You are on page 1of 115

SCADA Fundamentals

A brief Review

M Suresh
Chief Research Engineer

Fluid Control Research Institute


www.fcriindia.com

SCADA Terminology
SUPERVISORY CONTROL AND DATA
ACQUISITION
an industrial control system: a computer system
monitoring and controlling a process. The process
can be industrial, infrastructure or facility-based.
Processes run in continuous, batch, repetitive, or
discrete modes

Industrial processes
manufacturing,
production,
power generation,
fabrication,
refining

Infrastructure processes
water treatment and distribution,
sewage collection and treatment,
oil and gas pipelines,
electrical power transmission and distribution
Wind Farms,
Railways,
large communication systems.

Facility processes
Buildings (Energy, Visitor, Parking, Infra.)
Airports (Baggage, flight scheduling, Information
displays, messaging, security,..)
Ships (inventory, operations, services, personnel..)
space stations (basic operations, schedule,... )
Common: They monitor and control HVAC, access, and
energy consumption

Fundamental function: SCADA


refers to centralized systems that monitor,
control entire sites, complexes of systems
spread out over large areas
Most control actions are performed automatically
by RTUs or PLCs.
Host control functions are usually restricted to
basic overriding or supervisory level
intervention.

Typical SCADA operation


a PLC may control flow of cooling water through
part of an industrial process,
SCADA HMI system allows operators to change
set points for flow,
enable alarm conditions, such as loss of flow or
high temperature to be displayed and recorded.
feedback control loop passes through RTU or PLC
SCADA system monitors overall loop performance

Fundamental function: SCADA


Data read by RTU / PLC; includes meter readings,
equipment status, etc.
data are communicated to SCADA as required.
Data is compiled, formatted on HMI for control room
operator to make supervisory decisions to adjust or
override normal RTU /PLC controls.
Data may also be fed to Historian (a Database
Management System), to allow trending, other
analytical auditing

SCADA system components


Supervisory (computer) system
acquires data on process, sends commands (control) to
process.
Remote Terminal Units (RTU)
connects to sensors in the process, digitises data
sends digital data to supervisory system.
Programmable Logic Controller (PLC)
field devices typically more economical, versatile, flexible,
configurable than RTUs.
Communication / Telemetry
infrastructure connecting supervisory system to RTU.
Human-Machine Interface (HMI)
apparatus that presents process data to human operator,
human operator monitors and controls the process.

Generally Said, Elements of SCADA

Sensors and actuators


RTUs/PLCs
Communication
MTU
Front End Processor
SCADA server
Historical/Redundant/Safety Server
HMI computer
HMI software
Lets go into details..

Levels in SCADA
Level 1: Field
 Devices
 RTUs / PLCs
 Sensors

Level 4: Enterprise
 Corporate LAN/WAN
 World Wide Web
 Virtual Private Network
 Firewall for remote
users

Level 2: Telemetry
 Fiber
 Radio
 Telephone leased line
 Protocols
Level 3: SCADA - MTU
 Operator
Workstations
 Control
 Engineering
Workstations
 Servers Data
logging

Supervisory Station
(Master Terminal System)
Computer / servers and software responsible for
communicating with field equipment and HMI
software.
master station may be a single PC.
master station may include multiple servers,
distributed software applications, and disaster
recovery sites.
hot-standby dual-redundancy possible at
present for continuous control and monitoring.

Remote Terminal Unit


microprocessor controlled electronic device that
interfaces to signals from sensors in physical
world.
Transmits data to remotely located Supervisory
system and/or alters state of connected field
objects based on control messages received.
Monitors field digital, analog parameters
Outputs signals to actuators for local control
RTU interfaces to Supervisory Station with
different communication media

Programmable Logic Controller


a digital computer used for automation of
electromechanical processes, eg. control of
machinery on factory assembly lines, amusement
rides, etc.
designed for multiple inputs and output
arrangements,
Designed for extended temperature ranges,
immunity to electrical noise, resistance to vibration
and impact.
Programs to control machine operation stored in
battery-backed or non-volatile memory

PLC
Early PLCs were
designed to replace
relay logic systems.
These PLCs were
programmed in ladder

Proprietary specialpurpose programming


terminals had dedicated
function keys

logic, strongly

representing various

resembles schematic

logical elements of PLC

diagram of relay logic.

programs.

