Search

SCADA Articles on SCADA World

SCADA Communications using Radio, Microwave, and Satellite

2010-03-28 14:10:08views: 1250NetSCADA

SCADA Communications using Radio, Microwave, and Satellite

In most cases when Automation or SCADA personnel are faced with dealing with deploying wireless SCADA communications you will be dealing with communications professionals including communications engineers and technicians. In a few cases some Automation or SCADA personnel have the proper FCC licenses, knowledge, and experience to design and deploy their own wireless system. Communications professionals deal with designing, installing, and maintaining communications systems media including radio, microwave, satellite, phone, and in some cases , your business LAN and WAN infrastructure.

Media Types. Terms like "deviation", "carrier", "mod", "demod", "path", "spectrum analyzer", "level", "db", and "-10", are often heard from communications professionals along with their own unique acronyms for the wireless industry. Check out the definitions.

  • carrier - A transmitted pulse or wave at a steady base frequency
  • deviation - See modulation
  • modulation - Alternation of a carrier upon which information may be imposed by varying the carrier frequency, increasing the signal strength, varying the wave phase, or other by means. This variation is called modulation. Types of analog modulation of a carrier include frequency modulation (FM), amplitude modulation (AM), and phase modulation.
  • mod - When used with demod usually means the transmit pair of a 4 wire telecommunications circuit
  • demod - When used with mod usually means the receive pair of a 4 wire telecommunications circuit
  • path - The quality of a connection between two radios. Variables used to calculate the path include antenna heights and gains, distance and terrain between the antennas, receiver sensitivity, effective radiated power, etc.
  • spectrum analyzer - A spectrum analyzer is a self contained radio equipment test device that allows users to view and analyze RF spectral information
  • db - Abbreviation for decibel. Usually used interchangeably with level to refer to audio decibel levels.
  • level - Usually used interchangeably with db to refer to audio decibel levels.
  • -10 - References to numbers terms such as -10 or +3 are usually made when speaking about audio decibel levels. A reference -10 means a -10db level. See definitions for level and db

For an Automation or SCADA specialist to succeed with wireless it is necessary to have a basic understanding of how all of this wireless media works, which media is best for their SCADA applications, and limitations associated with each media type. Lets take a look at different media types including wireless, one media type at a time: Table of SCADA media types
 
TypeTypical ApplicationRelative CostsComplexityLimitationsConsiderations
CableFactories, Plants, Offices, FacilitiesLowLowDistance determines economicsMay be subject to electrical noise & line loss
FiberFactories, Plants, FacilitiesMed-HighMed-HighDistance determines economicsImmune to electrical noise, must be protected from damage
RadioRemote FacilitiesMediumMediumDistance determined by radio path (line of sight)Bandwidth limitations, typically half-duplex
MicrowaveFacility-to Facility, Remote FacilitiesMed-HighMed-HighDistance determined by radio path (line of sight)Bandwidth cost $$, typically full-duplex
SatelliteFacility-to Facility, Remote FacilitiesHighHighSome systems may not tolerate delaysBandwidth cost big $$, typically full-duplex, timing delays
Dial-UpFacility-to Facility, Remote FacilitiesLow-MediumLow-MediumMay not be suitable or cost effective (cellular) for dedicated SCADA circuitsDialup modem operation is notorious for unreliable unattended operation

Cable

If you are lucky enough to be able to run a cable or fiber out to each of your network drops, you may not have to deal with wireless. If you can utilize cable or fiber then you are typically in pretty good shape because chances are that you or some one in your organization knows the basics of deploying this technology. Cable and Fiber communications infrastructures are typically found in factories, plants , facilities, and offices where distances are not a great issue. Generally, Automation or SCADA specialists who hook up PLC networks at factories and plants are familiar with these media types. Cable is also typically used for PLC to PLC to Host communications as well as communications drops for remote I/O on PLCs.

Cable also is probably the easiest, most forgiving media for SCADA communications. Because of the ability to run higher speeds for your PLC/RTU communications, timing problems and bandwidth issues are minimized. However, you still should follow some basic guidelines about installing cable that will generally keep you out of trouble.

One thing to avoid is to running your SCADA communications cables parallel to equipment primary power cables. Best practices dictate running the communications cable in a different cable tray than power wiring.

Another thing to do to avoid problems is to utilize the proper cables for the type of communications. Usually a PLC manufacturer will spec out using a specific cable (or equivalent) for communications or remote I/O drops. In some cases, other cables may work, but problems may be additive , showing up when you add some more cable (adding capacitance or inductance) to the network. Additionally, try to utilize the correct cable terminators.

If you are having problems getting your cable based communications to work reliably, try reducing the baud rate that the PLC network is running to see if that helps. Some additional things to check if having problems is every drop's address. Two remotes or Hosts having the same address on the same network may be death to the whole network resulting in poor-to-no communications. As a last resort you may call your communications professional to bring his HP test set or equivalent to check for noise on your cables.

Fiber

If you can not avoid electrical noise on your cables or if your facility or factory is a high electrical noise environment, you may want to consider deploying fiber optic cable. The fiber itself is completely immune to induced electrical noise. Today, fiber comes with a price disadvantage of about 1.5-2.5x when compared to cable. However, this price disadvantage will surely grow smaller in the future as fiber enjoys widespread deployment. Additionally, special tools may be required when working with fiber and transitions between the fiber and cable can be expensive and complicated. Fiber provides excellent bandwidth for SCADA applications.

PLC Network Topology and Cabling

When designing the cable one-line drawings for your PLC network, it is important to know how the manufacturer intended the Network topology to be wired. The two main topologies utilized are star and multi-drop. If you are familiar with 10BaseT twisted pair Ethernet business networks you are familiar with star topology. If you remember the hubless 10Base2 coax Ethernet business peer networks you are familiar with multi-drop topology.

Some PLC & RTU manufacturers utilize a multi-drop RS485 network that usually daisy-chains from PLC/RTU to PLC/RTU or from I/O drop to I/O drop. Usually you will find a resistive terminator on the last drop for a multi-drop network. Many larger PLC networks utilize a combination of multi-drop and star topology. Note that the network drop connections into the topology are usually not interchangeable.

Some Rules to Follow when Designing a Network
  • Keep it SIMPLE!
  • Document EVERYTHING!
  • Follow the MANUFACTURERS RECOMMENDATIONS!
  • Make sure the network selected supports the mode (peer-to-peer, master-slave, or both) of communications necessary to support your application.

Radio

For the purposes of most SCADA radio frequencies (450 mhz - 900 mhz) a path, for the most part, means at least line of sight. In other words, the two antennas need to "see" each other for the system to work reliably. Many times when designing a SCADA radio system that will work reliably, to get a path means tower work or at least raising the antennas so they can "see" each other. However, this is an important part of the job. If you don’t have a path, your communications probably won’t work. So if a tower is available, you will probably have to put the antenna up on the tower to get the system to work unless the remote is close to the master system. In some cases at lower frequencies, a radio system may work with a marginal (or no) path, but usually the reliability of the system is less than desirable.

Several other variables are used to calculate the path and they include antenna gains, receiver sensitivity, effective radiated power, etc. Your communications professional can usually determine if a path exists between your radios and antennas. In some cases he may be able to make a path where there is none by utilizing a higher gain antenna, etc. The quality of a path is measured by the fade margin. The fade margin is the amount of signal loss your system can tolerate and still operate. What causes the signal to fade?? Rain, fog, temperature inversions, vegetation such as trees, other obstructions, etc. The calculated path should have at least a 6db fade margin. Keep in mind that even on the most conservative path design, 100% reliability is seldom achieved. Too many variables can affect the path including "skip" which is not designed for or adjacent channel interference.
How about SCADA Radios?

Most radios used in SCADA applications involve low bandwidth (1200-19,200bps) applications and are used in conjunction with remote PLCs and RTUs. The typical SCADA application utilizing radio technology includes a master radio at the host site and a single radio at each remote location. The number of remote locations may typically run from 1 to up to 256 or more. The master radio may be hooked to (and controlled by) a PC, a PLC, or a PLC Network Card designed for master radio usage. Most of the radios used today for SCADA applications have internal modems and a standard serial interface such as an RS 232 communications port. This makes interfacing the radio and the PLC or RTU relatively easy.

Table of SCADA Radio System types

 
TypeTypical ApplicationRelative CostsComplexityLimitationsConsiderations
CableFactories, Plants, Offices, FacilitiesLowLowDistance determines economicsMay be subject to electrical noise & line loss
FiberFactories, Plants, FacilitiesMed-HighMed-HighDistance determines economicsImmune to electrical noise, must be protected from damage
RadioRemote FacilitiesMediumMediumDistance determined by radio path (line of sight)Bandwidth limitations, typically half-duplex
MicrowaveFacility-to Facility, Remote FacilitiesMed-HighMed-HighDistance determined by radio path (line of sight)Bandwidth cost $$, typically full-duplex
SatelliteFacility-to Facility, Remote FacilitiesHighHighSome systems may not tolerate delaysBandwidth cost big $$, typically full-duplex, timing delays
Dial-UpFacility-to Facility, Remote FacilitiesLow-MediumLow-MediumMay not be suitable or cost effective (cellular) for dedicated SCADA circuitsDialup modem operation is notorious for unreliable unattended operation

Data Radios vs. Voice Radios Modified for Data

My experience utilizing radios designed for data is MUCH better that trying to adapt a voice radio for data usage(hey I am showing my age here). Most lower end data radios (>$2000) have a built in RS232 or RS422/485. This makes it easy to interface to your RTU or PLC. Some of the things you need to consider when hooking up a radio to a PLC are timing related. Included in many data radios is the ability to set the RTS-CTS delay time. When the PLC (or RTU) wants to use the radio, it will turn RTS ON. The radio turns on the transmitter and when it is ready to transmit it should turn CTS ON telling the PLC it’s OK to send the data. If you would like to see what’s going on at the RS232 interface between the radio and the PLC/RTU equipment you can use a breakout box or , better yet, a protocol analyzer.

Some other things you need to be aware of when utilizing radios for SCADA communications include antennas issues, coax and fittings losses, and master slave operation vs. peer to peer operation. If you are deploying a radio based SCADA system with many remote radios you will in all probability utilize an omni directional antenna at the master radio and some type of a directional antenna at the remote locations. Note that directional antennas may be of a yagi of a paraflector configuration. Typical antenna gain performance numbers go from low to higher for omni to yagi to paraflector with the radiation pattern being from 360є on a omni to narrower on a yagi to narrower yet on a paraflector. Also, be sure your PLC or RTU or PLC Network is set to operate in master-slave or peer-to-peer mode depending on the radio system utilized and the application. The majority of SCADA systems deployed today with radios probably use a master-slave setup. A popular master slave protocol used by many RTU and PLC based SCADA systems is Modbus master(at the host end) and Modbus RTU(slave) at the remote end.
Table of some common SCADA Radio System PLC Protocols

 
ProtocolUseageComplexityProsLimitationsConsiderations
Modbus Master

and

Modbus RTU(Slave)

Wide Spread de-facto standard SCADA protocolLowSimple

Fast

Not Route-able

Master/Slave only

Many varying implementations

Most PLCs & RTUs and SCADA HMI packages offer Modbus as a standard or as an option

Is a Legacy Protocol

Square D

SyNET

Wide SpreadMediumRoute-able, Master/Slave and Peer-to-PeerLegacy system

Drops are limited to 19.2 K max.

Is a Legacy Protocol
AB Data Highway & Data Highway +Used with AB PLCs onlyMediumRoute-ableTypically not found in other than AB productsMay not be "radio friendly"
Siemens (TI) TIwayUsed with Siemens PLCs onlyMediumRoute-ableTypically not found in other than Seimens productsMay not be "radio friendly"
GE SNPUsed with GE Fanuc PLCs onlyMediumRoute-able

Peer-to-Peer Only

Typically not found in other than GE products

No Master-Slave (Point to MultiPoint) operation

May not be "radio friendly" due to "chatty" nature of protocol and peer to peer only
TCP/IPEmerging technology used by many PLC manufacturersMedium-HighEquipment usually has excellent Bandwidth

Route-able

Point-to-Point

Point-to- MultiPoint

May be able to utilize existing business network infrastructure

Typically the PLC manufacturers propitiatory protocol is encapsulated in TCP packetsEmerging technology,

Requires specialized radio systems

Systems may not be SCADA friendly


Be sure your to ask your communications professional to use low loss coax and fittings. For example, you can use RG8 at 450mhz but some fittings introduce an excessive amount of loss vs. the correct fittings and coax. You may be able to get away with this where the path is excellent, but when the path is marginal, I’ll put my money on the right coax and fittings.

How is NetSCADA designed to work with radio systems? Check out this link for examples of how to set up NetSCADA to handle this media type reliably.

Be sure your to ask your communications professional to use low loss coax and fittings. For example, you can use RG8 at 450mhz but some fittings introduce an excessive amount of loss vs. the correct fittings and coax. You may be able to get away with this where the path is excellent, but when the path is marginal, I’ll put my money on the right coax and fittings.
New Technology Radios

If your SCADA hardware can utilize Ethernet and TCP/IP you may be able to take advantage of some emerging technology that utilizes a combination of spread spectrum radio technology and Ethernet hardware interfaces to provide a high speed full duplex radio system or "wireless ethernet" or "ethernet radios". If your SCADA hardware can utilize this media, the challenge will be to locate equipment that is SCADA friendly. Usually low primary power consumption (<5 watts) , reasonable cost (<$1200) , DC power +12 or 24 VDV are a must for the remote SCADA radios. If you think you may be able to utilize this technology, check out these links.
Microwave

Using a microwave system for SCADA communications has been a popular option in years past where companies have built a private microwave system to provide them both data and voice services. However, in recent years many of these systems have been retired, merged, or sold off in favor of third party common carrier communication services. The typical circuit used for SCADA communications with microwave systems involves a 4 wire data circuit. These circuits are typically like a dial-up circuit except the circuit is always active and is terminated in two places only. The advantages of a dedicated 4 wire data circuit (the transmit pair is called the MOD and the receive pair is called the DEMOD) is that the connection may bypass a telephone switch or if the circuit is routed through a switch the connections are always the same allowing testing and fine tuning the circuit. This makes it easy to resolve circuit problems because the connections and terminations are always the same points. The typical SCADA microwave circuit is limited to speeds used by the analog modems found on the market. Usually additional bandwidth may be purchased if necessary. If the microwave system is digital, system termination cards (called term cards) may be digital with an RS232 or RS422/485 port directly on the system eliminating the need for an analog modem. How do you implement microwave communications with NetSCADA? Check out this link for examples of how to set up NetSCADA to handle this media type reliably.
Satellite

Using satellite technology for SCADA communications has become a more popular option in recent years due to cost reductions and more widespread availability of vendors, service, and equipment for this technology. The typical circuit used for SCADA communications with satellite systems involves a 4 wire data circuit similar to a microwave data circuit except the circuit will always be digital and will seldom need an analog modem. Since satellite systems are digital system termination cards (called term cards) are going to be digital with an RS232 or RS422/485 port directly on the term card eliminating the need for an analog modem. However note that if the earth station for the master is not at the same location as your SCADA MTU there may be an analog leased line to back haul the data from the earth station to your MTU location. In this case two analog modems will be necessary, one at the MTU site and one at the earth station site. In this case the SCADA satellite circuit is limited to speeds used by the analog modems. If you can manage to acquire use of a digital circuit to back haul the data, or if the earth station is at your MTU site, additional bandwidth across the satellite may be available, if necessary.

A few things to consider about satellite SCADA communications are cost, transmission delays, and handshaking if analog modems are necessary to backhaul the data. Satellite communications has definitely opened the door to communicate to a large number of very remote locations from a single point of communications. This technology has been used successfully where systems must cover a vast geographic area, where building a radio system(s) will not work, or the economics favor using satellite technology.
Dialup

Using dialup for SCADA communications has also become a more popular option in recent years due to widespread availability and cost reductions in cellular phone coverage. It is now common to utilize a cell phone and modem at remote sites to communicate with the remote PLCs and RTUs where building a radio system(s) is not economical.

The typical circuit used for dialup SCADA communications involves a POTS (Plain Old Telephone Service) identical to the dialup line for a desk phone at your home. Keep in mind when ordering a phone line at work (from the switch in your business office) for use with a modem you need to specify that the line is going to be used for a modem line.

In reality, a SCADA dialup connection will typically utilize several media types at the same time including cable (from the modem line to the telephone company’s Central Office (CO), microwave, cable, or fiber (from the phone company’s CO to the cell company’s CO) microwave, cable, or fiber again to the cell site, and finally radio to the remote cell phone at the PLC or RTU.

Some of the things to consider about dialup SCADA communications are usage cost and reliability of the dialup modems. Cellular communications has definitely provided a way to communicate with that one or two locations your primary radio system can’t reach reliably or economically.

Wireless communications is usually much more difficult to deal with than hardwire or fiber communications. Introduce some latency into the network such as half-duplex radio delays or satellite transmission delays, unreliable or marginal radio paths, or a communications outage on one or more remotes can be a recipe for big trouble.
Rules for Success - Wireless
Know your Media Systems Delays

Some PLC networks can not deal effectively with delays. If some of the media employed in your network has inherent delays that can be substantial (>500ms), be sure that the network and SCADA software that you select can be set up to tolerate these delays without generating an error.
Determine if you need Peer-to-Peer and Master-Slave Modes

Many PLC networks can not deal effectively with combining their peer-to-peer modes with their master-slave modes. If you need a combination of peer-to-peer and master-slave communications on the same system, be sure the networks and protocols can support this type of operation and integration without an excessive amount of bottlenecks. Bottlenecks such as protocol converters may add complexity, reliability issues, efficiency penalties, and restrictions to the gateway between the peer-to-peer and the master-slave side of your network. Know your requirements beforehand and be sure you select the proper network and interface.
Determine your Bandwidth Requirements

Carefully analyze the bandwidth requirements for your application and design communications systems that can support that bandwidth adequately. If you need 100 registers of data from 10 remotes every 2 seconds for your application, a 9600 baud master-slave radio network will not be adequate.
Radio Paths-Do you have a Path?

Look closely at the paths between your master and each remote. A single remote with a marginal path may introduce enough intermittent communications to a system to be bothersome. Two or three remotes like this may bring your system to its knees.
Organize your Data for Efficient Polling

Try to organize your PLC/RTU data into sequential registers so they may be polled with the fewest number of polls from your host. Failure to do so is the single most frequent cause of poor performance in SCADA systems. Many integrators fail to take the time to organize the process database in these PLCs or RTUs. They rely on making the host system scan the remotes multiple times to get required data for the user's application. This may be tolerable on fast, hardwired systems but will usually not work on systems where wireless media has been deployed. I have seen systems that required the host to poll a single PLC >20 times to acquire all of the SCADA data. The SCADA data was mapped into a sequential group of some unused registers which allowed the host to acquire the data in 2 scans for a 10 fold improvement. Many PLC and RTU protocols support the reading of 100 or more registers with a single poll. Take advantage of this capability to make your system as efficient as possible!

Link: http://www.netscada.com

SCADA Articles

Using Free Tools To Detect Attacks On SCADA Networks
2015-05-09 14:28:25views: 1740

ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations. Operators at Natanz nuclear facility in Iran might well have caught Stuxnet before it spread and sabotaged operations at the plant if they had been watching the wires for anomalous network traffic, a pair of ICS/SCADA experts say.

Hackers gain full control of critical SCADA systems
2015-05-09 14:04:07views: 1806

Russian researchers have found vulnerabilities in industrial control systems that they say grant full control of systems running energy, chemical and transportation systems. The vulnerabilities were discovered by researchers who over the last year probed popular and high-end ICS and SCADA systems used to control everything from home solar panel installations to critical national infrastructure.

SCADA Attacks Double in 2014
2015-05-06 07:17:15views: 1620

Annual threat report from Dell Security shows not only a significant surge in the number of attacks on retail credit card systems, but industrial SCADA systems as well, which are much more likely to go unreported.
For Dell to report an annual surge in point-of-sale (POS) attacks aimed at payment card infrastructures might not be such a surprise to people who pay any attention to the news.

The Industrial Software Revolution Begins Now
2013-10-16 11:33:59views: 2193

Invensys is kicking off the conference “The Industrial Software Revolution Begins Now” and underscoring the ‘revolution’ concept with the release of its Wonderware InTouch 2014 and Wonderware System Platform 2014 software.

Integrating Video into HMI/SCADA
2012-06-29 10:19:55views: 2492

The useful integration of video with industrial control systems has been a reality for a few years, but a burst of applications and installations is on the horizon. Cheaper bandwidth, wide availability of Internet protocol (IP) cameras, and greater familiarity with industrial Ethernet networks seem to be driving user interest.

AdvancedHMI - a different approach to HMI development
2012-06-14 10:46:48views: 1793

AdvancedHMI base package is a free software used to build HMIs that display information residing in a PLC. You will find it to be one of the fastest platforms to build an HMI with. The software takes advantage of the Visual Basic .NET development environment so effort is focused on the core software and not reinventing a development environment.

Web Services and SCADA
2012-06-12 23:06:33views: 1372

Web services can be another method for connectivity to SCADA and MES systems. They can retrieve tomorrow's weather, the price of stocks or commodities, the time of sunrise and sunset, and a slew of other publicly-available resources.

SCADA virtualisation with WinCC Version 7
2011-12-21 12:01:11views: 1312

As automation solutions become increasingly complex, it follows that the effort required to maintain both hardware and software will also increase. PCs must be provided with suitable specification and operating systems to support the applications.

Cloud-Based SCADA Systems: The Benefits and Risks
2011-12-20 22:57:31views: 929

Cloud computing is a hot topic. As people become increasingly reliant on accessing important information through the Internet, the idea of storing or displaying vital real-time data in the cloud has become more commonplace. With tech giants like Apple, Microsoft, and Google pushing forward the cloud computing concept, it seems to be more than just a passing trend.

An alternative to DCS or PLC/SCADA
2011-10-04 13:46:22views: 875

Traditionally, users have had a choice between a DCS or a PLC/SCADA approach when selecting a control system for use in process control applications. A key benefit of traditional DCSs was that the suppliers took a ‘systems approach’ and it was designed for large scale applications.