A

Summer Training Report

On
Programmable Logic Controller
to partial fulfillment of
Bachelor of Electronics Instrumentation & Control

2011-12
Submitted By:-
PoojaMandal
Enrl no.:- 08E1EBEIM3XP036
Department of E.I.C.E

Submitted to:-
Miss Pooja Bhardwaj
Asst. Professor
Department of E.I.C.E
Engineering College ,Bikaner
(An Autonomous institute of rajasthan govt.)

ACKNOWLEDGEMENT
1
 SUMMER TRAINING REPORT ON PLC AND SCADA

I am thankful to the institute “DIAC” for providing necessary facility to carry out my training
successful.

It is my duty to record my sincere thanks and gratitude towards the institute staff who helped
me in bringing this project to its present form. The valuable guidance and interest taken by
them has been a motivator and source of inspiration for me to carry out the necessary
proceedings for the project to be completed successfully.

Also, I am highly obliged to the head of our training and plancement cell “ mrs. Richa
yadav” who provided me such a great opportunity to do my summer training in a reputed
institute like “dynamic institute of automation and control”.

CONTENTS

[2]
 SUMMER TRAINING REPORT ON PLC AND SCADA

A)AUTOMATION
B)PLC
1) INTRODUCTION
2) HISTORY
3) ADVANTAGES
4) APPLICATION AREAS
5) HARDWARE
6) PLC OPERATION
7) COMMUNICATIONS
8) PLC PROGRAMMING SOFTWARES
9) PLC PROGRAMMING
10) LADDER LOGIC
11) COUNTERS & TIMERS
12) PLC APPLICATION EXAMPLE

C)SCADA

13) INTRODUCTION
14) SYSTEM CONCEPTS
15) HUMAN MACHINE INTERFACE
16) ALARM
17) REMOTE TERMINAL UNIT
18) COMMUNICATION
19) EVOLUTION
20) SECURITY ISSUES

[3]
 SUMMER TRAINING REPORT ON PLC AND SCADA

PREFACE

An industrial PLC and SCADA system is to for the development of automatic control of
machinery.

PLC and SCADA system are methods to achieve Automation. Automation industry has fast
growth potential in a country like India, which has a large industry base.

This report focuses on brief concepts of PLC and SCADA system, their development, and
also mentions possible applications of these systems. Almost every industry that has some
electrical machinery may need Automation Services. Attention is also paid to the security
issues which have arisen with time.

Submitted By :-
Poojamandal
Department of E.I.C.E

Automation
Automation is the use of control systems and information technologies to reduce the need for
human work in the production of goods and services. In the scope of industrialization,
[4]
 SUMMER TRAINING REPORT ON PLC AND SCADA

automation is a step beyond mechanization. Whereas mechanization provided human

operators with machinery to assist them with the muscular requirements of work, automation
greatly decreases the need for human sensory and mental requirements as well. Automation
plays an increasingly important role in the world economy and in daily experience.

AUTOMATION IMPACTS

1) It increases productivity and reduces cost.

2) Replacing human operators in tasks that involve hard physical or monotonous
work.
3) Replacing humans in tasks done in dangerous environments (i.e. fire, space,
volcanoes, nuclear facilities, underwater, etc.)
4) Performing tasks that are beyond human capabilities of size, weight, speed,
endurance, etc.
5) Automation is often applied primarily to increase quality in the manufacturing
process, where automation can increase quality substantially.
6) Automation reduces power consumption and reduces man power requirement.
7) Automation improves production quality.
8) Automation provides safer working conditions.

Programmable Logic Controller (PLC)

A programmable logic controller (PLC) or programmable controller is a digital

computer used for automation of electromechanical processes, such as control of machinery
on factory assembly lines, amusement rides, or light fixtures. PLCs are used in many
industries and machines. Unlike general-purpose computers, the PLC is designed for multiple
inputs and output arrangements, extended temperature ranges, immunity to electrical noise,
and resistance to vibration and impact. Programs to control machine operation are typically
stored in battery-backed or non-volatile memory. A PLC is an example of a hard real time
system since output results must be produced in response to input conditions within a
bounded time, otherwise unintended operation will result.