Signal Flow in PLC


Input Module

Processor Memory
Input
Image
Table

I:0/6

Data

Output Module

Output
Image
Table

I:0/6

O:0/7

I:1/4

O:1/5

Input Devices

O:0/7

Output Devices
I:0/6
I:1/4

O:0/7

Ladder
O:1/5
Program

I:1/4

O:1/5

Programming System

Typical PLC and SCADA link

Programmable automation controller


compact controller combines features
and capabilities of a PC-based Data
Acquisition System with that of
PLC/RTU.

PACs used in industrial settings for


process control, data acquisition, remote
equipment monitoring, machine vision,
and motion control.

communicate over networks; support


protocols TCP/IP, OPC, etc.
PACs assist data transfer from
machines they control to other machines
or to application software and databases

Intelligent Electronic Device (IED)


Ethernet with DNP3, IEC 61850, MODBUS

IEC 61131-3
defines five programming languages for
programmable control systems:
LD

Ladder diagram

IL

Instruction list

FBD

Function block diagram

ST

Structured text

SFC

Sequential function chart

IEC 848

http://www.en.omesim.com

RTU vs PLC
RTUs focus on remote monitoring and control.
RTUs have high demand for application, communications
and protocol flexibility.
PLCs designed around localized fast control of discrete
variables and analog inputs.
RTUs built with RTOS benefit from faster task processing,
reduced memory requirements, and lower risk of failure due
to overly complex code.
PLCs have proprietary OS
RTUs have Communication Protocol Supports for TCP/IP,
Mobile/portable two-way radio, Analog/digital trunking ,
broadband (e.g. WLAN), Cellular modem (GPRS), etc.

RTU vs PLC
Generally RTUs can handle more number of PID
loops than PLCs for same costs.
SOE (Sequence of Events recording) is generally
lacking in PLCs.
RTUs can log thousands of events, time tagged to
1ms.
PLCs lack Data logging features.
RTUs have High storage capacity (FLASH, DRAM,
SRAM) for adding programs, functions and data
storage.

RTU high-end capabilities


Support for multiple passwords at multiple abstraction
levels Allows for compartmentalization of application
software and SCADA hardware access control
Hardware IP firewalls
Support for Data Encryption Standard (DES) and
Advanced Encryption Standard (AES)
Adding authorization to security routines
Maintaining a sign-in and activity log
Remote safe download of firmware, applications,
enabling rapid, secure configuration and upgrades of
software code

RTU-Server Data Communication

HMI Operator
Terminals

Sizes typically 4, 6, 10, 15, 17.


SIEMENS, Schneider, Hitachi,
Mitsubishi, Advantech, Adlink, .

HMI Operator Terminals

Where localised Operator Interface is needed.


Can eliminate SCADA for minor applications

HMI Operator Terminals

Programming Software
Configuration Tools

Wide variety of
ports;
Speaker, mic
alarm contacts,
DIO for external
(remote),
USB, Ethernet,
RS485/232/422
Compact flash,
SDCard

PLC Configuration and programming

HMI Panel Programming software

Eg. STEP7, Vijeo, etc.


Permits designing screens for Operator, Alarms,
Graphic plots, Mimics, keys and buttons,..
Program the Function keys, Security, etc.
Configuration of Ports, MODBUS register access, PLC
link, ..

HMI Panel Programming software

HMI or MMI Software


links to SCADA databases and software
programs
provides trending, diagnostic data, and
management information such as scheduled
maintenance procedures, logistic information,
detailed schematics for a particular sensor or
machine, and expert-system troubleshooting
guides.

