In the previous topic, we discussed the introduction and the basic components of an ICS, the design of an ICS, including whether a SCADA, DCS, or PLC-based topologies are used depends on many factors.
ICS System Design Considerations
This section identifies key factors that drive design decisions regarding the control, communication, reliability, and redundancy properties of the ICS. Because these factors heavily influence the design of the ICS, they will also help determine the security needs of the system.
Control Timing Requirements
ICS processes have a wide range of time-related requirements, including very high speed, consistency, regularity, and synchronization. Humans may not be able to reliably and consistently meet these requirements; automated controllers may be necessary.
Some systems may require the computation to be performed as close to the sensor and actuators as possible to reduce communication latency and perform necessary control actions on time.
Systems have varying degrees of distribution, ranging from a small system (e.g., local PLC controlled process) to large, distributed systems (e.g., oil pipelines, electric power grid).
Greater distribution typically implies a need for wide-area (e.g., leased lines, circuit switching, and packet switching) and mobile communication.
Supervisory control is used to provide a central location that can aggregate data from multiple locations to support control decisions based on the current state of the system.
Often a hierarchical/centralized control is used to provide human operators with a comprehensive view of the entire system.
Often control functions can be performed by simple controllers and preset algorithms. However, more complex systems (e.g., air traffic control) require human operators to ensure that all control actions are appropriate to meet the larger objectives of the system.
The system’s availability (i.e., reliability) requirements are also an important factor in design. Systems with strong availability/up-time requirements may require more redundancy or alternate implementations across all communication and control.
Impact of Failures
The failure of a control function could incur substantially different impacts across domains. Systems with greater impacts often require the ability to continue operations through redundant controls, or the ability to operate in a degraded state. The design needs to address these requirements.
The system’s safety requirements are also an important factor in design. Systems must be able to detect unsafe conditions and trigger actions to reduce unsafe conditions to safe ones. In most safety-critical operations, human oversight and control of a potentially dangerous process is an essential part of the safety system.
Reference: National Institute of Standards and Technology Special Publication 800-82, Revision
- Instrumentation Design
- Types of System Architecture
- Automation and Control System
- System Reference Model
- System Remote Connectivity