517:
supervisory computer to provide live data to drive the mimic diagrams, alarm displays and trending graphs. In many installations the HMI is the graphical user interface for the operator, collects all data from external devices, creates reports, performs alarming, sends notifications, etc. Mimic diagrams consist of line graphics and schematic symbols to represent process elements, or may consist of digital photographs of the process equipment overlain with animated symbols. Supervisory operation of the plant is by means of the HMI, with operators issuing commands using mouse pointers, keyboards and touch screens. For example, a symbol of a pump can show the operator that the pump is running, and a flow meter symbol can show how much fluid it is pumping through the pipe. The operator can switch the pump off from the mimic by a mouse click or screen touch. The HMI will show the flow rate of the fluid in the pipe decrease in real time. The HMI package for a SCADA system typically includes a drawing program that the operators or system maintenance personnel use to change the way these points are represented in the interface. These representations can be as simple as an on-screen traffic light, which represents the state of an actual traffic light in the field, or as complex as a multi-projector display representing the position of all of the elevators in a skyscraper or all of the trains on a railway. A
864:. Shortly after a contractor installed a SCADA system in January 2000, system components began to function erratically. Pumps did not run when needed and alarms were not reported. More critically, sewage flooded a nearby park and contaminated an open surface-water drainage ditch and flowed 500 meters to a tidal canal. The SCADA system was directing sewage valves to open when the design protocol should have kept them closed. Initially this was believed to be a system bug. Monitoring of the system logs revealed the malfunctions were the result of cyber attacks. Investigators reported 46 separate instances of malicious outside interference before the culprit was identified. The attacks were made by a disgruntled ex-employee of the company that had installed the SCADA system. The ex-employee was hoping to be hired by the utility full-time to maintain the system.
942:
345:
871:(EMP) Attack issued a Critical Infrastructures Report which discussed the extreme vulnerability of SCADA systems to an electromagnetic pulse (EMP) event. After testing and analysis, the Commission concluded: "SCADA systems are vulnerable to EMP insult. The large numbers and widespread reliance on such systems by all of the Nationâs critical infrastructures represent a systemic threat to their continued operation following an EMP event. Additionally, the necessity to reboot, repair, or replace large numbers of geographically widely dispersed systems will considerably impede the Nationâs recovery from such an assault."
541:. The system monitors whether certain alarm conditions are satisfied, to determine when an alarm event has occurred. Once an alarm event has been detected, one or more actions are taken (such as the activation of one or more alarm indicators, and perhaps the generation of email or text messages so that management or remote SCADA operators are informed). In many cases, a SCADA operator may have to acknowledge the alarm event; this may deactivate some alarm indicators, whereas other indicators remain active until the alarm conditions are cleared.
684:
458:
on operator workstations. In smaller SCADA systems, the supervisory computer may be composed of a single PC, in which case the HMI is a part of this computer. In larger SCADA systems, the master station may include several HMIs hosted on client computers, multiple servers for data acquisition, distributed software applications, and disaster recovery sites. To increase the integrity of the system the multiple servers will often be configured in a
589:
market, allowing mechanical engineers, electrical engineers and technicians to configure HMIs themselves, without the need for a custom-made program written by a software programmer. The Remote
Terminal Unit (RTU) connects to physical equipment. Typically, an RTU converts the electrical signals from the equipment to digital values. By converting and sending these electrical signals out to equipment the RTU can control equipment.
424:
25:
87:
827:
because compromise or destruction of these systems would impact multiple areas of society far removed from the original compromise. For example, a blackout caused by a compromised electrical SCADA system would cause financial losses to all the customers that received electricity from that source. How security will affect legacy SCADA and new deployments remains to be seen.
656:(CIP) in the US), there is increasing use of satellite-based communication. This has the key advantages that the infrastructure can be self-contained (not using circuits from the public telephone system), can have built-in encryption, and can be engineered to the availability and reliability required by the SCADA system operator. Earlier experiences using consumer-grade
835:, allowing an attacker to control a SCADA device by sending commands over a network. In many cases SCADA users have assumed that having a VPN offered sufficient protection, unaware that security can be trivially bypassed with physical access to SCADA-related network jacks and switches. Industrial control vendors suggest approaching SCADA security like
436:
706:. Common network services did not exist at the time SCADA was developed. Thus SCADA systems were independent systems with no connectivity to other systems. The communication protocols used were strictly proprietary at that time. The first-generation SCADA system redundancy was achieved using a back-up mainframe system connected to all the
576:(PAC) is a compact controller that combines the features and capabilities of a PC-based control system with that of a typical PLC. PACs are deployed in SCADA systems to provide RTU and PLC functions. In many electrical substation SCADA applications, "distributed RTUs" use information processors or station computers to communicate with
731:
browsers such as Google Chrome and
Mozilla Firefox as the graphical user interface (GUI) for the operators HMI. This simplifies the client side installation and enables users to access the system from various platforms with web browsers such as servers, personal computers, laptops, tablets and mobile phones.
886:(ISA) started formalizing SCADA security requirements in 2007 with a working group, WG4. WG4 "deals specifically with unique technical requirements, measurements, and other features required to evaluate and assure security resilience and performance of industrial automation and control systems devices".
