منتدي ممدوح عزت موسي MAMDOUH EZAT MOUSA FORUM

هلا وسهلا بك عزيزي الزائر لمنتدي النخبه..منتدي ممدوح عزت موسي
أن لم تكن مسجلا ارجو سرعة التسجيل حتي نستمتع بوجودك معنا عضوا متميزا
نورت المنتدي وزدته بهاءا ونورا
منتدي ممدوح عزت موسي MAMDOUH EZAT MOUSA FORUM

محبي االقصه العربيه والثقافه والفنون الزواج والأسره وشئون المرأه المال والاقتصاد والعلوم الطبيه والعلوم الهندسيه بمختلف تخصصاتها والدين والدنيا

المنتدي يرحب بالأعضاء جميعا وفي انتظار رأي الجميع فيما يتم نشره بالمنتدي ومقترحات الأعضاء في تطوير المنتدي بما يتوافق مع الأحتياجات العلميه والأدبيه والفنيه

المواضيع الأخيرة

التبادل الاعلاني

ديسمبر 2016

الأحدالإثنينالثلاثاءالأربعاءالخميسالجمعةالسبت
    123
45678910
11121314151617
18192021222324
25262728293031

اليومية اليومية


    SCADA Systems

    شاطر

    ممدوح عزت موسي
    مدير عام المنتدي
    المشرف العام
    مشرف منتدي القصه
    مشرف منتدي العلوم الهندسيه
    مدير عام المنتدي  المشرف العاممشرف منتدي القصهمشرف منتدي العلوم الهندسيه

