Upload
jangidvijesh
View
217
Download
0
Embed Size (px)
Citation preview
7/31/2019 Vijesh Report
1/41
7/31/2019 Vijesh Report
2/41
Company Training certificate
This training report is a genuine works by Mr. Rakesh Suman, B-Tech 3nd yr,
Electronics & Communication Engineering. The report was made under my
supervision, and I express my delight on it successful completion. I am also very happy
to have offered him guidance whenever it was required.
I wish him success in all his future endeavors.
(Mr. KL Swami)
Branch Manager
Sofcon India Pvt. Ltd.
Jaipur
7/31/2019 Vijesh Report
3/41
7/31/2019 Vijesh Report
4/41
CONTENTS
I. Introduction
II. Features of PLCs
III. PLC compared with other control systemsIV. Digital and analog signals
a. Example
V. Programming
VI. Ladder Logic
a. Example of a Simple Ladder Logic Program
b. Generally Used Instructions & Symbol For PLC
Programming
c. P rogram for Start/Stop of MotorVII. Meaning Of SCADA
VIII. Architecture
IX. Common System Component
a. Supervision VS Control
b. System Concept
c. Human Machine Interface
d. Hardware Control
X. Remote Terminal Unit
a. Supervisory Stationb. Operational Philosophy
c. Communication Infrastructure and Methods
XI. Trends In SCADA
XII. Security Issues
XIII. Application Development
a. Configuration
b. Development Tools
XIV. Evolution
XV. Engineering
XVI. Potential Benefits Of SCADA
XVII. Conclusio
http://en.wikipedia.org/wiki/Programmable_logic_controller#PLC_compared_with_other_control_systems%23PLC_compared_with_other_control_systemshttp://en.wikipedia.org/wiki/Programmable_logic_controller#Digital_and_analog_signals%23Digital_and_analog_signalshttp://en.wikipedia.org/wiki/Programmable_logic_controller#Example%23Examplehttp://en.wikipedia.org/wiki/Programmable_logic_controller#Programming%23Programminghttp://en.wikipedia.org/wiki/Programmable_logic_controller#Communications%23Communicationshttp://en.wikipedia.org/wiki/Programmable_logic_controller#Digital_and_analog_signals%23Digital_and_analog_signalshttp://en.wikipedia.org/wiki/Programmable_logic_controller#Example%23Examplehttp://en.wikipedia.org/wiki/Programmable_logic_controller#Programming%23Programminghttp://en.wikipedia.org/wiki/Programmable_logic_controller#Communications%23Communicationshttp://en.wikipedia.org/wiki/Programmable_logic_controller#PLC_compared_with_other_control_systems%23PLC_compared_with_other_control_systems7/31/2019 Vijesh Report
5/41
CHAPTER 1 Introduction
A Programmable Logic Controller, PLC, or Programmable Controller is a digital
computer used forautomation of industrial processes, such as control of machinery on
factory assembly lines. Unlike general-purpose computers, the PLC is designed for
multiple inputs and output arrangements, extended temperature ranges, immunity to
electrical noise, and resistance to vibration and impact. Programs to control machine
operation are typically stored in battery-backed ornon-volatile memory. A PLC is an
example of a real time system since output results must be produced in response to
input conditions within a bounded time, otherwise unintended operation will result.
PLC and Programmable Logic Controller are registered trademarks of the Allen-
BradleyCompany.
SCADA is Widely used in industry for Supervisory Control and Data Acquisition of
industrial processes, SCADA systems are now also penetrating the experimental
physics laboratories for the controls of ancillary systems such as cooling, ventilation,
power distribution, etc. More recently they were also applied for the controls of smaller
size particle detectors such as the L3 moon detector and the NA48 experiment, to namejust two examples at CERN.SCADA systems have made substantial progress over the
recent years in terms of functionality, scalability, performance and openness such that
they are an alternative to in house development even for very demanding and complex
control systems as those of physics experiments.
FIG. 1: Supervisory Control and Data Acquisition
http://en.wikipedia.org/wiki/Automationhttp://en.wikipedia.org/wiki/Non-volatile_storagehttp://en.wikipedia.org/wiki/Non-volatile_storagehttp://en.wikipedia.org/wiki/Real_timehttp://en.wikipedia.org/wiki/Allen-Bradleyhttp://en.wikipedia.org/wiki/Allen-Bradleyhttp://en.wikipedia.org/wiki/Allen-Bradleyhttp://en.wikipedia.org/wiki/Automationhttp://en.wikipedia.org/wiki/Non-volatile_storagehttp://en.wikipedia.org/wiki/Real_timehttp://en.wikipedia.org/wiki/Allen-Bradleyhttp://en.wikipedia.org/wiki/Allen-Bradley7/31/2019 Vijesh Report
6/41
CHAPTER 2 Features of PLCs
Photograph showing several input and output modules of a single Allen-Bradley PLC .
FIG. 2: I/O Of Allen Bradley PLC
With each module having sixteen "points" of either input or output, this PLC has the
ability to monitor and control dozens of devices. Fit into a control cabinet, a PLC takes
up little room, especially considering the equivalent space that would be needed by
electromechanical relays to perform the same functions:
The main difference from other computers is that PLC is armored for
severe condition (dust, moisture, heat, cold, etc) and has the facility
for extensive input/output (I/O) arrangements. These connect the PLC
to sensors and actuators. PLCs read limit switches, analog process
variables (such as temperature and pressure), and the positions of
complex positioning systems. Some even use machine vision. On the actuator
side, PLCs operate electric motors, pneumatic orhydraulic cylinders, magnetic relays
or solenoids, or analog outputs. The input/output arrangements may be built into a
http://en.wikipedia.org/wiki/Input/outputhttp://en.wikipedia.org/wiki/Sensorhttp://en.wikipedia.org/wiki/Actuatorhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Machine_visionhttp://en.wikipedia.org/wiki/Electric_motorhttp://en.wikipedia.org/wiki/Pneumatichttp://en.wikipedia.org/wiki/Hydraulichttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Solenoidhttp://en.wikipedia.org/wiki/Input/outputhttp://en.wikipedia.org/wiki/Sensorhttp://en.wikipedia.org/wiki/Actuatorhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Machine_visionhttp://en.wikipedia.org/wiki/Electric_motorhttp://en.wikipedia.org/wiki/Pneumatichttp://en.wikipedia.org/wiki/Hydraulichttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Solenoid7/31/2019 Vijesh Report
7/41
simple PLC, or the PLC may have external I/O modules attached to a computer network
that plugs into the PLC.
Many of the earliest PLCs expressed all decision making logic in simple ladder logic
which appeared similar to electrical schematic diagrams. The electricians were quite
able to trace out circuit problems with schematic diagrams using ladder logic. This
program notation was chosen to reduce training demands for the existing technicians.
Other early PLCs used a form of instruction list programming, based on a stack-based
logic solver. The functionality of the PLC has evolved over the years to include
sequential relay control, motion control, process control, distributed control systems
and networking. The data handling, storage, processing power and communication
capabilities of some modern PLCs are approximately equivalent to desktop computers.