THE HISTORY OF PLC S

[5]
 SUMMER TRAINING REPORT ON PLC AND SCADA

1) first Programmable Logic Controllers were designed and developed by

Modicon as a relay replacer for GM and Landis.
2) These controllers eliminated the need for rewiring and adding additional
hardware for each new configuration of logic.
3) The first commercial successful PLC, the 184, was introduced in 1973 and was
designed by Michael Greenberg
PLC ADVANTAGE

PLCs not only are capable of performing the same tasks as hard-wired control, but are also
capable of many more complex applications. In addition, the PLC program and electronic
communication lines replace much of the interconnecting wires required by hard-wired
control. Therefore, hard-wiring, though still required to connect field devices, is less
intensive. This also makes correcting errors and modifying the application easier.

Some of the additional advantages of PLCs are as follows:

1) Smaller physical size than hard-wire solutions

2) Easier and faster to make changes.
3) PLCs have integrated diagnostics and override functions.
4) Diagnostics are centrally available.
5) Applications can be immediately documented.
6) Applications can be duplicated faster and less expensively.
Areas of application
1) Manufacturing / Machining
2) Food / Beverage
3) Metals
4) Power
5) Mining
6) Petrochemical / Chemical

[6]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Fig1 PLC

Inside A PLC

The Central Processing Unit (CPU) contains an internal program that tells the PLC how to
perform the following functions:

1) Execute the Control Instructions contained in the User's Programs. This program is
stored in "nonvolatile" memory, meaning that the program will not be lost if power is
removed
2) Communicate with other devices, which can include I/O Devices, Programming
Devices, Networks, and even other PLCs.
3) Perform Housekeeping activities such as Communications, Internal Diagnostics, etc.

[7]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Fig 2 Majer component of common plc

Fig 3 Typical PLC control panel

THE CPU

The microprocessor or processor module is the brain of a PLC system. It consists of the
microprocessor, memory integrated circuits, and circuits necessary to store and retrieve
information from memory. It also includes communications ports to other peripherals, other
[8]
 SUMMER TRAINING REPORT ON PLC AND SCADA

PLC's or programming terminals. Today's processors vary widely in their capabilities to

control real world devices. Some control as few as 6 inputs and outputs (I/O) and others
40,000 or more. One processor can control more than one process or manufacturing line.
Processors are often linked together in order to provide continuity throughout the process.
The number of inputs and outputs PLCs can control are limited by the overall capacity of the
PLC system hardware and memory capabilities. The job of the processor is to monitor status
or state of input devices, scan and solve the logic of a user program, and control on or off
state of output devices.

RAM

RAM or Random Access Memory is a volatile memory that would lose its information if
power were removed. This is why some processor units incorporate a battery back-up. The
type of RAM normally used is CMOS or Complementary Metal Oxide Semiconductor.

ROM

ROM or Read Only Memory is a non-volatile type of memory. This means you don't need an
external power source to keep information. In this type of memory, information can be read,

but not changed. For this reason the manufacture sometimes calls this firmware. there for the.

EEPROM

EEPROM or Electrically Erasable Programmable Read Only Memory is usually an add-on

memory module that is used to back up the main program in CMOS RAM of the processor.
In many cases, the processor can be programmed to load the EEPOM's program to RAM if
RAM is lost or corrupted.

Input Module

There are many types of input modules to choose from. The type of input module used is
dependent upon what real world input to the PLC is desired. Some examples of inputs are
limit switches, electric eyes, and pushbuttons. DC inputs, such as thumbwheel switches, can
be used to enter integer values to be manipulated by the PLC. DC input cards are used for this
application. Since most industrial power systems are inherently noisy, electrical isolation is
provided between the input and the processor. Electromagnetic interference (EMI) and Radio
[9]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Frequency Interference (RFI) can cause severe problems in most solid state control systems.
The component used most often to provide electrical isolation within I/O cards is called an
optical isolator or optocoupler. The wiring of an input is not complex. The object is to get a
voltage at a particular point on the card. Typically there are 8 to 32 input points on any one
input module. Each point will be assigned a unique address by the processor. Analog input
modules are special input cards that use analog to digital conversion (A to D) to sense
variables such as temperature, speed, pressure, and position. The external device normally is
connected to a controller (transducer) producing an electrical signal the analog input card can
interpret. This signal is usually 4 to 20 Ma or a 0 to 10 volt signal.

