Vijesh Report

7/31/2019 Vijesh Report

1/41


2/41

Company Training certificate

This training report is a genuine works by Mr. Rakesh Suman, B-Tech 3nd yr,

Electronics & Communication Engineering. The report was made under my

supervision, and I express my delight on it successful completion. I am also very happy

to have offered him guidance whenever it was required.

I wish him success in all his future endeavors.

(Mr. KL Swami)

Branch Manager

Sofcon India Pvt. Ltd.

Jaipur


3/41


4/41

CONTENTS

I. Introduction

II. Features of PLCs

III. PLC compared with other control systemsIV. Digital and analog signals

a. Example

V. Programming

VI. Ladder Logic

a. Example of a Simple Ladder Logic Program

b. Generally Used Instructions & Symbol For PLC

Programming

c. P rogram for Start/Stop of MotorVII. Meaning Of SCADA

VIII. Architecture

IX. Common System Component

a. Supervision VS Control

b. System Concept

c. Human Machine Interface

d. Hardware Control

X. Remote Terminal Unit

a. Supervisory Stationb. Operational Philosophy

c. Communication Infrastructure and Methods

XI. Trends In SCADA

XII. Security Issues

XIII. Application Development

a. Configuration

b. Development Tools

XIV. Evolution

XV. Engineering

XVI. Potential Benefits Of SCADA

XVII. Conclusio
http://en.wikipedia.org/wiki/Programmable_logic_controller#PLC_compared_with_other_control_systems%23PLC_compared_with_other_control_systemshttp://en.wikipedia.org/wiki/Programmable_logic_controller#Digital_and_analog_signals%23Digital_and_analog_signalshttp://en.wikipedia.org/wiki/Programmable_logic_controller#Example%23Examplehttp://en.wikipedia.org/wiki/Programmable_logic_controller#Programming%23Programminghttp://en.wikipedia.org/wiki/Programmable_logic_controller#Communications%23Communicationshttp://en.wikipedia.org/wiki/Programmable_logic_controller#Digital_and_analog_signals%23Digital_and_analog_signalshttp://en.wikipedia.org/wiki/Programmable_logic_controller#Example%23Examplehttp://en.wikipedia.org/wiki/Programmable_logic_controller#Programming%23Programminghttp://en.wikipedia.org/wiki/Programmable_logic_controller#Communications%23Communicationshttp://en.wikipedia.org/wiki/Programmable_logic_controller#PLC_compared_with_other_control_systems%23PLC_compared_with_other_control_systems


5/41

CHAPTER 1 Introduction

A Programmable Logic Controller, PLC, or Programmable Controller is a digital

computer used forautomation of industrial processes, such as control of machinery on

factory assembly lines. Unlike general-purpose computers, the PLC is designed for

multiple inputs and output arrangements, extended temperature ranges, immunity to

electrical noise, and resistance to vibration and impact. Programs to control machine

operation are typically stored in battery-backed ornon-volatile memory. A PLC is an

example of a real time system since output results must be produced in response to

input conditions within a bounded time, otherwise unintended operation will result.

PLC and Programmable Logic Controller are registered trademarks of the Allen-

BradleyCompany.

SCADA is Widely used in industry for Supervisory Control and Data Acquisition of

industrial processes, SCADA systems are now also penetrating the experimental

physics laboratories for the controls of ancillary systems such as cooling, ventilation,

power distribution, etc. More recently they were also applied for the controls of smaller

size particle detectors such as the L3 moon detector and the NA48 experiment, to namejust two examples at CERN.SCADA systems have made substantial progress over the

recent years in terms of functionality, scalability, performance and openness such that

they are an alternative to in house development even for very demanding and complex

control systems as those of physics experiments.

FIG. 1: Supervisory Control and Data Acquisition
http://en.wikipedia.org/wiki/Automationhttp://en.wikipedia.org/wiki/Non-volatile_storagehttp://en.wikipedia.org/wiki/Non-volatile_storagehttp://en.wikipedia.org/wiki/Real_timehttp://en.wikipedia.org/wiki/Allen-Bradleyhttp://en.wikipedia.org/wiki/Allen-Bradleyhttp://en.wikipedia.org/wiki/Allen-Bradleyhttp://en.wikipedia.org/wiki/Automationhttp://en.wikipedia.org/wiki/Non-volatile_storagehttp://en.wikipedia.org/wiki/Real_timehttp://en.wikipedia.org/wiki/Allen-Bradleyhttp://en.wikipedia.org/wiki/Allen-Bradley


6/41

CHAPTER 2 Features of PLCs

Photograph showing several input and output modules of a single Allen-Bradley PLC .

FIG. 2: I/O Of Allen Bradley PLC

With each module having sixteen "points" of either input or output, this PLC has the

ability to monitor and control dozens of devices. Fit into a control cabinet, a PLC takes

up little room, especially considering the equivalent space that would be needed by

electromechanical relays to perform the same functions:

The main difference from other computers is that PLC is armored for

severe condition (dust, moisture, heat, cold, etc) and has the facility

for extensive input/output (I/O) arrangements. These connect the PLC

to sensors and actuators. PLCs read limit switches, analog process

variables (such as temperature and pressure), and the positions of

complex positioning systems. Some even use machine vision. On the actuator

side, PLCs operate electric motors, pneumatic orhydraulic cylinders, magnetic relays

or solenoids, or analog outputs. The input/output arrangements may be built into a
http://en.wikipedia.org/wiki/Input/outputhttp://en.wikipedia.org/wiki/Sensorhttp://en.wikipedia.org/wiki/Actuatorhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Machine_visionhttp://en.wikipedia.org/wiki/Electric_motorhttp://en.wikipedia.org/wiki/Pneumatichttp://en.wikipedia.org/wiki/Hydraulichttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Solenoidhttp://en.wikipedia.org/wiki/Input/outputhttp://en.wikipedia.org/wiki/Sensorhttp://en.wikipedia.org/wiki/Actuatorhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Machine_visionhttp://en.wikipedia.org/wiki/Electric_motorhttp://en.wikipedia.org/wiki/Pneumatichttp://en.wikipedia.org/wiki/Hydraulichttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Solenoid


7/41

simple PLC, or the PLC may have external I/O modules attached to a computer network

that plugs into the PLC.

Many of the earliest PLCs expressed all decision making logic in simple ladder logic

which appeared similar to electrical schematic diagrams. The electricians were quite

able to trace out circuit problems with schematic diagrams using ladder logic. This

program notation was chosen to reduce training demands for the existing technicians.

Other early PLCs used a form of instruction list programming, based on a stack-based

logic solver. The functionality of the PLC has evolved over the years to include

sequential relay control, motion control, process control, distributed control systems

and networking. The data handling, storage, processing power and communication

capabilities of some modern PLCs are approximately equivalent to desktop computers.