2.1 Wiring In a PLC
Block diagram of a PLC
FIG. 3: Block Diagram Of PLC
2.3 Generation of Input Signal
Inside the PLC housing, connected between each input terminal and the Common
terminal, is an opto-isolator device (Light-Emitting Diode) that provides an electrically
isolated "high" Logic signal to the computer's circuitry (a photo-transistor interprets the
http://en.wikipedia.org/wiki/Ladder_logichttp://en.wikipedia.org/wiki/Instruction_listhttp://en.wikipedia.org/wiki/Process_controlhttp://en.wikipedia.org/wiki/Process_controlhttp://en.wikipedia.org/wiki/Process_controlhttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Desktop_computerhttp://en.wikipedia.org/wiki/Ladder_logichttp://en.wikipedia.org/wiki/Instruction_listhttp://en.wikipedia.org/wiki/Process_controlhttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Desktop_computer7/31/2019 Vijesh Report
8/41
LED's light) when there is 120 VAC power applied between the respective input
terminal and the Common terminal. An indicating LED on the front panel of the PLC
gives visual indication of an "energized" input.
FIG. 4: Diagram Showing Energized input terminal X1
2.4 Generation of Output Signal
Output signals are generated by the PLC's computer circuitry activating a switching
device (transistor, TRIAC, or even an electromechanical relay), connecting the
"Source" terminal to any of the "Y-" labeled output terminals. The "Source" terminal,
correspondingly, is usually connected to the L1 side of the 120 VAC power source. As
with each input, an indicating LED on the front panel of the PLC gives visual indication
of an "energized" output
In this way, the PLC is able to interface with real-world devices such as switches and
solenoids.
The actual logic of the control system is established inside the PLC by means of a
computer program. This program dictates which output gets energized under which
input conditions. Although the program itself appears to be a ladder logic diagram, with
switch and relay symbols, there are no actual switch contacts or relay coils operating
inside the PLC to create the logical relationships between input and output. These are
7/31/2019 Vijesh Report
9/41
imaginary contacts and coils, if you will. The program is entered and viewed via a
personal computer connected to the PLC's programming port.
FIG. 5 :Diagram Showing Energized Output Y1
7/31/2019 Vijesh Report
10/41
CHAPTER 3 PLC compared with
other control
systems
PLCs are well-adapted to a certain range of automation tasks. These are typically
industrial processes in manufacturing where the cost of developing and maintaining the
automation system is high relative to the total cost of the automation, and where
changes to the system would be expected during its operational life. PLCs contain input
and output devices compatible with industrial pilot devices and controls; little electrical
design is required, and the design problem centers on expressing the desired sequence
of operations in ladder logic (or function chart) notation. PLC applications are typically
highly customized systems so the cost of a packaged PLC is low compared to the cost
of a specific custom-built controller design. For high volume or very simple fixed
automation tasks, different techniques are used.
Amicrocontroller-based design would be appropriate where hundreds or thousands of
units will be produced and so the development cost (design of power supplies and
input/output hardware) can be spread over many sales, and where the end-user would
not need to alter the control. Automotive applications are an example; millions of units
are built each year, and very few end-users alter the programming of these controllers.
However, some specialty vehicles such as transit busses economically use PLCs instead
of custom-designed controls, because the volumes are low and the development cost
would be uneconomic
PLCs may include logic for single-variable feedback analog control loop, a
"proportional, integral, derivative" or "PID controller." A PID loop could be used to
control the temperature of a manufacturing process, for example. Historically PLCs
were usually configured with only a few analog control loops; where processes required
hundreds or thousands of loops, a distributed control system (DCS) would instead be
used. However, as PLCs have become more powerful, the boundary between DCS and
PLC applications has become less clear-cut.
http://en.wikipedia.org/wiki/Microcontrollerhttp://en.wikipedia.org/wiki/Microcontrollerhttp://en.wikipedia.org/wiki/PID_controllerhttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Microcontrollerhttp://en.wikipedia.org/wiki/PID_controllerhttp://en.wikipedia.org/wiki/Distributed_control_system7/31/2019 Vijesh Report
11/41
CHAPTER 4 Digital and analog
signals
Digital or discrete signals behave as binary switches, yielding simply an On or Off signal
(1 or 0, True or False, respectively). Pushbuttons, limit switches, andphotoelectric sensors
are examples of devices providing a discrete signal. Discrete signals are sent using either
voltage orcurrent, where a specific range is designated as On and another as Off. For
example, a PLC might use 24 V DC I/O, with values above 22 V DC representing On,
values below 2VDC representing Off, and intermediate values undefined. Initially, PLCshad only discrete I/O.
Analog signals are like volume controls, with a range of values between zero and full-scale.
These are typically interpreted as integer values (counts) by the PLC, with various ranges
of accuracy depending on the device and the number of bits available to store the data. As
PLCs typically use 16-bit signed binary processors, the integer values are limited between
-32,768 and +32,767. Pressure, temperature, flow, and weight are often represented by
analog signals. Analog signals can use voltage orcurrent with a magnitude proportional to
the value of the process signal. For example, an analog4-20 mA or 0 - 10 V input would be
converted into an integer value of 0 - 32767.
Current inputs are less sensitive to electrical noise (i.e. from welders or electric motorstarts) than voltage inputs.
4.1 Example
As an example, say the facility needs to store water in a tank. The water is drawn from the
tank by another system, as needed, and our example system must manage the water level in
the tank.
Using only digital signals, the PLC has two digital inputs from float switches (tank empty
and tank full). The PLC uses a digital output to open and close the inlet valve into the tank.
If both float switches are off (down) or only the 'tank empty' switch is on, the PLC will
open the valve to let more water in. Once the 'tank full' switch is on, the PLC will
automatically shut the inlet to stop the water from overflowing. If only the 'tank full' switch
is on, something is wrong because once the water reaches a float switch, the switch will
stay on because it is floating, thus, when both float switches are on, the tank is full. Two
float switches are used to prevent a 'flutter' (a ripple or a wave) condition where any water
http://en.wikipedia.org/wiki/Photoelectric_sensorhttp://en.wikipedia.org/wiki/Photoelectric_sensorhttp://en.wikipedia.org/wiki/Voltagehttp://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/Voltagehttp://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/4-20_mAhttp://en.wikipedia.org/wiki/4-20_mAhttp://en.wikipedia.org/wiki/A/D_converterhttp://en.wikipedia.org/wiki/Current_loophttp://en.wikipedia.org/wiki/Photoelectric_sensorhttp://en.wikipedia.org/wiki/Voltagehttp://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/Voltagehttp://en.wikipedia.org/wiki/Current_(electricity)http://en.wikipedia.org/wiki/4-20_mAhttp://en.wikipedia.org/wiki/A/D_converterhttp://en.wikipedia.org/wiki/Current_loop7/31/2019 Vijesh Report
12/41
usage activates the pump for a very short time and then deactivates for a short time, and so
on, causing the system to wear out faster.
An analog system might use a load cell (scale) that weighs the tank, and an adjustable
(throttling) valve. The PLC could use a PID feedback loop to control the valve opening.The load cell is connected to an analog input and the valve is connected to an analog
output. This system fills the tank faster when there is less water in the tank. If the water
level drops rapidly, the valve can be opened wide. If water is only dripping out of the tank,
the valve adjusts to slowly drip water back into the tank.
