SCADA

SCADA
ISPE - HPCL-CPM-PCP V PEP Batch
Mr. Arpit Jain

Assistant Professor – Senior
Scale
EIC Dept. CoES, UPES
January 2017 Prof. Arpit Jain

Contents
• Telemetry & SCADA Systems

• Instrumentation & SCADA
• Maintenance and Condition Monitoring of T &
I Equipments & SCADA
• Control Room Layout
• SCADA in Oil & Gas Pipelines
• Leak Detection through SCADA
• SCADA security and Attack Case Study

TELEMETRY & SCADA

Automation
Automation is the use of control systems such as computers to

control industrial machinery and processes, reducing the need
for human intervention.

Detailed structure of control system hierarchy

TELEMETRY
• Telemetry is the mechanism by which information is interchanged
with remotely separated locations for the purpose of monitoring
and/or control. Telemetry ranges in complexity from systems with a
couple of I/O to complicated controlling systems of pipelines
embracing more thousand technological units.
• Various communication medium utilized for telemetry are:
– Wired
• Optical Fiber
• Landline (Communication Buses like Profibus, GPIB, Coaxial cable etc.)
– Wireless
• Radio Frequency
• Microwave
• Satellite
• Cellular based

Communication Techniques
Transmission technique and protocol generally depends on the selection of
communication media, each optimized or using clever ways of improving bandwidth,
or decreasing cost per connection. Regardless of the communication techniques used.
it is a fundamental requirement for different devices on a common communication
channel to be uniquely identified. This usually takes the form of a device address
unique to that device. Two most commonly used transmission techniques are:
• Master/Slave Communication
– Most commonly used
– Centralized Communication Control
– Employs sequence based polling communication
– Generally only one device can send data at a time
– Low bandwidth electivity
– Expansion of a transmitting node(s) /RTUs directly impacts on update rates
• Peer-to-Peer Communication
– Allows all devices to initiate communication
– No centralized communication controller
– Expansion of a transmitting node(s) /RTUs have minimal impact on update rates

Enhancing Reliability in Communications
Some telemetry systems require very high communications reliability. This can be achieved through:
• Duplication of critical equipments (radio repeater system)
• Redundant communication channel OR Dual communication channel system
Data gathering techniques
• Polling techniques
– Single master Station sequentially requests data from each of the remote stations
– Wasted communication bandwidth
– Slow
• Polled report by Exception
– The master spend most of its time requesting event changes from the remotes. If no changes
have occurred, then there will be no event data to return to the master
– More efficient and faster
• Unsolicited Report By Exception Techniques
– Ability for a remote station to initiate a communication without first being requested to do so
– Efficient use of Bandwidth
• Quiescent Techniques
– All communication is unsolicited report by exception and the receiver always acknowledges
reception of transmitted messages
– Most bandwidth efficient technique

SCADA
SCADA stands for Supervisory Control And Data Acquisition. As the name
indicates, it is not a full control system, but rather focuses on the supervisory
level. As such, it is a purely software package that is positioned on top of
hardware to which it is interfaced, in general via Programmable Logic
Controllers (PLCs), or other commercial hardware modules. Various
components of SCADA are:
• Remote Terminal Unit
• Communication
• Master Terminal Unit
• software
• Human Machine Interface
• Remote Standby/Redundancy
Basic Architecture of SCADA System

WHAT SCADA IS?
SCADA is a technology permitting to collect and process data received from the
remote sites (in terms of distance from the Control Center), and transmit commands
via radio, satellite, wire or GSM communication systems.
WHAT SCADA USES?

SCADA systems are based on modern computing technologies and networking
technologies enabling the system designer to implement a customized application that
can grow with expanding needs.
WHAT SCADA DOES?

SCADA enables an industrial process operator to monitor and control equipment
status, to open and shut valves or motors, to view each of the technological process
parameters – all from a single Central Control Room.
WHAT SCADA OFFERS?

SCADA offers control and management of an industrial process providing highly
Efficient cost effective Operation.

SCADA vs. DCS
People new to the industry often use the terms SCADA and DCS (distributed
control system) interchangeably. Although there is no sharp line separating
these two categories of control systems, and specific implementations often
have characteristics of each, it is useful to distinguish between them because
of their unique strengths and weaknesses
SCADA DCS
Geographic span Large – cross country Small – single pump station

Point Count Large Small
Data Acquisition Rates Moderate – seconds to minutes Very fast - milliseconds to seconds
Data Acquisition Network Slow with moderate error rate Fast with low error rate
Graphic User Interface (GUI) Full featured Basic
Alarming Subsystem Full featured Basic

Control Actions Human initiated Programmatically initiated
Operation Philosophy Data gathering oriented Process oriented

Advanced features of SCADA
Many users of pipeline SCADA systems choose to enhance the basic monitoring
and control capabilities of their SCADA system by adding related advanced
applications. Typical advanced applications used with pipeline SCADA systems
include:
• Pipeline model / simulation – understand behavior of pipeline

• Controller training system – controller training without involving the
operating pipeline
• Computational pipeline monitoring (CPM) – software based leak detection
• Batch tracking and scheduling – monitors batch location, calculate ETA
• Power optimization – optimal pump or compressor usage
• Open path analysis – ensures product path is not blocked by a closed valve
• Historical playback – GUI displays presenting historical data
• Intelligent alarm processor – helps identify the root cause of an upset
• Gas load forecaster – weather forecast and historical usage data to estimate
the expected gas load
SCADA ARCHITECTURES
First Generation SCADA system
• Mainframe systems • virtually no connectivity to other systems

• Proprietary environment
• Networks were generally non-existent

Second Generation- Distributed
• Improvement in system
miniaturization
• Developments in Local Area

Networking (LAN) technology
• Multiple stations, were

connected to a LAN
• Communications processors
• Real-time information sharing
• Less expensive

Third Generation- Networked
• Current generation
• Open system Architecture
• Utilization of open standards
• Advanced networking and

communication capabilities
• Distribution of SCADA functionality

across a WAN and not just a LAN
• Recent development includes cloud

based support and remote view, and
basic controls are supported on
mobile devices.

Features and Functionalities of SCADA
• Dynamic process graphics • Access Control

• Alarms • MMI or HMI
• Real Time Trend • Trending
• Historical Time Trend • Alarm Handling
• RTU (and PLC) interface • Logging/Archiving
• Application Security • Report Generation
• Database Connectivity
• Device Connectivity
• Fault tolerance and
Redundancy
• Distributed processing
Benefits
The presence of a SCADA system for real time surveillance and monitoring provides
both operational and economic benefits. These benefits include:
Operational Considerations
• Geographic area of operation (size of service area)
• Size of company (number of customers)
• Improved timeliness and frequency of operational data
• Integrated operational analysis
• Improved precision and accuracy of operational data
• Documentation of measurement equipment accuracy
• Rapid response to emergencies or upsets
Economic Considerations
• Reduced personnel requirements
• Decreased cost of operation
• Improved operational efficiency
• Improved load-balancing ability

Features that enhance benefits of SCADA
1. Leak Detection System
2. Line / Product Balance (Flow Measurement)
3. Batch Tracking
4. Pig Tracking
5. Pipeline Efficiency
6. Operator Trainer/Plant Simulation Software
7. Cathodic Protection System Performance
8. Instrument Analysis
9. Fire Protection System ,etc.