2.1 Wiring In a PLC

Block diagram of a PLC

FIG. 3: Block Diagram Of PLC

2.3 Generation of Input Signal

Inside the PLC housing, connected between each input terminal and the Common

terminal, is an opto-isolator device (Light-Emitting Diode) that provides an electrically

isolated "high" Logic signal to the computer's circuitry (a photo-transistor interprets the
http://en.wikipedia.org/wiki/Ladder_logichttp://en.wikipedia.org/wiki/Instruction_listhttp://en.wikipedia.org/wiki/Process_controlhttp://en.wikipedia.org/wiki/Process_controlhttp://en.wikipedia.org/wiki/Process_controlhttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Desktop_computerhttp://en.wikipedia.org/wiki/Ladder_logichttp://en.wikipedia.org/wiki/Instruction_listhttp://en.wikipedia.org/wiki/Process_controlhttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Desktop_computer


8/41

LED's light) when there is 120 VAC power applied between the respective input

terminal and the Common terminal. An indicating LED on the front panel of the PLC

gives visual indication of an "energized" input.

FIG. 4: Diagram Showing Energized input terminal X1

2.4 Generation of Output Signal

Output signals are generated by the PLC's computer circuitry activating a switching

device (transistor, TRIAC, or even an electromechanical relay), connecting the

"Source" terminal to any of the "Y-" labeled output terminals. The "Source" terminal,

correspondingly, is usually connected to the L1 side of the 120 VAC power source. As

with each input, an indicating LED on the front panel of the PLC gives visual indication

of an "energized" output

In this way, the PLC is able to interface with real-world devices such as switches and

solenoids.

The actual logic of the control system is established inside the PLC by means of a

computer program. This program dictates which output gets energized under which

input conditions. Although the program itself appears to be a ladder logic diagram, with

switch and relay symbols, there are no actual switch contacts or relay coils operating

inside the PLC to create the logical relationships between input and output. These are


9/41

imaginary contacts and coils, if you will. The program is entered and viewed via a

personal computer connected to the PLC's programming port.

FIG. 5 :Diagram Showing Energized Output Y1


10/41

CHAPTER 3 PLC compared with

other control

systems

PLCs are well-adapted to a certain range of automation tasks. These are typically

industrial processes in manufacturing where the cost of developing and maintaining the

automation system is high relative to the total cost of the automation, and where

changes to the system would be expected during its operational life. PLCs contain input

and output devices compatible with industrial pilot devices and controls; little electrical

design is required, and the design problem centers on expressing the desired sequence

of operations in ladder logic (or function chart) notation. PLC applications are typically

highly customized systems so the cost of a packaged PLC is low compared to the cost

of a specific custom-built controller design. For high volume or very simple fixed

automation tasks, different techniques are used.

Amicrocontroller-based design would be appropriate where hundreds or thousands of

units will be produced and so the development cost (design of power supplies and

input/output hardware) can be spread over many sales, and where the end-user would

not need to alter the control. Automotive applications are an example; millions of units

are built each year, and very few end-users alter the programming of these controllers.

However, some specialty vehicles such as transit busses economically use PLCs instead

of custom-designed controls, because the volumes are low and the development cost

would be uneconomic

PLCs may include logic for single-variable feedback analog control loop, a

"proportional, integral, derivative" or "PID controller." A PID loop could be used to

control the temperature of a manufacturing process, for example. Historically PLCs

were usually configured with only a few analog control loops; where processes required

hundreds or thousands of loops, a distributed control system (DCS) would instead be

used. However, as PLCs have become more powerful, the boundary between DCS and

PLC applications has become less clear-cut.
http://en.wikipedia.org/wiki/Microcontrollerhttp://en.wikipedia.org/wiki/Microcontrollerhttp://en.wikipedia.org/wiki/PID_controllerhttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Microcontrollerhttp://en.wikipedia.org/wiki/PID_controllerhttp://en.wikipedia.org/wiki/Distributed_control_system


11/41

CHAPTER 4 Digital and analog

signals

Digital or discrete signals behave as binary switches, yielding simply an On or Off signal

(1 or 0, True or False, respectively). Pushbuttons, limit switches, andphotoelectric sensors

are examples of devices providing a discrete signal. Discrete signals are sent using either

voltage orcurrent, where a specific range is designated as On and another as Off. For

example, a PLC might use 24 V DC I/O, with values above 22 V DC representing On,

values below 2VDC representing Off, and intermediate values undefined. Initially, PLCshad only discrete I/O.

Analog signals are like volume controls, with a range of values between zero and full-scale.

These are typically interpreted as integer values (counts) by the PLC, with various ranges

of accuracy depending on the device and the number of bits available to store the data. As

PLCs typically use 16-bit signed binary processors, the integer values are limited between

-32,768 and +32,767. Pressure, temperature, flow, and weight are often represented by

analog signals. Analog signals can use voltage orcurrent with a magnitude proportional to

the value of the process signal. For example, an analog4-20 mA or 0 - 10 V input would be

converted into an integer value of 0 - 32767.

Current inputs are less sensitive to electrical noise (i.e. from welders or electric motorstarts) than voltage inputs.

4.1 Example

As an example, say the facility needs to store water in a tank. The water is drawn from the

tank by another system, as needed, and our example system must manage the water level in

the tank.

Using only digital signals, the PLC has two digital inputs from float switches (tank empty

and tank full). The PLC uses a digital output to open and close the inlet valve into the tank.

If both float switches are off (down) or only the 'tank empty' switch is on, the PLC will

open the valve to let more water in. Once the 'tank full' switch is on, the PLC will

automatically shut the inlet to stop the water from overflowing. If only the 'tank full' switch

is on, something is wrong because once the water reaches a float switch, the switch will

stay on because it is floating, thus, when both float switches are on, the tank is full. Two

float switches are used to prevent a 'flutter' (a ripple or a wave) condition where any water
http://en.wikipedia.org/wiki/Photoelectric_sensorhttp://en.wikipedia.org/wiki/Photoelectric_sensorhttp://en.wikipedia.org/wiki/Voltagehttp://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/Voltagehttp://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/4-20_mAhttp://en.wikipedia.org/wiki/4-20_mAhttp://en.wikipedia.org/wiki/A/D_converterhttp://en.wikipedia.org/wiki/Current_loophttp://en.wikipedia.org/wiki/Photoelectric_sensorhttp://en.wikipedia.org/wiki/Voltagehttp://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/Voltagehttp://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/4-20_mAhttp://en.wikipedia.org/wiki/A/D_converterhttp://en.wikipedia.org/wiki/Current_loop


12/41

usage activates the pump for a very short time and then deactivates for a short time, and so

on, causing the system to wear out faster.

An analog system might use a load cell (scale) that weighs the tank, and an adjustable

(throttling) valve. The PLC could use a PID feedback loop to control the valve opening.The load cell is connected to an analog input and the valve is connected to an analog

output. This system fills the tank faster when there is less water in the tank. If the water

level drops rapidly, the valve can be opened wide. If water is only dripping out of the tank,

the valve adjusts to slowly drip water back into the tank.