A real system might combine both approaches, using float switches and simple valves to
prevent spills, and a rate sensor and rate valve to optimize refill rates. Backup and
maintenance methods can make a real system very complicated.
http://en.wikipedia.org/wiki/Load_cellhttp://en.wikipedia.org/wiki/Load_cell7/31/2019 Vijesh Report
13/41
CHAPTER 5 Programming
Early PLCs, up to the mid-1980s, were programmed using proprietary programming panels
or special-purpose programming terminals, which often had dedicated function keys
representing the various logical elements of PLC programs. Programs were stored on
cassette tape cartridges. Facilities for printing and documentation were very minimal due to
lack of memory capacity. More recently, PLC programs are typically written in a special
application on a personal computer, then downloaded by a direct-connection cable or over
a network to the PLC. The very oldest PLCs used non-volatile magnetic core memory but
now the program is stored in the PLC either in battery-backed-up RAM or some other non-
volatile flash memory.
Early PLCs were designed to be used by electricians who would learn PLC programming
on the job. These PLCs were programmed in "ladder logic", which strongly resembles a
schematic diagram of relay logic. Modern PLCs can be programmed in a variety of ways,
from ladder logic to more traditional programming languages such as BASIC and C.
Another method is State Logic, a Very High Level Programming Language designed to
program PLCs based onState Transition Diagrams.
http://en.wikipedia.org/wiki/Computer_terminalhttp://en.wikipedia.org/wiki/Magnetic_core_memoryhttp://en.wikipedia.org/wiki/RAMhttp://en.wikipedia.org/wiki/Flash_memoryhttp://en.wikipedia.org/wiki/Flash_memoryhttp://en.wikipedia.org/wiki/Ladder_logichttp://en.wikipedia.org/wiki/State_Logichttp://en.wikipedia.org/wiki/State_Logichttp://en.wikipedia.org/wiki/Very_High_Level_Programming_Languagehttp://en.wikipedia.org/wiki/Very_High_Level_Programming_Languagehttp://en.wikipedia.org/wiki/State_diagramhttp://en.wikipedia.org/wiki/State_diagramhttp://en.wikipedia.org/wiki/Computer_terminalhttp://en.wikipedia.org/wiki/Magnetic_core_memoryhttp://en.wikipedia.org/wiki/RAMhttp://en.wikipedia.org/wiki/Flash_memoryhttp://en.wikipedia.org/wiki/Ladder_logichttp://en.wikipedia.org/wiki/State_Logichttp://en.wikipedia.org/wiki/Very_High_Level_Programming_Languagehttp://en.wikipedia.org/wiki/State_diagram7/31/2019 Vijesh Report
14/41
CHAPTER 6 Ladder logic
Ladder logic is a method of drawing electrical logic schematics. It is now a graphical
language very popular for programmingProgrammable Logic Controllers (PLCs). It was
originally invented to describe logic made from relays. The name is based on the
observation that programs in this language resemble ladders, with two vertical "rails" and a
series of horizontal "rungs" between them.
A program in ladder logic, also called a ladder diagram, is similar to a schematic for a set
ofrelaycircuits. An argument that aided the initial adoption of ladder logic was that a wide
variety of engineers and technicians would be able to understand and use it without much
additional training, because of the resemblance to familiar hardware systems. (This
argument has become less relevant given that most ladder logic programmers have a
software background in more conventional programming languages, and in practice
implementations of ladder logic have characteristics such as sequential execution and
support for control flow features that make the analogy to hardware somewhat
imprecise.)
Ladder logic is widely used to program PLCs, where sequential control of a process or
manufacturing operation is required. Ladder logic is useful for simple but critical control
systems, or for reworking oldhardwiredrelay circuits. As programmable logic controllers
became more sophisticated it has also been used in very complex automation systems.
Ladder logic can be thought of as a rule-based language, rather than aprocedural language.
A "rung" in the ladder represents a rule. When implemented with relays and other
electromechanical devices, the various rules "execute" simultaneously and immediately.
When implemented in a programmable logic controller, the rules are typically executed
sequentially by software, in a loop. By executing the loop fast enough, typically manytimes per second, the effect of simultaneous and immediate execution is obtained. In this
way it is similar to other rule-based languages, like spreadsheets orSQL. However, proper
use of programmable controllers requires understanding the limitations of the execution
order of rungs.
6.1 Example of a simple ladder logic program
The language itself can be seen as a set of connections between logical checkers (relay
contacts) and actuators (coils). If a path can be traced between the left side of the rung and
the output, through asserted (true or "closed") contacts, the rung is true and the output coil
storage bit is asserted (1) or true. If no path can be traced, then the output is false (0) and
the "coil" by analogy to electromechanical relays is considered "de-energized". The
analogy between logical propositions and relay contact status is due to Claude Shannon.
http://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Electronic_circuithttp://en.wikipedia.org/wiki/Electronic_circuithttp://en.wikipedia.org/wiki/Programming_languagehttp://en.wikipedia.org/wiki/Programming_languagehttp://en.wikipedia.org/w/index.php?title=Hardwired&action=edithttp://en.wikipedia.org/w/index.php?title=Hardwired&action=edithttp://en.wikipedia.org/w/index.php?title=Hardwired&action=edithttp://en.wikipedia.org/wiki/Procedural_languagehttp://en.wikipedia.org/wiki/Spreadsheethttp://en.wikipedia.org/wiki/SQLhttp://en.wikipedia.org/wiki/Claude_Shannonhttp://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Electronic_circuithttp://en.wikipedia.org/wiki/Programming_languagehttp://en.wikipedia.org/w/index.php?title=Hardwired&action=edithttp://en.wikipedia.org/wiki/Procedural_languagehttp://en.wikipedia.org/wiki/Spreadsheethttp://en.wikipedia.org/wiki/SQLhttp://en.wikipedia.org/wiki/Claude_Shannon7/31/2019 Vijesh Report
15/41
Ladder logic has "contacts" that "make" or "break" "circuits" to control "coils." Each coil
or contact corresponds to the status of a single bit in the programmable controller's
memory. Unlike electromechanical relays, a ladder program can refer any number of times
to the status of a single bit, equivalent to a relay with an indefinitely large number of
contacts.
So-called "contacts" may refer to inputs to the programmable controller from physical
devices such as pushbuttons and limit switches, or may represent the status of internal
storage bits which may be generated elsewhere in the program.
Each rung of ladder language typically has one coil at the far right. Some manufacturers
may allow more than one output coil on a rung.
--( )-- a regular coil, true when its rung is true
--(/)-- a "not" coil, false when its rung is true
--[ ]-- A regular contact, true when its coil is true (normally false)
--[\]-- A "not" contact, false when its coil is true (normally true)
The "coil" (output of a rung) may represent a physical output which operates some device
connected to the programmable controller, or may represent an internal storage bit for use
elsewhere in the program.
6.2Generally Used Instructions & symbol For PLC Programming
6.2.1 Input Instruction
--[ ]-- This Instruction is Called IXC or Examine If Closed.
ie; If a NO switch is actuated then only this instruction will be true. If a NC switch
is actuated then this instruction will not be true and hence output will not be generated.
--[\]-- This Instruction is Called IXO or Examine If Open
ie; If a NC switch is actuated then only this instruction will be true. If a NC switch is
actuated then this instruction will not be true and hence output will not be generated.
6.2.2 Output Instruction
--( )-- This Instruction Shows the States of Output.
7/31/2019 Vijesh Report
16/41
ie; If any instruction either XIO or XIC is true then output will be high. Due to
high output a 24 volt signal is generated from PLC processor.
6.2.3 Rung
Rung is a simple line on which instruction are placed and logics are created
E.g.; ---------------------------------------------
Here is an example of what one rung in a ladder logic program might look like. In real life,
there may be hundreds or thousands of rungs.
