After reading an interesting article
, I wanted to share my knowledge and thoughts on modern process control systems. Described below relate more to the products of such firms as Yokogawa, Siemens and Honeywell. At once I want to say that each of the systems has its own characteristics, advantages and disadvantages, so I describe only the general characteristics of modern process control systems.
Modern automated process control systems
) used in hazardous industries and enterprises (chemical, petrochemical, hydroelectric power plants, thermal power plants, nuclear power plants, etc.), as a rule, consist of a distributed control system ( DCS
) and an emergency control system protection ( ES
The DCS is a software and hardware complex consisting of the following elements:
- Instrumentation and automation (instrumentation and automation) - equipment with the help of which direct observation and control of technological processes is carried out. All kinds of valves, shutoffs, electric valves, pressure sensors, temperatures, levels, gas analyzers, pumps, vacuum hoods and many other devices belong to the instrumentation and automation equipment. By type, signals from instrumentation and control equipment can be analog (4-20mA, 0-5V, etc.) and discrete.
- The programmable logic controller (PLC) is the heart of the automated process control system, it consists of duplicated power sources, duplicated processor modules and input-output modules. Sensors and control equipment are directly connected to the I / O modules from the field. The logic of automatic regulation and protective locks is loaded into the processor modules.
- The man-machine interface (HMI) is usually a personal computer with Windows OS (2000 / XP) installed on it and specific software with which the process control system is configured. Such computers are usually divided into several types: the operator’s station, the engineer’s station, the instrumentation engineer’s station.
The engineer station allows using specialized software to change the configuration and logic of the PLC execution. Operator stations - a workplace for technologists and a shift manager, which allows monitoring and regulation of the process. Operators may have different access rights, usually ordinary operators do not have access to equipment, whose work affects safety, the shift supervisor has the greatest powers (but still less than the engineer). It should be understood that it is impossible to reprogram the PLC from the operator’s station. The station of the instrumentation engineer, has more applied capabilities, provides control and diagnostics of field equipment.
The main task of the PAZ is to transfer production to a safe state in case of any problems in the operation of the CSF (the output of technological processes beyond the established boundaries, equipment failure, abnormal situations). As a rule, the ESD system receives data from duplicate sensors (one of the most reliable schemes is considered “23”, when the response of any 2 of the 3 sensors installed at one test point is considered a necessary condition for the safety interlock to operate) and controls the redundant equipment. The ESD system does not have operator stations; there is only an engineering station with which the configuration of the ESD PLC is performed. From the stations of the RSU operator you can see how the ESD system works, but you cannot control it. The final equipment does not depend on the equipment of the DCS, for example, if the valve of the DCS is jammed on the pipeline, then the ESD cutter will work.
Features of PCS
Now I would like to note the important features of modern process control systems:
- In the event of failure of all stations, the operator of the process control continues, if necessary, you can add conditions under which the failure of all stations causes a safe shutdown of production.
- Operator stations are connected to the production network, but as a rule, they do not have access to the Internet, do not have the ability to connect USB-drives, and do not have a floppy drive. Also, often, the operator’s stations do not have a standard computer keyboard, but are equipped with specialized keyboards equipped only with the necessary function keys.
- Engineer's stations, as a rule, are turned off altogether, or are in sleep mode.
Thus, the infection of the operator’s station with a virus is unlikely, but even if it did, it does not pose any obvious security threat. Of course, there are cases when operators bypass bans and manage to install games on their stations and access the Internet, but this is quickly stopped by the deprivation of bonuses and other administrative methods. If we assume that there is a specialized virus that knows the peculiarities of the functioning of the systems and can hypothetically control the technological process, causing negative consequences, in any case, if an emergency occurs, the ESD system (which is not controlled by the operators' stations) will work and will translate production in a safe condition. Yes, it will be millions in losses to the enterprise (production shutdown), but in any case not a man-made disaster. If we talk about the likelihood of infection of the engineering station PAZ virus, then, firstly, it must be a super-intelligent virus that reprograms the PLC itself, and exactly so that it will fail at the required moment, secondly, the PAZ engineers must be completely headless and dig a hole for themselves. Of course, these are not all the factors that make infection of a PAZ engineer station an unlikely event, I can cite a few more: constant checking of software versions downloaded to the PLC, constant monitoring of the room with engineering stations, and of course the password set on the PAZ system itself.
In the end, I would like to say that the safety of modern automated process control systems, of course, is threatened by viruses and other high-tech problems, such as leaving the operator’s stations to a banal BSOD, but they are not as critical as many want to imagine. It must be remembered that the safety systems are monitored by an ESD system, the configuration of which is approached with all care and responsibility. The human factor always takes place, but the ES systems are created to minimize the negative impact of this factor.
I am pleased to answer questions if they arise.UPD.
A possible scenario of an attack
on the SCADA system was convincingly
described by makran
, to whom, by the way, thanks for the invite.Good luck!