A real system might combine both approaches, using float switches and simple valves to

prevent spills, and a rate sensor and rate valve to optimize refill rates. Backup and

maintenance methods can make a real system very complicated.
http://en.wikipedia.org/wiki/Load_cellhttp://en.wikipedia.org/wiki/Load_cell


13/41

CHAPTER 5 Programming

Early PLCs, up to the mid-1980s, were programmed using proprietary programming panels

or special-purpose programming terminals, which often had dedicated function keys

representing the various logical elements of PLC programs. Programs were stored on

cassette tape cartridges. Facilities for printing and documentation were very minimal due to

lack of memory capacity. More recently, PLC programs are typically written in a special

application on a personal computer, then downloaded by a direct-connection cable or over

a network to the PLC. The very oldest PLCs used non-volatile magnetic core memory but

now the program is stored in the PLC either in battery-backed-up RAM or some other non-

volatile flash memory.

Early PLCs were designed to be used by electricians who would learn PLC programming

on the job. These PLCs were programmed in "ladder logic", which strongly resembles a

schematic diagram of relay logic. Modern PLCs can be programmed in a variety of ways,

from ladder logic to more traditional programming languages such as BASIC and C.

Another method is State Logic, a Very High Level Programming Language designed to

program PLCs based onState Transition Diagrams.
http://en.wikipedia.org/wiki/Computer_terminalhttp://en.wikipedia.org/wiki/Magnetic_core_memoryhttp://en.wikipedia.org/wiki/RAMhttp://en.wikipedia.org/wiki/Flash_memoryhttp://en.wikipedia.org/wiki/Flash_memoryhttp://en.wikipedia.org/wiki/Ladder_logichttp://en.wikipedia.org/wiki/State_Logichttp://en.wikipedia.org/wiki/State_Logichttp://en.wikipedia.org/wiki/Very_High_Level_Programming_Languagehttp://en.wikipedia.org/wiki/Very_High_Level_Programming_Languagehttp://en.wikipedia.org/wiki/State_diagramhttp://en.wikipedia.org/wiki/State_diagramhttp://en.wikipedia.org/wiki/Computer_terminalhttp://en.wikipedia.org/wiki/Magnetic_core_memoryhttp://en.wikipedia.org/wiki/RAMhttp://en.wikipedia.org/wiki/Flash_memoryhttp://en.wikipedia.org/wiki/Ladder_logichttp://en.wikipedia.org/wiki/State_Logichttp://en.wikipedia.org/wiki/Very_High_Level_Programming_Languagehttp://en.wikipedia.org/wiki/State_diagram


14/41

CHAPTER 6 Ladder logic

Ladder logic is a method of drawing electrical logic schematics. It is now a graphical

language very popular for programmingProgrammable Logic Controllers (PLCs). It was

originally invented to describe logic made from relays. The name is based on the

observation that programs in this language resemble ladders, with two vertical "rails" and a

series of horizontal "rungs" between them.

A program in ladder logic, also called a ladder diagram, is similar to a schematic for a set

ofrelaycircuits. An argument that aided the initial adoption of ladder logic was that a wide

variety of engineers and technicians would be able to understand and use it without much

additional training, because of the resemblance to familiar hardware systems. (This

argument has become less relevant given that most ladder logic programmers have a

software background in more conventional programming languages, and in practice

implementations of ladder logic have characteristics such as sequential execution and

support for control flow features that make the analogy to hardware somewhat

imprecise.)

Ladder logic is widely used to program PLCs, where sequential control of a process or

manufacturing operation is required. Ladder logic is useful for simple but critical control

systems, or for reworking oldhardwiredrelay circuits. As programmable logic controllers

became more sophisticated it has also been used in very complex automation systems.

Ladder logic can be thought of as a rule-based language, rather than aprocedural language.

A "rung" in the ladder represents a rule. When implemented with relays and other

electromechanical devices, the various rules "execute" simultaneously and immediately.

When implemented in a programmable logic controller, the rules are typically executed

sequentially by software, in a loop. By executing the loop fast enough, typically manytimes per second, the effect of simultaneous and immediate execution is obtained. In this

way it is similar to other rule-based languages, like spreadsheets orSQL. However, proper

use of programmable controllers requires understanding the limitations of the execution

order of rungs.

6.1 Example of a simple ladder logic program

The language itself can be seen as a set of connections between logical checkers (relay

contacts) and actuators (coils). If a path can be traced between the left side of the rung and

the output, through asserted (true or "closed") contacts, the rung is true and the output coil

storage bit is asserted (1) or true. If no path can be traced, then the output is false (0) and

the "coil" by analogy to electromechanical relays is considered "de-energized". The

analogy between logical propositions and relay contact status is due to Claude Shannon.
http://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Electronic_circuithttp://en.wikipedia.org/wiki/Electronic_circuithttp://en.wikipedia.org/wiki/Programming_languagehttp://en.wikipedia.org/wiki/Programming_languagehttp://en.wikipedia.org/w/index.php?title=Hardwired&action=edithttp://en.wikipedia.org/w/index.php?title=Hardwired&action=edithttp://en.wikipedia.org/w/index.php?title=Hardwired&action=edithttp://en.wikipedia.org/wiki/Procedural_languagehttp://en.wikipedia.org/wiki/Spreadsheethttp://en.wikipedia.org/wiki/SQLhttp://en.wikipedia.org/wiki/Claude_Shannonhttp://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Electronic_circuithttp://en.wikipedia.org/wiki/Programming_languagehttp://en.wikipedia.org/w/index.php?title=Hardwired&action=edithttp://en.wikipedia.org/wiki/Procedural_languagehttp://en.wikipedia.org/wiki/Spreadsheethttp://en.wikipedia.org/wiki/SQLhttp://en.wikipedia.org/wiki/Claude_Shannon


15/41

Ladder logic has "contacts" that "make" or "break" "circuits" to control "coils." Each coil

or contact corresponds to the status of a single bit in the programmable controller's

memory. Unlike electromechanical relays, a ladder program can refer any number of times

to the status of a single bit, equivalent to a relay with an indefinitely large number of

contacts.

So-called "contacts" may refer to inputs to the programmable controller from physical

devices such as pushbuttons and limit switches, or may represent the status of internal

storage bits which may be generated elsewhere in the program.

Each rung of ladder language typically has one coil at the far right. Some manufacturers

may allow more than one output coil on a rung.

--( )-- a regular coil, true when its rung is true

--(/)-- a "not" coil, false when its rung is true

--[ ]-- A regular contact, true when its coil is true (normally false)

--[\]-- A "not" contact, false when its coil is true (normally true)

The "coil" (output of a rung) may represent a physical output which operates some device

connected to the programmable controller, or may represent an internal storage bit for use

elsewhere in the program.

6.2Generally Used Instructions & symbol For PLC Programming

6.2.1 Input Instruction

--[ ]-- This Instruction is Called IXC or Examine If Closed.

ie; If a NO switch is actuated then only this instruction will be true. If a NC switch

is actuated then this instruction will not be true and hence output will not be generated.

--[\]-- This Instruction is Called IXO or Examine If Open

ie; If a NC switch is actuated then only this instruction will be true. If a NC switch is

actuated then this instruction will not be true and hence output will not be generated.

6.2.2 Output Instruction

--( )-- This Instruction Shows the States of Output.


16/41

ie; If any instruction either XIO or XIC is true then output will be high. Due to

high output a 24 volt signal is generated from PLC processor.