For example:
1. ----[ ]---------|--[ ]--|------( )--X | Y | S
| |
|--[ ]--|
Z
The above realises the function: S = X AND (Y OR Z)
Typically, complex ladder logic is 'read' left to right and top to bottom. As each of the lines
(or rungs) are evaluated the output coil of a rung may feed into the next stage of the ladder
as an input. In a complex system there will be many "rungs" on a ladder, which arenumbered in order of evaluation.
1.----[ ]-----------|---[ ]---|----( )--X | Y | S
| |
|---[ ]----|Z
2.---- [ ]----[ ] -------------------( )--S X T
2. T = S AND X where S is equivalent to #1. above
This represents a slightly more complex system for rung 2. After the first line has been
evaluated, the output coil (S) is fed into rung 2, which is then evaluated and the output coil
T could be fed into an output device (buzzer, light etc..) or into rung 3 on the ladder. (Note
that the contact X on the 2nd rung serves no useful purpose, as X is already a 'AND'
function of S from the 1st rung.)
This system allows very complex logic designs to be broken down and evaluated.
More practical examples
Example-1
7/31/2019 Vijesh Report
17/41
------[ ]------------------------[ ]--------------------------------O-----------------Key Switch 1 Key Switch 2 Door MotorThis circuit shows two key switches that security guards might use to activate an electric
motor on a bank vault door. When the normally open contacts of both switches close,
electricity is able to flow to the motor which opens the door. This is a logical AND.
Example-2
Often we have a little green "start" button to turn on a motor, and we want to turn it off
with a big red "Stop" button.
--+----[ ]--+----[\]----( )---| start | stop run
| |
+----[ ]--+
run
-------[ ]--------------( )---
run motor
Example with PLC
Consider the following circuit and PLC program :
-------[ ]--------------( )---
run motor
When the pushbutton switch is unactuated (unpressed), no power is sent to the X1 input of
the PLC. Following the program, which shows a normally-open X1 contact in series with a
7/31/2019 Vijesh Report
18/41
Y1 coil, no "power" will be sent to the Y1 coil. Thus, the PLC's Y1 output remains de-
energized, and the indicator lamp connected to it remains dark.
If the pushbutton switch is pressed, however, power will be sent to the PLC's X1 input.
Any and all X1 contacts appearing in the program will assume the actuated (non-normal)state, as though they were relay contacts actuated by the energizing of a relay coil named
"X1". In this case, energizing the X1 input will cause the normally-open X1 contact will
"close," sending "power" to the Y1 coil. When the Y1coilof the program "energizes," the
real Y1 output will become energized, lighting up the lamp connected to it:
Lamp Glows when at Input Switch is Actuated
It must be understood that the X1 contact, Y1 coil, connecting wires, and "power"
appearing in the personal computer's display are all virtual. They do not exist as real
electrical components. They exist as commands in a computer program -- a piece of
software only -- that just happens to resemble a real relay schematic diagram.
Equally important to understand is that the personal computer used to display and edit the
PLC's program is not necessary for the PLC's continued operation. Once a program has
been loaded to the PLC from the personal computer, the personal computer may be
unplugged from the PLC, and the PLC will continue to follow the programmed commands.
I include the personal computer display in these illustrations for your sake only, in aiding to
understand the relationship between real-life conditions (switch closure and lamp status)
and the program's status ("power" through virtual contacts and virtual coils).
The true power and versatility of a PLC is revealed when we want to alter the behavior of a
control system. Since the PLC is a programmable device, we can alter its behavior by
changing the commands we give it, without having to reconfigure the electrical
components connected to it. For example, suppose we wanted to make this switch-and-
lamp circuit function in an inverted fashion: push the button to make the lamp turn off, and
release it to make it turn on. The "hardware" solution would require that a normally-closed
pushbutton switch be substituted for the normally-open switch currently in place. The
7/31/2019 Vijesh Report
19/41
"software" solution is much easier: just alter the program so that contact X1 is normally-
closed rather than normally-open.
6.3 Programming For Start/Stop of Motor by PLC
Often we have a little green "start" button to turn on a motor, and we want to turn it off
with a big red "Stop" button.
--+----[ ]--+----[\]----( )---
| start | stop run| |
+----[ ]--+
run
The pushbutton switch connected to input X1 serves as the "Start" switch, while the switch
connected to input X2 serves as the "Stop." Another contact in the program, named Y1,
uses the output coil status as a seal-in contact, directly, so that the motor contactor will
continue to be energized after the "Start" pushbutton switch is released. You can see the
normally-closed contact X2 appear in a colored block, showing that it is in a closed
("electrically conducting") state.
6.3.1 Starting of Motor
If we were to press the "Start" button, input X1 would energize, thus "closing" the X1
contact in the program, sending "power" to the Y1 "coil," energizing the Y1 output and
applying 120 volt AC power to the real motor contactor coil. The parallel Y1 contact will
also "close," thus latching the "circuit" in an energized state:
7/31/2019 Vijesh Report
20/41
6.3.2 Logic for Continuous Running of motor When Start Button is Released
Now, if we release the "Start" pushbutton, the normally-open X1 "contact" will return to its
"open" state, but the motor will continue to run because the Y1 seal-in "contact" continues
to provide "continuity" to "power" coil Y1, thus keeping the Y1 output energized:
7/31/2019 Vijesh Report
21/41
6.3.3 To Stop the Motor
To stop the motor, we must momentarily press the "Stop" pushbutton, which will energize
the X2 input and "open" the normally-closed "contact," breaking continuity to the Y1
"coil:"
When the "Stop" pushbutton is released, input X2 will de-energize, returning "contact" X2
to its normal, "closed" state. The motor, however, will not start again until the "Start"
pushbutton is actuated, because the "seal-in" of Y1 has been lost:
CHAPTER 7 Meaning of SCADA
7/31/2019 Vijesh Report
22/41
SCADA stands for Supervisory Control and Data Acquisition. As the name indicates, it is
not a full control system, but rather focuses on the supervisory level. As such, it is a purely
software package that is positioned on top of hardware to which it is interfaced, in general
via Programmable Logic Controllers (PLCs), or other commercial hardware modules.
SCADA systems are used not only in industrial processes: e.g. steel making, power
generation (conventional and nuclear) and distribution, chemistry, but also in some
experimental facilities such as nuclear fusion. The size of such plants range from a few
1000 to several 10 thousands input/output (I/O) channels. However, SCADA systems
evolve rapidly and are now penetrating the market of plants with a number of I/O channels
of several 100K: we know of two cases of near to 1 M I/O channels currently under
development.
SCADA systems used to run on DOS, VMS and UNIX; in recent years all SCADA
vendors have moved to NT and some also to Linux.
CHAPTER 8 Architecture
7/31/2019 Vijesh Report
23/41
This section describes the common features of the SCADA products that have been
evaluated at CERN in view of their possible application to the control systems of the LHC
detectors [1], [2].
FIG.: Common Feature Of SCADA
8.1 Hardware Architecture
One distinguishes two basic layers in a SCADA system: the "client layer" which caters for
the man machine interaction and the "data server layer" which handles most of the processdata control activities. The data servers communicate with devices in the field through
process controllers. Process controllers, e.g. PLCs, are connected to the data servers either
directly or via networks or field buses that are proprietary (e.g. Siemens H1), or non-
proprietary (e.g. Profibus). Data servers are connected to each other and to client stations
via an Ethernet LAN. The data servers and client stations are NT platforms but for many
products the client stations may also be W95 machines.
8.2 Communications
8.2.1 Internal Communication
Server-client and server-server communication is in general on a publish-subscribe and
event-driven basis and uses a TCP/IP protocol, i.e., a client application subscribes to a
parameter which is owned by a particular server application and only changes to that
parameter are then communicated to the client application.
8.2.2 Access to Devices
The data servers poll the controllers at a user defined polling rate. The polling rate may be
different for different parameters. The controllers pass the requested parameters to the data
servers. Time stamping of the process parameters is typically performed in the controllers
and this time-stamp is taken over by the data server. If the controller and communication
protocol used support unsolicited data transfer then the products will support this too.
7/31/2019 Vijesh Report
24/41
The products provide communication drivers for most of the common PLCs and widely
used field-buses, e.g., Modbus. Of the three fieldbuses that are recommended at CERN,
both Profibus and World flip are supported but CANbus often not [3]. Some of the drivers
are based on third party products (e.g., Applicom cards) and therefore have additional cost
associated with them. VME on the other hand is generally not supported.
A single data server can support multiple communications protocols: it can generally
support as many such protocols as it has slots for interface cards.
The effort required to develop new drivers is typically in the range of 2-6 weeks depending
on the complexity and similarity with existing drivers, and a driver development toolkit is
provided for this.
8.3 Interfacing
The provision of OPC client functionality for SCADA to access devices in an open and
standard manner is developing. There still seems to be a lack of devices/controllers, which
provide OPC server software, but this improves rapidly as most of the producers of
controllers are actively involved in the development of this standard. OPC has been
evaluated by the CERN-IT-CO group [4].
The products also provide
An Open Data Base Connectivity (ODBC) interface to the data in the archive/logs,
but not to the configuration database,
An ASCII import/export facility for configuration data,
A library of APIs supporting C, C++, and Visual Basic (VB) to access data in the
RTDB, logs and archive. The API often does not provide access to the product's
internal features such as alarm handling, reporting, trending, etc.
The PC products provide support for the Microsoft standards such as Dynamic Data
Exchange (DDE) which allows e.g. to visualize data dynamically in an EXCEL
spreadsheet, Dynamic Link Library (DLL) and Object Linking and Embedding (OLE).
The configuration data are stored in a database that is logically centralized but physically
distributed and that is generally of a proprietary format.
For performance reasons, the RTDB resides in the memory of the servers and is also ofproprietary format.
The archive and logging format is usually also proprietary for performance reasons, but
some products do support logging to a Relational Data Base Management System
(RDBMS) at a slower rate either directly or via an ODBC interface.
8.4 Scalability
Scalability is understood as the possibility to extend the SCADA based control system by
adding more process variables, more specialized servers (e.g. for alarm handling) or more
7/31/2019 Vijesh Report
25/41
clients. The products achieve scalability by having multiple data servers connected to
multiple controllers. Each data server has its own configuration database and RTDB and is
responsible for the handling of a sub-set of the process variables (acquisition, alarm
handling, archiving).
8.5 Redundancy
The products often have built in software redundancy at a server level, which is normally
transparent to the user. Many of the products also provide more complete redundancy
solutions if required.
CHAPTER 9 Common System
Components
7/31/2019 Vijesh Report
26/41
A SCADA System usually consists of the following subsystems:
A Human-Machine Interface or HMI is the apparatus which presents process data
to a human operator, and through this, the human operator monitors and controls
the process.
A supervisory (computer) system, gathering (acquiring) data on the process and
sending commands (control) to the process.
Remote Terminal Units (RTUs) connecting to sensors in the process, converting
sensor signals to digital data and sending digital data to the supervisory system.
Programmable Logic Controller(PLCs) used as field devices because they are more
economical, versatile, flexible, and configurable than special-purpose RTUs.
Communication infrastructure connecting the supervisory system to the Remote
Terminal Units
9.1 Supervision Vs. Control
There is, in several industries, considerable confusion over the differences between
SCADA systems and Distributed control systems (DCS). Generally speaking, a SCADA
system usually refers to a system that coordinates, but does not control processes inreal
time. The discussion on real-time control is muddied somewhat by newer
telecommunications technology, enabling reliable, low latency, high speed
communications over wide areas. Most differences between SCADA and DCS are
culturally determined and can usually be ignored. As communication infrastructures with
higher capacity become available, the difference between SCADA and DCS will fade.
9.2 Systems Concepts
The term SCADA usually refers to centralized systems which monitor and control entire
sites, or complexes of systems spread out over large areas (anything between an industrial
plant and a country). Most control actions are performed automatically by remote terminal
units ("RTUs") or byprogrammable logic controllers ("PLCs"). Host control functions are
usually restricted to basic overriding or supervisory level intervention. For example, a PLC
may control the flow of cooling water through part of an industrial process, but the
SCADA system may allow operators to change the set points for the flow,and enable alarm
conditions, such as loss of flow and high temperature, to be displayed and recorded. The
feedback control loop passes through the RTU or PLC, while the SCADA system monitors
the overall performance of the loop.
http://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Communicationhttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Remote_terminal_unithttp://en.wikipedia.org/wiki/Remote_terminal_unithttp://en.wikipedia.org/wiki/Programmable_logic_controllershttp://en.wikipedia.org/wiki/Programmable_logic_controllershttp://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Programmable_Logic_Controllerhttp://en.wikipedia.org/wiki/Communicationhttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Distributed_control_systemhttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Real-time_computinghttp://en.wikipedia.org/wiki/Remote_terminal_unithttp://en.wikipedia.org/wiki/Remote_terminal_unithttp://en.wikipedia.org/wiki/Programmable_logic_controllers7/31/2019 Vijesh Report
27/41
Data acquisition begins at the RTU or PLC level and includes meter readings and
equipment status reports that are communicated to SCADA as required. Data is then
compiled and formatted in such a way that a control room operator using the HMI can
make supervisory decisions to adjust or override normal RTU (PLC) controls. Data may
also be fed to a Historian, often built on a commodity Database Management System, to
allow trending and other analytical auditing.
SCADA systems typically implement a distributed database, commonly referred to as a tag
database, which contains data elements called tags or points. A point represents a single
input or output value monitored or controlled by the system. Points can be either "hard" or
"soft". A hard point represents an actual input or output within the system, while a soft
point results from logic and math operations applied to other points. (Most
implementations conceptually remove the distinction by making every property a "soft"
point expression, which may, in the simplest case, equal a single hard point.) Points are
normally stored as value-timestamp pairs: a value, and the timestamp when it was recorded
or calculated. A series of value-timestamp pairs gives the history of that point. It's also
common to store additional metadata with tags, such as the path to a field device or PLC
register, design time comments, and alarm information.
9.3 Human Machine Interface
http://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Database_Management_Systemhttp://en.wikipedia.org/wiki/Timestamphttp://en.wikipedia.org/wiki/File:SCADA_schematic_overview-s.svghttp://en.wikipedia.org/wiki/Data_acquisitionhttp://en.wikipedia.org/wiki/Database_Management_Systemhttp://en.wikipedia.org/wiki/Timestamp7/31/2019 Vijesh Report
28/41
FIG.: Typical Basic SCADA Animations
AHuman-Machine Interfaceor HMI is the apparatus which presents process data to a
human operator, and through which the human operator controls the process.
