See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/353142664

Supervisory Control And Data Acquisition (SCADA)

Chapter · July 2017

CITATIONS READS

2 7,532

1 author:

Muhammad Hamza El-Saba

Ain Shams University
81 PUBLICATIONS 87 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Integrated Security Systems for Smart Premises and Cities View project

Establishment of a Prototyping Si Foundry of Smart Power IC's for Photovoltaic Control Systems (SPICe-PV)) View project

All content following this page was uploaded by Muhammad Hamza El-Saba on 10 July 2021.

The user has requested enhancement of the downloaded file.

Measurement & Instrumentation Systems CHAPTER 7

Supervisory Control And Data Acquisition

(SCADA)
Contents

7-1. Introduction (What’s SCADA?)

7-2. SCADA Architecture
7-2.1. Hardware
7-2.2. Software
7-2.3. Communications
7-2.4. Interfacing
7-2.5. Database
7-2.6. Scalability
7-2.7. Redundancy
7-3. SCADA Functionality
7-3.1. Access control
7-3.2. Man-Machine Interface (MMI)
7-3.3. Trending
7-3.4. Alarm handling
7-3.5. Logging/Archiving
7-3.6. Report generation
7-3.6. Automation
7-4. SCADA Application Development
7-4.1. Configuration
7-4.2. Graphics & Object Handling
7-4.3. Development Tools
7-5. SCADA Evolution
7-6. SCADA Engineering
7-7. Potential Benefits from SCADA
7-8. SCADA Security
7-9. Summary
7-10. Problems
7-11. Bibliography

-285-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

Supervisory Control And Data Acquisition

(SCADA)
7-1. What’s SCADA
SCADA stands for Supervisory Control And Data Acquisition. As the
name indicates, it is not a full control system, but rather focuses on the
supervisory level. As such, it is a purely software package that is
positioned on top of hardware to which it is interfaced, in general via
programmable logic controllers (PLC’s) or other control systems.

In fact, the SCADA industry was essentially born out of a need for a user
friendly front-end to a control system containing PLC’s. While a PLC
does provide automated, pre-programmed control over a process, they are
usually distributed across a plant, making it difficult to gather data from
them manually. Additionally, the PLC information are usually in a crude
user-unfriendly format. The SCADA gathers information from the PLCs
via a communication method, and combines and formats the
information.In Europe, SCADA is called man-machine interface (MMI).

SCADA systems are used in industrial processes: e.g. steel making,

power generation and distribution. The size of such plants range from a
few 1000 to several thousands input/output (I/O) channels. SCADA
systems evolve rapidly in the market of industrial, power and
communication plants with a number of I/O channels of several 100K..

There is, in several industries, considerable confusion over the differences

between SCADA systems and distributed control systems (DCS).
Generally speaking, a SCADA system always refers to a system that
coordinates, but does not control processes in real time. In summary, we
can distinguish DCS from SCADA in the following points:

DCS is process oriented, while SCADA is data acquisition oriented.

DCS is process driven, while SCADA is event driven.
DCS is commonly used to handle operations on a single locale, while
SCADA is preferred for applications that are spread over a wide
geographic location

7-2. SCADA Architecture

SCADA systems have made substantial progress over the recent years in
terms of functionality, scalability, performance and
-286-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

openness such that they are an alternative to in house development even

for very demanding and complex control systems as those of physics
experiments. The main components of a SCADA system are:

 Multiple Remote Terminal Units (RTU’s) or Outstations or PLC’s.

 Master Station and HMI Computer(s).
 Communication infrastructure

It is possible to purchase a SCADA system or Distributed Control System

(DCS) from a single supplier. So, it is possible to assemble a SCADA
system from different components, like Wonderware HMI, Allen-Bradley
& GE PLC’s, Ethernet communication devices, etc.

