--- id: wiki-2026-0508-scada title: SCADA category: 10_Wiki/Topics status: verified canonical_id: self aliases: [Supervisory Control and Data Acquisition, ICS SCADA] duplicate_of: none source_trust_level: A confidence_score: 0.9 verification_status: applied tags: [scada, ot, ics, security, industrial] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: Python framework: OPC-UA / Modbus --- # SCADA ## 매 한 줄 > **"매 plant floor 의 control plane — 매 sensor → PLC → HMI → historian 의 closed loop"**. 매 1960s mainframe-based supervisory system 으로 출발 → 매 2026 cloud-connected IoT/OT 플랫폼 (AWS IoT SiteWise, Azure Digital Twins) 으로 진화. 매 critical infrastructure (power grid, water, oil&gas) 의 backbone — 매 Stuxnet/Colonial Pipeline 사태 이후 OT cybersecurity 가 국가 안보 의제. ## 매 핵심 ### 매 Architecture stack - **Field layer**: sensors, actuators, RTU (Remote Terminal Unit). - **Control layer**: PLC (Programmable Logic Controller) — Allen-Bradley, Siemens S7, Schneider M580. - **Supervisory layer**: SCADA server, HMI (Human-Machine Interface), historian (OSIsoft PI, AVEVA). - **Enterprise layer**: MES → ERP → cloud analytics. ### 매 Protocols - **Legacy**: Modbus (TCP/RTU), DNP3, IEC 60870-5-104, Profibus. - **Modern**: OPC UA (TLS-secured, pub-sub), MQTT Sparkplug B. - **Time-sync**: PTP (IEEE 1588) for sub-microsecond. ### 매 응용 1. Power grid SCADA (transmission, distribution automation). 2. Water/wastewater treatment. 3. Oil & gas pipeline monitoring. 4. Manufacturing (steel, semiconductors, pharma). 5. Smart building / HVAC. ## 💻 패턴 ### Modbus TCP read (Python pymodbus) ```python from pymodbus.client import ModbusTcpClient client = ModbusTcpClient('192.168.1.10', port=502) client.connect() # Read 10 holding registers from address 0 result = client.read_holding_registers(address=0, count=10, slave=1) if not result.isError(): print(f"Pressure (bar): {result.registers[0] / 100.0}") client.close() ``` ### OPC UA secure client (asyncua) ```python import asyncio from asyncua import Client async def main(): url = "opc.tcp://plant-scada:4840" async with Client(url=url) as client: await client.set_security_string( "Basic256Sha256,SignAndEncrypt,cert.pem,key.pem" ) node = client.get_node("ns=2;s=Reactor1.Temperature") async for msg in node.subscribe_data_change(): print(msg) asyncio.run(main()) ``` ### MQTT Sparkplug B publish ```python import paho.mqtt.client as mqtt from sparkplug_b import getNodeBirthPayload, addMetric, MetricDataType client = mqtt.Client("EdgeNode1") client.tls_set("ca.crt") client.connect("broker.plant.local", 8883) payload = getNodeBirthPayload() addMetric(payload, "Temp", None, MetricDataType.Float, 72.3) client.publish("spBv1.0/Plant1/NBIRTH/Edge1", payload.SerializeToString()) ``` ### Anomaly detection on historian stream ```python from river import anomaly # online learning detector = anomaly.HalfSpaceTrees(seed=42, n_trees=25) for ts, val in historian_stream("Boiler.Pressure"): score = detector.score_one({"v": val}) if score > 0.85: alert(f"Anomaly @ {ts}: {val} (score={score:.2f})") detector.learn_one({"v": val}) ``` ### PLC-to-cloud bridge (AWS IoT SiteWise) ```python import boto3 sitewise = boto3.client("iotsitewise") sitewise.batch_put_asset_property_value(entries=[{ "entryId": "e1", "assetId": ASSET_ID, "propertyId": PROP_ID, "propertyValues": [{ "value": {"doubleValue": 72.3}, "timestamp": {"timeInSeconds": int(time.time())}, "quality": "GOOD", }] }]) ``` ### Network segmentation (Purdue model) ```yaml # Level 0-1: field/control — air-gapped or unidirectional # Level 2: SCADA/HMI — restricted VLAN # Level 3: site operations (MES) — DMZ between OT/IT # Level 3.5: OT DMZ — data diode, jump host # Level 4-5: enterprise IT — firewall enforced ``` ## 매 결정 기준 | 상황 | Approach | |---|---| | Greenfield critical infra | OPC UA + Sparkplug B + zero-trust | | Brownfield Modbus plant | Protocol gateway (Kepware, HighByte) | | Cloud analytics needed | AWS SiteWise / Azure Digital Twins via data diode | | Sub-ms control loop | Keep on-prem PLC, no cloud | **기본값**: OPC UA over TLS + MQTT Sparkplug B + Purdue segmentation. ## 🔗 Graph - 부모: [[Industrial-IoT]] - 응용: [[Predictive Maintenance]] - Adjacent: [[Digital Twin]] · [[Edge Computing|Edge-Computing]] ## 🤖 LLM 활용 **언제**: alarm summarization, anomaly RCA from historian text, operator copilot for procedure lookup. **언제 X**: closed-loop control (latency, safety, determinism — never let LLM directly actuate). ## ❌ 안티패턴 - **Flat network**: SCADA on same VLAN as office IT — Stuxnet/Colonial Pipeline pattern. - **Default creds**: PLC web UI with admin/admin exposed to internet (Shodan-discoverable). - **Patching frozen**: "we can't patch, plant runs 24/7" — schedule maintenance windows. - **Cloud as primary control**: cloud should be observability/analytics, not safety-critical actuation. ## 🧪 검증 / 중복 - Verified (NIST SP 800-82r3, IEC 62443, OPC Foundation). - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — SCADA architecture, protocols, OT security patterns |