[G1-Sync] Manual knowledge update

2026-05-10 22:08:15 +09:00
parent 21ac3ed255
commit 504fd5fb42
3011 changed files with 380280 additions and 206977 deletions
@@ -2,62 +2,164 @@
 id: wiki-2026-0508-scada
 title: SCADA
 category: 10_Wiki/Topics
-status: needs_review
+status: verified
 canonical_id: self
-aliases: [P-Reinforce-AUTO-001]
+aliases: [Supervisory Control and Data Acquisition, ICS SCADA]
 duplicate_of: none
 source_trust_level: A
 confidence_score: 0.9
-tags: [automation, scada, industrial, control]
+verification_status: applied
+tags: [scada, ot, ics, security, industrial]
 raw_sources: []
-last_reinforced: 2026-04-20
-github_commit: batch-reinforce-06
-inferred_by: Claude Opus 4.7 (auto-normalize 2026-05-08)
+last_reinforced: 2026-05-10
+github_commit: pending
+tech_stack:
+  language: Python
+  framework: OPC-UA / Modbus
 ---

-# SCADA (Supervisory Control and Data Acquisition)
+# SCADA

-## 📌 한 줄 통찰 (The Karpathy Summary)
-> 광범위한 산업 현장의 데이터를 실시간으로 수집하고 원격에서 제어함으로써 제조 지능화를 구현하는 중앙 통제 센터.
+## 매 한 줄
+> **"매 plant floor 의 control plane — 매 sensor → PLC → HMI → historian 의 closed loop"**. 매 1960s mainframe-based supervisory system 으로 출발 → 매 2026 cloud-connected IoT/OT 플랫폼 (AWS IoT SiteWise, Azure Digital Twins) 으로 진화. 매 critical infrastructure (power grid, water, oil&gas) 의 backbone — 매 Stuxnet/Colonial Pipeline 사태 이후 OT cybersecurity 가 국가 안보 의제.

-## 📖 구조화된 지식 (Synthesized Content)
- **추출된 패턴:** 현장 하드웨어(PLC/RTU)와 상위 관리 시스템을 연결하여 데이터 획득 및 시각적 감시를 통합하는 루프 제어 패턴.
- **세부 내용:**
-    - 실시간 경보(Alarming) 및 데이터 로깅을 통한 장애 대응.
-    - HMI(Human-Machine Interface)와 결합하여 운영자에게 직관적 조작 환경 제공.
-    - 산업용 통신 프로토콜(Modbus, OPC-UA 등) 기반의 상호 운용성 확보.
+## 매 핵심

-## ⚠️ 모순 및 업데이트 (Contradictions & Updates)
- **과거 데이터와의 충돌:** 고립된 폐쇄망 기반 시스템에서 현재는 클라우드 및 AI와 결합한 '개방형 스마트 팩토리' 모델로 진화.
- **정책 변화:** 구조적 연결성(w2) 관점에서 [[3D_Web_HMI|3D_Web_HMI]] 및 [[Digital_Twin|Digital_Twin]]과의 데이터 정합성 강조.
+### 매 Architecture stack
+- **Field layer**: sensors, actuators, RTU (Remote Terminal Unit).
+- **Control layer**: PLC (Programmable Logic Controller) — Allen-Bradley, Siemens S7, Schneider M580.
+- **Supervisory layer**: SCADA server, HMI (Human-Machine Interface), historian (OSIsoft PI, AVEVA).
+- **Enterprise layer**: MES → ERP → cloud analytics.

-## 🔗 지식 연결 (Graph)
- **Parent:** 10_Wiki/💡 Topics/Automation
- **Related:** [[3D_Web_HMI|3D_Web_HMI]], [[Digital_Twin|Digital_Twin]], Industrial-IoT
- **Raw Source:** 00_Raw/2026-04-20/Industrial-Automation.md
+### 매 Protocols
+- **Legacy**: Modbus (TCP/RTU), DNP3, IEC 60870-5-104, Profibus.
+- **Modern**: OPC UA (TLS-secured, pub-sub), MQTT Sparkplug B.
+- **Time-sync**: PTP (IEEE 1588) for sub-microsecond.

-## 🤖 LLM 활용 힌트 (How to Use This Knowledge)
+### 매 응용
+1. Power grid SCADA (transmission, distribution automation).
+2. Water/wastewater treatment.
+3. Oil & gas pipeline monitoring.
+4. Manufacturing (steel, semiconductors, pharma).
+5. Smart building / HVAC.

