Appendix: ICS Overview

Question 1

Industrial Control System

Answer 1

Industrial Control System (ICS)
•System that monitors and controls industrial processes
•Can be confined to single factory, or span over large geographical area
•Operators overlook and take care of the health and status of the system

Question 2

ICS Network – Purdue Model

Answer 2

• Developed by International Society of Automation (ISA-99)
• Uses zones to subdivide an ICS network into logical segments
• Used to build a secure ICS environment

Question 3

Field Devices – Level 0

Answer 3

• Interface between the ICS net work and the process
• Elements directly connected to the manufacturing process
• Comprised of Input and Output Devices:
• Input– Sensors, measuring instruments, etc.
• Output– Switch, valves, etc.

Question 4

Field Controllers – Level 1

Answer 4

• Located close to the field devices
• Collects and processes I/O data
• Sends process data to HMI
• Different types for different environments

Question 5

Field Controllers - Programmable Logic Controller (PLC)

Answer 5

• Digital computing device used forautomation
• Used within close-rangeenvironments (e.g. single factory)
• Contains programs used to controlfield device behavior
• Also used by safety instrumentedsystems (SIS)
• Components:
• Power supply
• CPU
• I/O Module(s)

Question 6

Field Controllers - Remote Terminal Unit (RTU)

Answer 6

• Device controlled by a microprocessor
• Interfaces SCADA Masters to the physical process
• Used in large geographical environments with low bandwidth communication channels (e.g. remote electrical substations)

Question 7

Field Controllers - Intelligent Electronic Device (IED)

Answer 7

• Microprocessor-based controllers used by the electric sector
• Monitors and controls electrical power devices (e.g. transformers)
• Receives Input data from field sensors and/or power equipment
• Can output commands (e.g. change voltage level)

Question 8

Supervisory Control – Level 2

Answer 8

• Comprised of multiple devices kept in a central location

* Concerned primarily with supervising, monitoring and controlling the process(es)

Question 9

Supervisory Control – Level 2

Answer 9

SCADA/DCS Server

• Displays data acquired by the field controllers
• Allows changing/controlling the process

• Graphic visualization of the process
• Provides historical trends and alarm info

• Used to configure and/or program control system applications
• Used for diagnostics and maintenance

Question 10

Site Operations and Control – Level 3

Answer 10

• Systems responsible for managing control plant operations
• Plant historian
• Production reporting/scheduling systems
• Network file servers
• IT Services
• DNS/DHCP/AD/NTP
• Remote access

Question 11

Site Business Planning – Level 4

Answer 11

Systems managing business related activities

• Inventory management
• Capacity planning
• E-mail/phone/printing

Question 12

Component Process Workflow

Answer 12

Field Controllers- operations are monitored by field controllers – sends measurement to HMI

#Field devices– take measurements – then take action based upon those measurements
-Example: close a valve

Question 13

ICS Architectures - SCADA

Answer 13

SCADA– Supervisory Control And Data Acquisition

• Have little control over the process
• Acquire and pass along data needed to make decisions

Question 14

ICS Architectures - DCS

Answer 14

DCS– Distributed Control System

• Very little control done at central control station
• Most control performed out at the remote I/O controllers

Question 15

ICS Protocols

Answer 15

Mostly developed before the2000s

• Open-specification
• Proprietary

Question 16

ICS Protocols

Answer 16

SCADA

• Standardized (open-specification protocols)
• Recognized by all major SCADA vendors
• Examples:
• IEC104
• IEC61850 (MMS & GOOSE)
• DNP3

• Largely proprietary for different vendors
• Examples:
• Siemens– Step 7
• Emerson– Delta and Ovation
• ABB– Symphony Plus
• Honeywell- Experion

Question 17

What is an Industrial Control System?

Answer 17

A management system for controlling networks that manage factories, utilities,robotic assembly lines, etc.

Question 18

What is the Purdue model and why is it used?

Answer 18

It is the ISA-99 standard and it logically subdivides an ICS network in order toprovide security.

Question 19

What types of devices are found in Level 0 of the Purdue model?

Answer 19

Input/Output devices which directly control manufacturing and utility processes.Examples include sensors, measuring instruments, switches, valves, etc.

Question 20

What types of devices are found in Level 1 of the Purdue model?

Answer 20

Devices that collect data from the input/output devices of Level 0 and send it on to the “HMI”. Comprised of Programmable Logic Controllers (PLCs), Remote Terminal Unites (RTUs), and Intelligent Electronic Devices (IEDs)

Question 21

What is the function of Purdue Level2?

Answer 21

Supervising, monitoring and controlling the processes which occur at Level 0

Question 22

What is the lowest Purdue level which should contain traditional IT devices (i.e. fileservers, DNS, DHCP, AD, and NTP)

Answer 22

Layer 2

Question 23

What is Purdue Level4?

Answer 23

IT personnel uses it for managing business related activities