4.3 Supervisory control center
5.4 SCADA network communications and protocols
6.2 Industrial control systems (ICS)
6.5 Process control vs process automation
8.1 Centralized protection and control systems (CPS)
9. SCADA standards and guidelines
SCADA systems automate the extraction, monitoring, processing, distribution, recording, and display of data gathered from remote field devices like sensors, factory machines, motors, pumps, valves, and other end devices in asset-heavy environments like industrial enterprises, manufacturing facilities, nuclear power plants, and oil refineries.
SCADA system development involves the programming of routines and applications to automate responses to events based on metrics gathered and processed through a supervisory control center, comprising a communication network, user interfaces, device controllers, client and server computers, and storage facilities.
SCADA systems are not full-control systems and perform limited supervisory control functions. They monitor and gather metrics like pressure, temperature, flow rate, pH, cycle time, and volume. Metrics are used to measure the performance and efficiency of industrial processes, quality of data and products, and compliance with manufacturing standards and regulations. Automated SCADA command controls respond to input data to regulate and control the state and behavior of field devices, like adjusting temperature at a data center.
SCADA systems are used by machine operators and IT administrators at central hubs to view through human-machine interfaces (HMIs) information about the behavior and state of remote equipment, for example a leaking pipeline, and manually control devices remotely.
Some of the key providers of SCADA systems are Schneider Electric, Siemens, Rockwell Automation, Mitsubishi Electric, and Emerson Electric.
The main reason SCADA systems are used is to automate specific processes that are either too complex or dangerous for people, or are repetitive. SCADA systems allow organizations to analyze a measured condition and program an optimal response that can consistently and automatically be executed every time.
Before SCADA was introduced, industrial manufacturers relied on people manually controlling and monitoring equipment on site. Initially, organizations utilized relays and timers for some measure of supervisory control of remote equipment but as businesses scaled out, configuring and maintaining relays and timers became too complicated and costly.
SCADA systems allow technicians, machine operators, and automated processes to get data from remote hardware components in real time, analyze and manipulate the acquired data, and perform limited control tasks like closing a valve in a remote irrigation system or turning off a pump at an oil production facility in the event of a leak.
SCADA systems reduce human error and labor costs. They help operators to make informed decisions in complex industrial processes and react quickly to maintain system uptime and increase productivity. Furthermore, they help business to increase efficiency, reduce waste, extend equipment life, and ensure regulatory compliance.
SCADA mitigates the risk of system failure of critical national infrastructures like oil pipelines, chemical plants, water systems, nuclear plants, and transportation networks. This could otherwise have a major impact on large sections of the community, including loss of life, economic losses, and disruptions to basics services.
SCADA systems can be configured for any industrial application from a small system that provides refrigeration services for a supermarket chain to a complex installation that monitors a national electricity grid. Industrial enterprises are defined as businesses other than commercial or service enterprises but SCADA systems are typically used in any heavy-asset system where large amounts of processing are required, regular intervention is necessary, or immediate remote remediation may be required in mission-control systems.
SCADA is commonly used in the food and beverage, building and facilities management, manufacturing automation, oil and gas, chemical, transportation, agriculture, waste control, aerospace, defense, lumber production, construction, cement and metal fabrication, and water purification industries.
Examples of SCADA applications are: providing power across an extended geographical area in mission-critical systems, controlling the behavior of automated equipment in factories, remote monitoring of offshore assets in the oil and gas industry, monitoring environmental impacts in the mining industry, regulating power supplies for public transport like subways, controlling lighting and temperature in the retail sector, and regulating water levels in dams.
SCADA systems are used in sectors where regulatory compliance is mandatory and there is no room for human error, for instance in the health and pharmaceutical industries. They are used in environments where automation is beneficial to the business, for example where products are manufactured in an assembly line or on space stations.
There are five levels or hierarchies in traditional SCADA architecture. SCADA levels are based on Purdue Enterprise Reference Architecture, a reference model for enterprise architecture. These levels illustrate how the components of a typical SCADA system are related to each other.
Level 0, at the bottom of the technology stack, comprises the low-level remote field devices like sensors from which data is acquired.
Level 1 concerns inputs and outputs and consists of field device controllers like programmable logic controllers (PLCs), intelligent electronic (or end) devices (IEDs), and remote terminal (or telemetry) units (RTUs) that connect via interfaces with remote field devices.
