Industrial Automation and Control System Security Principles
4.5/5
()
About this ebook
Read more from Ronald L. Krutz
Cloud Security: A Comprehensive Guide to Secure Cloud Computing Rating: 0 out of 5 stars0 ratingsAdvanced CISSP Prep Guide: Exam Q&A Rating: 0 out of 5 stars0 ratingsWeb Commerce Security: Design and Development Rating: 0 out of 5 stars0 ratings
Related to Industrial Automation and Control System Security Principles
Related ebooks
Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems Rating: 0 out of 5 stars0 ratingsIndustrial Network Security, Second Edition Rating: 3 out of 5 stars3/5Collaborative Process Automation Systems Rating: 5 out of 5 stars5/5SCADA: Supervisory Control and Data Acquisition, Fourth Edition Rating: 4 out of 5 stars4/5Framework for SCADA Cybersecurity Rating: 5 out of 5 stars5/5Overview of Industrial Process Automation Rating: 4 out of 5 stars4/5Practical Industrial Cybersecurity: ICS, Industry 4.0, and IIoT Rating: 0 out of 5 stars0 ratingsSafety Instrumented Systems Verification – Practical Probabilistic Calculations Rating: 4 out of 5 stars4/5Designing SCADA Application Software: A Practical Approach Rating: 0 out of 5 stars0 ratingsPractical Internet of Things Security Rating: 0 out of 5 stars0 ratingsInduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security Rating: 0 out of 5 stars0 ratingsCommunication and Network Security: CISSP, #4 Rating: 0 out of 5 stars0 ratingsSecuring the Internet of Things Rating: 5 out of 5 stars5/5Modern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsProcess Safety and Big Data Rating: 0 out of 5 stars0 ratingsFunctional Safety from Scratch: A Practical Guide to Process Industry Applications Rating: 0 out of 5 stars0 ratingsCertifiable Software Applications 1: Main Processes Rating: 0 out of 5 stars0 ratingsNIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsHardware Security: A Hands-on Learning Approach Rating: 0 out of 5 stars0 ratingsEmbedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development Rating: 5 out of 5 stars5/5The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsPractical Industrial Data Networks: Design, Installation and Troubleshooting Rating: 5 out of 5 stars5/5Practical Data Communications for Instrumentation and Control Rating: 4 out of 5 stars4/5Practical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems Rating: 5 out of 5 stars5/5Successful Instrumentation and Control Systems Design, Second Edition Rating: 5 out of 5 stars5/5Industrial Process Automation Systems: Design and Implementation Rating: 4 out of 5 stars4/5Practical SCADA for Industry Rating: 4 out of 5 stars4/5Automation Made Easy: Everything You Wanted to Know about Automation-and Need to Ask Rating: 4 out of 5 stars4/5
Technology & Engineering For You
The Art of War Rating: 4 out of 5 stars4/5The Art of War Rating: 4 out of 5 stars4/5Ultralearning: Master Hard Skills, Outsmart the Competition, and Accelerate Your Career Rating: 4 out of 5 stars4/5The Big Book of Hacks: 264 Amazing DIY Tech Projects Rating: 4 out of 5 stars4/5A Night to Remember: The Sinking of the Titanic Rating: 4 out of 5 stars4/5The Right Stuff Rating: 4 out of 5 stars4/5Vanderbilt: The Rise and Fall of an American Dynasty Rating: 4 out of 5 stars4/5How to Disappear and Live Off the Grid: A CIA Insider's Guide Rating: 0 out of 5 stars0 ratingsThe Invisible Rainbow: A History of Electricity and Life Rating: 4 out of 5 stars4/5The 48 Laws of Power in Practice: The 3 Most Powerful Laws & The 4 Indispensable Power Principles Rating: 5 out of 5 stars5/5The Systems Thinker: Essential Thinking Skills For Solving