7-2.1. Hardware Architecture

3The following figure shows the typical hardware architecture of a simple
SCADA system. Here the SCADA server reads measured flows and
levels and sends the setpoints to the PLC’s. PLC1 compares the
measured flow to setpoint and controls the pump speed. PLC2 compares
the measured level to the setpoint and controls the flow through the valve

Fig. 7-1(a(. Illustration of a simple SCADA system architecture.

-287-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

i- Remote Terminal Unit (RTU)

The RTU connects to physical equipment, and read status data such as the
open/closed status from a switch or a valve, read measurements such as
pressure, flow, voltage or current. By sending signals to equipment the
RTU can control equipment, such as opening or closing a switch or a
valve, or setting the speed of a pump. The RTU can read digital status
data or analogue measurement data, and send out digital commands or
analogue set-points. An important part of most SCADA implementations
are alarms. An alarm is a digital status point that has either the value
NORMAL or ALARM. Alarms can be created in such a way that when
their requirements are met, they are activated. An example of an alarm is
the "fuel tank empty" light in a car. The SCADA operator's attention is
drawn to the part of the system requiring attention by the alarm. Emails
and text messages are often sent along with an alarm activation alerting
managers along with the SCADA operator.

Fig. 7-1(b). Connection of a PLC with sensors and actuators

ii- Master Station

The term "Master Station" refers to the servers and software responsible
for communicating with the field equipment (RTUs, PLCs, etc), and then
to the HMI software running on workstations in the control room, or
elsewhere. In smaller SCADA systems, the master station may be
composed of a single PC. In larger SCADA systems, the master station
may include multiple servers, distributed software applications, and
disaster recovery sites. The SCADA system usually presents the
information to the operating personnel in the form of a mimic. This
means that the operator can see a representation of the plant being
controlled. For example, a picture of a pump connected to a pipe can
show the operator that the pump is running and how much fluid it is
pumping through the pipe at the moment. The operator can then switch
the pump off. The HMI software will show the flow rate of the fluid in
the pipe decrease in real time.
-288-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

Fig. 7-2. SCADA hardware architecture

-289-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

The HMI package for the SCADA system typically includes a drawing
program that the operators or system maintenance personnel use to
change the way these points are represented in the interface. These
representations can be as simple as an on-screen traffic light, which
represents the state of an actual traffic light in the field, or as complex as
a multi-projector display representing the position of all of the elevators
in a skyscraper or all of the trains on a railway. Initially, more "open"
platforms such as Linux were not as widely used due to the highly
dynamic development environment and because a SCADA customer that
was able to afford the field hardware and devices to be controlled could
usually also purchase UNIX or OpenVMS licenses. Today, all major
operating systems are used for both master station servers and HMI
workstations.

7-2.2 Software Architecture

The products are multi-tasking and are based upon a real-time database
(RTDB) located in one or more servers. Servers are responsible for data
acquisition and handling (e.g. polling controllers, alarm checking,
calculations, logging and archiving) on a set of parameters, typically
those they are connected to. However, it is possible to have dedicated
servers for particular tasks, e.g. historian, data logger, alarm handler.

Figure 7-3 shows a SCADA software architecture that is generic for the
products that were evaluated. SCADA solutions often have Distributed
Control System (DCS) components. Use of smart RTU’s or PLC’s, which
are capable of autonomously executing simple logic processes without
involving the master computer, is increasing.

A functional block programming language, IEC 61131-3, is frequently

used to create programs which run on these RTUs and PLCs. Unlike
other procedural languages such as the C-programming language or
FORTRAN, IEC 61131-3 has minimal training requirements by virtue of
resembling historic physical control arrays. This allows SCADA system
engineers to perform both the design and implementation of a program to
be executed on an RTU or a PLC

