scada fundamentals ms.pdf
TRANSCRIPT
SCADA FundamentalsA brief Review
M Suresh
Chief Research Engineer
Fluid Control Research Institute
www.fcriindia.com
SCADA Terminology
SUPERVISORY CONTROL AND DATA
ACQUISITION
• an industrial control system: a computer system
monitoring and controlling a process. The process
can be industrial, infrastructure or facility-based.
• Processes run in continuous, batch, repetitive, or
discrete modes
Industrial processes
• manufacturing,
• production,
• power generation,
• fabrication,
• refining
Infrastructure processes
• water treatment and distribution,
• sewage collection and treatment,
• oil and gas pipelines,
• electrical power transmission and distribution
• Wind Farms,
• Railways,
• large communication systems.
Facility processes
• Buildings (Energy, Visitor, Parking, Infra.)
• Airports (Baggage, flight scheduling, Information
displays, messaging, security,..)
• Ships (inventory, operations, services, personnel..)
• space stations (basic operations, schedule,... )
Common: They monitor and control HVAC, access, and
energy consumption
Fundamental function: SCADA
• refers to centralized systems that monitor,
control entire sites, complexes of systems
spread out over large areas
• Most control actions are performed automatically
by RTUs or PLCs.
• Host control functions are usually restricted to
basic overriding or supervisory level
intervention.
Typical SCADA operation• a PLC may control flow of cooling water through
part of an industrial process,
• SCADA HMI system allows operators to change
set points for flow,
• enable alarm conditions, such as loss of flow or
high temperature to be displayed and recorded.
• feedback control loop passes through RTU or PLC
• SCADA system monitors overall loop performance
Fundamental function: SCADA
• Data read by RTU / PLC; includes meter readings,
equipment status, etc.
• data are communicated to SCADA as required.
• Data is compiled, formatted on HMI for control room
operator to make supervisory decisions to adjust or
override normal RTU /PLC controls.
• Data may also be fed to Historian (a Database
Management System), to allow trending, other
analytical auditing
SCADA system componentsSupervisory (computer) system
• acquires data on process, sends commands (control) to
process.
Remote Terminal Units (RTU)
• connects to sensors in the process, digitises data
• sends digital data to supervisory system.
Programmable Logic Controller (PLC)
• field devices typically more economical, versatile, flexible,
configurable than RTUs.
Communication / Telemetry
• infrastructure connecting supervisory system to RTU.
Human-Machine Interface (HMI)
• apparatus that presents process data to human operator,
• human operator monitors and controls the process.
Generally Said, Elements of SCADA
• Sensors and actuators
• RTUs/PLCs
• Communication
• MTU
• Front End Processor
• SCADA server
• Historical/Redundant/Safety Server
• HMI computer
• HMI software
Lets go into details..
Levels in SCADA
Level 4: Enterprise
� Corporate LAN/WAN
� World Wide Web
� Virtual Private Network
� Firewall for remote
users
Level 2: Telemetry
� Fiber
� Radio
� Telephone leased line
� Protocols
Level 1: Field
� Devices
� RTUs / PLCs
� Sensors
Level 3: SCADA - MTU
� Operator
Workstations
� Control
� Engineering
Workstations
� Servers – Data
logging
Supervisory Station
(Master Terminal System)
• Computer / servers and software responsible for
communicating with field equipment and HMI
software.
• master station may be a single PC.
• master station may include multiple servers,
distributed software applications, and disaster
recovery sites.
• hot-standby dual-redundancy possible at
present for continuous control and monitoring.
Remote Terminal Unit
• microprocessor controlled electronic device that
interfaces to signals from sensors in physical
world.
• Transmits data to remotely located Supervisory
system and/or alters state of connected field
objects based on control messages received.
• Monitors field digital, analog parameters
• Outputs signals to actuators for local control
• RTU interfaces to Supervisory Station with
different communication media
Programmable Logic Controller
• a digital computer used for automation of
electromechanical processes, eg. control of
machinery on factory assembly lines, amusement
rides, etc.
• designed for multiple inputs and output
arrangements,
• Designed for extended temperature ranges,
immunity to electrical noise, resistance to vibration
and impact.