Level 2 includes supervisory computers that manage inputs and outputs from and to field device controllers, update one or more databases, connect via interfaces with external systems, and provide data for visualization on HMIs at a centralized control hub.
Level 3 is concerned with communications and production control and is the level at which data from level 2 is transmitted to the SCADA control hub.
Level 4, the SCADA control hub, is the production scheduling level or business network level and includes HMIs which are used by human operators like technicians and data analysts. At level 4, managers and administrators may adjust production throughput and monitor inventory and logistics.
A setpoint is the target value for a variable, for example a temperature that a piece of equipment must not exceed. SCADA points are monitored inputs and outputs. An example of a hard point is a temperature. An example of a soft point is the result of a calculation or event(s). SCADA point logs help operators to troubleshoot system problems like identifying the state of different points at the time a machine failed.
Supervisory control center
The main functions of the supervisory control center, also called a SCADA host platform, are to poll field devices like sensors via field device controllers like RTUs and PLCs for data, send setpoints to field devices like actuators, and monitor alerts. Field devices are located at numerous substations. A typical SCADA system comprises several substations that are linked to several higher-level control and monitoring points, like PLCs. The supervisory control server communicates between field device controllers and the HMI software which is located at a central control hub.
Central control hub
The central control hub is manned by people who monitor a SCADA system through HMIs.
SCADA and PLC programming
SCADA programming takes place at different levels and involves the coding of different functions, for example converting data collected from RTUs to signals, creating responses for trigger events, storing data, creating reports, and designing graphical illustrations of the system for display on HMI screens.
Because SCADA systems are customized for disparate solutions in different sectors, the programming languages used in SCADA systems depend on the hardware being programmed or application requirements. For example, SQL may be used for managing a SCADA database and a visualization language like Visual C# may be used to code HMI features. Most modern SCADA systems use standard programming interfaces and APIs.
RTU and PLC programming is based on the IEC 61131-3 standard and supported by PLCopen. IEC 61131-3 is a standard set by the International Electrotechnical Commission (IEC) to specify the semantics and syntax of control programming languages. Common control programming languages include ladder logic, sequential function charts, function block diagram, structured text, and instruction lists.
PLCopen is an organization that provides support, code libraries, and coding guidelines for PLC programmers.
Field devices in SCADA systems, also called field instrumentation hardware, include sensors, samplers, actuators, relays, control units, transmitters, and tranducers. Sensors are the field devices that detect or measure physical properties like whether a machine is on or off, or the level of fuel in a tank. Actuators are field devices that control a component, for example switching off a valve. They are managed through RTUs, IEDs, and PLCs.
RTUs, IEDs, and PLCs
RTUs, IEDs, and PLCs are physical, microprocessor-based field device controllers. Field device controllers in SCADA systems monitor and collect data in real time from field devices, transmit information from the devices’ location to a supervisory controller called an MTU, and compile it for optimal presentation to system operators at a centralized control hub manned by human operators. They are usually panel mounted and connect via interfaces with field devices through I/O modules as well as with the central control hub using serial or network communications.
An RTU is a microprocessor-based electronic device. It consists of I/O hardware and a communication interface and supports a wireless connection. RTUs are responsible for transmitting data collected from field devices to the control hub and issuing commands from the control center to field devices.
A PLC is a physically robust microcontroller that can withstand harsh physical conditions as may be found in an industrial environment. A microcontroller is an integrated circuit (IC) used to control specific functions of an electronic device. A microprocessor has a central processing unit (CPU), whereas a microcontroller has a CPU, memory, and I/O capabilities on one chip. A PLC provides the information that a SCADA system requires to automate processes or respond to alerts according to coded instructions in SCADA system programs and functions. PLCs replace the relays and timers of early SCADA systems. Unlike relays, PLCs are able to monitor as well as control circuits and can be programmed. Traditional SCADA systems almost always have PLCs. There are some proprietary I/O modules that allow for simple monitoring and automations without a PLC. PLCs that can communicate through radio waves can be used as a substitute for RTUs.