Problems, Managing Chaos, Rating: 4 out of 5 stars4/5Longitude: The True Story of a Lone Genius Who Solved the Greatest Scientific Problem of His Time Rating: 4 out of 5 stars4/5The Big Book of Maker Skills: Tools & Techniques for Building Great Tech Projects Rating: 4 out of 5 stars4/5Death in Mud Lick: A Coal Country Fight against the Drug Companies That Delivered the Opioid Epidemic Rating: 4 out of 5 stars4/5U.S. Marine Close Combat Fighting Handbook Rating: 4 out of 5 stars4/5On War: With linked Table of Contents Rating: 4 out of 5 stars4/5The Fast Track to Your Technician Class Ham Radio License: For Exams July 1, 2022 - June 30, 2026 Rating: 5 out of 5 stars5/5Pilot's Handbook of Aeronautical Knowledge (Federal Aviation Administration) Rating: 4 out of 5 stars4/5Artificial Intelligence: A Guide for Thinking Humans Rating: 4 out of 5 stars4/5Broken Money: Why Our Financial System is Failing Us and How We Can Make it Better Rating: 5 out of 5 stars5/580/20 Principle: The Secret to Working Less and Making More Rating: 5 out of 5 stars5/5The CIA Lockpicking Manual Rating: 5 out of 5 stars5/5The ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsSmart Phone Dumb Phone: Free Yourself from Digital Addiction Rating: 0 out of 5 stars0 ratingsNo Nonsense Technician Class License Study Guide: for Tests Given Between July 2018 and June 2022 Rating: 5 out of 5 stars5/5Logic Pro X For Dummies Rating: 0 out of 5 stars0 ratingsThe Complete Titanic Chronicles: A Night to Remember and The Night Lives On Rating: 4 out of 5 stars4/5
Related categories
Reviews for Industrial Automation and Control System Security Principles
7 ratings0 reviews
Book preview
Industrial Automation and Control System Security Principles - Ronald L. Krutz
Notice
The information presented in this publication is for the general education of the reader. Because neither the author(s) nor the publisher has any control over the use of the information by the reader, both the author(s) and the publisher disclaim any and all liability of any kind arising out of such use. The reader is expected to exercise sound professional judgment in using any of the information presented in a particular application.
Additionally, neither the author(s) nor the publisher has investigated or considered the effect of any patents on the ability of the reader to use any of the information in a particular application. The reader is responsible for reviewing any possible patents that may affect any particular use of the information presented.
Any references to commercial products in the work are cited as examples only. Neither the author(s) nor the publisher endorses any referenced commercial product. Any trademarks or tradenames referenced belong to the respective owner of the mark or name. Neither the author(s) nor the publisher makes any representation regarding the availability of any referenced commercial product at any time. The manufacturer’s instructions on use of any commercial product must be followed at all times, even if in conflict with the information in this publication.
Copyright © 2013 International Society of Automation (ISA)
All rights reserved.
Printed in the United States of America.
10 9 8 7 6 5 4 3 2
ISBN: 978-1-937560-63-8
No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the publisher.
ISA
67 Alexander Drive
P.O. Box 12277
Research Triangle Park, NC 27709
Library of Congress Cataloging-in-Publication Data in process
Dedication
To the Pirate Munchkins who have captured my heart:
Patrick, Ryan, Aaron, and Emma
Acknowledgment
I want to thank my wife, Hilda, for her encouragement and support during the writing of this book.
