CHAPTER-1

SUPERVISORY CONTROL AND DATA ACQUISITION 1.1 Introduction:SCADA stands for supervisory control and data acquisition. It generally refers to an industrial control system: a computer system monitoring and controlling a process. 1.1.1 Supervision vs. Control There is, in several industries, considerable confusion over the differences between SCADA systems and distributed control systems (DCS). Generally speaking, a SCADA system usually refers to a system that coordinates, but does not control processes in real time. The discussion on real-time control is muddied somewhat by newer telecommunications technology, enabling reliable, low latency, high speed communications over wide areas. Most differences between SCADA and DCS are culturally determined and can usually be ignored. As communication infrastructures with higher capacity become available, the difference between SCADA and DCS will fade. 1.1.2 SCADA Systems concepts The term SCADA usually refers to centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas (anything between an industrial plant and a country). Most control actions are performed automatically by Remote Terminal Units ("RTUs") or by programmable logic controllers ("PLCs"). Host control functions are usually restricted to basic overriding or supervisory level intervention. For example, a PLC may control the flow of cooling water through part of an industrial process, but the SCADA system may allow operators to change the set points for the flow, and enable alarm conditions, such as loss of flow and high temperature, to be displayed and recorded. The feedback control loop passes through the RTU or PLC, while the SCADA system monitors the overall performance of the loop.

Figure 1: SCADA System

14

Data acquisition begins at the RTU or PLC level and includes meter readings and equipment status reports that are communicated to SCADA as required. Data is then compiled and formatted in such a way that a control room operator using the HMI can make supervisory decisions to adjust or override normal RTU (PLC) controls. Data may also be fed to a Historian, often built on a commodity Database Management System, to allow trending and other analytical auditing. SCADA systems typically implement a distributed database, commonly referred to as a tag database, which contains data elements called tags or points. A point represents a single input or output value monitored or controlled by the system. Points can be either "hard" or "soft". A hard point represents an actual input or output within the system, while a soft point results from logic and math operations applied to other points. (Most implementations conceptually remove the distinction by making every property a "soft" point expression, which may, in the simplest case, equal a single hard point.) Points are normally stored as value-timestamp pairs: a value and the time stamp when it was recorded or calculated. A series of value-timestamp pairs gives the history of that point. It's also common to store additional metadata with tags, such as the path to a field device or PLC register, design time comments, and alarm information. 1.1.3 Advantages and disadvantages of scada technology: Advantages of SCADA system include Wide area connective and pervasive; routable; parallel polling; redundancy and hot standby ; large addressing ranges; integration of I.T to automation and monitoring net works; standardization; reduce down time; limit the frequency of accidents; improve record; increase through put. Disadvantages of SCADA Technology include IP performance over head; web enabled SCADA hosts users to remotely monitor, control remote sites via a web browser; security concerns. 1.2 Components of SCADA:A SCADA System usually consists of the following subsystems:

A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through this, the human operator monitors and controls the process.

14

A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process. Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system. Programmable Logic Controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.

Communication infrastructure connecting the supervisory system to the Remote Terminal Units.

1.2.1 Human Machine Interface A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through which the human operator controls the process.

Figure 2: Typical Basic SCADA Animations

An HMI is usually linked to the SCADA system's databases and software programs, to provide trending, diagnostic data, and management information such as scheduled maintenance procedures, logistic information, detailed schematics for a particular sensor or machine, and expert-system troubleshooting guides.
14

The HMI system usually presents the information to the operating personnel graphically, in the form of a mimic diagram. This means that the operator can see a schematic representation of the plant being controlled. For example, a picture of a pump connected to a pipe can show the operator that the pump is running and how much fluid it is pumping through the pipe at the moment. The operator can then switch the pump off. The HMI software will show the flow rate of the fluid in the pipe decrease in real time. Mimic diagrams may consist of line graphics and schematic symbols to represent process elements, or may consist of digital photographs of the process equipment overlain with animated symbols. The HMI package for the SCADA system typically includes a drawing program that the operators or system maintenance personnel use to change the way these points are represented in the interface. These representations can be as simple as an on-screen traffic light, which represents the state of an actual traffic light in the field, or as complex as a multi-projector display representing the position of all of the elevators in a skyscraper or all of the trains on a railway. An important part of most SCADA implementations is alarm handling. The system monitors whether certain alarm conditions are satisfied, to determine when an alarm event has occurred. Once an alarm event has been detected, one or more actions are taken (such as the activation of one or more alarm indicators, and perhaps the generation of email or text messages so that management or remote SCADA operators are informed). In many cases, a SCADA operator may have to acknowledge the alarm event; this may deactivate some alarm indicators, whereas other indicators remain active until the alarm conditions are cleared. Alarm conditions can be explicit - for example, an alarm point is a digital status point that has either the value NORMAL or ALARM that is calculated by a formula based on the values in other analogue and digital points - or implicit: the SCADA system might automatically monitor whether the value in an analogue point lies outside high and low limit values associated with that point. Examples of alarm indicators include a siren, a pop-up box on a screen, or a colored or flashing area on a screen (that might act in a similar way to the "fuel tank empty" light in a car); in each case, the role of the alarm indicator is to draw the operator's attention to the part of the system 'in alarm' so that appropriate action can be taken. In designing SCADA systems, care is needed in coping with a cascade of alarm events occurring in a short time, otherwise the underlying cause (which might not be
14

