Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton, FL, USA December 18, 2008.
Secure Systems Research Group - FAU 2 Agenda Motivation Objective Introduction SCADA – Use Cases and Application of Patterns Questions Recommendations
Secure Systems Research Group - FAU 3 Motivation Critical Infrastructure systems like Supervisory, Control and Data Acquisition Systems (SCADA), Distributed Control System (DCS), used in Energy Industry and Process Industries are highly distributed and complex. It would be interesting to study SCADA using Use Case diagrams and applying various patterns – Layers, Model View Controller, Web Services, Broker, etc., applying our secure software methodology This kind of work will help understanding of SCADA systems and Cyber Physical Systems, apply Non Functional Requirements, and do model checking.
Secure Systems Research Group - FAU 4 Objective To discuss Use Case Diagram for SCADA, then define a software architecture using patterns
Secure Systems Research Group - FAU 5 Introduction SCADA (Supervisory Control and Data Acquisition) systems are used to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining, and Transportation (airport, traffic control, rails) These systems encompass the transfer of data between a SCADA central host computer and a number of Remote Terminal Units (RTUs) and/or Programmable Logic Controllers (PLCs), and the central host and the operator terminals A SCADA system gathers information (such as where a leak on a pipeline has occurred), transfers the information back to a central site, then alerts the home station that a leak has occurred, carrying out necessary analysis and control, such as determining if the leak is critical, and displaying the information in a logical and organized fashion These systems can be relatively simple, such as monitoring environmental conditions of a small office building, or very complex, such as a system that monitors all the activity in a nuclear power plant or the activity of a municipal water system
Secure Systems Research Group - FAU 6 Use Case Diagram for SCADA System Description: The goal is to supervise, control, monitor and acquire data for critical infrastructure systems, operate from remote end and ensure security and safety Actors: –Field Devices –Local Control Center (LCC) –Remote Telemetry Units (RTU) –Master / Central Control Terminal Unit (MTU) –Operator –Supervisor
Secure Systems Research Group - FAU 7 Use Cases 1.System Shut Down / Startup 2.Gather Field Information 3.Perform Local Control 4.Transfer Field Information 5.Manage Field Information 6.Perform Remote Control 7.Analyze System State 8.Schedule Task 9.Balance Load 10.Adjust Settings 11.Check Status 12.Manage Logging
Secure Systems Research Group - FAU 8 SCADA System Check Status > Field Devices > Local Control Center > Remote Terminal Unit Transfer Information Perform Local Control Manage Field Information Analyze System State Schedule Task Balance Load > Central Control Terminal Unit System Startup/ Shutdown Operator Gather Field Information Manage Logging Adjust Settings Perform Remote Control > Supervisor
Secure Systems Research Group - FAU 9 Pre Conditions for SCADA System 1.The operator is logged in. 2.The system is real time system.
Secure Systems Research Group - FAU 10 Layers Hardware Layer Distribution Layer Communication System System Level Application Layer Field Devices ActuatorsSensors Field Device Units RTUIEDBay Control Units ModBusIEC 61850DNP 3Ethernet: TCP/IPProtocols HMIPrintersGPSRoutersSwitches Data Gathering Transport Layer System Startup/Shutdown Check StatusAdjust SettingsPerform Control
Secure Systems Research Group - FAU 11 Layer Pattern SCADA system being highly complex and distributed, it is important to understand SCADA in Terms of Layers for simplicity as shown in Figure above. The intent, forces, advantages for the layer Patterns are the same. However here we apply this pattern on the real physical system. Layer 1: It is the field Units, considering the Generation, Transmission and Distribution at one place, we have all the process controls, I/Os, status, metering, measuring values, etc. It also includes local control. Layer 2: The field values, I/O – analog, digital, measuring and other commands, operations, are taken to RTUs, IEDs, PLCs, BCUs, and other I/O cards to communicate to higher end. Layer 3: This includes all the communication cables, protocol architecture required for higher end communication interfaced with all field signals. It is the backbone in the modern control centers, which has
Secure Systems Research Group - FAU 12 Layer Pattern immensely reduced physical wiring, big marshalling and increased the reliability and more improved quality signals. Today latest protocols like IEC 61850, Modbus and other proprietary protocols are used. Layer 4: This includes the Control centre equipped with dynamic changing states of the system displayed on HMI, which is powerful to read values, prompt and diagnosis system change and with a click on HMI, to carry out operations. Layer 5: Connection with the outside world using Internet and various new technology related to mobile / cell phone operations.
Secure Systems Research Group - FAU More Patterns We can apply more patterns: Broker (Inter substation control) Client – Sever – Dispatch (Between Main system and operator console) Web Services (Internet Control) Model View Controller (HMI) Three-tier Unified Physical Access Control to Buildings and information 13
Secure Systems Research Group - FAU 14 Future Work Safety Monitor – Implementation in SCADA System Unifying Safety with Security Implementing more patterns in SCADA Formalization of safety
Secure Systems Research Group - FAU 15 Recommendations and Questions Feedback: