RTU

Manufactured by ABB, the leader in automation and energy systems, ABB RTUs are modular, reliable and advanced products with advanced features.

ABB RTUs are designed from the ground up with powerful and flexible cyber security features that enable secure communication over any network.

The ABB RTU500 series is known as a SCADA system that transmits information from the physical power grid designed to meet transmission and distribution automation requirements with the most efficient solutions.

Easily realizable with a complete set of functional and hardware features, the RTU500 series is the proven software tool that provides greater flexibility, cost savings and can be quickly designed according to needs.

ABB RTUs are produced in 3 different series according to their features and capacities.

1. RTU520: ABB RTU520 series is designed for small scale projects. Common areas of use are power generation plants such as SPP, WPP, GPP, substation automation and process automation.

IO cards of this series can be used by processors of other series. I/O cards have expandable input and output points. At standard level, there are 1 RS-232, 2 RS-485 and 1 Ethernet port on the CPU.

2. RTU540: ABB RTU540 series RTUs are designed for medium-sized projects. Their primary areas of use are substations, power generation plants, infrastructure facilities, pumping stations, transportation systems and similar applications.

They are also used in TEİAŞ RTU projects where redundancy is not required.

RTU520 series I/O processor cards can be easily added to the I/O processors of RTU540 series RTUs.

3. RTU560: ABB RTU560 series RTUs are designed for large-scale applications or applications requiring redundancy. Common applications include power transmission and distribution systems, rail systems, petrochemical plants and transportation systems.

RTU560 series RTUs provide full compliance with TEİAŞ RTU specifications.

In addition, the rack type RTU560 series can also be used in application areas that require hot-swap (the ability to remove and install the card without disconnecting the power) and Redundancy (redundancy).

RTU LICENSE SELECTION

The desired features in ABB RTUs are provided by license cards that can be installed in RTUs. All RTU licenses support the specified communication protocols and can convert from one protocol to another as a gateway.

License cards can be supplied in 3 different types as Basic, PLC/Archiving and HMI (Human Machine Interface) according to functions and capacities and between 50 Tag and 5.000 Tag capacity.

While the developments in information and communication technologies have made our lives easier, they have introduced us to a problem that was not in our lives before: Cyber threat! The systems we designed and used to make our lives easier suddenly turned into a threat and we started to come up with ideas and solutions on how to protect ourselves. These attacks, which initially manifested themselves as simple problems, turned into very complex and expensive attacks over time and we started to realize what kind of monster we had given birth to. Unfortunately, we still haven’t been able to grasp exactly what the threat is.

New titles are being added to the concept of cyber threat day by day. It should not be a prophecy to say that many more new concepts will be added to this list. As long as the development in communication technologies and information systems does not stop, which does not seem to stop, the threat will continue to increase.

In the information age, to talk about staying out of the developments, creating a closed model, not using products developed by others, abandoning integrated systems and returning to autonomous structures would be to push the country behind the times and expect it to give up its claim to be a leading country. The best approach would be to approach cyber threats with the seriousness required by the subject, without making paranoia and conspiracy theories the justification, to analyze possible risks in a healthy way and prepare action plans, and to take part in global competition without taking the easy way out. The IT world, which is a huge sector where the young minds of the country can be easily directed, will also be one of the engine elements of development.

Although the threat is cyber, one of the most important types is physical access and natural threats. First of all, the physical security of the places where information systems are kept must be ensured. Measures to be taken for both malicious access (direct access, sabotage, man-made threats such as cutting energy systems and fiber infrastructure and even bombing) and natural disasters such as earthquakes, fires, floods, etc. are the first steps to be taken to prevent cyber threats. For this purpose, special buildings should be constructed, energy and fiber infrastructures should be installed with route redundancy, and systems located in different geographies that can back each other up live should be created. Of course, a harmony should be sought between the measures to be taken and the existing risk. However, it should never be forgotten that the most important threat before us is the “nothing will happen to me” approach.