the earliest event detected) may get lost in the noise. Unfortunately, when used as a noun, the word 'alarm' is used rather loosely in the industry; thus, depending on context it might mean an alarm point, an alarm indicator, or an alarm event. 1.2.2 Hardware solutions: SCADA solutions often have Distributed Control System (DCS) components. Use of "smart" RTUs or PLCs, which are capable of autonomously executing simple logic processes without involving the master computer, is increasing. A functional block programming language, IEC 61131-3 (Ladder Logic), is frequently used to create programs which run on these RTUs and PLCs. Unlike a procedural language such as the C programming language or FORTRAN, IEC 61131-3 has minimal training requirements by virtue of resembling historic physical control arrays. This allows SCADA system engineers to perform both the design and implementation of a program to be executed on an RTU or PLC. A Programmable automation controller (PAC) is a compact controller that combines the features and capabilities of a PC-based control system with that of a typical PLC. PACs are deployed in SCADA systems to provide RTU and PLC functions. In many electrical substation SCADA applications, "distributed RTUs" use information processors or station computers to communicate with protective relays, PACS, and other devices for I/O, and communicate with the SCADA master in lieu of a traditional RTU. Since about 1998, virtually all major PLC manufacturers have offered integrated HMI/SCADA systems, many of them using open and non-proprietary communications protocols. Numerous specialized third-party HMI/SCADA packages, offering built-in compatibility with most major PLCs, have also entered the market, allowing mechanical engineers, electrical engineers and technicians to configure HMIs themselves, without the need for a custom-made program written by a software developer. 1.2.3 Remote Terminal Unit (RTU) The RTU connects to physical equipment. Typically, an RTU converts the electrical signals from the equipment to digital values such as the open/closed status from a switch or a valve, or measurements such as pressure, flow, voltage or current. By converting and sending these electrical signals out to equipment the RTU can control equipment, such as opening or closing a switch or a valve, or setting the speed of a pump.
14

1.2.4 Supervisory Station The term "Supervisory Station" refers to the servers and software responsible for communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI software running on workstations in the control room, or elsewhere. In smaller SCADA systems, the master station may be composed of a single PC. In larger SCADA systems, the master station may include multiple servers, distributed software applications, and disaster recovery sites. To increase the integrity of the system the multiple servers will often be configured in a dual-redundant or hot-standby formation providing continuous control and monitoring in the event of a server failure. 1.2.5 Operational philosophy For some installations, the costs that would result from the control system failing are extremely high. Possibly even lives could be lost. Hardware for some SCADA systems is ruggedized to withstand temperature, vibration, and voltage extremes, but in most critical installations reliability is enhanced by having redundant hardware and communications channels, up to the point of having multiple fully equipped control centers. A failing part can be quickly identified and its functionality automatically taken over by backup hardware. A failed part can often be replaced without interrupting the process. The reliability of such systems can be calculated statistically and is stated as the mean time to failure, which is a variant of mean time between failures. The calculated mean time to failure of such high reliability systems can be on the order of centuries. 1.2.6 Communication infrastructure and methods SCADA systems have traditionally used combinations of radio and direct serial or modem connections to meet communication requirements, although Ethernet and IP over SONET / SDH is also frequently used at large sites such as railways and power stations. The remote management or monitoring function of a SCADA system is often referred to as telemetry. This has also come under threat with some customers wanting SCADA data to travel over their pre-established corporate networks or to share the network with other applications. The legacy of the early low-bandwidth protocols remains, though. SCADA protocols are designed to be very compact and many are designed to send information to the master station only when the master station polls the RTU. Typical
14

legacy SCADA protocols include Modbus RTU, RP-570, Profibus and Conitel. These communication protocols are all SCADA-vendor specific but are widely adopted and used. Standard protocols are IEC 60870-5-101 or 104, IEC 61850 and DNP3. These communication protocols are standardized and recognized by all major SCADA vendors. Many of these protocols now contain extensions to operate over TCP/IP. It is good security engineering practice to avoid connecting SCADA systems to the Internet so the attack surface is reduced. RTUs and other automatic controller devices were being developed before the advent of industry wide standards for interoperability. The result is that developers and their management created a multitude of control protocols. Among the larger vendors, there was also the incentive to create their own protocol to "lock in" their customer base. 1.3 Applications of SCADA:The applications can be industrial, infrastructure or facility-based as described below:

Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.

Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, civil defense siren systems, and large communication systems.

Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption.

14

CHAPTER 2
SCADA IN ELECTRICAL SYSTEM

2.1 Introduction:The economic pressure on the deregulated electricity market has pushed the power grid to operate closer to the limits of the system and its components. The technology of the synchronized phasor measurements has provided an ideal way to monitor and control power systems, in particular during conditions of stress. Based on phasors collected from phasor measurement units (PMUs) in real time at 50 or 100 Hz, it is feasible now for a wide area measurement system (WAMS) to implement fast and reliable state estimation, evaluate stability risks and margins, and take preventive and remedial control actions. However, for the demanding, request upon communication, storage, and processing of data, the number of PMUs is limited and only the key nodes are to be monitored in the WAMS. Therefore, previous research concentrated on optimal location of PMUs and integration of data from SCADA and WAMS. As the ancestor to WAMS, SCADA is a prevalent monitoring system having extensive application. Generally speaking, a SCADA consists of a master station installed in the control center and a series of the remote terminal units (RTUs) in substations and power plants. In each substation and plant, RTUs measure voltage, current, frequency and calculate active and reactive power. These data are uploaded to the master station of SCADA in the control center via a communication network. This system information can only be updated with an interval of 34 s due to the vast number of substations and power plants to be monitored as well as the constraint of limited communication bandwidth. It is generally too slow to capture system dynamics during disturbances. For the prevalence of the SCADA, it is highly preferred to facilitate the SCADA with the capability to reflect system dynamics based on current infrastructure, so that the dispatchers in control center can notice oscillation easily and take action in time, although with a delay of 34 s. This has become an attainable aim with greatly improved SCADA capability during recent years. Firstly, with the emergence and advancement of digital substation automation system using IEC 61850 standard, it is technically feasible for RTUs to collect phasors from electronic instrument transducers within a substation. Secondly, extensive application of optic fiber has improved communication capability of SCADA substantially, although the
14

communication bandwidth will still be overwhelmed by 50 or 100 Hz. Therefore, if the data to be transmitted from the RTUs to the SCADA server can be limited within an acceptable constraint, the SCADA can reflect system dynamics based on the current infrastructure.

Figure 3: Typical electric SCADA network diagram

For many years, Load Break Switchgears (LBS), Circuit Breaker Reclosers (CBR) and municipal substations were designed for operation by utility personnel without remote control. Today, advanced Remote Terminal Units (RTUs) such as the Motorola, ACE3600 can be integrated with wireless data communications to provide more efficient power grid operation. While these RTUs primarily control the remote MV distribution equipment, they can also communicate with co-located Intelligent Electronic Devices (IEDs) that perform tasks such as: power factor monitoring and fault detection via direct connection to 3 phase voltage and current sensor devices connected to the MV grid. For example, the CBR control unit integrates an IED, which detects the fault, instantly trips the switchgear and blocks the flow of fault current. This event is communicated through the RTU to the Distribution Management System (DMS) control center, which can take automated or operator-initiated action to isolate the faulty section and restore power to the healthy parts of the grid.

2.2 SCADA system for Hydro Power Plants

The hydroelectric power stations are undergoing a modernization process for operating optimization. One of the main ways to improve a hydropower development (hydropower station) is to equip it with SCADA-type acquisition and control systems. The system shown in figure is based on an architecture distributed and two hierarchical levels: the process, local level (located in the HPS) and the territorial dispatching level (located in Hydropower Dispatcher level).

Figure 4.Multi-level system architecture

14

The system includes programmable automatic equipments, intelligent electronic devices, data transmission system and computers. The monitoring system connects three distinctly different environments. The substation, where it measures, monitors, controls and digitizes; the Control Room, where it collects, stores, displays and processes substation data; the Dispatcher Center, where it stores and displays incoming data. A communications pathway connects the three environments. Central computer of the data acquisition system, located in the hydro power plant, provides measurements performance according to a preset program, the instrumentation existing at this time and remote communications by RS485 bus, using Master-Slave architecture and IEC1107, Modbus RTU, ASCII protocols. The system includes measurements of the water levels, temperatures and main electrical parameters of the hydro generator. Data and messages through a display on view station.

2.3 SCADA System for a Thermal Power Plant

Today, the supervision of production systems is more and more complex to perform, not only because of the number of variables always more numerous to monitor but also because of the numerous interrelations existing between them, very difficult to interpret when the process is highly automated. The challenge of the future years is based on the design of support systems which let an active part to the supervisory operators by supplying tools and information allowing them to understand the running of production equipment. Indeed, the traditional supervisory systems present many already known problems. First, whereas sometimes the operator is saturated by an information overload, some other times the information under load does not permit them to update their mental model of the supervised process. Moreover, the supervisory operator has a tendency to wait for the alarm to act, instead of trying to foresee or anticipate abnormal states of the system. So, to avoid these perverse effects and to make operators work more active, the design of future supervisory systems has to be human centered in order to optimize Man-Machine interactions. It seems in fact important to supply the means to this operator to perform his own evaluation of the process state. To reach this objective, Functional Analysis seems to be a promising research method. In fact,
14

allowing the running of the production equipment to be understood, these techniques permit designers to determine the good information to display through the supervisory interfaces dedicated to each kind of supervisory task (monitoring, diagnosis, action, etc.). In addition, Functional Analysis techniques could be a good help.

