other measurable attribute. In the context of PID controller , the setpoint represents the reference or goal for
1134-409: A variety of local control modules, which could be from different manufacturers and allowing access through standard automation protocols . In practice, large SCADA systems have grown to become similar to distributed control systems in function, while using multiple means of interfacing with the plant. They can control large-scale processes that can span multiple sites, and work over large distances. It
1197-444: A working group, WG4. WG4 "deals specifically with unique technical requirements, measurements, and other features required to evaluate and assure security resilience and performance of industrial automation and control systems devices". The increased interest in SCADA vulnerabilities has resulted in vulnerability researchers discovering vulnerabilities in commercial SCADA software and more general offensive SCADA techniques presented to
1260-436: Is a protective relay that uses a microprocessor to analyze power system voltages, currents or other process quantities for the purpose of detection of faults in an electric power system or industrial process system. A digital protective relay may also be called a "numeric protective relay". Low voltage and low current signals (i.e., at the secondary of a voltage transformers and current transformers ) are brought into
1323-429: Is a digital status point that has either the value NORMAL or ALARM that is calculated by a formula based on the values in other analogue and digital points—or implicit: the SCADA system might automatically monitor whether the value in an analogue point lies outside high and low- limit values associated with that point. Examples of alarm indicators include a siren, a pop-up box on a screen, or a coloured or flashing area on
SECTION 20
#17327719938751386-474: Is also frequently used for large systems such as railways and power stations. The remote management or monitoring function of a SCADA system is often referred to as telemetry . Some users want SCADA data to travel over their pre-established corporate networks or to share the network with other applications. The legacy of the early low-bandwidth protocols remains, though. SCADA protocols are designed to be very compact. Many are designed to send information only when
1449-517: Is being monitored. For instance, a differential element refers to the logic required to monitor two (or more) currents, find their difference, and trip if the difference is beyond certain parameters. The term element and function are quite interchangeable in many instances. For simplicity on one-line diagrams, the protection function is usually identified by an ANSI device number. In the era of electromechanical and solid state relays, any one relay could implement only one or two protective functions, so
1512-659: Is compiled here. An example of efforts by vendor groups to standardize automation protocols is the OPC-UA (formerly "OLE for process control" now Open Platform Communications Unified Architecture ). SCADA systems have evolved through four generations as follows: Early SCADA system computing was done by large minicomputers . Common network services did not exist at the time SCADA was developed. Thus SCADA systems were independent systems with no connectivity to other systems. The communication protocols used were strictly proprietary at that time. The first-generation SCADA system redundancy
1575-429: Is one of the most commonly-used types of industrial control systems . The key attribute of a SCADA system is its ability to perform a supervisory operation over a variety of other proprietary devices. Level 1 contains the programmable logic controllers (PLCs) or remote terminal units (RTUs). Level 2 contains the SCADA to readings and equipment status reports that are communicated to level 2 SCADA as required. Data
1638-505: Is then compiled and formatted in such a way that a control room operator using the human-machine interface (HMI) can make supervisory decisions to adjust or override normal RTU (PLC) controls. Data may also be fed to a historian , often built on a commodity database management system , to allow trending and other analytical auditing. SCADA systems typically use a tag database , which contains data elements called tags or points , which relate to specific instrumentation or actuators within
1701-558: The AC to a DC value proportionate to the AC waveform. An op-amp and comparator is used to create a DC that rises when a trip point is reached. Then a relatively simple microprocessor does a slow speed A/D conversion of the DC signal, integrates the results to create the time-overcurrent curve response, and trips when the integration rises above a set-point. Though this relay has a microprocessor, it lacks
1764-501: The PID controller . Industrial applications Special consideration must be given for engineering applications. In industrial systems, physical or process restraints may limit the determined set point. For example, a reactor which operates more efficiently at higher temperatures may be rated to withstand 500°C. However, for safety reasons, the set point for the reactor temperature control loop would be well below this limit, even if this means
