Slide 1

Transcript Slide 1

SCADA Telecommunications Data Integrity

Michael L. Watson Rapid Technologies Intl, Ltd

Michael L. Watson

• B.S.E.E. Texas ASU • 20+ Years Industry experience • Teaching AGA Measurement, Communications, and Microsoft Windows courses since 1998 • Full partner Rapid Technology Intl • Currently consulting in 5 Countries • Committee service for GPA, ANB, ONIP

Definitions

• 1. Telephone (Dialup/Lease), Cellular, Radio,Microwave Physical mediums for data transmission.

• 2. Radio The wireless transmission through space of electromagnetic waves in the approximate frequency range from 10 kilohertz to 300,000 megahertz.

• 3. Modem A device for transmitting usually digital data over telephone wires by modulating the data into an audio signal to send it and demodulating an audio signal into data to receive it.

• 4. Protocols A standard procedure for regulating data transmission between computers.

Modems

Modulation

Radios

Satellite

Telemetry Methods

• • • • • • • • • • • • • • • • • • • Conventional Radio Trunking Radio SpreadSpectrum Radio Motorola DataTAC Serial Cable Dial Up Serial Multi-Drop Leased-Line Internet IP Ethernet TCP/IP, UDP/IP TCP Pooling TCP Listen Terminal Server (TCP/IP, UDP/IP) Satellite VSAT PSTN CDPD CDMA GPRS

Definitions

• Baud rate Pronounced

bawd,

the number of

signaling elements

that occur each second. The term is named after J.M.E. Baudot, the inventor of the Baudot telegraph code. Actually BPS. For a more true indication of baud rate, the rule of thumb is to divide bps by 10 • Parity The quality of being either odd or even. The fact that all numbers have a parity is commonly used in data communications to ensure the validity of data. This is called parity checking.

• CRC Cyclic Redundancy Check, another common technique for detecting data transmission errors. Data is checked against a known fomula.

• Checksum A simple error-detection scheme in which each transmitted message is accompanied by a numerical value based on the number of set bits in the message.

9600,8,N,1

What does it mean ?

• Baud rate 1200, 2400, 4800, 9600, 19200,

…

115200 • Word bits • Parity • Stop bits 7 or 8 Even, Odd, None 0, 1, or 2

Baud Rate

Parity

Checksum

CRC

Definitions

• DTE • DCE Data Terminal Equipment Data Communications Equipment • DTE’s PC, EFM, RTU, PLC, DCS… • DCE’s Modem, Radio, CDPD, GPS, SAT…

DTE to DCE

Bits and Bytes

• Bit = 0 or 1 (One of only two values) • Byte = 8 bits (Max. number = 255) • Character = Any 8 bit or 1 byte value • Word = 8 bit CPU = 8 bit word 16 bit CPU = 16 bit word • Float = Can be 16 bit (1 byte) or 32 bit (2 byte) Normally 32 bit int. = HB/LB HW/LW • Rev. Float = Can be 16 bit or 32 bit Normally 32 bit int. = HB/LB LW/HW

Byte and word ordering

• Each 16-bit register - two 8-bit bytes – High byte/Low byte – Low byte/High byte • Each 32-bit number - two 16-bit registers (called words) – High word/Low word – Low word/High word

Byte and word ordering

• 32-bit integer (4 bytes - 2 words) • decimal 2,309,737,967 • hex • binary 89 AB CD EF 10001001 10101011 11001101 11101111 - Most significant comes first - High byte/Low byte - High word/Low word - Big Endian (big end first)

Byte and word ordering

• 32-bit integer (4 bytes - 2 words) • decimal 2,309,737,967 • hex • binary EF CD AB 89 11101111 11001101 10101011 10001001 - Most significant comes last - Low byte/High byte - Low word/High word - Little Endian (little end first)

Big-Endian and Little-Endian

• • •

Terms derived from the Lilliputians of

Gulliver's Travels

their major political issue was whether soft-boiled eggs should be opened on the big end or the little end. Likewise, the big-/little-endian computer debate has much more to do with political issues than technological merits.

