Using Cybersecure PLCs with Integrated Safety for High-Speed Industrial Automation

Flexible and high-speed machine control with integrated safety and high levels of cybersecurity is needed in various factories, from automotive production to food processing. Network communications and safety implementations in these environments must be flexible.

Some devices on the network will use a Fieldbus protocol like EtherCAT, and others may use Ethernet/IP. In addition, some devices will use standard connectivity, and some will require safety protocols.

To speed deployments, industrial network designers need controllers that combine common industrial protocol (CIP) Safety and Safety over EtherCAT, also called FailSafe over EtherCAT (FSoE). CIP Safety supports devices like industrial robots that use EtherNet/IP connectivity, while FSoE works with devices using EtherCAT.

A range of controllers that can handle up to 254 CIP safety connections, up to 62 axes of motion, and up to 256 EtherCAT nodes is needed. A diversity of input/output (I/O) units that support easy commissioning and maintenance and can accommodate a wide range of automation system designs is required.

In addition, the controller maker must offer an IEC 61131-3 compliant software development suite, allowing quick and easy control of all connected devices. The company must also be certified to IEC 62443-4-1, Security for industrial automation and control systems, including secure product development lifecycle requirements that mitigate the effects and often prevent successful cyberattacks.

This article starts with a comparison of applications for EtherCAT and Ethernet/IP connectivity. It looks at how FSoE and CIP Safety fit in and relate to International Electrotechnical Commission (IEC) standards IEC 61508 and IEC 61784-3 and considers how safety risk is assessed using the International Standards Organization (ISO) 12100 standard.

It then reviews the requirements for an IEC 61131-3 compliant software development suite and what it takes to gain certification to IEC 62443-4-1 for cybersecurity. It concludes by presenting a selection of controllers and I/O units from Omron Automation suited for cybersecure high-speed industrial automation installations.

Industrial automation networks can require high-speed machine control and factory connectivity to the Cloud, enterprise resource planning (ERP), and other management systems.

That’s where controllers like the Sysmac NX102 from Omron come in with EtherCAT and EtherNet/IP. EtherCAT can be used for high-speed communication with motor and server controllers like the 1S series servo drivers and motors from Omron, including the R88D-1SN10H-ECT 1 kW servo driver and R88M-1L1K030T 1 kW, 3,000 RPM server motor.

The same NX102 controller can use EtherNet/IP to control standard industrial robots and provide factory connectivity to the Cloud, ERP, and other systems. All this functionality can be implemented through Omron’s Sysmac Studio integrated development environment (IDE) for machine and factory automation (Figure 1):

• EtherCAT for machine control
  • redundancy minimizes downtime
  • flexible system configuration supports up to 512 slaves
  • fast cycle time of 125 microseconds (?s) and synchronization with 1 ?s jitter
  • simple connectivity using standard shielded twisted pair (STP) Ethernet cable with RJ45 connectors
  • supports FSoE
• EtherNet/IP for factory connectivity
  • peer-to-peer controller communication
  • supports database connections for Microsoft SQL Server, Oracle, IBM DB2, MySQL, and Firebird
  • integrated FTP server
  • message Queuing Telemetry Transport (MQTT) protocol for secure connectivity to the Cloud and other networks
  • supports CIP Safety

    

IEC safety and ISO risk assessment

There are many ways to mix and match EtherCAT and EtherNet/IP devices. One of the critical decisions to make when selecting specific devices is the optimization of network efficiency and safety. That requires an understanding of the IEC safety standards and implementing an effective risk assessment plan based on ISO requirements:

IEC 61508, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES), is a basic functional safety standard applicable to all industries. It includes methods for applying, designing, deploying, and maintaining automatic protection equipment called safety-related systems.

IEC 61784-3:2021, Functional safety fieldbus – General rules and profile definitions, delineates common principles that can be used in the transmission of safety-relevant messages in a distributed network designed per the requirements of IEC 61508 for functional safety. FSoE and CIP Safety comply with this standard.

ISO 12100, Safety of machinery – General principles for design – Risk assessment and risk reduction, describes assessing and managing risk independent of the deployed safety protocol. An assessment consists of five steps or actions (Figure 2):

Determination of the limits of the machinery – understanding the limitations of machine operation and expected operator interactions

• Hazard identification – includes hazards from machine manufacturing, usage, maintenance, and disposal
• Risk estimation – quantify the probability of occurrence and the expected severity of harm from each risk
• Risk evaluation – determine if the risk has been reduced to a manageable and safe level: if the answer is “YES,” document the findings and deploy the system; if answer is “NO,” develop additional risk reduction strategies
• Risk reduction – expand the risk reduction measures and proceed back to Action 1

  

FSoE and CIP Safety — what’s the difference?

