A 13-section interactive reference guide covering SCADA and Industrial Control System design topics used daily by automation engineers. Includes the Purdue model, PLC ladder logic and IEC 61131-3 languages, RTU field devices, Modbus/DNP3/EtherNet/IP protocols, HMI design per ISA-101, alarm management per ISA-18.2, IEC 62443 cybersecurity, industrial networking, redundancy, and commissioning procedures.
Each section targets a core SCADA/ICS design discipline: architecture differences between SCADA, DCS, and PLC systems; the Purdue Reference Model (ISA-95) with Level 0–4 hierarchy and industrial DMZ requirements; PLC scan cycle and IEC 61131-3 languages (LD, FBD, ST, IL, SFC); RTU field devices and 4–20 mA loop fundamentals; communication protocols (Modbus RTU/TCP function codes, DNP3 event reporting, PROFIBUS DP, EtherNet/IP CIP, OPC-UA); HMI high-performance design per ASM guidelines and ISA-101 color standard; process historian architecture and data compression; OT network VLAN segmentation and wireless options; IEC 62443 zones and conduits with NERC CIP requirements; ISA-18.2 alarm lifecycle and performance KPIs; PLC and SCADA server redundancy; FAT/SAT commissioning procedures; and a master quick-reference table of standards and protocols.
Use the Prev / Next buttons at the bottom of the reader, or press the arrow keys on your keyboard to move between sections. Click the ☰ menu button in the top-right corner to open the table of contents and jump directly to any of the 13 sections. The gold progress bar at the top tracks your position through the guide.
This guide references ISA-18.2-2016 (Alarm Management), ISA-99/IEC 62443 (2018–2023 series), IEC 61131-3 (2013), IEC 61511 (2016), NERC CIP version 7, and NIST SP 800-82 Rev. 2. Standards are periodically revised — always confirm the applicable edition for your project jurisdiction or client specification before applying specific requirements.
The Purdue Reference Model provides a defense-in-depth framework: field devices (Level 0) connect only to controllers (Level 1); controllers connect only to supervisory SCADA (Level 2); an industrial DMZ with dual firewalls and one-way data replication sits between OT (Level 2) and IT (Level 4). Direct connections between PLCs and corporate IT networks or the Internet violate this architecture and must never be made without explicit security controls. Data diodes are the gold standard for high-security environments where bidirectional connectivity cannot be justified.
SCADA (Supervisory Control and Data Acquisition) is designed for wide-area monitoring and control of remote assets — utilities, pipelines, water systems — using RTUs that poll data over slow or intermittent communication links. DCS (Distributed Control System) is designed for continuous process control within a plant — refinery, chemical plant — with fast, deterministic peer-to-peer communications between controllers. SCADA emphasizes monitoring; DCS emphasizes closed-loop control.
The most important Modbus function codes are: FC03 (Read Holding Registers — read output/configuration values), FC04 (Read Input Registers — read analog inputs), FC06 (Write Single Register — set a single value), and FC16 (Write Multiple Registers — set a group of values). Coils (digital outputs) use FC01/FC05/FC15; discrete inputs use FC02. Registers hold 16-bit values (0–65535 unsigned or ±32767 signed).
ISA-18.2-2016 defines a lifecycle approach to alarm management including rationalization (is each alarm justified?), priority assignment (P1/P2/P3/P4 with response times), and performance monitoring (target: under 1 alarm per 10 minutes per operator during normal operations). The standard also addresses alarm floods, bad actor alarms (top 10 most frequent alarms = 80% of alarm load), and dynamic alarm suppression during planned process upsets.
IEC 62443 defines security zones (groups of assets with the same security requirements) and conduits (communication paths between zones). Each zone is assigned a Security Level (SL 1–4) based on the sophistication of threat expected. The standard requires defense-in-depth: perimeter firewalls, DMZ between IT and OT networks, VLAN segmentation within OT, endpoint hardening (disable unused ports, change default passwords), and continuous monitoring. NERC CIP mandates similar requirements for bulk electric system assets.