• Programs to control machine operation stored in
battery-backed or non-volatile memory
PLC
• Early PLCs were
designed to replace
relay logic systems.
• These PLCs were
programmed in ladder
logic, strongly
resembles schematic
diagram of relay logic.
• Proprietary special-
purpose programming
terminals had dedicated
function keys
representing various
logical elements of PLC
programs.
Signal Flow in PLC
I:0/6
I:1/4
O:0/7
O:1/5
I:0/6 O:0/7
I:1/4 O:1/5Ladder
Program
Data Output
Image
Table
Input
Image
Table
Processor MemoryInput Module
Input Devices
I:0/6
I:1/4
Output Module
Output Devices
Programming System
O:0/7
O:1/5
Typical PLC and SCADA link
Programmable automation controller
• compact controller combines features
and capabilities of a PC-based Data
Acquisition System with that of
PLC/RTU.
• PACs used in industrial settings for
process control, data acquisition, remote
equipment monitoring, machine vision,
and motion control.
• communicate over networks; support
protocols TCP/IP, OPC, etc.
• PACs assist data transfer from
machines they control to other machines
or to application software and databases
Intelligent Electronic Device (IED)
Ethernet with DNP3, IEC 61850, MODBUS
IEC 61131-3
• defines five programming languages for
programmable control systems:
• LD Ladder diagram
• IL Instruction list
• FBD Function block diagram
• ST Structured text
• SFC Sequential function chart IEC 848
http://www.en.omesim.com
RTU vs PLC • RTUs focus on remote monitoring and control.
• RTUs have high demand for application, communications
and protocol flexibility.
• PLCs designed around localized fast control of discrete
variables and analog inputs.
• RTUs built with RTOS benefit from faster task processing,
reduced memory requirements, and lower risk of failure due
to overly complex code.
• PLCs have proprietary OS
• RTUs have Communication Protocol Supports for TCP/IP,
Mobile/portable two-way radio, Analog/digital trunking ,
broadband (e.g. WLAN), Cellular modem (GPRS), etc.
RTU vs PLC • Generally RTUs can handle more number of PID
loops than PLCs for same costs.
• SOE (Sequence of Events recording) is generally
lacking in PLCs.
• RTUs can log thousands of events, time tagged to
1ms.
• PLCs lack Data logging features.
• RTUs have High storage capacity (FLASH, DRAM,
SRAM) for adding programs, functions and data
storage.
RTU high-end capabilities
• Support for multiple passwords at multiple abstraction levels – Allows for compartmentalization of application software and SCADA hardware access control
• Hardware IP firewalls
• Support for Data Encryption Standard (DES) and Advanced Encryption Standard (AES)
• Adding authorization to security routines
• Maintaining a sign-in and activity log
• Remote “safe” download of firmware, applications, enabling rapid, secure configuration and upgrades of software code
RTU-Server Data Communication
HMI Operator
Terminals
Sizes typically 4”, 6”, 10”, 15”, 17”.
SIEMENS, Schneider, Hitachi,
Mitsubishi, Advantech, Adlink, ….
• Where localised Operator Interface is needed.
• Can eliminate SCADA for minor applications
HMI Operator Terminals
• Wide variety of
ports;
• Speaker, mic
• alarm contacts,
DIO for external
(remote),
• USB, Ethernet,
RS485/232/422
• Compact flash,
SDCard
HMI Operator Terminals
Programming Software
Configuration Tools
PLC Configuration and programming
HMI Panel Programming software
• Eg. STEP7, Vijeo, etc.
• Permits designing screens for Operator, Alarms,
Graphic plots, Mimics, keys and buttons,..
• Program the Function keys, Security, etc.
• Configuration of Ports, MODBUS register access, PLC
link, ..
HMI Panel Programming software
HMI or MMI Software
• links to SCADA databases and software
programs
• provides trending, diagnostic data, and
management information such as scheduled
maintenance procedures, logistic information,
detailed schematics for a particular sensor or
machine, and expert-system troubleshooting
guides.
HMI mimic• Presents information to operators graphically, in
the form of mimic diagram.