889:
The increased interest in SCADA vulnerabilities has resulted in vulnerability researchers discovering vulnerabilities in commercial SCADA software and more general offensive SCADA techniques presented to the general security community. In electric and gas utility SCADA systems, the vulnerability of
826:
SCADA systems are used to control and monitor physical processes, examples of which are transmission of electricity, transportation of gas and oil in pipelines, water distribution, traffic lights, and other systems used as the basis of modern society. The security of these SCADA systems is important
717:
SCADA information and command processing were distributed across multiple stations which were connected through a LAN. Information was shared in near real time. Each station was responsible for a particular task, which reduced the cost as compared to First
Generation SCADA. The network protocols used
548:
Examples of alarm indicators include a siren, a pop-up box on a screen, or a coloured or flashing area on a screen (that might act in a similar way to the "fuel tank empty" light in a car); in each case, the role of the alarm indicator is to draw the operator's attention to the part of the system 'in
739:
SCADA systems that tie together decentralized facilities such as power, oil, gas pipelines, water distribution and wastewater collection systems were designed to be open, robust, and easily operated and repaired, but not necessarily secure. The move from proprietary technologies to more standardized
730:
The growth of the internet has led SCADA systems to implement web technologies allowing users to view data, exchange information and control processes from anywhere in the world through web SOCKET connection. The early 2000s saw the proliferation of Web SCADA systems. Web SCADA systems use internet
544:
Alarm conditions can be explicitâfor example, an alarm point is a digital status point that has either the value NORMAL or ALARM that is calculated by a formula based on the values in other analogue and digital pointsâor implicit: the SCADA system might automatically monitor whether the value in an
457:
This is the core of the SCADA system, gathering data on the process and sending control commands to the field connected devices. It refers to the computer and software responsible for communicating with the field connection controllers, which are RTUs and PLCs, and includes the HMI software running
843:
strategy that leverages common IT practices. Apart from that, research has shown that the architecture of SCADA systems has several other vulnerabilities, including direct tampering with RTUs, communication links from RTUs to the control center, and IT software and databases in the control center.
588:
Since about 1998, virtually all major PLC manufacturers have offered integrated HMI/SCADA systems, many of them using open and non-proprietary communications protocols. Numerous specialized third-party HMI/SCADA packages, offering built-in compatibility with most major PLCs, have also entered the
830:
There are many threat vectors to a modern SCADA system. One is the threat of unauthorized access to the control software, whether it is human access or changes induced intentionally or accidentally by virus infections and other software threats residing on the control host machine. Another is the
498:
PLCs are connected to sensors and actuators in the process, and are networked to the supervisory system. In factory automation, PLCs typically have a high speed connection to the SCADA system. In remote applications, such as a large water treatment plant, PLCs may connect directly to SCADA over a
509:
This connects the supervisory computer system to the RTUs and PLCs, and may use industry standard or manufacturer proprietary protocols. Both RTUs and PLCs operate autonomously on the near-real time control of the process, using the last command given from the supervisory system. Failure of the
663:
RTUs and other automatic controller devices were developed before the advent of industry wide standards for interoperability. The result is that developers and their management created a multitude of control protocols. Among the larger vendors, there was also the incentive to create their own
516:
The HMI is the operator window of the supervisory system. It presents plant information to the operating personnel graphically in the form of mimic diagrams, which are a schematic representation of the plant being controlled, and alarm and event logging pages. The HMI is linked to the SCADA
1140:
510:
communications network does not necessarily stop the plant process controls, and on resumption of communications, the operator can continue with monitoring and control. Some critical systems will have dual redundant data highways, often cabled via diverse routes.
851:
The reliable function of SCADA systems in our modern infrastructure may be crucial to public health and safety. As such, attacks on these systems may directly or indirectly threaten public health and safety. Such an attack has already occurred, carried out on
441:
440:
437:
726:
and separated geographically. Several distributed architecture SCADAs running in parallel, with a single supervisor and historian, could be considered a network architecture. This allows for a more cost-effective solution in very large scale systems.
921:
which in turn logs into the SCADA's database and steals design and control files. The malware is also capable of changing the control system and hiding those changes. The malware was found on 14 systems, the majority of which were located in Iran.
721:
Similar to a distributed architecture, any complex SCADA can be reduced to the simplest components and connected through communication protocols. In the case of a networked design, the system may be spread across more than one LAN network called a
442:
561:(a suite of five programming languages including function block, ladder, structured text, sequence function charts and instruction list), is frequently used to create programs which run on these RTUs and PLCs. Unlike a procedural language like
521:
is a software service within the HMI which accumulates time-stamped data, events, and alarms in a database which can be queried or used to populate graphic trends in the HMI. The historian is a client that requests data from a data acquisition
1152:
569:, IEC 61131-3 has minimal training requirements by virtue of resembling historic physical control arrays. This allows SCADA system engineers to perform both the design and implementation of a program to be executed on an RTU or PLC.
718:
were still not standardized. Since these protocols were proprietary, very few people beyond the developers knew enough to determine how secure a SCADA installation was. Security of the SCADA installation was usually overlooked.
439:
1870:
1371:
Li D, Serizawa Y, Kiuchi M. Concept design for a web-based supervisory control and data-acquisition (scada) system. In: Transmission and
Distribution Conference and Exhibition 2002: Asia Pacific. IEEE/PES; Vol. 1; p.