6.2.3 Rung

Rung is a simple line on which instruction are placed and logics are created

E.g.; ---------------------------------------------

Here is an example of what one rung in a ladder logic program might look like. In real life,

there may be hundreds or thousands of rungs.

For example:

1. ----[ ]---------|--[ ]--|------( )--X | Y | S

| |

|--[ ]--|

Z

The above realises the function: S = X AND (Y OR Z)

Typically, complex ladder logic is 'read' left to right and top to bottom. As each of the lines

(or rungs) are evaluated the output coil of a rung may feed into the next stage of the ladder

as an input. In a complex system there will be many "rungs" on a ladder, which arenumbered in order of evaluation.

1.----[ ]-----------|---[ ]---|----( )--X | Y | S

| |

|---[ ]----|Z

2.---- [ ]----[ ] -------------------( )--S X T

2. T = S AND X where S is equivalent to #1. above

This represents a slightly more complex system for rung 2. After the first line has been

evaluated, the output coil (S) is fed into rung 2, which is then evaluated and the output coil

T could be fed into an output device (buzzer, light etc..) or into rung 3 on the ladder. (Note

that the contact X on the 2nd rung serves no useful purpose, as X is already a 'AND'

function of S from the 1st rung.)

This system allows very complex logic designs to be broken down and evaluated.

More practical examples

Example-1


17/41

------[ ]------------------------[ ]--------------------------------O-----------------Key Switch 1 Key Switch 2 Door MotorThis circuit shows two key switches that security guards might use to activate an electric

motor on a bank vault door. When the normally open contacts of both switches close,

electricity is able to flow to the motor which opens the door. This is a logical AND.

Example-2

Often we have a little green "start" button to turn on a motor, and we want to turn it off

with a big red "Stop" button.

--+----[ ]--+----[\]----( )---| start | stop run

| |

+----[ ]--+

run

-------[ ]--------------( )---

run motor

Example with PLC

Consider the following circuit and PLC program :

-------[ ]--------------( )---

run motor

When the pushbutton switch is unactuated (unpressed), no power is sent to the X1 input of

the PLC. Following the program, which shows a normally-open X1 contact in series with a


18/41

Y1 coil, no "power" will be sent to the Y1 coil. Thus, the PLC's Y1 output remains de-

energized, and the indicator lamp connected to it remains dark.

If the pushbutton switch is pressed, however, power will be sent to the PLC's X1 input.

Any and all X1 contacts appearing in the program will assume the actuated (non-normal)state, as though they were relay contacts actuated by the energizing of a relay coil named

"X1". In this case, energizing the X1 input will cause the normally-open X1 contact will

"close," sending "power" to the Y1 coil. When the Y1coilof the program "energizes," the

real Y1 output will become energized, lighting up the lamp connected to it:

Lamp Glows when at Input Switch is Actuated

It must be understood that the X1 contact, Y1 coil, connecting wires, and "power"

appearing in the personal computer's display are all virtual. They do not exist as real

electrical components. They exist as commands in a computer program -- a piece of

software only -- that just happens to resemble a real relay schematic diagram.

Equally important to understand is that the personal computer used to display and edit the

PLC's program is not necessary for the PLC's continued operation. Once a program has

been loaded to the PLC from the personal computer, the personal computer may be

unplugged from the PLC, and the PLC will continue to follow the programmed commands.

I include the personal computer display in these illustrations for your sake only, in aiding to

understand the relationship between real-life conditions (switch closure and lamp status)

and the program's status ("power" through virtual contacts and virtual coils).

The true power and versatility of a PLC is revealed when we want to alter the behavior of a

control system. Since the PLC is a programmable device, we can alter its behavior by

changing the commands we give it, without having to reconfigure the electrical

components connected to it. For example, suppose we wanted to make this switch-and-

lamp circuit function in an inverted fashion: push the button to make the lamp turn off, and

release it to make it turn on. The "hardware" solution would require that a normally-closed

pushbutton switch be substituted for the normally-open switch currently in place. The


19/41

"software" solution is much easier: just alter the program so that contact X1 is normally-

closed rather than normally-open.

6.3 Programming For Start/Stop of Motor by PLC

Often we have a little green "start" button to turn on a motor, and we want to turn it off

with a big red "Stop" button.

--+----[ ]--+----[\]----( )---

| start | stop run| |

+----[ ]--+

run

The pushbutton switch connected to input X1 serves as the "Start" switch, while the switch

connected to input X2 serves as the "Stop." Another contact in the program, named Y1,

uses the output coil status as a seal-in contact, directly, so that the motor contactor will

continue to be energized after the "Start" pushbutton switch is released. You can see the

normally-closed contact X2 appear in a colored block, showing that it is in a closed

("electrically conducting") state.

6.3.1 Starting of Motor

If we were to press the "Start" button, input X1 would energize, thus "closing" the X1

contact in the program, sending "power" to the Y1 "coil," energizing the Y1 output and

applying 120 volt AC power to the real motor contactor coil. The parallel Y1 contact will

also "close," thus latching the "circuit" in an energized state:


20/41

6.3.2 Logic for Continuous Running of motor When Start Button is Released

Now, if we release the "Start" pushbutton, the normally-open X1 "contact" will return to its

"open" state, but the motor will continue to run because the Y1 seal-in "contact" continues

to provide "continuity" to "power" coil Y1, thus keeping the Y1 output energized:


21/41

6.3.3 To Stop the Motor

To stop the motor, we must momentarily press the "Stop" pushbutton, which will energize

the X2 input and "open" the normally-closed "contact," breaking continuity to the Y1

"coil:"

When the "Stop" pushbutton is released, input X2 will de-energize, returning "contact" X2

to its normal, "closed" state. The motor, however, will not start again until the "Start"

pushbutton is actuated, because the "seal-in" of Y1 has been lost:

CHAPTER 7 Meaning of SCADA


22/41

SCADA stands for Supervisory Control and Data Acquisition. As the name indicates, it is

not a full control system, but rather focuses on the supervisory level. As such, it is a purely

software package that is positioned on top of hardware to which it is interfaced, in general

via Programmable Logic Controllers (PLCs), or other commercial hardware modules.

SCADA systems are used not only in industrial processes: e.g. steel making, power

generation (conventional and nuclear) and distribution, chemistry, but also in some

experimental facilities such as nuclear fusion. The size of such plants range from a few

1000 to several 10 thousands input/output (I/O) channels. However, SCADA systems

evolve rapidly and are now penetrating the market of plants with a number of I/O channels

of several 100K: we know of two cases of near to 1 M I/O channels currently under

development.

SCADA systems used to run on DOS, VMS and UNIX; in recent years all SCADA

vendors have moved to NT and some also to Linux.

CHAPTER 8 Architecture


23/41

This section describes the common features of the SCADA products that have been

evaluated at CERN in view of their possible application to the control systems of the LHC

detectors [1], [2].

