ARP SCADA DCS the divergence and cyber security issues
24
SCADA/DCS the divergence and cyber security issues Contents Page 1. Introduction......................................... ...........................................1 2. The Component and Architecture of SCADA/DCS............................. 3 2.1. SCADA................................................ .........................................3 2.2. DCS.................................................. ........................................... 5 3. Next Generation........................................... .......................................6
Transcript of ARP SCADA DCS the divergence and cyber security issues
SCADA/DCS the divergence
and cyber security issues
Contents Page
1.Introduction....................................................................................1
2. The Component and Architecture of
SCADA/DCS............................. 3
2.1.
SCADA................................................
.........................................3
2.2.
DCS..................................................
........................................... 5
3. Next
Generation...........................................
.......................................6
4. Security
Issues...............................................
.....................................8
4.1. Cyber Security
Vulnerability........................................
.................8
4.2 Threats
types................................................
...............................10
5. Discussion.........................................................................................12
6.Conclusion...................................................................................14
References............................................................................................15
1
1. Introduction In the past decades, Industrial Control Systems (ICS) have
influenced effectively on all of the aspects of human life.
What is meant here, such as in the field manufacturing,
construction and etc. Especially in the field of remote
control and distributed control. However, at the first
industries were operating manual as Galloway and Hancke
perspective is that '' Initially, control of manufacturing and
process plants was done mechanically either manually or
through the use of hydraulic controllers'' [1], whereas
working manual takes time and exhausts effort. Control systems
were limited to one area or each machine had own control
system. After the use of distributed systems have become
common, the advent of control loops, the advanced electrical
circuits and multiple means of communication, productivity has
become better, and the industrial process needs less time.
One of the popular control systems was introduced in 1960's
[12], is Supervisory Control And Data Acquisition (SCADA)
system. SCADA used for several goals, including taking into
account the human's safety and security, in order to avert
exposure to injuries in places have a hazardous working
environment such as opening and closing valves or switches.
Also, in order to avoid the cost of manual operation and that
by abandoning workers. However the main goal is to provide a
remote control of plants in large geographic areas. As well
as any system has issues, the largest source of concern in
modern SCADA is the security problems. As a result of the
2
system connection with network such as WLAN, which will be
mentioned after. Whereas, early SCADA has problems were
threatening the physical structure of the SCADA system [2].
The other system which will be introduced in this paper is
DCS (Distributed Control System). Almost at the same time, in
1975 Yokogawa the Japanese electrical engineering, and
Honeywell the American multinational company introduced their
own DCSs. This system is commonly used in small geographic
areas, for example to control an oil refineries, electric
power generation plants. Though both systems, SCADA and DCS
have been one blend as explained by Austin Scott in [3][4].
Also, DCS has the same security issue, making the system
threatened by attacks.
The aim of this paper has therefore been to try and
establish what is the difference between SCADA and DCS. The
paper has been organised in the following way. Firstly, there will
be an explanation of the components and the architecture of
both of the systems separately. Secondly, expectation about
the future of SCADA/DCS in terms of the changes that may will
occur on the entities of the systems, to configure the new
system that is a blend of the two systems which called System-
of-Systems (SoS). Then Will be mentioned some of the weak
points in the systems and the threats types facing them.
Thereafter, a discussion will demonstrates and summarizes the
differences and future predictions according to projections in
one of the research papers. Finally, the conclusion will sum
up what has been deduced and presented.
3
4
2. The Component and Architecture of
SCADA/DCS:
2.1. SCADA
Supervisory Control And Data Acquisition (SCADA) one of the
systems that has changed control and remote monitoring
systems. SCADA has facilitated the process of remote
monitoring and remote control in industry system [2]. As an
example of this, the system can monitor or control several
industrial places from thousands of kilometres. SCADA system
is a program operator at the top of the hierarchy of the
industrial network, and its major role is to collect
information and observation by displaying this information to
the user by human machine interface (HMI). And may go beyond
these permissions by sending operation orders to one of the
industrial elements such as an engine to run or substitute
orders which were fixed previously. The significance about
SCADA system is to observe various control hardware dispersed
in large wide geographic areas.
