What’s SCADA got to do with your IT department?

Many industrial processes are monitored and remotely managed by SCADA systems. SCADA is an acronym for Supervisory Control And Data Acquisition.

SCADA is regarded as a subset of the broader term for what are termed Industrial Control Systems (ICS). These are computer controlled systems which help keep industrial processes operating within their expected performance envelopes. More importantly, these systems manage processes that exist in the physical world.

Lifting the lid on SCADA

In a typical commercial SCADA system, data acquisition and control are performed by Remote Terminal Units (RTU) and field devices that include functions for communications and signaling. Devices communicate with the control system using protocols such as DNP v3, ICCP and MODBUS. Management information and reports are passed to and from SCADA devices via the following interfaces:

  • Human–machine interface (HMI) – the HMI allows an operator to view and react to process status and events
  • Supervisory system – computers which monitor and send commands to control devices and processes
  • Remote Terminal Units – RTUs convert signals from process sensors to digital data and relay them to the supervisory system
  • Communications infrastructure – connects RTUs to the supervisory system

SCADA systems are often used in manufacturing industry, which has been in a steady decline in Australia from its peak of around 25% in the 1960s to below 10% at the present time.  It is not surprising that, for the most part, that the mainstream IT discussions in Australia seem to ignore SCADA systems, given that the majority of Australian organisations (including Governments) are in the service and related sectors, the need for SCADA systems is limited.

SCADA + IT department = ?

Enterprise IT departments have their origins in the processing of financial and back-office data. Historically IT was known as the EDP Department (Electronic Data Processing).  This is a far cry from the current remit of most enterprise IT functions, which support most, if not all business activities. Contemporary business has become, for the most part, absolutely dependent on the effective running of their IT systems.

However, on the factory floor and in the power stations, water treatment plants and other real-world, physical processes, the types of Information Technology systems have different origins.  Many of the original computer assisted machinery had dedicated, proprietary computers built into the equipment in the form of PLCs (Programmable Logic Controllers), which were used to control the equipment.  As solid state computing power increased, the ability for these embedded devices to perform more powerful, complex processes led to the development of supervisory and control systems, which led to the development of the SCADA system.

Now that most SCADA systems communicate with standard communications and data exchange protocols used by enterprise IT, the divide between the shop floor and the back-office has dissipated, opening up both opportunities for improved functionality, lower cost of operation as well as introducing a vector for security threats and hacking.

Engineers and enterprise IT don’t mix? Or do they?

Question is, are the engineers in your plant or on the shop floor aware of the complexity, volatility and real risks that the industrial espionage and cyber criminal community present to the network and internet attached control systems?

The corollary to question being whether your enterprise IT department is aware of the location and use of all critical SCADA systems that could be a vector for external cyber attack? If they don’t know what SCADA systems ARE, and how to protect them, then time to fix that problem first, and fast!