Amalgamation of Internet for SCADA Encompassing Security Issues

Supervisory Control and Data Acquisition (SCADA) systems have been widely used in industry applications. Due to their application specific nature, most SCADA systems are heavily tailored to their specific applications.  In this paper, an Internet based SCADA system is presented. The Internet makes it simple to use standardized Web browsers for data presentation, thus eliminating the need for proprietary host software.

It also eliminates the cost and complexity of long distance communications. In this paper, primary data, i.e. the real time data (data that reflect real- time operational condition of the power system) of the power system, is acquired at every node of outward power/energy flow with the help of a client PC (RTU). The data acquired are sent to a central monitoring station (SCU), which may also be used as a server PC. The program software used in the server PC performs the necessary analysis and display (both numerically and graphically) the data received from the client. With preset values of control parameters, when analyzed data finds the parameters exceeding the preset values, it sends a trip signal to the client PC. Thereafter, the client PC disconnects that node of outward power flow from the sub regional power system. In addition, graphical user interfaces have been introduced in this scheme for both the clients and the server. This scheme has been tested and found to work as per expectations.

INDRODUCTION
SCADA is a term that is used broadly to portray control and management solutions in a wide range of industries [3,4,5,6,7,8]. Some of the industries where SCADA is used are Water Management Systems, Electric Power, Traffic Signals, Mass Transit Systems, Environmental Control Systems, and Manufacturing Systems. E-SCADA, on the other hand, is an Internet-based SCADA (also known as Web-based SCADA). It utilizes the public Internet infrastructure as a communication medium, which facilitates with the versatile supervision and control, not necessarily from a remote control center, but from any part of the world with facilities of World Wide Web. It is a low-cost solution that brings SCADA-like functionality to the masses. Companies are considering using the Internet for SCADA to provide access to real-time data display, alarming, trending, and reporting from remote equipment.

This paper presents a new method of Data acquisition and Control through Internet. This method is proposed for modular protection, power/energy flow control for monitoring and control of a sub-regional area of a power system.

The rest of paper is organized in following sequence: Section II describes the proposed SCADA system in detail. In Section III the software and the various components that are used in it are explained. The security issues of the application of the proposed method and the output are finally demonstrated in Sections IV and V.

INTERNET BASED SCADA AS A SYSTEM

There are many parts of a working SCADA system. A SCADA system mainly includes signal hardware (input and output), controllers, networks, user interface (HMI), communications equipment and software. All together, the term SCADA refers to the entire central system. The central system usually monitors data from various sensors that are either in close proximity or off site. For the most part, the brains of a SCADA system are performed by the Remote Terminal Units (sometimes referred to as the RTU). Most often, a SCADA system will monitor and make slight changes to function optimally. However the system which we have proposed uses a server, which is based on the latest technology available from Microsoft. Our system does not need any expert maintenance and analysis. With the help of the IP address, any site can be selected or a new site can be added to a system and real time client data from different channels can be shown simultaneously in client, SCADA central or in webpages. The most important thing is that the sensors can be tripped physically from anywhere of the total system. Figure 1 shows the remote terminal units connected via LAN. Figure 2 shows the functional block diagram of the proposed Internet SCADA system connected through LAN.

 

SYSTEM DEVELOPMENT
The whole system consists of two different parts - Remote Terminal Unit (RTU) and SCADA Central Unit.

A.  Remote Terminal Unit

An RTU monitors the field digital and analog parameters and transmits all the data to the Central Monitoring Station. An RTU can be interfaced with the Central Station with different communication media. RTU can support standard protocols (Modbus, IEC 60870-5-101/103/104, DNP3, ICCP, etc.) to interface any third party software [1]. Here in each RTU, a Windows based PC is equipped with Ethernet card and each RTU has hardware interfacing circuits that can interact with its local instruments. We have also equipped RTU with a GUI-based software for data acquisition. The RTU operator can communicate with the SCU operator and also with the user who connects to the scheme through web page and Internet using chat box. 

B. Data acquisition - The data acquisition is performed by Data Acquisition Card (DAC) PCL 812 PG. It has 16 bipolar channels [2]. Also the GUI has three list boxes that show current acquisitioned by DAC and are displayed separately for three channels. Thereafter the data is sent to the SCADA Central Unit, which is connected to the RTU through LAN.

C.  Conditions for circuit to run

The circuit under can be stopped by using the “Stop” command, which sends a signal to trip a circuit breaker. This condition of the circuit is updated everywhere in RTU, SCU, web page. When “Stop” command is sent, the “Stop” button is changed to “Restart” button which allows the RTU user to again reconnect the circuit to power supply. This “Restart” facility is only available in the RTU window.

D.   SCU (SCADA Central Unit)

A Windows based PC with an Ethernet Card (100 Base T) is used as a SCU. It is also used for communicating with RTUs through TCP/IP LAN. SCU is equipped with necessary GUI based programs for controlling and monitoring the system. A database is also stored in the SCU server. The database is an important part of an internet SCADA system. Here in our project we have used SQL database and ODBC is used to interface with the database engine. In SCU, there is a program, which can decide itself whether to trip a sensor to disconnect a circuit or not. If necessary it automatically sends trip signal. A view of SCU main screen is shown in Figure 3.

E. SITE CONTROLLER

This site controller has four different options:
i) Open Site: This option dynamically generates the list of all the client sites stored in the database from which any of the sites can be opened. ii) Define New Site: By this option, a new site can be opened with a different option. iii) Global Setting: Set some global settings in the SCADA central unit. iv) Edit/ Delete Site: By this option, any site in the database can be edited or deleted.