RLK
Contents
About the Author
Foreword
Preface – Industrial Automation and Control System Security: A Component of a Nation’s Critical Infrastructure
Chapter 1 – Industrial Automation and Control System Fundamental Concepts
Industrial Automation and Control Systems
Industrial Automation and Control System Protocol Summary
Issues in Industrial Automation and Control Systems Security
Summary
Review Questions for Chapter 1
References
Chapter 2 – Information System Security Technology
Information System Security Fundamentals
Types and Classes of Attack
Additional System Security Concepts
Policies, Standards, Guidelines, and Procedures
Malicious Code and Attacks
Firewalls
Cryptography
Attacks Against Cryptosystems
Virtual Private Network
Summary
Review Questions for Chapter 2
References
Chapter 3 – Industrial Automation and Control System Culture versus IT Paradigms
Differences in Culture, Philosophy, and Requirements
Considerations in Adapting IT Security Methods to Industrial Automation and Control Systems
IT and Industrial Automation and Control Systems Comparisons from a Standards Perspective
Summary
Review Questions for Chapter 3
References
Chapter 4 – The Continuing Technological Evolution Affecting the Industrial Automation and Control Systems
Important Technological Trends
The Smart Grid and Technological Trends
Mapping of Emerging Technology Issues onto an Example Automation System – The Smart Grid
Summary
Review Questions for Chapter 4
References
Chapter 5 – Risk Management for Industrial Automation and Control Systems
Risk Management
The Insider Threat
Threat Examples Worthy of Note
Summary
Review Questions for Chapter 5
References
Chapter 6 – Industrial Automation and Control Systems Security Methodologies and Approaches
Automation and Control System Security Standards and Guidelines
NIST Special Publication 800-82, Guide to Industrial Control Systems Security
ANSI/ISA-TR99.00.01-2007, Security Technologies for Industrial Automation and Control Systems
North American Electric Reliability Corporation, Critical Infrastructure Protection Cybersecurity Standards
NIST Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems
Department of Homeland Security, Catalog of Control Systems Security: Recommendations for Standards Developers
AMI System Security Requirements
Department of Defense Instruction Number 8500.2, Information Assurance (IA) Implementation
Consolidation of Best Practices Controls for Industrial Automation and Control Systems
Summary
Review Questions for Chapter 6
References
Chapter 7 – Industrial Automation and Control System Security Training
Background
Training Sources and Approaches
Training Support Guidelines
Common Training Subjects
Summary
Review Questions for Chapter 7
References
Chapter 8 – Future Industrial Automation and Control System Approaches and Issues
Automation and Control System Trends
Formal Methods Used to Quantify and Standardize Important Concepts and Applications
Future Smart Grid Issues and Automation Security Issues
Summary
Review Questions for Chapter 8
References
Appendix A – Review Questions and Answers
Glossary and Acronyms
Bibliography
About the Author
RONALD L. KRUTZ, Ph.D., P.E., CISSP, ISSEP
Dr. Krutz is Chief Scientist for Security Risk Solutions, Inc. He has more than thirty years of experience in industrial automation and control systems, distributed computing systems, computer architectures, information assurance methodologies, and information security training. He has been a Senior Information Security Consultant at Lockheed Martin, BAE Systems, and REALTECH Systems Corporation, an Associate Director of the Carnegie Mellon Research Institute (CMRI), and a professor in the Carnegie Mellon University Department of Electrical and Computer Engineering. He was also a lead instructor for (ISC)² Inc. in its Certified Information Systems Security Professionals (CISSP) training seminars. Dr. Krutz founded the CMRI Cybersecurity Center and was founder and Director of the CMRI Computer, Automation and Robotics Group.
He coauthored the CISSP Prep Guide for John Wiley and Sons and is coauthor of the Wiley Advanced CISSP Prep Guide; the CISSP Prep Guide, Gold Edition; the Security + Certification Guide; the CISM Prep Guide; the CISSP Prep Guide, 2nd Edition: Mastering CISSP and ISSEP (Information Systems Security Engineering Professional); the Network Security Bible; the CISSP and CAP (Certification and Accreditation Professional) Prep Guide, Platinum Edition: Mastering CISSP and CAP; the Certified Ethical Hacker (CEH) Prep Guide; Cloud Computing Security; and Web Commerce Security. He is also the author of Securing SCADA Systems and of three textbooks in the areas of microcomputer system design, computer interfacing and computer architecture. Dr. Krutz has seven patents in the area of digital systems and has published more than 30 technical papers.
Dr. Krutz also serves as consulting editor for the John Wiley and Sons Information Security Certification Series and is a Senior Fellow of the International Cyber Center of George Mason University.
Dr. Krutz holds B.S., M.S., and Ph.D. degrees in Electrical and Computer Engineering and is a Registered Professional Engineer in Pennsylvania.
Foreword
Why should we care about the security of industrial automation and control systems? Surely these systems are isolated, segmented, and already well protected. After all, they control manufacturing plants, oil refineries, power plants, and other elements of our critical infrastructure. We know that we can’t just casually saunter through the main entrance of a pipeline control center or power plant without the proper credentials … but without adequate automation system security controls, the virtual back door may be wide open to uninvited visitors.