The goal of a cyber attack can be categorized under many different headings such as stopping a system, using it for malicious purposes, stealing data, monitoring what is happening, copying systems, etc. The easiest way to achieve these goals is to become a system administrator. The second most important measure to be taken against cyber threats are approaches to eliminate internal attack threats with reliable people, auditable systems, effective monitoring and reporting, and distributed use of authority. Today, the most important cyber threat is still internal attacks. This is true both in terms of the number of incidents and the damage caused. It should never be forgotten that today’s authorities will be the unauthorized of the future.

As in Ziya Gökalp’s story Yüksek Ökçeler, the approach of let them do whatever they want and not give me a headache should be abandoned. Especially in critical systems, the IT manager and the cyber security manager should be completely independent and co-authorized administrators. While the IT manager controls and manages all information systems, he should not be authorized to intervene in security systems. Likewise, the security administrator should not have the authority to interfere with IT systems. In addition to all these, it should not be forgotten that an uncontrolled system is open to all kinds of abuse. One of the most effective ways against possible internal threats is independent external audits. Here, it is important that the auditor is not selected by IT and/or cyber security managers, but is competent and authorized in the field. In addition, planning these studies in the form of sudden audits will yield more effective results.

Threats from access sources are another consideration. There are many codes such as viruses, spyware, trojans, ransomware, etc. prepared for this purpose. Measures that can be taken against all these are ready to use with continuous updates. The most important point to be considered here is to keep these software constantly updated. Malware does its greatest damage after a certain period of time has passed rather than when it is released. The main reason for this is the neglect of updates. In addition to such software, system designs should also take into account attacks classified as piracy. Malicious software uses vulnerabilities in systems to gain access and achieve their goals. These vulnerabilities are sometimes caused by system settings and sometimes by the operating system, database or application software used. In addition to updates, the most important measure to be taken for such vulnerabilities is to test the systems with non-malicious attacks and close the vulnerabilities found.

The measures to be taken for infrastructures to be classified as critical systems should be even more radical. Information and systems that should be kept secret by the state, military systems, nuclear power plants or similar critical facilities, infrastructures such as energy, water, natural gas networks and sensitive infrastructures such as banking should be evaluated in a different category. All software, access and security infrastructures and SCADA systems should be designed by considering the possibility of back doors. Efforts to use national software and systems in such infrastructures should be planned and steps should be taken quickly. It should even be ensured that the fiber network over which these systems operate is independent. As in the case of Germany and Russia, the use of common software in such systems should be prevented and controllable solutions should be popularized. Open source codes offer a wide range of opportunities for these studies. Using products prepared in this field alone will not be sufficient. Staff who are familiar with all the codes of these software should be formed and a living and developing structure should be created by modeling sustainability. In case of possible sabotage, tests should be conducted by an organization completely independent of the developer and the relevant software should be put into use after this stage. Another work that needs to be done for cyber sabotage is the preparation of disaster scenarios and the preparation of emergency action plans and drills to ensure the autonomous operation of systems.

Cloud applications, which have been on our agenda in recent years, should also be evaluated. Some data should be prevented from being stored in the cloud, while a national cloud infrastructure should be created for some cases. Studies should be carried out on the encryption to be used in cloud configuration and national algorithms should be developed if possible. There is no point in knowing who the culprit is after an incident has occurred. The damage is the same no matter who the culprit is.

The steps to be taken while planning the country’s cyber defense should also be evaluated. The country’s internet and communication entrances should be kept under control and necessary preventive investments should be made for all attacks, from traffic blocking attacks such as dDos to piracy and sabotage attacks. In addition, the approach that the most important defense is attack should be taken into account and the country’s ability to conduct cyber attacks should be improved. Controlled cyber-attack elements will serve as a deterrent to possible systematic attacks from other countries.

Finally, if we are to talk about cyber security in the real sense, raising awareness of users is a basic necessity. Simple passwords chosen, insecure site visits, random memory usage, carelessness, etc. make all the measures taken meaningless. User diligence is a prerequisite for any security system and we need to raise awareness starting from primary school age.

Dozens of small omissions, such as people keeping critical information in a generic mail system, keeping e-mails in these systems for easy access, most of which are not looked at a second time, going online in insecure environments, not having a screen protection password on computers, opening folders to sharing, not backing up information periodically, have caused and will continue to cause major problems. We need to stop being a society that gets wise when the problem happens to itself, instead of learning from it.

Both the scandals around the world and the realities we had to face, especially after the July 15 invasion attempt, raised awareness about cyber threats. The fact that one of the first arrestees was in the IT department of the Prime Ministry showed how serious an issue we are talking about. This awareness must be kept alive. As we see that IT managers still decide on security investments, we think that lessons have not been learned from what happened. The steps to be taken regarding security investments are strategic and concern senior management. Thanks to this approach, which will free IT managers from blame, we will have more secure systems. Our cyber defense infrastructure should be strengthened and continuously fortified, starting from the national level, with planning that should be done gradually, starting with institutions, the private sector and even individuals.

With the rapid advancement of technology from the past to the present, the production and operation process of products has also begun to change in parallel. As the processes and products to be developed are processed in a “smart” and customer-focused manner according to the needs of the customers, the solutions are expected to be faster and more reliable in order to meet these needs within a competitive environment. This complex system that emerged has prompted the question of integrating fundamental elements involved in the process with the internet, mobile devices, sensors, and other smart devices. As a result, the development of small, medium, and large-scale control systems has accelerated.

In today’s world, industrial applications and automations operate through control systems. An Industrial Control System (ICS) defines a general control system that plays a fundamental role in system setups that utilize distributed control systems (DCS), SCADA (Supervisory Control and Data Acquisition) systems, and programmable logic controllers (PLC). The primary goal in these small-scale control systems is to process industrial automation processes more efficiently, easily, and quickly.

There are two types of controls that can be used in the production process. One is the Programmable Logic Controller (PLC) and the other is the Distributed Control System (DCS). Since Programmable Logic Controllers (PLC) and Distributed Control Systems (DCS) play a tool role in controlling complex production processes, the two terms are often used interchangeably. Although these two control systems have a similar operating logic, their applications are quite different.

PLC (PROGRAMMABLE LOGIC CONTROLLER)

The PLC used for industrial automation is a hardened computer responsible for the electromechanical control of equipment that makes up the production lines in facilities.

PLC is a microprocessor-based device that has replaced control elements such as relay cards, auxiliary relays, timing relays, and counters used in automation circuits. A PLC consists of four main parts that ensure its reliable and efficient operation:

• CPU (Central Processing Unit)
• Memory Unit (RAM – ROM – PROM)
• Input Unit (INPUT)
• Output Unit (OUTPUT)

PLC receives information from connected sensors or input devices, processes the data, and triggers the output points according to pre-programmed parameters. Depending on the input and output points, a PLC serves to monitor and record digital and analog data such as machine productivity, operating temperature, and operating duration, to automatically start and stop processes, and to create alarms if a machine fails.

Programmable Logic Controllers (PLC) are flexible and robust control solutions that can be adapted to almost any application area. In the field of industrial automation, control, data acquisition, data processing, communication, arithmetic, counting, comparison, data transfer, and other analytical processes enable the management of the entire system through analog and digital input-output points.

The basic working logic of the PLC depends on the programming technique. The working logic of a PLC with its programming technique:

• The logic values (1 or 0) read instantly from the input points are stored in memory.
• The input data is read and interpreted according to the program written inside the PLC.
• A decision mechanism is created to carry out communication processes at certain points.
• The data transferred to the output points is set to be logical 1 or 0 (usually expressed as 24V or 0V).
• The PLC performs this input and output operation at a millisecond speed.

DCS (DISTRUBTED CONTROL SYSTEM)

Within a facility, each object is used for many purposes such as data collection, data storage, graphical analysis of data, data display, process control, data transfer, and feedback. These objects, which appear independent, are controlled through a computer connected to the facility’s local network. This network of distributed sensors and controllers controlled via a local area network is known as DCS. The real-time, automatically decision-making DCS system is also known as the central brain of the facility.

To briefly explain, DCS are comprehensive systems that allow distribution from a single point by collecting multiple pieces of information from different locations.

In areas where Process Automation is continuously present, viewing control and command rooms without a DCS system is quite difficult. DCS stands out with many advantages such as ease of maintenance and repair in the facility, easier monitoring of many parameters at the same time, more reliable control, and overall optimization.

The main point of DCS is having a central network system. All units mentioned are connected to this central network point and provide reliable and fast real-time communication with each other.

SIMILARITIES AND DIFFERENCES BETWEEN DCS AND PLC

DCS, being a more comprehensive system than PLC, has been formed by the combination of many PLCs and computer systems. Looking at this situation, it can be said that DCS is a larger-scale system that encompasses PLCs as needed.

In terms of similarities, functional blocks are present in both DCS and PLC systems.

DIFFERENCES BETWEEN DCS AND PLC

1. Reaction Time
   PLC is preferred in systems with high digital IO density, DCS is preferred in systems with high analog IO and PID control density. However, this should not mean that PLCs cannot process analog data.
2. Programs They Use
   • DCS
     PLC
     PLC One for everything
     Programming program is sufficient.
     Field Bus (DP, FF) Engineering Workplace
     Application software with Communication (Ethernet, Serial),
     Hardware hardware, field bus,
     Field Devices communication is covered.
     Separate program is required for Process Graphics.
3. Scalability
   PLCs have less IO capacity than DCS. For this reason, DCS adapts more easily to new equipment and is easily used in large-scale projects. PLC is not as scalable as DCS and is preferred in small plants.
   PLCs are still used in RTU stations due to their small and inexpensive architecture and engineering (typically RTU application) instead of large DCS.
   At the same time, PLC is suitable for specialized applications that change less frequently, while DCS is suitable for complex processes that require advanced process control capability.
4. Update/Upgrade/Modernization
   Update process in PLC,
   Version differences,
   Most of the remaining programs in the PLC will be updated separately,
   It is very difficult due to possible problems with vendors.
   
   The update process in DCS can update the DCS controller to the next version in just a few minutes.
   In this case, updating is much easier in DCS than in PLC.
5. System Density
   If a simple system needs to run quickly, a PLC should be used; if the system involves many complex operations in succession, a DCS should be used. In addition, if there are many input and output points in the system where the process takes place, a DCS system is preferred because it would be difficult to bring many equipment together in a PLC.
6. Process Change Frequency
   PLCs are automation systems that can produce efficient results in stationary systems. DCSs, on the other hand, are more preferred when it comes to analyzing a large amount of data, often requiring a series of different operations.
7. Redundancy
   DCS system is more preferable than PLC system in terms of redundancy. This is because PLCs can be made redundant with additional hardware which makes them more expensive than DCS.
8. Architecture and Cost
   PLCs have a simple and flexible architecture. A PLC system consists of controllers, IO modules, HMIs and an engineering software.
   DCS systems are less flexible and complex. They consist of controllers, IO systems, database servers, engineering and operating servers.
   Because of these components, PLC is a less costly system than DCS.
9. Communication
   PLC
   It is a single product.
   PLC does not know other PLCs in the system.
   An engineering infrastructure is required to communicate with other PLCs.
   Powerful CPUs have been developed because they cannot be shared between applications. Therefore, the cost may increase.
   DCS
   It works as a system
   Any variable becomes globally shareable by all DCS controllers.
   No additional engineering is required for communication.
10. Faceplate Concept and Alarms
    PLC
    The desired faceplate should be selected according to the requirement.
    It is necessary to establish a connection between the PLC program and the process graphics and to adapt the alarms to the process graphics.
    DCS
    When PID Controller or pump block is created in DCS program, it will work together with faceplate alarms. In this case it will be more advantageous to use DCS.