331:
in function, while using multiple means of interfacing with the plant. They can control large-scale processes that can span multiple sites, and work over large distances. It is one of the most commonly-used types of
387:
Level 2 contains the SCADA to readings and equipment status reports that are communicated to level 2 SCADA as required. Data is then compiled and formatted in such a way that a control room operator using the HMI
620:
and
Conitel. These communication protocols, with the exception of Modbus (Modbus has been made open by Schneider Electric), are all SCADA-vendor specific but are widely adopted and used. Standard protocols are
557:"Smart" RTUs, or standard PLCs, are capable of autonomously executing simple logic processes without involving the supervisory computer. They employ standardized control programming languages such as under,
1381:
Kovaliuk, D. O., Huza, K. M., & Kovaliuk, O. O. (2018). Development of SCADA System based on Web
Technologies. International Journal of Information Engineering and Electronic Business (IJIEEB), 10(2),
322:
The SCADA concept was developed to be a universal means of remote-access to a variety of local control modules, which could be from different manufacturers and allowing access through standard automation
310:
changes, are handled through the SCADA computer system. The subordinated operations, e.g. the real-time control logic or controller calculations, are performed by networked modules connected to the field
1353:
Abbas, H.A. and
Mohamed, A.M. (2011) âReview in the design of web based SCADA systems based on OPC DA protocolâ, International Journal of Computer Networks, February, Vol. 2, No. 6, pp.266â277, Malaysia.
1165:
satellite is a cost-effective and secure solution that can provide backup communications and easily support core smart grid applications like SCADA, telemetry, AMI backhaul and distribution automation
605:. Some users want SCADA data to travel over their pre-established corporate networks or to share the network with other applications. The legacy of the early low-bandwidth protocols remains, though.
1768:
710:
sites and was used in the event of failure of the primary mainframe system. Some first generation SCADA systems were developed as "turn key" operations that ran on minicomputers such as the
1339:
R. J. Robles and T. H. Kim, âArchitecture for SCADA with Mobile Remote
Componentsâ, Proceedings of the 12th WSEAS International Conference on Automatic Control, Modelling & Simulation.
573:
1330:
R. Fan, L. Cheded and O. Toker, "Internet-based SCADA: a new approach using Java and XML," in
Computing & Control Engineering Journal, vol. 16, no. 5, pp. 22-26, Oct.-Nov. 2005.
1874:
490:
system, using radio, GSM or satellite for communications, and being ruggedised to survive from -20C to +70C or even -40C to +85C without external heating or cooling equipment.
474:
RTUs connect to sensors and actuators in the process, and are networked to the supervisory computer system. RTUs have embedded control capabilities and often conform to the
1579:
1178:
608:
SCADA protocols are designed to be very compact. Many are designed to send information only when the master station polls the RTU. Typical legacy SCADA protocols include
438:
601:
is also frequently used for large systems such as railways and power stations. The remote management or monitoring function of a SCADA system is often referred to as
415:, which relate to specific instrumentation or actuators within the process system. Data is accumulated against these unique process control equipment tag references.
499:
wireless link, or more commonly, utilise an RTU for the communications management. PLCs are specifically designed for control and were the founding platform for the
1033:
However, SCADA systems may have security vulnerabilities, so the systems should be evaluated to identify risks and solutions implemented to mitigate those risks.
1293:
46:
798:
access for secure connectivity. Consequently, the security of some SCADA-based systems has come into question as they are seen as potentially vulnerable to
633:. These communication protocols are standardized and recognized by all major SCADA vendors. Many of these protocols now contain extensions to operate over
1841:
503:
programming languages. For economical reasons, PLCs are often used for remote sites where there is a large I/O count, rather than utilising an RTU alone.
874:
Many vendors of SCADA and control products have begun to address the risks posed by unauthorized access by developing lines of specialized industrial
486:
or a variety of other languages. Remote locations often have little or no local infrastructure so it is not uncommon to find RTUs running off a small
1772:
366:
Level 2 contains the supervisory computers, which collate information from processor nodes on the system, and provide the operator control screens.
1317:
1210:
649:
369:
Level 3 is the production control level, which does not directly control the process, but is concerned with monitoring production and targets.
953:, depending on the application. Example processes include industrial, infrastructure, and facility-based processes, as described below:
1604:
Giani, A.; Sastry, S.; Johansson, H.; Sandberg, H. (2009). "The VIKING project: An initiative on resilient control of power networks".
1362:
Qiu B, Gooi HB. Web-based scada display systems (wsds) for access via internet. Power
Systems, IEEE Transactions on 2000;15(2):681â686.
1018:
263:
1896:
33:
1502:
352:
The key attribute of a SCADA system is its ability to perform a supervisory operation over a variety of other proprietary devices.
70:
756:
released a vulnerability advisory warning that unauthenticated users could download sensitive configuration information including
1185:
757:
671:
An example of efforts by vendor groups to standardize automation protocols is the OPC-UA (formerly "OLE for process control" now
1931:
1698:
1623:
1410:
1276:
1102:
831:
threat of packet access to the network segments hosting SCADA devices. In many cases, the control protocol lacks any form of
809:
The lack of concern about security and authentication in the design, deployment and operation of some existing SCADA networks
1647:
Liu, Y.; Ning, P.; Reiter, MK. (May 2011). "False Data Injection Attacks against State Estimation in Electric Power Grids".
1391:
J. M. Lynch, âAn Internet Based SCADA Systemâ, BSc Project Report, University of Southern Queensland, Queensland, Oct. 2005
1094:
Emerging Technologies in Wireless Ad-hoc Networks: Applications and Future Development: Applications and Future Development
949:
Both large and small systems can be built using the SCADA concept. These systems can range from just tens to thousands of
883:
1950:
641:, blurs the line between traditional and industrial networking, they each fulfill fundamentally differing requirements.