INSTRUMENTATION & SCADA

Instrumentation
Instrumentation is generally referred to science of measurement
and control of process variables within a production, laboratory,
or manufacturing area. Any measuring instrument generally
consists of:
• Primary sensor
• Transduction device
• Signal conditioning
• Display/meter

Sensor to Panel system
Earlier SCADA systems employed Sensor to Panel connection i.e. each sensor
was hardwired to the central control panel. The advantages of such a system
were:
• Simple
• No CPU, hence no software or programming
But the disadvantages of such a system were much greater than that of there
advantages:
• Huge wiring
• Up gradation of system was very complex
• Re configuration of system is extremely difficult
• Storage of data is minimal and difficult to manage
• Greater manpower requirement

Modern SCADA system
With the advent of the CPU and other electronic devices, manufacturers incorporated
digital electronics into preexisting relay logic equipment and rapidly were completely
replaced by same.
The advantages of the PLC / DCS based SCADA system are:
• More sensors can now be connected
• Flexibility to view data using remote monitoring
• Different types of RTU can be handled
• Real time data analysis
• Simulation tool availability
• Easy digital storage
• Configurable display
Disadvantages:
• More complicated
• Software engineers are required
• Still lot of wiring

As the requirement for smaller and smarter systems grew, sensors were
designed with the intelligence of PLCs and DCSs. These devices are known
as IEDs (intelligent electronic devices). The IEDs are connected on a
fieldbus, such as Profibus, Device net or Foundation Fieldbus to the PC.
They include enough intelligence to acquire data, communicate to other
devices, and hold their part of the overall program. The advantages of the
PC to IED field bus system are:
• Minimal wiring
• More flexible and transparent
• Higher data throughput
• Installation and replacement is easy
• Less physical space required
The disadvantages are:
• More sophisticated
• More dependency on communication

On a more complex SCADA system
there are essentially five levels or
hierarchies:
• Field level instrumentation and

control devices
• Marshalling terminals and RTUs
• Communications system
• The master station(s)
• The commercial data processing
department computer system

PLC Programmable Logic Controllers
• A programmable logic controller (PLC) or programmable controller is a

digital computer used for automation purposes. PLC is designed for
multiple inputs and output arrangements, extended temperature ranges,
immunity to electrical noise, and resistance to vibration and impact
A typical rack mounted PLC

PAC Programmable Automation Controllers
• PAC has all the capabilities of PLC with some added features
like task flexibility, integrated communication interfaces and
very high computing power.

RTUs
An RTU (remote telemetry unit),
may be a standalone data
acquisition and control unit,
generally microprocessor based
which monitors and controls
equipment at some remote location
from the central station. Its primary
task is to control and acquire data
from process equipment at the
remote location and to transfer this
data back to a central station. Small
sized RTUs generally have less than
10 to 20 analog and digital signals,
medium sized RTUs have 100
digital and 30 to 40 analog inputs.
RTUs, having a capacity greater
than this can be classified as large.

I/O Modules
• Analog I/O module

• Digital I/O module
• Mixed I/O module

Analog input modules
There are five main components These have various numbers of
making up an analog input module. inputs. Typically there are:
They are:
• The input multiplexer • 8 or 16 Analog inputs
• The input signal amplifier • Resolution of 8 or 12 bits
• The sample and hold circuit • Range of 4–20 mA (other
possibilities are 0–20 mA/±10
• The A/D converter volts/0–10 volts)
• The bus interface and board • Input resistance typically 240 kΩ
timing system to 1 MΩ
• Conversion rates typically 10
microseconds to 30 milliseconds
• Inputs are generally single ended
(but also differential modes
provided)

Optocoupler Circuit
Figure shows a typical AC/DC input circuit. After the interface detects a valid
signal, it passes the signal through an isolation circuit, which completes the
electrically isolated transition from an AC signal to a DC, logic-level signal. The
logic circuit then makes the DC signal available to the processor through the
rack’s back plane data bus, a pathway along which data moves. The signal is
electrically isolated so that there is no electrical connection between the field
device (power) and the controller (logic). This electrical separation helps prevent
large voltage spikes from damaging either the logic side of the interface or the
PLC. An optical coupler or a pulse transformer provides the coupling between the
power and logic sections.

