PLC & SCADA

UNIT 05 : SCADA System

Introduction-
Supervisory control and data acquisition (SCADA) systems are vital components of
most nations’ critical infrastructures. They control pipelines, water and transportation
systems, utilities, refineries, chemical plants, and a wide variety of manufacturing
operations. SCADA provides management with real-time data on production
operations, implements more efficient control paradigms, improves plant and
personnel safety, and reduces costs of operation. These benefits are made possible by
the use of standard hardware and software in SCADA systems combined with
improved communication protocols and increased connectivity to outside networks,
including the Internet. However, these benefits are acquired at the price of increased
vulnerability to attacks or erroneous actions from a variety of external and internal
sources.

SCADA Definition
Listed here are two typical definitions of a SCADA system and the source of each
definition:
■■ SCADA is the technology that enables a user to collect data from one or more
distant facilities and/or send limited control instructions to those facilities. SCADA:
Supervisory Control and Data Acquisition by Stuart A. Boyer, published by ISA The
Instrumentation, Systems, and Automation Society; 3rd edition.
■■ A system operating with coded signals over communication channels so as to
provide control of RTU (Remote Terminal Unit) equipment. IEEE Standard
C37.1-1994, Definition, Specification, and Analysis of Systems Used for Supervisory
Control, Data Acquisition, and Automatic Control. (The RTU is discussed in the next
section.)
Additional definitions associated with SCADA systems are given in Table 1-1. This
listing is not meant to be all-inclusive, but describes some important terms used in the
application of SCADA systems.
SCADA History--
The scope of SCADA has evolved from its beginnings in the 1960s. The advent of
low-cost minicomputers such as the Digital Equipment Corporation PDP-8 and
PDP-11 made computer control of process and manufacturing operations feasible.
Programmable logic controllers (PLCs) progressed simultaneously. These latter
devices implemented traditional relay ladder logic to control industrial processes.
PLCs appealed to traditional control engineers who were accustomed to programming
relay logic and who did not want to learn programming languages and operating
systems. When microcomputers were developed, they were programmed and
packaged to emulate PLCs in function, programming, and operation. In fact,
competition developed between the two approaches and continues to this day.
Initially, control systems were confined to a particular plant. The associated control
devices were local to the plant and not connected to an external network. The early
control systems consisted of a central minicomputer or PLC that communicated with
local controllers that interfaced with motors, pumps, valves, switches, sensors, and so
on. Figure 1-2 illustrates this architecture. This architecture is sometimes referred to as
a distributed control system.Such systems are generally confined to locations close to
each other, normally use a high-speed local network, and usually involve closed loop
control. As a necessary requirement for the operation of these systems, companies and
vendors developed their own communication protocols, many of which
wereproprietary.

As the technical capabilities of computers, operating systems, and networks improved,

organizational management pushed for increased knowledge of the real-time status of
remote plant operations. Also, in organizations with number of geographically
separated operations, remote data acquisition, control, and maintenance became
increasingly attractive from management and cost standpoints. These capabilities are
known collectively as supervisory control and data acquisition or SCADA.

SCADA Features:
monarch pushes the envelope on SCADA functionality with innovative features
unavailable in traditional SCADA systems. Features such as:
  Intelligent Alarming
Intelligent and combinatorial techniques for filtering alarms are provided so that
only important alarms are presented to the operator.
 Web Connectivity
Casual users can have access to system displays and data via an Internet Web
interface.
 SCADA study mode
Previously saved real-time snapshot sets can be reloaded and viewed on tabular
and single-line diagrams.
 SCADA Playback
monarch's SCADA allows the capture and live playback of real-time system
data and events.
 Automating Switching Power Flow Analysis
Advisory fast automatic power flow is available during switching operation and
prior to control execution.
 Real-time State Estimator Filtering
Real-time telemetry can be replaced with filtered state estimated data at the scan
periodicity.
 Telemetry Reassignment
Display selection mode allows switching between real-time and estimated data.
 Data Visualizations
Powerful data visualization techniques allow effective comprehension of system
state using simple common sense graphics.
 NOMADIC Access
Real-time displays can be accessed on remotely attached PCs and notebooks
using low-speed dial-up lines.
 Data and Alarm Query--Operator queries and filtering of alarms and data can be
executed with an easy-to-use, intuitive on-line query feature.