HMI mimic
Presents information to operators graphically, in
the form of mimic diagram.
See schematic representation of plant being
controlled.
Mimic diagrams may consist of line graphics and
schematic symbols to represent process elements,
may consist of digital photographs of process
equipment overlain with animated symbols

Alarm handling
SCADA monitors whether certain alarm conditions
are satisfied to determine occurrence of alarm
events
Once an alarm event is detected, one or more
actions are taken
activation of one or more alarm indicators,
generation of email or text messages

Alarm handling
An operator may have to acknowledge alarm event;
this may deactivate some alarm indicators,
other indicators may remain active until alarm
conditions clear.
Explicit Alarms: NORMAL or ALARM based on
analog and digital points
Implicit Alarms: analog point within or outside limit
values

Data Communication
Twisted-Pair Metallic Cable (STP)
Coaxial Metallic Cable (Co-ax)
Fiber Optic Cable (FOC)
Power Line Carrier (PLCC)
Very Small Aperture Terminal (VSAT: Ku, C)
Leased Telephone Lines (LTN, PSTN)
Very High Frequency Radio (VHF)
Ultra High Frequency Radio (UHF)
Microwave Radio (MW)

IEEE Standards in SCADA


IEEE Std 999-1992 IEEE Recommended Practice
for Master/Remote Supervisory Control and Data
Acquisition (SCADA) Communications.
applies to use of serial digital transmissions SCADA
systems having geographically dispersed terminals.
IEEE Std 1379-2000 IEEE Recommended
Practice for Data Communications Between Remote
Terminal Units and Intelligent Electronic Devices in
a Substation.
uniform set of guidelines for communications and
interoperation of IEDs and RTUs in an electric utility
substation.

IEC 60870-5
IEC 60870-5-1 (1990-02)
Specifies basic requirements for services to be provided by the data link
and physical layers for telecontrol applications.
IEC-60870-5-2 (1992-04)
selection of link transmission procedures using a control field and
optional address field;
IEC 60870-5-3 (1992-09)
specifies rules for structuring application data units in transmission
frames of telecontrol systems; general structure of application data and
basic rules to specify application data units without specifying details
about information fields and their contents.
IEC 60870-5-4 (1993-08)
rules for defining information data elements and a common set of
information elements, particularly digital and analog process variables
that are frequently used in telecontrol applications.
IEC 60870-5-5 (1995-06)
defines basic application functions that perform standard procedures for
telecontrol systems,

SCADA Software

Supervisory Control and Data Acquisition


Basic SCADA functionality
MMI (Graphical User Interface)
Alarm Handling
Historical Trending
Access Control
Data Acquisition, Automation,
Display
Archiving, Report Generation
Interfaces to Hardware, Software
Flexible and open architecture
Development Tools

Supervisory Control And Data Acquisition

MIMIC Display

Alarms and events

Trends and history

Alarm Handling

Based on limit and status checking


Also expressions from derived parameters
Alarms are time stamped and logically
centralised
Notifications (audible, visual, Email, GSM, . . . )
Multiple alarm priority levels
Grouping of alarms, handling of groups
Suppression and masking of alarms either
individually or in groups
Filtering of alarms possible

Trending

Multiple trending charts


Charts are pre-defined or configured on-line
Charts contain multiple pens,
Zooming, scrolling, panning, Hairline
Real-time and historical trending

Access Control
Users organised in groups with a set of allocated
privileges
Large number of groups possible
Privileges limit write access to process parameters
Some allow access to graphics and functionality to
be limited

Automation of Process
Actions can be initiated automatically triggered by
an event
Recipes
Sequencing and scripting possibilities

Logging and Archiving

Reports, SQL type queries to the RTDB or logs


Automatic generation, printing, archiving of
reports
Use of components for report generation

Report Generation

Data stored in compressed and proprietary format


Logging / Archiving either for a set number of
parameters or for a set period of time
Logging / Archiving can be frequency or event driven
Logging of user actions together with a user ID
VCR facility for playback of stored data

SCADA Software Architecture


SCADA Client

ASCII
Files

Commercial
DB
Commercial
Devel.
tool

SCADA Development Environment.