• See schematic representation of plant being
controlled.
• Mimic diagrams may consist of line graphics and
schematic symbols to represent process elements,
• may consist of digital photographs of process
equipment overlain with animated symbols
Alarm handling
• SCADA monitors whether certain alarm conditions
are satisfied to determine occurrence of alarm
events
• Once an alarm event is detected, one or more
actions are taken
• activation of one or more alarm indicators,
• generation of email or text messages
Alarm handling
• An operator may have to acknowledge alarm event;
• this may deactivate some alarm indicators,
• other indicators may remain active until alarm
conditions clear.
• Explicit Alarms: NORMAL or ALARM based on
analog and digital points
• Implicit Alarms: analog point within or outside limit
values
Data Communication• Twisted-Pair Metallic Cable (STP)
• Coaxial Metallic Cable (Co-ax)
• Fiber Optic Cable (FOC)
• Power Line Carrier (PLCC)
• Very Small Aperture Terminal (VSAT: Ku, C)
• Leased Telephone Lines (LTN, PSTN)
• Very High Frequency Radio (VHF)
• Ultra High Frequency Radio (UHF)
• Microwave Radio (MW)
IEEE Standards in SCADA
• IEEE Std 999-1992 – IEEE Recommended Practice for Master/Remote Supervisory Control and Data Acquisition (SCADA) Communications.
• applies to use of serial digital transmissions SCADA systems having geographically dispersed terminals.
• IEEE Std 1379-2000 – IEEE Recommended Practice for Data Communications Between Remote Terminal Units and Intelligent Electronic Devices in a Substation.
• uniform set of guidelines for communications and interoperation of IEDs and RTUs in an electric utility substation.
IEC 60870-5IEC 60870-5-1 (1990-02) • Specifies basic requirements for services to be provided by the data link
and physical layers for telecontrol applications. IEC-60870-5-2 (1992-04) • selection of link transmission procedures using a control field and
optional address field; IEC 60870-5-3 (1992-09) • specifies rules for structuring application data units in transmission
frames of telecontrol systems; general structure of application data and basic rules to specify application data units without specifying details about information fields and their contents.
IEC 60870-5-4 (1993-08) • rules for defining information data elements and a common set of
information elements, particularly digital and analog process variables that are frequently used in telecontrol applications.
IEC 60870-5-5 (1995-06) • defines basic application functions that perform standard procedures for
telecontrol systems,
SCADA Software
• Basic SCADA functionality
• MMI (Graphical User Interface)
• Alarm Handling
• Historical Trending
• Access Control
• Data Acquisition, Automation, Display
• Archiving, Report Generation
• Interfaces to Hardware, Software
• Flexible and open architecture
• Development Tools
Supervisory Control and Data Acquisition
Supervisory Control And Data Acquisition
MIMIC Display Alarms and events
Trends and history
Alarm Handling • Based on limit and status checking
• Also expressions from derived parameters
• Alarms are time stamped and logically
centralised
• Notifications (audible, visual, Email, GSM, . . . )
• Multiple alarm priority levels
• Grouping of alarms, handling of groups
• Suppression and masking of alarms either
individually or in groups
• Filtering of alarms possible
Trending
• Multiple trending charts
• Charts are pre-defined or configured on-line
• Charts contain multiple pens,
• Zooming, scrolling, panning, ‘Hairline’
• Real-time and historical trending
Access Control
Automation of Process
• Actions can be initiated automatically triggered by
an event
• Recipes
• Sequencing and scripting possibilities
• Users organised in groups with a set of allocated
privileges
• Large number of groups possible
• Privileges limit write access to process parameters
• Some allow access to graphics and functionality to
be limited
• Reports, SQL type queries to the RTDB or logs
• Automatic generation, printing, archiving of
reports
• Use of ‘components’ for report generation
Logging and Archiving
• Data stored in compressed and proprietary format
• Logging / Archiving either for a set number of
parameters or for a set period of time
• Logging / Archiving can be frequency or event driven
• Logging of user actions together with a user ID
• VCR facility for playback of stored data
Report Generation
SCADA Software Architecture
Tren-
ding
Alarm
Display
Log
Display
Active X
Controls
Active X
Container
SCADA Client
Recipe
DB
Recipe
Managt
Ref.
