Scada which stands for Supervisory Control and Data Acquisition, generally refers to the control system

of the industry which is a computer system which contols and monitors a process. This process can be
infrastructure, facility or industrial based which is as described as below:

 Industrial processes include production, refining, manufacturing, fabrication, and power

generation and may run in batch, continuous, discrete or repetitive modes.

 The infrastructure processes can be private or public, and includes water treatment and the
distribution, wastewater treatment and collection, electrical power distribution and transmission,
gas and oil pipelines, civil defense siren systems, and the large communication systems.

 Space stations, airports, ships, buildings both the private and public facilities have all the facility
processes. These facility processes control and monitor access, consumption, HVAC, and energy

The following subsystems are usually present in the SCADA system:

 The apparatus which presents to the human operator all the processed data and via this human
operator control and monitor the processes is called Human-Machine Interface or HMI.

 A supervisory system which acquires all the required data about the process and sending to the
process all the control (commands).

 Remote Terminal Units (RTUs) which connect to the sensors of the process, which help to
convert the sensor signals to the digital data and sending this digital data to supervisory stream.

 Programmable Logic Controller (PLCs) which are used like field devices rather than RTUs
because PLCs are more versatile, configurable, economical, and flexible.

 Communication infrastructure connects the Remote Terminal Units to supervisory system.

Several industries confuse over the differences between the Distributed control systems and SCADA
systems. Generally SCADA system does not control the processes in real time but it usually refers to the
system which coordinates the processes in real time. The discussion about the real time control becomes
unclear due to the new telecommunications technology which helps in enabling high speed, reliability, and
low latency communications over wide ranges. The differences between DCS and SCADA can be ignored
as they are culturally determined. The differences between the DCS and SCADA will fade away as higher
capacity communication infrastructures become available.

SCADA Systems Concepts

SCADA refers to the centralized systems which control and monitor the entire sites, or they are the
complexes of the systems which are spread out over large areas (between an industrial plant and
country). Mostly all the control actions are automatically performed by the remote terminal units (RTUs) or
by the programmable logic controllers (PLCs). The restrictions to the host control functions are
supervisory level intervention or basic overriding. For example, the PLC in an industrial process controls
the flow of cooling water, the SCADA system allows the operators for enabling the alarm conditions and
for changing the set points for the flow, such as high temperature, loss of flow, to be recorded and
displayed. The SCADA system keeps a tab on the total performance of the loop while the feedback
control loop which passes from the PLC or the RTU.

Data acquisition starts at the PLC or RTU level which includes the equipment status reports and meter
readings which are communicated as per requirement to the SCADA system. Data is then formatted and
compiled in a way that by using the HMI the operator of the control room can make the supervisory
decisions to override or adjust normal PLC (RTU) controls. To allow the other analytical auditing and
trending data can be fed to the Historian, which is built on a Database Management System commodity.

SCADA systems mostly implement the distributed database known as a tag database, containing data
elements called points or tags. A point is a single output or input value which is controlled or monitored by
the system. Points are either ‘soft’ or ‘hard’. The actual output or input of a system is represented by a
hard point, whereas the soft point is due to the different math and logic operations which are applied to
the other points. Mostly all the implementations are remove conceptually the distinctions by making all the
properties a ‘soft’ point expression, which can, in the easiest case equate to a single a hard point. These
points are usually stored as timestamp-value pairs: a value and the timestamp whenever it was calculated
or recorded. Series of the timestamp-value pairs gives history of the particular point in consideration.
Storing additional metadata with the tags is common, like the comments on the design time, alarm
information, path to the field device or the PLC register.

Human Machine Interface

The HMI, or Human Machine Interface, is an apparatus that presents the processed data to the human
operator and with which the process is controlled by the human operator.

To provide the SCADA systems the diagnostic data, management information and trending information
such as logistic information, detailed schematics for a certain machine or sensor, maintenance
procedures and troubleshooting guides for the expert system the HMI is linked to the SCADA system’s
databases.

The information provided by the HMI to the operating personnel is generally graphical, in the form of
mimic diagrams. This means the schematic representation of the plant which is being controlled is
available to the operator. For example, the picture of the pump which is connected to the pipe shows to
the operator that this pump is in running condition and the amount of fluid pumping through pipe at the
particular moment. The pump can then be switched off by the operator. The software of the HMI shows
the flow rate of fluid in pipe decrease in the real time. Mimic diagrams either consists of digital
photographs of process equipment with animated symbols, or schematic symbols and line graphics to
represent various process elements.