Output Module

Output modules can be for used for ac or dc devices such as solenoids, relays, contractors,
pilot lamps, and LED readouts. Output cards usually have from 6 to 32 output points on a
single module. The output device within the card provides the connection from the user
power supply to the load. Usually silicon controlled rectifiers (SCR), triac, or dry contact
relays are use for this purpose. Individual outputs are rated most often at 2 to 3 amperes.
Output cards, like input cards have electrical isolation between the load being connected and
the PLC. Analog output cards are a special type of output modules that use digital to analog
conversion (D to A). The analog output module can take a value stored in a 12 bit file and
convert it to an analog signal. Normally this signal is 0 -10 volts dc or 4 to 20 Ma. This
analog signal is often used in equipment such as motor operated valves and pneumatic
position control devices.

PLC OPERATION

There are four basic steps in the operation of all PLCs: which continually take place in a
repeating loop.

1) Input Scan
2) Program Scan
3) Output Scan
4) Housekeeping

Input Scan: Detects the state of all input devices that are connected to the PLC
[10]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Program Scan: Executes the user created program logic.

Fig 4 Block dia.of control system

Fi
g 5 PLC operation cycle

[11]
 SUMMER TRAINING REPORT ON PLC AND SCADA

1) Output Scan: Energizes or de-energize all output devices that are connected to the
PLC.
2) Housekeeping: This step includes communications with programming terminals,
internal diagnostics etc...

CHECK INPUT STATUS: First the PLC takes a look at each input to determine if it is on or
off. In other words, is the sensor connected to the first input on? Then the second input? Then
the third and so on…. It records this data into its memory to be used during the next step.

EXECUTE PROGRAM: Next the PLC executes your program one instruction at a time.
Maybe the program says that if the first input was on then it should turn on the first output.
Since it already knows which inputs are on/off from the previous step it will be able to decide
whether the first output should be turned on based on the state of the first input. It will store
the execution results for use later during the next step.

UPDATE OUTPUT STATUS: Finally the PLC updates the status of the outputs. It updates
the outputs based on which inputs were on during the first step and the results of executing
your program during the second step. Based on the example in step 2 it would now turn on
the first output because the first input was on and your program said to turn on the first output
when this condition is true.

After the third step the PLC goes back to step one and repeats the steps continuously. One
scan time is defined as the time it takes to execute the 3 steps listed above.

COMMUNICATIONS

There are several methods to communicate between a PLC and a programmer or even
between two PLCs. Communications between a PLC and a programmer (PC or Hand held)
are provided by the makers and you only have to plug in a cable from your PC to the
programming port on the PLC. This communication can be RS232; RS485 or TTY.
Communications between two PLCs can be carried out by dedicated links
supplied/programmed by the makers (RS232 etc) or via outputs from one PLC to the inputs
on another PLC. This direct link method of communication can be as simple as, if an output
on the first PLC is on then the corresponding input on the second PLC will be on and then
this input is used within the program on the second PLC.
[12]
 SUMMER TRAINING REPORT ON PLC AND SCADA

If a word of input/outputs (16 bits) are used then numerical data can be transferred from one
PLC to the other (refer back to the section on numbering systems). There are many other
methods of communication between PLCs and also from PLC to PC. Refer to the manuals
supplied with the PLC that you are using for full details on communications.

Examples of PLC Programming Software:

1. Allen-Bradley – Rockwell Software RSLogix500

2. Modicon - Modsoft

3. Omron - Syswin

4. GE-Fanuc Series 6 – LogicMaster6

5. Square D- PowerLogic

6. Texas Instruments – Simatic

PLC PROGRAMMING

Various languages are used for programming of PLCs:

Ladder diagram (LD): Ladder diagram is a graphic programming language derived

from the circuit diagram of directly wired relay controls. The ladder diagram contains contact
rails to the left and the right of the diagram; these contact rails are connected to switching
elements (normally open / normally closed contacts) via current paths and coil elements.

Fig 6 Ladder diagram of PLC

[13]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Function block diagram (FBD)

In the function block diagram, the functions and function blocks are represented graphically
and interconnected into networks. The function block diagram originates from the logic
diagram for the design of electronic circuits.

Fig 7 Logical operation in PLC

Sequential function chart (SFC)

The sequential function chart is a language resource for the structuring of

sequence-oriented control programs. The elements of the sequential function
chart are steps, transitions, alternative and parallel branching. Each step
represents a processing status of a control program, which is active or inactive.
A step consists of actions which, identical to the transitions, are formulated in
the IEC 1131-3 languages. Actions themselves can again contain sequence
structures. This feature permits the hierarchical structure of a control program.
The sequential function chart is therefore an excellent tool for the design and
structuring of control programs.