ASCII
File
Editor

Graphics
Editor

Trending

MMI

Alarm
Display

Log
Display

Library

Client / Server - Publish / Subscribe - TCP/ IP


SCADA Server
Recipe
RT & Event Manager
DB

Export
/
Import

Recipe
Managt

Project
Editor

Data
Proces

Report
Gener.

Alarm

Log

Archive

RT
DB

SQL

Alarm DB

Log DB

Archive DB

Ref.
DB
Data
R/W

Driver
Toolkit
VME

Active X
Controls
Active X
Container

Driver

OPC

PLC

PLC

ODBC
DDE
API/DLL
Private
Application

EXCEL

SCADA Software features


Builder and run-time
PLC drivers & OPC client support
Remote monitoring by Web browser
Comprehensive graphical components
Windows ODBC/SQL database support
Data log, alarm, security
scripting
Diagnostic tools for quick check

Development Tools
Project editor
Graphics editor
Configuration through parameter
templates
Scripting language
Driver Development Tool Kit

SCADA Clients

SCADA Client applications


Security of web clients is controlled by web
servers firewall and encrypted password
protection technologies to ensure secure
operation.
Access to web clients are controlled or denied
based on windows user name and password, or
when the number of web clients available has
been exceeded.
Additionally, project configuration requires a local
user name, password.

SCADA Client applications


to view any screen and read / write any variable
controlled through SCADA system.
View-only Client is able to view information within
SCADA but unable to write to any variable or
execute code to communicate with another server.
View-only Client used for upper management,
process optimization or causal users of control
system.
Read only access is also available via Control
Client when access rights level is low.

SCADA Client applications


Within control room it is typical to install client
application
web clients allow users outside control room to
access control system data in real time.
web client is full functional client with identical
interface to dedicated Control Clients

ALARMS
SCADA

Alarms and Alarm Management


Purpose of Alarms
Types of Alarms
Alarm management issues in DCS &
SCADA
Management of Alarms

Alarms
draw attention of operators to condition
outside of desired normal operation.
Such conditions require some decision or
intervention by persons.
Alarms support operation of industrial
plants by alerting operators to a variety of
conditions.

Alarm Types / Sources


Discrete alarms: Monitor device failures, intrusion
alarms, beacons, and flood and fire detectors.
Analog alarm inputs: Monitor voltage, temperature,
humidity and pressure.
Control relays: Operate remote site equipment
directly from your RTU.
Terminal server functions: Control switches and
other devices remotely via Telnet over LAN.
Ping alarms: Detect IP device failures and offlines

Alarm indicators and annunciation


integral part of the human interface to the production
process
annunciator window in a hardwired panel or a colorcoded faceplate
message line on a control room VDU/HMI.
Audible alarm tones or sirens
Transmitted to remote mobile receivers (Pager, SMS,
email, etc.)

Process Alarms
majority of alarms in process control system aid
operators to keep manufacturing process
running in the intended manner
help achieve best possible production
performance.
Many alarms will warn of deviations that are
linked to possible hazards

Process Alarms
Is plant operation happening correctly?
Process parameters within the range?
Level, flow, pressure, temperature within
limits?
Relates to efficiency of process or indicate
deviations from intent.

System Alarms
(Machinery or equipment alarms)
lot of process equipment and operating devices
System needs to work correctly 24x7
The paranoia: everything that can possibly go
wrong will, someday!
Our need for accurate information on health of
every element of the system
Generally: status (eg. Bearing temperature High)

System Alarms
Power supplies: commercial AC power, battery,
backup generators, UPS systems, etc.
Building and facility alarms: intrusion, entry, opendoor, fire, smoke, flooding, etc.
Environmental conditions: temperature, humidity
RTU/communication equipment: switches,
Routers, fiber optic equipment, microwave radios,
modem.