Figure 5:-SCADA system for Thermal Power Plant

14

CHAPTER 3
APPLICATION OF SCADA FOR OIL AND GAS INDUSTRIES 3.1 HPCL Vizag-Secunderabad Multi Product pipeline:Hindustan Petroleum Corporation Limited (HPCL) is Indias second largest integrated oil refining and marketing company operating within the subcontinent of India. The Corporation owns and operates refineries, product pipelines and an extensive distribution network. HPCL operates approximately 20% of the national refining capacity. The Vizag-Secunderabad Product Pipeline (VSPPL) in Andhra Pradesh, Eastern India transports up to 5.4 MMTPA of Motor Spirit, Superior Kerosene Oil, High Speed Diesel, Aviation Turbine Fuel and Naphtha along its 570 km length from the refinery at Visakhapatnam to the distribution terminals at Rajahmundry, Vijaywada, Suriapet and Secunderabad. Due to the nature of the environment, it is critical that a reliable system of distribution monitoring and control is achieved by the efficient use of centralised facilities and staff. A SCADA system with integrated Leak Detections Application software was therefore required to provide this critical function. The contract for the SCADA system was awarded to Serck Controls in 2001 by HPCL. The SCADA Master Control Station (SMCS) is located at the dispatch centre, in Vizag and is based on a fully networked architecture employing multiple computers and workstations. The SMCS comprises two Compaq Alpha Servers for the SCADA facilities in a Main/Standby configuration running Serck Controls Ltd, SCX Software, together with a third server for the pipeline modelling and leak detection application. Three, dual headed workstations are also included. Workstations are equipped with Serck Controls SCX display system providing full graphic mimics with on screen pan and zoom facilities between pipeline overviews and plant equipment details. Data is collected across the system over a fibre optic communications network from the 19 Serck Controls 2000MW Remote Terminal Units (RTU) located at: The pumping/despatch terminal Intermediate pumping station at Suriapet The receipt terminal at Secunderabad
14

 16 pipe section valve, cathodic protection & repeater station sites along the pipeline As well as Vizag, the sites at Rajahmundry, Vijaywada, Suriapet and Secunderabad are manned and as such are provided with a workstation to enable local display of information and equipment control. The workstations are supported over point-to-point channels from a WAN router connected to the dual LAN at Mangalore and the fibre optic communications system. RTUs are connected to the SMCS in multi drop configuration, on dual channels. The communications utilises the IEC 60870-5101 protocol. The system is configured to provide a high operational resilience for the RTUs. In addition, the communications channels are further divided such that no two consecutive RTUs deployed along the pipeline are connected on the same circuit. The communications circuits deployed to achieve this configuration are controlled from individual drivers at the SMCS and the drivers are themselves switchable between the SMCS servers. The RTUs located at the 'Section Valve' sites have direct connection to the plant through discrete signal cabling. At the main sites, product ingress, pumping and egress, which are more complex in their operation, a wider variety of data collection and control output is a requirement. These RTUs integrate a mix of discrete input/output with serial channel connections to intelligent plant devices such as the flow metering and pump controllers. Features Dual redundant, main/standby servers at Vizag. Three dual head local workstations Remote workstations at 4 locations Proteus 2000 RTUs at strategic plant locations Fibre optic communications media Leak detection & location Batch & pig tracking Benefits Centralised monitoring & control facilities in hostile environment Full utilisation of communications availability
14

 Improved efficiency of pipeline management Reduced pipeline maintenance costs Increased level of environmental protection 3.2 BP Teeside to Saltend Ethylene Pipeline (TSEP) The TSEP Alliance of BP with Penspen and Murphy required the extension of the UK ethylene pipeline network. This extension runs south from an off take of the existing Wilton to Grangemouth Ethylene Pipeline (WGEP) line at Teeside to BP Chemicals Limited (BPCL) Saltend facility. Control and monitoring of the new pipeline will be carried out from the Serck Controls SCADA system, located at BP Grangemouth. The scheme comprises a 12-inch NPS diameter pipeline approximately 150 km long. The tiein, to the existing WGEP line, is designed for safety and versatility. All valves up to and including the ESD valve on the off take are to be buried. The off take incorporates metering check valves and pigging facilities. The pipeline incorporates sectioning block valves at intervals to comply with BS8010 Code requirements. The reception facility is located at BPCL Saltend complex and incorporates pigging facilities, isolation and ESD valves. Due to the nature of the environment, it is critical that a reliable system of monitoring and control is achieved with minimum impact on the countryside. The TSEP Alliance had to submit various Safety Evaluation and Environmental Assessment reports to the Department of Trade and Industry (DTI) before approval to build the pipeline was given. As part of these studies, a SCADA system was required to provide the critical safety functions. Overall, pipeline integrity is monitored by leak detection software incorporated in the SCADA system to isolate the sectioning block valves. In addition the safety and integrity of the pipeline is protected using autonomous emergency shutdown systems at the off take and reception sites. Features Dual redundant, main/standby, high resolution Intel Pentium based SCADA servers at BPCL Grangemouth Separate Intel Pentium SCADA workstations in the control room Multi-layered pan & zoom mimics
14

