bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/AI_and_ML/SCADA.md
T
koriweb d8a80f6272 chore(wiki): dangling 링크 canonical 정규화 (768파일/1200건) 
이름만 다른(표기 변형) [[위키링크]]를 대상 문서의 canonical 제목으로 치환해
끊겼던 1,200개 링크를 연결. 제목/파일명 정규화 일치만 적용하고 별칭 매칭은
과병합 위험으로 제외(애매성 가드). 원본은 _link_reconcile_backup/ 에 백업.
도구: Datacollect/scripts/link_reconcile_apply.mjs

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 12:24:15 +09:00

165 lines
5.3 KiB
Markdown
Raw Blame History

---
id: wiki-2026-0508-scada
title: SCADA
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Supervisory Control and Data Acquisition, ICS SCADA]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [scada, ot, ics, security, industrial]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: Python
framework: OPC-UA / Modbus
---
# SCADA
## 매 한 줄
> **"매 plant floor 의 control plane — 매 sensor → PLC → HMI → historian 의 closed loop"**. 매 1960s mainframe-based supervisory system 으로 출발 → 매 2026 cloud-connected IoT/OT 플랫폼 (AWS IoT SiteWise, Azure Digital Twins) 으로 진화. 매 critical infrastructure (power grid, water, oil&gas) 의 backbone — 매 Stuxnet/Colonial Pipeline 사태 이후 OT cybersecurity 가 국가 안보 의제.
## 매 핵심
### 매 Architecture stack
- **Field layer**: sensors, actuators, RTU (Remote Terminal Unit).
- **Control layer**: PLC (Programmable Logic Controller) — Allen-Bradley, Siemens S7, Schneider M580.
- **Supervisory layer**: SCADA server, HMI (Human-Machine Interface), historian (OSIsoft PI, AVEVA).
- **Enterprise layer**: MES → ERP → cloud analytics.
### 매 Protocols
- **Legacy**: Modbus (TCP/RTU), DNP3, IEC 60870-5-104, Profibus.
- **Modern**: OPC UA (TLS-secured, pub-sub), MQTT Sparkplug B.
- **Time-sync**: PTP (IEEE 1588) for sub-microsecond.
### 매 응용
1. Power grid SCADA (transmission, distribution automation).
2. Water/wastewater treatment.
3. Oil & gas pipeline monitoring.
4. Manufacturing (steel, semiconductors, pharma).
5. Smart building / HVAC.
## 💻 패턴
### Modbus TCP read (Python pymodbus)
```python
from pymodbus.client import ModbusTcpClient
client = ModbusTcpClient('192.168.1.10', port=502)
client.connect()
# Read 10 holding registers from address 0
result = client.read_holding_registers(address=0, count=10, slave=1)
if not result.isError():
print(f"Pressure (bar): {result.registers[0] / 100.0}")
client.close()
```
### OPC UA secure client (asyncua)
```python
import asyncio
from asyncua import Client
async def main():
url = "opc.tcp://plant-scada:4840"
async with Client(url=url) as client:
await client.set_security_string(
"Basic256Sha256,SignAndEncrypt,cert.pem,key.pem"
)
node = client.get_node("ns=2;s=Reactor1.Temperature")
async for msg in node.subscribe_data_change():
print(msg)
asyncio.run(main())
```
### MQTT Sparkplug B publish
```python
import paho.mqtt.client as mqtt
from sparkplug_b import getNodeBirthPayload, addMetric, MetricDataType
client = mqtt.Client("EdgeNode1")
client.tls_set("ca.crt")
client.connect("broker.plant.local", 8883)
payload = getNodeBirthPayload()
addMetric(payload, "Temp", None, MetricDataType.Float, 72.3)
client.publish("spBv1.0/Plant1/NBIRTH/Edge1", payload.SerializeToString())
```
### Anomaly detection on historian stream
```python
from river import anomaly # online learning
detector = anomaly.HalfSpaceTrees(seed=42, n_trees=25)
for ts, val in historian_stream("Boiler.Pressure"):
score = detector.score_one({"v": val})
if score > 0.85:
alert(f"Anomaly @ {ts}: {val} (score={score:.2f})")
detector.learn_one({"v": val})
```
### PLC-to-cloud bridge (AWS IoT SiteWise)
```python
import boto3
sitewise = boto3.client("iotsitewise")
sitewise.batch_put_asset_property_value(entries=[{
"entryId": "e1",
"assetId": ASSET_ID,
"propertyId": PROP_ID,
"propertyValues": [{
"value": {"doubleValue": 72.3},
"timestamp": {"timeInSeconds": int(time.time())},
"quality": "GOOD",
}]
}])
```
### Network segmentation (Purdue model)
```yaml
# Level 0-1: field/control — air-gapped or unidirectional
# Level 2: SCADA/HMI — restricted VLAN
# Level 3: site operations (MES) — DMZ between OT/IT
# Level 3.5: OT DMZ — data diode, jump host
# Level 4-5: enterprise IT — firewall enforced
```
## 매 결정 기준
| 상황 | Approach |
|---|---|
| Greenfield critical infra | OPC UA + Sparkplug B + zero-trust |
| Brownfield Modbus plant | Protocol gateway (Kepware, HighByte) |
| Cloud analytics needed | AWS SiteWise / Azure Digital Twins via data diode |
| Sub-ms control loop | Keep on-prem PLC, no cloud |
**기본값**: OPC UA over TLS + MQTT Sparkplug B + Purdue segmentation.
## 🔗 Graph
- 부모: [[Industrial-IoT]]
- 응용: [[Predictive Maintenance]]
- Adjacent: [[Digital Twin]] · [[Edge Computing|Edge-Computing]]
## 🤖 LLM 활용
**언제**: alarm summarization, anomaly RCA from historian text, operator copilot for procedure lookup.
**언제 X**: closed-loop control (latency, safety, determinism — never let LLM directly actuate).
## ❌ 안티패턴
- **Flat network**: SCADA on same VLAN as office IT — Stuxnet/Colonial Pipeline pattern.
- **Default creds**: PLC web UI with admin/admin exposed to internet (Shodan-discoverable).
- **Patching frozen**: "we can't patch, plant runs 24/7" — schedule maintenance windows.
- **Cloud as primary control**: cloud should be observability/analytics, not safety-critical actuation.
## 🧪 검증 / 중복
- Verified (NIST SP 800-82r3, IEC 62443, OPC Foundation).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — SCADA architecture, protocols, OT security patterns |
Reference in New Issue View Git Blame Copy Permalink