Certified Cybersecurity Technician loT and OT Security Exam 212-82 Components of an ICS PDF

Summary

This document explains various components of industrial control systems (ICSs), including Distributed Control Systems (DCS), Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controllers (PLCs), and Basic Process Control Systems (BPCS). It covers their architectures, functionalities, and applications in different industries.

Full Transcript

Certified Cybersecurity Technician loT and OT Security Exam 212-82 Components of an ICS - Distributed Control System (DCS) Main @ : Supervisory Control Server Process-1 ‘[ PLCL Process-2 (Actuator) Transmitter ’ Redundancy Server Process-3 - pLC2 '——J RTU1 [ Temperature ( M) @ = RTU2 || Control Valves l | Pumps H Motor l Components of an ICS - Supervisory Control and Data Acquisition (SCADA) @ SCADA is a centralized supervisory control system that is used for controlling and monitoring industrial facilities and infrastructure ?_< ()= Cellular Module 13 Page 1606 o) N It provides centralized controlling and monitoring of multiple process inputs and outputs by integrating the data acquisition system with the data transmission system and Human Machine Interface (HMI) software Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 Components of an ICS - Programmable Logic Controller (PLC) O A programmable logic controller (PLC) is a small solid-state control computer where instructions can be customized to perform a specific task QO PLC systems consists of three modules: = * PLC CPU Module: It comprises of a central processor and its memory component ’ Power Supply Module: It provides a necessary supply of power required for the CPU and I/O 1/0 Modules: These are used in connecting the ’ sensors and actuators with the system for sensing and controlling the real-time values such as Central Processing Unit (CPU) l Input Output Module pressure, temperature, and flow Q Power Supply ’ modules by converting the power from AC to DC * Architecture Sy Program PLCs are used in industries such as the steel industry, automobile industry, energy sector, chemical industry, glass industry, and paper industry ’ | ) Data Module ‘ Components of an ICS - Basic Process Control System (BPCS) O ABPCSis responsible for process control and monitoring of the industrial infrastructure O. ABPCS s applicable to all sorts of control loops like temperature control loops, batch control, pressure control loops, flow control loops, feedback and feed-forward control loops used in industries such as chemical, oil and gas, and food and beverages Module 13 Page 1607 Closed Loop System Error Set Controller v signals from the process and associated equipment to generate output signals that cause the process and its associated equipment to operate based on an approved design control strategy v Q It is a system that responds to input Basic Process Control System Final Control —— Element + Process Variable —> Temperature Value S Process Variable Transmitter | primary Element/ T er Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Components an ICS Exam 212-82 of _ Safety O ° IHStrumented Systems (SIS) Q An SIS is an automated control system designed to safeguard the manufacturing environment in case of any hazardous incident in the industry [m] It is an essential component of a risk management strategy that uses layers of protection to prevent the operational boundaries of critical processes from reaching an unsafe operating condition An SIS system basically comprises of sensors, logic solvers and final control elements that maintain safe operation of processes by performing the following functions: » Sensors collect information to determine and measure the process parameters (temperature, pressure, etc.) to predict if the equipment is operating in a safe state or not 7 Logic solvers act as controllers that capture signals from the sensors and execute the pre-programmed actions to avoid risk by providing output to the final control elements » O Logic Solver a The final control elements implement the actions determined by the logic controller to bring the system to a safe state. Typical examples of SIS systems are fire and gas systems, safety interlock systems, safety shutdown systems, etc. ’ I) Copyright © by EC-Council ANl Rights Reserved. Reproduction Is Strictly Prohibited Components of an ICS An ICS is a broad class of command and control networks and systems that are required to control and monitor every industrial process. Each type of ICS works and functions differently based on the functionality and complexity of the control action. ICSs can be classified into the following types of most commonly and widely used control systems: » Distributed Control System (DCS) A DCS is used to control production systems spread within the same geographical location. Such systems are primarily used for large, complex, and distributed processes that are carried out in industries such as chemical manufacturing and nuclear plants, oil refineries, water and sewage treatment plants, electric power generation plants, and automobile and pharmaceutical manufacturing. A DCS is generally a highly engineered and large-scale control system that is often used to perform an industry-specific task. It contains a centralized supervisory control unit used to control multiple local controllers, thousands of input/output (I/0) points, and various other field devices that are part of the overall production process. To attain the process control, a DCS employs various feedback and feedforward loops along with key product conditions that are established as per the targeted set points. It operates using a centralized supervisory control loop, such as SCADA and MTU, that connects a group of localized controllers such as RTU/PLC to execute the overall tasks required for the working of an entire production process. A high level of redundancy is provided at every level, starting from the 1/0O of the controllers to the network level. This redundancy helps other processes to continue smoothly in case of any single processor Module 13 Page 1608 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician 10T and OT Security Exam 212-82 failure. The primary reason for choosing DCS systems in industry is the adaptability and flexibility that it provides in controlling distributed discrete field devices and their operating stations. Moreover, a DCS is scalable and hence can be arrayed either during initial installation as a large integrated system or as a modular system that can be integrated as per the requirements. DCSs are in a state of constant development as new technologies such as wireless systems and protocols, remote transmission, logging