SCADA (Supervisory Control and Data Acquisition) generally refers to industrial control systems. SCADA systems monitor and control industrial, infrastructure processes and equipment, such as those involved in refining, water treatment, manufacturing, production, and power generation. Because SCADA systems often control Critical National Infrastructure (CNI) elements ranging from nuclear power plants to flood gates, they are seen as prime cyber-terrorism targets. While in the past, various components of SCADA systems were connected only over short serial connections, as both the components of SCADA systems and the protocols they use to communicate have become standardized, they have also become increasingly connected over shared and disparate networks, including the internet. This increased connectivity has given adversaries new attack vectors against these critical systems.
SCADA systems typically include one or more of the following elements: (1) a supervisory computer system, gathering data on the process and sending commands to control to the process, (2) Programmable Logic Controllers (PLCs), which are essentially small computers used to control electromechanical processes (e.g., to switch something on or off, to control a valve, etc.), (3) Remote Terminal Units (RTUs) which convert sensor signals to digital data and send digital data to the supervisory system, and (4) a Human-Machine Interface (HMI) which presents process data to a human operator, and allows the operator to issue commands.
These SCADA elements communicate with each other over wired and/or wireless networks, including IP-based networks over various transports. SCADA elements may communicate over shared or disparate networks and may utilize Web protocols for communication and display of data.