Advantages & Disadvantage of SCADA system?
RsK
of SCADA system? in practical world?.
best regards,
Rizwan
Jerry Avins
> Any body please tell me briefly what are the Advantages & Disadvantage
> of SCADA system? in practical world?.
SCADA stands for "Supervisory Control And Data Acquisition". There are
many implementations. Can you on your own think of any reasons one might
want to do that?
Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Ben Miller
news:1171249158.3...@a75g2000cwd.googlegroups.com...
Once you know what SCADA (Supervisory Control and Data Acquisiton) is, the
answer becomes obvious. A Google search will give you many good
explanations. It is used by facilities such as water treatment plants, that
are spread out over a large area or multiple buildings, to collect data and
control system operation on a supervisory level. In other words, after
looking at input data, it sends signals to the various PLCs and other
devices to adjust their operating parameters. It would probably not be very
useful or cost effective for a small factory in a single room.
Ben Miller
--
Benjamin D. Miller, PE
B. MILLER ENGINEERING
www.bmillerengineering.com
pieter steenekamp
flavors: SCADA/PLC systems and DCS systems.
A SCADA/PLC system consists of a PLC doing the actual plant control,
with the field instrumentation and actuators wired to it, and the
SCADA being the human interface for it.
A DCS has the plant control and human interfacing combined in one
system.
A SCADA/PLC system is "normally" significantly cheaper than a DCS and
for many applications as good if not better than a DCS.
For some applications, like an oil refinery, a DCS is better, and for
these types of applications it is worthwhile to pay more.
Pieter Steenekamp
jcho...@hotmail.com
One disadvantage is that TCP/IP based SCADA systems are (extremely)
vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst
scenario case, could cause not only financial loss but also loss of
life, directly or indirectly.
Source: Wikipedia
Jerry Avins
Doesn't the vulnerability of any system depend on how access to it is
controlled? Cyberthugs are likely to have a difficult time infiltrating
a SCADA system that uses in-plant wiring. Not every Ethernet connects to
internet.
Paul M
proclaimed to the world:
> Not every Ethernet connects to
>internet.
I run into the same kind of thinking with WiFi. WiFi into a separate
LAN unconnected from the Internet is pretty damn secure. This warped
thinking limits many implementations of technology that would increase
productivity.
Jerry Avins
WiFi is a bit less secure than wire. A member of a local Masonic chapter
asked me to recommend a wireless microphone to use for their meetings. I
asked if he would be happy with someone parked at the curb being able to
tune to it and he dropped the idea.
phil-new...@ipal.net
| Paul M wrote:
|> On Mon, 05 Mar 2007 09:42:37 -0500, Jerry Avins <j...@ieee.org>
|> proclaimed to the world:
|>
|>> Not every Ethernet connects to
|>> internet.
|>
|> I run into the same kind of thinking with WiFi. WiFi into a separate
|> LAN unconnected from the Internet is pretty damn secure. This warped
|> thinking limits many implementations of technology that would increase
|> productivity.
|
| WiFi is a bit less secure than wire. A member of a local Masonic chapter
| asked me to recommend a wireless microphone to use for their meetings. I
| asked if he would be happy with someone parked at the curb being able to
| tune to it and he dropped the idea.
You need the encrypted version.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-200...@ipal.net |
|------------------------------------/-------------------------------------|
phil-new...@ipal.net
|> On Feb 12, 4:59 am, "RsK" <rizkh...@gmail.com> wrote:
|>> Any body please tell me briefly what are the Advantages & Disadvantage
|>> of SCADA system? in practical world?.
|>> best regards,
|>> Rizwan
|>
|> One disadvantage is that TCP/IP based SCADA systems are (extremely)
|> vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst
|> scenario case, could cause not only financial loss but also loss of
|> life, directly or indirectly.
|
| Doesn't the vulnerability of any system depend on how access to it is
| controlled? Cyberthugs are likely to have a difficult time infiltrating
| a SCADA system that uses in-plant wiring. Not every Ethernet connects to
| internet.
But a lot of them do, often indirectly (e.g. break in to something else
first, then hop through).
Use encryption and switch from TCP to SCTP and it could be a lot less
vulnerable, even over the open internet.
