SCADA (Supervisory Control And Data Acquisition) is a category of software application program for industrial process control, the gathering of data in 'real-time' from remote locations in order to control equipment and conditions.
SCADA is a system of software and hardware elements that allows industrial organizations to:
-
Control industrial processes locally or at remote locations
-
Monitor, gather, and process real-time data
-
Directly interact with devices such as sensors, valves, pumps, motors, and more through human-machine interface (HMI) software
-
Record events into a log file
SCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. SCADA is used in power plants as well as in oil and gas refining, Food and beverage, Telecommunications, Transportation, Water and waste control, Manufacturing, Recycling, Pharmaceutical/Bio-tech, HVAC and commercial building management, Energy pipelines and utilities, Energy management and refrigeration, and many more.
-
Evolution of SCADA systems
SCADA found its birth on the floors of industrial organizations or plants. 50-70 years back most such organisations were dependent on their personnel for controlling and monitoring their equipments 'manually,' via push-buttons and analog dials.
As these industrial floors and their remote sites began to scale out in size, it was not possible for them to send their personnel over long distances to control the equipments. Industrial organizations then started to utilize 'relays' and 'timers' to provide some level of supervisory control, so that they would not have to send people to remote locations to interact with each device. But these Relays and timers were difficult to reconfigure, troubleshoot and their control panels took up racks upon racks of space.
In the early 1950s, computers were first developed and used for industrial control purposes, especially in the major utilities, oil and gas pipelines, and other industrial markets at that time. In the 1960s, telemetry was established for monitoring, which allowed for automated communications to transmit measurements and other data from remotes sites to monitoring equipment.
The term “SCADA” was coined in the early 1970s, and the rise of microprocessors and PLCs during that decade greatly contributed to new ability to monitor and control automated processes. This first generation of SCADA systems started off with mainframe computers. In those days, each SCADA system stood on its own, as networking of computer systems was not possible.
In the 80s and 90s, smaller computers, LAN technology and PC-based HMI software came to the fore and SCADA evolved using them. Some sort of network connectivity started to emerge among those, using the proprietary protocols. These SCADA systems were not capable of communicating to other vendors' systems.
In the 1990s and early 2000s, there was high adoption of 'Open System' architecture' and network protocols that were not vendor-specific. Using the distribution system model, SCADA systems evolved a great deal. These were called networked SCADA systems and they were using the ETHERNET as communication technology. Networked SCADA systems allowed systems from other vendors to communicate with each other, alleviating the limitations imposed by older SCADA systems, and allowed organizations to connect more devices to their networks.
Now comes the sad part of the story...
There was a technology boom in the field of personal computing and IT. When SQL databases were becoming a norm in IT, they were not adopted by most SCADA developers. The gulf between the industrial controls systems and IT kept widening with each year of passing. And, SCADA technology became antiquated over time. SCADA developers were literally forced to stop their obsession with proprietary technology to handle the 'data' their systems collected. Modern SCADA systems aim to solve this problem by leveraging the best of controls and IT technology.
Modern SCADA systems allow real-time data from the plant floor to be accessed from 'anywhere' in the world. This access to real-time information allows governments, businesses, and individuals to make data-driven decisions about how to improve their processes. Without SCADA software, it would be extremely difficult if not impossible to gather sufficient data for consistently well-informed decisions.
The introduction of modern IT standards and practices such as SQL and web-based applications into SCADA software has greatly improved the efficiency, security, productivity, and reliability of SCADA systems. One big advantage of using SQL databases with a SCADA system is that it makes it easier to integrate into existing MES and ERP systems, allowing data to flow seamlessly through an entire organization. Historical data from a SCADA system can also be logged in a SQL database, which allows for easier data analysis through data trending.
There are numerous SCADA platforms on the market; however, the most popular platforms include Rockwell Factory Talk, Siemens WinCC, Wonderware Systems Platform, and Ignition. Each of these platforms can be programmed with modern web languages such as HTML5, Python, and PHP, and integrated with generalized database software such as SQL.
-
How do SCADA systems work?
Using modern SCADA solutions, operators and field supervisors can access actionable data and manage hundreds of assets without visiting every field device.
SCADA systems include hardware and software components. The hardware gathers and feeds data into a computer that has SCADA software installed. The computer then processes this data and presents it in a timely manner. SCADA also records and logs all events into a file stored on a hard disk or sends them to a printer. SCADA applications warn when conditions become hazardous by sounding alarms.