It’s easy to recognize the potential for harm if industrial automation and control systems were to be manipulated by adversaries, and there are real-world scenarios that both demonstrate such capability and make it clear that there are individuals or organizations with the motive. An obvious example is the Stuxnet family of worms, which have targeted control systems including those purportedly used by Iranian organizations for uranium enrichment.
Industrial automation and control systems are a hidden but integral part of our daily lives. Their components include programmable logic controllers (PLCs), programmable automation controllers (PACs), intelligent electronic devices (IEDs), SCADA servers, and remote terminal units (RTUs), which respond with specific output signals based on the commands they receive. A simple example is a PLC that receives an input signal or command from a sensor, such as a temperature sensor on a machine in an industrial production line. When an alarm condition is detected, the output signal might shut down the machine to avoid overheating and potential damage or fire. With the widespread proliferation of computing and network technologies (e.g., high bandwidth wireless technology and broad availability of the public Internet), a natural evolution has been the development of software systems to monitor, control, and manage critical infrastructure and manufacturing systems.
So how do we figure out what the next Stuxnet, Duqu, Flame or other malicious code that targets industrial control systems might be capable of? What other threats to industrial automation and control systems exist (or may exist in the future) that our critical infrastructure might be vulnerable to, and what can we do about them?
To help answer these questions, Dr. Krutz describes the conditions that expose our critical infrastructure to network-based threats, and presents a method for identifying, prioritizing and mitigating the associated risk. Dr. Krutz seamlessly fuses his deep knowledge of information security risk management techniques with his impressive engineering experience to articulate a readily actionable approach to improving the confidentiality, integrity and availability of industrial automation and control systems through effective risk management.
This book is a compelling eye-opener for organizational leaders and a must read
for anyone involved in the management, engineering, or operation of any aspect of our critical infrastructure.
Johnathan Coleman
Principal, Security Risk Solutions Inc.
Preface
Industrial Automation and Control System Security: A Component of a Nation’s Critical Infrastructure
As defined by ANSI/ISA-99.00.01, industrial automation and control systems (IACS) include (but are not limited to) distributed control systems (DCSs), programmable logic controllers (PLCs), remote terminal units (RTUs), intelligent electronic devices, supervisory control and data acquisition (SCADA) systems, networked electronic sensing and control, and monitoring and diagnostic systems.
A SCADA system provides the ability to obtain information from remote installations and to send limited control commands to those installations. Industrial control systems (including DCSs, PLCs, and intelligent electronic devices) comprise real-time elements that control critical industrial processes in a wide variety of applications.
Before the advent of local area networking, computer-based industrial automation and control systems were generally isolated from the outside world and used their own proprietary communication protocols. Eventually, as networking technology improved, interconnectivity among plants and other corporate units emerged as a way of obtaining increased knowledge of plant operations and more efficient management of resources.
With the maturation of the Internet and browsers, the TCP/IP protocol and Ethernet LANs found their way into supervisory control and data acquisition systems as well as process and manufacturing plant control systems.
In addition, computing platforms such as PCs running Windows were adopted for reasons of lower cost and standardization. However, with these advantages came the disadvantages of vulnerabilities and exposure to threats that plague these platforms.
There is also an emerging trend in many organizations toward consolidating some overlapping activities in IACS and corporate IT systems. This trend is motivated by the cost savings achievable by avoiding the use of disparate platforms, networks, software, and maintenance tools and by an increased capability to run the total organization more efficiently and effectively.
An important issue associated with the merging of these two systems is that, in many cases, both IACS and corporate IT environments use the same security model. This overlap introduces the possibility of the corporate Internet connection exposing critical operations to additional threats and compromising the real-time, deterministic requirements of plant control systems. The emergence of the Stuxnet worm, aimed specifically at PLCs that transmit and receive real-time control bits, highlights the sophisticated threats that exist today and the critical need for IACS-optimized system security methods. Follow-up malware such as the Flame or Flamer virus that have appeared portend a trend of future attacks on these critical systems.
