1
00:00:00,240 --> 00:00:01,290
In this lesson,

2
00:00:01,290 --> 00:00:03,600
we're going to discuss industrial control systems

3
00:00:03,600 --> 00:00:06,510
and supervisory control and data acquisition systems,

4
00:00:06,510 --> 00:00:08,940
known as ICS and SCADA.

5
00:00:08,940 --> 00:00:11,340
In general, most of us work in IT,

6
00:00:11,340 --> 00:00:13,200
which is information technology.

7
00:00:13,200 --> 00:00:14,580
Now, information technology

8
00:00:14,580 --> 00:00:16,440
includes our standard Windows computers,

9
00:00:16,440 --> 00:00:17,910
our servers, our networks,

10
00:00:17,910 --> 00:00:20,250
our cloud platforms, and things like that.

11
00:00:20,250 --> 00:00:22,470
When we start talking about ICS and SCADA, though,

12
00:00:22,470 --> 00:00:26,190
we're moving into the world of OT, operational technology.

13
00:00:26,190 --> 00:00:28,683
Now, operational technology is a communications network

14
00:00:28,683 --> 00:00:31,770
that is designed to implement an industrial control system

15
00:00:31,770 --> 00:00:33,270
rather than our traditional business

16
00:00:33,270 --> 00:00:35,130
and data networking systems.

17
00:00:35,130 --> 00:00:36,990
When we're dealing with ICS and SCADA,

18
00:00:36,990 --> 00:00:39,150
we're not going to be focused on end user machines

19
00:00:39,150 --> 00:00:41,190
or Windows 11 workstation, for example,

20
00:00:41,190 --> 00:00:42,720
sitting on our networks.

21
00:00:42,720 --> 00:00:44,220
Instead, with OT,

22
00:00:44,220 --> 00:00:46,200
we're going to be using technology and computers

23
00:00:46,200 --> 00:00:48,090
do something in the physical world

24
00:00:48,090 --> 00:00:49,560
like open or shut a valve

25
00:00:49,560 --> 00:00:51,570
like you might do in a manufacturing plant,

26
00:00:51,570 --> 00:00:54,000
create power generation in an electrical power plant,

27
00:00:54,000 --> 00:00:56,790
or turn lights on or off, and things like that.

28
00:00:56,790 --> 00:00:58,770
Now, when you look at operational technology,

29
00:00:58,770 --> 00:00:59,850
it does look different

30
00:00:59,850 --> 00:01:02,670
than our other typical information technology networks.

31
00:01:02,670 --> 00:01:04,950
For example, here's what OT looks like

32
00:01:04,950 --> 00:01:07,620
with a big cabinet with dials and gauges and buttons

33
00:01:07,620 --> 00:01:10,050
that reference that is happening in the real world.

34
00:01:10,050 --> 00:01:11,790
If I want to open or shut a different valve

35
00:01:11,790 --> 00:01:13,590
or turn on or turn off a different pump,

36
00:01:13,590 --> 00:01:15,450
I would push the buttons on that diagram

37
00:01:15,450 --> 00:01:16,530
in front of the cabinet

38
00:01:16,530 --> 00:01:18,600
instead of something like using a Windows machine

39
00:01:18,600 --> 00:01:21,960
and using commands like start open valve, pressing Enter.

40
00:01:21,960 --> 00:01:24,270
Now, this isn't to say you can't connect a Windows machine

41
00:01:24,270 --> 00:01:26,100
and use them as a digital interface

42
00:01:26,100 --> 00:01:28,320
into the world of OT because you can,

43
00:01:28,320 --> 00:01:30,360
but in general, when you think of OT,

44
00:01:30,360 --> 00:01:32,010
I want you to be thinking about technology

45
00:01:32,010 --> 00:01:34,050
that interacts with the real world.