FIG.: Common Feature Of SCADA

8.1 Hardware Architecture

One distinguishes two basic layers in a SCADA system: the "client layer" which caters for

the man machine interaction and the "data server layer" which handles most of the processdata control activities. The data servers communicate with devices in the field through

process controllers. Process controllers, e.g. PLCs, are connected to the data servers either

directly or via networks or field buses that are proprietary (e.g. Siemens H1), or non-

proprietary (e.g. Profibus). Data servers are connected to each other and to client stations

via an Ethernet LAN. The data servers and client stations are NT platforms but for many

products the client stations may also be W95 machines.

8.2 Communications

8.2.1 Internal Communication

Server-client and server-server communication is in general on a publish-subscribe and

event-driven basis and uses a TCP/IP protocol, i.e., a client application subscribes to a

parameter which is owned by a particular server application and only changes to that

parameter are then communicated to the client application.

8.2.2 Access to Devices

The data servers poll the controllers at a user defined polling rate. The polling rate may be

different for different parameters. The controllers pass the requested parameters to the data

servers. Time stamping of the process parameters is typically performed in the controllers

and this time-stamp is taken over by the data server. If the controller and communication

protocol used support unsolicited data transfer then the products will support this too.


24/41

The products provide communication drivers for most of the common PLCs and widely

used field-buses, e.g., Modbus. Of the three fieldbuses that are recommended at CERN,

both Profibus and World flip are supported but CANbus often not [3]. Some of the drivers

are based on third party products (e.g., Applicom cards) and therefore have additional cost

associated with them. VME on the other hand is generally not supported.

A single data server can support multiple communications protocols: it can generally

support as many such protocols as it has slots for interface cards.

The effort required to develop new drivers is typically in the range of 2-6 weeks depending

on the complexity and similarity with existing drivers, and a driver development toolkit is

provided for this.

8.3 Interfacing

The provision of OPC client functionality for SCADA to access devices in an open and

standard manner is developing. There still seems to be a lack of devices/controllers, which

provide OPC server software, but this improves rapidly as most of the producers of

controllers are actively involved in the development of this standard. OPC has been

evaluated by the CERN-IT-CO group [4].

The products also provide

An Open Data Base Connectivity (ODBC) interface to the data in the archive/logs,

but not to the configuration database,

An ASCII import/export facility for configuration data,

A library of APIs supporting C, C++, and Visual Basic (VB) to access data in the

RTDB, logs and archive. The API often does not provide access to the product's

internal features such as alarm handling, reporting, trending, etc.

The PC products provide support for the Microsoft standards such as Dynamic Data

Exchange (DDE) which allows e.g. to visualize data dynamically in an EXCEL

spreadsheet, Dynamic Link Library (DLL) and Object Linking and Embedding (OLE).

The configuration data are stored in a database that is logically centralized but physically

distributed and that is generally of a proprietary format.

For performance reasons, the RTDB resides in the memory of the servers and is also ofproprietary format.

The archive and logging format is usually also proprietary for performance reasons, but

some products do support logging to a Relational Data Base Management System

(RDBMS) at a slower rate either directly or via an ODBC interface.

8.4 Scalability

Scalability is understood as the possibility to extend the SCADA based control system by

adding more process variables, more specialized servers (e.g. for alarm handling) or more


25/41

clients. The products achieve scalability by having multiple data servers connected to

multiple controllers. Each data server has its own configuration database and RTDB and is

responsible for the handling of a sub-set of the process variables (acquisition, alarm

handling, archiving).

8.5 Redundancy

The products often have built in software redundancy at a server level, which is normally

transparent to the user. Many of the products also provide more complete redundancy

solutions if required.

CHAPTER 9 Common System

Components


26/41

A SCADA System usually consists of the following subsystems:

A Human-Machine Interface or HMI is the apparatus which presents process data

to a human operator, and through this, the human operator monitors and controls

the process.

A supervisory (computer) system, gathering (acquiring) data on the process and

sending commands (control) to the process.

Remote Terminal Units (RTUs) connecting to sensors in the process, converting

sensor signals to digital data and sending digital data to the supervisory system.

Programmable Logic Controller(PLCs) used as field devices because they are more

economical, versatile, flexible, and configurable than special-purpose RTUs.

Communication infrastructure connecting the supervisory system to the Remote

Terminal Units

9.1 Supervision Vs. Control

There is, in several industries, considerable confusion over the differences between

SCADA systems and Distributed control systems (DCS). Generally speaking, a SCADA

system usually refers to a system that coordinates, but does not control processes inreal

time. The discussion on real-time control is muddied somewhat by newer

telecommunications technology, enabling reliable, low latency, high speed

communications over wide areas. Most differences between SCADA and DCS are

culturally determined and can usually be ignored. As communication infrastructures with

higher capacity become available, the difference between SCADA and DCS will fade.

9.2 Systems Concepts

The term SCADA usually refers to centralized systems which monitor and control entire

sites, or complexes of systems spread out over large areas (anything between an industrial

plant and a country). Most control actions are performed automatically by remote terminal

units ("RTUs") or byprogrammable logic controllers ("PLCs"). Host control functions are

usually restricted to basic overriding or supervisory level intervention. For example, a PLC

may control the flow of cooling water through part of an industrial process, but the

SCADA system may allow operators to change the set points for the flow,and enable alarm

conditions, such as loss of flow and high temperature, to be displayed and recorded. The

feedback control loop passes through the RTU or PLC, while the SCADA system monitors

the overall performance of the loop.
http://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Communicationhttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Remote_terminal_unithttp://en.wikipedia.org/wiki/Remote_terminal_unithttp://en.wikipedia.org/wiki/Programmable_logic_controllershttp://en.wikipedia.org/wiki/Programmable_logic_controllershttp://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Communicationhttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Remote_terminal_unithttp://en.wikipedia.org/wiki/Remote_terminal_unithttp://en.wikipedia.org/wiki/Programmable_logic_controllers


27/41

Data acquisition begins at the RTU or PLC level and includes meter readings and

equipment status reports that are communicated to SCADA as required. Data is then

compiled and formatted in such a way that a control room operator using the HMI can

make supervisory decisions to adjust or override normal RTU (PLC) controls. Data may

also be fed to a Historian, often built on a commodity Database Management System, to

allow trending and other analytical auditing.

SCADA systems typically implement a distributed database, commonly referred to as a tag

database, which contains data elements called tags or points. A point represents a single

input or output value monitored or controlled by the system. Points can be either "hard" or

"soft". A hard point represents an actual input or output within the system, while a soft

point results from logic and math operations applied to other points. (Most

implementations conceptually remove the distinction by making every property a "soft"

point expression, which may, in the simplest case, equal a single hard point.) Points are

normally stored as value-timestamp pairs: a value, and the timestamp when it was recorded

or calculated. A series of value-timestamp pairs gives the history of that point. It's also

common to store additional metadata with tags, such as the path to a field device or PLC

register, design time comments, and alarm information.

9.3 Human Machine Interface
http://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Database_Management_Systemhttp://en.wikipedia.org/wiki/Timestamphttp://en.wikipedia.org/wiki/File:SCADA_schematic_overview-s.svghttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Database_Management_Systemhttp://en.wikipedia.org/wiki/Timestamp


28/41

FIG.: Typical Basic SCADA Animations

AHuman-Machine Interfaceor HMI is the apparatus which presents process data to a

human operator, and through which the human operator controls the process.