Common Big Endian file formats

 Motorola 

Adobe Photoshop

-- Big Endian 

IMG (GEM Raster)

-- Big Endian 

JPEG

-- Big Endian 

MacPaint

-- Big Endian 

SGI (Silicon Graphics)

-- Big Endian 

Sun Raster

-- Big Endian 

WPG (WordPerfect Graphics Metafile)

-- Big Endian (on a PC!) 

TIFF

-- Both, Endian identifier encoded into file 

DXF (AutoCad)

-- Variable

Common Little Endian file formats

 Intel 

BMP (Windows and OS/2 Bitmaps)

-- Little Endian 

GIF

-- Little Endian 

FLI (Autodesk Animator)

-- Little Endian 

PCX (PC Paintbrush)

-- Little Endian 

QTM (Quicktime Movies)

-- Little Endian (on a Mac!) 

Microsoft RTF (Rich Text Format)

-- Little Endian 

TGA (Targa)

-- Little Endian 

Microsoft RIFF (.WAV & .AVI) --

Both 

XWD (X Window Dump) --

Both, Endian identifier encoded into file

Protocol Defined

• A standard procedure for regulating data transmission between computers. • An agreed-upon format for transmitting data between two devices. The protocol determines the following: • the type of error checking to be used • data compression method, if any • how the sending device will indicate that it has finished sending a message • how the receiving device will indicate that it has received a message • There are a variety of standard protocols from which programmers can choose. Each has particular advantages and disadvantages; for example, some are simpler than others, some are more reliable, and some are faster. • From a user's point of view, the only interesting aspect about protocols is that your computer or device must support the right ones if you want to communicate with other computers. • The protocol can be implemented either in hardware or in software.

• • • • • • • • • • • • • • • • • • • • • • • • • • • • •

Native Protocols

ABB Totalflow Allen Bradley DF1 Amocams AINET Barton ScanCom Bristol Babcock BSAP Bytel Cutler Hammer IMPACC Control Microsystems SCADAPack Daniels DSI DNP 3.0 Eagle Research Emerson (Fisher) FloBoss Emerson (Fisher) ROC Galvanic Gas Micro GE 90 Series SNPX, Ethernet & Multilin Hewlett Packard 48000 Kimray Mercury Instruments Motorola MOSCAD OMNI Flow Computers Opto 22 Reynolds Equipment Siemens 505 Siemens CAMP Siemens TIWAY Teledyne CANet Teledyne CSNet Teledyne TGP Module Thermo Automation

Modbus Protocols

ABB TotalFlow • Baker CAC 8800 • Barton ScanMod • Bristol • Control Microsystems SCADAPack • Daniels • Enron • Emerson (Fisher) FloBoss • Emerson (Fisher) ROC • Flow Automation • GE 90 Series SNPX, Ethernet & Multilin • Halliburton • Lufkin Automation DXREM

MODBUS Basics

MODBUS Basics

Modbus Reply: 01 03 08 42E7 676C 4340 F4E6 CC34 | | | | | | | | | | | | | | | CRC | | | | | | 40009 | | | | | 40008 | | | | 40007 | | | 40006 | | data bytes to follow | | | function code (03=read 40000 series registers) | Modbus address

Data Types

• Discretes • Integers • Real Numbers • ASCII Strings • Time and Date types

Data Types - Integers

• 16-bit Integers (one register each) 0 to 65535 (unsigned) -32768 to 32767 (signed) • 32-bit Integers (two registers each) 0 to 4294967295 (unsigned) -2147483648 to 2147483647 (signed)

Data Types - Real Numbers

• IEEE Floating Point • 32 bit (two registers each)

Numeric Data Types

BOOLEAN 1 bit 0 or 1 INTEGER 16 bitsHB LB (-32768 to 32767) UINTEGER 16 bitsHB LB (0 to 65535) LONG1 LONG2 32 bitsHB LB / HW LW (-2.1 to 2.1 billion) 32 bitsHB LB / LW HW (-2.1 to 2.1 billion) ULONG1 ULONG2 32 bitsHB LB / HW LW (0 to 4.2 billion) 32 bitsHB LB / LW HW (0 to 4.2 billion) FLOAT1 FLOAT2 32 bitsHB LB / HW LW - IEEE Floating point 32 bitsHB LB / LW HW - IEEE Floating point - reverse float