Piping & Instrumentation Diagrams
Detailed graphical representation of a process including the
hardware and software (i.e. piping, equipment, instrumentation,
and control loops) necessary to design, construct and operate the
facility.
Implications and Applications of P&ID Sheet
• Process parameters, redundancy, criticality, and measurement
devices and techniques identification.
• Provide reference for the number of instruments/devices in the
form of Instrument list.
• Will act as installation guide and reference for commissioning
and erection.
• Scope of supply of various devices will be indicated.
• Instrument list & Control system I/O list.
Screenshot of a Condensate Storage tank P&ID sheet
MAINTENANCE AND CONDITION MONITORING
OF T & I EQUIPMENTS & SCADA

SCADA equipments and systems
Some of the Major instruments located in various parts of a pipeline
system are:
• Flow Transmitter (FT)
• Flow Indicator(FI)
• Flow computer
• Temperature Transmitter (TT)
• Temperature Indicator (TI)
• Temperature gauge
• Thermowell
• Pressure Transmitter (PT)
• Pressure Indicator (PI)
• Pressure gauge
• Remote Terminal Units (RTU)

Maintenance Philosophy
The maintenance philosophy of Instrumentation system is based
on the company’s maintenance philosophy, Vendor’s
recommendation and Plant Maintenance Module under ERP-
SYSTEM System for various systems. The endeavor is made that
every system functions smoothly and provide uninterrupted
availability of equipments for the operation of Compressor
Station, to ensure
• Minimum downtime
• Keeping spare consumption within bench mark limit.

Types of maintenance activities
• Preventive maintenance
• Predictive maintenance
• Major/Breakdown maintenance
Out Sourcing Maintenance Services
The requirement of the jobs to be out sourced shall be identified by Maintenance
Planner. A complete proposal, justifying the need and indicating the financial
implication shall be prepared and included in the Annual Budget. Financial
concurrence shall be obtained for the expenditure involved. Approval from competent
authority shall be obtained, as per Delegation of Powers (D.O.P).
Monitoring & Maintenance at Repeater Stations
For carrying out any maintenance work preventive / breakdown by any department at
any of the station, the pipeline department of the respective section & MCR must be
informed. However, for carrying out any control functions / modifications with valve,
CCVTs etc. pipeline representative must accompany so as to avoid any breakdown /
shutdown of the system

Maintenance of Equipment Through System
• Auto notification shall be • Return of permit and unused

generated by ERP for preventive material after completion
maintenance • Maintenance order should be
• Control room should generate list completed with actual data after
for unplanned maintenance completion
• Auto maintenance order is • Technical completion report
generated by ERP for calibration • Closing of notification by
of instruments maintenance planner
• Priority of equipment • Equipment history maintains all
• Maintenance planner shall follow the records maintenance order
task list and notifications
• Spares and consumables • Information flow, equipment
• Work clearance application for data, cost calculation, Equipment
safe operation History becomes easy to store
and archive it as per requirement.

Calibration of instruments
Calibration of Instruments is to be carried out as per Maintenance Plan. Calibration frequency is defined
in the Task List. Calibration frequency of all Instruments is one year except meters used in custody
transfer applications. Following are the important points to keep in track for calibration activities:
• History sheet – Gets updated automatically and can be retrieved when needed
• Annual calibration plan – Scheduling of maintenance plan is created by the system at the beginning
of the month
• Calibration procedure – Work clearance document shall be obtained and completion of activity
should be ensured by HOD of the department
• Proving of turbine meter – Proving interval for Turbine Meter used at terminals for custody transfer
shall not exceed 5 years.
• Sealing for integrity – To prevent tampering of setting by unauthorized personals
Non conforming instruments
• Identification and storage – Instruments found non-conforming to the required standards will be
marked as “Rejected” and will be stored in a place kept reserved for such instruments
• Downgrading – No downgrading of the non-conforming instruments is allowed. If the error of is
found to be more than permissible limit the same should not be used and marked as REJECTED.
• Disposal – The non-conforming instruments declared as “Rejected” and other scrap will be returned
to the store from time to time as per the prevailing stores procedure