and data historian, and embedded web servers are being included over time. Main = Process-1 PLC1 Tempersture (Sensor) Redundancy Control Server Process-2 Process-3 PLC2 RTU1 Boiler (Actuator) PLC3 RTU2 Transmitter Control Valves Pumps P RTU3 Motor Figure 13.18: DCS architecture = Supervisory Control and Data Acquisition (SCADA) SCADA is a centralized supervisory control system that is used for controlling and monitoring industrial facilities and infrastructure. Many organizations incorporate SCADA systems for the automation of complex industrial processes, measuring trends in real time, and the detection and correction of problems. Generally, SCADA systems are distributed over a wide geographical area; as a result, various industries rely on SCADA systems for the transportation of oil and gas, wastewater treatment and management, pipeline operations, telecommunications, transportation systems, etc. The SCADA system power grids, building automation, public is a centralized system that provides supervisory control and also enables real-time acquisition of data from dispersed assets used in industrial processes. It consists of hardware and software components that collect and send data to manage and control processes both locally and at remote locations. The collected data is stored in longtime storage devices such as a data historian to help the operators interpret the data and enable different setpoints. These setpoints help the system in efficiently responding to unusual actions, either by sending commands themselves or sending alerts to an operator. SCADA systems provide centralized controlling and monitoring of multiple process inputs and outputs by integrating the data acquisition system with the data transmission system and HMI software. SCADA systems collect information from field devices and Module 13 Page 1609 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 transmit it to a central computer system. This information is displayed to the operator in a graphical or textual format, enabling the operator to control and monitor the entire SCADA system from a central location in real time. The SCADA architecture consists of hardware such as a control server (SCADA-MTU) and communication devices (network cables, radio devices, telephone lines, cables, etc.) along with an array of field sites distributed geographically, consisting of PLCs, RTUs, etc., which are used to monitor and control the operation of industrial equipment. The information from the RTU field devices are controlled programmed to inform the should be monitored, and informing the system is controlled and processed by the control server, and the and monitored by the RTU or PLC. The SCADA software is entire system regarding what should be monitored, when it what the acceptable parameter ranges are, in addition to regarding the response that needs to be initiated when the parameter values exceed the set ranges. An IED may collect the data and transfer it to the control server directly, or a local RTU may instruct the IED to collect the data and send it to the control server. The IED includes a communication interface for monitoring and controlling various sensors and equipment. IEDs are either directly controlled by the control server or include without the intervention local programming systems with redundant systems. of the control This that enables them server. SCADA redundancy SCADA systems from malicious attacks. may to act independently systems not are fault-tolerant be sufficient to protect....................................................... Control Center HMI Engineering @I 5 : switched__ Telephone, Leas Workstations Line or Power Llne 25 compon, || | based ((‘ ,)) Radio Microwave Cellul or (“ [. : A R ,)) wWouwi Data Control Server Communications Historian e (SCADA-MTU) Routers : O : é m H H IED............ F.e|ds|te3............ Wi Satellite \ AR, WAN Card @ : g Field Site 2 e b e e : i Wide Area Network _ Modem ) / 000000000000000000000000000000000000000000000000000s 5H Wfi/’// RTU 0 00000000000000000000000000000000000d Figure 13.19: SCADA architecture = Programmable Logic Controller (PLC) A PLC is a real-time digital computer used for industrial automation. PLCs are considered more than just digital computers in various industrial control systems due extraordinary features such as robust construction, ease of programming, to their sequential control, ease of hardware use, timers and counters, and reliable controlling capabilities. They are essentially built to survive severe industrial environments. The industries in which PLCs are used include the cement manufacturing industries. Module 13 Page 1610 steel, automobile, energy, chemical, glass, paper, Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 The PLC is a small solid-state control computer for which instructions can be customized to perform a specific task. The stored instructions in PLCs can be used to perform specific functions such as logic, timing, counting, 1/O control, communication, arithmetic, and file and data processing. The use of PLCs in industry has largely replaced drum sequencers, hard-wired relays, and timers. PLCs perform continuous monitoring of input values produced by sensors and generate outputs needed for the operation of actuators. A PLC system consists of three modules: 1. CPU Module: The CPU module comprises a central processor and its memory component. The processor is responsible for performing the required data computations and data processing by receiving inputs and producing corresponding outputs. The memory part consists of both RAM and ROM memories. RAM stores user-written programs, whereas ROM stores operating systems, drivers, and application programs. PLCs also include retentive memory that is used to preserve user programs and data when there is a breakage in power supply. This retentive memory helps in resuming the execution of the user program once the power supply returns. For this reason, PLCs generally do not use a monitor or keyboard for reprogramming the processor whenever the power fails. 2. Power Supply Module: The power supply module provides the necessary supply of power required for CPU and 1/O modules by converting AC to DC. This module is essentially responsible for running the system. A 5 V DC output from the power supply module is used to run the computer circuitry of the PLC, whereas in some PLCs, a 24V DC output from the power supply module is used to run sensors and actuators. 3. 