DB
Alarm Log ArchiveReport
Gener.
Log DB Archive DBSQL Alarm DB
RT & Event Manager
Data
Proces
SCADA Server
RT
DB
ODBC
DDE
API/DLL
Private
ApplicationEXCEL Driver
PLC PLC
OPC
Graphics
Editor MMI
Driver
Toolkit
Project
Editor
Export
/
ImportCommercial
DB
Commercial
Devel.
tool
ASCII
Files
ASCII
File
Editor
SC
AD
A D
ev
elo
pm
en
t En
viro
nm
en
t.
Library
Data
R/W
VME
Client / Server - Publish / Subscribe - TCP/ IP
SCADA Software features
• Builder and run-time
• PLC drivers & OPC client support
• Remote monitoring by Web browser
• Comprehensive graphical components
• Windows ODBC/SQL database support
• Data log, alarm, security
• scripting
• Diagnostic tools for quick check
Development Tools
• Project editor
• Graphics editor
• Configuration through parameter
templates
• Scripting language
• Driver Development Tool Kit
SCADA Clients
SCADA Client applications
• Security of web clients is controlled by web
server’s firewall and encrypted password
protection technologies to ensure secure
operation.
• Access to web clients are controlled or denied
based on windows user name and password, or
when the number of web clients available has
been exceeded.
• Additionally, project configuration requires a local
user name, password.
SCADA Client applications
• to view any screen and read / write any variable
controlled through SCADA system.
• View-only Client is able to view information within
SCADA but unable to write to any variable or
execute code to communicate with another server.
• View-only Client used for upper management,
process optimization or causal users of control
system.
• Read only access is also available via Control
Client when access rights level is low.
SCADA Client applications
• Within control room it is typical to install client
application
• web clients allow users outside control room to
access control system data in real time.
• web client is full functional client with identical
interface to dedicated Control Clients
ALARMS
SCADA
Alarms and Alarm Management
• Purpose of Alarms
• Types of Alarms
• Alarm management issues in DCS &
SCADA
• Management of Alarms
Alarms
• draw attention of operators to condition
outside of desired normal operation.
• Such conditions require some decision or
intervention by persons.
• Alarms support operation of industrial
plants by alerting operators to a variety of
conditions.
Alarm Types / Sources
• Discrete alarms: Monitor device failures, intrusion
alarms, beacons, and flood and fire detectors.
• Analog alarm inputs: Monitor voltage, temperature,
humidity and pressure.
• Control relays: Operate remote site equipment
directly from your RTU.
• Terminal server functions: Control switches and
other devices remotely via Telnet over LAN.
• Ping alarms: Detect IP device failures and offlines
Alarm indicators and annunciation
• integral part of the human interface to the production
process
• annunciator window in a hardwired panel or a color-
coded faceplate
• message line on a control room VDU/HMI.
• Audible alarm tones or sirens
• Transmitted to remote mobile receivers (Pager, SMS,
email, etc.)
Process Alarms
• majority of alarms in process control system aid
operators to keep manufacturing process
running in the intended manner
• help achieve best possible production
performance.
• Many alarms will warn of deviations that are
linked to possible hazards
Process Alarms
• Is plant operation happening correctly?
• Process parameters within the range?
• Level, flow, pressure, temperature within
limits?
• Relates to efficiency of process or indicate
deviations from intent.
System Alarms
(Machinery or equipment alarms)
• lot of process equipment and operating devices
• System needs to work correctly 24x7
• The paranoia: everything that can possibly go
wrong will, someday!
• Our need for accurate information on health of
every element of the system
• Generally: status (eg. Bearing temperature High)
System Alarms
• Power supplies: commercial AC power, battery,
backup generators, UPS systems, etc.
• Building and facility alarms: intrusion, entry, open-
door, fire, smoke, flooding, etc.
• Environmental conditions: temperature, humidity
• RTU/communication equipment: switches,
Routers, fiber optic equipment, microwave radios,
modem.
Hazop Alarms
• A Prevention layers to prevent occurrence of
hazardous.
