ICS Technology Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

1 hour 22 minutes
Video Transcription
I see a Scott of fundamentals. We're going to take a look at I. C s technology in this part one module.
So the learning objectives are going to be Where is I? CS And I see a SCADA systems used for production the different types of I, C. S and networks. Why I CS is so important. And I emphasize the why because we have to understand that the modern world is driven on I. C s nowadays
and the everyday usage of I. C s technology.
So when we talk about I. C s technology again, we made a major switch from the analog world to the digital world. And that is what has enabled different types of I. C s technology.
So the major components, you'll have a business network which will be your standard business network. Then you also have their what is called an OPC server on client, you will most likely have different types of wireless devices. I can hook up two different types of sensors and received things in in that manner.
There'll be an engineering workstation, usually a printer
and then a server that runs various applications. Now we go to the next level will be looking at things like a data historian with an engineering workstation on that level of the control network.
Also, you usually have redundancy to make sure that if one particular server goes down, you have something that can be brought up and put in its place very quickly.
Now an H and mind means a human machine interface, and this is the visual interface that an engineer and an operator actually can see for what's going on on the control network. Lower down on the levels
happen to be where things start moving or the programming to move. Actual things are
as well as different types of sensors and information going back and forth. A command sent information about what's going on in the environment is then sent back.
So some of the major human Excuse me, I CS components on H M. My human machine interface is very important because you have to know what's going on now. It's very similar, you could say to a speed gauge in a car. That's how you know how fast you're going,
and you also have to rely and trust on these with these things. Programmable logic Controller This is where you program different things and put in the logic so that from that PLC, things can actually move. This is moving technology.
There's an engineering workstation similar to the workstation you have on your desk right now, except it's in the control network.
There's also a data historian, where it also logs a whole bunch of processes and keeps a record of everything going on. And then there's also at the lower level machine controllers.
Now the levels are production scheduling level for production control coming down, and that then feeds into the Plant supervisory or Scotus systems. Then there's direct control just a bit lower on level one, and level zero is the actual player moving and producing things.
Now I see us in its modern form as we know it now is actually introduced in 1975 and it was able to distribute control across the production that work, and this enabled very quickly uh, the ability to scale production and to automate.
And this also raised up quality control because once things were automated and programmed in,
then the same materials could be made over over to the same standard of quality.
Now, process control system. What that does is it monitors Theo entire manufacturing environment, and then it also continuously tests that manufacturing process looking for trouble shooting data and returning data. Teoh ensure that what
you believe is going on, it's actually believing, and it offers some verification.
There are also sensors, primary transducers, and then the PCs can also directly communicate up to the business layer. And what it does is it transmits data to something called the middleware Manufacturing at execution system.
And what that also feeds into is the enterprise resource planning system.
And that way the business can actually see what's going on. The sales people in the marketing people, for example, know exactly what is being made and then when you need to purchase more research. Resource is procurement can see exactly what they're low on and order items
with the sensors and primary transducers. It's collecting all different types of measurements, so it could be the acidity of the water, the pressure that the water is exerting the flow rate through ah pipe, the density of materials, the weight, total temperature
ah, stress put being placed on something, the speed and velocity of something
it can also detect to make sure offering verification if the operation actually occurred as intended. Now, if you think about producing bottle of beer, you want to make sure that on the production line that the beer bottles were actually filled. Also,
Uh, when you're producing certain goods like beer, yeast on for meditation can only happen within a certain temperature. Raise
range, and you wanna make sure that you don't kill off the east or in the fermentation way too early or you get bad tasting beer and nobody likes that
PC is pressure measurements are transmitted to that NES enterprise application. There's also piston pressure sensors also in place. What This will be diaphragms of boarding tube and some production environments and flow meters
for the flow meter. Measurements that will also be transmitted up to the M. E s application and the different types of measurements that can occur are linear, nonlinear, volumetric flow of gas or liquid and mass. There might be positive displacements, differentials and inferential.
Now for the PCS testing force, that too was transmitted up to the M. E s application, and it can involve four sensors, forces and ter torque exerted for example, because if not, you don't know. There's an unusual strain on some of the production equipment.
There will be electrical strain gauges and hydraulics and mechanical measurements
for temperature measurements. That's also transmitted up to the M. E s application. And it involved mechanical movement, the electrical voltage that's going on, any thermal coupling, liquid expansion and by metal temperature measurements.
Now the control system historian is of utmost importance because it's taking all of the stuff, all of that data, and it is logging it on the control network, and it's going to be located in operations on the control network. It's going to capture all the instrumentation and control data,
and it's accessible via a protocol called OPC variant called HD A.
Then also, there'll be sequel because, of course, there's a database involved with it. And then to attach to that data and transmit in and out, there will be a P eyes what it does, the storage and archiving of all this information. It also has to deal with the large volume of data coming from many different distributed systems and sensors,
and then it will tag
to try to organize that data so that it's actually usable
now. Also, some of the considerations and things that it does is limiting the monitoring s so that you don't have to do by eyesight. It will dio a certain level of validation. It will aggregate that data into palay shin.
Sometimes you have to do some manual data entry, but ultimately it stores the data very efficiently.
Now the enterprise historian is kind of like, well, the business version of the control historian that's going to be in the business operations, and what it's going to do is aggregate data from the operational historian. And then it may also aggregate data from other sources,
especially from the Internet. And it is that gateway to putting that data into an enterprise resource planning system and also an enterprise asset management system. It provides a nice interface for business sales and planet and marketing purposes.
It also uses different types of Web services. AP eyes only BC, which is ah, for database
OPC you A, which is unified architecture and O P. C H d. A.
Now it could be a good example. Solar and wind systems, which are crucial to try to be energy independent,
and you have to consider
when you are feeding solar and wind into the electrical grid that sometimes you have to do load management. Now, there aren't a huge amount of vendors in the space. And unfortunately, uh, security testing is not a major focus of these companies.
So here is a solar panel that I was able to find on the Internet and what you'll see on the top this was using a tool called Census ce N S. Y. S that I own that I was able to find hundreds and hundreds of these things returning 27 pages
and, UM, 695 milliseconds.
And here is a wind turbine where there's a lot more of these things that are connected to the Internet. So using simple keyword searches with an alternate search engines such a senses, I was able to find almost 90,000 of wind turbines around the world connected
Now, the 1st 1 at the top. You'll notice that it's running mod bus, and it's directly connected to the Internet. The 2nd 1 you'll notice that it's running http and https, which means that if you were to go to this one turbine
and put in your credentials over http, it would be done in clear taxed
Up Next
ICS/SCADA Fundamentals

The ICS SCADA Fundamentals course is taught by world-renowned cybersecurity expert Chris Kubecka and will introduce students to basic critical infrastructure concepts.

Instructed By