HMI package of the SCADA systems consist of a drawing program that the system maintenance
personnel or operators use to change the representation of these points in the interface. These
representations are simple like on-screen traffic light, that represents the state of the actual traffic light in
field, or complex like the multi-projector display which represents the position of all the trains on railway or
elevators in skyscraper.

One of the most important implementations of SCADA are alarms. The alarm has just two digital status
points with values ALARM or NORMAL. When the requirements of the Alarm are met they are activated.
For example, when the fuel tank is empty of a car, the alarm is activated and a light glows. The attention
of the SCADA operator is drawn to the system which requires attention by the alarm. To alert the SCADA
operators along with the managers text messages and emails are sent along with alarm activation.

SCADA Hardware

Solutions of the SCADA system many times have the components of the Distributed Control System.
Execution of easy logic processes without having to involve the master computer is increasing day by day
because of the use of ‘smart’ PLCs or RTUs.IEC61131-39(Ladder Logic) which is a functional block
programming language, is often used in creating programs running on PLCs and RTUs. Due to
resemblance of historic physical control arrays, IEC 61131-3 has very few training requirements, unlike
procedural languages like FORTRAN and C programming language . Thus the system engineers of
SCADA can perform implementation and design of programs being executed on PLC or RTU. The
compact controller, Programmable automation controller (PAC), combines the capabilities and features of
PC-based control system with any typical PLC. For providing PLC and RTU functions, PACs are positions
in the SCADA systems. ’Distributed RTUs’, in various electrical substation SCADA applications, use
station computers or information processors for communicating with PACs, protective relays, and other
I/O devices, and in return of traditional RTU, communicate with SCADA master.

Almost all big PLC manufacturers offered integrated HMI/SCADA systems, since 1998, many using non-
proprietary and open communications protocols. Many skilled third party HMI/SCADA packages have
stepped into the market, offering in-built compatibility with several major PLCs, which allow electrical
engineers, mechanical engineers or technicians for configuring HMIs on their own, without requiring
software-developer- written custom-made program.

Remote Terminal Unit (RTU)

The RTU attaches to the physical equipment. Often, the RTU converts all electrical signals from
equipment into digital values like the status- open/closed – from a valve or switch, or the measurements
like flow, pressure, current or voltage. By converting as well as sending the electrical signals to the
equipment, RTU may control equipment, like closing or opening a valve or a switch, or to set the speed of
the pump.

Supervisory Station

‘Supervisory Station’ is used to refer to the software and servers responsible for communication with field
equipment (PLCs, RTUs etc), and after that to HMI software which runs on the workstations in control
room, or somewhere else. Master station could be composed of only one PC in small SCADA systems.
Master station could have multiple servers, disaster recovery sites and distributed software applications in
larger SCADA systems. For increasing integrity of system, multiple servers are occasionally configured in
hot-standby or dual-redundant formation, providing monitoring and continuous control during server
failure.

Earlier, ‘open’ platforms like Linux were used not as widely because of dynamic development
environment or due to the SCADA customer who could afford field hardware or devices for being
controlled could generally also purchase Open VMS or UNIX licenses. All big operating systems, today,
are being used for HMI workstations and master station servers.

SCADA Operational Philosophy

The costs resulting from failure of control system are very high, for a few installations. Even lives may be
lost. For a few SCADA systems, hardware is ruggedized for withstanding temperature, voltage and
vibration extremes, but reliability is increased, in many critical installations, by including communications
channels and redundant hardware, till there are multiple control centers which are fully equipped. A part
which is failing can be identified and the functionality taken over automatically through backup hardware.
It can be replaced without any interruption in the process. Reliability of theses systems is calculated
statistically or is called the failure at mean time, which is also mean time between failures ’s variant. The
calculated value of mean time to failure for superior reliability systems could be on order for centuries.

Communication Methods and Infrastructure

SCADA systems initially used the modem connections or combinations of direct and radio serial for
meeting communication requirements, even though IP and Ethernet over SONET/SDH also is often used
at larger sites like power stations and railways. The monitoring function or remote management of the
SCADA system also is frequently called telemetry.