Expected Benefits (Advantages) of SCADA for Power Systems -

1.Improved quality of service

2.Improved reliability

3.Reduced operating costs Maintenance /Expansion of customer base

4.Ability to defer capacity addition projects

5.High value service providers

6.Improved information for engineering decision value added services

7.Flexible billing option Improved customer information access

8.Reduced system implementation costs

9.Reduced manpower requirement

OR

1. As SCADA system is the main role of supervision and controlling the automation
system, it brings the following advantages:
2. Reduce time consumption
3. Reduce human resource consumption
4. Increase product/project revenue
5. Greater accessibility (remotely)
6. More security (implementation of user access levels)
7. Instantaneous alert on alarms or events
8. Organized data records and report generation automatically
9. Data analysis (real-time and historical data plotting of graphs, charts, trends, etc.)
10.Ensure system availability (implementation of system redundancy)
11.Easy user interfaces for interaction (graphical HMI interface with animation for
easy understanding)
12.Automated calculation

OR

➨The system provide facility to store large amount of data.

➨The data can be displayed in various formats as per user requirements.
➨It provides interface to connect thousands of sensors across wide region for various
monitoring and controlling operations.
➨It is possible to obtain real data simulations with the help of operators.
➨Many types of data can be gathered from RTUs (Remote Terminal Units) connected
with the master unit.
➨With the advanced protocols and application softwares, the data can be monitored
from anywhere and not just from local site.
➨The redundancy of units are incorporated in the SCADA system in order to have
backup in the event of faults or failures. This makes system more robust.
➨It is fast in obtaining response.
➨It is scalable and flexible in adding additional resources.
➨It is used in wide industries and departments including telecommunications, energy,
transportation, oil & gas, water, military, meteorological etc.

DISADVANTAGES--
1.Trouble alarms
2.Lack of trained Person
3.Initial capital investment ➨
4.PLC based SCADA system is complex in terms of hardware units and dependent
modules.
5 As the system is complex, it requires skilled operators, analysts and programmers to
maintain SCADA system.
6 installation costs are higher.
7 The system increases unemployment rates.
8 The system supports use of restricted softwares and hardware equipments.
9 system is more complicated than sensor to pannel type
10Different operating skills are required such as sytem analyst and programmer
11with thousands of sensor there is still lot of wire to deal with
12operator can see only as far as as plc
13 it has restricted software and hardware
14 different operating skills are required.

APLICATIONS OF SCADA ---

SCADA is widely used in different areas from chemical, gas, water, communications
and power systems. The list of applications of SCADA can be listed as follows.
 1. Electric power generation, transmission and distribution: Electric utilities use
SCADA systems to detect current flow and line voltage, to monitor the operation of
circuit breakers, and to take sections of the power grid online or offline.
2. Water, Waste Water Utilities and Sewage: State and municipal water utilities use
SCADA to monitor and regulate water flow, reservoir levels, pipe pressure and other
factors.
3. Buildings, facilities and environments: Facility managers use SCADA to control
HVAC, refrigeration units, lighting and entry systems.
4. Oil and Gas Trans & Distributions:
5. Wind Power Generation
6. Communication Networks:
7. Industrial Plans and Process Control:
8. Manufacturing: SCADA systems manage parts inventories for just-in-time
manufacturing, regulate industrial automation and robots, and monitor process and
quality control.
9. Mass transit and Railway Traction: Transit authorities use SCADA to regulate
electricity to subways, trams and trolley buses; to automate traffic signals for rail
systems; to track and locate trains and buses; and to control railroad crossing gates.
10. Traffic signals: SCADA regulates traffic lights, controls traffic flow and detects
out-of-order signals.