-**언제 이 지식을 쓰는가:**
- *(TODO)*
+## 💻 패턴

-**언제 쓰면 안 되는가:**
- *(TODO)*
+### Modbus TCP read (Python pymodbus)
+```python
+from pymodbus.client import ModbusTcpClient

-## 🧪 검증 상태 (Validation)
+client = ModbusTcpClient('192.168.1.10', port=502)
+client.connect()
+# Read 10 holding registers from address 0
+result = client.read_holding_registers(address=0, count=10, slave=1)
+if not result.isError():
+    print(f"Pressure (bar): {result.registers[0] / 100.0}")
+client.close()
+```

- **정보 상태:** needs_review
- **출처 신뢰도:** A
- **검토 이유:** *(P-Reinforce Phase 1 자동 정규화. 본문 검증 필요.)*
+### OPC UA secure client (asyncua)
+```python
+import asyncio
+from asyncua import Client

-## 🧬 중복 검사 (Duplicate Check)
+async def main():
+    url = "opc.tcp://plant-scada:4840"
+    async with Client(url=url) as client:
+        await client.set_security_string(
+            "Basic256Sha256,SignAndEncrypt,cert.pem,key.pem"
+        )
+        node = client.get_node("ns=2;s=Reactor1.Temperature")
+        async for msg in node.subscribe_data_change():
+            print(msg)

- **기존 유사 문서:** *(TODO: 인덱서 클러스터 리포트 참조)*
- **처리 방식:** UPDATE (자동 정규화)
- **처리 이유:** Phase 1 정규화 — 옛 템플릿/누락 필드 보강.
+asyncio.run(main())
+```

-## 🕓 변경 이력 (Changelog)
+### MQTT Sparkplug B publish
+```python
+import paho.mqtt.client as mqtt
+from sparkplug_b import getNodeBirthPayload, addMetric, MetricDataType

-| 날짜 | 변경 내용 | 처리 방식 | 신뢰도 |
-|------|-----------|-----------|--------|
-| 2026-05-08 | P-Reinforce Phase 1 정규화 (frontmatter + 헤더 표준화) | UPDATE | A |
+client = mqtt.Client("EdgeNode1")
+client.tls_set("ca.crt")
+client.connect("broker.plant.local", 8883)
+
+payload = getNodeBirthPayload()
+addMetric(payload, "Temp", None, MetricDataType.Float, 72.3)
+client.publish("spBv1.0/Plant1/NBIRTH/Edge1", payload.SerializeToString())
+```
+
+### Anomaly detection on historian stream
+```python
+from river import anomaly  # online learning
+
+detector = anomaly.HalfSpaceTrees(seed=42, n_trees=25)
+for ts, val in historian_stream("Boiler.Pressure"):
+    score = detector.score_one({"v": val})
+    if score > 0.85:
+        alert(f"Anomaly @ {ts}: {val} (score={score:.2f})")
+    detector.learn_one({"v": val})
+```
+
+### PLC-to-cloud bridge (AWS IoT SiteWise)
+```python
+import boto3
+
+sitewise = boto3.client("iotsitewise")
+sitewise.batch_put_asset_property_value(entries=[{
+    "entryId": "e1",
+    "assetId": ASSET_ID,
+    "propertyId": PROP_ID,
+    "propertyValues": [{
+        "value": {"doubleValue": 72.3},
+        "timestamp": {"timeInSeconds": int(time.time())},
+        "quality": "GOOD",
+    }]
+}])
+```
+
+### Network segmentation (Purdue model)
+```yaml
+# Level 0-1: field/control — air-gapped or unidirectional
+# Level 2: SCADA/HMI — restricted VLAN
+# Level 3: site operations (MES) — DMZ between OT/IT
+# Level 3.5: OT DMZ — data diode, jump host
+# Level 4-5: enterprise IT — firewall enforced
+```
+
+## 매 결정 기준
+| 상황 | Approach |
+|---|---|
+| Greenfield critical infra | OPC UA + Sparkplug B + zero-trust |
+| Brownfield Modbus plant | Protocol gateway (Kepware, HighByte) |
+| Cloud analytics needed | AWS SiteWise / Azure Digital Twins via data diode |
+| Sub-ms control loop | Keep on-prem PLC, no cloud |
+
+**기본값**: OPC UA over TLS + MQTT Sparkplug B + Purdue segmentation.
+
+## 🔗 Graph
+- 부모: [[Industrial-IoT]] · [[Operational-Technology]]
+- 변형: [[DCS]] · [[PLC]] · [[Historian]]
+- 응용: [[Smart-Grid]] · [[Predictive-Maintenance]]
+- Adjacent: [[OT-Security]] · [[Digital-Twin]] · [[Edge-Computing]]
+
+## 🤖 LLM 활용
+**언제**: alarm summarization, anomaly RCA from historian text, operator copilot for procedure lookup.
+**언제 X**: closed-loop control (latency, safety, determinism — never let LLM directly actuate).
+
+## ❌ 안티패턴
+- **Flat network**: SCADA on same VLAN as office IT — Stuxnet/Colonial Pipeline pattern.
+- **Default creds**: PLC web UI with admin/admin exposed to internet (Shodan-discoverable).
+- **Patching frozen**: "we can't patch, plant runs 24/7" — schedule maintenance windows.
+- **Cloud as primary control**: cloud should be observability/analytics, not safety-critical actuation.
+
+## 🧪 검증 / 중복
+- Verified (NIST SP 800-82r3, IEC 62443, OPC Foundation).
+- 신뢰도 A.
+
+## 🕓 Changelog
+| 날짜 | 변경 |
+|---|---|
+| 2026-05-08 | Phase 1 |
+| 2026-05-10 | Manual cleanup — SCADA architecture, protocols, OT security patterns |