In SCADA systems, an IED is a microprocessor-based device used to transmit and receive data from field devices. They are sometimes described as an upgrade to a traditional RTU, the main differences being that an IED is integrated with the device it monitors and controls and has built-in metering, data transmission, and computational capabilities. Examples of IEDs are protective relaying devices, circuit breaker controllers, and voltage regulators. IEDs are sometimes compared to PLCs. The main difference between PLCs and IEDs is that PLCs are usually used for centralized (local) automation tasks whereas IEDs are usually used for substation (remote) automation tasks.
The functionalities of RTUs, IEDs, and PLCs overlap and it can be confusing to differentiate between them but they have distinct uses. RTUs are considered more suitable than PLCs for remote geographical telemetry as they support wireless communication, whereas PLCs are more suitable for local control tasks, for example in factories and warehouses. In some cases, an IED may communicate directly with the controller or the system may be set up so that an RTU polls the IED for the data and passes it to the controller.
An MTU is also called a control server, master controller, or supervisory controller. The MTU hosts the software that provides instructions about what must be done with data gathered from RTUs and PLCs.
SCADA network communications and protocols
SCADA systems rely on a complex communication network between system elements and the central SCADA control hub. Communication options include hardwired options like Ethernet, telephone lines, and optic fiber lines, wireless options like wi-fi, radio, microwave, and cellular.
Some of the most popular protocols used in SCADA system are standard Modbus, Ethernet/IP, Profibus, Conitel, RP-570, IEC 60870-5 (on which T101 is based), and distributed network Protocol (DNP3).
Modbus RTU is the de facto standard protocol for serial communications between industrial electronic devices.
IEC 60870-5 is a suite of specifications developed by the International Electrotechnical Commission (IEC) to provide an open standard for the transmission of SCADA data and is used extensively in electrical-based applications.
T101, also called IEC 60870-5-101, is an international standard for communication and control mainly in power systems.
DNP3 is used widely by process automation applications, like water and energy industries.
People view, regulate, and report on data through HMIs which serve as central processing hubs and graphical user interfaces (GUIs) in SCADA systems.
The difference between an HMI and GUI is that while the main function of a GUI is to provide a user-friendly interface that allows people to navigate an application efficiently, the main function of an HMI is to allow an operator to perform control tasks using a variety of interfaces, not only visual ones. HMIs do not rely on eye-pleasing interfaces and may comprise a basic console with knobs, buttons, and levers to perform control tasks.
HMIs do not collect data but report on data collected by RTUs, PLCs, and IEDs. While SCADA systems can theoretically operate without an HMI, in most cases it would be pointless as operators wouldn’t be able to see the data or receive reports. HMIs are designed to automatically monitor processes and equipment, notify operators about routine maintenance requirements, send out alerts in the event of system or device failure, and trigger modifications to equipment where necessary, like switching a machine off.
HMIs provide an organization's management with trends, which are graphical illustrations of historical and real-time data.
In the field, operators access SCADA data for example via PCs, PDAs, mobile phones, or OTIs.
Data in a SCADA system may be stored in an on-premise or cloud database. Databases in SCADA are sometimes called data historians. A data historian is optimized to efficiently gather, store, and process time-series data which is used to display trends in SCADA systems.
SCADA systems are designed to oversee and monitor specific processes and behavior at a supervisory level. The main role of a supervisory system is to link human operators to digital data acquired from field devices. SCADA systems are event driven and are not designed to take the initiative in performing advanced process control functions. They respond to real-time events like an alert that a piece of equipment is overheating by remotely switching it off, either automatically or manually.
A supervisory system may consist of a single computer in small SCADA systems or of numerous computers running distributed software applications and linked to multiple disaster recovery sites in a large SCADA network.
Supervisory control in SCADA systems is implemented through a supervisory controller that links input and output elements and integrates with HMIs that are located in central hubs and operated by people. While the supervisory control center does most of the acquisition, processing, and transmission of data, this information is always directed to the central control hub for analysis, reporting, and performance monitoring by people.
Industrial control systems (ICS)
SCADA systems fall under the umbrella term ICS. Some examples of ICSs are programmable automation controllers (PAC), HMIs, PLCs, distributed control systems (DCS), IEDs, and RTUs.
ICSs are categorized by their functionality, application, and complexity. For example, RTUs connect different kinds of hardware to other control systems, like SCADA systems or DCSs, while HMIs control human-to-machine (H2M) communications. PLCs are designed to monitor and control field devices like sensors and actuators.