• Prevention layers:
– Plant Design, Process Control system, Alarms
Systems, mechanical safety devices, Interlocks,
Shutdown (SIS) systems.
• Hazops dictate large no. of ‘add-in’ alarms as ‘quick
fix’ solution to numerous operability problems.
Shutdown (or ESD) alarm
• Informs operator on initiation of SIS automatic
shutdown event.
• Basically monitor SIS.
• support corrective, subsequent actions by
operator.
• trigger for a mitigation action such as closure of
other parts of plant, isolation of fuel supplies, etc.
Fire and gas alarms
• Alarms usually built within dedicated and entirely
independent fire and gas detection systems.
• essential for protection of personnel
• assumed that all other control systems may be
shutdown or damaged due to fire or gas
conditions.
Alarm Management Issues
• Most alarms installed to deal with detailed, localized
problems of process or equipment control.
• backlog of standing alarms
• frequent minor alarms from process conditions running in
and out of limits at short intervals.
• Overloading operator with useless information at time of
crisis; nuisance in times of steady operation
• When major upset occurs, numerous alarms; as disturbance
takes hold.
Alarm Management System
• software-driven resources within DCS or SCADA
• serves to group, rationalize, prioritize the alarms
• assist operators to pack away less important
alarms whilst ensuring they do not get lost
• Tools to assist in tuning, adjustment of alarms
• Alarm log and selected history files
• Sequence of event recording
Key design principles for alarms
• Judicious use of HMI for Screen data, Graphics
• Present only relevant, useful alarms to operator
• Each alarm should have a defined response from
the operator
• Allow adequate time for an operator to respond to
an alarm
• Establish, enforce an alarm priority structure
Alarm formats
• Detailed alarm descriptions
• Alarm sorting and categorizing
• Separate Standing Alarm and Change of State
(COS) Alarm lists
• 24x7 unmanned remote alarms:
pager, SMS, email notification
Open Data Base
Connectivity
SCADA
Open Data Base Connectivity
• a standard software interface for accessing
DBMS; developed by SQL Access group in 1992.
• Helps interface SCADA/DCS software to third-
party database management software (DBMS).
• Channels SQL statements /function calls to
DBMS for data update / retrieval.
• Helps in trend plots, historical database review,
assessment, reporting, documentation.
ODBC Architecture
• Application
• Driver Manager
• Driver
• Data Source
ODBC Architecture
• Application
Performs processing and calls ODBC functions
to submit SQL statements and retrieve results.
• Driver Manager
Loads and unloads drivers on behalf of an
application.
Processes ODBC function calls or passes them
to a driver.
ODBC Architecture• Driver: Processes ODBC function calls, submits SQL
requests to a specific data source, and returns results to
application.
Can modify an application's request so that it conforms
to syntax supported by DBMS package.
• Data Source:
• data that user wants to access,
• DBMS,
• OS and network platform (if any) used to access DBMS.
ODBC Driver
• Primarily intended for reporting, it enables an
ODBC-compliant application to access from
SCADA/DCS database,
• Data: history, event, point parameter values.
• Server database queried using SQL
commands from ODBC client applications.
• custom applications written in Visual Basic or
C++ to access the server database
OLE for
Process Control
(OPC)
Object Linking and Embedding
• COM/DCOM, OLE technologies developed by
Microsoft for Windows
• a standard set of objects, interfaces and methods
for data exchange between applications
• OPC Foundation started in 1994
• most common OPC specification is OPC Data
Access.
OLE: Object Linking and Embedding
• OLE is just the
technology
which allows an
object (such as a
spreadsheet) to
be embedded
(and linked)
inside of another
document (a
word processor
document).
• Version 1 used DDE to communicate
between applications.
• Version 2 uses COM instead of DDE
OLE: Object Linking and Embedding
• Microsoft technology.
• COM is the protocol which allows OLE to work
– Rules of the road for programs to talk with each
other
– Foundation of automation
� Non-proprietary technical specification, but
copyrighted by the OPC Foundation
� Set of standards maintained by ‘OPC Foundation’,
and based on Microsoft :
� OLE (Object Linking and Embedding) / now ActiveX
� COM (component object model)
� DCOM (distributed component object model)
technologies
OPC (OLE for Process Control)
Why OPC?