An HMI is usually linked to the SCADA system's databases and software programs, to
provide trending, diagnostic data, and management information such as scheduled
maintenance procedures, logistic information, detailed schematics for a particular sensor or
machine, and expert-system troubleshooting guides.
The HMI system usually presents the information to the operating personnel graphically, in
the form of a mimic diagram. This means that the operator can see a schematic
representation of the plant being controlled. For example, a picture of a pump connected to
a pipe can show the operator that the pump is running and how much fluid it is pumping
through the pipe at the moment. The operator can then switch the pump off. The HMI
software will show the flow rate of the fluid in the pipe decrease in real time. Mimicdiagrams may consist of line graphics and schematic symbols to represent process
elements, or may consist of digital photographs of the process equipment overlain with
animated symbols.
The HMI package for the SCADA system typically includes a drawing program that the
operators or system maintenance personnel use to change the way these points are
represented in the interface. These representations can be as simple as an on-screen traffic
light, which represents the state of an actual traffic light in the field, or as complex as amulti-projector display representing the position of all of the elevators in a skyscraper or all
of the trains on a railway.
An important part of most SCADA implementations are alarms. An alarm is a digital status
point that has either the value NORMAL or ALARM. Alarms can be created in such a way
that when their requirements are met, they are activated. An example of an alarm is the
"fuel tank empty" light in a car. The SCADA operator's attention is drawn to the part of the
http://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/Databasehttp://en.wikipedia.org/wiki/File:Scada_std_anim.gifhttp://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/Database7/31/2019 Vijesh Report
29/41
system requiring attention by the alarm. Emails and text messages are often sent along with
an alarm activation alerting managers along with the SCADA operator.
9.4 Hardware Solutions
SCADA solutions often haveDistributed Control System (DCS) components. Use of
"smart" RTUs orPLCs, which are capable of autonomously executing simple logic
processes without involving the master computer, is increasing. A functional block
programming language,IEC 61131-3 (Ladder Logic), is frequently used to create programs
which run on these RTUs and PLCs. Unlike a procedural language such as the C
programming language orFORTRAN, IEC 61131-3 has minimal training requirements by
virtue of resembling historic physical control arrays. This allows SCADA system engineers
to perform both the design and implementation of a program to be executed on an RTU orPLC. A Programmable automation controller(PAC) is a compact controller that combines
the features and capabilities of a PC-based control system with that of a typical PLC. PACs
are deployed in SCADA systems to provide RTU and PLC functions. In many electrical
substation SCADA applications, "distributed RTUs" use information processors or station
computers to communicate with protective relays, PACS, and other devices for I/O, and
communicate with the SCADA master in lieu of a traditional RTU.
Since about 1998, virtually all major PLC manufacturers have offered integratedHMI/SCADA systems, many of them using open and non-proprietary communications
protocols. Numerous specialized third-party HMI/SCADA packages, offering built-in
compatibility with most major PLCs, have also entered the market, allowing mechanical
engineers, electrical engineers and technicians to configure HMIs themselves, without the
need for a custom-made program written by a software developer.
CHAPTER 10 Remote Terminal
Unit (RTU)
http://en.wikipedia.org/wiki/Distributed_Control_Systemhttp://en.wikipedia.org/wiki/Distributed_Control_Systemhttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Programmable_logic_controllerhttp://en.wikipedia.org/wiki/Programmable_logic_controllerhttp://en.wikipedia.org/wiki/IEC_61131-3http://en.wikipedia.org/wiki/IEC_61131-3http://en.wikipedia.org/wiki/C_(programming_language)http://en.wikipedia.org/wiki/C_(programming_language)http://en.wikipedia.org/wiki/FORTRANhttp://en.wikipedia.org/wiki/Programmable_automation_controllerhttp://en.wikipedia.org/wiki/Relayhttp://en.wikipedia.org/wiki/Distributed_Control_Systemhttp://en.wikipedia.org/wiki/Remote_Terminal_Unithttp://en.wikipedia.org/wiki/Programmable_logic_controllerhttp://en.wikipedia.org/wiki/IEC_61131-3http://en.wikipedia.org/wiki/C_(programming_language)http://en.wikipedia.org/wiki/C_(programming_language)http://en.wikipedia.org/wiki/FORTRANhttp://en.wikipedia.org/wiki/Programmable_automation_controllerhttp://en.wikipedia.org/wiki/Relay7/31/2019 Vijesh Report
30/41
The RTU connects to physical equipment. Typically, an RTU converts the electrical signals
from the equipment to digital values such as the open/closed status from aswitchor
a valve, or measurements such as pressure, flow, voltage or current. By converting andsending these electrical signals out to equipment the RTU can control equipment, such as
opening or closing a switch or a valve, or setting the speed of apump.
10.1 Supervisory Station
The term "Supervisory Station" refers to the servers and software responsible for
communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI software
running on workstations in the control room, or elsewhere. In smaller SCADA systems, the
master station may be composed of a single PC. In larger SCADA systems, the master
station may include multiple servers, distributed software applications, and disaster
recovery sites. To increase the integrity of the system the multiple servers will often be
configured in a dual-redundant or hot-standby formation providing continuous control and
monitoring in the event of a server failure.
Initially, more "open" platforms such asLinux were not as widely used due to the highly
dynamic development environment and because a SCADA customer that was able to afford
the field hardware and devices to be controlled could usually also
purchase UNIXorOpenVMS licenses. Today, all major operating systems are used for
both master station servers and HMI workstations.
10.2 Operational Philosophy
For some installations, the costs that would result from the control system failing are
extremely high. Possibly even lives could be lost. Hardware for some SCADA systems is
ruggedized to withstand temperature, vibration, and voltage extremes, but in most critical
installations reliability is enhanced by having redundant hardware and communications
channels, up to the point of having multiple fully equipped control centres. A failing part
can be quickly identified and its functionality automatically taken over by backup
hardware. A failed part can often be replaced without interrupting the process. The
reliability of such systems can be calculated statistically and is stated as the mean time to
failure, which is a variant ofmean time between failures. The calculated mean time to
failure of such high reliability systems can be on the order of centuries.
10.3 Communication Infrastructure And Methods
http://en.wikipedia.org/wiki/RTUhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Valvehttp://en.wikipedia.org/wiki/RTUhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Valvehttp://en.wikipedia.org/wiki/Pumphttp://en.wikipedia.org/wiki/Pumphttp://en.wikipedia.org/wiki/Pumphttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/UNIXhttp://en.wikipedia.org/wiki/UNIXhttp://en.wikipedia.org/wiki/OpenVMShttp://en.wikipedia.org/wiki/Mean_time_between_failureshttp://en.wikipedia.org/wiki/Mean_time_between_failureshttp://en.wikipedia.org/wiki/RTUhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Valvehttp://en.wikipedia.org/wiki/RTUhttp://en.wikipedia.org/wiki/Switchhttp://en.wikipedia.org/wiki/Valvehttp://en.wikipedia.org/wiki/Pumphttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/UNIXhttp://en.wikipedia.org/wiki/OpenVMShttp://en.wikipedia.org/wiki/Mean_time_between_failures7/31/2019 Vijesh Report
31/41
SCADA systems have traditionally used combinations of radio and direct serial or modem
connections to meet communication requirements, although Ethernet and IP overSONET /
SDH is also frequently used at large sites such as railways and power stations. The remote
management or monitoring function of a SCADA system is often referred to astelemetry.
