SCADA Security Basics: Terminology

Wednesday, September 5, 2012 @ 04:09 PM gHale


Editor’s Note: This is an updated version of a column first published June 14, 2011. This is an excerpt from Eric Byres’ Practical SCADA Security blog at Tofino Security.
By Eric Byres
Recently I saw a posting on LinkedIn asking “What’s the difference between a SCADA system and an ICS system, and if there is no difference, then why do we have two different names?”

This is a good question, because unless you have worked in the industrial automation field for a few decades, the terminology can seem very confusing. Not only do we have SCADA versus ICS, we also have terms like Process Control, Discrete Control, Industrial Automation, Manufacturing Automation Systems, Distributed Control Systems, Energy Management Systems and so on.

RELATED STORIES
ISASecure Means More Security
Flaw in Air Gap Philosophy
ICS, SCADA Myth: Protection by Firewalls
Air Gap Shout Out

Now the quick answer is that Supervisory Control and Data Acquisition (SCADA) is a subset of Industrial Control Systems (ICS).

SCADA generally refers to control systems that span a large geographic area, such as a gas pipeline, power transmission system or water distribution system. I use both terms together because SCADA is often better known by the press, government officials and the public, but ICS is probably the technically correct term to use if you are referring to industrial automation of all types.

But to understand why there are so many terms, you need to look back at the history of industrial control, before the days of the micro-controller.

Because there was no micro-controller, there was no PLC, DCS or SCADA equipment as we know it now. Instead process control systems used mechanical pneumatics for logic, discrete control systems used relays and SCADA used transistors and radio. The differences in underlying technologies meant the systems, the staff, the functionality and the terminologies were all very different.

Now along comes the micro-controller and pretty quickly everyone (especially the vendors) realized the same hardware could theoretically do everything. I say “theoretically” because over the years each vertical had developed a lot of expertise and expectations (and habits) that made it hard to move into another vertical.

For example, as a process engineer in the 1980s, I used to laugh when Allen Bradley would say you can use their PLC-5 for process control because it has a PID controller. Sure that PLC had a PID function block, but it was missing 90% of the features the process engineers had grown to expect on a DCS. Similarly, trying to do high speed discrete control on a DCS in the 1980s was possible, but a hair pulling exercise. Ditto for using a PLC as a Remote Terminal Unit on a SCADA system; while I never actually tried that, I heard some nasty tales.

Today all the vendors are slowly converging on products that really can move into the other spaces. However there still is a lot of experience and tradition that makes this unlikely. As well, products have been optimized to perform best in a given vertical. So while I probably could use a PLC for controlling a section of refinery, a DCS from a company like Honeywell, Yokogawa, Emerson or Invensys is a more likely choice.

Now in the technology scramble of the last 30 years, many people have debated possible terms that would include all forms of industrial automation. These debates often got very heated.

Some of the suggestions were:
• Industrial Control System (ICS) – a contender
• Industrial Automation (IA) – another contender
• Manufacturing and Control Systems (M&CS) – used by the ISA99 committees until 2006
• Industrial Control and Automation Systems (ICAS) – now used by the ISA99 committee
• Control Systems – too general as it would encompass things like build automation and even home appliances
• SCADA – as an all-encompassing term, SCADA fails because all us old-timers think of SCADA as wide area control for pipelines, power transmission, etc. (We all wince when someone points to the DCS in a refinery and tries to call it SCADA).

So after hours of debate, quite a few control engineers have settled on the term “Industrial Control System” (ICS) as the catch-all term. But because ICS is not yet generally known by the layperson, I also use SCADA when I am speaking or writing (of course I also use “SCADA” when I really mean wide area SCADA).

Hopefully this helps. I am sure this debate on terminology is not over yet.
Eric Byres is chief technology officer at Tofino Security. Click here to read the full version of the Practical SCADA Security blog.



Leave a Reply

You must be logged in to post a comment.