Global Perspective: Hyper-Secured PLC…and other curious combinations
Automation and controls technologies continue to converge in creative combinations, and those using automation are the beneficiaries. Security and control are sharing the same space; CPUs and I/O are mounting the same substrate; and pneumatics and electronics are enjoying a life together. These were among findings at the November 2010 SPS/IPC/Drives show; the report below was adapted from a Control Engineering Europe Feb. 8 posting.
Industrial security firms, thanks in a large part to Stuxnet, are enjoying a bonanza of publicity. Now that the proof-of-concept for software-guided missiles aimed directly at industrial targets has been widely recognized, the need for insurance against them becomes an easier sell.
“Stuxnet is a gift to our industry,” said Dr. Lutz Jänicke, chief technical officer of Berlin-based Innominate Security Technologies. “We’ve been warning people about this for years, and now here it is for them to see. Industrial PCs and PLCs can be hacked, people want to hack them, and now there is a means to do it.”
The timing of the 2010 SPS/IPC/Drives show—a few months after the Stuxnet scare—was great for the security companies. It was the best time for Innominate to launch its HyperSecured PLC, with its sister Phoenix Contact company, KW-Software.
Most IT security companies monitor communications traffic, looking to block software that contains malware signatures. This is why their databases must be constantly updated with the latest malware information, trying to keep ahead of the hackers. Innominate’s approach to security, however, is to constantly monitor the software in an industrial PC to note if there are any changes, sudden or otherwise, in the basic configuration. This is the kind of thing worms do when they get inside a system—add little bits of software here and there, small enough and innocent enough to be hopefully unnoticed. But no matter how subtle the change, Innominate’s software will detect it within milliseconds, perform an assessment of the risk, and advise the user on what to do. At the end of the day, says Dr. Jänicke, the best solution is to simply wipe the system clean and reinstall a fresh software pack.
This approach, however, requires a separate piece of hardware to monitor the PC or PLC. So, why not combine the two into one unit? Working with KW-Software such a project was realized, thanks to virtualization.
Innominate calls it the HyperSecured PLC. In reality, it is an industrial PC built on an Intel Atom Z530 processor platform. Wind River’s Hypervisor is the foundation software of the two virtual machines. The security application, the virtual mGuard, runs under Linux and monitors communication with the network. KW-Software’s soft PLC runs under VxWorks and communicates with the outside world (with Profinet) only through mGuard. An auxiliary PC, such as a desktop or laptop PC, is used for IEC 61131 programming and Profinet configuration. The mGuard itself is configured via the web interface in the browser.
“Until now, such control solutions could only be configured with dedicated hardware for the PLC and for the security appliance,” said Dr. Jänicke. “With the trend to virtualization, more cost-effective solutions, integrated on a CPU, can be created. The prerequisites for this are hardware-independent software components and an industrially usable Hypervisor for different processor architectures.”
Combined CPU, FPGA I/O
Six years ago, National Instruments launched a new controller called the Compact RIO or cRIO, which combined a processor and a reconfigurable FPGA. The unit could be programmed with NI’s LabVIEW software, which made the hardware configuration immediately accessible to engineers. The concept of combining a CPU with a field programmable gate array (FPGA) has gained traction, largely due to the fact that use of FPGAs has become more widespread and the engineering cost of programming them has come down.
At SPS/IPC/Drives 2010, Kontron announced that it had put the two together on a single board computer, resulting in the Kontron PCIe/104 Microspace MSMST. It is said to be the world’s first embedded single board computer to pair an Intel Atom E600 series processor with an Altera Field Programmable Gate Array (FPGA) in one package. The SBC is designed to operate in industrial temperature ranges from -40 °C to +85 °C.
The Intel processor should be enough to get you by, with speeds of up to 1.3GHz and up to 2GB of onboard DRAM system memory. The FPGA has more than 60,000 logic elements. The processor and the FPGA both contain integrated PCIe (Peripheral Component Interconnect Express) bus elements for rapid communication with each other.
Kontron’s strategy will be to provide fully validated and verified embedded FPGA solutions including processor, FPGA, operating systems, Board Support Packages (BSPs) and drivers. The company says it will also provide IP Cores with dedicated I/O for various vertical markets.
Ability to configure industrial I/O in silicon has big advantages, and the ability to reconfigure the I/O for a different application makes the platform of great use for machine OEMs. Of course, even though it has the name “field-programmable,” it is important to remember that FPGA programming is still a specialist activity, and it will likely be done for a few hundred or a few thousand boards at a time, rather than in the field.
Pneumatics and electronics
A few years ago, you could be forgiven for missing Festo at the SPS/IPC/Drives show. With the tag line for the exhibition being Electric Automation you might not expect to see a pneumatic company displaying its wares. However, Festo has been a regular exhibitor, though on a smaller scale compared to some others.
This year’s presence was different. While it wasn’t the Hannover Messe mega-stand, it was Festo Grande, complete with electronic and pneumatic components working together, topped off with the company’s latest icon, the elephant trunk robot arm.
Robotic innovation aside, the real star of Festo’s show was the CPX system, which the company boasts has broken the 10,000 mark in sales worldwide. The front-end controller runs CoDeSys software, so it’s in the same league as Beckhoff and Wago’s soft PLCs, with one big difference: there are numerous pneumatic modules such as valve coils that attach to the system. There are in fact dozens of I/O modules that can be attached, and you could connect up to 512 I/O modules per fieldbus node, for a length of 3 m of modules. As a result of this, says Festo, 128 valve coils and up to eight additional supply modules for pressure and power zones can be mounted.
There were several demonstrations in the stand showing how CPX can be entirely electrical, entirely pneumatic, or a combination of the two.
This is Festo’s strategy for CPX: marketing it as “integrated automation of the 21st century,” which includes pneumatic and electrical motion control, safety, diagnostics, and closed-loop control of pressure and temperature. The company was demonstrating its new modules for robot control and multi-axis motion control, and integrated HMI solutions.
– Control Engineering Europe, www.controlengeurope.com
Related Control Engineering Channels: