Once you know what SCADA (Supervisory Control and Data Acquisiton) is, the
answer becomes obvious. A Google search will give you many good
explanations. It is used by facilities such as water treatment plants, that
are spread out over a large area or multiple buildings, to collect data and
control system operation on a supervisory level. In other words, after
looking at input data, it sends signals to the various PLCs and other
devices to adjust their operating parameters. It would probably not be very
useful or cost effective for a small factory in a single room.
Compared to not having it at all??
Advantages: You can see that your plant is about to explode.
Disdavantages: Allowing plant operators to see they're about to get killed
might cause panic.. ;-)
Process Control Systems for industrial processes normally come in two
flavors: SCADA/PLC systems and DCS systems.
A SCADA/PLC system consists of a PLC doing the actual plant control,
with the field instrumentation and actuators wired to it, and the
SCADA being the human interface for it.
A DCS has the plant control and human interfacing combined in one
A SCADA/PLC system is "normally" significantly cheaper than a DCS and
for many applications as good if not better than a DCS.
For some applications, like an oil refinery, a DCS is better, and for
these types of applications it is worthwhile to pay more.
One disadvantage is that TCP/IP based SCADA systems are (extremely)
vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst
scenario case, could cause not only financial loss but also loss of
life, directly or indirectly.
Doesn't the vulnerability of any system depend on how access to it is
controlled? Cyberthugs are likely to have a difficult time infiltrating
a SCADA system that uses in-plant wiring. Not every Ethernet connects to
On Mon, 05 Mar 2007 09:42:37 -0500, Jerry Avins
proclaimed to the world:
I run into the same kind of thinking with WiFi. WiFi into a separate
LAN unconnected from the Internet is pretty damn secure. This warped
thinking limits many implementations of technology that would increase
WiFi is a bit less secure than wire. A member of a local Masonic chapter
asked me to recommend a wireless microphone to use for their meetings. I
asked if he would be happy with someone parked at the curb being able to
tune to it and he dropped the idea.
|> On Mon, 05 Mar 2007 09:42:37 -0500, Jerry Avins
|> proclaimed to the world:
|>> Not every Ethernet connects to
|> I run into the same kind of thinking with WiFi. WiFi into a separate
|> LAN unconnected from the Internet is pretty damn secure. This warped
|> thinking limits many implementations of technology that would increase
| WiFi is a bit less secure than wire. A member of a local Masonic chapter
| asked me to recommend a wireless microphone to use for their meetings. I
| asked if he would be happy with someone parked at the curb being able to
| tune to it and he dropped the idea.
You need the encrypted version.
|> |>> Any body please tell me briefly what are the Advantages & Disadvantage
|>> of SCADA system? in practical world?.
|>> best regards,
|> One disadvantage is that TCP/IP based SCADA systems are (extremely)
|> vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst
|> scenario case, could cause not only financial loss but also loss of
|> life, directly or indirectly.
| Doesn't the vulnerability of any system depend on how access to it is
| controlled? Cyberthugs are likely to have a difficult time infiltrating
| a SCADA system that uses in-plant wiring. Not every Ethernet connects to
But a lot of them do, often indirectly (e.g. break in to something else
first, then hop through).
Use encryption and switch from TCP to SCTP and it could be a lot less
vulnerable, even over the open internet.
The problem with these things is that you start out with an in-plant
Ethernet for control, and then somebody wants to put a Windows machine
on it so they can have a user interface for the factory floor workers.
Then people want to use the Windows machine for other purposes, or
the Windows machine insists on a connection to the Internet, and
somebody adds connection to the outside world. Then attacks on the
Windows machine open up a path into the internal control network.
Yes, it's a problem.. although you generally only need the connection long
enough to set the machine up the first time, training the operators _not_ to
play interactive Doom3 or similar on their operator stations can be a
One interesting "attack" I'd never thought of before: One of our customers
sites had their entire Ethernet MES taken out by lightning - up the internet
connection, of course. Idiots.. ;-)
Damned humans, always the weak link in any system.
We use wonderware at a county jail to talk to the door control PLCs. They
won't let me secure the cabinets that the HMI PCs reside in because they
have another PC in there that they encourage the user (Custody officer) to
hard reboot whenever they have issues. I already took the keyboards out so
they couldn't CTRL-ALT-DEL out of wonderware, now I have to disable or
physically remove the CDRom drives, USB ports and eny other connection to
the outside world to eliminate tampering. Great until I ned in in a hurry
to fix something. Already had to rebuild two hard drives due to Officers
rebooting the wrong PC. Not good in an operation that is nearly always
reading and writing to the HD.
Oh well, thats waht happens when been counter don't understand security or
The solution to that is to have the automation LAN isolated and separate
from the corporate LAN. That's what one of our clients has, and it works
very well for them. Except for the ABB Advant Unix boxes, all of the
automation PC's run Windows and their specific app - Xterminals,
DeltaV, Wonderware or iFix. There are also several Windows PC's
on the corporate LAN in the control rooms, and everyone has an
account on the domain. These are used for email, online training,
record keeping, and the other usual stuff.
You just reminded me that our county government has *everything* on one
wide area network. I think it's possible to put a view client in the County
Executive's office that can access the SCADA servers at any of the waste
water treatment plants.