Data Types - ASCII Strings

Each character is one 8-bit byte Two characters per register Name size attributes STRING4 STRING8 STRING12 STRING16 32 bitsString of 4 chars 64 bitsString of 8 chars 96 bitsString of 12 chars (2 registers) (4 registers) (6 registers) 128 bits String of 16 chars (8 registers) STRING124 992 bits String of 124 chars (62 registers) STRING128 1024 bits String of 128 chars (64 registers)

Time and Date Types

Name CCYY MMDD HHMM size attributes 16 bitsYear as two 8-bit integers 16 bitsDate as two 8-bit integers 16 bitsTime as two 8-bit integers YEAR MONTH DAY HOUR MINUTE SECOND 16 bitsYear as one 16-bit integer 16 bitsMonth as one 16-bit integer (1-12) 16 bitsDay as one 16-bit integer (1-31) 16 bitsHour as one 16-bit integer (0-23) 16 bitsMinute as one 16-bit integer (0-59) 16 bitsSecond as one 16-bit integer (0-59)

Name

Time and Date Types

size -type description DAY1970 DAY1970_R 32 bit int HW LW 32 bit int LW HW Days since Jan 1, 1970 Days since Jan 1, 1970 MSECMID 32 bit int HW LW MSECMID_R 32 bit int LW HW Milliseconds since midnight Milliseconds since midnight TIME1970 32-bit Float HW LW Days since Jan 1, 1970 TIME1970_R 32-bit Float LW HW Days since Jan 1, 1970 - decimal is time of day ± 1.4 minutes TIME1900 32-bit Float HW LW Days since Jan 1, 1900 TIME1900_R 32-bit Float LW HW Days since Jan 1, 1900 - decimal is time of day ± 5.6 minutes

Enron MODBUS Basics • Register Addresses:

(and function codes)

– 1000 - 1999 (discrete input coils - function code 2 to read) – 1000 - 1999 (discrete output coils - 1read, 5write, 15 write multiple) – 3001 - 3999 (16-bit output holding registers - 3 r, 6 w, 16 wm) – 4001 - 4999 (16-bit analog input registers - fc 4 to read ) – 5001 - 5999 (32-bit INT holding registers - 3 read, 16 w/mult) – 7001 - 7999 (32-bit FLOAT holding registers - 3 read, 16 wm)

Enron MODBUS Basics

Enron MODBUS Basics

Modbus Reply: 01 03 0C 42E7676C 4340F4E6 676CF4E6 CC34 | | | | | | | | | | | | | CRC | | | | | 7008 | | | | 7007 | | | 7006 | | data bytes to follow (0C hex = 12 dec) | function code (03 = read holding registers) Modbus address

EFM Numeric Data Types

BOOLEAN INTEGER 16-bit 1-bit UINTEGER 16-bit ENRON_LONG 32-bit 0 or 1 HB LB (-32768 to 32767) HB LB (0 to 65535) signed INT HB LB / HW LW ENRON_FLOAT 32-bit HB LB / HW LW ENRON_DATE 32-bit float HB LB / HW LW ENRON_TIME whole number MMDDYY Dec 3, 2004 = 120304.00

32-bit float HB LB / HW LW whole number HHMMSS 2:16:34 PM = 141634.00

EFM String Data Types

Name size attributes ENRON_STRING4 32 bits String of 4 chars ENRON_ STRING8 ENRON_ STRING12 64 bits 96 bits String of 8 chars String of 12 chars ENRON_ STRING16 128 bits String of 16 chars ENRON_ STRING124 992 bits String of 124 chars ENRON_ STRING128 1024 bits String of 128 chars

Enron MODBUS Events

Events are changes to mapped items.

Enron MODBUS Events

Enron MODBUS History

Enron MODBUS History

DCS, SCADA, MMI, HMI What does it all mean?

• DCS Direct Control System (Full Control of a system) • SCADA Supervisory Control And Data Acquisition (Supv. Control of a system) • MMI Man Machine Interface • HMI Human Machine Interface A machine interface is just the layer that separates the user (human) from the machine (Computer).

Man vs. Human is simply a political issue.

