liminfo

SCADA Reference

Free reference guide: SCADA Reference

24 results

About SCADA Reference

The SCADA Reference is a comprehensive quick-lookup guide for Supervisory Control and Data Acquisition systems used across power grids, water treatment plants, oil and gas pipelines, and manufacturing facilities. It covers the Purdue Model (ISA-95) architecture from Level 0 field devices through Level 4 enterprise systems, including Remote Terminal Units (RTUs) from ABB, Schneider, Emerson, and Honeywell, Master Terminal Unit (MTU) server configurations with hot standby redundancy, tag database design with scan rates and alarm limits, and Historian systems with deadband/periodic/exception storage methods and Swinging Door compression.

Communication protocols are documented in detail: DNP3 with object groups for binary/analog I/O and counters over TCP 20000, IEC 60870-5-104 with ASDU type IDs for single-point, double-point, measured values, and commands over TCP 2404, IEC 61850 substation automation with GOOSE, MMS, and Sampled Values plus SCL configuration files, and OPC DA/OPC UA data exchange with the transition from COM/DCOM to platform-independent OPC UA on port 4840 with X.509 certificate security.

The reference also covers ISA/IEC 62443 industrial cybersecurity with security levels SL 1 through SL 4 and zone-based network segmentation, DMZ architecture between IT and OT networks with dual-firewall design, defense-in-depth strategies per NIST SP 800-82, secure remote access via VPN and jump hosts, and real-world incident case studies including Stuxnet, Ukraine 2015, Triton, and Colonial Pipeline. Additional entries address ISA-18.2 alarm management with priority levels and performance metrics, HMI screen hierarchy design with color standards, trending configurations, reporting, and major SCADA platforms including Siemens WinCC, AVEVA, GE iFIX, and Ignition.

Key Features

  • Purdue Model (ISA-95) five-level architecture with RTU, MTU, Historian, and redundancy configurations
  • DNP3, IEC 60870-5-104, IEC 61850, and OPC DA/UA protocol details with ports, data models, and object types
  • ISA/IEC 62443 cybersecurity framework with security levels, zones, and conduit design principles
  • IT/OT DMZ architecture with dual-firewall topology and allowed traffic flow rules
  • ISA-18.2 alarm management with state transitions, priority levels, and operator load metrics
  • HMI screen hierarchy design (overview, area, unit, detail) with standardized color coding rules
  • Industry-specific SCADA applications for power grid (EMS/DMS), water treatment, and oil/gas pipelines
  • Cloud SCADA and IIoT integration with MQTT/AMQP edge gateways and AWS/Azure/GCP platforms

Frequently Asked Questions

What is SCADA and how does it fit in the Purdue Model?

SCADA (Supervisory Control and Data Acquisition) is a system for monitoring and controlling industrial processes. In the Purdue Model (ISA-95), SCADA servers and HMI stations sit at Level 2 (Supervisory), communicating down to Level 1 PLCs/RTUs and Level 0 field sensors/actuators, while exchanging data upward with Level 3 MES and Level 4 ERP systems.

What is the difference between DNP3 and IEC 60870-5-104?

Both are SCADA communication protocols. DNP3 uses TCP port 20000 and organizes data into object groups (Group 1: Binary Input, Group 30: Analog Input, Group 40: Analog Output). IEC 104 uses TCP port 2404 and structures data as ASDUs with TypeIDs (1: Single-point, 13: Short float measured, 45: Single command). DNP3 is more common in North America; IEC 104 is dominant in Europe and Asia.

What is OPC UA and why is it replacing OPC DA?

OPC DA (Classic) uses COM/DCOM and is limited to Windows platforms. OPC UA (Unified Architecture) is platform-independent, uses port 4840 by default, and provides built-in security via X.509 certificates. OPC UA eliminates DCOM configuration issues and supports modern architectures including cloud and edge computing, making it the recommended standard for new SCADA deployments.

How does IEC 62443 define cybersecurity for SCADA systems?

IEC 62443 establishes four Security Levels: SL 1 prevents casual violations, SL 2 prevents intentional attacks with simple means, SL 3 prevents sophisticated attacks, and SL 4 protects against nation-state level threats. Systems are divided into security zones (SIS, DCS/PLC, SCADA/HMI, enterprise) connected through conduits with defined security requirements.

What is the recommended DMZ architecture between IT and OT networks?

The recommended architecture uses two firewalls: one between the enterprise network (IT) and the DMZ, another between the DMZ and the control network (OT). The DMZ hosts Historian mirrors, patch servers, and jump hosts. The key rule is that OT systems may push data to the DMZ, but IT systems must never have direct access to OT. No direct IT-to-OT traffic is permitted.

How should SCADA HMI screens be designed?

HMI screens follow a four-level hierarchy: Level 1 Overview shows the entire process, Level 2 Area provides zone-level detail, Level 3 Unit gives equipment-level control, and Level 4 Detail covers loop diagnostics. Use gray backgrounds to reduce eye fatigue, green/white for normal status, red for emergency alarms, orange for warnings, and green for running equipment with gray for stopped.

What are the ISA-18.2 alarm management best practices?

ISA-18.2 defines alarm states (Normal, Active-Unacknowledged, Active-Acknowledged, Normal-Unacknowledged) and four priority levels: Emergency (immediate action), High (within 10 minutes), Medium (within 30 minutes), and Low (next patrol). The target performance metric is fewer than 6 alarms per hour per operator on average.

What major SCADA cybersecurity incidents are documented?

The reference covers four landmark incidents: Stuxnet (2010) which targeted Iranian centrifuge PLCs, the Ukraine power grid attack (2015) causing 230,000-customer blackouts, Triton/TRISIS (2017) which targeted safety instrumented systems (SIS), and the Colonial Pipeline ransomware (2021). Key lessons include mandatory OT/IT network separation, USB/removable media controls, systematic patch management, and anomaly behavior monitoring.