1827-740: The Nation’s critical infrastructures represent a systemic threat to their continued operation following an EMP event. Additionally, the necessity to reboot, repair, or replace large numbers of geographically widely dispersed systems will considerably impede the Nation’s recovery from such an assault." Many vendors of SCADA and control products have begun to address the risks posed by unauthorized access by developing lines of specialized industrial firewall and VPN solutions for TCP/IP-based SCADA networks as well as external SCADA monitoring and recording equipment. The International Society of Automation (ISA) started formalizing SCADA security requirements in 2007 with
1890-661: The Prodar 70 being developed between 1969 and 1971. It was commissioned in service on a 230kV transmission line at PG&E's Tesla substation in February 1971 and was in service for six years. In 2017, George received the IEEE Halperin Electric Transmission and Distribution Award. The award was for "pioneering development and practical demonstration of protective relaying of electric power systems with real-time digital computer techniques." George
1953-461: The SCADA master in lieu of a traditional RTU. Since about 1998, virtually all major PLC manufacturers have offered integrated HMI/SCADA systems, many of them using open and non-proprietary communications protocols. Numerous specialized third-party HMI/SCADA packages, offering built-in compatibility with most major PLCs, have also entered the market, allowing mechanical engineers, electrical engineers and technicians to configure HMIs themselves, without
SCADA - Misplaced Pages Continue
2016-467: The US), there is increasing use of satellite-based communication. This has the key advantages that the infrastructure can be self-contained (not using circuits from the public telephone system), can have built-in encryption, and can be engineered to the availability and reliability required by the SCADA system operator. Earlier experiences using consumer-grade VSAT were poor. Modern carrier-class systems provide
2079-418: The activation of one or more alarm indicators, and perhaps the generation of email or text messages so that management or remote SCADA operators are informed). In many cases, a SCADA operator may have to acknowledge the alarm event; this may deactivate some alarm indicators, whereas other indicators remain active until the alarm conditions are cleared. Alarm conditions can be explicit—for example, an alarm point
2142-511: The actual speed to the desired speed in the optimum way, without delay or overshoot, by altering the power output of the vehicle's engine. In this way the S P − P V {\displaystyle SP-PV} error is used to control the PV so that it equals the SP. A widespread of S P − P V {\displaystyle SP-PV} error is classically used in
2205-743: The architecture of SCADA systems has several other vulnerabilities, including direct tampering with RTUs, communication links from RTUs to the control center, and IT software and databases in the control center. The RTUs could, for instance, be targets of deception attacks injecting false data or denial-of-service attacks . The reliable function of SCADA systems in our modern infrastructure may be crucial to public health and safety. As such, attacks on these systems may directly or indirectly threaten public health and safety. Such an attack has already occurred, carried out on Maroochy Shire Council's sewage control system in Queensland , Australia . Shortly after
2268-401: The attributes of a digital/numeric relay, and hence the term "microprocessor relay" is not a clear term. The digital/numeric relay was invented by George Rockefeller. George conceived of it in his Master's Thesis in 1967–68 at Newark College of Engineering. He published his seminal paper Fault Protection with a Digital Computer in 1969. Westinghouse developed the first digital relay with
2331-491: The basis of modern society. The security of these SCADA systems is important because compromise or destruction of these systems would impact multiple areas of society far removed from the original compromise. For example, a blackout caused by a compromised electrical SCADA system would cause financial losses to all the customers that received electricity from that source. How security will affect legacy SCADA and new deployments remains to be seen. There are many threat vectors to
2394-409: The controlled process variable. It serves as the benchmark against which the actual process variable (PV) is continuously compared. The PID controller calculates an error signal by taking the difference between the setpoint and the current value of the process variable . Mathematically, this error is expressed as: where e ( t ) {\displaystyle e(t)} is the error at
2457-536: The design and implementation of a program to be executed on an RTU or PLC. A programmable automation controller (PAC) is a compact controller that combines the features and capabilities of a PC-based control system with that of a typical PLC. PACs are deployed in SCADA systems to provide RTU and PLC functions. In many electrical substation SCADA applications, "distributed RTUs" use information processors or station computers to communicate with digital protective relays , PACs, and other devices for I/O, and communicate with
2520-420: The first detection of malware that attacks SCADA systems (Siemens' WinCC /PCS 7 systems) running on Windows operating systems. The malware is called Stuxnet and uses four zero-day attacks to install a rootkit which in turn logs into the SCADA's database and steals design and control files. The malware is also capable of changing the control system and hiding those changes. The malware was found on 14 systems,