EFM COM1 RS232 PC HMI Historical Database

EFM COM1 RS232 RADIO COM2 RS232 EFM EFM EFM EFM RADIO RS232 RS485/232 RS485 PC HMI Historical Database

EFM COM1 RS232 RADIO COM2 RS232 PC Host Program Historical Data Text Files Importer AES Server Real Time Data DDE HMI Software or Excel Historical Database EFM EFM EFM EFM RADIO RS232 RS485/232 RS485

EFM COM1 RS232 COM2 Fiber Con RS232 PC HMI Proprietary Historical Data Text Files Converter Importer AUTOSOL Server (Enron Mod) Real Time Data DDE Flow-Cal Edit Software Historical Database Historical Database EFM EFM EFM EFM Fiber Con RS485 RS485/232 RS232

SCADA / HMI Software

• Wonderware • Intellution • Lookout • Iconics • Software Horizons • I-SCADA • CiTech • SD-SCADA

76 Excel – The Poor mans HMI / MMI June, 2002

71 June, 2002

67 June, 2002

69 June, 2002

68 June, 2002

70 June, 2002

Well Station

Radio/Phone Modem PanelView Plus 600 HMI Port RS-232 I/O MicroLogix 1000/ 1200R/1500 SMC Flex Solid State Motor Controller with Pump Control Submersible Motor

Well Pump

Water Distribution SCADA System Architecture

Remote Sites Remote Booster Pump Station

Radio/Ethernet Ethernet Switch 1761-NET-ENI RS-232 PanelView Plus 600 Scanport 1769-L35 CompactLogix MicroLogix 1500 PowerFlex 70 VFD AC Motor

Booster Pump

PowerFlex 70 VFD AC Motor

Booster Pump Remote Tank / Tower Station

Site Security Options Radio/Ethernet IP Video Security Camera ID Card Reader Ethernet Switch PowerMonitor 3000 PanelView Plus 600 RS-232 I/O ENet to DNet Interface FVNR Starter with E3 Plus Overload Motion Sensor SLC-5/05 1769-L35 CompactLogix MicroLogix 1500 I/O Flow Meter DeviceNet SMC Dialogue Plus PowerFlex 70 VFD Local Control Panel 6/21/2004

Data Integrity

Data Integrity starts at Installation… Ends in Final Reports

Let’s Review

• Installation • Calibration • Certification • Hardware maintenance • Quality Data Downloads • Quality Data Transfers • Final Validation / Reporting Software

DATA INTEGRITY

Refers to the validity of data.

Data integrity can be compromised in a number of ways: Human errors when data is entered Errors that occur when data is transmitted to another computer Software bugs or viruses Hardware malfunctions, such as disk crashes Natural disasters, such as fires and floods There are many ways to minimize these threats to data integrity. These include: Backing up data regularly Controlling access to data via security mechanisms Designing user interfaces that prevent the input of invalid data Using error detection and correction software when transmitting data

EFM Validation Software

ABB WinCCU Enterprise • Flow-Cal CFX • Flow-Cal Transaction Queue • MBS##-Flow Automation • MIPS • PGAS 5.1 • PGAS XM • Quorum • Telvent GMAS • NuFlo ScanWin

Slide 1

Transcript Slide 1

SCADA Telecommunications Data Integrity

Michael L. Watson

Definitions

Modems

Modulation

Radios

Satellite

Telemetry Methods

Definitions

9600,8,N,1

…

Baud Rate

Parity

Checksum

CRC

Definitions

DTE to DCE

Bits and Bytes

Byte and word ordering

Byte and word ordering

Byte and word ordering

Big-Endian and Little-Endian

Common Big Endian file formats

Common Little Endian file formats

Protocol Defined

Native Protocols

Modbus Protocols

MODBUS Basics

MODBUS Basics

Data Types

Data Types - Integers

Data Types - Real Numbers

Numeric Data Types

Data Types - ASCII Strings

Time and Date Types

Time and Date Types

Enron MODBUS Basics • Register Addresses:

Enron MODBUS Basics

Enron MODBUS Basics

EFM Numeric Data Types

EFM String Data Types

Enron MODBUS Events

Enron MODBUS Events

Enron MODBUS History

Enron MODBUS History

DCS, SCADA, MMI, HMI What does it all mean?

SCADA / HMI Software

Data Integrity

Data Integrity starts at Installation… Ends in Final Reports

Let’s Review

DATA INTEGRITY

EFM Validation Software

Directory