-290-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

Fig. 7-3. SCADA Software Architecture

7-2.3 Communications
SCADA systems have traditionally used combinations of RF (radio
frequency) and direct serial or modem connections to meet
communication requirements, although Ethernet and IP (Internet
Protocol) over SONET (Synchronous Optical Network) is also frequently
used at large sites such as railways and power stations.
i- Internal Communication
Server-client and server-server communication is in general based on a
publish-subscribe and event-driven and uses a TCP/IP protocol, i.e., a
client application subscribes to a parameter which is owned by a
particular server application and only changes to that parameter are then
communicated to the client application.
ii- Access to Devices
The data servers poll the controllers at a user defined polling rate. The
polling rate may be different for different parameters. The controllers
pass the requested parameters to the data servers. Time stamping of the
process parameters is typically performed in the controllers and this time-
stamp is taken over by the data server. If the controller and
communication protocol used support unsolicited data transfer then the
-291-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

products will support this too.

The SCADA products provide communication drivers for most of the

common PLCs and widely used field-buses, e.g., Modbus, Profibus,
Worldfip and CANbus. Some of the drivers are based on third party
products (e.g., Applicom cards) and therefore have additional cost
associated with them. VME on the other hand is generally not supported.
A single data server can support multiple communications protocols: it
can generally support as many such protocols as it has slots for interface
cards. The effort required to develop a new driver (using specialized
driver development toolkits) typically takes 2-6 weeks depending on the
complexity and similarity with existing drivers.

Fig. 7-4. Example of a SCADA network, for electricity distribution & control, over a
wide area network

7-2.4 Interfacing
The provision of client functionality for SCADA to access devices in an
open and standard manner is developing. The SCADA products on PC’s
usually provide:
ASCII import/export facility for configuration data,
Open Data Base Connectivity (ODBC) interface to the data in the
archive/logs, but not to the configuration database,
Library of API’s supporting C, C++, and Visual Basic (VB) to
access data in the RTDB, logs and archive. The API often does not
provide access to the SCADA product' internal features such as alarm
-292-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

handling, reporting, trending, etc.

The PC products provide support for the Microsoft standards such as

Dynamic Data Exchange (DDE) which allows visualizing data
dynamically in an EXCEL spreadsheet, Dynamic Link Library (DLL)
and Object Linking and Embedding (OLE).with other applications.

7-2.5. Database
SCADA systems typically implement a distributed database which
contains data elements called points. A point represents a single input or
output value monitored or controlled by the system. Points can be either
"hard" or "soft". A hard point represents an actual input or output
connected to the system, while a soft point represents the result of logic
operations applied to other points. The point values are stored as value-
timestamp combinations. A series of value-timestamp combinations is the
history of that point.

The configuration data are stored in a database that is logically

centralized but physically distributed and that is generally of a proprietary
format. For performance reasons, the RTDB resides in the memory of the
servers and is also of proprietary format. The archive and logging format
is usually also proprietary for performance reasons, but some products
support logging to a Relational Data Base Management System
(RDBMS) at a slower rate either directly or via an ODBC interface.

7-2.6. Scalability
Scalability is understood as the possibility to extend the SCADA based
control system by adding more process variables, more specialized
servers (e.g. for alarm handling) or more clients. The products achieve
scalability by having multiple data servers connected to multiple
controllers. Each data server has its own configuration database and
RTDB and is responsible for the handling of a sub-set of the process
variables (acquisition, alarm handling, archiving).

7-2.7. Redundancy
The products often have built in software redundancy at a server level,
which is normally transparent to the user. Many of the products also
provide more complete redundancy solutions if required.

7-3. SCADA Functionality

The SCADA functionality includes the following elements.

-293-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

7-3.1, Access Control

Users are allocated to groups, which have defined read/write access
privileges to the process parameters in the system and often also to
specific product functionality.

