Advantages & Disadvantage of SCADA system?

SCADA stands for "Supervisory Control And Data Acquisition". There are many implementations. Can you on your own think of any reasons one might want to do that?

Jerry

Compared to what ?

Steve

RsK wrote:

Once you know what SCADA (Supervisory Control and Data Acquisiton) is, the answer becomes obvious. A Google search will give you many good explanations. It is used by facilities such as water treatment plants, that are spread out over a large area or multiple buildings, to collect data and control system operation on a supervisory level. In other words, after looking at input data, it sends signals to the various PLCs and other devices to adjust their operating parameters. It would probably not be very useful or cost effective for a small factory in a single room.

Ben Miller

Compared to not having it at all??

Advantages: You can see that your plant is about to explode. Disdavantages: Allowing plant operators to see they're about to get killed might cause panic.. ;-)

Cameron:-)

A typical IT question

Process Control Systems for industrial processes normally come in two flavors: SCADA/PLC systems and DCS systems.

A SCADA/PLC system consists of a PLC doing the actual plant control, with the field instrumentation and actuators wired to it, and the SCADA being the human interface for it.

A DCS has the plant control and human interfacing combined in one system.

A SCADA/PLC system is "normally" significantly cheaper than a DCS and for many applications as good if not better than a DCS.

For some applications, like an oil refinery, a DCS is better, and for these types of applications it is worthwhile to pay more.

Pieter Steenekamp

One disadvantage is that TCP/IP based SCADA systems are (extremely) vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst scenario case, could cause not only financial loss but also loss of life, directly or indirectly.

Source: Wikipedia

Doesn't the vulnerability of any system depend on how access to it is controlled? Cyberthugs are likely to have a difficult time infiltrating a SCADA system that uses in-plant wiring. Not every Ethernet connects to internet.

Jerry

On Mon, 05 Mar 2007 09:42:37 -0500, Jerry Avins proclaimed to the world:

I run into the same kind of thinking with WiFi. WiFi into a separate LAN unconnected from the Internet is pretty damn secure. This warped thinking limits many implementations of technology that would increase productivity.

WiFi is a bit less secure than wire. A member of a local Masonic chapter asked me to recommend a wireless microphone to use for their meetings. I asked if he would be happy with someone parked at the curb being able to tune to it and he dropped the idea.

Jerry

In alt.engineering.electrical Jerry Avins wrote: | Paul M wrote: |> On Mon, 05 Mar 2007 09:42:37 -0500, Jerry Avins |> proclaimed to the world: |> |>> Not every Ethernet connects to |>> internet. |> |> I run into the same kind of thinking with WiFi. WiFi into a separate |> LAN unconnected from the Internet is pretty damn secure. This warped |> thinking limits many implementations of technology that would increase |> productivity. | | WiFi is a bit less secure than wire. A member of a local Masonic chapter | asked me to recommend a wireless microphone to use for their meetings. I | asked if he would be happy with someone parked at the curb being able to | tune to it and he dropped the idea.

You need the encrypted version.

In alt.engineering.electrical Jerry Avins wrote: | snipped-for-privacy@hotmail.com wrote: |> On Feb 12, 4:59 am, "RsK" wrote: |>> Any body please tell me briefly what are the Advantages & Disadvantage |>> of SCADA system? in practical world?. |>> best regards, |>> Rizwan |> |> One disadvantage is that TCP/IP based SCADA systems are (extremely) |> vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst |> scenario case, could cause not only financial loss but also loss of |> life, directly or indirectly. | | Doesn't the vulnerability of any system depend on how access to it is | controlled? Cyberthugs are likely to have a difficult time infiltrating | a SCADA system that uses in-plant wiring. Not every Ethernet connects to | internet.

But a lot of them do, often indirectly (e.g. break in to something else first, then hop through).

Use encryption and switch from TCP to SCTP and it could be a lot less vulnerable, even over the open internet.

Without encryption, it wouldn't be secure at all.

Jerry

The problem with these things is that you start out with an in-plant Ethernet for control, and then somebody wants to put a Windows machine on it so they can have a user interface for the factory floor workers. Then people want to use the Windows machine for other purposes, or the Windows machine insists on a connection to the Internet, and somebody adds connection to the outside world. Then attacks on the Windows machine open up a path into the internal control network.

John Nagle

Yes, it's a problem.. although you generally only need the connection long enough to set the machine up the first time, training the operators _not_ to play interactive Doom3 or similar on their operator stations can be a problem.

One interesting "attack" I'd never thought of before: One of our customers sites had their entire Ethernet MES taken out by lightning - up the internet connection, of course. Idiots.. ;-)

Cameron:-)

...

Doesn't "Just say no" work any more?

Jerry

Damned humans, always the weak link in any system.

We use wonderware at a county jail to talk to the door control PLCs. They won't let me secure the cabinets that the HMI PCs reside in because they have another PC in there that they encourage the user (Custody officer) to hard reboot whenever they have issues. I already took the keyboards out so they couldn't CTRL-ALT-DEL out of wonderware, now I have to disable or physically remove the CDRom drives, USB ports and eny other connection to the outside world to eliminate tampering. Great until I ned in in a hurry to fix something. Already had to rebuild two hard drives due to Officers rebooting the wrong PC. Not good in an operation that is nearly always reading and writing to the HD.

Oh well, thats waht happens when been counter don't understand security or technology!

-Will

The solution to that is to have the automation LAN isolated and separate from the corporate LAN. That's what one of our clients has, and it works very well for them. Except for the ABB Advant Unix boxes, all of the automation PC's run Windows and their specific app - Xterminals, DeltaV, Wonderware or iFix. There are also several Windows PC's on the corporate LAN in the control rooms, and everyone has an account on the domain. These are used for email, online training, record keeping, and the other usual stuff.

Mike

You just reminded me that our county government has *everything* on one wide area network. I think it's possible to put a view client in the County Executive's office that can access the SCADA servers at any of the waste water treatment plants.

Mike