653:
428:
363:
Level 1 contains the industrialized input/output (I/O) modules, and their associated distributed electronic processors.
1539:
790:. Both vendors made updates available prior to public vulnerability release. Mitigation recommendations were standard
740:
and open solutions together with the increased number of connections between SCADA systems, office networks and the
1300:
142:
1256:
Abbas, H.A. (2014). Future SCADA challenges and the promising solution: the agent-based SCADA. IJCIS, 10, 307-333.
890:
the large installed base of wired and wireless serial communications links is addressed in some cases by applying
1118:
598:
256:
941:
493:
377:
356:
Level 0 contains the field devices such as flow and temperature sensors, and final control elements, such as
300:
227:
882:
solutions for TCP/IP-based SCADA networks as well as external SCADA monitoring and recording equipment. The
392:) can make supervisory decisions to adjust or override normal RTU (PLC) controls. Data may also be fed to a
1977:
895:
665:
657:
324:
203:
157:
147:
1718:
Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack
1787:
999:
995:
840:
745:
466:
formation providing continuous control and monitoring in the event of a server malfunction or breakdown.
306:
The operator interfaces which enable monitoring and the issuing of process commands, such as controller
933:
which dealt with an imagined large-scale cyber attack on SCADA and the United States' electrical grid.
813:
580:, PACs, and other devices for I/O, and communicate with the SCADA master in lieu of a traditional RTU.
397:
328:
232:
1239:
333:
307:
249:
344:
1707:
845:
672:
597:
SCADA systems have traditionally used combinations of radio and direct wired connections, although
577:
562:
292:
172:
152:
1987:
1717:
1713:
723:
459:
389:
38:
1452:
483:
1266:
1092:
987:
868:
393:
162:
1900:
1176:
1026:
875:
836:
761:
707:
660:
were poor. Modern carrier-class systems provide the quality of service required for SCADA.
469:
381:
1513:
8:
1605:
991:
973:
822:
The belief that SCADA networks are secure because they are disconnected from the Internet
775:
768:
299:
supervision of machines and processes. It also covers sensors and other devices, such as
121:
1681:; Miller, M. (November 2007). "Chpt 6: Lessons Learned from the Maroochy Water Breach".
1224:
645:
can be used in conjunction with SCADA simulators to perform various 'what-if' analyses.
427:
Typical SCADA mimic shown as an animation. For process plants, these are based upon the
1982:
1660:
1629:
957:
844:
The RTUs could, for instance, be targets of deception attacks injecting false data or
688:
642:
116:
1814:
1477:
1927:
1694:
1619:
1427:
1406:
1311:
1272:
1204:
1098:
853:
791:
749:
137:
1955:
1633:
1686:
1664:
1652:
1611:
1453:"ICSA-11-231-01âINDUCTIVE AUTOMATION IGNITION INFORMATION DISCLOSURE VULNERABILITY"
969:
891:
545:
analogue point lies outside high and low- limit values associated with that point.
538:
532:
101:
78:
1075:
983:
965:
914:
902:
787:
779:
111:
1842:"SIMATIC WinCC / SIMATIC PCS 7: Information concerning Malware / Virus / Trojan"
1690:
976:, and refining, and may run in continuous, batch, repetitive, or discrete modes.
1972:
1615:
1022:
979:
764:
284:
106:
1966:
1014:
961:
905:
reported the first detection of malware that attacks SCADA systems (Siemens'
867:
In April 2008, the Commission to Assess the Threat to the United States from
819:
The belief that SCADA networks are secure because they are physically secured
772:
703:
357:
1656:
909:/PCS 7 systems) running on Windows operating systems. The malware is called
950:
832:
799:
778:. Security researcher Jerry Brown submitted a similar advisory regarding a
479:
177:
1557:
945:
Example of SCADA used in office environment to remotely monitor a process
683:
622:
558:
500:
487:
475:
423:
198:
1056: â Software infrastructure for building distributed control systems
1141:"Demystifying Satellite for the Smart Grid: Four Common Misconceptions"
857:
783:
296:
86:
637:. Although the use of conventional networking specifications, such as
1678:
1048:
1003:
861:
626:
602:
463:
316:
208:
167:
16:
Control system architecture for supervision of machines and processes
1858:
malware (trojan) which affects the visualization system WinCC SCADA.
1651:. Vol. 14. Association for Computing Machinery. pp. 1â33.
816:
through the use of specialized protocols and proprietary interfaces
753:
741:
617:
327:. In practice, large SCADA systems have grown to become similar to
288:
1478:"ICSA-11-094-01âWONDERWARE INBATCH CLIENT ACTIVEX BUFFER OVERFLOW"
446:
More complex SCADA animation showing control of four batch cookers
1845:
1177:
OFFICE OF THE MANAGER NATIONAL COMMUNICATIONS SYSTEMctober 2004.
1010:
918:
910:
692:
566:
699:
SCADA systems have evolved through four generations as follows:
450:
A SCADA system usually consists of the following main elements:
24:
1926:. USA: ISA - International Society of Automation. p. 179.
711:
638:
634:
613:
609:
312:
193:
1791:
1714:
http://www.empcommission.org/docs/A2473-EMP_Commission-7MB.pdf
1607:
2009 2nd International Symposium on Resilient Control Systems
1503:"Cyberthreats, Vulnerabilities and Attacks on SCADA Networks"
1053:
906:
1603:
1819:
1243:
1042:
630:
592:
1790:. Utilities Telecom Council. pp. 3â21. Archived from
1685:(Online-Ausg. ed.). Springer Boston. pp. 73â82.