7-3.2. Man-Machine Interface (MMI)

The products support multiple screens, which can contain combinations
of synoptic diagrams and text. They also support the concept of a generic
graphical object with links to process variables. These objects can be
dragged and dropped from a library and included into a synoptic diagram.
Most of the SCADA products make use of Tag-names. The Tag-names
used to link graphical objects to devices can be edited as required. The
products include a library of standard graphical symbols, many of which
would however not be applicable to the type of applications encountered
in the experimental physics community. Standard windows editing
facilities are provided: zooming, re-sizing and scrolling. On-line
configuration and customization of the MMI is possible for users with the
appropriate privileges. Links can be created between display pages to
navigate from one view to another.

Fig. 7-5. Human machine interface devices

-294-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

7-3.3. Trending
The products all provide trending facilities and one can summarize the
common capabilities as follows:
 the parameters to be trended in a specific chart can be predefined or
defined on-line
 a chart may contain 8 trended parameters and an unlimited number
of charts can be displayed (restricted only by the readability)
 real-time and historical trending are possible, although generally
not in the same chart
 historical trending is possible for any archived parameter
 zooming and scrolling functions are provided
 parameter values at the cursor position can be displayed

The trending feature is either provided as a separate module or as a

graphical object (ActiveX), which can then be embedded into a synoptic
display. XY and other statistical analysis plots are generally not provided.

7-3.4. Alarm Handling

Alarm handling is based on limit and status checking and performed in
the data servers. More complicated expressions (using arithmetic or
logical expressions) can be developed by creating derived parameters on
which status or limit checking is then performed. The alarms are logically
handled centrally, i.e., the information only exists in one place and all
users see the same status (e.g., the acknowledgement), and multiple alarm
priority levels (in general many more than 3 such levels) are supported. It
is generally possible to group alarms and to handle these as an entity
(typically filtering on group or acknowledgement of all alarms in a
group). Furthermore, it is possible to suppress alarms either individually
or as a complete group. The filtering of alarms seen on the alarm page or
when viewing the alarm log is also possible at least on priority, time and
group. However, relationships between alarms cannot generally be
defined in a straightforward manner. E-mails can be generated and
predefined actions can be automatically executed in response to alarms.

7-3.5. Logging/Archiving
The terms logging and archiving are often used to describe the same
facility. However, logging can be thought of as medium-term storage of
data on disk, whereas archiving is long-term storage of data either on disk
or on another permanent storage medium. Logging is typically performed
on a cyclic basis, i.e., once a certain file size, or number of points is
reached the data is overwritten.

-295-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

Logging of data can be performed at a preset frequency, or initiated if the

value changes or when a specific predefined event occurs. Logged data
can be transferred to an archive once the log is full. The logged data is
time-stamped and can be filtered when viewed by a user. The logging of
user actions is in general performed together with either a user ID or
station ID. There is often also a VCR facility to play back archived data.

7-3.6 Report Generation

One can produce reports using SQL type queries to the archive, RTDB or
logs. Although it is sometimes possible to embed EXCEL charts in the
report, a "cut and paste" capability is in general not provided. Facilities
exist to be able to automatically generate, print and archive reports.

7-3.7 Automation
The majority of SCADA products allow actions to be automatically
triggered by events. A scripting language provided by the SCADA
products allows these actions to be defined. In general, one can load a
particular display, send an Email, run a user defined application or script
and write to the RTDB. The concept of recipes is supported, whereby a
particular system configuration can be saved to a file and then re-loaded
at a later date. Sequencing is also supported whereby, as the name
indicates, it is possible to execute a more complex sequence of actions on
one or more devices. Sequences may also react to external events. Some
of the products do support an expert system but none has the concept of a
Finite State Machine.

7-4. SCADA Application Development

The development of the applications is typically done in two stages: the
parameter definition (configuration) and then the graphics, including
trending and alarm displays.

7-4.1 Configuration
The process parameters and associated information of a SCADA system
(e.g. relating to alarm conditions) are defined through some sort of
parameter definition template, and linked where appropriate to the
process parameters. The SCADA products provide an ASCII
Export/Import utility for the configuration data (parameter definitions),
which enables large numbers of parameters to be configured in a more
efficient manner using an external editor such as Excel and then
importing the data into the configuration database. However, many of the
PC tools now have a Windows -based development studio.