The main function of a SCADA ICS is to facilitate communication between disparate remote hardware devices and human operators based on acquired data.
Telemetry involves the measurement and transmission of data and the state of remote devices to a central location where it can be analyzed. SCADA systems use telemetry to acquire, analyze, store, and report on the state of and measured data from field devices.
The term telemetry is sometimes used interchangeably with the term telematics but telemetry is a subset of telematics.
In SCADA systems, data acquisition refers to the process of collecting data from remote sensors (inputs) and transmitting it via field controllers to a central control hub. Types of sensors include motion, temperature, pressure, and vibration sensors. The collected data is processed and analyzed and may be used to control actuators (outputs) remotely. Examples of actuators are servo motors, stepper motors, pneumatic cylinders, LEDs, fuel injectors, and solenoids. Data acquisition systems are also used to predict future events, for example by monitoring weather patterns to predict potential natural disasters like floods.
Process control vs process automation
A SCADA system is a type of process control system (PCS) – sometimes referred to as an ICS – and a type of process automation system (PAS). Process automation and process control are interconnected.
The term process automation refers to the use of various technologies to automate specific processes that may include numerous repetitive, complex, or dangerous tasks at a high level. Examples of process automation are the automated monitoring of and reporting about system performance or the automated bottling and boxing of beverages in a factory.
The term process control may have two different meanings depending on the scenario. In the first scenario, the term may be used to refer to the control and monitoring of simple events or devices like the level of liquid in a bottle. In this sense, a PCS may refer to a physical device like a fill level sensor. In the second scenario, the term may refer to the monitoring and control at a high level of a complex automated system. In this scenario, a PCS may refer to the software and interfaces that enables operators to monitor numerous automated processes and respond to alerts and notifications, for example that the bottling machine has overheated. In this sense, process control ties all elements of an automated process or processes together.
Alarming is a key feature of SCADA systems. Alarms are notifications that inform operators about an event and can range from routine maintenance reminders to emergency alerts. Some common emergency SCADA alarm triggers are equipment failure, system downtime, and deviations in desired device metrics. SCADA alarms may provide notifications about underperformance and non-compliance.
An alarm may trigger an automated response, for example notifying an operator of a loss of power at a station and simultaneously activating a UPS and backup power supply automatically.
Sometimes SCADA is compared to the Industrial Internet of Things (IIoT) and some commentators predict that IIoT applications will replace traditional SCADA systems.
Traditional SCADA systems and IoT applications in industrial environments perform the same functions like monitoring machines, collecting data, responding to alerts, and controlling field devices. However, there are a number of differences between them.
Traditional SCADA systems are designed for the day-to-day management of data at industrial facilities. They lack the powerful analytic capabilities that IIoT systems excel at.
SCADA models are not designed to be fully compatible with multiple enterprise applications as are IIoT systems.
In most traditional SCADA systems, data is gathered using Open Platform Communications (OPC) as a communication standard for the transmission of data from field devices to the control center. IIoT systems use web-based services and APIs that allow for the connection of disparate edge devices using protocols like Message Queuing Telemetry Transport (MQTT), HTTPS, and REST. IIoT systems use smart gateways to push data to a central hub.
The prevalence of proprietary devices in traditional SCADA systems reduces interoperability, a feature of industrial automation that the IIoT has been specifically designed to address. IIoT systems provide on-demand scalability using serverless architectures. Traditional SCADA systems use wired connections and are based on-premise whereas IIoT systems use wireless connections and are cloud based. Traditional SCADA systems are centralized whereas IIoT systems are decentralized.
Some organizations implement hybrid systems so that they can retain control of specific data and processes. On-premise devices can be monitored through operator interface terminals (OITs); dedicated terminals that display information about data and processes on local devices and allow an operator to control local equipment on site.
Increasingly, IIoT applications are considered alternatives, not replacements, for traditional SCADA systems and may be implemented on top of SCADA, reducing the downsides of vendor lock-in like lack of standardization and interoperability. The IIoT may allow organizations to retain legacy infrastructure, and enhance existing equipment capabilities. One of the main benefits of integrating IIoT and SCADA systems is that relatively simple SCADA measurements and device states can be analyzed by cloud computing and machine learning applications, providing in-depth information about the efficiency of a SCADA system.