SCADA architecture development

First generation: "monolithic"

Early SCADA system computing was done by large minicomputers. Common
network services did not exist at the time SCADA was developed. Thus SCADA
systems were independent systems with no connectivity to other systems. The
communication protocols used were strictly proprietary at that time. The
first-generation SCADA system redundancy was achieved using a back-up mainframe
system connected to all the Remote Terminal Unit sites and was used in the event of
failure of the primary mainframe system.[11] Some first generation SCADA systems
were developed as "turn key" operations that ran on minicomputers such as
the PDP-11 series made by the Digital Equipment Corporation.[citation needed].
Second generation: "distributed"[edit]
SCADA information and command processing was distributed across multiple stations
which were connected through a LAN. Information was shared in near real time. Each
station was responsible for a particular task, which reduced the cost as compared to
First Generation SCADA. The network protocols used were still not standardized.
Since these protocols were proprietary, very few people beyond the developers knew
enough to determine how secure a SCADA installation was. Security of the SCADA
installation was usually overlooked.
Third generation: "networked"[edit]
Similar to a distributed architecture, any complex SCADA can be reduced to simplest
components and connected through communication protocols. In the case of a
networked design, the system may be spread across more than one LAN network
called a process control network (PCN) and separated geographically. Several
distributed architecture SCADAs running in parallel, with a single supervisor and
historian, could be considered a network architecture. This allows for a more cost
effective solution in very large scale systems.
Fourth generation: "Internet of things"[edit]
With the commercial availability of cloud computing, SCADA systems have
increasingly adopted Internet of things technology to significantly improve
interoperability,[12] reduce infrastructure costs and increase ease of maintenance and
integration.[13] As a result, SCADA systems can now report state in near real-time
and use the horizontal scale available in cloud environments to implement more
complex control algorithms [14] than are practically feasible to implement on
traditional programmable logic controllers.[15] Further, the use of open network
protocols such as TLS inherent in the Internet of things technology, provides a more
readily comprehensible and manageable security boundary than the heterogeneous mix
of proprietary network protocols typical of many decentralized SCADA
implementations.
This decentralization of data also requires a different approach to SCADA than
traditional PLC based programs. When a SCADA system is used locally, the preferred
methodology involves binding the graphics on the user interface to the data stored in
specific PLC memory addresses. However, when the data comes from a disparate mix
of sensors, controllers and databases (which may be local or at varied connected
locations), the typical 1 to 1 mapping becomes problematic. A solution to this is data
modeling, a concept derived from object oriented programming.[16]
In a data model, a virtual representation of each device is constructed in the SCADA
software. These virtual representations (“models”) can contain not just the address
mapping of the device represented, but also any other pertinent information (web
based info, database entries, media files, etc.) that may be used by other facets of the
SCADA/IoT implementation. As the increased complexity of the Internet of things
renders traditional SCADA increasingly “house-bound,” and as communication
protocols evolve to favor platform-independent, service-oriented architecture (such
as OPC UA),[17] it is likely that more SCADA software developers will implement
some form of data modeling.