The basic SCADA architecture begins with programmable logic controllers (PLCs) or remote terminal units (RTUs). PLCs and RTUs are microcomputers that communicate with an array of objects such as factory machines, HMIs, sensors, and end devices, and then route the information from those objects to computers with SCADA software. The SCADA software processes, distributes, and displays the data, helping operators and other employees analyze the data and make important decisions.
SCADA provides real-time visibility into your industrial operations. For example, the SCADA system quickly notifies an machine operator that a batch of products is showing a high incidence of errors. The operator pauses the operation and views the SCADA system data via an HMI to determine the cause of the issue. Then he reviews the data and discovers that Machine 4 was malfunctioning. The SCADA system’s ability to notify the operator of an issue helps him to resolve it and prevent further loss of product.
-
What are main Components of SCADA systems?
1. Remote Terminal Units (RTUs)
RTUs collect and store information from sensors, then send it to the master terminal unit (MTU), which is composed of a computer, PLC, and a network server that forms the core of a SCADA system. An RTU collects and stores data until it receives the appropriate command from the MTU, then transmits the necessary data. The MTU is then able to communicate with operators and share data with other systems.
2. Human-Machine Interface (HMI)
Within a SCADA system, a human-machine interface is any user interface or dashboard where operators can interact with a machine, system, or device. It’s where water operators or technicians can track real-time data on every connected piece of equipment. These user interfaces allow for full remote control of your assets. This enables operators to monitor machine 'input' and 'output,' oversee their key performance indicators (KPIs), track production time and trends, and visually display data across the SCADA system.
HMIs are used to interact with machines and optimize their processes. They can take the form of computer monitors, tablets, and screens built onto machines themselves, which provide insight into the performance and progress of the mechanical system. For example, an operator on the floor level of an industrial plant could use an HMI to control and monitor the temperature of a water tank or monitor the performance of a pump within the facility.
3. Communications Network
The communications network is the connection between the RTU and the MTU, which enables data to be transmitted between the two units. It can be wired- or wireless network. Now a days, wireless communication is more prevalent and it is bidirectional. It is used for networking purposes, alongside other communication processes and equipment, such as fiber optic cables and twisted pair cables.
4. Inputs
SCADA systems rely on inputs that are read and written by a PLC (Programmable Logic Controllers) to log and store data. What is a PLC, you may ask. It is a mini-computer that sits within a SCADA network and collects inputs and outputs from devices in the system. The PLC monitors the state of inputs, such as the speed and performance of a motor, then uses this insight to output signals to devices, such as stop or slow down the motor.
-
Key Security Concerns with SCADA
As you know now that SCADA systems use computers, networks, and graphical human-machine interfaces (HMIs) to provide high-level control, management, and supervision of industrial processes. Although SCADA networks are crucial to industrial operations but they are made up of hardware and software. That's why, they can easily fall prey to hacking, which makes SCADA security increasingly important for you.
However, some of ICS/SCADA networks are particularly vulnerable to attacks by hackers, insider threats, and even terrorists. For example, ICS firm Schneider Electric was attacked by sophisticated hackers who launched a targeted zero-day attack on Schneider's systems in 2018. The attack used a remote access Trojan, the first of its kind to infect safety-instrumented systems equipment, which is crucial to monitoring utility firms’ critical systems. The firm released a firmware update and issued advice and tools for customers to detect and mitigate the attack.
Common weaknesses of SCADA systems include the followings:
1. A lack of security around 'Application development,'
2. Issues with SCADA systems monitoring,
3. A lack of maintenance or updates to the software, etc
All these weaknesses thus create some serious security gaps.
Another key threat to SCADA systems is a lack of security training for employees, who need to understand the potential threats they face and how to spot a potential cyberattack.
Security of SCADA systems is key component of protection of Operational Technology (OT). But you need specialized solutions from security vendors which are specially designed for ICS/SCADA security. These SCADA security solutions, protects SCADA networks and prevents vulnerabilities from being exploited by cyber criminals.
Avoiding potential security issues is reliant on documenting and mapping where systems connect to the internet and other internal networks and the people who have access to them. This provides insight into all potential data 'entry' and 'exit' points, which helps organizations monitor for cyberattacks.
Your organization also need to implement appropriate detection and monitoring systems that can prevent attacks and 'malware injection.'
You must ensure procedures are in place around network security, including report monitoring, standard protocols, and security checks, which will help you address new and existing vulnerabilities.
-
-
Kindly write 
your comments on the posts or topics, because when you do that you help me greatly in 
designing new quality article/post on cybersecurity.
your comments on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
With thanks,
Meena R.
_____
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM