securityotnetwork-plusBeginner22 min read

What Is Supervisory Control and Data Acquisition? Security Definition

Also known as: SCADA, Supervisory Control and Data Acquisition, industrial control system, OT security, Modbus

Reviewed byJohnson Ajibi· Senior Network & Security Engineer · MSc IT Security

This page mentions older exam versions. See the Current Exam Context and Legacy Exam Context sections below for the updated mapping.

On This Page

Quick Definition

SCADA is a computer system that watches over and controls machines in factories, power plants, and other industrial sites. It collects data from sensors and lets operators send commands to equipment like valves or pumps. Think of it as the control room for large-scale physical infrastructure.

Must Know for Exams

SCADA appears in several major certification exams, most notably CompTIA Network+ and CompTIA Security+. On the Network+ exam (N10-008 and N10-009), SCADA is covered in the domain of Network Operations and Network Security. You may be asked to identify SCADA as a type of industrial control system (ICS) that uses specialized protocols like Modbus or DNP3. Expect questions about the physical security and network segmentation requirements for SCADA systems. The exam may also test your knowledge of where SCADA is typically deployed, such as in utilities, manufacturing, and oil and gas industries.

On the CompTIA Security+ exam (SY0-601 and SY0-701), SCADA appears in the domain of Threats, Attacks, and Vulnerabilities, as well as in Architecture and Design. You need to understand that SCADA systems are a prime target for targeted attacks and that they often have vulnerabilities related to outdated firmware, weak authentication, and lack of encryption. The exam also covers the concept of air gaps and why they are no longer sufficient. You should know that SCADA systems are part of the broader Operational Technology (OT) domain and that securing them involves different strategies than securing traditional IT systems.

The exam objectives for Security+ mention Industrial Control Systems (ICS) and SCADA specifically in the context of secure network architecture. You may be asked to choose the best way to isolate a SCADA network from the corporate network. The correct answer often involves a firewall with a demilitarized zone (DMZ) and strict access control lists. You might also be tested on the principle of least functionality, meaning that SCADA devices should only have the ports and services required for their operation.

For the CompTIA CySA+ or CISSP, SCADA knowledge goes deeper, including attack vectors like Stuxnet (which targeted Siemens SCADA systems) and the importance of regular vulnerability assessments on OT networks. Regardless of the exam, the key takeaways are: SCADA controls physical equipment, uses specialized protocols, and requires strong network segmentation and security controls.

Simple Meaning

Imagine you are in charge of a huge building with hundreds of doors, windows, heating units, and lights spread across multiple floors. You cannot walk to every single door to check if it is locked or walk to each thermostat to adjust the temperature. Instead, you sit at a central desk with a big screen that shows you the status of every door, window, and heater. From that same screen, you can click a button to lock all doors or turn down the heat on the third floor. That central desk and screen is like a basic version of SCADA.

SCADA stands for Supervisory Control and Data Acquisition. This means it does two main things. First, it acquires data, which is just a fancy way of saying it collects information from sensors. These sensors might measure water pressure, temperature, electrical current, or whether a valve is open or closed. Second, it provides supervisory control, meaning it lets a human operator or an automated system send commands back to the equipment. If a sensor says the pressure is too high, the operator can click a button to open a relief valve, and the command travels all the way to that valve in a remote location.

SCADA systems are used everywhere in critical infrastructure. Power companies use them to manage the electrical grid. Water utilities use them to control pumps and treatment plants. Oil and gas pipelines rely on SCADA to monitor flow and detect leaks. Even large manufacturing facilities use SCADA to keep production lines running smoothly. The key idea is that SCADA connects a central computer to many remote devices spread over a wide area, often using dedicated networks or even the internet. For beginners, the most important thing to remember is that SCADA is not about managing computers or data files. It is about managing real-world physical machines and processes.

Full Technical Definition

Supervisory Control and Data Acquisition (SCADA) is a control system architecture that uses computers, networked data communications, and graphical user interfaces to perform high-level supervisory management of industrial processes. SCADA systems are a subset of Industrial Control Systems (ICS) and are distinct from Distributed Control Systems (DCS) in that SCADA typically covers geographically dispersed assets rather than localized processes.

At its core, a SCADA system consists of several key components. The first is the Human-Machine Interface (HMI), which is the software and screen that the operator interacts with. The HMI displays data from sensors in real time and allows the operator to issue commands such as opening a circuit breaker or starting a motor. The second component is the Remote Terminal Unit (RTU) or Programmable Logic Controller (PLC). These are hardware devices located at the remote site that interface directly with sensors and actuators. The RTU or PLC collects analog or digital signals from sensors, converts them into data packets, and sends them to the central system. It also receives commands and translates them into electrical signals that control actuators.

The third component is the communication infrastructure. SCADA systems rely on a variety of communication protocols to transmit data between the central host and remote units. Historically, SCADA used serial communication protocols like Modbus RTU or Profibus over dedicated leased lines or radio links. Modern SCADA systems often use TCP/IP-based protocols such as Modbus TCP, DNP3 (Distributed Network Protocol 3), or IEC 60870-5-104. These protocols are designed to be efficient in low-bandwidth environments and often include features like timestamping and error checking to ensure data integrity.

The fourth component is the Master Terminal Unit (MTU) or SCADA server. This is the central computer that polls remote units, processes the data, stores historical logs, and executes automated control logic. The MTU runs the SCADA software that manages the polling schedule, alarm handling, and data archiving. Many modern SCADA servers also integrate with other enterprise systems such as historians (databases for time-series data) and advanced analytics platforms.

Security is a major concern for SCADA systems. Because they control critical infrastructure, they have traditionally been isolated using air gaps or dedicated networks. However, modern SCADA systems are increasingly connected to corporate IT networks and the internet for remote monitoring and data sharing. This convergence introduces significant vulnerabilities. Security measures include network segmentation using firewalls and demilitarized zones (DMZs), encryption of communications, strong authentication for operator access, and regular patching of both the SCADA software and the underlying operating systems. The NIST SP 800-82 guide provides comprehensive recommendations for securing ICS and SCADA environments.

Real-Life Example

Think about a large modern library in a big city. This library has many floors, each with different sections like childrens books, reference materials, and periodicals. The library is huge, and the librarians cannot personally walk to every shelf to see which books are checked out or which lights are on.

Now imagine the library has a central security and operations desk. This desk has a large screen that shows a map of the entire building. On that map, small icons represent each section. One icon shows that the temperature on the third floor is too high. Another icon shows that a door on the first floor is open. A third icon indicates that the backup generator has been running for two hours. This central screen is like the SCADA human-machine interface.

Behind the scenes, there are small devices placed throughout the library. One device near the thermostat reads the temperature and sends it to the central desk. Another device on the door detects whether the door is closed or open. A third device on the generator reports how long it has been running. These small devices are like remote terminal units or PLCs. They collect data and send it to the central system.

When a librarian at the central desk sees that the third floor is too hot, they do not have to climb the stairs. Instead, they click a button on the screen that says Lower Temperature on Floor 3. That click sends a command back through the network to the device that controls the air conditioning on that floor. The device receives the command and adjusts the damper or the compressor accordingly. This is exactly how a SCADA system works: it shows you the status of remote equipment and lets you control it from a central location.

The library also stores a log of all events, such as when the door was opened or when the temperature changed. This helps the library staff with maintenance and security audits. In a SCADA system, this logging is handled by a historian database.

Why This Term Matters

SCADA matters because it directly controls the physical infrastructure that society depends on every day. The electrical grid that powers your home, the water treatment plant that supplies clean drinking water, the natural gas pipelines that heat buildings, and the transportation systems that move goods all rely on SCADA. If a SCADA system fails or is compromised, the consequences can be severe, including blackouts, water contamination, environmental disasters, or even loss of life.

For IT professionals, understanding SCADA is essential because these systems are no longer isolated from corporate networks. Many organizations are integrating SCADA with their IT infrastructure to enable remote monitoring, predictive maintenance, and data analytics. This convergence creates a new attack surface. A vulnerability in a SCADA system can be exploited through the corporate network, and a breach in the corporate network can be used to pivot into the SCADA environment. Security professionals must understand how to segment networks, apply patches to SCADA systems (which often have limited downtime windows), and monitor for anomalous traffic on industrial protocols.

Network and system administrators need to know how SCADA traffic behaves on the network. Unlike typical enterprise traffic that involves email or web browsing, SCADA traffic consists of continuous polling messages, real-time data updates, and command packets. These packets often use non-standard ports and protocols. Understanding this traffic is critical for setting up firewalls, intrusion detection systems, and network monitoring tools. Additionally, administrators must be aware of the latency and reliability requirements of SCADA. For example, a command to open a circuit breaker must be delivered quickly and reliably, often within milliseconds, or the entire grid could become unstable.

For cybersecurity professionals, SCADA presents unique challenges. Patching is difficult because many SCADA systems run on legacy operating systems like Windows XP or custom embedded firmware. Authentication is often weak, with default credentials still in use. Encryption is not always applied due to latency concerns. And the impact of a successful attack goes beyond data loss: it can be kinetic, meaning physical destruction of equipment. This makes SCADA security a high-stakes field.

How It Appears in Exam Questions

SCADA appears in certification exams in several distinct question formats. The most common are definition and identification questions. For example, the exam might ask: Which of the following best describes a SCADA system? The answer choices would include descriptions of SCADA, a local network of office computers, a cloud storage system, and a database management system. You need to recognize that SCADA is an industrial control system for remote monitoring and control of physical equipment.

Scenario-based questions are very common. You might be given a scenario like: A water treatment plant has a central control room that monitors pumps and valves across a 50-mile area. The plant manager wants to allow engineers to view system data from their laptops while connected to the corporate network. Which security measure should be implemented first? The correct answer would involve network segmentation, such as adding a firewall between the SCADA network and the corporate network, or placing the SCADA HMI in a DMZ.

Another typical question format involves protocol identification. The exam might list several protocols and ask which one is commonly used in SCADA environments. The options could include HTTP, FTP, Modbus, and SNMP. The correct answer is Modbus, which is a classic SCADA protocol. You should also be familiar with DNP3 and possibly IEC 61850 for electrical grids.

Troubleshooting questions also appear. For instance: A technician reports that a remote PLC is not responding to commands from the SCADA master. The network link is up. What is the most likely cause? The answer might be a misconfigured IP address on the PLC, a firewall blocking the protocol port, or a serial cable failure. These questions test your understanding of the communication path between the MTU and the RTU.

Finally, security-focused questions are common. You might be asked: What is the greatest security risk for a SCADA system that is now connected to the corporate internet? The answer would be the increased attack surface and the possibility of remote exploitation. Or you could be asked about the purpose of an air gap: An air gap is used to physically isolate the SCADA network from other networks to prevent unauthorized access. These question patterns show that you need to know what SCADA is, what protocols it uses, where it is used, and how to secure it.

Practise Supervisory Control and Data Acquisition Questions

Test your understanding with exam-style practice questions.

Practise

Example Scenario

Scenario: A regional water utility company manages a network of reservoirs, pumping stations, and treatment plants spread across several counties. The main control center is in the city, but the pumping stations are in remote rural areas. Each pumping station has sensors that measure water pressure, flow rate, and chlorine levels. The pumps themselves can be turned on or off.

How SCADA applies: In this scenario, the utility uses a SCADA system to monitor and control all the remote sites from the central control center. At each pumping station, a remote terminal unit (RTU) is connected to the sensors and the pump motor. The RTU continuously reads the sensor data and sends it to the SCADA master server in the city over a cellular data link. The operators at the control center see the data on their HMI screen. If the water pressure drops at one station, an alarm appears on the screen. The operator clicks a button to start a secondary pump at that station. The command travels from the HMI to the SCADA server, then over the cellular link to the RTU, which activates the pump motor. The SCADA system also logs all data and events for reporting and compliance with water quality regulations. This scenario shows how SCADA enables efficient management of geographically dispersed infrastructure with minimal on-site staff.

Common Mistakes

Thinking SCADA is a single type of device or a specific product.

SCADA refers to an entire architecture or system that includes many components like HMIs, RTUs, PLCs, communication networks, and servers. It is not a single box or a brand.

Understand SCADA as a system of interconnected hardware and software, not a standalone device.

Confusing SCADA with traditional business IT systems like email or database servers.

SCADA controls physical equipment in industrial environments, while IT systems manage data and applications for office work. The security requirements and protocols are very different.

Remember that SCADA is part of Operational Technology (OT) that interacts with the physical world, not just data.

Assuming SCADA systems always use standard IT protocols like HTTP or SMTP.

SCADA commonly uses specialized industrial protocols such as Modbus, DNP3, and IEC 61850. These are designed for real-time control and low bandwidth, not for web browsing or email.

Learn the key SCADA protocols and know that they are distinct from office network protocols.

Believing that SCADA systems are always air-gapped and completely secure from internet attacks.

Many modern SCADA systems are connected to corporate networks or the internet for remote monitoring, which introduces significant security risks. Air gaps are becoming rare.

Always consider that SCADA systems may have network connections and require strong security controls like firewalls and encryption.

Using the terms SCADA and PLC interchangeably.

A PLC is a single hardware component used in SCADA systems, but SCADA is the entire system. One PLC is not a SCADA system by itself.

Think of a PLC as one part of the SCADA puzzle, similar to how a sensor is a part of the system.

Exam Trap — Don't Get Fooled

The exam question asks you to choose the best security method for a SCADA system, and one option is to apply the latest patches to all SCADA devices immediately. Many learners select this because patching is generally a good security practice. Recognize that SCADA systems are part of operational technology (OT) where availability is often more critical than confidentiality.

Patching must be carefully planned, tested on a non-production system, and implemented during scheduled maintenance windows. A better answer might be network segmentation or using a firewall to isolate the SCADA network while keeping the system running.

Commonly Confused With

Supervisory Control and Data AcquisitionvsDistributed Control System (DCS)

A DCS is also used to control industrial processes, but it is typically used for continuous, localized processes within a single plant, like a chemical refinery. SCADA is used for geographically dispersed assets like pipelines or power grids.

A single oil refinery with many interconnected units uses a DCS. A pipeline that runs across three states uses SCADA to monitor pumping stations.

Supervisory Control and Data AcquisitionvsBuilding Management System (BMS)

A BMS controls building utilities like HVAC, lighting, and elevators within a single building or campus. SCADA is more robust and used for larger, more critical infrastructure like electrical grids and water utilities.

A BMS controls the heating and air conditioning in an office building. A SCADA system controls the water treatment plant that supplies water to that building.

Supervisory Control and Data AcquisitionvsProgrammable Logic Controller (PLC)

A PLC is a single hardware device that executes control logic for a specific machine. SCADA is the entire system that supervises multiple PLCs or RTUs from a central location. A PLC is one component of a SCADA system.

A single PLC runs a conveyor belt motor. The SCADA system lets an operator monitor the motor speed and start or stop it from a control room, while also monitoring other equipment.

Supervisory Control and Data AcquisitionvsInternet of Things (IoT)

IoT refers to everyday devices connected to the internet, like smart thermostats or fitness trackers. SCADA is specifically designed for industrial control with real-time reliability and safety requirements. IoT devices are typically consumer-grade and less robust.

A smart home thermostat that you control from your phone is IoT. The system that monitors and controls the chillers in a data center is SCADA.

Step-by-Step Breakdown

1

Sensor Measurement

At the remote location, a sensor measures a physical value such as pressure, temperature, or flow rate. This sensor is connected to a remote terminal unit or PLC. The measurement is typically an analog voltage or current signal that represents the real-world value.

2

Data Conversion and Packetization

The RTU or PLC converts the analog signal into a digital value. It then packages that value into a data packet according to a communication protocol like Modbus or DNP3. The packet includes the data itself, a timestamp, and sometimes error-checking codes.

3

Communication to Master

The RTU transmits the data packet over a communication channel. This channel could be a dedicated serial line, a radio link, a cellular network, or a TCP/IP connection over Ethernet. The packet travels to the master terminal unit (MTU) or SCADA server at the central control location.

4

Data Processing and Display

The SCADA server receives the packet, validates it, and stores the data in a real-time database. The server then updates the graphical HMI display so the operator can see the current status. If the value exceeds a preset threshold, the server generates an alarm.

5

Operator Command

An operator observes the data and decides to take action. For example, they see that the pressure is too high and decide to open a relief valve. They click the corresponding button or icon on the HMI screen.

6

Command Transmission

The SCADA server converts the operator action into a command packet using the same protocol. It sends that packet back down the communication channel to the RTU or PLC at the remote site. The packet contains the address of the target device and the command to execute, such as open valve or start motor.

7

Actuator Execution

The RTU or PLC receives the command packet and checks its validity. It then sends an electrical signal to the actuator, which might be a motor, a valve solenoid, or a switch. The actuator physically moves to perform the commanded action, such as opening the valve.

8

Feedback and Logging

The RTU sends a confirmation message back to the SCADA server to indicate that the command was executed. The sensor also continues to measure the new state, and the updated data flows back through the system. All events and data are logged in a historian database for later analysis, compliance, and troubleshooting.

Practical Mini-Lesson

To truly understand SCADA, you must see it as a system that bridges the digital world of computers with the physical world of machines. The core idea is that you have a central brain (the SCADA server) that talks to many remote hands and eyes (the RTUs and PLCs). The hands and eyes are attached to physical equipment like pumps, valves, and sensors. The communication between them must be reliable, fast, and secure.