Pic---

F. Communication Protocol- The protocol TCP/IP has been chosen for communication and UDP as transport mechanism. As TCP/IP is independent of physical media, a variety of physical networking media like leased line, microwave radio, UHF/VHF radio or satellite can be used [5].

Pic --

G.Visulization and Control-This program receives the data and draws a visual representation of it. The graphics interface of the “Visualization and Control” program shows an inverse time relay characteristics curve for each channel. This program has been located in the SCU. A list box is used as for chat console for doing the purpose of communication between different users.

Pic --

SECURITY ISSUES

Security has always been a major problem in control applications. The open nature of the Internet requires careful consideration of data security measures when implementing Internet-based SCADA systems. Processes, procedures, and tools must be put in place to address availability, integrity, confidentiality, and protection against unauthorized users.

  • Availability: System up time must be maintained at the highest levels through use of redundant servers. Firewall protection must be provided in the servers along with automated monitoring to detect DNS attacks.
  • Integrity: System must ensure data is not modified or corrupted through use of encrypted data signatures, authentication to restrict access, etc.
  • Confidentiality: System must ensure restricted access to data through use of encryption, and to the system by employing authentication such as Secure Socket Layer.
  • Protection against unauthorized users: Multi-layered password protection must be provided at all levels in the system.

 

PROGRAM OUTPUT

The full system was established and tested in the laboratory for experimental basis. Three window based PSs were used as RTU’s. Two window based PCs with necessary equipments is connected through a LAN network. One PC as a SCADA central unit and also as a web server. The SCU has also the data storage facility. The output of the database setup program is shown in Figure 4. The webpage with data is shown in the Figure 6. A view of the RTU setup terminal program is shown in Figure 5.

Pic ----Database setup  - Data shown in the RTU

 

CONCLUSION

This project sought to design the communications backbone of an Internet based SCADA system for use in transferring real-time data from industrial controllers to clients across a network. This system was developed and proved to meet the requirements of a flexible and scalable system suitable for widespread implementation.

Comprehensive research was conducted on SCADA systems to determine the key functionalities required. These functions were identified with respect to their impact on the requirements of the system and were considered in its design. This paper represents an improved scheme for controlling real-time data as well as communicating through the Internet. The scheme was designed using two languages - ASP (Active server pages) and visual basic. This scheme has been tested in lab and was found to work satisfactorily. We came to following conclusions stated below-

  • Internet-based, secure, real-time SCADA provides corporate-wide solution that integrates new and legacy SCADA equipment.
  • Flexibility – choose equipment and systems based on     price/performance rather than compatibility with installed base.
  • Scales quickly from a few sites to thousands.
  • Single solution is suitable for both local and enterprise-wide applications.
  • Subscription service contract option available.
  • Reduces SCADA project risk – customer pays only upon commencement of service.
  • No capital investment is required.


This project has covered only a small portion of the design of a fully functional Internet based SCADA system. There are several areas which future studies should be conducted to improve the functionality of the system. One important area that requires further research is the area of security. This is a major concern for industry and business in general. An Internet based SCADA system will require a relatively impenetrable security system before it is widely accepted.

The implementation of a Quality of Service system to improve the flow of real-time traffic across a network that is shared with non-real-time traffic is also an area that should be researched further.

ACKNOWLEDGEMENTS
I would like to sincerely thank Mr. Kanti Prasad Varshney (Chief Consultant, Department Electromechanical, AF Consult Pvt. Ltd, Noida, U.P) whose guidance has been instrumental in development of this project.


REFERENCES
[1]“Homepage”,http://en.wikipedia.org/wiki/RTU , visited on 14/6/09.
[2]”Homepage”http://en.wikipedia.org/wiki/Data_acquisition, visited on 10/6/09.
[3] Wei Ye, John S. Heidemann , “ Enabling Interoperobility  and Extensibilty of Future SCADA Systems”, Proceedings National Workshop on Beyond SCADA: Networked Embedded Control for Critical Physical Infrastructures, Pittsburgh, PA, USA, November, 2006.
[4] Aung Naing Myint, Hla Soe, Theingi, and Win Khaing Moe, “  Implementation of Control Unit using SCADA System for Filling System”, Proceedings World Academy of Science, Engineering and Technology 46 2008.
[5] K. M. Rahman, M. U. Rahman, M. H. A. Hasanat and K. M. Shazzad, “ GUI Based Integrated  Relaying for SCADA System”, Proceedings  Second International Conference on Electrical and Computer Engineering ICECE 2002, 26-28 December 2002, Dhaka, Bangladesh.
[6] Li Xiao-lei, Zhai Yong, Xu Ru-zhi, “ Research on Data Backup And Recovery Technology in SCADA System”, Proceedings  2009 International Symposium on Web Information Systems and Applications (WISA’09) Nanchang, P. R. China, May 22-24, 2009, pp. 500-503
[7] L. B. Shi,* H. F. Zhou, Peter T. C. Tam, N. C. Chang, Z. B. Du, Y. X. Ni, Felix F. Wu, “Developing a Power System Dynamic Security Assessment System”, Proceedings 2006 International Conference on Power System Technology.
[8] M.T.O. Amanullah, A. Kalam and A. Zayegh, “Information Embedded Power System: The Effective Communication System of the  21ST Century Power System Industry”, Proceedings  Australasian Universities Power Engineering Conference (AUPEC 2004) 26-29 September 2004, Brisbane, Australia.

Thursday,
October 18, 2012
0

Posted By

Views: 33505

Leave a comment