2583-638: The fundamental component of the incoming analogue parameters. Digital/numerical relays provide a front panel display, or display on a terminal through a communication interface. This is used to display relay settings and real-time current/voltage values, etc. More complex digital relays will have metering and communication protocol ports, allowing the relay to become an element in a SCADA system. Communication ports may include RS-232 / RS-485 or Ethernet (copper or fibre-optic). Communication languages may include Modbus , DNP3 or IEC61850 protocols. By contrast, an electromechanical protective relay converts
SCADA - Misplaced Pages Continue
2646-420: The general security community. In electric and gas utility SCADA systems, the vulnerability of the large installed base of wired and wireless serial communications links is addressed in some cases by applying bump-in-the-wire devices that employ authentication and Advanced Encryption Standard encryption rather than replacing all existing nodes. In June 2010, anti-virus security company VirusBlokAda reported
2709-591: The graphical user interface (GUI) for the operators HMI. This simplifies the client side installation and enables users to access the system from various platforms with web browsers such as servers, personal computers, laptops, tablets and mobile phones. SCADA systems that tie together decentralized facilities such as power, oil, gas pipelines, water distribution and wastewater collection systems were designed to be open, robust, and easily operated and repaired, but not necessarily secure. The move from proprietary technologies to more standardized and open solutions together with
2772-539: The increased number of connections between SCADA systems, office networks and the Internet has made them more vulnerable to types of network attacks that are relatively common in computer security . For example, United States Computer Emergency Readiness Team (US-CERT) released a vulnerability advisory warning that unauthenticated users could download sensitive configuration information including password hashes from an Inductive Automation Ignition system utilizing
2835-686: The majority of which were located in Iran. In October 2013 National Geographic released a docudrama titled American Blackout which dealt with an imagined large-scale cyber attack on SCADA and the United States' electrical grid. Both large and small systems can be built using the SCADA concept. These systems can range from just tens to thousands of control loops , depending on the application. Example processes include industrial, infrastructure, and facility-based processes, as described below: However, SCADA systems may have security vulnerabilities, so
2898-588: The master station polls the RTU. Typical legacy SCADA protocols include Modbus RTU, RP-570 , Profibus and Conitel. These communication protocols, with the exception of Modbus (Modbus has been made open by Schneider Electric), are all SCADA-vendor specific but are widely adopted and used. Standard protocols are IEC 60870-5-101 or 104 , IEC 61850 and DNP3 . These communication protocols are standardized and recognized by all major SCADA vendors. Many of these protocols now contain extensions to operate over TCP/IP . Although
2961-430: The need for a custom-made program written by a software programmer. The Remote Terminal Unit (RTU) connects to physical equipment. Typically, an RTU converts the electrical signals from the equipment to digital values. By converting and sending these electrical signals out to equipment the RTU can control equipment. SCADA systems have traditionally used combinations of radio and direct wired connections, although SONET/SDH
3024-432: The process system. Data is accumulated against these unique process control equipment tag references. A SCADA system usually consists of the following main elements: An important part of most SCADA implementations is alarm handling . The system monitors whether certain alarm conditions are satisfied, to determine when an alarm event has occurred. Once an alarm event has been detected, one or more actions are taken (such as
3087-413: The quality of service required for SCADA. RTUs and other automatic controller devices were developed before the advent of industry wide standards for interoperability. The result is that developers and their management created a multitude of control protocols. Among the larger vendors, there was also the incentive to create their own protocol to "lock in" their customer base. A list of automation protocols
3150-690: The reactor is running less efficiently. This technology-related article is a stub . You can help Misplaced Pages by expanding it . Digital protective relay In utility and industrial electric power transmission and distribution systems, a numerical relay is a computer-based system with software-based protection algorithms for the detection of electrical faults . Such relays are also termed as microprocessor type protective relays. They are functional replacements for electro-mechanical protective relays and may include many protection functions in one unit, as well as providing metering, communication, and self-test functions. The digital protective relay
