SCADA architecture model
In this model by the ISA-112 SCADA Systems standards committee, letter are used to label layers to avoid potential conflict with ISA-95 and other similar models. Routers and firewalls between layers are not shown, nor are other system-specific servers, applications and workstation. Remote-hosted external applications (cloud) could not be configured to attach to devices at any level with appropriate firewalls, tunneling and routing.
*Note that although this shows a Purdue level 5, the true Purdue model only has levels 0 to 4 because it did not anticipate external applications.
In general, layers A through D will tend to be at the remote site, which could be anything from a single point and RTU to a remote compressor or pump station complete with its own “mini” control system with wireless SCADA connections to associated well pads, isolation valves or remote storage facilities, thus making “site n” a small SCADA system, or at least a data concentration site on its own.
Similarly, levels F and G identify the typical SCADA components that reside on the central SCADA server(s), typically in the main control center. Alarms and Historian have been identified as two typical databases residing at this level, though as indicated by the “database” box on the right, they are by no means the only ones; they are just the ones that the committee believes require particular attention since, from a SCADA perspective, they will have some unique constraints and items to be considered when developing a system.
The other addition to the proposed SCADA model is the concept of cloud computing, presently shown as the “external applications” cloud at the top. Though a link is only shown to the databases at the SCADA server, there is the potential to link to elements at any level, with, of course, the appropriate cybersecurity protocols.
Lastly, the red lines on either side of level J are intended to show the clear demarcation between the OT (SCADA related systems), IT and public or external networks as a reminder to pay particular attention to the cyber requirements when crossing between different layers and systems.
The virtualization of systems per Open Process Automation Forum (OPAF) and arguably IIOT, is changing control system architectures once more, with the biggest impact at the top (nonexistent Level 5 at the top of the model) and again at Level 1, with basic regulatory control moving closer to the process itself. Because more functionality in these models will reside in software versus the hardware-based representation, the case can be made that the function-based reference model will become even more important since the physical hardware could potentially be flattened into fewer layers residing in the cloud and a couple virtual machines for the hardware above the sensor layer(s).
Next month we will continue the discussion on how SCADA and control systems are evolving by having a look at how LTE and 5G are adding another dimension to the ways future systems could potentially develop and be even more tightly integrated with their associated supply chains.
About the author: Ian Verhappen