1268:
Security Hardened Remote Terminal Units for SCADA Networks
1179:"Supervisory Control and Data Acquisition (SCADA) Systems"
1077:
Security Hardened Remote Terminal Units for SCADA Networks
1428:"14 Major SCADA Attacks and What You Can Learn From Them"
879:
805:
In particular, security researchers are concerned about:
795:
754:
United States Computer Emergency Readiness Team (US-CERT)
1956:
BBC NEWS | Technology | Spies 'infiltrate US power grid'
1815:"Details of the first-ever control system malware (FAQ)"
1769:"SCADA Security â Generic Electric Grid Malware Design"
1537:
348:
Functional levels of a manufacturing control operation
1742:
1540:"SCADA Security and Terrorism: We're Not Crying Wolf"
898:
encryption rather than replacing all existing nodes.
478:
standard for programming and support automation via
1649:
ACM Transactions on Information and System Security
1090:
1009:Facility processes, including buildings, airports,
691:'s Training Manual 5-601 covers "SCADA Systems for
537:An important part of most SCADA implementations is
400:, to allow trending and other analytical auditing.
303:, which interface with process plant or machinery.
1788:"Substation Communications: Enabler of Automation"
812:The belief that SCADA systems have the benefit of
673:Open Platform Communications Unified Architecture
1964:
1184:. NATIONAL COMMUNICATIONS SYSTEM. Archived from
1147:. Utility Automation & Engineering T&D.
982:processes may be public or private, and include
549:alarm' so that appropriate action can be taken.
702:Early SCADA system computing was done by large
650:North American Electric Reliability Corporation
1924:SCADA Supervisory Control and Data Acquisition
1871:"Siemens: Stuxnet worm hit industrial systems"
1151:(8). Tulsa, OK: PennWell. Four. Archived from
1899:. National Geographic Channel. Archived from
1646:
1119:"Introduction to Industrial Control Networks"
664:protocol to "lock in" their customer base. A
583:
257:
1735:
1558:"SCADA system makers pushed toward security"
1555:
1495:
1349:
1347:
1345:
1259:
1111:
986:and distribution, wastewater collection and
1597:
1403:Instrumentation Reference Book, 4th Edition
1316:: CS1 maint: numeric names: authors list (
1209:: CS1 maint: numeric names: authors list (
678:
372:Level 4 is the production scheduling level.
1677:
1671:
1405:. USA: Butterworth-Heinemann. p. 27.
1019:heating, ventilation, and air conditioning
901:In June 2010, anti-virus security company
744:has made them more vulnerable to types of
648:With increasing security demands (such as
264:
250:
1785:
1342:
1291:
1126:IEEE Communications Surveys and Tutorials
1073:
1292:UJVAROSI1, Alexandru (2 November 2016).
1132:
1091:Aquino-Santos, Raul (30 November 2010).
940:
682:
593:Communication infrastructure and methods
434:
422:
343:
281:supervisory control and data acquisition
49:of all important aspects of the article.
1640:
1084:
1067:
894:devices that employ authentication and
1965:
1138:
552:
407:, which contains data elements called
45:Please consider expanding the lead to
1921:
1812:
1400:
1240:"A Brief History of SCADA/EMS (2015)"
1237:
339:
1580:"Industrial Security Best Practices"
291:, networked data communications and
18:
1425:
884:International Society of Automation
856:Council's sewage control system in
13:
1683:Critical infrastructure protection
654:critical infrastructure protection
574:programmable automation controller
429:piping and instrumentation diagram
14:
1999:
1944:
1139:Bergan, Christian (August 2011).
1045: â Computer network protocol
526:
1538:D. Maynor and R. Graham (2006).
85:
23:
1915:
1889:
1863:
1834:
1806:
1779:
1761:
1723:(Report). April 2008. p. 9
1572:
1549:
1531:
1470:
1445:
1419:
1394:
1385:
1375:
1365:
1356:
1333:
1324:
1285:
37:may be too short to adequately
1813:Mills, Elinor (21 July 2010).
1250:
1231:
1217:
1170:
748:that are relatively common in
494:Programmable logic controllers
403:SCADA systems typically use a
378:programmable logic controllers
301:programmable logic controllers
47:provide an accessible overview
1:
1556:Robert Lemos (26 July 2006).
1060:
724:process control network (PCN)
418:
396:, often built on a commodity
186:Information and communication
1951:UK SCADA security guidelines
1294:"EVOLUTION OF SCADA SYSTEMS"
1097:. IGI Global. pp. 43â.
929:released a docudrama titled
896:Advanced Encryption Standard
767:system utilizing a standard
666:list of automation protocols
506:Communication infrastructure
7:
1786:KEMA, Inc (November 2006).
1691:10.1007/978-0-387-75462-8_6
1080:. University of Louisville.
1036:
1017:. They monitor and control
996:electric power transmission
734:
329:distributed control systems
10:
2004:
1616:10.1109/ISRCS.2009.5251361
1225:"SCADA Systems april 2014"
1145:Electric Light & Power
814:security through obscurity
584:PLC commercial integration
530:
398:database management system
334:industrial control systems
1922:Boyer, Stuart A. (2010).
846:denial-of-service attacks
771:leveraging access to the
578:digital protective relays
293:graphical user interfaces
1610:. IEEE. pp. 31â35.