Hazop Alarms
A Prevention layers to prevent occurrence of
hazardous.
Prevention layers:
Plant Design, Process Control system, Alarms
Systems, mechanical safety devices, Interlocks,
Shutdown (SIS) systems.
Hazops dictate large no. of add-in alarms as quick
fix solution to numerous operability problems.

Shutdown (or ESD) alarm


Informs operator on initiation of SIS automatic
shutdown event.
Basically monitor SIS.
support corrective, subsequent actions by
operator.
trigger for a mitigation action such as closure of
other parts of plant, isolation of fuel supplies, etc.

Fire and gas alarms


Alarms usually built within dedicated and entirely
independent fire and gas detection systems.
essential for protection of personnel
assumed that all other control systems may be
shutdown or damaged due to fire or gas
conditions.

Alarm Management Issues


Most alarms installed to deal with detailed, localized
problems of process or equipment control.
backlog of standing alarms
frequent minor alarms from process conditions running in
and out of limits at short intervals.
Overloading operator with useless information at time of
crisis; nuisance in times of steady operation
When major upset occurs, numerous alarms; as disturbance
takes hold.

Alarm Management System


software-driven resources within DCS or SCADA
serves to group, rationalize, prioritize the alarms
assist operators to pack away less important
alarms whilst ensuring they do not get lost
Tools to assist in tuning, adjustment of alarms
Alarm log and selected history files
Sequence of event recording

Key design principles for alarms


Judicious use of HMI for Screen data, Graphics
Present only relevant, useful alarms to operator
Each alarm should have a defined response from
the operator
Allow adequate time for an operator to respond to
an alarm
Establish, enforce an alarm priority structure

Alarm formats
Detailed alarm descriptions
Alarm sorting and categorizing
Separate Standing Alarm and Change of State
(COS) Alarm lists
24x7 unmanned remote alarms:
pager, SMS, email notification

Open Data Base


Connectivity
SCADA

Open Data Base Connectivity


a standard software interface for accessing
DBMS; developed by SQL Access group in 1992.
Helps interface SCADA/DCS software to thirdparty database management software (DBMS).
Channels SQL statements /function calls to
DBMS for data update / retrieval.
Helps in trend plots, historical database review,
assessment, reporting, documentation.

ODBC Architecture
Application
Driver Manager
Driver
Data Source

ODBC Architecture
Application
Performs processing and calls ODBC functions
to submit SQL statements and retrieve results.
Driver Manager
Loads and unloads drivers on behalf of an
application.
Processes ODBC function calls or passes them
to a driver.

ODBC Architecture
Driver: Processes ODBC function calls, submits SQL
requests to a specific data source, and returns results to
application.
Can modify an application's request so that it conforms
to syntax supported by DBMS package.
Data Source:
data that user wants to access,
DBMS,
OS and network platform (if any) used to access DBMS.

ODBC Driver
Primarily intended for reporting, it enables an
ODBC-compliant application to access from
SCADA/DCS database,
Data: history, event, point parameter values.
Server database queried using SQL
commands from ODBC client applications.
custom applications written in Visual Basic or
C++ to access the server database

OLE for
Process Control
(OPC)

Object Linking and Embedding


COM/DCOM, OLE technologies developed by
Microsoft for Windows
a standard set of objects, interfaces and methods
for data exchange between applications
OPC Foundation started in 1994
most common OPC specification is OPC Data
Access.

OLE: Object Linking and Embedding


OLE is just the
technology
which allows an
object (such as a
spreadsheet) to
be embedded
(and linked)
inside of another
document (a
word processor
document).

