Escolar Documentos
Profissional Documentos
Cultura Documentos
It generally refers to an
industrial control system: a computer system monitoring and controlling a process. The
process can be industrial, infrastructure or facility-based as described below:
Contents
[hide]
• 11 External links
An HMI is usually linked to the SCADA system's databases and software programs, to
provide trending, diagnostic data, and management information such as scheduled
maintenance procedures, logistic information, detailed schematics for a particular sensor
or machine, and expert-system troubleshooting guides.
The HMI system usually presents the information to the operating personnel graphically,
in the form of a mimic diagram. This means that the operator can see a schematic
representation of the plant being controlled. For example, a picture of a pump connected
to a pipe can show the operator that the pump is running and how much fluid it is
pumping through the pipe at the moment. The operator can then switch the pump off. The
HMI software will show the flow rate of the fluid in the pipe decrease in real time. Mimic
diagrams may consist of line graphics and schematic symbols to represent process
elements, or may consist of digital photographs of the process equipment overlain with
animated symbols.
The HMI package for the SCADA system typically includes a drawing program that the
operators or system maintenance personnel use to change the way these points are
represented in the interface. These representations can be as simple as an on-screen traffic
light, which represents the state of an actual traffic light in the field, or as complex as a
multi-projector display representing the position of all of the elevators in a skyscraper or
all of the trains on a railway.
Since about 1998, virtually all major PLC manufacturers have offered integrated
HMI/SCADA systems, many of them using open and non-proprietary communications
protocols. Numerous specialized third-party HMI/SCADA packages, offering built-in
compatibility with most major PLCs, have also entered the market, allowing mechanical
engineers, electrical engineers and technicians to configure HMIs themselves, without the
need for a custom-made program written by a software developer.
The RTU connects to physical equipment. Typically, an RTU converts the electrical
signals from the equipment to digital values such as the open/closed status from a switch
or a valve, or measurements such as pressure, flow, voltage or current. By converting and
sending these electrical signals out to equipment the RTU can control equipment, such as
opening or closing a switch or a valve, or setting the speed of a pump.
The term "Supervisory Station" refers to the servers and software responsible for
communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI
software running on workstations in the control room, or elsewhere. In smaller SCADA
systems, the master station may be composed of a single PC. In larger SCADA systems,
the master station may include multiple servers, distributed software applications, and
disaster recovery sites. To increase the integrity of the system the multiple servers will
often be configured in a dual-redundant or hot-standby formation providing continuous
control and monitoring in the event of a server failure.
For some installations, the costs that would result from the control system failing are
extremely high. Possibly even lives could be lost. Hardware for some SCADA systems is
ruggedized to withstand temperature, vibration, and voltage extremes, but in most critical
installations reliability is enhanced by having redundant hardware and communications
channels, up to the point of having multiple fully equipped control centres. A failing part
can be quickly identified and its functionality automatically taken over by backup
hardware. A failed part can often be replaced without interrupting the process. The
reliability of such systems can be calculated statistically and is stated as the mean time to
failure, which is a variant of mean time between failures. The calculated mean time to
failure of such high reliability systems can be on the order of centuries.
SCADA systems have traditionally used combinations of radio and direct serial or
modem connections to meet communication requirements, although Ethernet and IP over
SONET / SDH is also frequently used at large sites such as railways and power stations.
The remote management or monitoring function of a SCADA system is often referred to
as telemetry.
This has also come under threat with some customers wanting SCADA data to travel over
their pre-established corporate networks or to share the network with other applications.
The legacy of the early low-bandwidth protocols remains, though. SCADA protocols are
designed to be very compact and many are designed to send information to the master
station only when the master station polls the RTU. Typical legacy SCADA protocols
include Modbus RTU, RP-570, Profibus and Conitel. These communication protocols are
all SCADA-vendor specific but are widely adopted and used. Standard protocols are IEC
60870-5-101 or 104, IEC 61850 and DNP3. These communication protocols are
standardized and recognized by all major SCADA vendors. Many of these protocols now
contain extensions to operate over TCP/IP. It is good security engineering practice to
avoid connecting SCADA systems to the Internet so the attack surface is reduced.
RTUs and other automatic controller devices were being developed before the advent of
industry wide standards for interoperability. The result is that developers and their
management created a multitude of control protocols. Among the larger vendors, there
was also the incentive to create their own protocol to "lock in" their customer base. A list
of automation protocols is being compiled here.
Recently, OLE for Process Control (OPC) has become a widely accepted solution for
intercommunicating different hardware and software, allowing communication even
between devices originally not intended to be part of an industrial network.
The United States Army's Training Manual 5-601 covers "SCADA Systems for C4ISR
Facilities".
In the first generation, computing was done by mainframe systems. Networks didn’t exist
at the time SCADA was developed. Thus SCADA systems were independent systems
with no connectivity to other systems. Wide Area Networks were later designed by RTU
vendors to communicate with the RTU. The communication protocols used were often
proprietary at that time. The first-generation SCADA system was redundant since a back-
up mainframe system was connected at the bus level and was used in the event of failure
of the primary mainframe system.
These are the current generation SCADA systems which use open system architecture
rather than a vendor-controlled proprietary environment. The SCADA system utilizes
open standards and protocols, thus distributing functionality across a WAN rather than a
LAN. It is easier to connect third party peripheral devices like printers, disk drives, and
tape drives due to the use of open architecture. WAN protocols such as Internet Protocol
(IP) are used for communication between the master station and communications
equipment. Due to the usage of standard protocols and the fact that many networked
SCADA systems are accessible from the Internet, the systems are potentially vulnerable
to remote cyber-attacks. On the other hand, the usage of standard protocols and security
techniques means that standard security improvements are applicable to the SCADA
systems, assuming they receive timely maintenance and updates.
Towards the late 1990s, the shift towards open communications continued with
individual I/O manufacturers as well, who adopted open message structures such as
Modbus RTU and Modbus ASCII (originally both developed by Modicon) over RS-485.
By 2000, most I/O makers offered completely open interfacing such as Modbus TCP over
Ethernet and IP.
The North American Electric Reliability Corporation (NERC) has specified that electrical
system data should be time-tagged to the nearest millisecond. Electrical system SCADA
systems provide this Sequence of events recorder function, using Radio clocks to
synchronize the RTU or distributed RTU clocks.
SCADA systems are coming in line with standard networking technologies. Ethernet and
TCP/IP based protocols are replacing the older proprietary standards. Although certain
characteristics of frame-based network communication technology (determinism,
synchronization, protocol selection, environment suitability) have restricted the adoption
of Ethernet in a few specialized applications, the vast majority of markets have accepted
Ethernet networks for HMI/SCADA.
With the emergence of software as a service in the broader software industry, a few
vendors have begun offering application specific SCADA systems hosted on remote
platforms over the Internet. This removes the need to install and commission systems at
the end-user's facility and takes advantage of security features already available in
Internet technology, VPNs and SSL. Some concerns include security,[2] Internet
connection reliability, and latency.
SCADA systems are becoming increasingly ubiquitous. Thin clients, web portals, and
web based products are gaining popularity with most major vendors. The increased
convenience of end users viewing their processes remotely introduces security
considerations. While these considerations are already considered solved in other sectors
of Internet services, not all entities responsible for deploying SCADA systems have
understood the changes in accessibility and threat scope implicit in connecting a system
to the Internet.
• the lack of concern about security and authentication in the design, deployment
and operation of existing SCADA networks
• the belief that SCADA systems have the benefit of security through obscurity
through the use of specialized protocols and proprietary interfaces
• the belief that SCADA networks are secure because they are physically secured
• the belief that SCADA networks are secure because they are disconnected from
the Internet
SCADA systems are used to control and monitor physical processes, examples of which
are transmission of electricity, transportation of gas and oil in pipelines, water
distribution, traffic lights, and other systems used as the basis of modern society. The
security of these SCADA systems is important because compromise or destruction of
these systems would impact multiple areas of society far removed from the original
compromise. For example, a blackout caused by a compromised electrical SCADA
system would cause financial losses to all the customers that received electricity from
that source. How security will affect legacy SCADA and new deployments remains to be
seen.
There are two distinct threats to a modern SCADA system. First is the threat of
unauthorized access to the control software, whether it be human access or changes
induced intentionally or accidentally by virus infections and other software threats
residing on the control host machine. Second is the threat of packet access to the network
segments hosting SCADA devices. In many cases, there is rudimentary or no security on
the actual packet control protocol, so anyone who can send packets to the SCADA device
can control it. In many cases SCADA users assume that a VPN is sufficient protection
and are unaware that physical access to SCADA-related network jacks and switches
provides the ability to totally bypass all security on the control software and fully control
those SCADA networks. These kinds of physical access attacks bypass firewall and VPN
security and are best addressed by endpoint-to-endpoint authentication and authorization
such as are commonly provided in the non-SCADA world by in-device SSL or other
cryptographic techniques.
Many vendors of SCADA and control products have begun to address these risks in a
basic sense by developing lines of specialized industrial firewall and VPN solutions for
TCP/IP-based SCADA networks. Additionally, application whitelisting solutions are
being implemented because of their ability to prevent malware and unauthorized
application changes without the performance impacts of traditional antivirus scans[citation
needed]
. Also, the ISA Security Compliance Institute (ISCI) is emerging to formalize
SCADA security testing starting as soon as 2009. ISCI is conceptually similar to private
testing and certification that has been performed by vendors since 2007. Eventually,
standards being defined by ISA99 WG4 will supersede the initial industry consortia
efforts, but probably not before 2011 .
In June 2010, VirusBlokAda reported the first detection of malware that attacks SCADA
systems running on Windows operating systems: the malware exploited the Windows
shortcut icon vulnerability "Win32/CplLnk.A"[8] to install a rootkit which in turn logs in
to the SCADA's database and steals design and control files.[9][10]
[edit] References
1. ^ Basic SCADA Animations
2. ^ Donald Wallace (2003-09-01). "How to put SCADA on the Internet". Control
Engineering. http://www.controleng.com/article/CA321065.html. Retrieved 2008-
05-30. (Note: Donald Wallace is COO of M2M Data Corporation, a SCADA
vendor.)
3. ^ D. Maynor and R. Graham. "SCADA Security and Terrorism: We're Not
Crying Wolf". http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-
Maynor-Graham-up.pdf.
4. ^ Robert Lemos (2006-07-26). "SCADA system makers pushed toward security".
SecurityFocus. http://www.securityfocus.com/news/11402. Retrieved 2007-05-09.
5. ^ "S4 2008 Agenda". http://www.digitalbond.com/wp-
content/uploads/2007/10/S4_2008_Agenda.pdf.
6. ^ "SCADA Security - Generic Electric Grid Malware Design". http://www.c4-
security.com/SCADA%20Security%20-%20Generic%20Electric%20Grid
%20Malware%20Design%20-%20SyScan08.pps.
7. ^ KEMA, Inc. (November 2006). Substation Communications: Enabler of
Automation / An Assessment of Communications Technologies. UTC - United
Telecom Council. p. 3–21.
8. ^ "Encyclopedia entry: Exploit:Win32/CplLnk.A". Microsoft. Jul 16, 2010.
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?
Name=Exploit%3aWin32%2fCplLnk.A. Retrieved 27 July 2010.
9. ^ Mills, Elinor (2010-07-21). "Details of the first-ever control system malware
(FAQ)". CNET. http://news.cnet.com/8301-27080_3-20011159-245.html.
Retrieved 21 July 2010.
10. ^ "SIMATIC WinCC / SIMATIC PCS 7: Information concerning Malware /
Virus / Trojan". Siemens. 2010-07-21.
http://support.automation.siemens.com/WW/llisapi.dll?
func=cslib.csinfo&lang=en&objid=43876783&caller=view. Retrieved 22 July
2010. "malware (trojan) which affects the visualization system WinCC SCADA."
SCADA is an acronym that stands for Supervisory Control and Data Acquisition.
SCADA refers to a system that collects data from various sensors at a factory, plant or in
other remote locations and then sends this data to a central computer which then manages
and controls the data.
SCADA is a term that is used broadly to portray control and management solutions in a
wide range of industries. Some of the industries where SCADA is used are Water
Management Systems, Electric Power, Traffic Signals, Mass Transit Systems,
Environmental Control Systems, and Manufacturing Systems.
SCADA as a System
There are many parts of a working
SCADA system. A SCADA system
usually includes signal hardware (input
and output), controllers, networks, user
interface (HMI), communications
equipment and software. All together, the
term SCADA refers to the entire central
system. The central system usually
monitors data from various sensors that
are either in close proximity or off site
(sometimes miles away).