Control Room Layout

Recommended installation practice
The central site computer facilities have to be designed and installed to
ensure the satisfactory operation of the hardware and software and to ensure
that the operators and other users can use the system effectively and safely.
There are a number of requirements, which have to be carefully adhered to in
installing the computer system in a building. These are:
• Environmental considerations – control room environment must be
appropriate to the computer system and the associated electronics
systems
• Earthing and Shielding – Ensure that all hardware is securely earthed
• Cabling – cabling should be shortest and free from any kind of interference
• Power connections – For installations near sources of electrical
interference, an isolation transformer is a recommended approach
• Ergonomic requirements – Improved working environment for control
room personnel

Design methodology
The flowchart represents the idealized path

for the systematic introduction of
ergonomics
The majority of tasks in a computer control
room can be broken down into the
following:
• Monitoring of the system
• Control adjustments
• Alarm/emergency procedures
• Staying awake

Typical control room layout
The horseshoe control room layout is
designed so that anyone in the center
can see all the screens. Following are
the key points that should be noted
while designing control room layout:
• Lighting – 400 lux for control room
with a personal level of 200 to 600
lux
• Sound level – maximum noise
level of 54 to 59 dB
• Ventilation – air temperature
should be between 20°C and 26°C,
relative humidity range of 40 to
60% RH fresh air should flow at
the rate of 7 liters/sec per person
• Colors of equipment – Colors for
walls and equipment should have
a matt finish

Design of computer displays
The approach should be to ensure that the displays are as easy to read and
understand.
The architecture of displays is to have a progressive decrease in scope of the displays

and a progressive increase in detail as the operator looks for some specific
information. Displays are generally organized in three layers:
• Primary level – overview
• Secondary level – detailed display associated with corresponding primary level
• Tertiary level – more details on certain secondary level displays
With more than three levels, the display becomes unduly complex and
this should be avoided unless absolutely necessary. Zoom boxes are
useful features, which provide more detail on a specific area of the
schematic. The various graphic screens that are available are:
• Free form graphic screens –
– Screen format can be created by the users,
– Using custom layout and symbols
– Completely flexible
• Operating group displays
– Based on standard set of symbols
• Trend displays
– Trends for the data of analog values
• Alarm displays
– Log the current alarms for the system
– Priority assignment: High, Medium, Low, Event only
– Color coding: Red, Magenta, Yellow
– Tagging of alarm

Alarm processing
Alarm is one of the most important feature of operator display and has a high
impact on the health of the plant. The alarm function should be viewed as an
integral part of the operator interface and not as a stand-alone feature. The figure
below illustrates the actions that occur on an alarm being activated.

SCADA in Oil & Gas Pipelines

Producing Wells How Natural Gas Gets
To Your Home
Transmission Lines
Gathering Lines
Processing Plant
Compressor LNG
Stations or Propane/Air Plant
Underground
Storage
City Gate
(Regulators/Meters)
Large Volume
Customer
Residential
Customers
Regulator/Meter
Commercial
Customers
Large Volume
Customers
Distribution Mains (Lines)

Hierarchical structure of CGD SCADA system
• Master control station (MCS)

– Communicate with all the CCC.
– Has two servers, one primary and other redundant.
• Standby master control center (SCC)
– Will be able to monitor and control total CGD systems in
case of any emergency at MCC
• City control center (CCC)
– Monitor and control CGD network of the city.
– Collect all the data of the CGD Network and will send it to
MCC & SMCC
• City gate station (CGS)
– It has Flow Meter & Flow Computer

Applications
• Data Historians • Advanced Regulatory Control

– Ability to collect and store large amount of – Microprocessor based control
operational data – Implementation of cascade control,
– Statistical analysis feedforward control etc.
– Automatic report generation • Multi-Variable Predictive Control
• Asset and Performance Management – Data intensive algorithms can be
– Maintenance management implemented with microprocessor based
– Work order generation control
– Predictive maintenance – Control system is more robust
– Online equipment health monitoring – Better decoupling
– Inventory management • Optimization
• Statistical Process Control – Better optimization using linear/non-linear
techniques
– Data from historian can be used for
statistical process control
– Process characterization
– Experimental design and simulation