Cloud-based SCADA systems are more cost-effective, as applications run in a virtual environment obviate the need to keep certain hardware like PCs that run individual software instances patched and updated.
Hybrid SCADA systems and IIoT platforms are capable of integrating data from different types of devices and making them accessible from anywhere.
Centralized protection and control systems (CPS)
The predecessors of modern SCADA systems were CPSs. They were developed in the early 1900s and allowed remote, although hardwired through telephone lines, sensing of the power status at power substations.
The term SCADA was first used by the Bonneville Power Administration (BPA) in the 1960s. The BPA is a federal agency created in 1937 to market electric power and develop power facilities in the Pacific North West. The 1960s saw the introduction of telemetry for monitoring remote hardware components. The term SCADA was officially defined in 1987 in ISA RP60.6, a document that identified methods and terminology for components in control centers. The term SCADA became common parlance in the 1970s in tandem with the increased use of microprocessors and PLCs.
The popularity of modern SCADA systems rose out of a need by industrial enterprises, utilities, and manufacturing businesses to be able to remotely control machines over long distances and automate processes.
The first definition of a SCADA system described it as having three main components: a master station, a communication transport system, and a remote station. While the technologies that make up these components have changed over the years, the functionalities remain the same.
There are four generations of SCADA systems.
The first generation (1960s) of SCADA systems had a monolithic system architecture. A monolithic computer system has a single-tier architecture where functional components like communication, data processing, the user interface, and error handling are all managed by one application on one platform. SCADA systems during this period ran on standalone mainframe computers, using networks only to connect with field RTUs. Most of the equipment used was proprietary. The functionality of monolithic SCADA systems was limited to monitoring sensors, responding to alarms, and controlling setpoints (desired metrics).
The second generation (1970s) of SCADA systems had a distributed system architecture. In this model, SCADA functions were distributed across multiple stations which were connected through a local area network (LAN). Each station was dedicated to a particular task, for example providing I/O capabilities or managing the operator interface, and sharing information with the other stations in real time. Multiple stations provided more processing power, improved redundancy, and made the system more reliable.
Neither first nor second-generation SCADA systems used standard network protocols. Referred to as sealed systems because they were not connected to the internet, security was less risky. The main difference between first and second-generation SCADA systems is that first-generation systems had no connectivity to other systems.
Networked SCADA system architecture, the third generation (1980s) of SCADA systems, connected system devices over a process control network (PCN). A PCN is made up of multiple LANS and provides a wide area network (WAN) infrastructure for the management and control of components on a network.
The main difference between second and third-generation SCADA systems is that third-generation systems make use of open system rather than proprietary components.
Fourth-generation (2000s) SCADA systems harness cloud computing and IoT technologies, for example using a web browser instead of a traditional HMI. Cloud environments enable the use of complex control algorithms across geographically-dispersed systems anywhere in the world. Fourth-generation SCADA systems require less capital outlay for equipment but are subject to subscriptions. Cloud-based SCADA systems allow virtually unlimited scaling, monitoring and remediation service from professionals, and faster response times.
SCADA migration to short-range wireless communications
To extend their traditional SCADA LANs, some companies elect to replace their fiber or copper cable infrastructure with wireless communications which are more cost efficient. Depending on the range requirements, there are numerous options including Bluetooth, ZigBee, Wi-Fi, cellular, manufacturer-specific industrial, scientific and medical (ISM) radio bands, and VHF/UHF (very high frequency/ultra-high frequency). VHF/UHF is used for long-range communication up to 40 miles. In contrast, Bluetooth and Zigbee have a range of about 300 feet. Cellular, with a range of up to five miles, is arguably the most commonly used wireless technology for industrial applications.
App-based SCADA systems
The newest trend for SCADA systems development are small app-based SCADA solutions that are easier to develop and use, more efficient to run, and are budget-friendly, particularly for SMBs for whom the cost of PLCs can be prohibitive. App-based SCADA solutions are made possible by new app server technology that uses 900 MHz wireless telemetry and allows for the programming and hosting of third-party applications in the cloud. 900 MHz is an unlicensed band with a low level of congestion, used by wireless and hybrid SCADA systems. Developers building app-based SCADA systems can use any programming language – like Python, Java, or Node-RED – that is compatible with a Linux kernel.