This book develops a novel approach to securing industrial automation and control systems by generating applicable, useful, protection principles through the merging and adaptation of the best industrial and governmental standards and practices.
Chapter 1
Industrial Automation and Control System Fundamental Concepts
The material in this chapter provides basic coverage of industrial automation and control system components and terminology, including supervisory control and data acquisition (SCADA) systems and distributed control systems (DCSs). However, because the focus of this book is the security of these systems, this chapter is not designed to be a comprehensive tutorial on industrial automation and control systems. The material assumes that the reader is familiar with these systems and communications terminology.
Note that the term DCS is also used to refer to digital control systems, but, unless otherwise stated, in this book DCS will denote a distributed control system.
Industrial Automation and Control Systems
Over the years, as industrial automation and control systems have evolved into distributed control systems and SCADA systems, the associated terminology has meant different things to different people. Control engineers, software engineers, plant personnel, and management have attached different meanings to commonly used terms such as distributed control systems, industrial control systems (ICSs), supervisory control systems, and SCADA systems.
This situation has been further complicated by the migration from relay logic, to programmable logic controllers (PLCs), to microcomputers, to the use of local area networks, Windows platforms, standard buses, and so on.
To establish a solid foundation for the material in this book, the definitions from ANSI/ISA-99.00.01-2007¹ and NIST Special Publication 800-82² will be used.
ANSI/ISA-99.00.01 defines industrial control systems, distributed control systems, PLCs, and SCADA systems as belonging to the class of industrial automation and control systems (IACSs). Specifically, ANSI/ISA-99.00.01 states that an industrial automation and control system is:
A collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process. These systems include, but are not limited to:
a. industrial control systems, including distributed control systems (DCSs), programmable logic controllers (PLCs), remote terminal units (RTUs), intelligent electronic devices, supervisory control and data acquisition (SCADA), networked electronic sensing and control, and monitoring and diagnostic systems. (In this context, process control systems include basic process control system and safety instrumented system [SIS] functions, whether they are physically separate or integrated.)
b. associated information systems, such as advanced or multivariable control, online optimizers, dedicated equipment monitors, graphical interfaces, process historians, manufacturing execution systems, and plant information management systems.
c. associated internal, human, network, or machine interfaces used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.
NIST SP 800-82 defines an industrial automation and control system as a general term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCSs), and other control system configurations, such as skid-mounted programmable logic controllers (PLCs) often found in the industrial sectors and critical infrastructures.
In this text, the ANSI/ISA-99.00.01 terminology and definitions will take precedence over others where there are differences.
SCADA Systems
ANSI/ISA-99.00.01 defines a SCADA system as a type of loosely coupled distributed monitoring and control system commonly associated with electric power transmission and distribution systems, oil and gas pipelines, and water and sewage systems.
NIST SP 800-82 describes SCADA systems as:
Highly distributed systems used to control geographically dispersed assets, often scattered over thousands of square kilometers, where centralized data acquisition and control are critical to system operation. They are used in distribution systems, such as water distribution and wastewater collection systems, oil and natural gas pipelines, electrical power grids, and railway transportation systems. A SCADA control center performs centralized monitoring and control for field sites over long-distance communications networks, including monitoring alarms and processing status data.
ANSI C37.1³ defines SCADA as a system operating with coded signals over communication channels to control remote terminal unit (RTU) equipment. The supervisory system may be combined with a data acquisition system by using coded signals over communication channels to acquire information about the status of RTU equipment for display or for recording functions.
A SCADA system comprises both hardware and software, and the classical SCADA system model includes the following components:
•Human-machine interface (HMI) – A program that provides the operator with an easy-to-read graphical and textual display of the SCADA system elements. The HMI displays warnings and alerts and supports the operator in analyzing system performance, spotting trends, and changing controls. Some commonly used HMI software packages are Wonderware, RSView, and iFIX. An HMI is typically resident in the master control center as well as on the plant floor.
