A Process Control Network (PCN) is a network composed of real-time industrial control systems which manage, monitor and control industrial infrastructure. PCNs make use of software, hardware, networks and their connectivity for accessing, controlling and transferring data with each other. PCNs are also known as Distributed Control Systems (DCS) or Supervisory Control and Data Acquisition (SCADA).
SCADA systems are used in various production environments. To name a few, they are used in power generation, wastewater treatment/purification, transportation systems, oil/gas pipeline/production, wind farms and more.
PCN overview and setup
PCN networks more or less consist of the following components:
Human-Machine Interface (HMI): The Human-Machine Interface (HMI) is a device which shows data to the human operator for monitoring and controlling remotely installed systems. Examples include command-line interfaces, web-based interfaces, touchscreen interfaces and Graphical User Interface (GUI)
Programmable Logic Controller (PLC): The Programmable Logic Controller (PLC) is a kind of controller for various processes like water flow and water level, speed, status of valve, temperature and so on. A PLC has a set of inputs for various processes and accordingly produces outputs for controlling them
Remote Terminal Unit (RTU): The Remote Terminal Unit (RTU) is a system which is connected to various sensors involved in the process. It converts sensor data to digital form and sends it to SCADA systems
Master Terminal Units (MTU): Master Terminal Units (MTUs) is the master of the PCN network. What the CPU is to the computer, MTU is to the PCN. They are central monitoring and control stations which control multiple RTUs placed at remote locations
General overview of PCN communication
The steps listed below give a small overview of how communication happens in the PCN. They are:
End user/operator has access to the Human-Machine Interface (HMI)
The HMI is further connected to the Master Terminal Unit (MTU), whose role/job is to control the Remote Terminal Units
These RTUs monitor and control various Programmable Logic Controllers (PLCs), and PLCs are connected to various actuators and sensors deployed at a remote location
Communication network options
The communication steps mentioned above can transfer and receive data through a number of mediums. Below are a few of them:
Telephone line (for system utilizing electric signals)
Usage of communication medium relies on many factors like the finance involved in setting up the PCN system, legacy of SCADA systems, infrastructure setup requirements and so on.
PCN architecture development
PCN systems have existed since the 1970s and have been through four generations. They are:
Standalone/monolithic: These systems were the first/earliest SCADA systems involving minicomputers. These systems were standalone systems and weren’t connected to other systems. The protocols used were written and developed by RTU equipment vendors and were proprietary
Distributed: In distributed systems, all the data and information processing were distributed among multiple stations/systems and these stations were connected in a LAN. Each station/system was assigned a particular task, and they shared information with other stations/systems in the LAN
Networked: One major improvement in these systems was the use and support of WAN protocols such as Internet Protocol (IP). These systems use the IP protocol for communication with the master station and other equipment for sharing and transferring data. Also, the RTUs used in these generation of systems make use of an Ethernet connection, thus making it easier and simple to monitor, process and control the PCN
Web-based: This is the latest generation of PCNs in which operators make use of web browsers like Chrome and Firefox as the GUI. These systems have been on the market since 2000 and enable operators to access PCN systems from browser-based systems on mobile, server, laptop, tablet and so on
Security in a PCN system
PCN systems and computers perform sensitive and critical tasks for managing and handling critical infrastructure. Thus, these systems are considered to be excellent targets by cyberattackers, and a successful attack on one can incur a huge loss to the country and its economy.
In fact, vulnerabilities and attacks on PCN and SCADA systems have gone up 600% since 2010. (Source)
The main problem with PCN/SCADA systems is that they were not designed to be connected to the internet This means that issues pertaining to the digital security of these systems were not considered during development and design.
PCN security overview
Some of the prime reason why PCN/SCADA systems are so vulnerable are:
Increased connectivity to internet: Many PCN systems are now widely being connected to the internet via LAN or a wireless access point, resulting in an increase in unauthorized access to PCN systems and exposing it to the internet
Lack of server hardening and procedures for the protection of PCN systems
Software: Poor configuration and implementation
Inadequate authentication and authorization
How to mitigate/prevent attacks
Majority of the attacks on PCN systems can be mitigated by implementing available frameworks, legislation and guidelines. The following are the sources for frameworks, legislation and guidelines available:
PCN systems are complex in design and implementation due to integration with different components, but it’s imperative to implement security in these systems. The security audit process must be a part of an industrial system project, and the timely audit of such systems should take place during the entire life cycle of the system.