SCADA Security Basics: SCADA vs. ICS Terminology

Recently I saw a posting on LinkedIn asking “What’s the difference between a SCADA system and an ICS system, and if there is no difference, then why do we have two different names?”

This is a good question, because unless you have worked in the industrial automation field for a few decades, the terminology can seem very confusing. Not only do we have SCADA versus ICS, we also have terms like Process Control, Discrete Control, Industrial Automation, Manufacturing Automation Systems, Distributed Control Systems, Energy Management Systems and so on.

The Quick Answer

Now the quick answer is that Supervisory Control and Data Acquisition (SCADA) is a subset of Industrial Control Systems (ICS).

SCADA generally refers to control systems that span a large geographic area, such as a gas pipeline, power transmission system or water distribution system. I use both terms together because SCADA is often better known by the press, government officials and the public, but ICS is probably the technically correct term to use if you are referring to industrial automation of all types.


Traditionally “SCADA” is used for control systems that cover a wide geographic area. It is also a term that tends to be recognized by the press, government officials and the public.

The History of Industrial Control Led to Many Terms

But to understand why there are so many terms, you need to look back at the history of industrial control, before the days of the micro-controller. In those days a controls practitioner would be involved in one of the following disciplines.

 

Discipline Example Industry Typical Control Equipment
Process Control Refinery Distributed Control System (DCS)
Discrete Control Automotive Programmable Logic Controller (PLC)
SCADA (Wide Area Control) Pipeline

Master Terminal Unit (MTU)/Remote Terminal Unit (RTU)

 

Because this was before the micro-controller, there was no PLC, DCS or SCADA equipment as we know it now. Instead process control systems used mechanical pneumatics for logic, discrete control systems used relays and SCADA used transistors and radio. The differences in underlying technologies meant that the systems, the staff, the functionality and the terminologies were all very different.

The Micro-Controller and Convergence

Now along comes the micro-controller and pretty quickly everyone (especially the vendors) realized that the same hardware could theoretically do everything. I say “theoretically” because over the years each vertical had developed a lot of expertise and expectations (and habits) that made it hard to move into another vertical.

For example, as a process engineer in the 1980s, I used to laugh when Allen Bradley would say you can use their PLC-5 for process control because it has a PID controller. Sure that PLC had a PID function block, but it was missing 90% of the features that the process engineers had grown to expect on a DCS. Similarly, trying to do high speed discrete control on a DCS in the 1980s was possible, but a hair pulling exercise. Ditto for using a PLC as a Remote Terminal Unit on a SCADA system; while I never actually tried that, I heard some nasty tales.

Fast forward to today and all the vendors are slowly converging on products that really can move into the other spaces. However there still is a lot of experience and tradition that makes this unlikely. As well, products have been optimized to perform best in a given vertical. So while I probably could use a PLC for controlling a section of refinery, a DCS from a company like Honeywell, Yokogawa, Emerson or Invensys is a more likely choice. 

 

In the early days of industrial control refineries used the term Distributed Control System or DCS. While DCS is still used today, it is also included in the more comprehensive term “Industrial Control System”.

The Alphabet Soup of Industrial Security Terms

Now in the technology scramble of the last 30 years, many people have debated possible terms that would include all forms of industrial automation. These debates often got very heated.

Some of the suggestions were:

  • Industrial Control System (ICS) - a contender
  • Industrial Automation (IA) – another contender
  • Manufacturing and Control Systems (M&CS) - used by the ISA-99 committees until 2006
  • Industrial Automation and Control Systems (IACS) – now used by the ISA-99 committee
  • Control Systems – too general as it would encompass things like building automation and even home appliances
  • SCADA - as an all-encompassing term, SCADA fails because all us old-timers think of SCADA as wide area control for pipelines, power transmission, etc. (We all wince when someone points to the DCS in a refinery and tries to call it SCADA).

“Industrial Control System” is the Winner

So after hours of debate, many control engineers have now settled on the term "Industrial Control System" (ICS) as the catch-all term. But because ICS is not yet generally known by the layperson, I also use SCADA when I am speaking or writing (of course I also use "SCADA" when I really mean wide area SCADA).

Hopefully this helps. I am sure this debate on terminology is not over yet...

What do you think is the right phrase to describe our industry? Let me know your thoughts and any interesting stories you have on this topic.