FSoE and CIP Safety meet the requirements of IEC 61784-3:2021, enabling equipment interoperability from various vendors. A safety risk assessment should be used to identify the safety needs and the correct configuration for each installation. Eight types of network errors must be both mitigated to ensure functional safety and handled differently in FSoE and CIP safety. FSoE adds a ninth consideration, ‘resolving memory failures in switches. The eight types of network errors dealt with by both protocols include (Table 1):

• corruption of the signal
• unintended repetition of the message
• incorrect sequence of the message
• loss of the message
• unacceptable delay of the message
• insertion of another unintended message
• masquerading the message
• addressing the message as intended

Table 1: CIP Safety (top) and FSoE (bottom) support different approaches to handling network errors. (Table source: Omron Automation)

IEC 61131-3 compliant IDE

Efficient network development and deployment are also important. The Sysmac Studio IDE complies with the syntax and semantics requirements of IEC 61131-3, simplifying software development.

Industrial automation IDEs often require separate development of motion control programs and programming for safety control. Sysmac Studio supports integrated safety programming with sequence and motion control, including design, verification, debugging, operation, and ongoing improvements.

It also supports complex industrial automation systems, including I/O, motion, and safety devices. This IDE platform uses the same graphical user interface (GUI) for machine sequencing and control and safety control design, simplifying and speeding the development process.

The resulting software can be designed using modular structures that support reuse in new applications, reducing the verification and validation needed for subsequent applications.

IEC 62443-4-1 certification

IEC 62443-4-1 defines the requirements and processes to implement and maintain electronically secure industrial automation and control systems (IACS). It establishes a series of best practices for security and includes a way to assess the level of security achieved.

This standard follows a holistic approach to cybersecurity, closing the disconnect between operations and information technology and process safety and cybersecurity.

The increasingly connected nature of devices in Industry 4.0 has resulted in a corresponding increase in cybersecurity risks and the need for comprehensive security implementations to mitigate the possibility of operational disruptions from cyberattacks. Omron Automation has achieved certification to IEC 62443-4-1 for establishing a secure development lifecycle for its PLC products and software.

Machine automation controller

Omron’s NX502 controllers are designed to deliver scalable automation solutions with accurate motion and robust safety. They are built around Sysmac’s One Controller, One Connection, and One Software architecture, where one controller integrates logic, motion, safety, robotics, vision, information, visualization, and networking under one software, the Sysmac Studio (Figure 3).

NX502 controllers also minimize the risk of cyberattacks and centralize and simplify factory automation control. It can include up to 254 CIP safety connections, control for up to 62 axes of motion, 256 EtherCAT nodes, 80 megabytes (MB) of program memory, 1 gigabit per second (Gbps) EtherNet/IP ports, and includes support for Open Platform Communications Unified Architecture (OPC UA) and structured query language (SQL) relational databases.

These controllers can handle up to four EtherNet/IP (EIP) expansion cards on the left side of the processor unit, enabling control of many machines through a single processor unit. Each EIP expansion card creates a subnet separating the connected machines from the database and plant-level networks.

Three models of NX502 controllers are available:

NX502-1300, able to control 16 servo axes
NX502-1400, able to control 32 servo axes
NX502-1500, able to control 64 servo axes

Automation for smaller networks

Designers of smaller factory automation installations can turn to Omron’s NX102 controllers. Like the larger NX502 controllers, these units embody Sysmac’s One Controller, One Connection, and One Software architecture. They speed up the implementation of IIoT functionality in small networks using native communications protocols like EtherCAT, EtherNet/IP, and IO-Link.

All NX Series controllers have common I/O connections and can be programmed on Sysmac Studio software, enabling smaller networks deployed using NX102 controllers to be easily scaled up with larger controllers like the NX502. Other features of NX102 controllers include:

• EtherCAT cycle times from 1 to 32 milliseconds (ms) in 0.25 ms increments
• OPC UA and SQL preinstalled
• Control for up to eight axes of motion; for example, the NX102-1200 has eight-axis capacity, the NX102-1100 has four-axis capacity, and the NX102-1020 has two-axis capacity
• Up To 256 EtherCAT nodes
• Up to 16 CIP Safety connections
• 5 MB program memory
• 32 local I/O per CPU, 400 total I/O with Remote NX I/O

Sysmac NX I/O units

I/O connections are a critical part of all factory automation networks. The Sysmac NX I/O portfolio includes over 120 I/O devices that can implement a wide range of functions on the factory floor and connect them to the larger control network.

These I/O units are compatible with common communications protocols, including EtherCAT, EtherNet/IP, FSoE, CIP Safety, and IO-Link. For example, model NX1P2-9024DT includes 24 NPN digital transistor I/Os, 1.5 MB memory, support for 16 EtherCAT nodes, EtherNet/IP, and one serial option port, and model NX1P2-9024DT1 has the same specifications, except that the 24 NPN digital transistor I/Os are replaced with 24 PNP digital transistor I/Os (Figure 4). Examples of available modules include:

• digital I/Os
• analog I/Os
• temperature I/Os
• encoding and positioning
• power supply and connection units

Article Source: www.digikey.in