OLE: Object Linking and Embedding


Version 1 used DDE to communicate
between applications.
Version 2 uses COM instead of DDE
Microsoft technology.
COM is the protocol which allows OLE to work
Rules of the road for programs to talk with each
other
Foundation of automation

OPC (OLE for Process Control)


 Non-proprietary technical specification, but
copyrighted by the OPC Foundation
 Set of standards maintained by OPC Foundation,
and based on Microsoft :
 OLE (Object Linking and Embedding) / now ActiveX
 COM (component object model)
 DCOM (distributed component object model)
technologies

Why OPC?
Traditionally, any time a package needs
access to data from a device, a custom
interface, or driver, had to be written.
OPC defines common interface that is
written once, reused by any SCADA, HMI,
business or custom software packages.
Client Server approach

Why is OPC Data Access


needed?
Display
Application

Software
Driver

Trend
Application

Software
Driver

Report
Application

Software
Driver

Software
Driver

Why OPC ?
Display
Application

Trend
Application

Report
Application

OPC

OPC

OPC

OPC

OPC

OPC

OPC

Software
Driver

Software
Driver

Software
Driver

Software
Driver

Architecture
RealTime PV
OPC DA Clients
DA

Alarm/Event SP

DA

OPC AE Clients
OPC Server
DA/AE/HDA/DX

AE
DX

Protocol Driver
Comm Interface

AE

HDA

Historian DB
OPC HDA Clients

OPC Server
DA/AE/HDA/DX
Protocol Driver

HDA

Comm Interface

Computer
Controller
Smart Device
DCS Sub-System

Comm Interface

Comm Interface

Comm Protocol

Comm Protocol

Process

Process

I/O

I/O

OPC Unified Architecture Specification

Concepts, Security,
Address Space, Services
Information Model, Mappings, Profiles
Data Access,
Alarms and Conditions,
Programs,
Historical Access, etc.
http://www.opcfoundation.org

Data Access Mechanism

Firewall

Alarm Server

Ethernet

Firewall

Data Server

Client
Commn.Bus

Security Issues!!
PLC/SCADA

Hacking the SCADA


Trojan program inserted into SCADA caused
a massive natural gas explosion along the
Trans-Siberian pipeline in 1982.
A newspaper reported the resulting fireball
yielded the most monumental non-nuclear
explosion and fire ever seen from space.
http://pipelineandgasjournal.com/hackingindustrial-scada-network (November 2009
Vol. 236 No. 11)

Hacking:
Sending spoofed commands to PLC
So you can have the operator
seeing something entirely
different than what's happening
in the process, causing the pipe
to burst and the tank to
overflow
http://www.securityweek.com
/black-hat-researchersremotely-hack-scadasystems-oil-rigs
Use of Firewalls: Ethernet In
and Ethernet Out ports
between SCADA device and
Internet

SCADA Failures

Iran used SIEMENS WinCC SCADA to control centrifuges for refining uranium. Weaknesses in
WINCC combined with vulnerabilities in Microsoft's Windows OS -- allowed malworm
Stuxnet to disrupt the centrifuges; an act of sabotage (U.S. and Israel)
http://www.infoworld.com/d/security/siemens-industrial-software-targeted-stuxnet-still-full-of-holes206654

SCADA Security Attacks


Denial of Service
Plant a Trojan, virus/malware
Delete System Files, Low level format of drives
Take Control of SCADA System
Info Mining (Log Keystrokes, Usernames,
Passwords, Setpoints, any Operation Info)
Info tampering (Change Data Points, Setpoint)

Malware, Trojan
Generally, affects Microsoft Windows OS where
SCADA is installed.
malware spreads via mobile data carriers, USB
sticks and networks.
Trojans activated by viewing contents of USB stick.
Also affects PACs, Embedded systems
Other computers
Infrastructure computers (file servers, domain
controllers, other servers...)
Computers with and without WinCC installed
Virtual machines (e.g. VMWARE installations)

SCADA Security Attacks


Modify Data points on SCADA graphics to
deceive Operators that system is out of control
and that ESD is essential.
Capture, Modify, or Delete Data Logged in
Operational Database SQL Server, PI Historian
Locate Maintenance Database and modify or
delete information regarding calibration and
reliability tests for industrial equipment
Use SCADA Server as a launching point to
defame and compromise other system
components within corporate network. (IP
Spoofing)