This has also come under threat with some customers wanting SCADA data to travel over
their pre-established corporate networks or to share the network with other applications.
The legacy of the early low-bandwidth protocols remains, though. SCADA protocols are
designed to be very compact and many are designed to send information to the master
station only when the master station polls the RTU. Typical legacy SCADA protocols
includeModbus RTU,RP-570,Profibusand Conitel. These communication protocols are
all SCADA-vendor specific but are widely adopted and used. Standard protocols are IEC
60870-5-101 or 104,IEC 61850 andDNP3. These communication protocols are
standardized and recognized by all major SCADA vendors. Many of these protocols now
contain extensions to operate overTCP/IP. It is good security engineering practice to avoid
connecting SCADA systems to the Internet so the attack surface is reduced.
RTUs and other automatic controller devices were being developed before the advent of
industry wide standards for interoperability. The result is that developers and their
management created a multitude of control protocols. Among the larger vendors, there was
also the incentive to create their own protocol to "lock in" their customer base. A list
ofautomation protocols is being compiled here.
Recently, OLE for Process Control (OPC) has become a widely accepted solution for
intercommunicating different hardware and software, allowing communication even
between devices originally not intended to be part of an industrial network.
CHAPTER 11 Trends in SCADA
http://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Telemetryhttp://en.wikipedia.org/wiki/Telemetryhttp://en.wikipedia.org/wiki/Modbushttp://en.wikipedia.org/wiki/Modbushttp://en.wikipedia.org/wiki/RP-570http://en.wikipedia.org/wiki/RP-570http://en.wikipedia.org/wiki/Profibushttp://en.wikipedia.org/wiki/Profibushttp://en.wikipedia.org/wiki/Profibushttp://en.wikipedia.org/wiki/IEC_60870-5http://en.wikipedia.org/wiki/IEC_60870-5http://en.wikipedia.org/wiki/IEC_61850http://en.wikipedia.org/wiki/IEC_61850http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/TCP/IPhttp://en.wikipedia.org/wiki/Security_engineeringhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Attack_surfacehttp://en.wikipedia.org/wiki/Automation_protocolshttp://en.wikipedia.org/wiki/OLE_for_process_controlhttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Synchronous_optical_networkinghttp://en.wikipedia.org/wiki/Telemetryhttp://en.wikipedia.org/wiki/Modbushttp://en.wikipedia.org/wiki/RP-570http://en.wikipedia.org/wiki/Profibushttp://en.wikipedia.org/wiki/IEC_60870-5http://en.wikipedia.org/wiki/IEC_60870-5http://en.wikipedia.org/wiki/IEC_61850http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/TCP/IPhttp://en.wikipedia.org/wiki/Security_engineeringhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Attack_surfacehttp://en.wikipedia.org/wiki/Automation_protocolshttp://en.wikipedia.org/wiki/OLE_for_process_control7/31/2019 Vijesh Report
32/41
There is a trend for plc and HMI/SCADA software to be more "mix-and-match". In the mid
1990s, the typical DAQ I/O manufacturer supplied equipment that communicated using
proprietary protocols over a suitable-distance carrier likeRS-485. End users who invested
in a particular vendor's hardware solution often found themselves restricted to a limited
choice of equipment when requirements changed (e.g. system expansions or performance
improvement). To mitigate such problems, open communication protocols such as IEC870-
5-101/104, DNP3 serial, and DNP3 LAN/WAN became increasingly popular among
SCADA equipment manufacturers and solution providers alike. Open architectureSCADA
systems enabled users to mix-and-match products from different vendors to develop
solutions that were better than those that could be achieved when restricted to a singlevendor's product offering.
Towards the late 1990s, the shift towards open communications continued with individual
I/O manufacturers as well, who adopted open message structures such as Modbus RTU and
Modbus ASCII (originally both developed by Modicon) over RS-485. By 2000, most I/O
makers offered completely open interfacing such as Modbus TCP over Ethernet and IP.
TheNorth American Electric Reliability Corporation (NERC) has specified that electrical
system data should be time-tagged to the nearest millisecond. Electrical system SCADA
systems provide thisSequence of events recorderfunction, usingRadio clocks to
synchronize the RTU or distributed RTU clocks.
SCADA systems are coming in line with standard networking technologies. Ethernet and
TCP/IP based protocols are replacing the older proprietary standards. Although certain
characteristics of frame-based network communication technology (determinism,
synchronization, protocol selection, environment suitability) have restricted the adoption of
Ethernet in a few specialized applications, the vast majority of markets have acceptedEthernet networks for HMI/SCADA.
With the emergence ofsoftware as a service in the broader software industry, a few
vendors have begun offering application specific SCADA systems hosted on remote
platforms over theInternet. This removes the need to install and commission systems at the
end-user's facility and takes advantage of security features already available in Internet
technology, VPNsand SSL. Some concerns include security, Internet connection
reliability, and latency.
SCADA systems are becoming increasingly ubiquitous. Thin clients, web portals, andweb
based products are gaining popularity with most major vendors. The increased convenience
of end users viewing their processes remotely introduces security considerations. While
these considerations are already considered solved in other sectors of internet services, not
all entities responsible for deploying SCADA systems have understood the changes in
accessibility and threat scope implicit in connecting a system to the internet.
http://en.wikipedia.org/wiki/RS-485http://en.wikipedia.org/wiki/RS-485http://en.wikipedia.org/wiki/RS-485http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/Open_architecturehttp://en.wikipedia.org/wiki/Open_architecturehttp://en.wikipedia.org/wiki/North_American_Electric_Reliability_Corporationhttp://en.wikipedia.org/wiki/Millisecondhttp://en.wikipedia.org/wiki/Sequence_of_events_recorderhttp://en.wikipedia.org/wiki/Sequence_of_events_recorderhttp://en.wikipedia.org/wiki/Radio_clockshttp://en.wikipedia.org/wiki/Radio_clockshttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Software_as_a_servicehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Thin_clientshttp://en.wikipedia.org/wiki/Web_basedhttp://en.wikipedia.org/wiki/Web_basedhttp://en.wikipedia.org/wiki/Web_basedhttp://en.wikipedia.org/wiki/RS-485http://en.wikipedia.org/wiki/DNP3http://en.wikipedia.org/wiki/Open_architecturehttp://en.wikipedia.org/wiki/North_American_Electric_Reliability_Corporationhttp://en.wikipedia.org/wiki/Millisecondhttp://en.wikipedia.org/wiki/Sequence_of_events_recorderhttp://en.wikipedia.org/wiki/Radio_clockshttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Software_as_a_servicehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Thin_clientshttp://en.wikipedia.org/wiki/Web_basedhttp://en.wikipedia.org/wiki/Web_based7/31/2019 Vijesh Report
33/41
CHAPTER 12 Security Issue
The move from proprietary technologies to more standardized and open solutions together
with the increased number of connections between SCADA systems and office networks
and theInternet has made them more vulnerable to attacks - see references. Consequently,
the security of SCADA-based systems has come into question as they are increasingly seen
as extremely vulnerable to cyber warfare/cyber terrorism attacks.
