All components that are discussed in this writing can be found in the two types of ICSes: Supervisory Control and Data Acquisition (SCADA) and Distributed Control System (DCS). An ICS environment often combines SCADA and DCS technologies in order to incorporate attributes from both systems.
In practice, these components in their entirety are the driving force behind the three basic operations in the ICS:
- Control loop: Consists of sensors for measurement and controller hardware (e.g., programmable logic controllers, actuators, motors, control valves, switches and breakers). Sensors collect and then pass on controlled variables to the controllers
- Human-machine interface: Operators configure control algorithms and opt for parameters in the controller hardware via an HMI displaying the status information pertaining to a specific process
- Remote diagnostics and maintenance utilities: Devices whose primary function is to identify and recover from failure or prevent it from the outset
Enough with the basics — let’s go through these ICS components.
It is the control server that communicates with subordinate control devices across an ICS network via supervisory control software.
Input/output server (I/O server)
It collects, buffers and provides access to process information from sub-components (PLCs, RTUs and IEDs). Operators can use I/O servers to interact with third-party control components such as a control server or HMI.
Master Terminal Unit (MTU)
As the name suggests, the MTU (which is also called the SCADA server) operates as a master server in an ICS network, whereas PLC devices and remote telemetry units (RTUs) that are dispersed all over the field sides operate as slaves. In short, this device sends commands to RTUs in the field.
There is a general need for a device to log all processed data within an ICS and perform different planning and report functions. This need is met by a centralized database that takes care of these activities.
Each measured item is assigned a tagname, timestamp, value and data quality indicator. Historians log data records for all these data points and store them in the form of a series of secure binary files that provide the option of fast retrieval.
Logging data is to be exported periodically to the corporate IS, where it may serve various purposes: statistical process control, process analysis and planning, among other things.
Remote Telemetry Unit (RTU)
RTUs are field devices equipped with wireless and wired interfaces that support data acquisition and control in remote SCADA stations.
An RTU is controlled via a microprocessor, which receives commands and sends data back to the MTU.
Sometimes RTUs are integrated with Programmable Logic Controllers (PLCs) in one unit. Examples of local operations controlled by these field devices are monitoring of local environment, gathering data from sensor systems and opening/closing of valves and breakers.
Programmable Logic Controller (PLCs)
In SCADA, a PLC is no different than an RTU, while a PLC works as a local controller in DCS.
These field components perform most activities in the system. PLCs accommodate a wide range of input and output signals to sense environments and monitor and control industrial machines (e.g., power devices such as motors, relays and actuators). In essence, a PLC is basically a control component, as it provides management feedback from control devices such as actuators and sensors. It keeps data and operating procedures in their memory and transfer data only if prompted by the MTU.
Security features such as encryption may not be popular among PLCs as these devices would work slower, thus presenting a danger of introducing delay into the control loop.
Under these circumstances, it is no surprise that cybercriminals have managed to directly hack into a PLC or target its built-in connectivity functions on several occasions.
In 2014, an industrial cyberattack on a German steel mill accessed the PLC programming and, possibly, operating systems. From there perpetrators succeeded in decoding the control algorithm, which resulted in massive damage to a blast furnace due to its inability to complete the shutdown procedure.
Programmable Automation Controller (PAC)
This term usually denominates an automation controller that incorporates higher-level instructions, since a PAC combines the capability of a PC with the functionality of a PLC.
Modern PLCs resemble PACs a lot, blurring the lines between the identities of these components. Yet PACs differentiate themselves from PLCs with their more open architecture and modular design. Moreover, PACs have the ability to control and monitor a larger number of complex or high-speed analog I/O (e.g., in a complex automation system or an enormous processing plant).
In a nutshell where advanced automation is performed, PACs are a better choice than PLCs due to the fact that they are best suited to handle applications requiring complex controls.
Intelligent Electronic Devices (IED)
Sensors/actuators are “intelligent” or “smart” because they are able to collect various kinds of data from the ambient environment, communicate it to other devices and conduct local processing and control.
IEDs are key components in terms of control at the local level conducted automatically, since they perform logical processing and control.
Control systems cybersecurity expert Joe Weiss is of the opinion that “[p]rotective relay issues can have real impacts. The 2008 Florida outage shut down power to approximately half the state of Florida for 8 hours because of relay setpoint changes, the 2015 Ukrainian hack shut down power to 230,000 customers by remotely opening breakers, refinery equipment was damaged from using wrong relay settings, and a nuclear plant experienced a loss-of-off-site power condition (the Fukushima condition) after every plant scram because of wrong relay settings.” (Source)
Human-Machine Interface (HMI)
This is where the interaction between humans and machines happens. The HMI consists of software and hardware components stationed usually in control rooms, where operators can monitor the entire chain of processes under control, change control settings, make configurations concerning control algorithms and exercise local processing and control.
Operators can also use the HMI to issue manual overrides in case of an emergency. In practice, an HMI can be a dedicated server to a program on a computer accessed through remote desktop sessions. A graphical user interface (GUI) application can also show status information and historical data amassed by all devices in the ICS system.
All that sounds very convenient, but convenience sometimes comes at a price. Case in point: With added ICS specific features, the BlackEnergy 2 Malware was able to target internet-enabled HMIs. The goal was reconnaissance of the ICS environment, not disruption.
Knowing more about the ICS environment is crucial if you want to ensure everything there works how it’s supposed to. As you can see, each part of the system is there for a reason.
From a security point of view, protecting the whole system means protecting each of its elements. Joe Weiss from Applied Control Solutions said something particularly relevant to this article: “To properly protect you first need to figure out what you have installed in the field and which systems they connected to.”
- Grid at Risk: ControlGlobal.com Highlights MSi’s Digital Relay Cyber Attack & Protection Demo!, Mission Secure, Inc.
- Attack on an Industrial Control System leaves ‘Massive Damage’ at Steel Plant, ICS Engineering Inc.
- Components of an Industrial Control System (ICS) Environment, Trend Micro
- Hijacking a PLC Using its Own Network Features, Dark Reading
- ICS Primer, Josh Stepp
- Introduction and Optimization of Data Historians, Hallam-ICS
- programmable automation controller (PAC), TechTarget
- State of Industrial Control Systems (ICS) in Italy, Voidsec
- What is industrial control system (ICS), Automationforum
- When to use a programmable automation controller (PAC), Motion Control Tips