Jerry Avins
> In alt.engineering.electrical Jerry Avins <j...@ieee.org> wrote:
> | Paul M wrote:
> |> On Mon, 05 Mar 2007 09:42:37 -0500, Jerry Avins <j...@ieee.org>
> |> proclaimed to the world:
> |>
> |>> Not every Ethernet connects to
> |>> internet.
> |>
> |> I run into the same kind of thinking with WiFi. WiFi into a separate
> |> LAN unconnected from the Internet is pretty damn secure. This warped
> |> thinking limits many implementations of technology that would increase
> |> productivity.
> |
> | WiFi is a bit less secure than wire. A member of a local Masonic chapter
> | asked me to recommend a wireless microphone to use for their meetings. I
> | asked if he would be happy with someone parked at the curb being able to
> | tune to it and he dropped the idea.
>
> You need the encrypted version.
Without encryption, it wouldn't be secure at all.
John Nagle
> jcho...@hotmail.com wrote:
>
>> On Feb 12, 4:59 am, "RsK" <rizkh...@gmail.com> wrote:
>>
>>> Any body please tell me briefly what are the Advantages & Disadvantage
>>> of SCADA system? in practical world?.
>>> best regards,
>>> Rizwan
>>
>>
>> One disadvantage is that TCP/IP based SCADA systems are (extremely)
>> vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst
>> scenario case, could cause not only financial loss but also loss of
>> life, directly or indirectly.
>
>
> Doesn't the vulnerability of any system depend on how access to it is
> controlled? Cyberthugs are likely to have a difficult time infiltrating
> a SCADA system that uses in-plant wiring. Not every Ethernet connects to
> internet.
The problem with these things is that you start out with an in-plant
Ethernet for control, and then somebody wants to put a Windows machine
on it so they can have a user interface for the factory floor workers.
Then people want to use the Windows machine for other purposes, or
the Windows machine insists on a connection to the Internet, and
somebody adds connection to the outside world. Then attacks on the
Windows machine open up a path into the internal control network.
John Nagle
Cameron Dorrough
news:8A1Hh.1332$uo3...@newssvr14.news.prodigy.net...
Yes, it's a problem.. although you generally only need the connection long
enough to set the machine up the first time, training the operators _not_ to
play interactive Doom3 or similar on their operator stations can be a
problem.
One interesting "attack" I'd never thought of before: One of our customers
sites had their entire Ethernet MES taken out by lightning - up the internet
connection, of course. Idiots.. ;-)
Cameron:-)
Jerry Avins
> Jerry Avins wrote:
...
>> Doesn't the vulnerability of any system depend on how access to it is
>> controlled? Cyberthugs are likely to have a difficult time
>> infiltrating a SCADA system that uses in-plant wiring. Not every
>> Ethernet connects to internet.
>
> The problem with these things is that you start out with an in-plant
> Ethernet for control, and then somebody wants to put a Windows machine
> on it so they can have a user interface for the factory floor workers.
> Then people want to use the Windows machine for other purposes, or
> the Windows machine insists on a connection to the Internet, and
> somebody adds connection to the outside world. Then attacks on the
> Windows machine open up a path into the internal control network.
Doesn't "Just say no" work any more?
@@
We use wonderware at a county jail to talk to the door control PLCs. They
won't let me secure the cabinets that the HMI PCs reside in because they
have another PC in there that they encourage the user (Custody officer) to
hard reboot whenever they have issues. I already took the keyboards out so
they couldn't CTRL-ALT-DEL out of wonderware, now I have to disable or
physically remove the CDRom drives, USB ports and eny other connection to
the outside world to eliminate tampering. Great until I ned in in a hurry
to fix something. Already had to rebuild two hard drives due to Officers
rebooting the wrong PC. Not good in an operation that is nearly always
reading and writing to the HD.
Oh well, thats waht happens when been counter don't understand security or
technology!
-Will
"Jerry Avins" <j...@ieee.org> wrote in message
news:_8OdnSCy3f1YX3HY...@rcn.net...
Mike Lamond
"John Nagle" <na...@animats.com> wrote in message
news:8A1Hh.1332$uo3...@newssvr14.news.prodigy.net...