46
00:01:34,050 --> 00:01:36,660
A lot of operational technology can just be done

47
00:01:36,660 --> 00:01:38,970
in a manufacturing plant using systems like this,

48
00:01:38,970 --> 00:01:41,280
and you don't even need to have a regular computer.

49
00:01:41,280 --> 00:01:43,170
But if you want to use a Windows computer

50
00:01:43,170 --> 00:01:45,330
and control these operational technology networks,

51
00:01:45,330 --> 00:01:48,450
you can do that and you can integrate IT with OT.

52
00:01:48,450 --> 00:01:50,460
But again, you don't have to.

53
00:01:50,460 --> 00:01:52,410
Now, in the world of operational technology,

54
00:01:52,410 --> 00:01:54,300
we have two main types of systems,

55
00:01:54,300 --> 00:01:55,950
we have industrial control systems

56
00:01:55,950 --> 00:01:59,010
and supervisory control and data acquisition systems.

57
00:01:59,010 --> 00:02:01,200
First, we have industrial control systems.

58
00:02:01,200 --> 00:02:04,200
Now, an industrial control system, also known as ICS,

59
00:02:04,200 --> 00:02:07,200
provides the mechanisms for workflow and process automation

60
00:02:07,200 --> 00:02:09,419
by controlling machinery using embedded devices,

61
00:02:09,419 --> 00:02:10,380
that are designed to perform

62
00:02:10,380 --> 00:02:12,420
a specific and dedicated function.

63
00:02:12,420 --> 00:02:15,270
ICS is heavily used to control real-world devices

64
00:02:15,270 --> 00:02:16,560
and critical infrastructure.

65
00:02:16,560 --> 00:02:19,050
Things like power suppliers, water suppliers,

66
00:02:19,050 --> 00:02:21,090
healthcare services, telecommunication,

67
00:02:21,090 --> 00:02:22,950
and national security services.

68
00:02:22,950 --> 00:02:25,290
If you interconnect multiple ICSs together,

69
00:02:25,290 --> 00:02:28,890
you can actually create a distributed control system or DCS.

70
00:02:28,890 --> 00:02:31,170
Now, when you're dealing with industrial control systems,

71
00:02:31,170 --> 00:02:33,630
you have to prioritize availability and integrity

72
00:02:33,630 --> 00:02:35,310
over confidentiality.

73
00:02:35,310 --> 00:02:36,540
Now, in the IT world,

74
00:02:36,540 --> 00:02:38,850
we usually focus on the CIA triad

75
00:02:38,850 --> 00:02:40,500
and we start thinking about that all three things

76
00:02:40,500 --> 00:02:41,460
are really important

77
00:02:41,460 --> 00:02:43,680
with confidentiality being a strong contender

78
00:02:43,680 --> 00:02:44,820
for first place.

79
00:02:44,820 --> 00:02:46,890
But in the world of operational technology,

80
00:02:46,890 --> 00:02:49,110
confidentiality is actually the least important

81
00:02:49,110 --> 00:02:50,490
of the three components.

82
00:02:50,490 --> 00:02:51,960
Availability is paramount,

83
00:02:51,960 --> 00:02:54,030
and it's that way for a good reason.

84
00:02:54,030 --> 00:02:56,340
Let's think about the purpose of operational technology

85
00:02:56,340 --> 00:02:59,040
and what it was originally designed to do in manufacturing.

86
00:02:59,040 --> 00:03:00,960
It was all about maximizing the efficiency

87
00:03:00,960 --> 00:03:02,610
of our manufacturing plants.

88
00:03:02,610 --> 00:03:04,920
After all, anytime that plant was down,

89
00:03:04,920 --> 00:03:06,870
the organization is not making money,

90
00:03:06,870 --> 00:03:09,510
so for them, availability is everything.