794:practices and requiring
679:Architecture development
287:architecture comprising
1657:10.1145/1952982.1952995
1510:Rosa Tang, berkeley.edu
936:
513:Human-machine interface
390:Human Machine Interface
130:Industrial technologies
1271:. 2008. pp. 12â.
946:
833:cryptographic security
696:
623:IEC 60870-5-101 or 104
484:function block diagram
447:
432:
349:
1585:. Rockwell Automation
992:oil and gas pipelines
944:
869:Electromagnetic Pulse
686:
531:Further information:
470:Remote terminal units
454:Supervisory computers
445:
426:
382:remote terminal units
376:Level 1 contains the
347:
94:Manufacturing methods
1401:Boyes, Walt (2011).
958:Industrial processes
837:Information Security
762:Inductive Automation
708:Remote Terminal Unit
1978:Control engineering
1897:"American Blackout"
1306:on 28 October 2021.
927:National Geographic
782:vulnerability in a
776:Embedded Web server
553:PLC/RTU programming
122:Agile manufacturing
1794:on 3 November 2007
1775:on 7 January 2009.
1743:"Security for all"
1426:Siggins, Morgana.
1246:on 11 August 2015.
1074:Jeff Hieb (2008).
1027:energy consumption
947:
697:
689:United States Army
668:is compiled here.
643:Network simulation
448:
433:
350:
340:Control operations
117:Lean manufacturing
1933:978-1-936007-09-7
1700:978-0-387-75461-1
1625:978-1-4244-4853-1
1519:on 13 August 2012
1412:978-0-7506-8308-1
1278:978-0-549-54831-7
1104:978-1-60960-029-7
931:American Blackout
750:computer security
443:
274:
273:
64:
63:
1995:
1938:
1937:
1919:
1913:
1912:
1910:
1908:
1903:on 13 March 2015
1893:
1887:
1886:
1884:
1882:
1873:. Archived from
1867:
1861:
1860:
1855:
1853:
1838:
1832:
1831:
1829:
1827:
1810:
1804:
1803:
1801:
1799:
1783:
1777:
1776:
1771:. Archived from
1765:
1759:
1758:
1756:
1754:
1739:
1733:
1732:
1730:
1728:
1722:
1711:
1705:
1704:
1675:
1669:
1668:
1644:
1638:
1637:
1601:
1595:
1594:
1592:
1590:
1584:
1576:
1570:
1569:
1567:
1565:
1553:
1547:
1546:
1544:
1535:
1529:
1528:
1526:
1524:
1518:
1512:. Archived from
1507:
1499:
1493:
1492:
1490:
1488:
1482:
1474:
1468:
1467:
1465:
1463:
1458:. 19 August 2011
1457:
1449:
1443:
1442:
1440:
1438:
1423:
1417:
1416:
1398:
1392:
1389:
1383:
1379:
1373:
1369:
1363:
1360:
1354:
1351:
1340:
1337:
1331:
1328:
1322:
1321:
1315:
1307:
1305:
1299:. Archived from
1298:
1289:
1283:
1282:
1263:
1257:
1254:
1248:
1247:
1242:. Archived from
1235:
1229:
1228:
1221:
1215:
1214:
1208:
1200:
1198:
1196:
1190:
1183:
1174:
1168:
1167:
1162:
1160:
1155:on 31 March 2012
1136:
1130:
1129:
1123:
1115:
1109:
1108:
1088:
1082:
1081:
1071:
1021:systems (HVAC),
970:power generation
925:In October 2013
915:zero-day attacks
892:bump-in-the-wire
841:defense in depth
533:Alarm management
444:
266:
259:
252:
102:Batch production
89:
79:Machine industry
66:
65:
59:
56:
50:
27:
19:
2003:
2002:
1998:
1997:
1996:
1994:
1993:
1992:
1963:
1962:
1947:
1942:
1941:
1934:
1920:
1916:
1906:
1904:
1895:
1894:
1890:
1880:
1878:
1869:
1868:
1864:
1851:
1849:
1840:
1839:
1835:
1825:
1823:
1811:
1807:
1797:
1795:
1784:
1780:
1767:
1766:
1762:
1752:
1750:
1741:
1740:
1736:
1726:
1724:
1720:
1716:
1712:
1708:
1701:
1676:
1672:
1645:
1641:
1626:
1602:
1598:
1588:
1586:
1582:
1578:
1577:
1573:
1563:
1561:
1560:. SecurityFocus
1554:
1550:
1542:
1536:
1532:
1522:
1520:
1516:
1505:
1501:
1500:
1496:
1486:
1484:
1483:. 13 April 2011
1480:
1476:
1475:
1471:
1461:
1459:
1455:
1451:
1450:
1446:
1436:
1434:
1424:
1420:
1413:
1399:
1395:
1390:
1386:
1380:
1376:
1370:
1366:
1361:
1357:
1352:
1343:
1338:
1334:
1329:
1325:
1309:
1308:
1303:
1296:
1290:
1286:
1279:
1265:
1264:
1260:
1255:
1251:
1236:
1232:
1223:
1222:
1218:
1202:
1201:
1194:
1192:
1191:on 14 July 2015
1188:
1181:
1175:
1171:
1158:
1156:
1137:
1133:
1121:
1117:
1116:
1112:
1105:
1089:
1085:
1072:
1068:
1063:
