2nd/10_Wiki/Topics/AI_and_ML/SCADA.md

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack

id	title	category	status	canonical_id	aliases	duplicate_of	source_trust_level	confidence_score	verification_status	tags	raw_sources	last_reinforced	github_commit	tech_stack
wiki-2026-0508-scada	SCADA	10_Wiki/Topics	verified	self	Supervisory Control and Data Acquisition ICS SCADA	none	A	0.9	applied	scada ot ics security industrial		2026-05-10	pending	language framework Python OPC-UA / Modbus

SCADA

매 한 줄

"매 plant floor 의 control plane — 매 sensor → PLC → HMI → historian 의 closed loop". 매 1960s mainframe-based supervisory system 으로 출발 → 매 2026 cloud-connected IoT/OT 플랫폼 (AWS IoT SiteWise, Azure Digital Twins) 으로 진화. 매 critical infrastructure (power grid, water, oil&gas) 의 backbone — 매 Stuxnet/Colonial Pipeline 사태 이후 OT cybersecurity 가 국가 안보 의제.

매 핵심

매 Architecture stack

• Field layer: sensors, actuators, RTU (Remote Terminal Unit).
• Control layer: PLC (Programmable Logic Controller) — Allen-Bradley, Siemens S7, Schneider M580.
• Supervisory layer: SCADA server, HMI (Human-Machine Interface), historian (OSIsoft PI, AVEVA).
• Enterprise layer: MES → ERP → cloud analytics.

매 Protocols

• Legacy: Modbus (TCP/RTU), DNP3, IEC 60870-5-104, Profibus.
• Modern: OPC UA (TLS-secured, pub-sub), MQTT Sparkplug B.
• Time-sync: PTP (IEEE 1588) for sub-microsecond.

매 응용

1. Power grid SCADA (transmission, distribution automation).
2. Water/wastewater treatment.
3. Oil & gas pipeline monitoring.
4. Manufacturing (steel, semiconductors, pharma).
5. Smart building / HVAC.

💻 패턴

Modbus TCP read (Python pymodbus)

from pymodbus.client import ModbusTcpClient

client = ModbusTcpClient('192.168.1.10', port=502)
client.connect()
# Read 10 holding registers from address 0
result = client.read_holding_registers(address=0, count=10, slave=1)
if not result.isError():
    print(f"Pressure (bar): {result.registers[0] / 100.0}")
client.close()

OPC UA secure client (asyncua)

import asyncio
from asyncua import Client

async def main():
    url = "opc.tcp://plant-scada:4840"
    async with Client(url=url) as client:
        await client.set_security_string(
            "Basic256Sha256,SignAndEncrypt,cert.pem,key.pem"
        )
        node = client.get_node("ns=2;s=Reactor1.Temperature")
        async for msg in node.subscribe_data_change():
            print(msg)

asyncio.run(main())

MQTT Sparkplug B publish

import paho.mqtt.client as mqtt
from sparkplug_b import getNodeBirthPayload, addMetric, MetricDataType

client = mqtt.Client("EdgeNode1")
client.tls_set("ca.crt")
client.connect("broker.plant.local", 8883)

payload = getNodeBirthPayload()
addMetric(payload, "Temp", None, MetricDataType.Float, 72.3)
client.publish("spBv1.0/Plant1/NBIRTH/Edge1", payload.SerializeToString())

Anomaly detection on historian stream

from river import anomaly  # online learning

detector = anomaly.HalfSpaceTrees(seed=42, n_trees=25)
for ts, val in historian_stream("Boiler.Pressure"):
    score = detector.score_one({"v": val})
    if score > 0.85:
        alert(f"Anomaly @ {ts}: {val} (score={score:.2f})")
    detector.learn_one({"v": val})

PLC-to-cloud bridge (AWS IoT SiteWise)

import boto3

sitewise = boto3.client("iotsitewise")
sitewise.batch_put_asset_property_value(entries=[{
    "entryId": "e1",
    "assetId": ASSET_ID,
    "propertyId": PROP_ID,
    "propertyValues": [{
        "value": {"doubleValue": 72.3},
        "timestamp": {"timeInSeconds": int(time.time())},
        "quality": "GOOD",
    }]
}])

Network segmentation (Purdue model)

# Level 0-1: field/control — air-gapped or unidirectional
# Level 2: SCADA/HMI — restricted VLAN
# Level 3: site operations (MES) — DMZ between OT/IT
# Level 3.5: OT DMZ — data diode, jump host
# Level 4-5: enterprise IT — firewall enforced

매 결정 기준

상황	Approach
Greenfield critical infra	OPC UA + Sparkplug B + zero-trust
Brownfield Modbus plant	Protocol gateway (Kepware, HighByte)
Cloud analytics needed	AWS SiteWise / Azure Digital Twins via data diode
Sub-ms control loop	Keep on-prem PLC, no cloud

기본값: OPC UA over TLS + MQTT Sparkplug B + Purdue segmentation.

🔗 Graph

• 부모: Industrial-IoT
• 응용: Predictive Maintenance
• Adjacent: Digital Twin · Edge Computing

🤖 LLM 활용

언제: alarm summarization, anomaly RCA from historian text, operator copilot for procedure lookup. 언제 X: closed-loop control (latency, safety, determinism — never let LLM directly actuate).

❌ 안티패턴

• Flat network: SCADA on same VLAN as office IT — Stuxnet/Colonial Pipeline pattern.
• Default creds: PLC web UI with admin/admin exposed to internet (Shodan-discoverable).
• Patching frozen: "we can't patch, plant runs 24/7" — schedule maintenance windows.
• Cloud as primary control: cloud should be observability/analytics, not safety-critical actuation.

🧪 검증 / 중복

• Verified (NIST SP 800-82r3, IEC 62443, OPC Foundation).
• 신뢰도 A.

🕓 Changelog

날짜	변경
2026-05-08	Phase 1
2026-05-10	Manual cleanup — SCADA architecture, protocols, OT security patterns