3213-420: The relay via an interface with a PC ( personal computer ), and this same PC interface may be used to collect event reports from the relay. In some relays, a short history of the entire sampled data is kept for oscillographic records. The event recording would include some means for the user to see the timing of key logic decisions, relay I/O (input/output) changes, and see, in an oscillographic fashion, at least
SECTION 50
#17327719938753276-402: The replacement by the digital relay proceeded a bit more slowly. While the great majority of feeder relays in new applications today are digital, the solid state relay still sees some use where simplicity of the application allows for simpler relays, which allows one to avoid the complexity of digital relays. Protective elements refer to the overall logic surrounding the electrical condition that
3339-410: The security of some SCADA-based systems has come into question as they are seen as potentially vulnerable to cyber attacks . In particular, security researchers are concerned about: SCADA systems are used to control and monitor physical processes, examples of which are transmission of electricity, transportation of gas and oil in pipelines, water distribution, traffic lights, and other systems used as
3402-450: The setpoint while maintaining stability and minimizing overshoot . Cruise control The S P − P V {\displaystyle SP-PV} error can be used to return a system to its norm. An everyday example is the cruise control on a road vehicle; where external influences such as gradients cause speed changes (PV), and the driver also alters the desired set speed (SP). The automatic control algorithm restores
3465-547: The system. In April 2008, the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack issued a Critical Infrastructures Report which discussed the extreme vulnerability of SCADA systems to an electromagnetic pulse (EMP) event. After testing and analysis, the Commission concluded: "SCADA systems are vulnerable to EMP insult. The large numbers and widespread reliance on such systems by all of
3528-410: The systems should be evaluated to identify risks and solutions implemented to mitigate those risks. Setpoint (control system) In cybernetics and control theory , a setpoint ( SP ; also set point ) is the desired or target value for an essential variable, or process value (PV) of a control system , which may differ from the actual measured value of the variable. Departure of such
3591-446: The use of conventional networking specifications, such as TCP/IP , blurs the line between traditional and industrial networking, they each fulfill fundamentally differing requirements. Network simulation can be used in conjunction with SCADA simulators to perform various 'what-if' analyses. With increasing security demands (such as North American Electric Reliability Corporation (NERC) and critical infrastructure protection (CIP) in
3654-399: The user via potentiometers in the relay, and in some case, taps on transformers. In some solid-state relays, a simple microprocessor does some of the relay logic, but the logic is fixed and simple. For instance, in some time overcurrent solid state relays, the incoming AC current is first converted into a small signal AC value, then the AC is fed into a rectifier and filter that converts
3717-437: The voltages and currents to magnetic and electric forces and torques that press against spring tensions in the relay. The tension of the spring and taps on the electromagnetic coils in the relay are the main processes by which a user sets such a relay. In a solid-state relay , the incoming voltage and current wave-forms are monitored by analog circuits, not recorded or digitized. The analog values are compared to settings made by
3780-534: Was achieved using a back-up mainframe system connected to all the Remote Terminal Unit sites and was used in the event of failure of the primary mainframe system. Some first generation SCADA systems were developed as "turn key" operations that ran on minicomputers such as the PDP-11 series. SCADA information and command processing were distributed across multiple stations which were connected through
3843-418: Was believed to be a system bug. Monitoring of the system logs revealed the malfunctions were the result of cyber attacks. Investigators reported 46 separate instances of malicious outside interference before the culprit was identified. The attacks were made by a disgruntled ex-employee of the company that had installed the SCADA system. The ex-employee was hoping to be hired by the utility full-time to maintain
SECTION 60
#17327719938753906-653: Was chairman of the IEEE Power System Relaying and Control (PSRC) committee (1981-1982) as well as a member of the "Computer Relaying Subcommittee" which was created by the PSRC in 1971 and disbanded in 1978. He wrote the foreword for the PSRC tutorial on Computer Relaying produced in 1979. In 1971 M. Ramamoorty was the first to describe calculation of impedance for distance protection using discrete Fourier analysis. The first practical commercially available microprocessor based digital/numeric relay
3969-434: Was made by Edmund O. Schweitzer, III in the early 1980s. SEL , AREVA , and ABB Group 's were early forerunners making some of the early market advances in the arena, but the arena has become crowded today with many manufacturers. In transmission line and generator protection, by the mid-1990s the digital relay had nearly replaced the solid state and electro-mechanical relay in new construction. In distribution applications,
#874125