 Dual processor Proteus 2000 RTUs at strategic plant locations Use of secure, duplicated communications media to strategic locations Equipment designed to operate in a hazardous environment Leak detection software Local autonomous ESD systems at takeoff & receipt locations Bi-directional data transfer with existing DCS system at Saltend & to existing Wilton masterstation An environmentally aesthetic kiosk at all sites incorporating comprehensive electrical distribution facilities Penspen Ltd awarded the contract for the SCADA system to Serck Controls in 1999. The system monitors the ethylene off take from the WGEP pipeline at Teeside and the processing complex at Saltend with displays and control facilities available using PC workstations at BP Chemicals Grangemouth. Serck Controls have provided design, supply, testing, installation and commissioning services. These are controlled through detailed project management of all phases of the contract, ensuring that the phased delivery of equipment is in conjunction with the site activities being carried out by other contractors. The BPCL staff also received comprehensive training for both local operators and engineers, such that the operation and maintenance of the system can be undertaken from within the project team. Following the success of the TSEP scheme in May 2001 BP decided to add the Mossmorran to Grangemouth Ethane and Ethylene Pipelines onto the TSEP master station at Grangemouth. Serck Controls provided new RTUs for the line valves and the Despatch and Receipt Terminals supported through additional communications interfaces, at the master station. The two pipelines run from the Exxon and Shell facilities at Mossmorran via a 40 km pipeline under the Firth of Forth to Grangemouth. The pipelines supply basic feedstock for the Grangemouth refinery. An OPC interface has been implemented for the transfer of current data to the BP site wide PI Historian. Benefits Centralised monitoring & control facilities Utilisations of secure communications facilities to provide voice & data links to all sites
14

 Efficient & safe gas transportation Reduced pipeline maintenance costs Increased level of environmental protection Multi-product Pipeline India

3.3 Crude Oil Storage and Loading Terminal for QGPC Qatar
Qatar General Petroleum Company (QGPC) is one of the largest producers of oil in Qatar in the Persian Gulf. Qatar has two major ports that marine tankers can use, at Halul Island and Umm Said. The latter port, some 50 km south of the capital Doha, is the location of the new facility for crude oil storage and loading terminal. The complex receives crude oil from the Dukhan oil field, some 100km northwest of Umm Said on the west coast, and is coupled together with a refined return pipeline network to two tank farms which have 30 storage tanks in total. From these tank farms, the products are conveyed by pipelines to a marine tanker loading terminal 7 km away for loading through two berths into large marine tankers. Serck Controls, in conjunction with local representatives in Doha, were awarded the contract to design, engineer and implement the Supervisory Control and Data Acquisition (SCADA) project. The system primarily provides remote monitoring and control of the storage tanks, flow metering, marine tanker load control and the initiation of the emergency shutdown (ESD) system that are all fundamental to the QGPC operations. Features Dual redundant master station Dual redundant ESD initiation Dual redundant RTUs Fibre optic/copper communication Interfaces to 3rd party devices On-line configuration Mosaic wall mimic The SCADA system comprises of a main control desk, control and monitoring remote terminal units and an ESD RTU at each oil terminal and at the tank farm. Housed within the control desk are the dual-redundant 64 bit DEC Alpha workstations
14

that provide the main operational display and control facilities. In addition to seven flow computers, two process controllers and nine chart recorders, mounted on the desk are comprehensive tile mimics. Within the desk are front-end drivers for interfacing to the seven flow intelligent computers and the two controls and monitoring RTUs that are separately housed in floor standing cubicles. These high reliability RTUs have dual processors and power supplies for complete data security. The RTU at the tank farm is further equipped with serial links for interfacing to tank gauging equipment and the pump condition monitoring units. The two ESD RTUs are standalone units linked by dual serial communication with secure logic implemented by the use of relays. Dual serial links are employed for all critical communications and are either copper/ copper or copper/fibre optic. Benefits Improved operational effectiveness Centralised monitoring & control facilities Dual redundant Alpha AXP system to give high availability High data security

CHAPTER 4
14

MISCELLANEOUS APPLICATIONS

4.1 SCADA System for Fore Street Underpass UK

Edmonton, North London is the district that the route of the Fore Street A1010 road passes through on its way to the city centre. With the advent of the North Circular ring road came the requirement to ensure traffic flow both on the A1010 and on the A406 North Circular. A tunnel under the Fore Street A1010 road wasm considered a necessity. In 1997 Serck Controls were awarded the telemetry SCADA system contract that included the monitoring of all aspects of the tunnel systems from the main incoming electrical supplies to the carbon monoxide levels in the tunnel. This system includes the Serck Controls SCX SCADA MMI software and P2000M outstation. The system currently supports approximately 400 points and achieves a system availability of better than 99%. These systems include support for GrapheX and integration of PLCs using various network media such as fiber and UTP. Services monitored by the Serck SCADA Systems include: Tunnel 11kV electricity supply Tunnel UPS systems Internal tunnel lighting systems HVAC plant Security systems Tunnel emergency systems Tunnel environmental monitoring Tunnel hydrocarbon tank Tunnel pumping systems Silver Street subway pumping systems In addition, specific urgent response alarms are transmitted from the Fore Street Tunnel system to a linked terminal at the Police Control Centre at Chigwell. A further workstation is situated at the authority central workshops at Scratchwood services for remote, access. This enables the user to connect to the system via an ISDN link. Providing users with password codes limiting access to read only or read/ write privileges can protect remote access.
14