Instruction list (IL)

[14]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Statement list is a textual assembler-type language characterized by a simple machine model

(processor with only one register). Instruction list is formulated from control instructions
consisting of an operator and an operand.

LD Part_TypeA

OR Part_TypeB

AND Part_present

AND Drill_ok

ST Sleeve_in

With regard to language philosophy, the ladder diagram, the function block diagram and
instruction list have been defined in the way they are used in today’s PLC technology. They
are however limited to basic functions as far as their elements are concerned. This separates
them essentially from the company dialects used today. The competitiveness of these
languages is maintained due to the use of functions and function blocks.

Structured text (ST)

Structured text is high-level language based on Pascal, which consists of expressions and
instructions.a Instructions can be defined in the main as: Selection instructions such as
IF...THEN...ELSE etc., repetition instructions such as FOR, WHILE etc. and function block
invocations.

Sleeve_in:= (Part_TypeA OR Fig. B5.7: Part_TypeB) AND Part_present AND Drill_ok;

Structured text enables the formulation of numerous applications, beyond pure function
technology, such as algorithmic problems (high order control algorithms etc.) and data
handling (data analysis, processing of complex data structures etc.).

LADDER LOGIC

Ladder Logic or Ladder Diagrams is the most common programming language used to
program a PLC

[15]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Fig 8 Block diagram of single ladder

Ladder logic was one of the first programming approaches used in PLCs because it borrowed
heavily from the Relay Diagrams that plant electricians already knew.

The symbols used in Relay Ladder Logic consist of a power rail to the left, a second power
rail to the right, and individual circuits that connect the left power rail to the right. The logic
of each circuit (or rung) is solved from left to right. The symbols of these diagrams look like
a ladder - with two side rails and circuits that resemble rungs on a ladder.

The picture above has a single circuit or "rung" of ladder.

 If Input1 is ON (or true) - power (logic) completes the circuit from the left rail to the
right rail – and Output1 turns ON (or true).
1) If Output1 is OFF (or false) - then the circuit is not completed and logic does not flow
to the right – and Output 1 is OFF.

There are many logic symbols available in Ladder Logic - including Timers, Counters, Math,
and Data Moves-such that any logical condition or control loop can be represented in Ladder
Logic. With just a handful of basic symbols - a Normally Open Contact, Normally Closed
Contact, Normally Open Coil, Normally Closed

Coil, Timer, Counter - most logical conditions can be represented.

CONTACTS AND COILS

With just the Normally Open Contact and Normally Open Coil - a surprising array of basic
logical conditions can be represented.

Normally Open Contact. This can be used to represent any input to the control logic - a
switch or sensor, a contact from an output, or an internal output.

[16]
 SUMMER TRAINING REPORT ON PLC AND SCADA

When "solved" the referenced input is examined for an ON (logical 1) condition. If it is ON,
the contact will close and allow power (logic) to flow from left to right. If the status is OFF
(logical 0), the contact is Open, power (logic) will NOT flow from left to right.

Normally Open Coil. This can be used to represent any discrete output from the control
logic. When "solved" if the logic to the left of the coil is TRUE, the referenced output is ON
(logical 1).

Solving a Single Rung

Fig 9 Single Rung

Suppose a switch is wired to Input1, and a light bulb is wired through Output1 in such a way
that the light is OFF when Output1 is OFF, and ON when Output1 is ON.

When Input1 is OFF (logical 0) the contact remains open and power cannot flow from left to
right. Therefore, Output1 remains OFF (logical 0).

When Input1 is ON (logical 1) then the contact closes, power flows from left to right, and
Output1 becomes ON (the light turns ON).

The AND Rung

The AND is a basic fundamental logic condition that is easy to directly represent in Ladder
Logic.

Fig 10 Block diagram of AND operation

[17]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Suppose a switch is wired to Switch1, a second switch is wired to Switch2, and a light bulb is
wired through Light1 in such a way that the light is OFF when Light1 is OFF, and ON when
Light1 is ON.

In order for Light1 to turn ON, Switch1 must be ON, AND Switch2 must be ON.

If Switch1 is OFF, power (logic) flow from the left rail, but stops at Switch1. Light1 will be
OFF regardless of the state of Switch2.

If Switch1 is ON, power makes it to Switch2. If Switch2 is OFF, power cannot flow any
further to the right, and Light1 is OFF.

If Switch1 is ON, AND Switch2 is ON - power flows to Light1 solving its state to ON.

The OR Rung

The OR is a logical condition that is easy to represent in Ladder Logic.

Fig 11 Block diagram of OR operation

Suppose a switch is wired to Switch1, a second switch is wired to Switch2, and a light bulb is
wired through Light1 in such a way that the light is OFF when Light1 is OFF, and ON when
Light1 is ON. In this instance, we want to the light to turn ON if either Switch1 OR Switch2
is ON.

If Switch1 is ON - power flows to Light1 turning it ON.

If Switch2 is ON - power flows through the Switch2 contact, and up the rail to Light1 -
turning it ON.

If Switch1 AND Switch 2 are ON - Light1 is ON.

[18]
 SUMMER TRAINING REPORT ON PLC AND SCADA

The only way Light1 is OFF is if Switch1 AND Switch2 are OFF.

* Another set of basic contacts and coils that can be used in Ladder Logic are the Normally
Closed Contact and the Normally Closed Coil. These work just like their normally open
counterparts - only in the opposite.

When "solved" the referenced input is examined for an OFF condition. If the status is
OFF (logical 0) power (logic) will flow from left to right. If the status is ON, power will not
flow.

When "solved" if the coil is a logical 0, power will be turned on to the device. If logical
1, power will be OFF.

TIMERS AND COUNTERS

Many times we will want to take action in a control program based on more than the states of
discrete inputs and outputs. Sometimes, we will want to turn something on after a delay, or
count the number of times a switch is hit. To do these simple tasks, we will need Timers &
Counters.

Simple Timers (TIM)

A timer is simply a control block that takes an input and changes an output based on time.
There are two basic timer types we will deal with initially (there are other advanced timers,
but we will start with the basics first) - On-Delay Timer and the Off-Delay Timer.

On-Delay Timer

This timer takes an input, waits a specific amount of time, then turns ON an output (or allows
logic to flow after the delay).

Off-Delay Timer

this timer takes turns ON an output (or allows logic to flow) and keeps that output ON until
the set amount of time has passed, then turns it OFF (hence off-delay)

[19]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Simple Counter (CNT)

A counter simply counts the number of events that occur on an input. There are two basic
types of counters - Up counter and a Down counter.

Up Counter

As its name implies, whenever a triggering event occurs, an up counter

increments the counter.

Down Counter

whenever a triggering event occurs, a down counter decrements the counter.

Fig 12 Block diagram of time counter operation

PLC Application Example:

AUTOMATION USING A PLC

PLCs are electronic devices that work on the basic principle of logic gates. It was a major
leap from sequencing automation with rotating cams or with series of electrical relay
switches, to using micro processor based PLC sequencers. With micro processors, the
sequencers could be programmed to follow different sequences under different conditions.
The physical structure of a PLC is as important as a feature as its computerized inwards. The

[20]
 SUMMER TRAINING REPORT ON PLC AND SCADA

central component, the CPU, contains the digital computer and plugs into a bus or a rack.
Other PLC modules can be plugged into the same bus. Optional interface modules are
available for just about any type of sensor or actuator.
The PLC user buys only the modules needed, and thus avoids having to worry about
compatibility between sensors, actuators and the PLC. Most PLCs offer communication
modules now, so that the PLC can exchange data with at least other PLCs of the same make.

Fig 13 AUTOMATED CAR PARKING SYSTEM

AUTOMATED CAR PARKING SYSTEM:

Automated parking is a method of automatically parking and retrieving cars typically using a
computerized system of lifts and carriers. As the system removes the need for driveways and
ramps, the floor area and the volume of the parking station itself can be more efficiently used.
For the driver, the process is very simple. They park their car at an entrance point then leave
the vehicle. From there, the car is automatically moved through the parking system. It's
returned to the driver in the same fashion using a signaling device (similar to a credit card) or
for a public car park a ticket and payment system in a designated waiting zone.
Automated parking systems can be designed to fit above or below ground, allowing for
[21]
 SUMMER TRAINING REPORT ON PLC AND SCADA

flexible usage of land space; this means the footprint can be reduced to one-third of the land
required by conventional car parking solutions. Cost-effective on a number of fronts,
automated parking also offers significantly improved service to the customer.