The solution to that is to have the automation LAN isolated and separate
from the corporate LAN. That's what one of our clients has, and it works
very well for them. Except for the ABB Advant Unix boxes, all of the
automation PC's run Windows and their specific app - Xterminals,
DeltaV, Wonderware or iFix. There are also several Windows PC's
on the corporate LAN in the control rooms, and everyone has an
account on the domain. These are used for email, online training,
record keeping, and the other usual stuff.
Mike
Mike Lamond
news:0s-dnRPJd-vScHHY...@comcast.com...
> Damned humans, always the weak link in any system.
>
> We use wonderware at a county jail to talk to the door control PLCs. They
> won't let me secure the cabinets that the HMI PCs reside in because they
> have another PC in there that they encourage the user (Custody officer) to
> hard reboot whenever they have issues. I already took the keyboards out
> so
> they couldn't CTRL-ALT-DEL out of wonderware, now I have to disable or
> physically remove the CDRom drives, USB ports and eny other connection to
> the outside world to eliminate tampering. Great until I ned in in a hurry
> to fix something. Already had to rebuild two hard drives due to Officers
> rebooting the wrong PC. Not good in an operation that is nearly always
> reading and writing to the HD.
>
> Oh well, thats waht happens when been counter don't understand security or
> technology!
>
> -Will
>
wide area network. I think it's possible to put a view client in the County
Executive's office that can access the SCADA servers at any of the waste
water treatment plants.
Mike
Tomi Holger Engdahl
Baddly designed or just old SCADA systems can be vulnerable to
cyberwarefare/cyberterrorism attacks, no matter if they
use TCP/IP or not. A modern well designed SCADA system
based on TCP/IP protocols can be safer than many older systems
bacause uf the use of modern data encryption and authentication
tools.
That are many old system nowadays in use that have quite poor
security on their communications. There are many systems in use
that use radio communications with a protocol that does not
use any ancryption or reliable authentication. You just need
a suitable radio and modem to be able to control the devices
on the field (you need to get to know the used protocol and
device addresses). Not very secure.
--
Tomi Engdahl (http://www.iki.fi/then/)
Take a look at my electronics web links and documents at
http://www.epanorama.net/
Cameron Dorrough
news:lajirde...@pippuri.niksula.hut.fi...
> "jcho...@hotmail.com" <jcho...@hotmail.com> writes:
>
>> One disadvantage is that TCP/IP based SCADA systems are (extremely)
>> vulnerable to cyberwarefare/cyberterrorism attacks which, in the worst
>> scenario case, could cause not only financial loss but also loss of
>> life, directly or indirectly.
>>
>> Source: Wikipedia
>
> Baddly designed or just old SCADA systems can be vulnerable to
> cyberwarefare/cyberterrorism attacks, no matter if they
> use TCP/IP or not. A modern well designed SCADA system
> based on TCP/IP protocols can be safer than many older systems
> bacause uf the use of modern data encryption and authentication
> tools.
For office IT networks, sure, but how many hackers would even know what an
Industrial Ethernet packet looked like, let alone how to manipulate it to
their own purposes? It would look like garbled rubbish to them even if
unencrypted and unauthenticated.
> That are many old system nowadays in use that have quite poor
> security on their communications. There are many systems in use
> that use radio communications with a protocol that does not
> use any ancryption or reliable authentication. You just need
> a suitable radio and modem to be able to control the devices
> on the field (you need to get to know the used protocol and
> device addresses). Not very secure.
Tomi, I think you've been watching too many movies..
I, for one, am not convinced that hacking into a radio network is as easy as
you say. You certainly need more than a radio and a modem. For starters,
you need to know:
1. The frequency band and specific frequencies in use and hope it doesn't
use spread-spectrum.
2. What brand/model of equipment is installed to know which protocols are
supported.
3. The configuration and addressing used on the network.
4. The configuration and routing for the field devices (I/O numbering, etc.)
Jamming it is easy - but then most radio-based systems would have some kind
of hard-wired fallback (eg. leased-line), so that won't do much except ring
alarm bells.
Even as the *designer* of many such systems, I'm not sure I could "hack in"
unless I had deliberately left a back door open somewhere and then later
remembered to document it someplace.
Cameron:-)
Paul M
<JJJm.la...@att.net> proclaimed to the world:
>I think it's possible to put a view client in the County
>Executive's office that can access the SCADA servers at any of the waste
>water treatment plants.