1/O Modules: The input and output modules of the PLC system are used in connecting the sensors and actuators with the system for sensing and controlling real-time values such as pressure, temperature, and flow. There are different types of I/0 modules. Some of the most important are discussed below: e Digital 1/0 Module: Used for the connection of sensors and actuators that are digital in nature (only for switching ON and OFF). These modules work with multiple digital inputs and outputs and support both AC and DC voltages. e Analog I/O Module: Used for the connection of sensors and actuators that provide analog electric signals. This module includes an analog-to-digital converter for converting analog data into digital data. The CPU module processes this digital data. e Communication 1/O Module: Used for exchanging information between a communication network and a CPU located at a remote distance. Module 13 Page 1611 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security The main Exam 212-82 purpose of a PLC is to make machinery and systems work automatically without human intervention. Therefore, a PLC is very important, as it is responsible for all the growth, manufacturing, production, etc. Power Supply Central Processing Unit (CPU) Input Module M emory Output Module | Program Data Figure 13.20: PLC architecture = Basic Process Control System (BPCS) A BPCS is responsible infrastructure. associated for performing It is a system equipment to that generate process responds output control to signals and input that monitoring signals allow from the for industrial processes process and and its associated equipment to operate based on an approved design control strategy. BPCS systems are dynamic in nature and are highly adaptable to changing process conditions. They are applicable to all sorts of control loops, including the temperature, batch, pressure, flow, feedback, and feedforward control loops used in industries such as the chemical, oil and gas, and food and beverages industries. The use of BPCSs is crucial in industry as they act as the first layer of protection against any unsafe or hazardous condition to the equipment. BPCS systems are often used to push the performance limits to attain the desired performance. BPCSs differ from safety control systems in terms of security, as they lack diagnostic routines to identify any system flaws. However, they can meet a wide range of industrial challenges related to system operation and business monitoring could benefit from a well-designed control system. Listed below are some of the important functions offered by BPCS: o Offers trending and alarm/event logging facilities o Provides an interface from which an operator can monitor and control a system using an operator console (HMI) o Controls the o Generates production data reports processes that in turn optimize the plant operation quality of the product Module 13 Page 1612 to enhance the Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 Closed Loop System Error Set >. Controller >| Final Control Process 3 Variable Element + |——> :;emperature Value i T ) Process Variable Transmitter _ Primary Element/ Transducer Figure 13.21: BPCS architecture = Safety Instrumented Systems (SIS) A safety instrumented systems (SIS) is an automated control system designed to safeguard the manufacturing environment in case of any hazardous incident in industry. They monitor and perform “specific control functions” to shut down the monitored system or bring it to a predefined safe state to reduce the adverse impacts of an incident. They function as an essential component of a risk management strategy that uses layers of protection to prevent the operational boundaries of the critical process from reaching an unsafe operating condition. Typical examples of SIS systems are fire and gas systems, safety interlock systems, safety shutdown systems, etc. In industry, an SIS overrides the BPCS operationally and functions when BPCS does not operate a process within the normal operational parameters. For a given condition, if BPCS starts operating beyond normal operational limits, the SIS provides an automated control environment to detect and respond to the critical process. SIS either preserves the state or changes it to a safe state, i.e., equipment or process shutdown. Finally, the last layer of protection is applied where devices like relief valves, rupture disks, flare systems, etc. are used before the process enters the unsafe operating limits. The events generated and actions performed by the SIS system are illustrated in the diagram: Module 13 Page 1613 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 Emergency response Mitigation (plant/community) Passive protection (bund/dike) Alarm A Safety instrumented system A Y Trip r‘L r&’*\\ Operator intervention P\/‘\ Process control A Y Incident Active protection (relief valve/ rupture disk) (BPCS) A Y Prevention [ S Process design Figure 13.22: Layers of protection provided by SIS systems The functional requirements of the work performed by SIS and how efficiently it should be carried out can be determined from Hazard and Operability Studies (HAZOP), Layers of Protection Analysis (LOPA), risk graphs, etc. The SIS system works independently from other control systems. It consists of sensors, logic solvers, and final control elements that maintain safe operation of the process by performing the following functions: (@] Field sensors collect information to determine and measure process parameters such as temperature, pressure, flow, etc. to predict whether the equipment is operating in a safe state or not. Different types of sensor are available, such as pneumatic, electric switches, smart transmitters, etc. Logic solvers are helpful in deciding the necessary action to be taken based on the gathered information. They provide actions for both failsafe and fault-tolerant situations. They act as controllers that capture signals from the sensors and execute pre-programmed elements. actions to avoid risk by providing output to the final control Final control elements implement the actions determined by the logic controller to bring the system to a safe state. These elements generally comprise pneumatically activated on—off valves controlled by solenoid valves. As no component in a system can be completely immune to failure, it is essential for industries to test SIS systems constantly. It is also important to conduct an assessment of its basic cybersecurity environment to ensure the smooth operations of the SIS. The main aim of assessing the working conditions of the SIS system is to guarantee safety and of the SIS so that it remains at its actual design levels. Module 13 Page 1614 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 Logic Solver Final Control Element Figure 13.23: SIS architecture Module 13 Page 1615 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.