• Traditionally, any time a package needs
access to data from a device, a custom
interface, or driver, had to be written.
• OPC defines common interface that is
written once, reused by any SCADA, HMI,
business or custom software packages.
• Client Server approach
Why is OPC Data Access
needed?
Software
Driver
Software
Driver
Software
Driver
Software
Driver
Display
Application
Trend
Application
Report
Application
Why OPC ?
Software
Driver
Software
Driver
Software
Driver
Software
Driver
OPC OPC OPC OPC
Display
Application
Trend
Application
Report
Application
OPC OPC OPC
Architecture
Process
I / O
Comm Protocol
Comm Interface
OPC Server
DA/AE/HDA/DX
Protocol Driver
Comm Interface
Controller
Smart Device
DCS Sub-System
Computer
Process
I / O
Comm Protocol
Comm Interface
DX
OPC DA Clients
RealTime PV
OPC AE Clients
Alarm/Event SP
OPC HDA Clients
Historian DB
OPC Server
DA/AE/HDA/DX
Protocol Driver
Comm InterfaceHDA
AE
DA
HDA
AE
DA
OPC Unified Architecture Specification
• Concepts, Security,
• Address Space, Services
• Information Model, Mappings, Profiles
• Data Access,
• Alarms and Conditions,
• Programs,
• Historical Access, etc.
http://www.opcfoundation.org
Data Access Mechanism
Commn.Bus
Data Server
Alarm ServerEthernet
Firewall
Firewall
Client
Security Issues!!
PLC/SCADA
Hacking the SCADA
• Trojan program inserted into SCADA caused
a massive natural gas explosion along the
Trans-Siberian pipeline in 1982.
• A newspaper reported the resulting fireball
yielded “the most monumental non-nuclear
explosion and fire ever seen from space.
• http://pipelineandgasjournal.com/hacking-
industrial-scada-network (November 2009
Vol. 236 No. 11)
Hacking:Sending spoofed commands to PLC
• “So you can have the operator seeing something entirely different than what's happening in the process, causing the pipe to burst and the tank to overflow”
• http://www.securityweek.com/black-hat-researchers-remotely-hack-scada-systems-oil-rigs
• Use of Firewalls: Ethernet In and Ethernet Out ports between SCADA device and Internet
SCADA Failures
Iran used SIEMENS WinCC SCADA to control centrifuges for refining uranium. Weaknesses in
WINCC combined with vulnerabilities in Microsoft's Windows OS -- allowed malworm
Stuxnet to disrupt the centrifuges; an act of sabotage (U.S. and Israel)
http://www.infoworld.com/d/security/siemens-industrial-software-targeted-stuxnet-still-full-of-holes-
206654
SCADA Security Attacks
• Denial of Service
• Plant a Trojan, virus/malware
• Delete System Files, Low level format of drives
• Take Control of SCADA System
• Info Mining (Log Keystrokes, Usernames,
Passwords, Setpoints, any Operation Info)
• Info tampering (Change Data Points, Setpoint)
Malware, Trojan
• Generally, affects Microsoft Windows OS where
SCADA is installed.
• malware spreads via mobile data carriers, USB
sticks and networks.
• Trojans activated by viewing contents of USB stick.
• Also affects PACs, Embedded systems
• Other computers
– Infrastructure computers (file servers, domain
controllers, other servers...)
– Computers with and without WinCC installed
– Virtual machines (e.g. VMWARE installations)
SCADA Security Attacks• Modify Data points on SCADA graphics to
deceive Operators that system is out of control and that ESD is essential.