Leak detection through SCADA

Pipeline leak
Due to the pipeline damage the pipeline product will escape from the
pipeline, which is known as pipeline leak. Results of leakage include:
• Loss of product
• Environmental hazards
• Loss of life
An effective & efficient leak detection system is necessary with a good
sensitivity

Leak Detection Utilities
• Accurate product release alarm

• Estimation of leak location and magnitude
• High sensitivity to product release
• Efficient field and control center support
• Minimum Software and configuration tuning
• Minimum impact from communication outages
• Accommodation for complex operating conditions, such as
transients
• Configurability to complex pipeline networks
• Accurate imbalance calculations on flow meters

Leak detection methods
• Internal leak detection systems: Use operating data

retrieved by the SCADA system
– Rate of change
– Line balancing methods
– Real time transient modeling
– Statistical modeling
• External leak detection systems: Use sensors that may or
may not be physically connected to the pipeline
– Acoustic emission
– Electrical cable sensors
– Fiber optic sensors
– Vapor sensing

Volume balance method
Also known as line balance, compensated volume balance, or
mass balance.
• Based on measuring the discrepancy between the incoming
(receipt) and outgoing (delivery) product volumes of a
particular pipeline segment. During a unit time interval, the
volume of product that enters a pipe may not be equal to the
measured volume exiting the pipe. The difference is
accounted for by uncertainties in line pack and flow
measurement. This relationship is stated below:
𝑑𝑉𝑠
𝑄𝑖𝑛 − 𝑄𝑜𝑢𝑡 ≤ 𝑑𝑄𝑚 +
∆𝑡
However basic line balance does not compensate for changes in
line pack due to pressure, temperature, or product composition.

Real time transient modeling
RTTM involves the computer simulation of pipeline conditions. It
can predict the size and location of leaks by comparing the
measured data for a segment of pipeline with the predicted
modeled conditions.
• Most sensitive
• Most complex and costly
This analysis is done in a three-step process.
• The pressure-flow profile of the pipeline is calculated based
on measurements at the pipeline or segment inlet
• The pressure-flow profile is calculated based on
measurements at the outlet
• The two profiles are overlapped and the location of the leak is
identified as the point where these two profiles intersect
Pressure analysis (Rarefaction wave monitoring)
When product breaches the pipeline wall there is a

sudden drop in pressure at the location of the leak
followed by rapid line repressurization a few milliseconds
later.
The resulting low-pressure expansion wave travels at the
speed of sound through the liquid away from the leak in
both directions.
Instruments placed at intervals along the pipeline
respond as the wave passes.
This method is particularly useful in identifying large leaks
rapidly. Smaller leaks typically take longer to detect and
very small, pinhole leaks may go undetected.

Acoustic emissions
• Escaping liquid creates an acoustic signal as it passes through
a perforation in the pipe
• Acoustic sensors affixed to the outside of the pipe monitor
internal pipeline noise levels and locations
• These data are used to create a baseline “acoustic map” of
the line

Fiber optic sensors
Two types:
1. DTS – distributed
temperature sensing
2. DAS - distributed acoustic
sensing
• Sensing probes are driven
into the soil beneath or
adjacent to the pipeline.
• In the presence of
hydrocarbons, the patented
covering of the sensor
changes its refractive index
due to temperature change
in DTS and due to vibrations
in DAS .
• This change is registered
optically by the sensor and
converted to a parts-per-
million reading of
hydrocarbons.
Electrical cable sensors
Liquid sensing cables are buried beneath or adjacent to a pipeline.