One of the components in these areas is a remote terminal
unit, (RTU) could be one of the forms of (PLC) Programmable
Logic Controller, that indicated as control hardware. The main
terminal that is connected to the RTUs called Master Terminal
Unit (MTU) also called the Master, it could be at a distance
from RTUs. Furthermore MTU can control more than one RTU. The
method of the SCADA system modelling can be affected by the
restrictions obliged by the role of MTU [1]. Also the
5
connection between MTU and RTUs may be one of the traditional
communication means, such as satellite [4], transfer data
information from RTUs or PLCs to MTU to deal with it or
processed if it needed.
Another important element in SCADA is system Intelligent
Electronic Devices (IED) as described by Stouffer, Falco as
a '' “smart” sensor/actuator '', has a role of aggregating
data from the other equipments that are part of the SCADA
system in the industry field, provides data to the SCADA
server.
As it is shown in Figure 1, there are three levels in SCADA
system linked by a LAN, Field Sites, Wide Area Network level,
and Control Centre. Control Centre has three essential
elements, data presenter is HMI, recorder and information
collector from the Field Sites is Control Centre, which is
answerable for alerts, attitude evaluation and maybe produce
commands depending on the results that received from Field
Sites [4].
Figure 1 [4]
6
Furthermore, the Field Side uninitialized with distant
control equipments which have the ability to identify, mend
problems, then deal with this information by exchange it via
dial up modem or WAN. However MTU to RTU connection differ
according to application on the Field Site which called
communication Architecture, as Stouffer, Falco, Scarfone
clarify ''. The various architectures used, including point-
to-point, series, series-star, and multi-drop '' [4] as shows
in Figure 2.
Figure
2 [4]
The advantages of point-to-point are the simplicity, though
every single channel is expensive. For the series pattern the
number of channels decreased, but the intricacy of SCADA also
increased. On the other hand functioning and performance
7
affected by channel sharing, by making a channel for every
device as in the case of the series-star and multi-drop the
performance rise with the rising of intricacy.
2.2. DCS
The similarity between SCADA and DCS (Distributed Control System) is a similarity in pattern of system functionality,
this function is to monitor the sub-control devices and data
obtaining by applying a set of programs.
Part of these programs and hardware taking a place in a
monitoring control loop, which means playing an essential role
by presenting this information to a centralized HMI and
storing it in a data storing device. These sub-controllers
distributed in the same industrial area, consequently they can
be close range of the controlled equipments.
8
Figure 3[4]
In addition, to give an idea how the production process
works in the industrial location, and to decrease the
shortcoming influence of the whole system, there are a
connection between DCS and data collector. So the DCS includes
all layers or levels from the field layer up to supervisory
layer, there are several examples of this system, such as an
oil refineries, electric power generation plants, water and
wastewater treatment [1] [4].
Figure 3 illustrates the four examples of low-level
controllers, in other words the component of the field level
of DCS system, three of them encompasses a process
controllers, a machine controller, PLC uses Fieldbus networks
9
to link the actuator and sensors with the controller. One
single loop controller included actuators and sensors wired by
point-to-point wiring connected to the controllers. The other
loops connected Fieldbus which characterized by properties,
the quality and considerable practicality, identifying
workflow, the ability of fulfilling control algorithms, and
averting signal back to the PLC [4] .
Furthermore, as Stouffer, Falco, Scarfone demonstrate in
[4], when DCS has a discrete controlled section in the plant,
there is another level in-between the two levels that have
mentioned before, the mediate level has a monitor for every
single section, these sections could be a motor controller, or
even a robot controller.
3. Next Generation SCADA passed through several stages which have evolved in terms of the components and the methods of data transferring
or communications, mainly SCADA has experienced three
generations as shown in Figure 4.
