SCADA

It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery.

The operator interfaces which enable monitoring and the issuing of process commands, such as controller setpoint changes, are handled through the SCADA computer system.

The SCADA concept was developed to be a universal means of remote-access to a variety of local control modules, which could be from different manufacturers and allowing access through standard automation protocols.

The key attribute of a SCADA system is its ability to perform a supervisory operation over a variety of other proprietary devices.

Data may also be fed to a historian, often built on a commodity database management system, to allow trending and other analytical auditing.

"Smart" RTUs, or standard PLCs, are capable of autonomously executing simple logic processes without involving the supervisory computer.

Unlike a procedural language like C or FORTRAN, IEC 61131-3 has minimal training requirements by virtue of resembling historic physical control arrays.

This allows SCADA system engineers to perform both the design and implementation of a program to be executed on an RTU or PLC.

Since about 1998, virtually all major PLC manufacturers have offered integrated HMI/SCADA systems, many of them using open and non-proprietary communications protocols.

Numerous specialized third-party HMI/SCADA packages, offering built-in compatibility with most major PLCs, have also entered the market, allowing mechanical engineers, electrical engineers and technicians to configure HMIs themselves, without the need for a custom-made program written by a software programmer.

[4] RTUs and other automatic controller devices were developed before the advent of industry wide standards for interoperability.

An example of efforts by vendor groups to standardize automation protocols is the OPC-UA (formerly "OLE for process control" now Open Platform Communications Unified Architecture).

Similar to a distributed architecture, any complex SCADA can be reduced to the simplest components and connected through communication protocols.

[16][13] This simplifies the client side installation and enables users to access the system from various platforms with web browsers such as servers, personal computers, laptops, tablets and mobile phones.

For example, United States Computer Emergency Readiness Team (US-CERT) released a vulnerability advisory[20] warning that unauthenticated users could download sensitive configuration information including password hashes from an Inductive Automation Ignition system utilizing a standard attack type leveraging access to the Tomcat Embedded Web server.

Security researcher Jerry Brown submitted a similar advisory regarding a buffer overflow vulnerability[21] in a Wonderware InBatchClient ActiveX control.

In many cases SCADA users have assumed that having a VPN offered sufficient protection, unaware that security can be trivially bypassed with physical access to SCADA-related network jacks and switches.

Such an attack has already occurred, carried out on Maroochy Shire Council's sewage control system in Queensland, Australia.

More critically, sewage flooded a nearby park and contaminated an open surface-water drainage ditch and flowed 500 meters to a tidal canal.

Additionally, the necessity to reboot, repair, or replace large numbers of geographically widely dispersed systems will considerably impede the Nation’s recovery from such an assault.

The International Society of Automation (ISA) started formalizing SCADA security requirements in 2007 with a working group, WG4.

[31] In electric and gas utility SCADA systems, the vulnerability of the large installed base of wired and wireless serial communications links is addressed in some cases by applying bump-in-the-wire devices that employ authentication and Advanced Encryption Standard encryption rather than replacing all existing nodes.

The malware is called Stuxnet and uses four zero-day attacks to install a rootkit which in turn logs into the SCADA's database and steals design and control files.

[35] In October 2013 National Geographic released a docudrama titled American Blackout which dealt with an imagined large-scale cyber attack on SCADA and the United States' electrical grid.

Functional levels of a manufacturing control operation
Typical SCADA mimic shown as an animation. For process plants, these are based upon the piping and instrumentation diagram .
More complex SCADA animation showing control of four batch cookers
The United States Army 's Training Manual 5-601 covers "SCADA Systems for C4ISR Facilities"
Example of SCADA used in office environment to remotely monitor a process