Critical Operations DAC and SCADA Environment - #5

Critical Operations-related Data Acquisition and Control is the environment most resembling what has been traditionally called Supervisory Control and Data Acquisition (SCADA). It represents those messages between a substation and control center that are critical to legal, safe, and reliable power system operations.

Typical applications: Include monitoring and control of substations, pole-top devices, generation plants or distributed energy resources. These are the functions performed by operators in the daily operation or emergency recovery of the power system.

Characteristics: It is vital that these message exchanges not be tampered, monitored, or interfered with by unauthorized persons. Quality of service requirements are based around human reaction times. Configuration of the network changes often, and may vary widely. Could also include transfer of data that is high-volume and critical, such as configuration files or fault recordings.

Similar Environments: Critical Operations Data Acquisition and Control is very similar to Critical Operations Intra-Substation except that these exchanges take place between control centers and field equipment, rather than between substations.

Communication and Information Requirements that Define this Environment

Configuration Requirements

Support interactions between a few "clients" and many "servers"
Support interactions across widely distributed sites
Support compute-constrained and/or media constrained communications

Quality of Service Requirements

Provide high speed messaging of less than 1 second
Support high availability of information flows of 99.9+ (~9 hours)
Support time synchronization of data for age and time-skew information

Security Requirements

Provide Authorization Service for Access Control (resolving a policy-based access control decision to ensure authorized entities have appropriate access rights and authorized access is not denied)
Provide Information Integrity Service (data has not been subject to unauthorized changes or these unauthorized changes are detected)
Provide Audit Service (responsible for producing records, which track security relevant events)
Provide Credential Renewal Service (notify users prior to expiration of their credentials)
Provide Security Policy Service (concerned with the management of security policies)
Provide Single Sign-On Service (relieve an entity having successfully completed the act of authentication once from the need to participate in re-authentications upon subsequent accesses to managed resources for some reasonable period of time)
Provide User Profile and User Management (combination of several other security services)
Provide Security Discovery (the ability to determine what security services are available for use)

Network and System Management Requirements

Provide Network Management (management of media, transport, and communication nodes)
Provide System Management (management of end devices and applications)

Data Management Requirements

Support the management of large volumes of data flows
Support keeping the data up-to-date
Support extensive data validation procedures
Support timely access to data by multiple different users
Support management of data whose types can vary significantly in different implementations
Support specific standardized or de facto object models of data
Provide discovery service (discovering available services and their characteristics)
Provide conversion and protocol mapping