• Sensor Cable Systems are capable of locating multiple leaks without loss of
accuracy and sensitivity. Leak locations can be determined to within 5 feet of
source.
• Sensor cables utilize Time Domain Reflectometry technology as the basis of
leak detection.
• The technology operates similar to radar. Thousands of times each minute,
safe energy pulses are sent out on the sensor cables. As these energy pulses
travel down the cable, reflections are returned to the monitoring unit and a
"map" of the reflected energy from the cable is stored in memory.
• The presence of liquids on the sensor cable, in sufficient quantities to "wet"
the cable, will alter its electrical properties. This alteration will cause a change
of the reflection at that location.
Disadvantages include:
• Very high installation costs
• Extensive power and signal wiring requirements

Vapor sensing
• A vapor sensing tube is installed along the entire length of the pipeline
• This tube is highly permeable to the substances to be detected in the
particular application.
• If a leak occurs, the substances to be measured come into contact with the
tube in the form of vapor, gas or dissolved in water.
• In the event of a leak, some of the leaking substance diffuses into the tube
due to the concentration gradient and thus detected by gas sensors.

SCADA SECURITY

Common Misconceptions and security Vulnerabiliets
Misconception
• Misconception #1 – “The SCADA system resides on a physically
separate, standalone network.”
• Misconception #2 – “Connections between SCADA systems and
other corporate networks are protected by strong access controls.”
• Misconception #3 – “SCADA systems require specialized knowledge,
making them difficult for network intruders to access and control.”
Vulnerabilities
• Public Information Availability
• Insecure Network Architecture
• Lack of Real - Time Monitoring

Common threats seen in SCADA
• Attackers : Attackers break into networks for the thrill of the
challenge or for bragging rights in the attacker community. They
will have good knowledge about computers.
• Bot-network operators : Bot-network operators are attackers;
however, instead of breaking into systems for the challenge or
bragging rights, they take over multiple systems to coordinate
attacks and to distribute phishing schemes, spam, and malware
attacks.
• Insiders : The disgruntled insider is a principal source of computer
crime. Insiders may not need a great deal of knowledge about
computer intrusions because their knowledge of a target system
often allows them to gain unrestricted access to cause damage to the
system or to steal system data.

• Foreign intelligence services : Foreign intelligence services
use cyber tools as part of their information gathering and
espionage activities.
• Spammers : Spammers are individuals or organizations that
distribute unsolicited e-mail with hidden or false information
to sell products.
• Criminal groups : Criminal groups seek to attack systems for
monetary gain. Specifically, organized crime groups are using
spam, phishing, and spyware/malware to commit identity theft
and online fraud.
• Phishers : Phishers are individuals or small groups that execute
phishing schemes in an attempt to steal identities or
information for monetary gain
SCADA failure
The effect on a company of a SCADA system failure depends on a number of
factors, such as those listed below:
• Geographic spread
• Number of RTUs
• System complexity
• Design philosophy
• Type of operation (distribution or transmission).
• Time of day
• Day of week
• Interdependencies
There are three main types of SCADA system failure:

• Loss of data from a single point or region of the system
• System controller blind
• Controller intervention is disrupted

Case study of SCADA attack
• Vitek Boden worked for Hunter Watertech, an Australian firm that installed
SCADA radio-controlled sewage equipment for the Maroochy Shire Council in
Queensland, Australia (a rural area of great natural beauty and a tourist
destination )
– Applied for a job with the Maroochy Shire Council
– Walked away from a ―strained relationship‖ with Hunter Watertech
– The Council decided not to hire him
– Boden decided to get even with both the Council and his former employer
• On at least 46 occasions issued radio commands to the sewage equipment

– Caused 800,000 liters of raw sewage to spill out into local parks, rivers and
even the grounds of a Hyatt Regency hotel
– Marine life died, the creek water turned black and the stench was
unbearable for residents

Time Line
• 1997-December 1999 – Boden employed by Hunter Watertech

• December 3, 1999 – Boden resigns from Hunter Watertech
• Early December 1999 – Boden seeks City Council employment
• Early January 2000 – Boden turned down
• February 9-April 23, 2000 – SCADA system experiences series of faults
• March 16, 2000 – Hunter Watertech investigator tried to troubleshoot
system
• April 19, 2000 – Log indicates system program had been run at least 31
times
• April 23, 2000 – Boden disabled alarms at four pumping stations using the
identification of pumping station 4.
• April 23, 2000 – Boden pulled over by police with computer equipment in
car
• October 31, 2001 – Boden convicted in trial – sentenced to 2 years
• March 21, 2002 – Appeal rejected

Evidence Found in Boden’s Vehicle
• Laptop
– Reloaded February 28, 2000
– Software used in the sewerage system (re)installed February 29
– Run at least 31 times prior to April 19
– Last run on April 23
• Motorola M120 two-way radio same type used in the Council’s
system
– Tuned into the frequencies of the repeater stations
– Serial numbers matched delivery docket provided by the supplier of
the radios to Hunter Watertech
• PDS Compact 500 computer control device
– Address set to spoof pumping station
– Serial number identified it as a device which should have been in the
possession of Hunter Watertech

Observations
• Boden was an insider who was never an employee of the organization he
attacked
– Employee of contractor that supplied IT/control system technology
– With his knowledge he was the ―ultimate insider
• Contractor’s responsibilities unstated or inadequate
– Management, technical and operational cyber security controls
– Personnel security controls
– Background investigations
– Protection from disgruntled employees
• As a skillful adversary, Boden was able to disguise his actions
– A number of anomalous events occurred before recognition that the
incidents were intentional
– Extensive digital forensics were required to determine that a deliberate
attack was underway
• No existing cyber security policies or procedures
• No cyber security defenses

• Difficult to differentiate attacks from malfunctions
• When/why is it important to determine whether intentional attack,
or unintentional flaw or error?
• Difficult to protect against insider attacks
• Radio communications commonly used in SCADA systems are often
insecure or improperly configured
• SCADA devices and software should be secured to the extent
possible using physical and logical controls
• Security controls often not implemented or used properly
• Generally SCADA systems lack adequate logging mechanisms for
forensic purposes
• Also recommended
• 1) Anti-virus 2 )Firewall protection 3) Appropriate use of encryption
• 4) Upgrade-able SCADA systems (from a security perspective)
• 5 )Proper staff training 6) Security auditing and control.

Awareness and Training (AT)
• No security training had been provided to staff
• Awareness and Training (AT)
– AT-1 - Security Awareness and Training Policy and Procedures
– AT-2 - Security Awareness
– AT-3 - Security Training
– AT-4 - Security Training Records
– AT-5 Contacts with Security Groups and Associations
• People are one of the weakest links in cyber security
• Robust awareness and training program is paramount to ensuring
that people understand cyber security responsibilities,
organizational policies, and how to properly use and protect the
resources entrusted to them
• All individuals should receive specialized training focused on their
responsibilities and the application rules

Thank You

SCADA

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SCADA

Uploaded by

Copyright:

Available Formats

SCADA

ISPE - HPCL-CPM-PCP V PEP Batch

Mr. Arpit Jain

January 2017 Prof. Arpit Jain

• Telemetry & SCADA Systems

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

Automation is the use of control systems such as computers to

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

Basic Architecture of SCADA System

WHAT SCADA USES?

WHAT SCADA DOES?

WHAT SCADA OFFERS?

January 2017 Prof. Arpit Jain

Geographic span Large – cross country Small – single pump station

Graphic User Interface (GUI) Full featured Basic

Alarming Subsystem Full featured Basic

January 2017 Prof. Arpit Jain

• Pipeline model / simulation – understand behavior of pipeline

• Mainframe systems • virtually no connectivity to other systems

January 2017 Prof. Arpit Jain

• Developments in Local Area

• Multiple stations, were

• Real-time information sharing

January 2017 Prof. Arpit Jain

• Open system Architecture

• Utilization of open standards

• Advanced networking and

• Distribution of SCADA functionality

• Recent development includes cloud

January 2017 Prof. Arpit Jain

• Dynamic process graphics • Access Control

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

• Field level instrumentation and

January 2017 Prof. Arpit Jain

• A programmable logic controller (PLC) or programmable controller is a

A typical rack mounted PLC

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

• Analog I/O module

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

• Auto notification shall be • Return of permit and unused

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

January 2017 Prof. Arpit Jain

The flowchart represents the idealized path