Purposes of Attacks
Operational or Corporate data for personal gain
or sell to competition or hold as ransom
Gain Info for future attacks or satisfy curiosity
Gain control of SCADA System
to impact damage on industrial systems,
possibly causing environmental impact,
damage corporate identity thru public exposure
Cause danger to facility or company by staging
a false alarm shutdown of the plant or facility

Security Issues & Potential


Consequences
Render Control Inoperative
Render View-Access Inoperative
Cause Non-Operation, Mis-Operation, or MalOperation
Production Loss
Equipment Damage
Personal Injury
Death

Ring of Defences

Defence mechanisms
SCADA Firewalls:
additional layer to mediate traffic between
protected network & external network.
protect passwords, IP addresses, files, etc.
SCADA Internal Network Design
with own IP segment, use smart switches and
proper sub-masking
Operating systems
with proper patches
default NULL NT accounts and administrator
accounts to be removed or renamed.

Segregation of Plant, SCADA


networks
plant control rooms sometimes have
corporate computers with Internet and email
Trojans, viruses can be planted through email
opened by another computer, and then
silently copied over to adjacent SCADA
servers

Batch Control issues!


The Electronic Signature means that operations
cannot be performed until enabled by previously
assigned Windows users/user groups. Users/user
groups are assigned to the operations in the
respective application.
Eg. SIMATIC BATCH has e-signature
authorization passing.

Open technologies
Control system implementation continues to move
toward the use of off-the-shelf technologies such as
Microsoft Windows operating systems and standard,
open Ethernet communications
Allow system to be more easily connected to the
enterprise or plant LAN to exchange information and
allow remote access to improve business
performance

Cyber security
The use of open technologies exposes the control
system to the same types of security issues as the
plant LANs.
Process control systems have traditionally been
built on proprietary technology.
proprietary systems provide reasonable level of
security from unauthorized access due to its
closed nature

Sophistication levels in Hacking


Tools

Past: much of problem attributed to


disgruntled employees, or accidental or
inadvertent actions that caused system
disruptions.
current threats: more from people outside

Redundancy
Concepts for
PLC/SCADA and DCS

Concept of Redundancy
addition of information, resources, or time beyond what is
needed for normal system operation.
Hardware redundancy: extra hardware for the purpose of
detecting or tolerating faults.
Software redundancy: extra software to detect, possibly
tolerate faults.
Information redundancy : extra information to implement given
function eg. ECC)
Time redundancy : For fault detection, fault tolerance;

Hardware Redundancy
Passive techniques use concept of fault masking
achieve fault tolerance without requiring action on part of
system.
Relies on voting mechanisms.

Active techniques achieve fault tolerance


by detecting existence of faults, performing action to remove
faulty hardware
fault detection, fault location, fault recovery to achieve fault
tolerance.

Hybrid techniques
combine the attractive features of passive and active
approaches.

Controller Redundant PLCs

Fault-Tolerant Unit (Fault Masking)


Set of actively redundant components:
FTUs should receive identical input messages in same order
FTUs should operate in replica determinism
Cold standby:
at given time only one component provides service;
if service provider fails, failure detector starts a spare
Component
Hot standby:
At given time, only one component provides service;
if service provider fails, active spare component replaces
failed component
Active redundancy:
two or more components provide the service concurrently

Triple Modular Redundancy


Triplicate hardware, perform majority vote to
determine output of system
If one of modules becomes faulty, remaining two
fault-free modules mask results of faulty module
at majority vote.

TMR with triplicated Voter

Troubleshooting
techniques
Instrumentation in
PLC/SCADA and DCS

Connectivity/Comm issues

device not found


Not Powered? Power supply overload, etc.
Network address, bit/baud,
Adding new device: Incorrect register
address, protocol issues
Intermittent: Noisy cable / connectors
IO errors

Instrumentation Loop
Open connections
Loop impedance issues: Digital device
communication issues
Power supply noise
Calibration / drift issues

Alarm related issues


Unexpected alarm floods due to local
instrumentation problems
Improper alarm settings / thresholds

Other problems
IO card failure cause identification
Troubleshooting and Diagnostics: KepnerTregoe approach