-296-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

The facilities provided by the products for configuring very large

numbers of parameters are not very strong. However, this has not really
been an issue so far for most of the products to-date, as large applications
are typically about 50K I/O points and database population from within
an ASCII editor such as Excel is still a workable option. On-line
modifications to the configuration database and the graphics is generally
possible with the appropriate level of privileges.

7-4.2. Graphics & Object Handling

The SCADA products have the concept of graphical object classes, which
support inheritance. In addition, some of the SCADA products have the
concept of an object within the configuration database. In general the
products do not handle objects, but rather handle individual parameters,
e.g., alarms are defined for parameters, logging is performed on
parameters, and control actions are performed on parameters. The support
of objects is therefore fairly superficial.

7-4.3. Development Tools

The following development tools are usually provided as standard in any
SCADA system:
A graphics editor, with standard drawing facilities including
freehand, lines, squares circles, etc. It is possible to import pictures in
many formats as well as using predefined symbols including e.g. trending
charts, etc. A library of generic symbols is provided that can be linked
dynamically to variables and animated as they change. It is also possible
to create links between views so as to ease navigation at run-time.

A data base configuration tool (usually through parameter

templates). It is in general possible to export data in ASCII files so
as to be edited through an ASCII editor or Excel.
A scripting language
An Application Program Interface (API) supporting C, C++, VB
A Driver Development Toolkit to develop drivers for hardware that
is not supported by the SCADA product.

-297-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

7-5. SCADA Evolution

SCADA vendors release one major version and one to two additional
minor versions once per year. These products evolve thus very rapidly so
as to meet new requirements of their customers and to take advantage of
new technologies. As was already mentioned, most of the SCADA
products that were evaluated decompose the process in atomic parameters
to which a Tag-name is associated. This is impractical in the case of very
large processes when very large sets of Tags need to be configured.

As the industrial applications are increasing in size, new SCADA

versions are now being designed to handle devices and even entire
systems as full entities (classes) that encapsulate all their specific
attributes and functionality. In addition, they will also support multi-team
development. As far as new technologies are concerned, the SCADA
products are now adopting:

Web technologie, ActiveX, Java, etc.

OPC as a means for communicating internally between the client
and server modules. It should thus be possible to connect OPC
compliant third party modules to that SCADA product.

Note 7-1: What’s OPC & OPC.NET ?

OPC stands for OLE for Process Control. OPC is a series of standards
specifications. The first standard (originally called simply the OPC Specification and
now called the Data Access Specification) resulted from the collaboration of a number
of leading worldwide automation suppliers working in cooperation with Microsoft.
Originally based on Microsoft's OLE COM (component object model) and DCOM
(distributed component object model) technologies, the specification defined a
standard set of objects, interfaces and methods for use in process control and
manufacturing automation applications to facilitate interoperability. The
COM/DCOM technologies provided the framework for software products to be
developed. There are now hundreds of OPC Data Access servers and clients available.
Adding the OPC specification to Microsoft's OLE technology in Windows allowed
standardization. Now the industrial devices' manufacturers could write the OPC DA
Servers and the software (like Human Machine Interfaces HMI ) could become OPC
Clients. The user can use any Data Acess 2 or 3 OPC Client to connect to local and
remote OPC Servers through .NET communications, eliminating the need for
DCOM. Each OPC Systems Service can communicate to Data Access 1, 2 and 3
OPC Servers, Windows .NET and web applications through OPC Controls.NET,
databases through OPC Database.NET and OPC Recipe.NET, and pocket PC
applications through OPC Mobile.NET. All data is centralized for unlimited local
and remote OPC Client connections. Implement one to one, one to many, and using
built in Calculations many to one OPC Item data transfer. The OPC Client.NET
license allows unlimited local and remote deployment of the OPC Systems.NET.