91
00:03:09,510 --> 00:03:11,850
Also, back then, the manufacturing plants

92
00:03:11,850 --> 00:03:13,170
didn't connect to the internet,

93
00:03:13,170 --> 00:03:14,070
and the entire network

94
00:03:14,070 --> 00:03:15,990
was located within the walls of the factory,

95
00:03:15,990 --> 00:03:18,060
so we had that physical boundary

96
00:03:18,060 --> 00:03:20,220
to provide us some level of confidentiality.

97
00:03:20,220 --> 00:03:22,860
This meant that confidentiality wasn't a big deal

98
00:03:22,860 --> 00:03:23,970
and we didn't have to think about

99
00:03:23,970 --> 00:03:25,890
having to build that into our networks.

100
00:03:25,890 --> 00:03:27,420
This is because we trusted the people

101
00:03:27,420 --> 00:03:29,280
who were working in our factories.

102
00:03:29,280 --> 00:03:32,100
Now, let's take a look at another good example of ICS

103
00:03:32,100 --> 00:03:34,620
that's used on a daily basis all over the world.

104
00:03:34,620 --> 00:03:36,780
Here we have a US Navy warship.

105
00:03:36,780 --> 00:03:38,070
This is a great example

106
00:03:38,070 --> 00:03:39,990
because it contains multiple ICSs

107
00:03:39,990 --> 00:03:41,520
that are focused on different things

108
00:03:41,520 --> 00:03:44,670
because essentially that ship is a city at sea.

109
00:03:44,670 --> 00:03:46,620
Now, remember when you hear ICS,

110
00:03:46,620 --> 00:03:48,180
this is essentially just a network

111
00:03:48,180 --> 00:03:49,950
that manages embedded devices.

112
00:03:49,950 --> 00:03:51,750
On that ship, there's a power plant

113
00:03:51,750 --> 00:03:53,100
that creates the electricity.

114
00:03:53,100 --> 00:03:54,450
There's an equivalent of a factory

115
00:03:54,450 --> 00:03:56,580
with all the machines needed to create thrust

116
00:03:56,580 --> 00:03:59,160
and turn that propeller and move the ship through the water.

117
00:03:59,160 --> 00:04:00,720
There's a telecommunications backbone

118
00:04:00,720 --> 00:04:03,510
for voice and video that's going throughout the entire ship.

119
00:04:03,510 --> 00:04:06,090
There's waste and water treatment facilities on board.

120
00:04:06,090 --> 00:04:07,830
Everything those sailors need to survive

121
00:04:07,830 --> 00:04:10,020
for months at a time is on that ship,

122
00:04:10,020 --> 00:04:13,530
and it's all being controlled by ICS and embedded devices.

123
00:04:13,530 --> 00:04:16,230
Now, to interconnect all these industrial control systems,

124
00:04:16,230 --> 00:04:20,040
ICS uses a communication technology known as fieldbus.

125
00:04:20,040 --> 00:04:22,980
Now, fieldbus is a digital serial data communication

126
00:04:22,980 --> 00:04:25,320
that is going to be used in operational technology networks

127
00:04:25,320 --> 00:04:27,300
to link different programmable logic controllers,

128
00:04:27,300 --> 00:04:29,130
or PLCs, together.

129
00:04:29,130 --> 00:04:30,960
A programmable logic controller

130
00:04:30,960 --> 00:04:32,490
is a type of digital computer

131
00:04:32,490 --> 00:04:33,840
that's used in industrial settings

132
00:04:33,840 --> 00:04:36,000
to enable automation and assembly lines,

133
00:04:36,000 --> 00:04:37,440
autonomous field operations,

134
00:04:37,440 --> 00:04:39,690
robotics, and other applications.

135
00:04:39,690 --> 00:04:42,300
PLCs are going to be interconnected using fieldbus

136
00:04:42,300 --> 00:04:44,640
with sensors, input and output devices

137
00:04:44,640 --> 00:04:47,220
to connect the real world with the digital world.

138
00:04:47,220 --> 00:04:49,650
These PLCs can be programmed to conduct an action

139
00:04:49,650 --> 00:04:52,350
based on an input it receives from a given sensor.

140
00:04:52,350 --> 00:04:54,150
Now, to program these PLCs,

141
00:04:54,150 --> 00:04:57,600
we're going to use an HMI, or human-machine interface.

142
00:04:57,600 --> 00:05:00,540
A human-machine interface can be a local control panel

143
00:05:00,540 --> 00:05:03,540
or a piece of software running on a regular computer.

144
00:05:03,540 --> 00:05:05,220
The human-machine interface is going to act

145
00:05:05,220 --> 00:05:06,840
as the input to the PLCs

146
00:05:06,840 --> 00:05:09,090
and the output for the entire system.

147
00:05:09,090 --> 00:05:11,460
This way, a human can quickly see and monitor

148
00:05:11,460 --> 00:05:14,160
what that system is doing at any given time.

149
00:05:14,160 --> 00:05:15,870
After all, as a human operator,

150
00:05:15,870 --> 00:05:17,970
I need to be able to see what the machine is doing

151
00:05:17,970 --> 00:05:19,680
by reading gauges or other screens

152
00:05:19,680 --> 00:05:21,750
as well as to be able to give input to that machine

153
00:05:21,750 --> 00:05:22,980
for what I want it to do.

154
00:05:22,980 --> 00:05:25,320
And I do this by pushing buttons, turning knobs,

155
00:05:25,320 --> 00:05:27,810
entering keystrokes, or even using a touch screen.

156
00:05:27,810 --> 00:05:29,430
For example, if I worked in a hospital

157
00:05:29,430 --> 00:05:31,170
as a radiography technician,

158
00:05:31,170 --> 00:05:32,910
I might need to take some X-rays.

159
00:05:32,910 --> 00:05:34,560
I can have a human machine interface

160
00:05:34,560 --> 00:05:36,540
that's a flat panel screen, and I can touch it

161
00:05:36,540 --> 00:05:38,610
and tell the machine what I want it to do.

162
00:05:38,610 --> 00:05:41,220
This way, the panel can take that information from me,

163
00:05:41,220 --> 00:05:43,410
send it to the machine, and then take the X-ray

164
00:05:43,410 --> 00:05:45,870
in the case of this radiography machine.

165
00:05:45,870 --> 00:05:48,630
This allows the ICS and the PLCs connected to it

166
00:05:48,630 --> 00:05:49,770
to form a control loop,

167
00:05:49,770 --> 00:05:52,110
and the whole process of automation is going to be governed

168
00:05:52,110 --> 00:05:54,120
by some kind of control server.

169
00:05:54,120 --> 00:05:56,310
Now, the second type of OT we need to talk about

170
00:05:56,310 --> 00:05:59,190
is supervisory control and data acquisition systems,

171
00:05:59,190 --> 00:06:00,870
which is known as SCADA.

172
00:06:00,870 --> 00:06:02,460
Now, technically, SCADA is a type

173
00:06:02,460 --> 00:06:03,990
of industrial control system,

174
00:06:03,990 --> 00:06:05,670
and it's used to manage large scale

175
00:06:05,670 --> 00:06:07,350
multi-site devices and equipment

176
00:06:07,350 --> 00:06:10,680
spread over a geographic region from your host computer.

177
00:06:10,680 --> 00:06:12,390
Now, this may be a bit confusing at first,

178
00:06:12,390 --> 00:06:14,040
so I want you to remember it this way.

179
00:06:14,040 --> 00:06:15,810
If you hear the term ICS,

180
00:06:15,810 --> 00:06:18,180
we're talking about a single plant or system.

181
00:06:18,180 --> 00:06:19,950
If we're talking about a DCS,

182
00:06:19,950 --> 00:06:22,200
this is a small connection of ICS systems,

183
00:06:22,200 --> 00:06:25,230
but still normally in one building or one facility.

184
00:06:25,230 --> 00:06:27,150
When you start moving into the world of SCADA,

185
00:06:27,150 --> 00:06:30,030
we're talking about many different ICS and DCS plants

186
00:06:30,030 --> 00:06:32,880
that are all interconnected through a wide area network.

187
00:06:32,880 --> 00:06:34,560
Because of the wide reach of SCADA,

188
00:06:34,560 --> 00:06:36,960
it is normally going to be operated with a piece of software

189
00:06:36,960 --> 00:06:40,050
that runs on an ordinary system like Windows or Linux.

190
00:06:40,050 --> 00:06:41,970
This SCADA system can then gather data

191
00:06:41,970 --> 00:06:44,250
and manage it across all the different plant devices

192
00:06:44,250 --> 00:06:45,450
and all the different equipment

193
00:06:45,450 --> 00:06:48,060
that has embedded PLCs in those plants.

194
00:06:48,060 --> 00:06:50,190
To interconnect these plants in the SCADA network,

195
00:06:50,190 --> 00:06:52,590
you're going to need a wide area network connection,

196
00:06:52,590 --> 00:06:54,180
which can be either cellular,

197
00:06:54,180 --> 00:06:55,980
microwave, satellite, fiber,

198
00:06:55,980 --> 00:06:57,960
or even a VPN-based LAN.

199
00:06:57,960 --> 00:06:59,520
You can really use whatever you want,

200
00:06:59,520 --> 00:07:00,990
just like when you're designing your connections

201
00:07:00,990 --> 00:07:01,980
for your other networks,

202
00:07:01,980 --> 00:07:03,510
but you need to make sure you're linking back

203
00:07:03,510 --> 00:07:06,810
all those field devices to the central SCADA server.

204
00:07:06,810 --> 00:07:08,970
A good example of a large scale SCADA network

205
00:07:08,970 --> 00:07:10,110
is a smart meter system

206
00:07:10,110 --> 00:07:12,480
used by many electric companies around the world.

207
00:07:12,480 --> 00:07:14,640
At my home, for example, we have a smart meter

208
00:07:14,640 --> 00:07:16,530
that was installed by the electric company.

209
00:07:16,530 --> 00:07:18,150
Each month, instead of them having to come out

210
00:07:18,150 --> 00:07:19,140
and read my meter,

211
00:07:19,140 --> 00:07:20,790
that meter sends them the information

212
00:07:20,790 --> 00:07:22,050
over a cellular connection

213
00:07:22,050 --> 00:07:24,360
and they now know how much they need to bill me.

214
00:07:24,360 --> 00:07:26,220
Additionally, they can connect to my meter

215
00:07:26,220 --> 00:07:27,840
and monitor not just my usage,

216
00:07:27,840 --> 00:07:29,550
but also my up and down status

217
00:07:29,550 --> 00:07:30,990
because all the houses in my area

218
00:07:30,990 --> 00:07:32,730
are part of this SCADA network.

219
00:07:32,730 --> 00:07:34,710
So, by having this SCADA network,

220
00:07:34,710 --> 00:07:36,420
they no longer have to pay meter readers

221
00:07:36,420 --> 00:07:37,980
to go out and manually check the meters

222
00:07:37,980 --> 00:07:40,167
of every house in the city every single month,

223
00:07:40,167 --> 00:07:42,540
and instead, they simply use the cellular chip

224
00:07:42,540 --> 00:07:44,640
that's in there to take a reading once a month

225
00:07:44,640 --> 00:07:47,310
and send it back over the cellular network as a text message

226
00:07:47,310 --> 00:07:49,710
or other data format to their SCADA server.

227
00:07:49,710 --> 00:07:51,210
It collates that information,

228
00:07:51,210 --> 00:07:52,740
passes it onto the billing system,

229
00:07:52,740 --> 00:07:54,570
and then I get a bill with the amount due

230
00:07:54,570 --> 00:07:56,570
for the electric that I used that month.