Advantages & Disadvantage of SCADA system?

SCADA stands for "Supervisory Control And Data Acquisition". There are many implementations. Can you on your own think of any reasons one might want to do that?

Jerry

Once you know what SCADA (Supervisory Control and Data Acquisiton) is, the answer becomes obvious. A Google search will give you many good explanations. It is used by facilities such as water treatment plants, that are spread out over a large area or multiple buildings, to collect data and control system operation on a supervisory level. In other words, after looking at input data, it sends signals to the various PLCs and other devices to adjust their operating parameters. It would probably not be very useful or cost effective for a small factory in a single room.

Ben Miller

Process Control Systems for industrial processes normally come in two flavors: SCADA/PLC systems and DCS systems.

A SCADA/PLC system consists of a PLC doing the actual plant control, with the field instrumentation and actuators wired to it, and the SCADA being the human interface for it.

A DCS has the plant control and human interfacing combined in one system.

A SCADA/PLC system is "normally" significantly cheaper than a DCS and for many applications as good if not better than a DCS.

For some applications, like an oil refinery, a DCS is better, and for these types of applications it is worthwhile to pay more.

Pieter Steenekamp

One disadvantage is that TCP/IP based SCADA systems are (extremely) vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst scenario case, could cause not only financial loss but also loss of life, directly or indirectly.

Source: Wikipedia

Doesn't the vulnerability of any system depend on how access to it is controlled? Cyberthugs are likely to have a difficult time infiltrating a SCADA system that uses in-plant wiring. Not every Ethernet connects to internet.

Jerry

On Mon, 05 Mar 2007 09:42:37 -0500, Jerry Avins proclaimed to the world:

I run into the same kind of thinking with WiFi. WiFi into a separate LAN unconnected from the Internet is pretty damn secure. This warped thinking limits many implementations of technology that would increase productivity.

WiFi is a bit less secure than wire. A member of a local Masonic chapter asked me to recommend a wireless microphone to use for their meetings. I asked if he would be happy with someone parked at the curb being able to tune to it and he dropped the idea.

Jerry

In alt.engineering.electrical Jerry Avins wrote: | Paul M wrote: |> On Mon, 05 Mar 2007 09:42:37 -0500, Jerry Avins |> proclaimed to the world: |> |>> Not every Ethernet connects to |>> internet. |> |> I run into the same kind of thinking with WiFi. WiFi into a separate |> LAN unconnected from the Internet is pretty damn secure. This warped |> thinking limits many implementations of technology that would increase |> productivity. | | WiFi is a bit less secure than wire. A member of a local Masonic chapter | asked me to recommend a wireless microphone to use for their meetings. I | asked if he would be happy with someone parked at the curb being able to | tune to it and he dropped the idea.

You need the encrypted version.

In alt.engineering.electrical Jerry Avins wrote: | snipped-for-privacy@hotmail.com wrote: |> On Feb 12, 4:59 am, "RsK" wrote: |>> Any body please tell me briefly what are the Advantages & Disadvantage |>> of SCADA system? in practical world?. |>> best regards, |>> Rizwan |> |> One disadvantage is that TCP/IP based SCADA systems are (extremely) |> vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst |> scenario case, could cause not only financial loss but also loss of |> life, directly or indirectly. | | Doesn't the vulnerability of any system depend on how access to it is | controlled? Cyberthugs are likely to have a difficult time infiltrating | a SCADA system that uses in-plant wiring. Not every Ethernet connects to | internet.

But a lot of them do, often indirectly (e.g. break in to something else first, then hop through).

Use encryption and switch from TCP to SCTP and it could be a lot less vulnerable, even over the open internet.

Without encryption, it wouldn't be secure at all.

Jerry

The problem with these things is that you start out with an in-plant Ethernet for control, and then somebody wants to put a Windows machine on it so they can have a user interface for the factory floor workers. Then people want to use the Windows machine for other purposes, or the Windows machine insists on a connection to the Internet, and somebody adds connection to the outside world. Then attacks on the Windows machine open up a path into the internal control network.