Fig 14 AUTOMATED CAR PARKING SYSTEM

These automated car parking systems are suitable for installation in basements, open floors or
open spaces outside commercial buildings, residential buildings, shopping malls, and other
public places. Such multi-level automated car parking systems have been installed all around
the world, especially in Europe, Korea, Japan and some other parts of South-East Asia.
There is an overwhelming need for these systems because of increasing traffic and non-
availability of adequate parking spaces, especially in urban cities. The most unique feature of
such systems is that they increase the parking space available on the ground by more than
30%, depending upon the kind of system installed and the contours of the space available.
Multi-level parking systems require careful planning and assessment of the space available,
traffic flows, and the capacity utilization within that space. These systems can be integrated
within concrete (RCC) structures.

[22]
 SUMMER TRAINING REPORT ON PLC AND SCADA

SCADA

INTRODUCTION

SCADA stands for Supervisory Control and Data Acquisition. It refers to an industrial
control system: a computer system monitoring and controlling a process. The process can be
industrial, infrastructure or facility based as described below:

Industrial Process: it includes those of manufacturing, production, power generation,

fabrication and refining and process may be in continuous, batch, repetitive or discrete
modes.

Infrastructure Process: it may be public or private, and water treatment and

distribution, wastewater collection and treatment, oil and gas pipelines, electrical power
transmission and distribution, and large communication systems.

Facility Process: it occur both in public facilities and private ones, including buildings,
airports, ships and space stations. They monitor and control HVAC, access and energy
consumption.

[23]
 SUMMER TRAINING REPORT ON PLC AND SCADA

Fig. 15 SCADA System

A SCADA System usually consists of the following Subsystems:

1. A Human-Machine Interface (HMI) is the apparatus which presents process data to a

human operator, and through this, the human operator monitors and controls the
process.
2. A supervisory (computer) system, gathering (acquiring) data on the process and
sending commands (control) to the process.
3. Remote Terminal Units (RTU) connecting to sensors in the process, converting
sensor signals to digital data and sending digital data to the supervisory system.
4. Programmable Logic Controller (PLC) used as field devices because they are more
economical, versatile, flexible, and configurable than special-purpose RTUs.
5. Communication infrastructure connecting the supervisory system to the Remote
Terminal Units.

Systems concepts

[24]
 SUMMER TRAINING REPORT ON PLC AND SCADA

The term SCADA usually refers to centralized systems which monitor and control entire
sites, or complexes of systems spread out over large areas (anything between an industrial
plant and a country). Most control actions are performed automatically by Remote Terminal
Units ("RTUs") or by Programmable Logic Controllers ("PLCs"). Host control functions are
usually restricted to basic overriding or supervisory level intervention.

Ex: A PLC may control the flow of cooling water through part of an industrial process, but
the SCADA system may allow operators to change the set points for the flow, and enable
alarm conditions, such as loss of flow and high temperature, to be displayed and recorded.
The feedback control loop passes through the RTU or PLC, while the SCADA system
monitors the overall performance of the loop.

Data Acquisition begins at the RTU or PLC level and includes meter readings and equipment
status reports that are communicated to SCADA as required. Data is then compiled and
formatted in such a way that a control room operator using the HMI can make supervisory
decisions to adjust or override normal RTU (PLC) controls. Data may also be fed to a
Historian, often built on a commodity Database Management System, to allow trending and
other analytical auditing.

TAGS (POINTS)

SCADA systems typically implement a distributed database, commonly referred to as a tag

database, which contains data elements called tags or points. A point represents a single
input or output value monitored or controlled by the system. Points can be either "hard" or
"soft". A hard point represents an actual input or output within the system, while a soft point
results from logic and math operations applied to other points.

(Most implementations conceptually remove the distinction by making every property a

"soft" point expression, which may, in the simplest case, equal a single hard point.) Points are
normally stored as value time stamp pairs: a value, and the Time-Stamp when it was recorded
or calculated. A series of value time stamp pairs gives the history of that point. It's also
common to store additional metadata with tags, such as the path to a field device or PLC
register, design time comments, and alarm information.

Human Machine Interface

[25]
 SUMMER TRAINING REPORT ON PLC AND SCADA

A Human Machine Interface or HMI is the apparatus which presents process data to a human
operator, and through which the human operator controls the process.

An HMI is usually linked to the SCADA system's Database and software programs, to
provide trending, diagnostic data, and management information such as scheduled
maintenance procedures, logistic information, detailed schematics for a particular sensor or
machine, and expert-system troubleshooting guides.