1039:
984:water treatment
966:process control
939:
788:ActiveX control
780:buffer overflow
758:password hashes
752:. For example,
746:network attacks
737:
681:
595:
586:
555:
535:
529:
435:
421:
342:
270:
220:Process control
112:Flow production
60:
54:
51:
44:
32:This article's
28:
17:
12:
11:
5:
2001:
1991:
1990:
1988:Electric power
1985:
1980:
1975:
1959:
1958:
1953:
1946:
1945:External links
1943:
1940:
1939:
1932:
1914:
1888:
1877:on 25 May 2012
1862:
1848:. 21 July 2010
1833:
1805:
1778:
1760:
1734:
1706:
1699:
1670:
1639:
1624:
1596:
1571:
1548:
1530:
1494:
1469:
1444:
1418:
1411:
1393:
1384:
1374:
1364:
1355:
1341:
1332:
1323:
1284:
1277:
1258:
1249:
1230:
1216:
1169:
1131:
1110:
1103:
1083:
1065:
1064:
1062:
1059:
1058:
1057:
1051:
1046:
1038:
1035:
1031:
1030:
1015:space stations
1007:
980:Infrastructure
977:
938:
935:
913:and uses four
854:Maroochy Shire
824:
823:
820:
817:
810:
786:InBatchClient
736:
733:
680:
677:
594:
591:
585:
582:
554:
551:
539:alarm handling
528:
527:Alarm handling
525:
524:
523:
514:
511:
507:
504:
496:
491:
472:
467:
460:dual-redundant
455:
420:
417:
374:
373:
370:
367:
364:
361:
358:control valves
341:
338:
285:control system
272:
271:
269:
268:
261:
254:
246:
243:
242:
241:
240:
235:
230:
222:
221:
217:
216:
215:
214:
211:
206:
201:
196:
188:
187:
183:
182:
181:
180:
175:
170:
165:
160:
155:
150:
145:
140:
132:
131:
127:
126:
125:
124:
119:
114:
109:
107:Job production
104:
96:
95:
91:
90:
82:
81:
75:
74:
73:of articles on
62:
61:
41:the key points
31:
29:
22:
15:
9:
6:
4:
3:
2:
2000:
1989:
1986:
1984:
1981:
1979:
1976:
1974:
1971:
1970:
1968:
1961:
1957:
1954:
1952:
1949:
1948:
1935:
1929:
1925:
1918:
1902:
1898:
1892:
1876:
1872:
1866:
1859:
1847:
1843:
1837:
1822:
1821:
1816:
1809:
1793:
1789:
1782:
1774:
1770:
1764:
1748:
1744:
1738:
1719:
1715:
1710:
1702:
1696:
1692:
1688:
1684:
1680:
1674:
1666:
1662:
1658:
1654:
1650:
1643:
1635:
1631:
1627:
1621:
1617:
1613:
1609:
1608:
1600:
1581:
1575:
1559:
1552:
1541:
1534:
1515:
1511:
1504:
1498:
1479:
1473:
1454:
1448:
1433:
1429:
1422:
1414:
1408:
1404:
1397:
1388:
1378:
1368:
1359:
1350:
1348:
1346:
1336:
1327:
1319:
1313:
1302:
1295:
1288:
1280:
1274:
1270:
1269:
1262:
1253:
1245:
1241:
1234:
1226:
1220:
1212:
1206:
1187:
1180:
1173:
1166:
1154:
1150:
1146:
1142:
1135:
1127:
1120:
1114:
1106:
1100:
1096:
1095:
1087:
1079:
1078:
1070:
1066:
1055:
1052:
1050:
1047:
1044:
1041:
1040:
1034:
1028:
1024:
1020:
1016:
1012:
1008:
1005:
1001:
997:
993:
989:
985:
981:
978:
975:
971:
967:
963:
962:manufacturing
959:
956:
955:
954:
952:
951:control loops
943:
934:
932:
928:
923:
920:
917:to install a
916:
912:
908:
904:
899:
897:
893:
887:
885:
881:
877:
872:
870:
865:
863:
859:
855:
849:
847:
842:
838:
834:
828:
821:
818:
815:
811:
808:
807:
806:
803:
801:
800:cyber attacks
797:
793:
789:
785:
781:
777:
774:
770:
766:
763:
759:
755:
751:
747:
743:
732:
728:
725:
719:
715:
713:
709:
705:
704:minicomputers
700:
694:
690:
685:
676:
674:
669:
667:
661:
659:
655:
651:
646:
644:
640:
636:
632:
628:
624:
619:
615:
611:
606:
604:
600:
590:
581:
579:
575:
570:
568:
564:
560:
550:
546:
542:
540:
534:
520:
515:
512:
508:
505:
502:
497:
495:
492:
489:
485:
481:
477:
473:
471:
468:
465:
461:
456:
453:
452:
451:
430:
425:
416:
414:
410:
406:
401:
399:
395:
391:
385:
383:
379:
371:
368:
365:
362:
359:
355:
354:
353:
346:
337:
335:
330:
326:
320:
318:
314:
309:
304:
302:
298:
294:
290:
286:
282:
278:
267:
262:
260:
255:
253:
248:
247:
245:
244:
239:
236:
234:
231:
229:
226:
225:
224:
223:
219:
218:
212:
210:
207:
205:
202:
200:
197:
195:
192:
191:
190:
189:
185:
184:
179:
176:
174:
171:
169:
166:
164:
161:
159:
156:
154:
151:
149:
146:
144:
141:
139:
136:
135:
134:
133:
129:
128:
123:
120:
118:
115:
113:
110:
108:
105:
103:
100:
99:
