ICS – Control Components
The following is a list of the major control components of an ICS (Industrial Control System):
- Control Server. The control server hosts the DCS(Distributed Control Systems) or PLC (Programmable Logic Controllers) supervisory control software that is designed to communicate with lower-level control devices. The control server accesses subordinate control modules over an Industrial Control System network.
- SCADA Server or Master Terminal Unit (MTU). The SCADA Server is the device that acts as the master in a SCADA system. Remote terminal units and PLC devices (as described below) located at remote field sites usually act as slaves.
- Remote Terminal Unit (RTU). The RTU, also called a remote telemetry unit, is special purpose data acquisition and control unit designed to support SCADA remote stations. RTUs are field devices often equipped with wireless radio interfaces to support remote situations where wire-based communications are unavailable. Sometimes PLCs are implemented as field devices to serve as Remote Terminal Unit ; in this case, the PLC is often referred to as an RTU.
- Programmable Logic Controller (PLC). The PLC (Programmable Logic Controllers) is a small industrial computer originally designed to perform the logic functions executed by electrical hardware (relays, switches, and mechanical timer/counters). Programmable Logic Controllers have evolved into controllers with the capability of controlling complex processes, and they are used substantially in SCADA( Supervisory Control and Data Acquisition) systems and DCS (Distributed Control Systems). Other controllers used at the field level are process controllers and RTUs; they provide the same control as PLCs but are designed for specific control applications. In SCADA environments, PLCs are often used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.
- Intelligent Electronic Devices (IED). An IED is a “smart” sensor/actuator containing the intelligence required to acquire data, communicate to other devices, and perform local processing and control. An IED could combine an analog input sensor, analog output, low-level control capabilities, a communication system, and program memory in one device. The use of IEDs in SCADA and DCS systems allows for automatic control at the local level.
- Human-Machine Interface (HMI). The Human-Machine Interface (HMI)is software and hardware that allows human operators to monitor the state of a process under control, modify control settings to change the control objective, and manually override automatic control operations in the event of an emergency. The HMI also allows a control engineer or operator to configure set points or control algorithms and parameters in the controller.
The HMI also displays process status information, historical information, reports, and other information to operators, administrators, managers, business partners, and other authorized users. The location, platform, and interface may vary a great deal. For example, an HMI could be a dedicated platform in the control center, a laptop on a wireless LAN, or a browser on any system connected to the Internet. - Data Historian. The data historian is a centralized database for logging all process information within an ICS. Information stored in this database can be accessed to support various analyses, from statistical process control to enterprise level planning.
- Input/Output (IO) Server. The IO server is a control component responsible for collecting, buffering and providing access to process information from control sub-components such as PLCs, RTUs and IEDs. An IO server can reside on the control server or on a separate computer platform. IO servers are also used for interfacing third-party control components, such as an HMI and a control server.
8 Responses to “ICS – Control Components”
What are the connections to a SCADA network ?
1) Internal local area and wide area networks, including business networks
2) The Internet
3) Wireless network devices, including satellite uplinks
4) Modem or dial-up connections
5) Connections to business partners, vendors, or regulatory agencies
How to secure the transfer of data from the SCADA network to a business networks ?
You can use demilitarized zones (DMZs) and data warehousing.
How to improve the security of a SCADA network ?
1. Identify all connections to SCADA networks
2. Disconnect unnecessary connections to the SCADA network
3. Evaluate and strengthen the security of any remaining connections
4. Harden SCADA networks by removing or disabling unnecessary services
5. Do not rely on proprietary protocols to protect your system
6. Implement the security features provided by device and system vendors
7. Establish strong controls over any medium that is used as a backdoor into the
SCADA network
9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns
10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security
11. Establish SCADA Red Teams to identify and evaluate possible attack scenarios
12. Clearly define cybersecurity roles, responsibilities, and authorities for managers, system administrators, and users
13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection
14. Establish a rigorous, ongoing risk management process.
15. Establish a network protection strategy based on the principle of defense-indepth.
16. Clearly identify cybersecurity requirements
17. Establish effective configuration management processes
18. Conduct routine self-assessments
19. Establish system backups and disaster recovery plans
21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive information regarding SCADA system design, operations, or security controls
What is API Standard 1164 ?
It is a standard for small-to-medium pipeline systems.
The main topics in API 1164 are:
1) Communication
@) Access control
3) Physical security
4) Information distribution
5) Management system
6) Network design and data interchange
interesting post
a very good article about ICS – Control Components