The HMI system usually presents the information to the operating personnel graphically, in
the form of a mimic diagram. This means that the operator can see a schematic representation
of the plant being controlled. For example, a picture of a pump connected to a pipe can show
the operator that the pump is running and how much fluid it is pumping through the pipe at
the moment. The operator can then switch the pump off. The HMI software will show the
flow rate of the fluid in the pipe decrease in real time. Mimic diagrams may consist of line
graphics and schematic symbols to represent process elements, or may consist of digital
photographs of the process equipment overlain with animated symbols.The HMI package for
the SCADA system typically includes a drawing program that the operators or system
maintenance personnel use to change the way these points are represented in the interface.
ALARM

An important part of most SCADA implementations is alarm handling. The system monitors
whether certain alarm conditions are satisfied, to determine when an alarm event has
occurred. Once an alarm event has been detected, one or more actions are taken (such as the
activation of one or more alarm indicators, and perhaps the generation of email or text
messages so that management or remote SCADA operators are informed). In many cases, a
SCADA operator may have to acknowledge the alarm event; this may deactivate some alarm
indicators, whereas other indicators remain active until the alarm conditions are cleared.
Alarm conditions can be explicit - for example, an alarm point is a digital status point that has
either the value

NORMAL or ALARM that is calculated by a formula based on the values in other analogue
and digital points - or implicit: the SCADA system might automatically monitor whether the
value in an analogue point lays outside high and low limit values associated with that point.
Examples of alarm indicators include a siren, a pop-up box on a screen, or a colored or

[26]
 SUMMER TRAINING REPORT ON PLC AND SCADA

flashing area on a screen (that might act in a similar way to the "fuel tank empty" light in a
car); in each case, the role of the alarm indicator is to draw the operator's attention to the part
of the system 'in alarm' so that appropriate action can be taken. In designing SCADA
systems, care is needed in coping with a cascade of alarm events occurring in a short time,
otherwise the underlying cause (which might not be the earliest event detected) may get lost
in the noise. Unfortunately, when used as a noun, the word 'alarm' is used rather loosely in
the industry; thus, depending on context it might mean an alarm point, an alarm indicator, or
an alarm event.

Remote Terminal Unit (RTU)

The RTU connects to physical equipment. Typically, an RTU converts the electrical signals
from the equipment to digital values such as the open/closed status from a Switch or a valve,
or measurements such as pressure, flow, voltage or current. By converting and sending these
electrical signals out to equipment the RTU can control equipment, such as opening or
closing a switch or a valve or setting the speed of a pump.

Characteristics of Quality SCADA RTUs:

1. Supervisory Station

The term "Supervisory Station" refers to the servers and software responsible for
communicating with the field equipment (RTUs, PLCs, etc.), and then to the HMI software
running on workstations in the control room, or elsewhere. In smaller SCADA systems, the
master station may be composed of a single PC. In larger SCADA systems, the master station
may include multiple servers, distributed software applications, and disaster recovery sites.
To increase the integrity of the system the multiple servers will often be configured in a dual-
redundant or hot-standby formation providing continuous control and monitoring in the event
of a server failure.

2. Operational philosophy

For some installations, the costs that would result from the control system failing are
extremely high. Possibly even lives could be lost. Hardware for some SCADA systems is
ruggedized to withstand temperature, vibration, and voltage extremes, but in most critical
installations reliability is enhanced by having redundant hardware and communications
[27]
 SUMMER TRAINING REPORT ON PLC AND SCADA

channels, up to the point of having multiple fully equipped control centers. A failing part can
be quickly identified and its functionality automatically taken over by backup hardware. A
failed part can often be replaced without interrupting the process. The reliability of such
systems can be calculated statistically and is stated as the mean time to failure, which is a
variant of mean time between failures. The calculated mean time to failure of such high
reliability systems can be on the order of centuries.

Communication infrastructure and methods

SCADA systems have traditionally used combinations of radio and direct serial or modem
connections to meet communication requirements, although Ethernet and IP over SONET /
SDH is also frequently used at large sites such as railways and power stations. The remote
management or monitoring function of a SCADA system is often referred to as telemetry.
This has also come under threat with some customers wanting SCADA data to travel over
their pre established corporate networks or to share the network with other applications. The
legacy of the early low-bandwidth protocols remains, though. SCADA protocols are designed
to be very compact and many are designed to send information to the master station only
when the master station polls the RTU. Typical legacy SCADA protocols include Modbus
RTU, RP-570, Profibus and Conitel. These communication protocols are all SCADA-vendor
specific but are widely adopted and used. Standard protocols are IEC 60870-5-101 or 104,
IEC 61850 and DNP3. These communication protocols are standardized and recognized by
all major SCADA vendors. Many of these protocols now contain extensions to operate over
TCP / IP. It is good security engineering practice to avoid connecting SCADA systems to the
internet so the attack surface is reduced.