    عدد المساهمات : 350
    التميز : 9
    تاريخ التسجيل : 13/05/2010

    SCADA Systems

    مُساهمة من طرف ممدوح عزت موسي في الخميس يوليو 29, 2010 1:07 pm

    SCADA Systems


    SCADA, which stands for Supervisory Control and Data Acquisition, generally refers to the control system of the industry which is a computer system which contols and monitors a process. This process can be infrastructure, facility or industrial based which is as described as below:
    · Industrial processes include production, refining, manufacturing, fabrication, and power generation and may run in batch, continuous, discrete or repetitive modes.
    · The infrastructure processes can be private or public, and includes water treatment and the distribution, wastewater treatment and collection, electrical power distribution and transmission, gas and oil pipelines, civil defense siren systems, and the large communication systems.
    · Space stations, airports, ships, buildings both the private and public facilities have all the facility processes. These facility processes control and monitor access, consumption, HVAC, and energy
    The following subsystems are usually present in the SCADA system:
    · The apparatus which presents to the human operator all the processed data and via this human operator control and monitor the processes is called Human-Machine Interface or HMI.
    · A supervisory system which acquires all the required data about the process and sending to the process all the control (commands).
    · Remote Terminal Units (RTUs) which connect to the sensors of the process, which help to convert the sensor signals to the digital data and sending this digital data to supervisory stream.
    · Programmable Logic Controller (PLCs) which are used like field devices rather than RTUs because PLCs are more versatile, configurable, economical, and flexible.
    · Communication infrastructure connects the Remote Terminal Units to supervisory system.
    Several industries confuse over the differences between the Distributed control systems and SCADA systems. Generally SCADA system does not control the processes in real time but it usually refers to the system which coordinates the processes in real time. The discussion about the real time control becomes unclear due to the new telecommunications technology which helps in enabling high speed, reliability, and low latency communications over wide ranges. The differences between DCS and SCADA can be ignored as they are culturally determined. The differences between the DCS and SCADA will fade away as higher capacity communication infrastructures become available.
    SCADA Systems Concepts
    SCADA refers to the centralized systems which control and monitor the entire sites, or they are the complexes of the systems which are spread out over large areas (between an industrial plant and country). Mostly all the control actions are automatically performed by the remote terminal units (RTUs) or by the programmable logic controllers (PLCs). The restrictions to the host control functions are supervisory level intervention or basic overriding. For example, the PLC in an industrial process controls the flow of cooling water, the SCADA system allows the operators for enabling the alarm conditions and for changing the set points for the flow, such as high temperature, loss of flow, to be recorded and displayed. The SCADA system keeps a tab on the total performance of the loop while the feedback control loop which passes from the PLC or the RTU.
    Data acquisition starts at the PLC or RTU level which includes the equipment status reports and meter readings which are communicated as per requirement to the SCADA system. Data is then formatted and compiled in a way that by using the HMI the operator of the control room can make the supervisory decisions to override or adjust normal PLC (RTU) controls. To allow the other analytical auditing and trending data can be fed to the Historian, which is built on a Database Management System commodity.
    SCADA systems mostly implement the distributed database known as a tag database, containing data elements called points or tags. A point is a single output or input value which is controlled or monitored by the system. Points are either ‘soft’ or ‘hard’. The actual output or input of a system is represented by a hard point, whereas the soft point is due to the different math and logic operations which are applied to the other points. Mostly all the implementations are remove conceptually the distinctions by making all the properties a ‘soft’ point expression, which can, in the easiest case equate to a single a hard point. These points are usually stored as timestamp-value pairs: a value and the timestamp whenever it was calculated or recorded. Series of the timestamp-value pairs gives history of the particular point in consideration. Storing additional metadata with the tags is common, like the comments on the design time, alarm information, path to the field device or the PLC register.
    Human Machine Interface
    The HMI, or Human Machine Interface, is an apparatus that presents the processed data to the human operator and with which the process is controlled by the human operator.
    To provide the SCADA systems the diagnostic data, management information and trending information such as logistic information, detailed schematics for a certain machine or sensor, maintenance procedures and troubleshooting guides for the expert system the HMI is linked to the SCADA system’s databases.
    The information provided by the HMI to the operating personnel is generally graphical, in the form of mimic diagrams. This means the schematic representation of the plant which is being controlled is available to the operator. For example, the picture of the pump which is connected to the pipe shows to the operator that this pump is in running condition and the amount of fluid pumping through pipe at the particular moment. The pump can then be switched off by the operator. The software of the HMI shows the flow rate of fluid in pipe decrease in the real time. Mimic diagrams either consists of digital photographs of process equipment with animated symbols, or schematic symbols and line graphics to represent various process elements.
    HMI package of the SCADA systems consist of a drawing program that the system maintenance personnel or operators use to change the representation of these points in the interface. These representations are simple like on-screen traffic light, that represents the state of the actual traffic light in field, or complex like the multi-projector display which represents the position of all the trains on railway or elevators in skyscraper.
    One of the most important implementations of SCADA are alarms. The alarm has just two digital status points with values ALARM or NORMAL. When the requirements of the Alarm are met they are activated. For example, when the fuel tank is empty of a car, the alarm is activated and a light glows. The attention of the SCADA operator is drawn to the system which requires attention by the alarm. To alert the SCADA operators along with the managers text messages and emails are sent along with alarm activation.
    SCADA Hardware
    Solutions of the SCADA system many times have the components of the Distributed Control System. Execution of easy logic processes without having to involve the master computer is increasing day by day because of the use of ‘smart’ PLCs or RTUs.IEC61131-39(Ladder Logic) which is a functional block programming language, is often used in creating programs running on PLCs and RTUs. Due to resemblance of historic physical control arrays, IEC 61131-3 has very few training requirements, unlike procedural languages like FORTRAN and C programming language . Thus the system engineers of SCADA can perform implementation and design of programs being executed on PLC or RTU. The compact controller, Programmable automation controller (PAC), combines the capabilities and features of PC-based control system with any typical PLC. For providing PLC and RTU functions, PACs are positions in the SCADA systems. ’Distributed RTUs’, in various electrical substation SCADA applications, use station computers or information processors for communicating with PACs, protective relays, and other I/O devices, and in return of traditional RTU, communicate with SCADA master.
    Almost all big PLC manufacturers offered integrated HMI/SCADA systems, since 1998, many using non-proprietary and open communications protocols. Many skilled third party HMI/SCADA packages have stepped into the market, offering in-built compatibility with several major PLCs, which allow electrical engineers, mechanical engineers or technicians for configuring HMIs on their own, without requiring software-developer- written custom-made program.
    Remote Terminal Unit (RTU)
    The RTU attaches to the physical equipment. Often, the RTU converts all electrical signals from equipment into digital values like the status- open/closed – from a valve or switch, or the measurements like flow, pressure, current or voltage. By converting as well as sending the electrical signals to the equipment, RTU may control equipment, like closing or opening a valve or a switch, or to set the speed of the pump.
    Supervisory Station
    ‘Supervisory Station’ is used to refer to the software and servers responsible for communication with field equipment (PLCs, RTUs etc), and after that to HMI software which runs on the workstations in control room, or somewhere else. Master station could be composed of only one PC in small SCADA systems. Master station could have multiple servers, disaster recovery sites and distributed software applications in larger SCADA systems. For increasing integrity of system, multiple servers are occasionally configured in hot-standby or dual-redundant formation, providing monitoring and continuous control during server failure.
    Earlier, ‘open’ platforms like Linux were used not as widely because of dynamic development environment or due to the SCADA customer who could afford field hardware or devices for being controlled could generally also purchase Open VMS or UNIX licenses. All big operating systems, today, are being used for HMI workstations and master station servers.












    google_protectAndRun("render_ads.js::google_render_ad", google_handleError, google_render_ad);