In practice, SCADA engineers and IT professionals work together to design the network architecture. A typical SCADA network is divided into zones. The control center network hosts the SCADA servers and HMI workstations. The field site network includes the RTUs and PLCs at remote locations. Between these zones, you have the communication network, which could be leased fiber, microwave radio, or 4G LTE. A firewall and a DMZ are often placed between the SCADA network and any corporate IT network. This prevents unauthorized access from the business side while still allowing necessary data exchange.

One of the biggest challenges in SCADA is security. Many legacy SCADA devices have no built-in security features. They may use plain-text protocols, have default passwords, and run on unsupported operating systems. A professional must harden these systems by changing default credentials, applying patches where possible, and using network-level controls like access control lists (ACLs) and intrusion detection systems (IDS) that can understand industrial protocols. Tools like Snort or Zeek can be configured with rules for Modbus or DNP3 traffic.

Another important concept is redundancy. SCADA systems controlling critical infrastructure often have redundant servers, redundant communication paths, and redundant power supplies. If the primary SCADA server fails, a backup server takes over without interrupting operations. If a communication link is cut, the system can use an alternate path, such as a satellite link. This is called high availability.

For monitoring, SCADA administrators use the HMI to watch for alarms. Alarms are generated when a value goes outside a normal range, like a temperature that is too high or a pressure that is too low. Each alarm has a priority and a response procedure. Operators must be trained to respond to alarms quickly and correctly.

Finally, documentation and change management are critical. Every change to a SCADA system, whether it is a new sensor, a change to a control program, or a firmware update, must be documented and tested. A misconfiguration in a SCADA system can cause physical damage or a safety hazard. This is why SCADA professionals follow strict procedures and why certification exams emphasize these management practices.

Memory Tip

SCADA is a central dashboard for faraway factories: Supervisory means watching from above, Control means sending commands, Data Acquisition means gathering sensor readings. Think of it as a remote control for huge machines.

Covered in These Exams

Current Exam Context

Current exam versions that test this topic — use these objectives when studying.

Legacy Exam Context

Older materials may mention these exam versions, but learners should use the current objectives for their target exam.

N10-008N10-009(current version)
SY0-601SY0-701(current version)

Related Glossary Terms

Frequently Asked Questions

What is the difference between SCADA and ICS?

ICS stands for Industrial Control System, which is a broad category that includes SCADA, DCS, and PLCs. SCADA is a specific type of ICS that focuses on monitoring and controlling geographically dispersed assets.

Is SCADA still used today?

Yes, SCADA is widely used in utilities, oil and gas, water management, transportation, and manufacturing. Many systems are being modernized with cloud connectivity and advanced analytics, but the core SCADA architecture remains essential.

What protocols does SCADA use?

Common SCADA protocols include Modbus (RTU and TCP), DNP3, IEC 60870-5-104, and Profibus. Modern systems may also use OPC UA for platform-independent communication.

Can SCADA systems be hacked?

Yes, SCADA systems can be hacked. Notable attacks include Stuxnet, which targeted Iranian nuclear centrifuges, and the 2015 Ukraine power grid attack. Security measures like network segmentation, encryption, and strong authentication are critical.

Do I need to know SCADA for Network+?

Yes, Network+ covers SCADA as an example of an industrial control system. You should know the basic purpose, common deployment locations, and that it uses specialized protocols. It appears in questions about network segmentation and operational technology.

What is an RTU in SCADA?

An RTU, or Remote Terminal Unit, is a hardware device at a remote site that interfaces with sensors and actuators. It collects data from sensors and sends it to the central SCADA server, and it receives commands to control equipment.

Is SCADA the same as a PLC?

No, a PLC is a single device that executes control logic for a machine or process. SCADA is the entire system that supervises multiple PLCs or RTUs and provides a central interface for operators. A PLC can be a component of a SCADA system.

Why is SCADA considered a security risk?

SCADA systems control critical physical infrastructure, so an attack can cause real-world damage. Many legacy SCADA devices lack built-in security features, and the convergence with IT networks increases the attack surface.

Summary

Supervisory Control and Data Acquisition (SCADA) is a system architecture that centralizes the monitoring and control of geographically distributed industrial equipment. It enables operators in a control room to see real-time data from sensors and send commands to actuators at remote sites, all through a graphical interface. SCADA is vital for the safe and efficient operation of critical infrastructure, including power grids, water systems, and pipelines.

For IT certification exams like Network+ and Security+, you need to know the basic components, the purpose of SCADA, common protocols like Modbus and DNP3, and the security challenges it faces. Remember that SCADA is part of Operational Technology, not standard IT, and that its primary concerns are reliability and safety as much as security. Understanding SCADA positions you to contribute to the protection of the physical systems that modern society depends on.