What Is an Industrial Control System?
Process control system (PCS), distributed control system (DCS), and supervisory control and data acquisition (SCADA) are names frequently applied to the systems that control, monitor, and manage large production systems. The systems are often in critical infrastructures industries, such as
electric power generators, transportation systems, dams, chemical facilities, petrochemical operations, pipelines, and others, giving the security of PCS, DCS, and SCADA systems evaluated importance in the increasingly networked world we live in.
SCADA especially is a term that has fairly recently been deprecated. In 2002 the International Society of Automation (ISA) started work on security standards for what it called industrial automation and control systems (IACS), under the aegis of its 99 standard.
IACS included SCADA services and reflected the wider and broader industrial infrastructures that were based on IP and interfaced with IT systems. IACS was further shortened in 2006 when the Department of Homeland Security (DHS) published Mitigations for Vulnerabilities Found in Control System (CS) Networks.
Finally, in 2008, the National Institute of Standards and Technology applied the current compromise name, industry control systems (ICS), in its landmark publication of NIST 800-82: Guide to Industrial Control System Security.
In this chapter we will distinguish between PCS, DCS, and SCADA systems as a matter of formal detail, but for the most part we intend all three systems when using the term industrial control systems (ICS): as a preliminary summary, ICS gathers information from a variety of endpoint devices
about the current status of a production process, which may be fully or partially automated.
Historians, typical IT systems within process control environments, gather information concerning the production process. PCS, DCS, SCADA, and so forth, read values and interact based upon automated logic alarms and events requiring operators interaction, or report automated system state changes.
A process control system allows operators to make control decisions, which might then be relayed upstream, downstream, or to parallel processes for execution by the same system. These systems could be within the four walls of one building, or could be spread throughout a potentially massive geographical region (in the case for items such as pipelines, power distribution, water and wastewater management.) For example, an ICS might gather information from endpoint devices that allow operators to assess that a leak may have opened in a pipeline.
The system aggregates this information at a central site, which (hopefully) contains intelligence and analytics alerting a control station and operators that the leak has occurred. Operators then carry out necessary analysis to determine if and how the leak may impact operations, safety, and regulations (environmental, health, and safety).
ICS displays the information gathered from endpoint devices in a logical and organized fashion, and keeps a history of the parameters received from the endpoint device. If the leak under investigation required that pressure in the pipeline be reduced or even that the pipeline be shut down, then these operational instructions may be issued from the control station through the ICS.
Another possibility is that the ICS is intended for monitoring but not active intervention, in which case the operators would dispatch maintenance teams according to the coordinates provided by the process control
Systems may be solely intended for the purpose of collecting, displaying, and archiving information from endpoint devices. For instance, urban traffic flow information from various intersections around a large city is used for both day-to-day governance and long-term urban planning.
Alternately, ICS in a nuclear power plant or a municipal water system may have the ability to apply either automatic, semiautomatic, or operator-controlled changes. It is important to note at this point that ICS are not necessarily the same as safety systems, and in some cases are completely distinct. More on the difference between ICS and safety systems will follow in this section.