    SCADA Operational Philosophy
    The costs resulting from failure of control system are very high, for a few installations. Even lives may be lost. For a few SCADA systems, hardware is ruggedized for withstanding temperature, voltage and vibration extremes, but reliability is increased, in many critical installations, by including communications channels and redundant hardware, till there are multiple control centers which are fully equipped. A part which is failing can be identified and the functionality taken over automatically through backup hardware. It can be replaced without any interruption in the process. Reliability of theses systems is calculated statistically or is called the failure at mean time, which is also mean time between failures ’s variant. The calculated value of mean time to failure for superior reliability systems could be on order for centuries.
    Communication Methods and Infrastructure
    SCADA systems initially used the modem connections or combinations of direct and radio serial for meeting communication requirements, even though IP and Ethernet over SONET/SDH also is often used at larger sites like power stations and railways. The monitoring function or remote management of the SCADA system also is frequently called telemetry.
    This is also threatened due to the fact that some customers want that the SCADA data must travel above their own earlier – established corporate network or for sharing network with the other applications. Though, the initial low-bandwidth protocols’ legacy still remains. SCADA protocols have been designed for being extremely compact and a major portion is also designed for sending information to master station only when the RTU is polled by master station. Typically, the legacy of SCADA protocols consists of Conitel, Profibus, Modbus RTU and RP-570. These protocols of communication are specifically SCADA-vendor but they are popularly used and adopted. Standard protocols mainly are IEC 61850, DNP3 and IEC 60870-5-101 or 104. These protocols of communication are recognized and standardized by all big SCADA vendors. Several of these protocols contain extensions for operating over the TCP/IP. It is considered good practice of security engineering for avoiding the SCADA systems from connecting to Internet for reducing attack surface.
    Even before the advent of wide industry standards for the interoperability the development of many automatic controller devices and RTUs had started. Due to this creation of multitude of control protocols by the developers and its management. In order to ‘lock in’ their own customer base amongst the many vendors an incentive was there to create own protocols. Compilation of automation protocols is given here.
    For the better intercommunication between the different software and hardware PLE for Process Control (OPC) is a widely accepted solution, which then even allows communication between the devices which were originally not even intended to be part of the industrial network.
    SCADA Architectures
    The evolution of SCADA system has been through 3 generations as given below:
    Monolithic: First Generation
    Computing in the first generation was done with the help of Mainframe systems. When the SCADA was developed networks did not exist. Therefore the SCADA systems were without any connectivity to any other system hence were independent systems. Later on RTU vendors designed the Wide Area Networks which helped in communication with RTU. The usage of communication protocols at that time was proprietary. If the main mainframe system failed a back-up mainframe existed which was connected at the bus level hence the SCADA system of the first generation was considered redundant.
    Distributed: Second Generation
    The information between multiple stations was shared in real time through LAN and the processing was distributed between various multiple stations. The cost and size of the stations used reduced in comparison to the ones used in first generation as responsibility for a task was assigned to one station. The protocols used for the networks were still proprietary, which caused many security issues for a SCADA system that came under the eye of the hacker. Due to the proprietary nature of the protocols, the number of people who knew how secure the SCADA installation was apart from the hackers and developers is very few. Due to vested interest in keeping the issues of security quite, the security of the SCADA installation is overestimated, if security is ever under consideration.
    Networked: Third Generation
    The SCADA system used today belong to this generation, these systems instead of using a proprietary environment which is vendor controlled these systems use the open architecture system. For distributing functionality across the WAN instead of the LAN this system uses open protocols and standards. By using the open system architecture the connectivity of any peripheral device to the system like tape drives, printers, disk drives etc is very easy. The communication between the communication system and the master station is done by the WAN protocols like the Internet Protocols (IP). Since the standard protocols used and the networked SCADA systems can be accessed through the internet, the vulnerability of the system for cyber attacks increases. But by using security techniques and standard protocols it is assumed that the SCADA system receive timely updates and maintenance meaning that the standard security improvements are applicable to SCADA system.
    SCADA Trends
    The trend for HMI/SCADA software and PLC is more ‘mix and match’. The traditional DAQI/O manufacturer, in mid 1990’s, gave the equipment that interacted with the use of proprietary protocols for a sufficient distance carrier such as RS-485. The end users whose investments were restricted in only one vendors hardware solution find problems, the open communication protocols like the DNP3 serial, DNP3 WAN/LAN and IEC870-5-101/104 became very popular in the SCADA equipment solution providers and management alike. The mixing and matching of the products from different vendors for developing better solutions is possible because of the use of the Open architecture SCADA systems and hence were better than the solutions which were developed when the choices were restricted to one vendor’s products.
