SCADA upgrade: PID, supervisory control and data acquisition

The paper presents the experimental validation procedure of a simple cascade control system through number of architectures, such as SCADA, PLC, OPC and internet. The performance and effectiveness of individual architecture is evaluated on the basis of data rate, rise time, peak time and settling time. In this study, PID is implemented on Micrologix-1200 PLC and RSView-32 SCADA has been used with RSLinx communication software. The PLC–SCADA control loop is implemented with the functionalities such as, real time data analysis, set point modifications, automatic report generation and integration of data with MS-Excel and MS-Access. The enhancement in project data analysis is effectively done through the integration of PLC with Labview. The remote monitoring and control of process parameters is done using NET-ENI. The obtained result proved that the conventional SCADA based control system can be enhanced further more with PLC as well as NI-OPC server significantly.
Instrumentation engineering

In addition, global terrorism has the public and media concerned about the security of public utility companies’ critical infrastructure and their SCADA systems. Despite the public fears, there is no reason for utility companies to shun the immense benefits resulting from the integration of SCADA systems and the advantages of the Internet. The threat may be real, but the measures to protect SCADA systems are, fortunately, relatively easy.
Perhaps the greatest danger to utility companies is the lack of awareness of the need for greater security. Many public and private companies controlling vital public utilities like gas, power and water, never thought they would be the target of cyber attacks and now must implement measures to improve network security. While many utility companies perform regular risk assessments of their SCADA systems, too many do not. They have become dependent on their tightly integrated digital information systems without fully understanding the potential impact of a cyber attack.
SCADA systems were traditionally “walled off” from other systems operating independently from the network. Prior to the awareness of possible attacks, this seemed to provide all the protection the SCADA system needed. They were largely proprietary systems with such limited access and esoteric coding that very few people would have the ability to access them to launch an attack. Over time, however, they became integrated into the larger company network as a means to leverage their valuable data and increase plant efficiency. Therefore, the reality is their security is now often only as strong as the security of the network.
Protecting Your SCADA Network
The first step
The first step towards securing SCADA systems is creating a written security policy, an essential component in protecting the corporate network. Failure to have a policy in place exposes the company to attacks, revenue loss and legal action. A security policy should also be a living document, not a static policy created once and shelved. The management team needs to draw very clear and understandable objectives, goals, rules and formal procedures to define the overall position and architecture of the plan.
Key personnel such as senior management, IT department, human resources and the legal department all should be included in the plan. It should also cover the following key components:
• Roles and responsibilities of those affected by the policy
• Actions, activities and processes that are allowed and those that are not allowed
• Consequences of non-compliance
Vulnerability Assessment
A key aspect of preparing a written security policy is to perform a vulnerability assessment prior to completing the written policy. A vulnerability assessment is designed to identify both the potential risks associated with the different aspects of the SCADA-related IT infrastructure and the priority of the different aspects of the infrastructure. This would typically be presented in a hierarchical manner, which in turn sets the priority to address security concerns and the level of related funding associated with each area of vulnerability.
For example, within a typical SCADA environment, key items and the related hierarchy could be as follows:
• Operational Availability of Operator Stations
• Accuracy of Real Time Data
• Protection of System Configuration Data
• Interconnection to Business Networks
• Availability of Historical Data
• Availability of Casual User Stations
A vulnerability assessment also acts as a mechanism to identify holes or flaws in the understanding of how a system is architected and where threats against the system may originate.
To successfully complete a vulnerability assessment, a physical audit of all the computer and networking equipment, associated software and network routings needs to be performed. A clear and accurate network diagram should be used to present a detailed depiction of the infrastructure following the audit.
After defining the hierarchy and auditing the different system components, the following areas of vulnerability need to be addressed, as they relate to each component, as part of the assessment process:
Network and operating environment security
• Application security
• Intrusion detection
• Regulation of physical access to the SCADA network
It should also be understood when dealing with the SCADA infrastructure that there are commonalities and differences between SCADA-related IT security and IT security focused on typical business systems. For example, in a business systems environment, access to the server is typically the key focus. Whereas in a SCADA environment, the access focus is at the operator console level. This difference produces both alternate network topologies to provide the necessary availability as well as a different focus on what elements of the SCADA system would be of highest priority to safeguard against security breaches.
Further Security Measures
As previously mentioned, SCADA networks were once separate from other networks and physical penetration of the system was needed to perpetuate an attack. As corporate networks became electronically linked via the Internet or wireless technology, physical access was no longer necessary for a cyber attack. One solution is to isolate the SCADA network; however, this is not a practical solution for budget-minded operations that require monitoring plants and remote terminal units (RTU) from distant locations. Therefore, security measures need to be taken to protect the network, and some common security mechanisms apply to virtually all SCADA networks, which have any form of wide area (WAN) or Internet-based access requirements. The core elements of each method are discussed in the following:
Network Design – Keep It Simple
Simple networks are at less risk than more complex, interconnected networks. Keep the network simple and, more importantly, well documented from the beginning.
A key factor in ensuring a secure network is the number of contact points. These should be limited as far as possible. While firewalls have secured access from the Internet, many existing control system have modems installed to allow remote users access to the system for debugging. These modems are often connected directly to controllers in the substations. The access point, if required, should be through a single point that is password protected and where user action logging can be achieved.
Firewalls
A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from outside users. A firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network, so that no incoming request can get directly at private network resources.
In packet switched networks such as the Internet, a router is a device or, in some cases, software in a computer, that determines the next network point to which a packet should be forwarded toward its destination. The router is connected to at least two networks and decides which way to send each information packet based on its current understanding of the state of the networks to which it is connected. A router is located at any gateway (where one network meets another), including each point of presence on the Internet. A router is often included as part of a network switch.
It is imperative to utilize a secured firewall between the corporate network and the Internet. As the single point of traffic into and out of a corporate network, a firewall can be effectively monitored and secured. It is important to have at least one firewall and router separating the network from external networks not in the company’s dominion.
On larger sites the control system needs to be protected from attack within the SCADA network. Implementing an additional firewall between the corporate and SCADA network can achieve this aim and is highly recommended.