Tuesday 27 November 2007
For a large Natural Gas distributor in The Netherlands, I architected a solutions for the connection of a SCADA system to PLC's in the field. SCADA systems are systems for process management that are used in factories, distribution systems and energy plants. Using computer technology, physical actions in processes are controlled and monitored.
In factories, energy plants or distributed systems, many physical controls are used. These controls can be:
- valves in gas pipes;
- electronic switches;
- pressure sensors;
In the past, people needed to manually open or close valves, or had to check thermometers visually. Today, most of these physical controls are connected to electronics, so they can be controlled remotely.
SCADA stands for “Supervisory Control And Data Acquisition". SCADA systems have 3 purposes:
- Setting values to physical controls (like closing a valve).
- Performing measurements (like the gas temperature in a gas pipe).
- Managing alarms coming from controls (for instance when a temperature is getting below 0°C, an alarm is raised).
Usually, computer screens in the control room display an overview of the complete system, with it's status. The SCADA system is able to zoom-in to a location to show more details.
The physical controls "in the field" are usually connected to PLC's (Programmable Logic Controllers). PLC's are simple computer systems without keyboards or video screens, but with many I/O channels. The I/O channels can be outputs or inputs. Channels can be binary (on/off) or analogue (output or input of a voltage between for instance 0 and 5 volts). The I/O channels are connected to the physical controls. PLC's can be programmed to perform some actions when an event occurs. For instance, the PLC can shut-off a valve if some temperature raises to 100°.
Although PLC's can make some rudimentary decisions, more complex decisions should be made by humans. Therefore PLC's are connected to SCADA systems, which are usually located in a control room in a central building.
PLC's can be located all over a factory plant, or for instance in a natural gas distribution system, across an entire country. Connecting all PLC's to the central SCADA system is not a trivial task. The requirements for the connections are very high. In an electric energy grid, for example, the command for switching off an electric switch should not only be transferred in a few milliseconds, but it must be 100% certain at any time that commands are received by the PLC in the field.
Because SCADA systems are used for several decades now, and because setting-up connectivity is such a complex matter, old, but robust technology is still used frequently. Connections frequently are setup using serial lines, modems, X25 connections, and for more modern setups, TCP/IP WAN links. Special protocols, like IEC870 are used for communication between SCADA systems and PLC's.
Traditionally SCADA systems were closed systems using proprietary technology. The SCADA systems are located in secured control rooms. Therefore, security issues were rare, and not much effort was done to secure the connections between the SCADA systems and the PLC's "in the field".
These days, companies start using more open communication protocols (like TCP/IP over a WAN) and COTS systems (running on for instance Microsoft Windows). This urges the companies to put more effort in securing their SCADA environments. The market for secured SCADA products is still immature at the moment. I expect that the coming years projects will be started to raise the level of security in SCADA systems.
Here is a nice article about the security issues.