•Master terminal unit (MTU) or SCADA server at a master control center – A SCADA element at the control center that provides two-way data communication and control of field devices, such as RTUs, PLCs, PACs, and IEDS. Two-way communications between the MTU and field devices are usually low bandwidth and can be implemented through a variety of technologies, including telephone, VHF/UHF radio, spread-spectrum radio, satellite, and microwave.
•Remote terminal unit (RTU) – In a typical application, the RTU serves as a data concentrator and is an interface between the MTU and field devices, such as PLCs, PACs, or IEDs. The RTU gathers information from the field devices and stores it until interrogated by the MTU. Conversely, the RTU receives commands for the field devices and passes these on to be executed. There are some PLCs or PACs that incorporate the functions of the RTU by communicating with the MTU and providing remote data acquisition and control of field devices, such as actuators and pumps.
•Programmable logic controller (PLC) – A PLC is defined as a solid-state control system that has a user-programmable memory for storing instructions for the purpose of implementing specific functions, such as I/O control, logic, timing, counting, three-mode (PID) control, communication, arithmetic, and data and file processing.
³ A PLC uses a standard instruction set, such as IEC 61131-3, to implement control logic functions. IEC 61131-3 is a vendor-independent international standard for PLC programming languages for industrial automation. It includes standards for the following PLC programming languages:
–Function block diagram (FBD)
–Instruction list (IL)
–Ladder diagram (LD)
–Sequential function charts (SFC)
–Structured text (ST)
•Programmable automation controller (PAC) – A PAC is similar to a PLC, but has additional capabilities, such as more robust communications, higher-speed processors, integration with organizational databases, and a common development environment for integration of software and hardware components.
•Intelligent electronic device (IED) – IED is a general term for a device that can communicate directly with the MTU or through the RTU and provide direct connections for controlling and polling field equipment, such as actuators.
Classical SCADA systems provide a dependable means of collecting information from multiple RTUs. However, in many current applications, SCADA systems are used in production environments and perform calculations and data analysis in real time on a plant floor, with HMI capabilities. Thus, in many instances SCADA and HMI reside on the same system to perform operations at the equipment level in a real-time data-driven production environment. The discussions in this book are meant to encompass both classical and current SCADA environments.
The SCADA control center serves as the central location for monitoring and analyzing data acquired from the field devices and for sending control commands to these devices. Because of its criticality, in many instances there is a duplicate control center at a backup site connected to the main site by a wide area network (WAN). Additional important capabilities that reside in the control center are archiving historical data, providing operations information to business managers and accounting, and restoring lost data. This type of capability is usually provided by a data historian, a real-time relational database, and a yield accounting system.
The data historian acquires and stores data and provides for prompt recovery of that data, if required. It differs from a real-time database in that the historian only archives information and provides no outputs to other system devices. It offers additional capabilities, such as compressing data to store large amounts of data more efficiently and organizing the data into save-sets, which are histories of the system for specific time periods.
A real-time relational database supports interactive storage and retrieval of detailed contextual information when production processes are involved and can interface with business applications, other databases, forms, and XML files.
A yield accounting system interacts with the real-time relational database, processes plant production data, and generates production accounting information. Typical information provided by a yield accounting system includes:
•Inventory discrepancies
•Material balances in different areas of the plant and for the total plant
•Plant material movement
•Total amount of product made by a particular unit
•Total volume of a finished product shipped to a customer over a specified time interval
For planning and scheduling purposes, condensed versions of production data are transmitted from the yield accounting system to the enterprise resource planning (ERP) system for processing.
SCADA systems can be configured in a wide variety of architectures with various components, depending on the application and other plant and corporate requirements. Figure 1-1 is an example of a SCADA system client-server model that incorporates fundamental SCADA elements. The figure is presented to provide a conceptual view of a SCADA system and is not intended to represent all the various SCADA system architectures that are employed in the field.
Distributed Control Systems
A DCS includes a supervisory controller running on a control server and a number of distributed controllers. The supervisory controller transmits data set points to the remote controllers and acquires data from them. The distributed controllers control process elements by communicating with them over a field-bus-type network based on the information received from the supervisor.