    By the late 1990s instead of using the RS-485, the shift for open communications continued including the I O manufacturers, who used open message structures like Modbus ASCII and Modbus RTU (both developed by Modicon). By 2000, almost all the I O makers offered fully open interfacing like Modbus TCP instead of the IP and Ethernet.
    The electrical system data should be time- tagged to the closest millisecond according to the North American Electric Reliability Corporation (NERC). To synchronize the distributed RTU clocks or RTU, the electrical system SCADA systems using the radio clocks provide Sequence of events recorder.
    SCADA systems are now in line with the standard networking technologies. The old proprietary standards are being replaced by the TCP/IP and Ethernet protocols. But due to certain special frame-based network communication technology characteristics like synchronization, environment suitability, protocol selection and determinism have created certain issues in the adoption of the Ethernet in some specialized applications, Ethernet networks have been accepted by a majority of markets for HMI SCADA.
    The ‘Next Generation’ protocols using XML web services and the other modern web technologies make themselves more IT supportable. A few examples of these protocols are Wonderware’s SuiteLink, GE Fanuc’s Proficy, I Gear’s Data Transport Utility, Rockwell Automation’s FactoryTalk and OPC-UA.
    Some vendor’s have started offering application specific SCADA systems which are hosted on remote platforms all over the internet because of the emerging software as a service. Hence the need to commission and install systems at the user’s-end facility is not there anymore and this also take advantage of all the security features which are available in the Internet Technology, SSL and VPNs. Some concerns are the internet connection reliability, security and latency.
    The SCADA systems are becoming omnipresent day by day. Web portals, web based products and thin clients have gained a lot of popularity with the major vendors. There is a pressing security question which arises due to the fact that there is a lot of convenience at end users viewing all their processes remotely. These considerations in some sectors of the internet services are considered solved but not all the entities which are responsible for deploying the SCADA systems have really understood the changes in the threat scope and accessibility scope implicit in connecting any system to internet.
    SCADA Security Issues
    The move to better standardized and more open solutions from the proprietary technologies along with increase in number of the connections between office networks and SCADA systems as well as Internet has led to more vulnerability to attacks- check references. Subsequently, SCADA-based systems’ security is being questioned as they are targets to cyberterrorism/cyberwarfare attacks.
    Mainly, security researchers are looking into:
    1. Concern lacking in security and lack of authentic deployment, operation and design in existing networks of SCADA.
    2. By the use of proprietary interfaces and specialized protocols, the erroneous belief that the SCADA systems are benefiting by security through obscurity.
    3. The erroneous belief about the SCADA networks being secure due to the fact that they are purportedly secured physically.
    4. The erroneous belief about the SCADA networks being secure due to the fact that they are disconnected from internet, supposedly.
    SCADA systems also are used for monitoring and controlling physical processes, examples being, distribution of water, traffic lights, electricity transmissions, gas transportation and oil pipelines and other systems used in the modern society. The SCADA systems’ security is primary as the destruction or compromise of the systems would have a bad impact on various areas of the society which have been removed from original compromise. Example- financial losses will be faced by the customers who receive electricity from the source, due to the blackout by the electrically compromised SCADA system. Its effect on new deployments and legacy SCADA will be seen.
    The modern SCADA system has two threats. First is the unauthorized access for controlling software, be it human access or intentionally induced changes or virus infections or other threats on control host machine. Second is that of the packet access to network segments which host SCADA devices. In numerous cases, there remains less or no security on actual packet control protocol, therefore any person sending packets to SCADA device is in position to control it. Often, SCADA users infer that VPN is enough protection and remain oblivious to the fact that physical access to network switches and jacks related to SCADA provides the capacity to bypass the security on control software and control SCADA networks. These physical access attacks can bypass the VPN security and firewall and can be put right by end point-to-endpoint authorization and authentication like these are frequently provided in world of non-SCADA by SSL which is an in-device and cryptographic techniques.
    Various SCADA and the control product vendors are addressing these risks by developing specialized industrial VPN and firewall solutions for SCADA networks which are based on TCP/IP. Also, whitelisting solutions have been implemented due to their ability for preventing unauthorized and malware application changes while not having performance impacts belonging to the earlier antivirus scans. Moreover, the ISA Security Compliances Institute (ISCI) has been emerging for formalizing SCADA security test beginning from 2009.ISCI is equivalent to private certification and testing which has been done since 2007 by vendors. In the long run, ISA99 WG4 has defined standards which will supersede the earlier industry efforts of consortia, but not till 2011.
    Due to the increase in interest in the SCADA vulnerabilities, vulnerability researchers have discovered vulnerabilities in the commercial software of SCADA and the SCADA techniques which are offensive, presented to general security community. In gas and electric utility systems, the big installed base having wireless and wired serial communications, has its vulnerability addressed in few cases by application of bump-in-the-wire devices which employ Advanced Encryption Standard and authentication encryption instead of replacing all the existing nodes.

      مواضيع مماثلة

      -

      الوقت/التاريخ الآن هو السبت ديسمبر 03, 2016 2:50 pm