John Nagle

Yes, it's a problem.. although you generally only need the connection long enough to set the machine up the first time, training the operators _not_ to play interactive Doom3 or similar on their operator stations can be a problem.

One interesting "attack" I'd never thought of before: One of our customers sites had their entire Ethernet MES taken out by lightning - up the internet connection, of course. Idiots.. ;-)

Cameron:-)

...

Doesn't "Just say no" work any more?

Jerry

Damned humans, always the weak link in any system.

We use wonderware at a county jail to talk to the door control PLCs. They won't let me secure the cabinets that the HMI PCs reside in because they have another PC in there that they encourage the user (Custody officer) to hard reboot whenever they have issues. I already took the keyboards out so they couldn't CTRL-ALT-DEL out of wonderware, now I have to disable or physically remove the CDRom drives, USB ports and eny other connection to the outside world to eliminate tampering. Great until I ned in in a hurry to fix something. Already had to rebuild two hard drives due to Officers rebooting the wrong PC. Not good in an operation that is nearly always reading and writing to the HD.

Oh well, thats waht happens when been counter don't understand security or technology!

-Will

The solution to that is to have the automation LAN isolated and separate from the corporate LAN. That's what one of our clients has, and it works very well for them. Except for the ABB Advant Unix boxes, all of the automation PC's run Windows and their specific app - Xterminals, DeltaV, Wonderware or iFix. There are also several Windows PC's on the corporate LAN in the control rooms, and everyone has an account on the domain. These are used for email, online training, record keeping, and the other usual stuff.

Mike

You just reminded me that our county government has *everything* on one wide area network. I think it's possible to put a view client in the County Executive's office that can access the SCADA servers at any of the waste water treatment plants.

Mike

Baddly designed or just old SCADA systems can be vulnerable to cyberwarefare/cyberterrorism attacks, no matter if they use TCP/IP or not. A modern well designed SCADA system based on TCP/IP protocols can be safer than many older systems bacause uf the use of modern data encryption and authentication tools. That are many old system nowadays in use that have quite poor security on their communications. There are many systems in use that use radio communications with a protocol that does not use any ancryption or reliable authentication. You just need a suitable radio and modem to be able to control the devices on the field (you need to get to know the used protocol and device addresses). Not very secure.

For office IT networks, sure, but how many hackers would even know what an Industrial Ethernet packet looked like, let alone how to manipulate it to their own purposes? It would look like garbled rubbish to them even if unencrypted and unauthenticated.

Tomi, I think you've been watching too many movies..

I, for one, am not convinced that hacking into a radio network is as easy as you say. You certainly need more than a radio and a modem. For starters, you need to know:

1. The frequency band and specific frequencies in use and hope it doesn't use spread-spectrum.
2. What brand/model of equipment is installed to know which protocols are supported.
3. The configuration and addressing used on the network.
4. The configuration and routing for the field devices (I/O numbering, etc.)

Jamming it is easy - but then most radio-based systems would have some kind of hard-wired fallback (eg. leased-line), so that won't do much except ring alarm bells.

Even as the *designer* of many such systems, I'm not sure I could "hack in" unless I had deliberately left a back door open somewhere and then later remembered to document it someplace.

Cameron:-)

On Tue, 06 Mar 2007 04:57:06 GMT, "Mike Lamond" proclaimed to the world:

Well that was what the view software was advertised to do. I don't think it is a bad thing in itself, you just have to look at failure modes and build decent security. Who wants to take over a waste water plant anyway?

Everyone seems to bring security issues up but how often has hackers caused any problems in an industrial control situation? I am also not saying to leave the door open either. I hear and suffer through a lot of security installed because of trade secrets protection. I wonder how much of this really goes on. Trade secrets tend to be inside jobs.