This is also threatened due to the fact that some customers want that the SCADA data must travel above
their own earlier – established corporate network or for sharing network with the other applications.
Though, the initial low-bandwidth protocols’ legacy still remains. SCADA protocols have been designed
for being extremely compact and a major portion is also designed for sending information to master
station only when the RTU is polled by master station. Typically, the legacy of SCADA protocols consists
of Conitel, Profibus, Modbus RTU and RP-570. These protocols of communication are specifically
SCADA-vendor but they are popularly used and adopted. Standard protocols mainly are IEC 61850,
DNP3 and IEC 60870-5-101 or 104. These protocols of communication are recognized and standardized
by all big SCADA vendors. Several of these protocols contain extensions for operating over the TCP/IP. It
is considered good practice of security engineering for avoiding the SCADA systems from connecting to
Internet for reducing attack surface.

Even before the advent of wide industry standards for the interoperability the development of many
automatic controller devices and RTUs had started. Due to this creation of multitude of control protocols
by the developers and its management. In order to ‘lock in’ their own customer base amongst the many
vendors an incentive was there to create own protocols. Compilation of automation protocols is given
here.

For the better intercommunication between the different software and hardware PLE for Process Control
(OPC) is a widely accepted solution, which then even allows communication between the devices which
were originally not even intended to be part of the industrial network.

SCADA Architectures

The evolution of SCADA system has been through 3 generations as given below:

Monolithic: First Generation

Computing in the first generation was done with the help of Mainframe systems. When the SCADA was
developed networks did not exist. Therefore the SCADA systems were without any connectivity to any
other system hence were independent systems. Later on RTU vendors designed the Wide Area Networks
which helped in communication with RTU. The usage of communication protocols at that time was
proprietary. If the main mainframe system failed a back-up mainframe existed which was connected at the
bus level hence the SCADA system of the first generation was considered redundant.

Distributed: Second Generation

The information between multiple stations was shared in real time through LAN and the processing was
distributed between various multiple stations. The cost and size of the stations used reduced in
comparison to the ones used in first generation as responsibility for a task was assigned to one station.
The protocols used for the networks were still proprietary, which caused many security issues for a
SCADA system that came under the eye of the hacker. Due to the proprietary nature of the protocols, the
number of people who knew how secure the SCADA installation was apart from the hackers and
developers is very few. Due to vested interest in keeping the issues of security quite, the security of the
SCADA installation is overestimated, if security is ever under consideration.

Networked: Third Generation

The SCADA system used today belong to this generation, these systems instead of using a proprietary
environment which is vendor controlled these systems use the open architecture system. For distributing
functionality across the WAN instead of the LAN this system uses open protocols and standards. By using
the open system architecture the connectivity of any peripheral device to the system like tape drives,
printers, disk drives etc is very easy. The communication between the communication system and the
master station is done by the WAN protocols like the Internet Protocols (IP). Since the standard protocols
used and the networked SCADA systems can be accessed through the internet, the vulnerability of the
system for cyber attacks increases. But by using security techniques and standard protocols it is assumed
that the SCADA system receive timely updates and maintenance meaning that the standard security
improvements are applicable to SCADA system.

SCADA Trends

The trend for HMI/SCADA software and PLC is more ‘mix and match’. The traditional DAQI/O
manufacturer, in mid 1990’s, gave the equipment that interacted with the use of proprietary protocols for a
sufficient distance carrier such as RS-485. The end users whose investments were restricted in only one
vendors hardware solution find problems, the open communication protocols like the DNP3 serial, DNP3
WAN/LAN and IEC870-5-101/104 became very popular in the SCADA equipment solution providers and
management alike. The mixing and matching of the products from different vendors for developing better
solutions is possible because of the use of the Open architecture SCADA systems and hence were better
than the solutions which were developed when the choices were restricted to one vendor’s products.

By the late 1990s instead of using the RS-485, the shift for open communications continued including the
I O manufacturers, who used open message structures like Modbus ASCII and Modbus RTU (both
developed by Modicon). By 2000, almost all the I O makers offered fully open interfacing like Modbus
TCP instead of the IP and Ethernet.

The electrical system data should be time- tagged to the closest millisecond according to the North
American Electric Reliability Corporation (NERC). To synchronize the distributed RTU clocks or RTU, the
electrical system SCADA systems using the radio clocks provide Sequence of events recorder.

SCADA systems are now in line with the standard networking technologies. The old proprietary standards
are being replaced by the TCP/IP and Ethernet protocols. But due to certain special frame-based network
communication technology characteristics like synchronization, environment suitability, protocol selection
and determinism have created certain issues in the adoption of the Ethernet in some specialized
applications, Ethernet networks have been accepted by a majority of markets for HMI SCADA.

The ‘Next Generation’ protocols using XML web services and the other modern web technologies make
themselves more IT supportable. A few examples of these protocols are Wonderware’s SuiteLink, GE
Fanuc’s Proficy, I Gear’s Data Transport Utility, Rockwell Automation’s FactoryTalk and OPC-UA.

Some vendor’s have started offering application specific SCADA systems which are hosted on remote
platforms all over the internet because of the emerging software as a service. Hence the need to
commission and install systems at the user’s-end facility is not there anymore and this also take
advantage of all the security features which are available in the Internet Technology, SSL and VPNs.
Some concerns are the internet connection reliability, security and latency.

The SCADA systems are becoming omnipresent day by day. Web portals, web based products and thin
clients have gained a lot of popularity with the major vendors. There is a pressing security question which
arises due to the fact that there is a lot of convenience at end users viewing all their processes remotely.
These considerations in some sectors of the internet services are considered solved but not all the
entities which are responsible for deploying the SCADA systems have really understood the changes in
the threat scope and accessibility scope implicit in connecting any system to internet.

SCADA Security Issues

The move to better standardized and more open solutions from the proprietary technologies along with
increase in number of the connections between office networks and SCADA systems as well as Internet
has led to more vulnerability to attacks- check references. Subsequently, SCADA-based systems’ security
is being questioned as they are targets to cyberterrorism/cyberwarfare attacks.

Mainly, security researchers are looking into:

1. Concern lacking in security and lack of authentic deployment, operation and design in existing
networks of SCADA.

2. By the use of proprietary interfaces and specialized protocols, the erroneous belief that the SCADA
systems are benefiting by security through obscurity.

3. The erroneous belief about the SCADA networks being secure due to the fact that they are purportedly
secured physically.
4. The erroneous belief about the SCADA networks being secure due to the fact that they are
disconnected from internet, supposedly.

SCADA systems also are used for monitoring and controlling physical processes, examples being,
distribution of water, traffic lights, electricity transmissions, gas transportation and oil pipelines and other
systems used in the modern society. The SCADA systems’ security is primary as the destruction or
compromise of the systems would have a bad impact on various areas of the society which have been
removed from original compromise. Example- financial losses will be faced by the customers who receive
electricity from the source, due to the blackout by the electrically compromised SCADA system. Its effect
on new deployments and legacy SCADA will be seen.

The modern SCADA system has two threats. First is the unauthorized access for controlling software, be
it human access or intentionally induced changes or virus infections or other threats on control host
machine. Second is that of the packet access to network segments which host SCADA devices. In
numerous cases, there remains less or no security on actual packet control protocol, therefore any person
sending packets to SCADA device is in position to control it. Often, SCADA users infer that VPN is
enough protection and remain oblivious to the fact that physical access to network switches and jacks
related to SCADA provides the capacity to bypass the security on control software and control SCADA
networks. These physical access attacks can bypass the VPN security and firewall and can be put right
by end point-to-endpoint authorization and authentication like these are frequently provided in world of
non-SCADA by SSL which is an in-device and cryptographic techniques.

Various SCADA and the control product vendors are addressing these risks by developing specialized
industrial VPN and firewall solutions for SCADA networks which are based on TCP/IP. Also, whitelisting
solutions have been implemented due to their ability for preventing unauthorized and malware application
changes while not having performance impacts belonging to the earlier antivirus scans. Moreover, the ISA
Security Compliances Institute (ISCI) has been emerging for formalizing SCADA security test beginning
from 2009.ISCI is equivalent to private certification and testing which has been done since 2007 by
vendors. In the long run, ISA99 WG4 has defined standards which will supersede the earlier industry
efforts of consortia, but not till 2011.

Due to the increase in interest in the SCADA vulnerabilities, vulnerability researchers have discovered
vulnerabilities in the commercial software of SCADA and the SCADA techniques which are offensive,
presented to general security community. In gas and electric utility systems, the big installed base having
wireless and wired serial communications, has its vulnerability addressed in few cases by application of
bump-in-the-wire devices which employ Advanced Encryption Standard and authentication encryption
instead of replacing all the existing nodes