For the most part, the brains of a SCADA system are performed by the Remote Terminal
Units (sometimes referred to as the RTU). The Remote Terminal Units consists of a
programmable logic converter. The RTU are usually set to specific requirements,
however, most RTU allow human intervention, for instance, in a factory setting, the RTU
might control the setting of a conveyer belt, and the speed can be changed or overridden
at any time by human intervention. In addition, any changes or errors are usually
automatically logged for and/or displayed. Most often, a SCADA system will monitor
and make slight changes to function optimally; SCADA systems are considered closed
loop systems and run with relatively little human intervention.
One of key processes of SCADA is the ability to monitor an entire system in real time.
This is facilitated by data acquisitions including meter reading, checking statuses of
sensors, etc that are communicated at regular intervals depending on the system. Besides
the data being used by the RTU, it is also displayed to a human that is able to interface
with the system to override settings or make changes when necessary.
SCADA can be seen as a system with many data elements called points. Usually each
point is a monitor or sensor. Usually points can be either hard or soft. A hard data point
can be an actual monitor; a soft point can be seen as an application or software
calculation. Data elements from hard and soft points are usually always recorded and
logged to create a time stamp or history
HMI's are an easy way to standardize the facilitation of monitoring multiple RTU's or
PLC's (programmable logic controllers). Usually RTU's or PLC's will run a pre
programmed process, but monitoring each of them individually can be difficult, usually
because they are spread out over the system. Because RTU's and PLC's historically had
no standardized method to display or present data to an operator, the SCADA system
communicates with PLC's throughout the system network and processes information that
is easily disseminated by the HMI.
HMI's can also be linked to a database, which can use data gathered from PLC's or RTU's
to provide graphs on trends, logistic info, schematics for a specific sensor or machine or
even make troubleshooting guides accessible. In the last decade, practically all SCADA
systems include an integrated HMI and PLC device making it extremely easy to run and
monitor a SCADA system.
SCADA can come in open and non proprietary protocols. Smaller systems are extremely
affordable and can either be purchased as a complete system or can be mixed and
matched with specific components. Large systems can also be created with off the shelf
components. SCADA system software can also be easily configured for almost any
application, removing the need for custom made or intensive software development.
Acronym for supervisory control and data acquisition, a computer system for gathering
and analyzing real time data. SCADA systems are used to monitor and control a plant or
equipment in industries such as telecommunications, water and waste control, energy, oil
and gas refining and transportation. A SCADA system gathers information, such as
where a leak on a pipeline has occurred, transfers the information back to a central site,
alerting the home station that the leak has occurred, carrying out necessary analysis and
control, such as determining if the leak is critical, and displaying the information in a
logical and organized fashion. SCADA systems can be relatively simple, such as one that
monitors environmental conditions of a small office building, or incredibly complex,
such as a system that monitors all the activity in a nuclear power plant or the activity of a
municipal water system.
Another major advantage of our systems is that they are easily equipped with an
Uninterruptible Power Source (UPS), typically rechargeable batteries and/or solar panels.
During power loss, they continue to measure and store time-stamped data, which can be
later transmitted to the supervisory computer.
SCADA Sensors
Almost any sensor may be used with the measurement and control system, allowing
customization for each operation. Each of our control units features a variety of channel
types for flexibility in measuring many different types of sensors. For example, magnetic
flowmeters can be measured using pulse counting channels instead of being measured as
a 4-20 mA signal. Likewise, ultrasonic level transmitters can be measured using SDI-12
protocol on digital ports instead of as a 4-20 mA signal. Our control units also provide
extensive signal conditioning and are easily expandable.
SCADA Communications
Our control units support multiple communications options, including: ethernet, radio,
telephone, cellphone, voice synthesized phone, and satellite. They also feature peer-to-
peer event and polled communication, and can call out to a computer, telephone numbers
and/or pagers. Remote lift stations, reservoirs, and pumping stations transmit data via dial
up leased phone lines, cell phone, radio, or wide area network T1 links.
SCADA Software
The supervisory computer consists of a PC running either Campbell Scientific's HMI
software or another vendor's software. InTouch, Intellution, Lookout, and other software
packages can be used in conjunction with our OPC client/server software application.
Like other HMI software packages, our software provides a graphical interface that the
operator uses to view the status of remote sites, acknowledge alarms, and control the
units.
Generator Monitor and control temperatures and flow rates within exhaust heat
recovery unit and heat exchanger
Trickling Monitor on/off status of pumps and blowers, dissolved oxygen, flow
Filter rate, and wetwell level
Control on/off status of pumps and blowers