Well that was what the view software was advertised to do. I don't
think it is a bad thing in itself, you just have to look at failure
modes and build decent security. Who wants to take over a waste water
plant anyway?
Everyone seems to bring security issues up but how often has hackers
caused any problems in an industrial control situation? I am also not
saying to leave the door open either. I hear and suffer through a lot
of security installed because of trade secrets protection. I wonder
how much of this really goes on. Trade secrets tend to be inside jobs.
John Nagle
> Well that was what the view software was advertised to do. I don't
> think it is a bad thing in itself, you just have to look at failure
> modes and build decent security. Who wants to take over a waste water
> plant anyway?
See:
"Hacker jailed for revenge sewage attacks"
http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/
An Australian man was today sent to prison for two years after he was found
guilty of hacking into the Maroochy Shire, Queensland computerised waste
management system and caused millions of litres of raw sewage to spill out into
local parks, rivers and even the grounds of a Hyatt Regency hotel.
"Marine life died, the creek water turned black and the stench was unbearable
for residents," said Janelle Bryant of the Australian Environmental Protection
Agency.
John Nagle
@@
"John Nagle" <na...@animats.com> wrote in message
news:bVsHh.1643$uo3....@newssvr14.news.prodigy.net...
Bruce Durdle
"Jerry Avins" <j...@ieee.org> wrote in message
news:_8OdnSCy3f1YX3HY...@rcn.net...
zarlino
Could yu reccomend me for drinking water scada a radio modem pls? what
do you recommend me half-duplex or full-duplex ?
Do you know the best one ?
thank you
Paul M
proclaimed to the world:
>See:
>"Hacker jailed for revenge sewage attacks"
>
>http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/
This was someone who was involved in installing the control system.
That is a lot different from someone doing this cold. I mentioned
somewhere that most security breaches had an inside man involved, as
was this. Even the most secure systems can be defeated by someone
working on the inside to create holes in the system.
daestrom
>
> We use wonderware at a county jail to talk to the door control PLCs. They
> won't let me secure the cabinets that the HMI PCs reside in because they
> have another PC in there that they encourage the user (Custody officer) to
> hard reboot whenever they have issues. I already took the keyboards out
> so
> they couldn't CTRL-ALT-DEL out of wonderware, now I have to disable or
> physically remove the CDRom drives, USB ports and eny other connection to
> the outside world to eliminate tampering. Great until I ned in in a hurry
> to fix something. Already had to rebuild two hard drives due to Officers
> rebooting the wrong PC. Not good in an operation that is nearly always
> reading and writing to the HD.
>
> Oh well, thats waht happens when been counter don't understand security or
> technology!
>
Like a mail-sorting system used by the USPS. Went around teaching all the
regional offices how to startup/use the machine, it included a PC interface.
First thing one guy did was 'prove' how unreliable it was by hitting F2
during the boot up, go into the PC bios and screw it all up. He wanted to
make the point that 'the new system let me screw it up!'
daestrom
Mike Lamond
news:1173353679....@v33g2000cwv.googlegroups.com...
wastewater projects with radio telemetry. If we had favorable conditions,
we used Microwave Data Systems radio modems for the unlicensed
928MHz spread-spectrum band. When more power was required, we
used EF Johnson VHF or UHF radio modems, for which the owner had
to have the frequencies licensed.
This is in the U.S. Your local rules, available products and mileage will
vary.
Mike
Gene S. Berkowitz
daestrom@NO_SPAM_HEREtwcny.rr.com says...
..which probably explains why virtually every BIOS now includes password
protection. A no-cost adder that allows COTS equipment in "hostile
user" (as opposed to "user hostile") environments.
--Gene
Paul Hovnanian P.E.
>
> Any body please tell me briefly what are the Advantages & Disadvantage
> of SCADA system? in practical world?.
> best regards,
> Rizwan
SCADA systems allow one to monitor and control equipment from a remote
location. That's the advantage. The disadvantage is that they cost money
to install and maintain, add additional system failure modes and can be
a security loophole.
--
Paul Hovnanian mailto:Pa...@Hovnanian.com
------------------------------------------------------------------
The world is coming to an end ... SAVE YOUR BUFFERS!!!
kholi...@gmail.com
> Any body please tell me briefly what are the Advantages & Disadvantage of SCADA system? in practical world?.best regards,Rizwan