An HMI is usually linked to the SCADA system's databases and software programs, to

provide trending, diagnostic data, and management information such as scheduled

maintenance procedures, logistic information, detailed schematics for a particular sensor or

machine, and expert-system troubleshooting guides.

The HMI system usually presents the information to the operating personnel graphically, in

the form of a mimic diagram. This means that the operator can see a schematic

representation of the plant being controlled. For example, a picture of a pump connected to

a pipe can show the operator that the pump is running and how much fluid it is pumping

through the pipe at the moment. The operator can then switch the pump off. The HMI

software will show the flow rate of the fluid in the pipe decrease in real time. Mimicdiagrams may consist of line graphics and schematic symbols to represent process

elements, or may consist of digital photographs of the process equipment overlain with

animated symbols.

The HMI package for the SCADA system typically includes a drawing program that the

operators or system maintenance personnel use to change the way these points are

represented in the interface. These representations can be as simple as an on-screen traffic

light, which represents the state of an actual traffic light in the field, or as complex as amulti-projector display representing the position of all of the elevators in a skyscraper or all

of the trains on a railway.

An important part of most SCADA implementations are alarms. An alarm is a digital status

point that has either the value NORMAL or ALARM. Alarms can be created in such a way

that when their requirements are met, they are activated. An example of an alarm is the

"fuel tank empty" light in a car. The SCADA operator's attention is drawn to the part of the
http://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/Databasehttp://en.wikipedia.org/wiki/File:Scada_std_anim.gifhttp://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/Database


29/41

system requiring attention by the alarm. Emails and text messages are often sent along with

an alarm activation alerting managers along with the SCADA operator.

9.4 Hardware Solutions

SCADA solutions often haveDistributed Control System (DCS) components. Use of

"smart" RTUs orPLCs, which are capable of autonomously executing simple logic

processes without involving the master computer, is increasing. A functional block

programming language,IEC 61131-3 (Ladder Logic), is frequently used to create programs

which run on these RTUs and PLCs. Unlike a procedural language such as the C

programming language orFORTRAN, IEC 61131-3 has minimal training requirements by

virtue of resembling historic physical control arrays. This allows SCADA system engineers

to perform both the design and implementation of a program to be executed on an RTU orPLC. A Programmable automation controller(PAC) is a compact controller that combines

the features and capabilities of a PC-based control system with that of a typical PLC. PACs

are deployed in SCADA systems to provide RTU and PLC functions. In many electrical

substation SCADA applications, "distributed RTUs" use information processors or station

computers to communicate with protective relays, PACS, and other devices for I/O, and

communicate with the SCADA master in lieu of a traditional RTU.

Since about 1998, virtually all major PLC manufacturers have offered integratedHMI/SCADA systems, many of them using open and non-proprietary communications

protocols. Numerous specialized third-party HMI/SCADA packages, offering built-in

compatibility with most major PLCs, have also entered the market, allowing mechanical

engineers, electrical engineers and technicians to configure HMIs themselves, without the

need for a custom-made program written by a software developer.

CHAPTER 10 Remote Terminal

Unit (RTU)
http://en.wikipedia.org/wiki/Distributed_Control_Systemhttp://en.wikipedia.org/wiki/Distributed_Control_Systemhttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Programmable_logic_controllerhttp://en.wikipedia.org/wiki/Programmable_logic_controllerhttp://en.wikipedia.org/wiki/IEC_61131-3http://en.wikipedia.org/wiki/IEC_61131-3http://en.wikipedia.org/wiki/C_(programming_language)http://en.wikipedia.org/wiki/C_(programming_language)http://en.wikipedia.org/wiki/FORTRANhttp://en.wikipedia.org/wiki/Programmable_automation_controllerhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Distributed_Control_Systemhttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Programmable_logic_controllerhttp://en.wikipedia.org/wiki/IEC_61131-3http://en.wikipedia.org/wiki/C_(programming_language)http://en.wikipedia.org/wiki/C_(programming_language)http://en.wikipedia.org/wiki/FORTRANhttp://en.wikipedia.org/wiki/Programmable_automation_controllerhttp://en.wikipedia.org/wiki/Relay


30/41

The RTU connects to physical equipment. Typically, an RTU converts the electrical signals

from the equipment to digital values such as the open/closed status from aswitchor

a valve, or measurements such as pressure, flow, voltage or current. By converting andsending these electrical signals out to equipment the RTU can control equipment, such as

opening or closing a switch or a valve, or setting the speed of apump.

10.1 Supervisory Station

The term "Supervisory Station" refers to the servers and software responsible for

communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI software

running on workstations in the control room, or elsewhere. In smaller SCADA systems, the

master station may be composed of a single PC. In larger SCADA systems, the master

station may include multiple servers, distributed software applications, and disaster

recovery sites. To increase the integrity of the system the multiple servers will often be

configured in a dual-redundant or hot-standby formation providing continuous control and

monitoring in the event of a server failure.

Initially, more "open" platforms such asLinux were not as widely used due to the highly

dynamic development environment and because a SCADA customer that was able to afford

the field hardware and devices to be controlled could usually also

purchase UNIXorOpenVMS licenses. Today, all major operating systems are used for

both master station servers and HMI workstations.

10.2 Operational Philosophy

For some installations, the costs that would result from the control system failing are

extremely high. Possibly even lives could be lost. Hardware for some SCADA systems is

ruggedized to withstand temperature, vibration, and voltage extremes, but in most critical

installations reliability is enhanced by having redundant hardware and communications

channels, up to the point of having multiple fully equipped control centres. A failing part

can be quickly identified and its functionality automatically taken over by backup

hardware. A failed part can often be replaced without interrupting the process. The

reliability of such systems can be calculated statistically and is stated as the mean time to

failure, which is a variant ofmean time between failures. The calculated mean time to

failure of such high reliability systems can be on the order of centuries.

10.3 Communication Infrastructure And Methods
http://en.wikipedia.org/wiki/RTUhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Valvehttp://en.wikipedia.org/wiki/RTUhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Valvehttp://en.wikipedia.org/wiki/Pumphttp://en.wikipedia.org/wiki/Pumphttp://en.wikipedia.org/wiki/Pumphttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/UNIXhttp://en.wikipedia.org/wiki/UNIXhttp://en.wikipedia.org/wiki/OpenVMShttp://en.wikipedia.org/wiki/Mean_time_between_failureshttp://en.wikipedia.org/wiki/Mean_time_between_failureshttp://en.wikipedia.org/wiki/RTUhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Valvehttp://en.wikipedia.org/wiki/RTUhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Valvehttp://en.wikipedia.org/wiki/Pumphttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/UNIXhttp://en.wikipedia.org/wiki/OpenVMShttp://en.wikipedia.org/wiki/Mean_time_between_failures


31/41

SCADA systems have traditionally used combinations of radio and direct serial or modem

connections to meet communication requirements, although Ethernet and IP overSONET /

SDH is also frequently used at large sites such as railways and power stations. The remote

management or monitoring function of a SCADA system is often referred to astelemetry.