There is no single SCADA standard. Organizations adopt frameworks, guidelines, protocols, specifications, and standards that are relevant to their industry. These standards may or may not be mandatory for compliance with regulations in different geographic areas or countries. According to the ISA112 standards committee, ”Different Industries use the term ’SCADA’ to mean many different things that are specific to that individual industry. Each of these industries is correct in how it uses the term SCADA within its own context.”
Modern IT standards and protocols have improved the security, efficiency, and reliability of SCADA systems monitoring critical infrastructure. There are commonly used guidelines and specifications for all elements of a SCADA system, from the suggested terminology used to describe a SCADA system to templates for the design of control rooms and HMIs, requirements for serial and network protocols, specifications for hardware and software, suggestions for alarm management, reference architectures for control levels, recommended practices for electronic and physical security at substations, and guidelines for regulatory compliance.
There are numerous bodies that contribute to SCADA-related standards and guidelines, like the American National Standards Institute/Institute of Electrical and Electronic Engineers (ANSI/IEEE), the Electronic Industries Alliance/Telecommunications Industry Association (EIA/TIA), the National Institute of Standards and Technology (NIST), and the International Electrotechnical Commission (IEC).
Notable in the industrial automation industry is the ISA112, a standards committee developed by the International Society of Automation (ISA). Influencing the power industry are the North American Electric Reliability Council (NERC), the Department of Energy (DOE), and Nuclear Regulatory Commission (NRC). Regulatory bodies in the water sector include the Environmental Protection Agency (EPA), the Water Sector Coordinating Council (WSCC), the Water Sector Government Coordinating Council (GCC), and the Critical Infrastructure Protection Advisory Council (CIPAC). The Federal Energy Regulatory Commission (FERC) is the primary regulatory body in the electric power, natural gas, and oil pipelines industries.
SCADA systems were not originally designed with security in mind.
Some of the most common security vulnerabilities in SCADA systems identified by the NIST are weak or non-existent authentication of field devices, unencrypted communications with SCADA MTUs, lack of process control-specific security policies, unsecure network connections, widespread availability to cyber criminals of information about control systems, lack of maintenance and monitoring of equipment, and adoption of technologies with known vulnerabilities.
The security of modern SCADA systems is addressed by several standards, guidelines, and best practice documents. These documents were developed by organizations like the IEEE, Underwriters Laboratory (UL), the DOE, the NERC, the Centre for the Protection of National Infrastructure (CPNI), and the NIST.
Many organizations use the ISO/IEC 27002 and ISO/IEC 17799 standards as a basis for SCADA security management.
- Access to real-time data allows businesses and people to make fast, data-driven decisions
- Can improve product and service quality by producing consistent output and automating quality control checks
- Improves safety standards by replacing people with machines in dangerous work environments
- Provides numerous metrics to facilitate faster industrial transformation
- Automates processes where tasks are complex, repetitive, or prone to human error like traffic systems
- Allows for the implementation of monitoring processes to protect the environment and optimize energy usage
- Allows for the storage of large amounts of data, on-premises or in the cloud, and the easy addition of additional resources for high scalability
- Unit redundancy hardens processes in the event of system errors or failures
- Modern IT standards and protocols have improved the security, efficiency, and reliability of cloud-based SCADA systems
- Proprietary components in PLC-based systems may be costly and complex to implement and integrate with modern SCADA systems
- Using web browsers to control remote sites increases cybersecurity risks
- May require extensive employee training
- SCADA systems may increase unemployment rates for specific job roles
ICSs like SCADA systems, PLCS, and RTUs are operational technologies (OTs). OTs are hardware and software elements of a computer system whose function it is to detect or cause changes in events and physical devices. The term is used to distinguish automation equipment and processes in industrial systems from traditional IT software and hardware like servers, routers, programs, and data.
One of the challenges of monitoring modern industrial systems is the convergence of IT and OT. Paessler PRTG Network Monitor allows organizations to gain a unified view of both IT and OT aspects of industrial systems. To pull OT metrics from remote devices and merge them with an existing monitoring solution, PRTG supports Node-RED, OPC UA, smart edge gateways, MQTT, and Modbus. Here are some examples of how PRTG can help organizations pull OT data into their current IT monitoring solution.