Related Content to Download 

White Paper - "7 Steps to ICS and SCADA Security"

 

Download this White Paper and find out:

  • The 7 Steps to start improving your organization’s cyber security posture
  • Tips for optimizing your spending and resource allocation on cyber security
  • Real-world advice from security experts Eric Byres and John Cusimano

Related Links

 

RSS Feed Subscribe to the "Practical SCADA Security" news feed

Author Eric Byres

Comments

11

Nice article. I too wince when the term SCADA is overused, as our power plant has a SCADA for our transmission assets, but also a DCS for our generation assets, and PLCs for less important supporting assets.
Words have meaning. Agreeing on definitions early in a discussion can save many disagreements and misunderstandings.
I think that the missing piece of your analysis is the 900 pound (kg?) gorilla - government agencies. In the last year or two I've begun to see standardization from the US government in various agencies on the term Industrial Control Systems. If the Department of Homeland Security standardizes on the term, it then propogates through groups like the US-CERT and ICS-CERT. If the Department of Energy also standardizes on the term, it then propogates through groups like FERC & NERC. There is probably some political benefit to these departments in using a common vocabulary when negotiating regulatory boundaries with Congress and the other members of the Executive branch. Once the terms get written into their regulations, the rest of us get dragged along for the ride.
In a way, what the Control Engineers call the system can be overridden by our policy makers; overuse of the term SCADA is a case in point.

Thanks for your excellent points.

To the extent that the government can lead in standardizing terminology, terrific.

In the meantime, agreeing on definitions early can certainly save time along the way.

Thanks Eric - tho agree that thedebate is far from over.

Perhaps it is the audience that should determine the correct term as hopefully human to human communication is mutual understanding. If senior managers (not the engineers in the room) understand ICS or SCADA, then perhaps that's what the experts should refer to. If the room is full of engineers/professionals from the field, then call it what it is ie ICS, DCS etc. The overall point is to highlight the importance of these systems to production of services etc etc.

You're right Chris.

You have captured part of the challenge. On the one hand knowing your audience and adapting to them is key. On the other hand, we do not want to spend too much time debating terminology when there is so much to be done to secure our systems!

I personally sometimes missing the differentiation between Inductrial Control Systems and Industrial Control Networks. These are not the same things for me, especially when I start to think how to protect them.

And the Alphabet can be supplement with a term Control and Automation (C&A) Systems. What is also used as a very wide term is Critical Infrastructure. I also often meet the term Control Networks, but it is rather inofficial term.

I've worked in oil and gas for over 30 years, and despite what Eric says SCADA and PCS/PCN had two very different meanings.

SCADA represented supervisory control and data acquisition in a literal sense if the word. An operator could set values and the controller would maintain control between those set points. Originally they were, literally, manually set by the operator. The DA part represented the data acquisition for feedback to the operator.

The PCS was an automated a system that could manage the setting of the set points on Supervisory Control based on algorithms manipulating data collected from the Data Acquisition components. The original systems I supported were large mini-computers running large parts of a plant. In the early 1990's we started to use smaller systems for each section of the plant, hence Distributed Process Control.

A differentiation between Refining and Pipeline had nothing to do with it.

Hi Chris

That was what I was trying to say, but you just said it better! Being a security guy talking to IT people, I always explained it as Wide Area Control versus Local Area Control, but your clarification of the different point of control between SCADA and PCS is better. And the Refining and Pipeline was just intended as examples of applications for each.

Eric

Differences between SCADA and DCS are:

SCADA scans centrally data from PLC and RTU, where DCS gets its data from controllers (de-central) Architecture also differs, SCADA often has WAN connectivity between L2 and L1 where DCS is internally LAN based. (L2 - L1)

Many DCS today support both DCS as well as SCADA modus, such as Honeywell Experion PKS. It is a matter of configuration and external interfaces if it is DCS, SCADA, or mixed.

I agree that many DCS today support both DCS as well as SCADA modes. The market is getting blurry.

But still each of the vendors tend to have sweet spot for their products. For example, while Honeywell Experion offers a SCADA capabilities (in fact, we have the package in our lab and like it), I rarely see it used for managing a major pipeline. Products from companies like Telvent seems to dominate in that space. Nor do I see Telvent running the cracker in a refinery. But as vendors in the industry merge, these distinctions will continue to fade.

But the point of my blog wasn't to discuss what products control which industrial process the best. That would require a textbook, not a blog. It was to try to answer the question, "why so many names for industrial automation?". Hopefully I succeeded in that.

Agree, but the difference is not so much functionality / capability, it is the difference in market position that determines success. Protocol support and algorithms are generally available in the largevICS, but a system that can support as well a large refinery process as well as a pipe line system has a different cost than a system created for one specific task. The advantages become visible when both functions are required and owner / operator can benefit from the consolidation within one environment, for pipe lines also when it can be combined with physical security functions. Only the larger ICS offer this consolidated environment.

It is like the time that a PLC was implementing PID algorithms and controllers implemented discrete logic functions. Each has its specialized function in which it is superior, but gaps are getting smaller as processor performance improves. As a result systems can be applied in more places, though the market is often conservative and only slowly benefits from the new possibilities.

For me main characteristic between DCS and SCADA remains the difference in architecture, especially the L2 to L1 interface. Controllers are more often LAN based, while RTUs are by definition WAN based. Therefore a SCADA configuration is applied in for example an oil field, where a DCS is applied in the refinery.

There are many differences between SCADA and ICS systems. SCADA is used in large geographical areas whereas ICS is used in all types of industrial automation. Thanks!

Add new comment