This has also come under threat with some customers wanting SCADA data to travel over

their pre-established corporate networks or to share the network with other applications.

The legacy of the early low-bandwidth protocols remains, though. SCADA protocols are

designed to be very compact and many are designed to send information to the master

station only when the master station polls the RTU. Typical legacy SCADA protocols

includeModbus RTU,RP-570,Profibusand Conitel. These communication protocols are

all SCADA-vendor specific but are widely adopted and used. Standard protocols are IEC

60870-5-101 or 104,IEC 61850 andDNP3. These communication protocols are

standardized and recognized by all major SCADA vendors. Many of these protocols now

contain extensions to operate overTCP/IP. It is good security engineering practice to avoid

connecting SCADA systems to the Internet so the attack surface is reduced.

RTUs and other automatic controller devices were being developed before the advent of

industry wide standards for interoperability. The result is that developers and their

management created a multitude of control protocols. Among the larger vendors, there was

also the incentive to create their own protocol to "lock in" their customer base. A list

ofautomation protocols is being compiled here.

Recently, OLE for Process Control (OPC) has become a widely accepted solution for

intercommunicating different hardware and software, allowing communication even

between devices originally not intended to be part of an industrial network.

CHAPTER 11 Trends in SCADA
http://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Telemetryhttp://en.wikipedia.org/wiki/Telemetryhttp://en.wikipedia.org/wiki/Modbushttp://en.wikipedia.org/wiki/Modbushttp://en.wikipedia.org/wiki/RP-570http://en.wikipedia.org/wiki/RP-570http://en.wikipedia.org/wiki/Profibushttp://en.wikipedia.org/wiki/Profibushttp://en.wikipedia.org/wiki/Profibushttp://en.wikipedia.org/wiki/IEC_60870-5http://en.wikipedia.org/wiki/IEC_60870-5http://en.wikipedia.org/wiki/IEC_61850http://en.wikipedia.org/wiki/IEC_61850http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/TCP/IPhttp://en.wikipedia.org/wiki/Security_engineeringhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Attack_surfacehttp://en.wikipedia.org/wiki/Automation_protocolshttp://en.wikipedia.org/wiki/OLE_for_process_controlhttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Telemetryhttp://en.wikipedia.org/wiki/Modbushttp://en.wikipedia.org/wiki/RP-570http://en.wikipedia.org/wiki/Profibushttp://en.wikipedia.org/wiki/IEC_60870-5http://en.wikipedia.org/wiki/IEC_60870-5http://en.wikipedia.org/wiki/IEC_61850http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/TCP/IPhttp://en.wikipedia.org/wiki/Security_engineeringhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Attack_surfacehttp://en.wikipedia.org/wiki/Automation_protocolshttp://en.wikipedia.org/wiki/OLE_for_process_control


32/41

There is a trend for plc and HMI/SCADA software to be more "mix-and-match". In the mid

1990s, the typical DAQ I/O manufacturer supplied equipment that communicated using

proprietary protocols over a suitable-distance carrier likeRS-485. End users who invested

in a particular vendor's hardware solution often found themselves restricted to a limited

choice of equipment when requirements changed (e.g. system expansions or performance

improvement). To mitigate such problems, open communication protocols such as IEC870-

5-101/104, DNP3 serial, and DNP3 LAN/WAN became increasingly popular among

SCADA equipment manufacturers and solution providers alike. Open architectureSCADA

systems enabled users to mix-and-match products from different vendors to develop

solutions that were better than those that could be achieved when restricted to a singlevendor's product offering.

Towards the late 1990s, the shift towards open communications continued with individual

I/O manufacturers as well, who adopted open message structures such as Modbus RTU and

Modbus ASCII (originally both developed by Modicon) over RS-485. By 2000, most I/O

makers offered completely open interfacing such as Modbus TCP over Ethernet and IP.

TheNorth American Electric Reliability Corporation (NERC) has specified that electrical

system data should be time-tagged to the nearest millisecond. Electrical system SCADA

systems provide thisSequence of events recorderfunction, usingRadio clocks to

synchronize the RTU or distributed RTU clocks.

SCADA systems are coming in line with standard networking technologies. Ethernet and

TCP/IP based protocols are replacing the older proprietary standards. Although certain

characteristics of frame-based network communication technology (determinism,

synchronization, protocol selection, environment suitability) have restricted the adoption of

Ethernet in a few specialized applications, the vast majority of markets have acceptedEthernet networks for HMI/SCADA.

With the emergence ofsoftware as a service in the broader software industry, a few

vendors have begun offering application specific SCADA systems hosted on remote

platforms over theInternet. This removes the need to install and commission systems at the

end-user's facility and takes advantage of security features already available in Internet

technology, VPNsand SSL. Some concerns include security, Internet connection

reliability, and latency.

SCADA systems are becoming increasingly ubiquitous. Thin clients, web portals, andweb

based products are gaining popularity with most major vendors. The increased convenience

of end users viewing their processes remotely introduces security considerations. While

these considerations are already considered solved in other sectors of internet services, not

all entities responsible for deploying SCADA systems have understood the changes in

accessibility and threat scope implicit in connecting a system to the internet.
http://en.wikipedia.org/wiki/RS-485http://en.wikipedia.org/wiki/RS-485http://en.wikipedia.org/wiki/RS-485http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/Open_architecturehttp://en.wikipedia.org/wiki/Open_architecturehttp://en.wikipedia.org/wiki/North_American_Electric_Reliability_Corporationhttp://en.wikipedia.org/wiki/Millisecondhttp://en.wikipedia.org/wiki/Sequence_of_events_recorderhttp://en.wikipedia.org/wiki/Sequence_of_events_recorderhttp://en.wikipedia.org/wiki/Radio_clockshttp://en.wikipedia.org/wiki/Radio_clockshttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Software_as_a_servicehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Thin_clientshttp://en.wikipedia.org/wiki/Web_basedhttp://en.wikipedia.org/wiki/Web_basedhttp://en.wikipedia.org/wiki/Web_basedhttp://en.wikipedia.org/wiki/RS-485http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/Open_architecturehttp://en.wikipedia.org/wiki/North_American_Electric_Reliability_Corporationhttp://en.wikipedia.org/wiki/Millisecondhttp://en.wikipedia.org/wiki/Sequence_of_events_recorderhttp://en.wikipedia.org/wiki/Radio_clockshttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Software_as_a_servicehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Thin_clientshttp://en.wikipedia.org/wiki/Web_basedhttp://en.wikipedia.org/wiki/Web_based


33/41

CHAPTER 12 Security Issue

The move from proprietary technologies to more standardized and open solutions together

with the increased number of connections between SCADA systems and office networks

and theInternet has made them more vulnerable to attacks - see references. Consequently,

the security of SCADA-based systems has come into question as they are increasingly seen

as extremely vulnerable to cyber warfare/cyber terrorism attacks.