EVOLUTION

SCADA systems have evolved through 3 generations as follows:

First generation: "Monolithic"

In the first generation, computing was done by mainframe computers. Networks did not exist
at the time SCADA was developed. Thus SCADA systems were independent systems with no
connectivity to other systems. WAN were later designed by RTU vendors to communicate
with the RTU. The communication protocols used were often proprietary at that time. The
[28]
 SUMMER TRAINING REPORT ON PLC AND SCADA

first-generation SCADA system was redundant since a back-up mainframe system was
connected at the bus level and was used in the event of failure of the primary mainframe
system.

Second generation: "Distributed"

The processing was distributed across multiple stations which were connected through a LAN
and they shared information in real time. Each station was responsible for a particular task
thus making the size and cost of each station less than the one used in First Generation. The
network protocols used were still mostly proprietary, which led to significant security
problems for any SCADA system that received attention from a hacker. Since the protocols
were proprietary, very few people beyond the developers and hackers knew enough to
determine how secure a SCADA installation was. Since both parties had invested interests in
keeping security issues tight, the security of a SCADA installation was often badly
overestimated, if it was considered at all.

Third generation: "Networked"

These are the current generation SCADA systems which use open system architecture rather
than a vendor controlled proprietary environment. The SCADA system utilizes open
standards and protocols, thus distributing functionality across a WAN rather than a LAN. It is
easier to connect third party peripheral devices like printers, disk drives, and tape drives due
to the use of open architecture. WAN protocols such as Internet Protocol (IP) are used for
communication between the master station and communications equipment. Due to the usage
of standard protocols and the fact that many networked SCADA systems are accessible from
the Internet; the systems are potentially vulnerable to remote cyber-attacks. On the other
hand, the usage of standard protocols and security techniques means that standard security
improvements are applicable to the SCADA systems, assuming they receive timely
maintenance and updates.

Security Issues

The move from proprietary technologies to more standardized and open solutions together
with the increased number of connections between SCADA systems and office networks and
the Internet has made them more vulnerable to attacks - see references. Consequently, the
[29]
 SUMMER TRAINING REPORT ON PLC AND SCADA

security of SCADA-based systems has come into question as they are increasingly seen as
extremely vulnerable to cyber warfare/cyber terrorism attacks.

In particular, security researchers are concerned about:

1. The lack of concern about security and authentication in the design, deployment and
operation of existing SCADA networks.

2. The belief that SCADA systems have the benefit of security through obscurity through the
use of specialized protocols and proprietary interfaces.

3. The belief that SCADA networks are secure because they are physically secured.

4. The belief that SCADA networks are secure because they are disconnected from the
Internet.

SCADA systems are used to control and monitor physical processes, examples of which are
transmission of electricity, transportation of gas and oil in pipelines, water distribution, traffic
lights, and other systems used as the basis of modern society. The security of these SCADA
systems is important because compromise or destruction of these systems would impact
multiple areas of society far removed from the original compromise. For example, a blackout
caused by a compromised electrical SCADA system would cause financial losses to all the
customers that received electricity from that source. How security will affect legacy SCADA
and new deployments remains to be seen.

In June 2010, Virus BlokAda reported the first detection of malware that attacks SCADA
systems (Siemens' WinCC/PCS7 systems) running on Windows operating systems. The
malware is called stuxnet and uses four zero-day attacks to install a rootkit which in turn logs
in to the SCADA's database and steals design and control files. The malware is also capable
of changing the control system and hiding those changes. The malware was found by an anti-
virus security company on 14 systems with the majority in Iran.

Conclusion

This report has discussed the role that programmable logic controllers have in the efficient
design and control of mechanical processes. Also discussed was the understanding SCADA

[30]
 SUMMER TRAINING REPORT ON PLC AND SCADA

and the programming involved with it. Finally, the report has discussed relay logic and the
evolution that ladder logic made from it.

1. Programmable Logic History: This section discussed the history and advancement of
controls technology, with a comparison of programmable logic controllers and hard-wired
relays.

2. PLC components: This section defined what programmable logic is and described all
hardware associated with it.

3. PLC Programming: This section covered various technique of PLC programming.

4 SCADA: This section contain basic introduction of SCADA system.

[31]