The first generation which RTUs linked to monolithic
systems through WAN at the industry field. In the second
generation in terms of making it more productive than the
first generation, the number of system elements became larger,
and were distributed and connected via LAN to involve the
other component information state, of course by taking
proprietary protocols into consideration. In the third
generation network usage to link the components of the system
10
developed using the Internet, distinguished an open structure
and protocols.
However, Karnouskos and Colombo in [5] predicted that next
generation using the internet means forcing the network to
expand in terms of the protocols. And the levels of developed
components of the system will reach a degree of self-control
by using sophisticated technology without any need to ''
single controlling/management authority '' [5]. Self-control
will occur by sharing the pros of high level developed systems
and merge it in SCADA to be SCADA-SoS (System-of-Systems).
11
Figure 4 [5]
Nevertheless, must be noted that in the recent years SCADA
systems have developed in conjunction with DCSs and these days
they have commonalities. This evolution of both systems is due
to the ongoing communications revolution at this time. And
other factors such as the modern computer programs that do not
stop evolving, the developing industrial PCs, and the
application of up to date models such as Service-oriented
Architecture (SOA) and System-of-Systems (SoS) [6].
Consequently, SCADA and DCSs will be influenced by the
development of the progression of software and hardware, and
going to be apart from an advanced SoS.
Based on future projections how both systems will be,
Karnouskos and Colombo built expectations and made a vision
about the next generation. SCADA/DCS will have to deal with
12
many variations, the merged systems have to face challenges in
the real-time collaborating with inner and outer data to
choose the right resolution [5], also the system will be
information driven as well as the communication through the
web.
Furthermore, the elements will see changes, HMI could be
replaced by displaying information from other devices for
instance mobile appliance. But the existence of the Internet
feature, the information could be reached at any time for
example via in-cloud services and that could be a source of
danger.
Because of high ability of intelligent devices RTU, maybe
tasks will be implanted in them or even in the service
mediator. PLCs probably will be characterised with advanced
logical implementation. The main nerve, which is the
communication linking the system elements via internet that's
available everywhere, makes finding resolution easier by fast
connection [5].
4.0 Security Issues
Nowadays, SCADA and DCS are vital and essential systems to
operate the industrial facilities [7]. Therefore, the cyber
threats and the weakness maybe cause damages to the physical
elements, and changing some control settings. There are many
papers assess the risks and the vulnerabilities, such as [7]
13
[2], and this paper will introduce some of the important
weakness points, and a list of the threats.
4.1. Cyber Security Vulnerability
The weakness of protocols:
Since the beginning of using digital communications in DCS
and SCADA systems, which already applied by means of serial
networks such as telephone lines or other electronic-based
media, and the omnipresent RS-232, RS-422, RS-485 standards.
This makes the RTU vulnerable to attacks by accessing the
control network [2], so before using digital signal which
means using analogue signal still both of the systems isolated
from the outside world communication.
Although the weakness of these protocols, such as low
accuracy and limited channel capacity, there was a unification
between communication standards and communication channels.
These protocols supported a certain number of tasks, data
acquisition, and giving orders to points within a remote
device, with not giving priority to security or ignoring it.
So the given orders dealing with them as a clear text without
security procedures [7].
The open access to SCADA and DCS:
Simultaneously, there was a revolution in the world of
communications with the growing trend of technological
development demands, and to ease the communication between the
main controller and the equipments inside the control systems,
there has been dealing with the modern networks. Since the 14
modern networks have features as the capacity and the speed
data transmission, that gives the possibility of accessing via
many access points, whether using Intranet connecting or phone
line [8] [7].
Figure 6 is shown Intranet connecting.
Figure
6 [9]
With the increasing developing modes of communication has
become more sophisticated, using networks as wireless and
Ethernet. As it is known these networks provide connectivity
for SCADA and DCS to the Internet, which are progressively
slightly isolated, because of the public use of these
communication channels [7], at this point these links could
be exploited by unlicensed people or attackers to access the
network and change some of the commands or operations [10].15
Disadvantage of COTS:
Another principle causes a security shortage, is emerged
because of the vulnerabilities of commercial off-the-shelf
(COTS) software section of SCADA and DCS network [7]. As Igure
points out that the failsafe usage of COTS does not mean that
COTS software will not provide security side of the network
[8]. Which makes another application layers interface access,
via using development SCADA protocols work on Ethernet and
TCP/IP based network. This layers such as web interface makes
it easy to penetrate by attackers [2].