Features Unified system Single database True multi-site system Modern SCX software functionality Third party PLC integration ODBC/SQL MIS interface Benefits Simplified hardware support Centralised control Remote & local PC client access System automation Integration with Management Information Systems Open architecture 4.2 Wind Power SCADA Systems The strategically distributed nature of wind power presents unique challenges. Generation is not centralized, generally remote, sometimes offshore, and often covers large geographic areas. These factors usually require a variety of networked interconnections and telecommunication technologies for monitoring and controlling wind power electric generating facilities utilizing SCADA technology. Compromising a SCADA system can lead to a number of undesirable consequences, such as disruption of operations, asset availability, asset misconfiguration (circuit protection), loss of data and confidentiality, loss of consumer confidence, or unsafe conditions. Since current SCADA systems utilize IT, wind turbine/farm designers, purchasers, and providers should incorporate current IT best practices in securing SCADA systems.
Figure 7: Example Scada System For Wind Power Electric Generation

4.3 SCADA System for Filling System

14

A typical SCADA control system consists of one or more remote terminal units (RTU or PLCs) connected to a variety of sensors and actuators, and relaying information to a master station. Fig.1 shows the control system of filling process using SCADA. According to SCADA control system, the hardware components of the filling process are implemented and interfaced between the microcontroller and master station. In this project, the control unit will be used for filling process. But, the four main components will not be used because it is difficult to get the PLC hardware component. So, it will use PIC 16E877A instead of PLC hardware and parallel port as interface communication.

Figure 8: SCADA system for filling system

Analysis of Control Unit This system is two sections in filling process- one is control process of the water level in the tank. This control section will make only the water level. When the water level reaches at the upper level, the pumping motor is OFF from the running mode. On the other hand, it is ON when the water level is at the lower level. Second is the operation of the filling process.

Figure 9: Overall Block Diagram of Control Unit

Firstly, the position sensor will sense the bottles to fill the water whether the specified position on the conveyor or not. If the bottle reaches at this position, the filling motor will be operated. Then, the counter motor will be operated when the bottles reach at the counter sensor to push on the second conveyor and count the number of the bottles to pack when there are ten bottles. If the bottles have not only at the position sensor but also at the counter sensor, it will operate the counter motor to drive the second conveyor motor after the position sensor has operated to drive the filling motor. If the counter has ten bottles, the counter will reset.

14

CHAPTER 5
SECURITY CONSIDERATION 5-1. Environmental threats SCADA equipment installed in C4ISR facilities must be of such design or otherwise protected to withstand seismic effects as well as shock (ground motion) and overpressure effects of weapons. A detailed dynamic analysis should be made of the supporting structure(s) of the equipment enclosures to evaluate the magnitude of motion and acceleration established at the mounting points for each piece of SCADA equipment. Where accelerations exceed the allowable limits of equipment available, the equipment should be mounted on shock isolation platforms. a. SCADA equipment should be protected from the effects of dust, dirt, water, corrosive agents, other fluids and contamination by appropriate location within the facility or by specifying enclosures appropriate for the environment. Care should be taken that installation methods and conduit and tubing penetrations do not compromise enclosure integrity. b. Central computer or control rooms should be provided with dry agent fire protection systems or double-interlocked pre-action sprinkler systems using cross14

zoned detection, to minimize the threat of accidental water discharge onto unprotected equipment. c. Sensors, actuators, controllers, HMI, UPS and other SCADA equipment located throughout the facility should utilize enclosures with a minimum environmental protection level of IP66 per EN 60529 or Type 4 per NEMA 250. Where thermal management issues or other equipment requirements prevent use of such enclosures, alternate means should be provided to protect the equipment from environmental contaminants. d. Facility design must ensure that any facility chemical, biological, radiological, nuclear or explosive (CBRNE) protection warning, alert, or protection systems also protect SCADA systems and utility equipment areas if the mission requires the facility to remain operational in a CBRNE environment. Appropriate coordination and systems integration must occur between SCADA and CBRNE protection systems so that appropriate facility environmental conditions are maintained if the facility experiences a CBRNE attack or incident. 5-2. Electronic threats Electronic threats to SCADA systems include voltage transients, radiofrequency (RF) interference (RFI), RF weapons, ground potential difference and electromagnetic pulse (EMP). These threats can all be largely mitigated by proper design of the systems a. SCADA controllers and field devices are vulnerable to voltage transients coupled through the facility power system from atmospheric (thunderstorm and lightning) effects, transmission and distribution system switching events, and switching of capacitors or inductive loads within the facility. Transient voltage surge suppression (TVSS) should be provided on the power supply circuits to all SCADA equipment and TVSS or optical isolation should be provided on all metallic control and communication circuits transiting between buildings. To avoid the effects of voltage transients, fiber optic cable should be used for all circuits entering or leaving a
14

facility. Fiber media are available for most network applications at the supervisory and control levels (see paragraph 4-1). Field devices typically require metallic conductors, and where these must be run outside or between facilities, they should be provided with TVSS where they cross the facility perimeter. TVSS should be specified to comply with the testing requirements of ANSI C62.34 and should be installed in accordance with IEEE 1100. Selection of TVSS locations and connections should consider that it is most effective when connected directly to the terminals of the device to be protected and provided with a direct low-impedance path to the facility ground system. Incorrect installation methods can readily render TVSS protection ineffective. Protected and unprotected circuits should be physically segregated to avoid capacitive and inductive coupling that may bypass the TVSS. b. C4ISR facilities often contain powerful radio frequency sources which may interfere with control system operation if coupled into control circuits. Other ambient sources of RFI may also exist including commercial signals, electronic counter measures (ECM), and radiated RFI from other equipment within the facility. Design and operation of SCADA systems should address measures to protect against RFI, including: (1) Use of shielded twisted pair or twisted triple conductors for low-level signals. (2) Installation of SCADA wiring in continuous metallic conduit systems. (3) Use of metallic controller enclosures with RFI-gasketed doors. (4) RFI-shielded control rooms and computer rooms. (5) Maintenance practices that maintain the integrity of enclosures. c. Effective shielding to limit RFI to within the required limits for C4ISR facilities is dependent upon the grounding and bonding practices required to provide a unified facility ground. The grounding practices for the earth electrode system, the building structure, the lightning protection system, the power system, and the signal reference system must be integrated to achieve a unified ground system. The particular grounding practices for each of these subsystems are illustrated in MILHDBK-419A, Grounding, Bonding, and Shielding for Electronic Equipment and Facilities. Additionally, specifications and installation designs for new equipment
14

should include requirements to assure electromagnetic compatibility (EMC) between the equipment and the operating environment. These requirements should serve to minimize the susceptibility of the new equipment to EMI that may be present in the operating environment as well as to limit radiated emissions by the equipment to the environment and to existing equipment. (1) Ground potential differences within a facility that may affect SCADA systems are mitigated by proper connection of equipment to the unified grounding system that is required to be provided for all C4ISR facilities. This system ties the electrical service, lightning protection, and all other facility grounds together into a single low-impedance ground grid. Additional grounding requirements for C4ISR facilities may be found in TM 5-690, Grounding and Bonding in C4ISR facilities. (2) Each electrical room within the C4ISR facility which contains electrical equipment should be provided with a ground bus, connected to the unified ground system. SCADA equipment enclosures and internal ground buses should be connected directly to this ground bus, and should not rely solely on an equipment grounding conductor installed with the power supply circuit. (3) All exterior metallic components which penetrate the building, such as metal piping, conduits, and ducts, should be grounded at the point of penetration. All conductive SCADA circuits entering the facility from outside should be provided with TVSS, effectively grounded to the ground grid at the point of entry. (4) Low-voltage shielded cables must be installed to avoid ground loops, which can induce interfering currents on the signal common conductor. Unless otherwise dictated by the equipment manufacturer, cable shields should be grounded at the controller end only, with the instrument end left floating and insulated. (5) On large multi-facility sites potential differences between the different facilities ground systems caused by atmospheric electrical activity and electrical system faults cannot be prevented, in spite of their common connection through
14

the facility primary electrical distribution grounding system. SCADA circuits installed between facilities on these sites should always utilize fiber optic cables or optical signal isolation at the facility perimeter. d. EMP protection requires magnetically continuous ferrous shielding which is not provided by the enclosures of typical SCADA sensors, controllers and actuators. For this reason, all electronic SCADA components must be assumed vulnerable to EMP and must be protected by location, external shielding, or replacement with pneumatic components. (1) Whenever possible, all SCADA components should be located inside the C4ISR HEMP shield. Components that must be located outside the shield, such as sensors at an external fuel storage tank, may be provided with a local HEMPshielded enclosure and circuits routed back to the facility within a shielded conduit system or using pneumatic lines or optical fiber cable. (2) EMP protection for non-conductive penetrations of the facility shield such as pneumatic tubing and fiber optic bundles uses the principle of waveguide below cutoff in which the lines penetrate the facility shield through a high aspect-ratio cylinder or waveguide. The waveguide must be made of a conductive material and must be continuously welded or soldered to the primary EMP shield so that current flowing on the waveguide can be discharged to the primary EMP shield. (3) The maximum inside diameter of a penetration must be 4 inches or less to achieve a cutoff frequency of 1.47 GHz for a rectangular penetration and 1.73 GHz for a cylindrical penetration. The unbroken length of conducting material adjacent to the penetration must be a minimum of five times the diameter of the conducting material (i.e., pipe, duct) to attenuate by at least 100 dB at the required frequencies. (4) The wave guide filter will be specified in terms of the attenuation over a specified range of frequencies in accordance with TM 5-858-5, Designing Facilities to Resist Nuclear Weapons Effects: Air Entrainment, Fasteners,
14

Penetration Protection, Hydraulic Surge Protection Devices, and EMP Protective Devices. e. Equipment located in electrical substations or other areas where electrical systems over 600V exist may be subject to particularly harsh transient voltage and transient electrical field conditions associated with power system faults, lightning strikes, and switching surges. This equipment should be qualified to the industry standards applicable to the withstand capability of protective relays, ANSI C37.90.1, C37.90.2 and C37.90.3, which apply to surge voltage, radiated EMI and ESD, respectively. Testing has shown that both STP and coaxial network communications circuits are subject to communications errors in high transient electric field conditions. For this reason, all network communication within the substation environment should be over fiber optic circuits. Even with a fiber communication circuit, the network equipment connected to the fiber may be susceptible to radiated fields or to conducted interference at the power supply. This equipment should be qualified to IEEE 1613, which requires automatic recovery from transient-induced communications disruptions with no false operation and no human intervention. f. Portable RF weapons of van size down to brief-case size are now commercially available. Many of the above factors will also provide varying levels of protection against this emerging threat. For example, a HEMP shield should provide protections from RF Weapons external to the shield. However, it will provide no protection from an RF Weapon inside the shield. Thus, a critical aspect of protection from this threat is ensuring physical security protection plans, measures, and procedures recognize this threat and mitigate it. Examples of this are to insure that facility guards or security personnel are trained on this threat, are able to recognize RF Weapons, and that procedures are instituted for random or mandatory checks of all items entering the facility. 5-3. Physical security In general, SCADA system equipment should be located inside secured areas having the same degree of security deemed appropriate for the supported systems.
14

However, the electronic nature of these systems provides opportunities for compromise from both inside and outside the secured area that must be addressed. a. HMI devices for controllers that provide access to the entire SCADA system shall use password protected screen access with multiple levels of access control, and automatic logout routines with short time settings. Password policies for screen savers shall be in compliance with established Do D policies (CJCSI 6510.01D). b. Equipment enclosures and pull and junction boxes should be kept locked or secured with tamper resistant hardware. Doors and covers should be provided with tamper switches or other means of detecting attempted intrusion, connected to the site security system. Tamper detection devices should be designed to detect the initial stages of access such as removal of fasteners, unlatching of doors, etc. c. Raceways and enclosures for SCADA circuits external to the secured area should be designed to resist entry by unauthorized persons. Access to field wiring circuit conductors can potentially provide back-door entry to controllers for damaging over-voltages or transients. Outside raceways should consist of rigid steel conduits with threaded and welded joints and cast junction boxes with threaded hubs and tamper proof covers. d. Conduits exiting the secured area should also be sealed to prevent them from being used to introduce hazardous or damaging gases or fluids into enclosures within the secured area. 5-4. Communication and information networks Connections from SCADA systems to networks extending beyond the C4ISR facility or between facilities on a common site introduce the threat of attacks. a. These attacks are of several types: (1) Unauthorized user access (hacking). (2) Eavesdropping; recording of transmitted data.
14

(3) Data interception, alteration, re-transmission. (4) Replay of intercepted and recorded data. (5) Denial of Service; flooding the network with traffic. b. The best defense against these threats is to entirely avoid network connections with other networks within or external to the facility. If they must be used, data encryption techniques should be applied to all network traffic. The following additional means of enhancing security should also be considered: (1) Physically disconnect when not in use; applicable to dial-up connections for vendor service. (2) Use fiber optic media which cannot be tapped or intercepted without loss of signal at the receiving end. (3) One-way traffic; alarm and status transmission only with no control permitted.

5-5. Software management and documentation With the modern complexity and exposure to intentional software damage that can occur in modern industrial controls systems, it is a good practice to implement a Software Management and Documentation System (SMDS). a. A SMDS system is software which resides on a dedicated computer on the plant network that monitors all activities of the control system. Such a system should be required for the control system in an important and complex military facility. It allows the facility administrator to do the following: (1) Control who may use any SCADA application software and what actions can be performed (2) Maintain a system-wide repository for historical storage of the application configuration files (3) Identify exactly who has modified a control system configuration or application parameter, what they changed, where they changed it from, and when the change was made (4) Assure that the control system configuration thought to be running the facility actually is (5) Support application restoration following a catastrophic event
14

(6) Generate views into the Software Management System for more detailed analysis of configuration changes b. Software Management and Documentation systems are available now from the major suppliers of industrial control systems. Having such a system provides the following additional benefits: (1) Avoids maintaining incorrect or incompatible software versions (2) Assures that there are not multiple versions of software on file (3) Prevents multiple users from causing a conflict somewhere on the system (4) Prevents legitimate changes from being reversed or overwritten (5) Supports the availability of the system at its maximum c. Among the specific software that such a system would secure are: (1) PLC programs (2) HMI screens (3) SCADA configurations (4) CAD drawings (5) Standard Operating Procedures (SOPs) (6) Network Configurations

14

BIBLIOGRAPHY
1. 2.

en.wikipedia.org/wiki/SCADA Remote Data Acquisition System for Hydro Power Plants- Proceedings of the 6th WSEAS International Conference on Power Systems, Lisbon, Portugal, September 22-24, 2006

3.

Application of Functional Analysis on a SCADA System of a Thermal Power Plant- Advances in Electrical and Computer Engineering Volume 9, Number 2, 2009 p90-98

4.

Transmitting electric power system dynamics in SCADA using polynomial fitting- www.scichina.com Security & Vulnerability in Electric Power Systems- NAPS 2003, 35th North American Power Symposium, University of Missouri-Rolla in Rolla, Missouri, October 20-21, 2003. pp. 559-566.

5.

6. 7.

Understanding SCADA System Security Vulnerabilities- www.riptech.com Implementation of Control Unit using SCADA System for Filling SystemWorld Academy of Science, Engineering and Technology 46 2008 Communication Vulnerabilities And Mitigations In Wind Power Scada Systems- http://www.sandia.gov/wind/ www.serck-controls.com Technical Manual- Supervisory Control And Data Acquisition (Scada) Systems For Command, Control, Communications, Computer, Intelligence, Surveillance, And Reconnaissance (C4isr) Facilities.

8.

9. 10.

14