The Hyper-Secured PLC…and other curious combinations

08 February 2011

To make life easier for automation engineers, and less costly for OEMs and end user companies to build control systems, clever companies are taking what used to be two separate products and putting them together in one unit.

At the November SPS/IPS/Drives show CEE found out how security and control are sharing the same space; CPUs and I/O are mounting the same substrate; and pneumatics and electronics are enjoying a life together.

Industrial security firms, thanks in a large part to Stuxnet, are enjoying a bonanza of publicity. Now that the proof-of-concept for software ‘guided missiles’ aimed directly at industrial targets, has been widely recognised, the need for insurance against them becomes an easier sell.

“Stuxnet is a gift to our industry,” said Dr. Lutz Jänicke, chief technical officer of Berlin-based Innominate Security Technologies. “We’ve been warning people about this for years, and now here it is for them to see. Industrial PCs and PLCs can be hacked, people want to hack them, and now there is a means to do it.”

HyperSecured PLC
The timing of this year’s SPS/IPC/Drives show – a few months after the Stuxnet scare - was great for the security companies. It was the best time for Innominate to launch its ‘HyperSecured PLC,’ with its sister Phoenix Contact company, KW-Software.

Most IT security companies monitor communications traffic, looking to block software that contains malware signatures. This is why their databases must be constantly updated with the latest malware information, trying to keep ahead of the hackers. Innominate’s approach to security, however, is to constantly monitor the software in an industrial PC to note if there are any changes, sudden or otherwise, in the basic configuration. This is the kind of thing worms do when they get inside a system - adding little bits of software here and there, small enough and innocent enough to be hopefully unnoticed. But, no matter how subtle the change, Innominate’s software will detect it within milliseconds and will perform an assessment of the risk, and advise the user on what to do. At the end of the day, says Dr. Jänicke, the best solution is to simply wipe the system clean and reinstall a fresh software pack.

This approach, however, requires a separate piece of hardware to monitor the PC or PLC. So, why not combine the two into one unit? Working with KW-Software such a project was realised, thanks to virtualisation.

Innominate calls it the ‘HyperSecured PLC’. In reality, it is an industrial PC built on an Intel Atom Z530 processor platform. Wind River’s ‘Hypervisor’ is the foundation software of the two virtual machines. The security application, the virtual mGuard, runs under Linux and monitors communication with the network. KW-Software’s ‘soft’ PLC runs under VxWorks and communicates with the outside world (with Profinet) only through mGuard. An auxiliary PC, such as a desktop or laptop PC, is used for IEC 61131 programming and Profinet configuration. The mGuard itself is configured via the web interface in the browser.

“Until now, such control solutions could only be configured with dedicated hardware for the PLC and for the security appliance,” said Dr. Jänicke. “With the trend to virtualisation, more cost-effective solutions, integrated on a CPU, can be created. The prerequisites for this are hardware-independent software components and an industrially usable Hypervisor for different processor architectures.”

Another combination: CPU and FPGA I/O
Six years ago, National Instruments launched a new controller called the ‘Compact RIO’ or cRIO which combined a processor and a reconfigurable FPGA. The unit could be programmed with NI’s LabVIEW software, which made the hardware configuration immediately accessible to engineers. The concept of combining a CPU with a field programmable gate array (FPGA) has gained traction, largely due to the fact that use of FPGAs have become more widespread and the engineering cost of programming them (leaving LabVIEW aside for the moment) has come down a few thousand metres below the stratosphere.

At SPS/IPC/Drives 2010, Kontron announced that it had put the two together on a single board computer – resulting in the ‘Kontron PCIe/104 MICROSPACE MSMST’. It is said to be the world’s first embedded single board computer which pairs an Intel Atom E600 series processor with an Altera Field Programmable Gate Array (FPGA) in a single package. The SBC is designed to operate in industrial temperature ranges, from -40 °C to +85 °C.

The Intel processor should be enough to get you by, with speeds of up to 1.3GHz and up to 2GB of onboard DRAM system memory. The FPGA has more than 60,000 logic elements. The processor and the FPGA both contain integrated PCIe (Peripheral Component Interconnect Express) bus elements for rapid communication with each other.

Kontron’s strategy will be to provide fully validated and verified embedded FPGA solutions including processor, FPGA, operating systems, Board Support Packages (BSPs) and drivers. The company says it will also provide IP Cores with dedicated I/O for various vertical markets.

The ability to configure industrial I/O in silicon has big advantages, and the ability to re-configure the I/O for a different application makes the platform of great use for machine OEMs. Of course, even though it has the name ‘field-programmable’ it is important to rememeber that FPGA programming is still a specialist activity and it will likely be done for a few hundred or a few thousand boards at a time, rather than in the field.

Pneumatics and electronics
A few years ago, you could be forgiven for missing Festo at the SPS/IPC/Drives show. With the tag line for the exhibition being ‘Electric Automation’ you would not expect to see a pneumatic company displaying its wares. However, Festo is a regular exhibitor, albeit on a very small-scale.

This year’s presence was different. While it wasn’t the Hannover Messe mega-stand, it was Festo Grande, complete with electronic and pneumatic components working together, topped off with the company’s latest icon, the elephant trunk robot arm.

Plastic arms aside, the real star of Festo’s show was the CPX system, which the company boasts has broken the 10,000 mark in sales worldwide. The front-end controller runs CoDeSys software, so it’s in the same league as Beckhoff and Wago’s soft PLCs, with one big difference - there are numerous pneumatic modules such as valve coils that attach to the system. There are in fact dozens of different I/O modules that can be attached and if you wanted to do it, you could connect up to 512 I/O modules per fieldbus node, for a length of 3m of modules. As a result of this, says Festo, 128 valve coils and up to eight additional supply modules for pressure and power zones can be mounted.

There were several demonstrations in the stand showing how CPX can be entirely electrical, entirely pneumatic, or a combination of the two.

This is Festo’s strategy for CPX: marketing it as ‘integrated automation of the 21st century,’ which includes pneumatic and electrical motion control, safety, diagnostics, and closed-loop control of pressure and temperature. The company was demonstrating its new modules for robot control and multi-axis motion control, and integrated HMI solutions.

Contact Details and Archive...

Print this page | E-mail this page