4.2 Threats types
The system may be exposed to several threats, because of theevolved communications that characterised by many features,
such as high download speed and upload. However, there are
risks in using those communications, which provide for example
the internet as a chance for attackers to execute their
attacks. SCADA and DCSs will be subjected to the dangers of
over threats, threats may be internal or external. The
internal, by one of the employees to sabotage the system by
logging into one PCs system. Or could be external by attackers
from outside the system network, such as Bot-network
operators, Criminal groups, Phishers, Spammers,
Spyware/malware authors, or Terrorists, these threats threaten
not just both systems but also any devices connected to the
internet .
16
The table shows an overview of the different types of threats
[4]:
17
18
Threat Agent
Description
Attackers Attackers break into networks for the thrill of the challenge or for bragging rights in the attacker community. While remote cracking once required a fair amount of skillor computer knowledge, attackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. Many attackers do not have the requisite expertise to threaten difficulttargets such as critical U.S. networks. Nevertheless, the worldwide population of attackers poses a relatively high threat of an isolated or brief disruption causing serious damage.
Bot-network operators
Bot-network operators are attackers; however,instead of breaking into systems for the challenge or bragging rights, they take over multiple systems to coordinate attacks and todistribute phishing schemes, spam, and malware attacks. The services of compromisedsystems and networks are sometimes made available on underground markets (e.g., Purchasing a denial of service attack or the use of servers to relay spam or phishing attacks).
Criminal groups Criminal groups seek to attack systems for monetary gain. Specifically, organized crimegroups are using spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and organized crime organizations also pose athreat to the U.S. through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop attacker talent. Some criminal groups may try to extort money from an organization by threatening a cyber attack
Foreign intelligence services
Foreign intelligence services use cyber toolsas part of their information gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrines, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures
5. Discussion According to Galloway, Hancke in [1], the main divergence between SCADA and DCS, that SCADA systems are event-driven unlike DCSs are process-driven. What is more SCADA system
concentrate on just informing the changes of the situation of
the observed system, instead of conveying information at
consistent pattern along the operation period. Where as DCSs
are process-driven, that means transmit the information at
consistent pattern all the period of the process operation.
Despite that, both systems seem to do identical tasks.
However, they have a considerably different inner tasks. For
instance DCSs present all the data gained from the controller,
instead of keeping records of these data, to reach high
connectivity. Karnouskos and Colombo in [5], sharing them the
concluded result, by saying '' Additionally SCADA systems are
mostly event-driven while DCS systems generally run
sequentially '', also Greeff and Ghoshal agree with them [11].
Overall, it is assumed from SCADA to work untrustworthy with
untrustworthy connections, whereas DCSs accessing straight
away to data source and thus most recent information values.
This table shows the main difference between SCADA and DCS
[1]:
DCS SCADA Process driven Small geographic areas Suited to large,
integrated systems such as chemical processing
Event driven Large geographic areas Suited to multiple
independent systems such as discrete manufacturing
19
and electricity generation
Good data quality and media reliability
Powerful, closed-loop control hardware
and utility distribution Poor data quality and
media reliability Power efficient hardware,
often focussed on binary signal detection
In addition, Greeff and Ghoshal stated other differences in
their book [11]. In terms of cost SCADA hardware is cheaper
than DCS by 200%, however DCS engineering design is cheaper
than SCADA.
The expected aim by Karnouskos and Colombo to obtain a
system with optimum performance get involves in every side of
industrial life, will not be achieved without the cooperating
of human ecosystem, system elements, practicalities. The
essential aims, event-driven monitoring conjugated with
service-oriented structure, optimal management using high
technology self-configuration, self-healing, self-
optimization, and large levels of security [5].
What can be inferred that the system, possibly will be non-
physical, this means that it may exist only on the Internet in
a simulated world, will assume the existence of devices within
this world from the reality.
20
6. Conclusion
A comparison has been presented between SCADA system and DCS
in this paper, to determine the difference between the two
systems in terms of the internal functions. Also, by comparing
them, the advantages and the disadvantages have become
obvious. The results were consistent of several papers such
as in [1] [5], DCS is process Driven in contrast to SCADA is
an event Driven. SCADA is used in large geographic areas while
DCS is used in small geographic areas. Furthermore, the media
reliability, the control power, and data quality of DCS are
better than the SCADA. Also, DCS hardware is more expensive
than SCADA, but the engineering design of SCADA is more
expensive than DCS.
The vulnerability of protocols, and the open access to
SCADA and DCS, make them under the threat of the attackers
which have been mentioned before. Through the communication
channels as a land line, radio waves, or via satellite, which
the systems often use them to send and receive information
ease for the attackers to get access to these systems.
Therefor, it must be found a solution for these threats, which
in this paper did not address the proposed solutions in some
other research papers. Because this paper aimed to establish a
comparison between SCADA and DCS, and address the cons and
pros.
Previously, SCADA and DCA were two separate systems.
Currently, it is difficult to see the difference between the
two systems, the reason both of them have become a blend. This21
may make the systems sharing each one features, which improves
the performance and effectiveness. In other words, Elements of
both systems merged to become a Hybrid Control System (HCS) as
Greeff and Ghoshal explained in [11].
Based on the expectations, the new system will be a best
features such as self-control system, and the information will
be uploaded in a a sophisticated network such as cloud
network. Also, has the ability to overcome the threats of the
attackers and strengthen the cyber security weaknesses. (SoS)
is expected to be the system of the future to achieve these
goals.
References
[1] B. Galloway and G. P. Hancke, "Introduction to Industrial Control Networks," IIE, vol. 15, pp. 860 - 880, Second Quarter 2013.
[2] J. L. Hieb, "Security hardened remote terminal units for SCADAnetworks," Doctor of Philosophy Dissertation Department of Computer Science and Computer Engineering University of Louisville ProQuest LLC 789 E. Eisenhower Parkway PO Box 1346 Ann Arbor, Ml 48106-1346 February 26, 2008.
[3] A. Scott. ( 2012, September 8 2014). Key Differences between DCS and SCADA Systems
Available: http://www.synergistscada.com/dcs-vs-scada-systems/[4] K. Stouffer, J. Falco, and K. Scarfone, "Guide to industrial
control systems (ICS) security," NIST special publication, pp. 800-82,2011.
[5] S. Karnouskos and A. W. Colombo, "Architecting the next generation of service-based SCADA/DCS system of systems," Melbourne, VIC, 2011.
22
[6] S. Simanta, E. Morris, G. A. Lewis, and D. B. Smith, "Engineering lessons for systems of systems learned from service-oriented systems," in Systems Conference, 2010 4th Annual IEEE,2010, pp. 634-639.
[7] P. A. Ralston, J. H. Graham, and J. L. Hieb, "Cyber security risk assessment for SCADA and DCS networks," ISA Trans, vol. 46, pp. 583-94, Oct 2007.
[8] V. M. Igure, S. A. Laughter, and R. D. Williams, "Security issues in SCADA networks," Computers & Security, vol. 25, pp. 498-506, 2006.
[9] Microsoft. ( 2010, September 10 2014). Separating Internet and Intranet Traffic
Available: http://technet.microsoft.com/en-us/library/dd637769(v=ws.10).aspx
[10] T. Brown, "Security in SCADA systems How to handle the growingmenace to process automation," IET, vol. 16, pp. 42- 47, June/July 2005.
[11] G. Greeff and R. Ghoshal, Practical E-manufacturing and supply chain management: Newnes, 2004.
[12] Wikipedia. ''Distributed Control System'', Wikipedia.org. [Online]. Available http://en.wikipedia.org/wiki/Distributed_control_system [Last Modified: 11 August 2014, [07:05].
23