POWER SYSTEM AUTOMATION---

Power System Automation is a system for managing, controlling and protecting the
various components connected to the power network. It obtains the real time
information from the system, local and remote control applications with advanced
electrical system protection. The core of power system automation stands on local
intelligence, data communications with supervisory control and monitoring.
Classification of Power system Automation
a) Substation Automation
b) b) Distribution Automation
Substation Automation---
Substation automation is not a new concept. Substations have been equipped to
perform automatic re closing, bus sectionalizing, load transfers, capacitor switching,
etc. for many years. In the past, these and other functions were implemented using a
combination of control panels, auxiliary relays, switches, lights, meters, transducers
and extensive wiring and cabling. In many applications today, this perception is
probably because developments in substation equipment have expanded the potential
capabilities of substation. Automation far beyond that which could previously be
reasonably accomplished. The principal development is generically defined as an
Intelligent Electronic Device (IED) which typically consists of one or more
Programmable Logic Controllers and communications ports; with the ability to
transmit data and execute control commands, and frequently provide a local user
interface. Typical examples are relays, meters, and specialized sensors. Prior to the
introduction of Numerical relays, the protection and control of a very small substation
consisting of one incoming line, one transformer and two feeders would require four
large panels filled with relays, switches and lights. Only one panel is required when
Numerical relays are used. Interestingly, at the same time the space requirements are
reduced by a factor of four, so the installed cost. Advances in communications
technology are used to tie everything together into a useful network. Within the
substation, a single high-speed Local Area Network (LAN) is used to transmit data
and control commands, replacing the extensive and costly cables that had been
required. At the present time, a number of different LAN techniques and protocols are
in use. The industry is actively working on development of a new standard LAN
definition that will be based on the use of Ethernet and Manufacturing Messaging
Specification (MMS) and will be compatible with the Utility Communications
Architecture (UCA). There are already many techniques for moving data out of the
substation to a master station or to other substations. These include the use of leased or
dedicated telephone lines, dial-up phone lines, cellular telemetry techniques, satellite
transmissions, various flavors of radio techniques and fiber-optic networks. Basically,
this variety of communications methods results in the ability to transmit large amounts
of information at a rapidly declining cost per bit. The combination of PLC based
devices and communications technology creates the ability to obtain more information
about the power system and the equipment being used. Power system variables include
magnitude and angle of voltages and currents, real and reactive power, frequency,
power factors etc. Information is available regarding the initiating event for relay
operation, the location of faults, and fault analysis. Specialized sensors and
transducers are used to build a database relating to equipment condition and use; so
that analysis techniques can be used to determine equipment condition and base
maintenance activities on actual condition rather than time schedules. Within the
substation, the use of Programmable Logic Controllers or other types of computers
opens up a vast array of automation possibilities. Complex schemes for dead bus and
dead line re-closing can be implemented, with the sequence being based on actual
power system conditions that exist at the time. Re-closing of circuits can be modified
based on cold load pickup requirements. Load transfers between busses and
transformers can be made to protect against transformer overloads. Bus voltages and
power factors can be tightly controlled to minimize losses or voltage variations.
Supplementary measurements and inputs can be used to initiate automatic equipment
re energizing after a transformer or bus differential.
Distribution Automation---
Distribution Automation systems have been defined as system that enable an electric
utility to monitor, coordinate and operate system components in a real time mode from
remote locations the distribution automation is modular and may be implemented in
phases to include remote monitoring and control of substation, feeder and consumer
devices and loads.
The goals of Distribution Automation are:
1.
2.
3.
4.Enhance government relations

1.
2.
3.
4.
5.
6. Improved data inf
7.

1.
2.
3.
4. Eliminate the need for appropriate planning
As utility managers and engineers interested in effective approaches to increasing
efficiency and productivity the latest “high tech” developments must be continuously
reviewed by the utility.

Petroleum Refining---
Petroleum refineries are extremely important elements in a nation’s critical
infrastructure. Goods and services depend on transportation by planes, trucks, cars,
trains, and boats and on the myriad of engines running on petroleumbased fuels. To
achieve economic viability, petroleum refineries have to operate at high volumes in a
continuous process. Thus, they are built to handle large capacities and run on a
24-hour, 7-days-per-week basis. There are 146 petroleum refineries in the U.S. with
capacities ranging from 50,000 barrels per day to approximately 600,000 barrels per
day. Any material reduction of refining capacity can cause great harm to the U.S.
economy.
For ease of receiving the raw crude oil and transporting the refinery products, most
refineries are located near ports or rivers. In most instances, port functions and
security are dependent, directly or indirectly, on the proper operation of SCADA
systems. These systems control a variety of interdependent resources that are crucial to
the safe and secure operation of the nation’s ports. Aterrorist attack on one or more
ports that receive crude oil for refinery processing would have a catastrophic impact
on U.S. oil production and the economy. As part of emergency procedures, many or
all of the other operating ports would be shut down in anticipation of similar attacks.
Some of the possible SCADA attack targets that would affect oil production include
those controlling port energy, communications, water, bridges, dams, and pipelines.
Other SCADA attack targets are those involved in controlling the petroleumrefining
process. To better identify potential vulnerabilities, the following section reviews the
basic petroleum refining steps.

The Basic Refining Process-

The principal function of a refinery is to distill and perform various chemical reactions
on the crude oil input. These operations require temperatures on the order of 500 to
1,000 degrees Fahrenheit and pressures ranging from 150 pounds per square inch (psi)
to 3,500 psi. As part of the refining process, combustible and toxic substances are
produced. In addition to the general fuel products, hydrogen (H) is used and generated
and the toxic compounds hydrogen sulfide (H2S) and ammonia (NH3) are generated.
In a refinery distillation column, the component hydrocarbons can be separated
because they have different boiling points that range from approximately 50 degrees
Fahrenheit to 1,400 degrees Fahrenheit. This process is called fractionation, which is
the result of adding heat to the bottom of the distillation tower and establishing a
temperature profile through the tower from bottom to top. The proper temperature
gradient is maintained by removing heat from the top of the tower. The lower boiling
point hydrocarbons migrate to the top of the tower as vapors and the higher boiling
point substances arefound at the bottom of the tower in the liquid state. Hydrocarbons
in the intermediate boiling point range are extracted from the side of the tower. These
substances usually contain sulfur in amounts that exceed those tolerable in the finished
product and that can contaminate catalysts used in the refining process. The sulfur is
removed through hydrotreating, which mixes hydrogen gas with the hydrocarbon
stream at high temperatures and uses a catalyst to support the desired chemical
reaction. This operation is known as hydrodesulfurization or (HDS). A product of this
reaction is the toxic gas hydrogen sulfide (H2S), which results from hydrogen atoms
combing with sulfur atoms. A similar process uses hydrogen to remove unwanted
nitrogen from hydrocarbon streams. This process is known as hydrodenitrogenation
(HDN) and yields ammonia, NH3, as a product of the reaction. In another process,
alkylates are produced as blending agents for higheroctane gasolines. The alkylation
process requires catalysis in an environment of either highly corrosive hydrofluoric or
sulfuric acid. Hydrofluoric acid exists in a vapor form and, unless properly contained,
can escape and cause serious harm to personnel and the environment. A general block
diagram depicting the petroleum refining process

and resultant products is shown in Figure 2-1.

Water Purification System

In a typical water purification operation, water is pumped from a reservoir or other
water source to a water purification plant. After purification, the water is pumped
through a transmission system to the water consumers. In designing a water
purification system, the following items are considered:
■■ Future expandability
■■ Terrain traversed by the water pipelines
■■ Control of system functions and performance
■■ Maintenance of water quality
For this type of operation, a SCADA system is applied to control and monitor the
water purification process, pumping systems, and pipeline pressures. Because of the
distances involved in some installations, radio modems are used to communicate
between the central supervisory station and the remote locations.
Figure 2-8 depicts a SCADA system for a typical water purification plant.

Possible attack scenarios on a water purification and transmission system

include jamming or interference with radio communication links, disabling or
interrupting the water purification process, inserting false pressure and reservoir
information.

Chemical Plant

There are approximately 15,000 locations in the United States that either store or
manufacture toxic chemicals. Of this number, about 100 are chemical plants. Many of
these facilities are close to cities and residential neighborhoods, where they pose a
threat to health, life, and property in the event of a terrorist attack or operational
malfunction. It is estimated that an accident or sabotage at one of these facilities can
kill, displace, or injure more than eight million people. These plants or storage
facilities manufacture or hold highly toxic chemicals such as chlorine gas, benzene,
anhydrous ammonia, and boron tri- fluoride. The latter is colorless gas that can kill by
attacking a person’s mucous membranes.

Benzene Production

As an example, the production of benzene (C6H6) is reviewed to highlight the

chemicals involved in the production process and the effects of interfering with
SCADAsystem operations. Benzene is produced by three different methods. These
methods are steam cracking, catalytic reforming, and toluene hydrodealkylation. This
example features toluene hydrodealkylation. In the toluene hydrodealkylation process,
hydrogen reacts with toluene over a catalyst bed with temperatures between 500 and
600 degrees Celsius and 40 to 60 atmospheres of pressure. Here is the chemical
reaction: C7H8 + H2 ➪ C6 H6 + CH4 Figure 2-11 is a process flow diagram for
benzene production. The major hazards involved with disruption or hijacking of
SCADAcontrol of a benzene production facility are associated with the handling and
reaction of the constituent components and resulting products. These items include
toluene, hydrogen, benzene, and methane.