98:
97:
93:
92:
88:
84:
83:
80:
77:
76:
72:
68:
67:
58:
48:
42:
40:
35:
30:
26:
21:
20:
1960:
1923:
1917:
1905:. Retrieved
1901:the original
1891:
1881:16 September
1879:. Retrieved
1875:the original
1865:
1857:
1850:. Retrieved
1836:
1824:. Retrieved
1818:
1808:
1796:. Retrieved
1792:the original
1781:
1773:the original
1763:
1751:. Retrieved
1746:
1737:
1725:. Retrieved
1709:
1682:
1673:
1648:
1642:
1606:
1599:
1587:. Retrieved
1574:
1562:. Retrieved
1551:
1533:
1521:. Retrieved
1514:the original
1509:
1497:
1485:. Retrieved
1472:
1460:. Retrieved
1447:
1435:. Retrieved
1431:
1421:
1402:
1396:
1387:
1377:
1367:
1358:
1335:
1326:
1301:the original
1287:
1267:
1261:
1252:
1244:the original
1233:
1219:
1193:. Retrieved
1186:the original
1172:
1164:
1157:. Retrieved
1153:the original
1148:
1144:
1134:
1125:
1113:
1093:
1086:
1076:
1069:
1032:
1000:distribution
948:
930:
926:
924:
903:VirusBlokAda
900:
888:
873:
866:
850:
829:
825:
804:
738:
729:
720:
716:
701:
698:
670:
662:
647:
607:
596:
587:
571:
556:
547:
543:
536:
518:
480:ladder logic
449:
412:
408:
405:tag database
404:
402:
386:
375:
351:
321:
305:
280:
276:
275:
237:
55:January 2024
52:
36:
34:lead section
1749:. June 2008
1432:DPS Telecom
1238:J. Russel.
974:fabrication
769:attack type
695:Facilities"
652:(NERC) and
559:IEC 61131-3
501:IEC 61131-3
488:solar power
476:IEC 61131-3
464:hot-standby
1967:Categories
1907:14 October
1798:19 January
1462:21 January
1061:References
1004:wind farms
858:Queensland
784:Wonderware
419:Components
380:(PLCs) or
297:high-level
1983:Telemetry
1049:IEC 60870
988:treatment
862:Australia
627:IEC 61850
603:telemetry
599:SONET/SDH
519:historian
394:historian
325:protocols
317:actuators
289:computers
209:IEC 62264
168:Six Sigma
39:summarize
1679:Slay, J.
1634:14917254
1589:26 March
1523:1 August
1487:26 March
1437:26 April
1312:cite web
1205:cite web
1037:See also
960:include
876:firewall
792:patching
765:Ignition
760:from an
742:Internet
735:Security
714:series.
618:Profibus
384:(RTUs).
308:setpoint
71:a series
69:Part of
1852:22 July
1846:Siemens
1826:21 July
1665:2305736
1195:14 July
1128:. 2012.
919:rootkit
911:Stuxnet
839:with a
567:FORTRAN
522:server.
313:sensors
283:) is a
1930:
1747:InTech
1727:31 May
1697:
1663:
1632:
1622:
1409:
1382:25-32.
1372:32â36.
1275:
1101:
1025:, and
1023:access
1013:, and
1002:, and
773:Tomcat
712:PDP-11
639:TCP/IP
635:TCP/IP
614:RP-570
610:Modbus
413:points
199:ISA-95
194:ISA-88
1973:SCADA
1753:2 May
1721:(PDF)
1661:S2CID
1630:S2CID
1583:(PDF)
1564:9 May
1543:(PDF)
1517:(PDF)
1506:(PDF)
1481:(PDF)
1456:(PDF)
1304:(PDF)
1297:(PDF)
1189:(PDF)
1182:(PDF)
1159:2 May
1122:(PDF)
1054:EPICS
1011:ships
907:WinCC
693:C4ISR
612:RTU,
277:SCADA
238:SCADA
213:B2MML
1928:ISBN
1909:2016
1883:2010
1854:2010
1828:2010
1820:CNET
1800:2022
1755:2012
1729:2024
1695:ISBN
1620:ISBN
1591:2013
1566:2007
1525:2012
1489:2013
1464:2013
1439:2021
1407:ISBN
1318:link
1273:ISBN
1211:link
1197:2015
1161:2012
1099:ISBN
1043:DNP3
998:and
937:Uses
878:and
687:The
658:VSAT
631:DNP3
629:and
482:, a
409:tags
315:and
295:for
1687:doi
1653:doi
1612:doi
880:VPN
848:.
796:VPN
675:).
565:or
462:or
411:or
233:DCS
228:PLC
204:ERP
173:TQM
163:TOC
158:QRM
153:VDM
148:TPM
143:RCM
138:PLM
1969::
1856:.
1844:.
1817:.
1745:.
1693:.
1659:.
1628:.
1618:.
1508:.
1430:.
1344:^
1314:}}
1310:{{
1207:}}
1203:{{
1163:.
1149:16
1143:.
1124:.
994:,
990:,
972:,
968:,
964:,
860:,
802:.
625:,
616:,
572:A
336:.
319:.
178:ZD
1936:.
1911:.
1885:.
1830:.
1802:.
1757:.
1731:.
1703:.
1689::
1667:.
1655::
1636:.
1614::
1593:.
1568:.
1545:.
1527:.
1491:.
1466:.
1441:.
1415:.
1320:)
1281:.
1227:.
1213:)
1199:.
1107:.
1029:.
1006:.
563:C
431:.
388:(
360:.
279:(
265:e
258:t
251:v
57:)
53:(
43:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