In particular, security researchers are concerned about:
The lack of concern about security and authentication in the design, deployment
and operation of existing SCADA networks
http://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internet7/31/2019 Vijesh Report
34/41
The mistaken belief that SCADA systems have the benefit ofsecurity through
obscurity through the use of specialized protocols and proprietary interfaces
The mistaken belief that SCADA networks are secure because they are purportedly
physically secured
The mistaken belief that SCADA networks are secure because they are supposedly
disconnected from the Internet
SCADA systems are used to control and monitor physical processes, examples of which
are transmission of electricity, transportation of gas and oil in pipelines, water distribution,
traffic lights, and other systems used as the basis of modern society. The security of these
SCADA systems is important because compromise or destruction of these systems would
impact multiple areas of society far removed from the original compromise. For example, a
blackout caused by a compromised electrical SCADA system would cause financial losses
to all the customers that received electricity from that source. How security will affect
legacy SCADA and new deployments remains to be seen.
There are two distinct threats to a modern SCADA system. First is the threat of
unauthorized access to the control software, whether it be human access or changes
induced intentionally or accidentally by virus infections and other software threats residing
on the control host machine. Second is the threat of packet access to the network segments
hosting SCADA devices. In many cases, there is rudimentary or no security on the actual
packet control protocol, so anyone who can send packets to the SCADA device can control
it. In many cases SCADA users assume that a VPN is sufficient protection and are unaware
that physical access to SCADA-related network jacks and switches provides the ability to
totally bypass all security on the control software and fully control those SCADA
networks. These kinds of physical access attacks bypass firewall and VPN security and are
best addressed by endpoint-to-endpoint authentication and authorization such as are
commonly provided in the non-SCADA world by in-device SSL or other cryptographic
techniques.
Many vendors of SCADA and control products have begun to address these risks in a basic
sense by developing lines of specialized industrialfirewall and VPNsolutions for TCP/IP-
based SCADA networks. Additionally, application white listing solutions are being
implemented because of their ability to prevent malware and unauthorized application
changes without the performance impacts of traditional antivirus scans Also, the ISA
Security Compliance Institute (ISCI) is emerging to formalize SCADA security testing
starting as soon as 2009. ISCI is conceptually similar to private testing and certification
that has been performed by vendors since 2007. Eventually, standards being defined by
ISA99 WG4 will supersede the initial industry consortia efforts, but probably not before
2011.
The increased interest in SCADA vulnerabilities has resulted in vulnerability researchers
discovering vulnerabilities in commercial SCADA software and more general offensive
SCADA techniques presented to the general security community. In electric and gas utility
http://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Firewallhttp://en.wikipedia.org/wiki/Firewallhttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Security_through_obscurityhttp://en.wikipedia.org/wiki/Firewallhttp://en.wikipedia.org/wiki/VPN7/31/2019 Vijesh Report
35/41
SCADA systems, the vulnerability of the large installed base of wired and wireless serial
communications links is addressed in some cases by applying bump-in-the-wire devices
that employ authentication and Advanced Encryption Standard encryption rather than
replacing all existing nodes.
CHAPTER 13 Application Development
http://en.wikipedia.org/wiki/Advanced_Encryption_Standardhttp://en.wikipedia.org/wiki/Advanced_Encryption_Standard7/31/2019 Vijesh Report
36/41
13.1 Configuration
Export/Import facility for the configuration data (parameter definitions), which The
development of the applications is typically done in two stages. First the process
parameters and associated information (e.g. relating to alarm conditions) are defined
through some sort of parameter definition template and then the graphics, including
trending and alarm displays are developed, and linked where appropriate to the process
parameters. The products also provide an ASCII enables large numbers of parameters to be
configured in a more efficient manner using an external editor such as Excel and then
importing the data into the configuration database.
However, many of the PC tools now have a Windows Explorer type development studio.
The developer then works with a number of folders, which each contains a different aspect
of the configuration, including the graphics.
The facilities provided by the products for configuring very large numbers of parameters
are not very strong. However, this has not really been an issue so far for most of the
products to-date, as large applications are typically about 50K I/O points and database
population from within an ASCII editor such as Excel is still a workable option.
On-line modifications to the configuration database and the graphics are generally possible
with the appropriate level of privileges.
7/31/2019 Vijesh Report
37/41
13.2 Development Tools
The following development tools are provided as standard:
A graphics editor, with standard drawing facilities including freehand, lines,squares circles, etc. It is possible to import pictures in many formats as well as
using predefined symbols including e.g. trending charts, etc. A library of generic
symbols is provided that can be linked dynamically to variables and animated as
they change. It is also possible to create links between views so as to ease
navigation at run-time.
A data base configuration tool (usually through parameter templates). It is in
general possible to export data in ASCII files so as to be edited through an ASCIIeditor or Excel.
A scripting language
An Application Program Interface (API) supporting C, C++, VB
CHAPTER 14 Evolution
7/31/2019 Vijesh Report
38/41
SCADA vendors release one major version and one to two additional minor versions once
per year. These products evolve thus very rapidly so as to take advantage of new market
opportunities, to meet new requirements of their customers and to take advantage of new
technologies.
As was already mentioned, most of the SCADA products that were evaluated decompose
the process in "atomic" parameters to which a Tag-name is associated. This is impractical
in the case of very large processes when very large sets of Tags need to be configured. As
the industrial applications are increasing in size, new SCADA versions are now being
designed to handle devices and even entire systems as full entities (classes) that
encapsulate all their specific attributes and functionality. In addition, they will also support
multi-team development.
As far as new technologies are concerned, the SCADA products are now adopting:
Web technology, ActiveX, Java, etc.
OPC as a means for communicating internally between the client and server
modules. It should thus be possible to connect OPC compliant third party modules
to that SCADA product.
CHAPTER 15 Engineering
7/31/2019 Vijesh Report
39/41
Whilst one should rightly anticipate significant development and maintenance savings by
adopting a SCADA product for the implementation of a control system, it does not mean a
"no effort" operation. The need for proper engineering can not be sufficiently emphasized
to reduce development effort and to reach a system that complies with the requirements,
that is economical in development and maintenance and that is reliable and robust.
Examples of engineering activities specific to the use of a SCADA system are the
definition of :
A library of objects (PLC, device, subsystem) complete with standard object
behavior (script, sequences, ...), graphical interface and associated scripts for
animation,
Templates for different types of "panels", e.g. alarms,
Instructions on how to control e.g. a device ...,
A mechanism to prevent conflicting controls (if not provided with the SCADA),
alarm levels, behavior to be adopted in case of specific alarms.
7/31/2019 Vijesh Report
40/41
CHAPTER 16 Potential Benefits Of
SCADA
The benefits one can expect from adopting a SCADA system for the control of
experimental physics facilities can be summarized as follows:
A rich functionality and extensive development facilities. The amount of effort
invested in SCADA product amounts to 50 to 100 p-years!
The amount of specific development that needs to be performed by the end-user is
limited, especially with suitable engineering.
Reliability and robustness. These systems are used for mission critical industrial
processes where reliability and performance are paramount. In addition, specific
development is performed within a well-established framework that enhances
reliability and robustness.
Technical support and maintenance by the vendor.
7/31/2019 Vijesh Report
41/41
CHAPTER 17 Conclusion
SCADA is used for the constructive working not for the destructive work using a SCADA
system for their controls ensures a common framework not only for the development of the
specific applications but also for operating the detectors. Operators experience the same
"look and feel" whatever part of the experiment they control. However, this aspect also
depends to a
significant extent on proper engineering.