Figure 2-11 General diagram of benzene production plant

Toluene (C7H8) is flammable in liquid and vapor form. It is a colorless liquid with a
density greater than air. Thus, it can spread over wide areas and cause great damage if
ignited. It has a density less than water, so that it remains at the surface and, again, can
spread over large distances. Toluene can accumulate a static charge when flowing or
shaken, thus increasing the possible chance of ignition. When heated, toluene forms
toxic gases, which can cause drowsiness, dizziness, nausea, and headaches when
inhaled. Toluene stored in closed con- tainers can explode when heated by an external
source, such as a fire. Hydrogen is flammable and, if released and combined with an
oxidizer, can result in a fire and explosion. When hydrogen is converted from a liquid
to a gas, it generates an overpressure that can rupture containers, cause ignition, and
produce dangerous fragments from the broken containers. The overpres- sure from a
hydrogen explosion and contact with a hydrogen fire can cause serious harm to
personnel and equipment. Methane (CH4) is a product of the benzene process. It is a
combustible, col- orless, odorless gas with a density lighter than air at room
temperature. Methane mixtures of approximately 10 percent in air can cause
explosions; breathing methane causes asphyxiation when inhaled by displacing
oxygen in the lungs. Benzene (C6H6) can cause drowsiness, dizziness, and even death
when inhaled. Benzene is classified by the U.S. Department of Health and Human Ser-
vices as a carcinogen; exposure can also affect the blood and immune system.

Interfacing of SCADA with PLC

For the PLC SCADA interface first you need to confirm which protocol you are using
for PLC and Scada server.
Mostly Industrial Ethernet or profinet are used for the communication. So first assign
PLC IP address and then SCADA server IP address in which SCADA runtime is installe

A Programmable Logic Controller is a microprocessor running special software. That

software has communications elements, some of which are accessible to an internal
database.

Supervisory Control and Data Acquisition software typically runs on a “standard” PC or

Server. It, to, has communications elements, some of which are accessible to its own
internal database.

When you wish to connect a PLC to SCADA, you first must establish the physical
communication connection. Industrial Ethernet, for example. Industial Token Ring
networks like ControlNet as another example. In either instance, the communications
or network port of the PC will connect to wiring (usually) which connects to the PLC.

The next step is to assure that both systems can now communicate with each other,
using what ever protocol you have selected for this purpose.

Finally, you will need to configure the SCADA database to gather the information
across the network from the PLC database. This is typically done by having names or
addresses in the PLC map to typically similar names within the SCADA.

Once that is all done, information may flow back and forth between PLC and SCADA,
and various control aspects may be programmed into the SCADA to execute on the
PLC, and similarly information collected by the PLC updates the SCADA, typically
graphic elements.

Those are the basic steps. The details vary widely from manufacturer to manufacturer,
and in many instances some or all of the software involved may be licensed and “closed
source” for both revenue and security purposes. Consult your PLC and SCADA
manufacturer for their specific details and recommendation
SCADA for Power Distribution System

Power distribution system deals with transmission of electric power from generating
station to the loads with the use of transmission and distribution substations. Most of the
power distribution or utility companies rely on manual labor to perform the distribution
tasks like interrupting the power to loads, all the parameter hourly checking, fault
diagnosis, etc. The implementing SCADA to the power distribution not only reduces the
manual labor operation and its cost but facilitates automatic smooth operations with
minimizing disruptions.

SCADA for Power Distribution System

The figure shows the structure of SCADA in power system where it collects the entire
data from various electrical substations (even at remote locations) and correspondingly
process the data. Programmable logic controllers in substations continuously monitor
the substation components and corresponding transmits that to centralized PC based
SCADA system. In the event of any outages of power this SCADA allows to detect the
exact location of fault therefore without waiting for the calls from customers SCADA
gives an alarm system to the operators for identifying and preventing it. And also in
substations SCADA automatically controls isolator switches and circuit breakers for
violating parameter limits, thereby continuous inspection of parameters are performed
without a line worker. Some of the functions of SCADA in power distribution system
are given below.

 Improving power system efficiency by maintaining an acceptable range of power

factor
 Limiting peak power demand
 Continuous monitoring and controlling of various electrical parameters in both
normal and abnormal conditions
 Trending and alarming to enable operators by addressing the problem spot
 Historian data and viewing that from remote locations
 Quick response to customer service interruptions