In particular, security researchers are concerned about:

The lack of concern about security and authentication in the design, deployment

and operation of existing SCADA networks
http://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internet


34/41

The mistaken belief that SCADA systems have the benefit ofsecurity through

obscurity through the use of specialized protocols and proprietary interfaces

The mistaken belief that SCADA networks are secure because they are purportedly

physically secured

The mistaken belief that SCADA networks are secure because they are supposedly

disconnected from the Internet

SCADA systems are used to control and monitor physical processes, examples of which

are transmission of electricity, transportation of gas and oil in pipelines, water distribution,

traffic lights, and other systems used as the basis of modern society. The security of these

SCADA systems is important because compromise or destruction of these systems would

impact multiple areas of society far removed from the original compromise. For example, a

blackout caused by a compromised electrical SCADA system would cause financial losses

to all the customers that received electricity from that source. How security will affect

legacy SCADA and new deployments remains to be seen.

There are two distinct threats to a modern SCADA system. First is the threat of

unauthorized access to the control software, whether it be human access or changes

induced intentionally or accidentally by virus infections and other software threats residing

on the control host machine. Second is the threat of packet access to the network segments

hosting SCADA devices. In many cases, there is rudimentary or no security on the actual

packet control protocol, so anyone who can send packets to the SCADA device can control

it. In many cases SCADA users assume that a VPN is sufficient protection and are unaware

that physical access to SCADA-related network jacks and switches provides the ability to

totally bypass all security on the control software and fully control those SCADA

networks. These kinds of physical access attacks bypass firewall and VPN security and are

best addressed by endpoint-to-endpoint authentication and authorization such as are

commonly provided in the non-SCADA world by in-device SSL or other cryptographic

techniques.

Many vendors of SCADA and control products have begun to address these risks in a basic

sense by developing lines of specialized industrialfirewall and VPNsolutions for TCP/IP-

based SCADA networks. Additionally, application white listing solutions are being

implemented because of their ability to prevent malware and unauthorized application

changes without the performance impacts of traditional antivirus scans Also, the ISA

Security Compliance Institute (ISCI) is emerging to formalize SCADA security testing

starting as soon as 2009. ISCI is conceptually similar to private testing and certification

that has been performed by vendors since 2007. Eventually, standards being defined by

ISA99 WG4 will supersede the initial industry consortia efforts, but probably not before

2011.

The increased interest in SCADA vulnerabilities has resulted in vulnerability researchers

discovering vulnerabilities in commercial SCADA software and more general offensive

SCADA techniques presented to the general security community. In electric and gas utility
http://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Firewallhttp://en.wikipedia.org/wiki/Firewallhttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Firewallhttp://en.wikipedia.org/wiki/VPN


35/41

SCADA systems, the vulnerability of the large installed base of wired and wireless serial

communications links is addressed in some cases by applying bump-in-the-wire devices

that employ authentication and Advanced Encryption Standard encryption rather than

replacing all existing nodes.

CHAPTER 13 Application Development
http://en.wikipedia.org/wiki/Advanced_Encryption_Standardhttp://en.wikipedia.org/wiki/Advanced_Encryption_Standard


36/41

13.1 Configuration

Export/Import facility for the configuration data (parameter definitions), which The

development of the applications is typically done in two stages. First the process

parameters and associated information (e.g. relating to alarm conditions) are defined

through some sort of parameter definition template and then the graphics, including

trending and alarm displays are developed, and linked where appropriate to the process

parameters. The products also provide an ASCII enables large numbers of parameters to be

configured in a more efficient manner using an external editor such as Excel and then

importing the data into the configuration database.

However, many of the PC tools now have a Windows Explorer type development studio.

The developer then works with a number of folders, which each contains a different aspect

of the configuration, including the graphics.

The facilities provided by the products for configuring very large numbers of parameters

are not very strong. However, this has not really been an issue so far for most of the

products to-date, as large applications are typically about 50K I/O points and database

population from within an ASCII editor such as Excel is still a workable option.

On-line modifications to the configuration database and the graphics are generally possible

with the appropriate level of privileges.


37/41

13.2 Development Tools

The following development tools are provided as standard:

A graphics editor, with standard drawing facilities including freehand, lines,squares circles, etc. It is possible to import pictures in many formats as well as

using predefined symbols including e.g. trending charts, etc. A library of generic

symbols is provided that can be linked dynamically to variables and animated as

they change. It is also possible to create links between views so as to ease

navigation at run-time.

A data base configuration tool (usually through parameter templates). It is in

general possible to export data in ASCII files so as to be edited through an ASCIIeditor or Excel.

A scripting language

An Application Program Interface (API) supporting C, C++, VB

CHAPTER 14 Evolution


38/41

SCADA vendors release one major version and one to two additional minor versions once

per year. These products evolve thus very rapidly so as to take advantage of new market

opportunities, to meet new requirements of their customers and to take advantage of new

technologies.

As was already mentioned, most of the SCADA products that were evaluated decompose

the process in "atomic" parameters to which a Tag-name is associated. This is impractical

in the case of very large processes when very large sets of Tags need to be configured. As

the industrial applications are increasing in size, new SCADA versions are now being

designed to handle devices and even entire systems as full entities (classes) that

encapsulate all their specific attributes and functionality. In addition, they will also support

multi-team development.

As far as new technologies are concerned, the SCADA products are now adopting:

Web technology, ActiveX, Java, etc.

OPC as a means for communicating internally between the client and server

modules. It should thus be possible to connect OPC compliant third party modules

to that SCADA product.

CHAPTER 15 Engineering


39/41

Whilst one should rightly anticipate significant development and maintenance savings by

adopting a SCADA product for the implementation of a control system, it does not mean a

"no effort" operation. The need for proper engineering can not be sufficiently emphasized

to reduce development effort and to reach a system that complies with the requirements,

that is economical in development and maintenance and that is reliable and robust.

Examples of engineering activities specific to the use of a SCADA system are the

definition of :

A library of objects (PLC, device, subsystem) complete with standard object

behavior (script, sequences, ...), graphical interface and associated scripts for

animation,

Templates for different types of "panels", e.g. alarms,

Instructions on how to control e.g. a device ...,

A mechanism to prevent conflicting controls (if not provided with the SCADA),

alarm levels, behavior to be adopted in case of specific alarms.


40/41

CHAPTER 16 Potential Benefits Of

SCADA

The benefits one can expect from adopting a SCADA system for the control of

experimental physics facilities can be summarized as follows:

A rich functionality and extensive development facilities. The amount of effort

invested in SCADA product amounts to 50 to 100 p-years!

The amount of specific development that needs to be performed by the end-user is

limited, especially with suitable engineering.

Reliability and robustness. These systems are used for mission critical industrial

processes where reliability and performance are paramount. In addition, specific

development is performed within a well-established framework that enhances

reliability and robustness.

Technical support and maintenance by the vendor.


41/41

CHAPTER 17 Conclusion

SCADA is used for the constructive working not for the destructive work using a SCADA

system for their controls ensures a common framework not only for the development of the

specific applications but also for operating the detectors. Operators experience the same

"look and feel" whatever part of the experiment they control. However, this aspect also

depends to a

significant extent on proper engineering.

Documents

Vijesh Report