-298-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

Table 7-1. OPC Specifications.

Specification Description
The originals! Used to move real-time data from PLC’s, DCS’s, and
OPC Data
other control devices to HMI’s and other display clients. The Data
Access
Access 3 specification is now a Release Candidate. It leverages earlier
versions and incorporating XML-DA Schema.
Provides alarm and event notifications on demand (in contrast to the
OPC Alarms &
continuous data flow of Data Access). These include process alarms,
Events
operator actions, informational messages, and tracking/auditing
messages.
This specification carries the OPC philosophy to the specialized needs
OPC Batch of batch processes. It provides interfaces for the exchange of
equipment capabilities (corresponding to the S88.01 Physical Model)
and current operating conditions.
This specification takes us from client/server to server-to-server with
OPC Data
communication across Ethernet fieldbus networks. This provides
eXchange
multi-vendor interoperability! And adds remote configuration,
diagnostic and monitoring/management services.
Where OPC Data Access provides access to real-time, continually
OPC Historical changing data, OPC Historical Data Access provides access to data
Data Access already stored. From a simple serial data logging system to a complex
SCADA system, historical archives can be retrieved in a uniform
manner.
All the OPC servers provide information that is valuable to the
OPC Security enterprise. OPC Security specifies how to control client access to these
servers in order to protect this sensitive information and hinders
unauthorized modification of process parameters.
Provides flexible, consistent rules and formats for exposing plant floor
OPC XML-DA
data using XML, leveraging the work done by Microsoft and others on
SOAP and Web Services.
OPC Complex A companion specification to Data Access and XML-DA that allows
Data servers to expose and describe more complicated data types such as
binary structures and XML documents.
OPC A Working Group has been formed to develop a new set of interfaces
Commands that allow OPC clients and servers to identify, send and monitor
control commands which execute on a device.

-299-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

7-6. SCADA Engineering

Whilst one should rightly anticipate significant development and
maintenance savings by adopting a SCADA product for the
implementation of a control system, it does not mean a "no effort"
operation. The need for proper engineering can not be sufficiently
emphasized to reduce development effort and to reach a system that
complies with the requirements, that is economical in development and
maintenance and that is reliable and robust. Examples of engineering
activities specific to the use of a SCADA system are the definition of:

A library of objects (PLC, device, subsystem) complete with

standard object behavior (script, sequences, ..), graphical interface
and associated scripts for animation,
Templates for different types of panels, e.g. alarms,
Instructions on how to control e.g. a device ...,
A mechanism to prevent conflicting controls (if not provided with
the SCADA),
Alarm levels, behavior to be adopted in case of specific alarms, ...

7-7. Potential Benefits of SCADA

The benefits one can expect from adopting a SCADA system for the
control of experimental physics facilities can be summarized as follows:
A rich functionality and extensive development facilities.
The amount of specific development that needs to be performed by
the end-user is limited, especially with suitable engineering.
Reliability and robustness. These systems are used for mission
critical industrial processes where reliability and performance are
paramount. In addition, specific development is performed within a
well-established framework that enhances reliability and robustness.
Technical support and maintenance by the vendor.

For large collaborations, using a SCADA system for their controls

ensures a common framework not only for the development of the
specific applications but also for operating the detectors. Operators
experience the same "look and feel" whatever part of the experiment they
control. However, this aspect also depends to a significant extent on
proper engineering. The benefit to the software suppliers is the ability to
reduce their expenditures for connectivity and focus them on the core
features of the software. For the users, the benefit was flexibility. They
don't have to create and pay for a custom interface.

-300-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

7-8. SCADA Security

The online security of SCADA networks and process management
systems is critical for utility organizations to ensure that there is no
disruption of service, process redirection, or manipulation of operational
data that could result in serious disruption to the nation's critical
infrastructure. The Department of Energy in USA (DOE) and several
countries recognized that "actions are required by all organizations,
government or commercial, to secure their SCADA networks as part of
the effort to adequately protect the nation's critical infrastructure." In fact,
online threats to SCADA systems may pose as much risk for potentially
significant failure within a power generation system as a physical attack.