• Capture, Modify, or Delete Data Logged in Operational Database SQL Server, PI Historian
• Locate Maintenance Database and modify or delete information regarding calibration and reliability tests for industrial equipment
• Use SCADA Server as a launching point to defame and compromise other system components within corporate network. (IP Spoofing)
Purposes of Attacks
• Operational or Corporate data for personal gain
or sell to competition or hold as ransom
• Gain Info for future attacks or satisfy curiosity
• Gain control of SCADA System
• to impact damage on industrial systems,
• possibly causing environmental impact,
• damage corporate identity thru public exposure
• Cause danger to facility or company by staging
a false alarm shutdown of the plant or facility
Security Issues & Potential
Consequences• Render Control Inoperative
• Render View-Access Inoperative
• Cause Non-Operation, Mis-Operation, or Mal-
Operation
• Production Loss
• Equipment Damage
• Personal Injury
• Death
Ring of Defences
Defence mechanisms
• SCADA Firewalls:
• additional layer to mediate traffic between protected network & external network.
• protect passwords, IP addresses, files, etc.
• SCADA Internal Network Design
• with own IP segment, use smart switches and proper sub-masking
• Operating systems
• with proper patches
• default NULL NT accounts and administrator accounts to be removed or renamed.
Segregation of Plant, SCADA
networks
• plant control rooms sometimes have
corporate computers with Internet and email
• Trojans, viruses can be planted through email
opened by another computer, and then
silently copied over to adjacent SCADA
servers
Batch Control issues!
• The Electronic Signature means that operations
cannot be performed until enabled by previously
assigned Windows users/user groups. Users/user
groups are assigned to the operations in the
respective application.
• Eg. SIMATIC BATCH has e-signature
authorization passing.
Open technologies
• Control system implementation continues to move
toward the use of off-the-shelf technologies such as
Microsoft Windows operating systems and standard,
open Ethernet communications
• Allow system to be more easily connected to the
enterprise or plant LAN to exchange information and
allow remote access to improve business
performance
Cyber security
• The use of open technologies exposes the control
system to the same types of security issues as the
plant LANs.
• Process control systems have traditionally been
built on proprietary technology.
• proprietary systems provide reasonable level of
security from unauthorized access due to its
closed nature
Sophistication levels in Hacking
Tools
• Past: much of problem attributed todisgruntled employees, or accidental orinadvertent actions that caused systemdisruptions.
• current threats: more from people outside
Redundancy
Concepts for
PLC/SCADA and DCS
Concept of Redundancy
addition of information, resources, or time beyond what is
needed for normal system operation.
Hardware redundancy: extra hardware for the purpose of
detecting or tolerating faults.
Software redundancy: extra software to detect, possibly
tolerate faults.
Information redundancy : extra information to implement given
function eg. ECC)
Time redundancy : For fault detection, fault tolerance;
Hardware RedundancyPassive techniques use concept of fault masking
• achieve fault tolerance without requiring action on part of
system.
• Relies on voting mechanisms.
Active techniques achieve fault tolerance
• by detecting existence of faults, performing action to remove
faulty hardware
• fault detection, fault location, fault recovery to achieve fault
tolerance.
Hybrid techniques
• combine the attractive features of passive and active
approaches.
Controller Redundant PLCs
Fault-Tolerant Unit (Fault Masking)Set of actively redundant components:
• FTUs should receive identical input messages in same order
• FTUs should operate in replica determinism
Cold standby:
• at given time only one component provides service;
• if service provider fails, failure detector starts a spare
Component
Hot standby:
• At given time, only one component provides service;
• if service provider fails, active spare component replaces
failed component
Active redundancy:
• two or more components provide the service concurrently
Triple Modular Redundancy
• Triplicate hardware, perform majority vote to
determine output of system
• If one of modules becomes faulty, remaining two
fault-free modules mask results of faulty module
at majority vote.
TMR with triplicated Voter
Troubleshooting
techniques
Instrumentation in
PLC/SCADA and DCS
Connectivity/Comm issues
• device not found
• Not Powered? Power supply overload, etc.
• Network address, bit/baud,
• Adding new device: Incorrect register address, protocol issues
• Intermittent: Noisy cable / connectors
• IO errors
Instrumentation Loop
• Open connections
• Loop impedance issues: Digital device communication issues
• Power supply noise
• Calibration / drift issues
Alarm related issues
• Unexpected alarm floods due to local
instrumentation problems
• Improper alarm settings / thresholds
Other problems
• IO card failure cause identification
• Troubleshooting and Diagnostics: Kepner-
Tregoe approach