Figure 1-1. A client-server SCADA architecture example
ANSI/ISA-99.00.01-2007⁵ classifies a distributed control system as:
A type of control system in which the system elements are dispersed but operated in a coupled manner.
NOTE: Distributed control systems may have shorter coupling time constants than those typically found in SCADA systems.
NOTE: Distributed control systems are commonly associated with continuous processes, such as electric power generation, oil and gas refining, and chemical, pharmaceutical, and paper manufacture, as well as discrete processes such as automobile and other goods manufacture, packaging, and warehousing.
NIST 800-82⁶ defines a distributed control system as control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit.
In a distributed control system, subsystems have their own controller elements to manage local processes and to communicate with an operator console for overall supervisory functions. The individual controllers are integrated and communicate through local area networks. Figure 1-2 illustrates a typical distributed control system. In the figure, the engineering workstation supports distributed system security functions, serves as a development facility, and is used to set alerts and alarm conditions. The operator workstation provides the operator interface and is used by the operator to monitor the distributed control system, sense alerts and critical situations, and conduct system diagnostics.
Safety Instrumented Systems
Safety instrumented systems (SISs) have been widely used in the process industry to maintain a process in a safe condition during a hazardous situation, for example, if critical set points are exceeded or safe operating conditions are breached. SISs are sometimes referred to as safety shutdown (SSD) systems or emergency shutdown (ESD) systems.
ANSI/ISA-84.00.01-2004, Part 1(IEC 61511-1 Mod)⁷ defines an SIS as an instrumented system used to implement one or more safety instrumented functions (SIFs). An SIS is composed of any combination of sensor(s), logic solver(s), and final element(s).
The standard also defines an SIF as a safety function with a specified safety integrity level which is necessary to achieve functional safety and which can be either a safety instrumented protection function or a safety instrumented control function.
Figure 1-3 illustrates the relationship between safety instrumented functions and other process functions.
Figure 1-2. Example of a distributed control system
An SIS is usually implemented in parallel with conventional control systems to reduce the risks associated with explosive or other dangerous environments.
Figure 1-3. Safety instrumented functions vs. other process functions
[Source: ANSI/ISA-84.00.01-2004 Part 1 (IEC 61511-1 Mod)]
Thus, the proper application of an SIS should be preceded by a formal risk assessment to identify possible threats, vulnerabilities, and likelihoods of occurrence. An excellent guide to risk management is NIST SP 800-39⁸, which takes a global, multitiered approach to risk management, where system risk is one part of a hierarchy of risk management levels. The document is aimed toward IT applications, but many of the principles are applicable to industrial automation and control systems. The document describes the following three tiers of an organization-wide risk management paradigm:
1.Tier 1 – Organization: Establishes and implements governance structures consistent with the organizational mission and goals.
2.Tier 2 – Mission/Business Processes: Designs, develops, and implements mission/business processes to support the mission defined in Tier 1.
3.Tier 3 – Information Systems: Integrates risk management activities into the system development life cycle (SDLC) of organizational information systems and addresses the resilience of organizational information systems.
NIST 800-39 will be discussed in more detail in Chapter 5 of this book.
ANSI/ISA-84.00.01-2004 Part 1(IEC 61511-1 Mod) promotes two important concepts associated with an SIS, namely the safety life cycle and safety integrity levels, and defines these terms as follows:
•Safety life cycle – Necessary activities involved in the implementation of safety instrumented function(s) occurring during a period of time that starts at the concept phase of a project and finishes when all of the safety instrumented functions are no longer available for use.
•Safety integrity level (SIL) – Discrete level (one of four) for specifying the safety integrity requirements of the safety instrumented functions to be allocated to the safety instrumented system. Safety integrity level 4 is the highest level of safety integrity; safety integrity level 1 is the lowest.
Figure 1-4 provides a flow diagram of the SIS life cycle phases and functional safety assessment steps. The clauses cited in the figure refer to clauses in the ANSI/ISA-84.00.01-2004 document.
Industrial Automation and Control System Protocol Summary
A protocol defines the rules for entities to use in communicating with each other. In order to better manage communications and compartmentalize the activities required to establish, maintain, use, and close communication links, high-level models are used. In particular, layered