Note 7-2: Little History

In October 1999, a computer hacker publicly announced his intention to release a
report outlining how to break into power company networks and shut down the power
grids of 30 United States utility companies. This event, which coincided with
warnings from one federal Government agency that “one person with a computer, a
modem, and a telephone line anywhere in the world can potentially…cause a power
outage in an entire region, resulted in heightened industry concern about network
security.

There are several business challenges for utility organizations in

achieving the level of online security that meets security best practices for
SCADA networks and process management systems, including:
No formal definition of security requirements
Lack of incremental security budget
Absence of necessary security expertise
Inability to easily deploy and manage required technology
Need for company-wide employee education on security best
practices

In order to streamline security and help achieve security best practices for
SCADA systems, organization has developed a five-step process
covering the complete security management lifecycle, including phases
for Assessment, Design, Deployment, Management and Education
(ADDME™). The ADDME process identifies and analyzes gaps in the
current security state compared to requirements for security best
practices. It then designs and implements solutions to close those gaps
and ensure ongoing conformity. Figure 7-4 depicts the (ISS) approach to
SCADA networks and process management systems.

-301-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

Fig. 7-6. SCADA security via the ISS approach

-302-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

7-9. Summary

Supervisory control and data acquisition (SCADA) is used as a control

mechanism for chemical plants, electricity generation, electric power
transmission, electricity distribution, district heating, water distribution
networks, waste water treatment as well as industrial measurement
systems.

-303-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

Typically, SCADA systems consist of the following subsystems:

Master Station and human–machine interface (HMI).

A supervisory (computer) system, gathering (acquiring) data on the
process and sending commands (control) to the process.
Remote terminal units (RTUs) connecting to sensors in the process,
Multiple Remote Terminal Units (RTU’s) or Outstations or PLC’s.
Converting sensor signals to digital data and sending digital data to
the supervisory system.
Various process and analytical instrumentation
Communication infrastructure connecting the system to the RTUs

It is possible to purchase a SCADA system or Distributed Control System

(DCS) from a single supplier. So, it is possible to assemble a SCADA
system from different components, like Wonderware HMI, Allen-Bradley
& GE PLC’s, Ethernet communication devices, etc.

There is, in several industries, considerable confusion over the differences

between SCADA systems and distributed control systems (DCS).
Generally speaking, a SCADA system always refers to a system that
coordinates, but does not control processes in real time. In summary, we
can distinguish DCS from SCADA in the following points:

DCS is process oriented, while SCADA is data acquisition oriented.

DCS is process driven, while SCADA is event driven.
DCS is commonly used to handle operations on a single locale, while SCADA is
preferred for applications that are spread over a wide geographic location.

EPICS is an example of an open source software environment used to

develop and implement SCADA system to operate devices such as
particle accelerators, telescopes and other large experiments.

-304-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

7-10. Problems

7-1) Show, with net sketches, the main architecture of a SCADA system

7-2) Describe the main steps to develop a SCADA system.

7-3) What are the main threats for a SCADA system, and how they can be
taken into account when designing a SCADA system?

-305-
Dr. Eng. Muhammad El-SABA
Measurement & Instrumentation Systems CHAPTER 7

7-11. Bibliography.

[1] John Tritak, Understanding SCADA System Security Vulnerabilities,

Riptech, Jan. 2001.
.
[2] John Tritak, Director of the Critical Infrastructure Assurance Office
(CIAO) as quoted in “The Next Y2K?” Utilities IT, February 2000.

-306-
Dr. Eng. Muhammad El-SABA
 Measurement & Instrumentation Systems CHAPTER 7

-307-
Dr. Eng. Muhammad El-SABA

View publication stats