Marty Edwards kicks off the OnRamp Workshop with 45 minutes on what an industrial control system (ICS) is and what it does. You will learn the key components and different types of ICS; you will learn the key terminology used in ICS; and you will learn what type of documentation you should create and maintain to know your ICS.
Marty Edwards has played many roles in ICS. He has worked as a Process Control Engineer at an asset owner, led key programs at Idaho National Labs, was the longest serving Director of ICS-CERT for DHS, Director of Strategic Initiatives at ISA and Managing Director of the Automation Federation (AF), and he just joined Tenable.
Note: The first two videos are designed to get all of the OnRamp attendees up to speed. This video will likely be known information for those with an Operations background, and essential new knowledge for those coming from IT. The next video will cover how IT security architecture basics are applied to ICS.
Questions for you to consider and answer online (reply to this topic):
1. What process are you monitoring and controlling and what type(s) of ICS to you use? (SCADA, DCS, PLC, other?) Does this match the terminology you use in your organization?
2. What are some examples of control loops in your process?
3. What is the oldest ICS have you seen? Have you seen a pneumatic system? Have you seen any analog controls?
4. Are your HMI at Level 1, Level 2, Level 3?
And of course ask your questions. I’ll answer them along with your fellow workshop attendees. There is a lot of talent and experience in this group.
When you think of pipeline, remember it is a geographically dispersed process. This almost always means there is a SCADA system. The wide area network (WAN) communications to the sensors and actuators along the pipeline can be a big challenge since they tend to put them in low population areas whenever possible. Communication costs can be high, and SCADA owners are being pushed to considering cellular / mobile data for cost and improved bandwidth.
The SCADA system will have a control center where the operators sit in front of HMI’s and the engineers are looking at data to maintain or improve the system. Most SCADA systems will have a backup control center in a different location in case the primary is unavailable due to fire, accident, or any other cause. However the primary control center and backup control center are almost always connected via a network to share data, and therefore cyber attacks can affect both control centers.
[Compressor stations are used along the pipeline to boost the pressure in the pipeline](https://www.youtube.com/watch?v=-nOhsyuIV3o). They are of various sizes and complexity. Often a PLC system (PLC’s connected to sensors and actuators with local HMI and engineering workstations) is put in so people can locally run and maintain the compressor stations. Larger compressor stations could have a DCS. Some of the data from the compressor station is sent back over the SCADA system, but it is typically for monitoring only.
There are also smaller metering and regulator facilities along the pipeline. These are typically monitored and controlled by the SCADA system, but they also are likely to have a local HMI that is separately connected to the PLC’s / Level 1 devices on site.
And something needs to control the pig.
What do you commonly see in your industry?
Here are some of the ICS you will see in a Power Station.
DCS for Turbines
They would have one or more DCS to monitor and control the turbines. This DCS may also monitor and/or control other parts of the plant.
Balance of Plant
Power stations have a number of other systems that are typically called balance of plant. These can monitor and control the boilers, coal chutes, ash, precip, … there are a lot of systems in a power station. They can vary based on whether it is coal, hydro, nuclear, natural gas or other. Often some or all of these balance of plant systems are run on what Marty referred to as a PLC system, PLC’s with HMI and Engineering Workstations that are located close to the physical process.
Some or all of the balance of plant can be integrated into the same DCS as monitor and controls the turbines, or it could be a separate DCS for all or part of balance of plant. Or the DCS could be engineered to get data from the balance of plant (monitor), but control would be take place on the PLC system.
You see there are a lot of choices in the design, and like most technical discussions around IT or OT there are strong opinions on what is best. It is typically more expensive to integrate balance of plant into the DCS. Cost is a major driver.
A power station often has a continuous emissions monitoring system (CEMS). This is a very simple PLC system that will typically only monitor sensors, no control. This information is sent off network to the regulator.
There are a lot of different ICS and ICS components and protocols in a power station. And I didn’t even mention the safety / protection systems you will learn about in a future lecture. It’s a great place to learn if you get a chance to work in or tour.
Here are some questions that came in from a previous OnRamp.
1. Can you go from automation to manual in current Industrial Control systems nowadays, thinking on how Ukraine did it after the BlackEnergy attack?
Asset owners need to answer this realistically for their system. And even test it from time to time because often the switch to manual fails when actually needed. This has a huge impact on the consequence side of the risk equation.
It’s not always a black and white answer. You may be able to do it for some parts of the system and not others.
2. Are the “Engineering Workstation” and the “Historian” commonly in the same piece of hardware?
Normally they are on different computers, with the Historian being on a server. In a tiny ICS you could have everything on one computer (HMI, EWS, Historian, OPC Server).
3. Where do Distributed Control System technology (tying together different vendors) and Safety Instrumented Systems sit in the purdue model?
DCS are typically Levels 1 and 2 in the Purdue Model. Some would say only Level 1. Don’t get too hung up on this. Safety doesn’t fit in the Purdue Model, although I’ve seen some say Level -1. Bryan Singer has a whole video on Safety, believe it is number 5.
4. Could an attacker find the documented information of the “configuration related items” stored in the HMI?
Not exactly sure what you mean by this, and it can depend on the HMI. If the HMI is just showing a screen and the database and displays are elsewhere, then less of a risk. If all of that is on the HMI, then it is more likely. Often the EWS application is just an HMI plus some additional privileges.
I recorded 10 minutes of additional content and comments related to Marty’s: Know Your ICS video.
– the importance of visiting the physical process and questions to ask
– the importance of speed the process requires and open loop v. closed loop
– more on Historians
– maintenance laptops and networks
– secondary systems and how to find them