The IT Law Wiki


Control system(s) is/are

computer-based systems that are used within many infrastructures and industries to monitor and control sensitive processes and physical functions. Typically, control systems collect sensor [measurement]]s and operational data from the field, process and display this information, and relay control commands to local or remote equipment. Control systems perform functions that range from simple to complex.[1]
[a] system in which deliberate guidance or manipulation is used to achieve a prescribed value for a variable. Control systems include SCADA, DCS, PLCs and other types of industrial measurement and control systems.[2]
a device or set of devices used to manage, command, direct, or regulate the behavior of other devices or systems.[3]

Types of control systems[]

There are two primary types of control systems: distributed control systems and supervisory control and data acquisition (SCADA) systems. Distributed control systems typically are used within a single processing or generating plant or over a small geographic area, while SCADA systems typically are used for large, geographically dispersed operations. For example, a utility company may use a distributed control system to manage power generation and a SCADA system to manage its distribution.

SCADA system[]

A SCADA system is generally composed of six components: instruments, operating equipment, local processors, short-range communication, host computers, and long-range communications.

  • Instruments sense conditions such as pH, temperature, pressure, power level, and flow rate.
  • Operating equipment includes pumps, valves, conveyors, and substation breakers that can be controlled by energizing actuators or relays.
  • Local processors communicate with the site’s instruments and operating equipment. Local processors go by several different names, including programmable logic controller, remote terminal unit, intelligent electronic device, and process automation controller. A single local processor may be responsible for dozens of inputs from instruments and outputs to operating equipment. Local processors can collect instrument data; turn on and off operating equipment; translate protocols so different controllers, instruments, and equipment can communicate; and identify alarm conditions.
  • Short-range communication consists of the relatively short cables or wireless connections that carry analog and discrete signals between the local processors and the instruments and operating equipment. The communication uses electrical characteristics such as voltage and current or other established industrial communications protocols.
  • Host computers are the central point of monitoring and control. The host computer is where a human operator can supervise the process, receive alarms, review data, and exercise control. In some cases the host computer has logic programmed into it to provide control over the local processors. The host computer may be called the master terminal unit, the SCADA server, or a personal computer.
  • Long-range communication consists of the communication between the local processors and host computers. This communication typically covers miles using methods such as leased phone lines, satellite, microwave, and cellular packet data.


Control systems are vulnerable to flaws or weaknesses in system security procedures, design, implementation, and internal controls. When these weaknesses are accidentally triggered or intentionally exploited, they could result in a security breach. Vulnerabilities could occur in control systems' policies, platform (including hardware, operating systems, and control system applications), or networks.



See also[]