Connected devices provide alerts and information, but it is necessary to adopt technologies that include safeguards against cyberattacks.Connected devices provide alerts and information, but it is necessary to adopt technologies that include safeguards against cyberattacks.
By Peter Sherwin, Eurotherm by Schneider Electric
The world is going crazy for connected devices and the Internet of Things (IoT): Nearly 25 million smart speakers were sold last year, with about 11 million moved in the holiday season alone.(1) So why the fuss around Industrial IoT? Instead of a dumb device getting smarter (as with Bluetooth connected speakers), you now have the potential to make a smart device - an industrial temperature controller - truly brilliant. But, how do you also protect from cyber threats?
An earlier Process Heating article(2) outlined how it is possible to wrap modern technology solutions around existing as sets. Doing so allows users to leverage cloud technology to improve the maintenance of burner tuning through predictive methods - and ultimately save energy. Such upgrades were achieved by using a tablet or smartphone to take field readings, and that information is analyzed over time to predict when burner adjustments are necessary to optimize combustion performance. Unfortunately, these solutions do not have a physical connection to the temperature control system that manages the industrial burner operation.
Another Process Heating article(3) out lined the developments of process controls over the past decade. Modern controls provide tighter temperature uniformity, enhanced data acquisition and storage capability, scalable architecture, improvements in user interface and communication and data security.
To find out which temperature controller best fits your needs:
Real-time solutions that take advantage of direct Ethernet or 3G/4G connection to the temperature control system for an industrial furnace and oven can now also benefit from many cloud-based enhancements. Here are a few examples.
Example 1: Alerts When You Need Them
Adding SMS or email capability to an instrument to alert (if deviating from the desired setpoint/output) is a complicated setup in most on-premise solutions to integrate into the local IT mail servers. This situation is made more straight¬ forward via the cloud due to native integration with cloud-based mail solutions. How long does it take to add functionality? It is about as fast as you can type your email address.
Example 2: Analytics That Make a Difference
Leveraging the cloud platform and the immense computing power of server farms, it is possible to not only achieve after-event analytics but also to provide stream (or real-time) analytics. A typical example is a predictive-maintenance program that leverages machine-learning algorithms. The system self-learns the behaviour of the plant or component in the plant and then remains in active alert, searching for anomalies. Information not captured by the instrument such as environmental conditions (temperature, vibration, etc.) also may be linked to the cloud directly from a sensor.
It soon will be possible to merge information with synthetic sensors. For example, rather than instrument each piece of equipment with distinct special-purpose sensors (say for predictive maintenance), users can utilize a block of super-sensors" to blanket an area of the plant. This solution could give additional general information related to temperature, vibration, energy use and equipment use. In addition, it can provide machine context via a learned fingerprint of a machine.
Example 3: Quick Reaction to Issues
A simple alarm system will alert on a problem. A more complex alarm system will give more of an indication of where the problem is, its duration and other information. A cloud solution can alarm (triggering the SMS as detailed before) and also direct the user to the source of the alarm; its trigger point; duration; and trends before and after the event.
Example 4: Data Integrity Protection
A common question is how do you link the instrument to the cloud, and what happens in the event of a blip or outage in the WiFi signal or the 3G network? Most professional devices in this category incorporate a buffer unit into the architecture.
This unit becomes a central hub to receive data from the instrument and sensors, and it has onboard data storage in case of transmission failures.
Cybersecurity is no longer a secondary requirement in the industrial controls world. It is as important as safety or high availability. Industrial control systems based on computer technology and industrial-grade networks have been in use for decades. Earlier control system architectures were developed with proprietary technology and were isolated from the outside world, thus making attacks more difficult. In many cases, physical perimeter security was deemed adequate, and cyber security was not a primary concern.
Today, many control systems use open or standardized technologies such as Ethernet TCP/IP to reduce costs and improve performance. Many systems also employ direct communications between control and business systems to improve operational efficiency and manage production assets more cost effectively. This technical evolution exposes control systems to vulnerabilities previously thought to affect only office and business computers. Control systems now are vulnerable to cyber-attacks from both inside and outside of the industrial control system network.
Real-time solutions that take advantage of direct Ethernet connection to the burner temperature control unit should take precautions to protect against an attack via the Ethernet port. The latest control de vices have a range of built-in algorithms to help protect against cybersecurity threats.
A simple alarm system will alert on a problem. A more complex alarm system will give more of an indication of where the problem is, its duration and other information.
Ethernet Security Features
Ethernet connectivity is now available as an option on a range of industrial temperature controllers. Typically, the smallest footprint to allow a native Ethernet connection would be a 1/16 DIN size (l.772xl.772",or 45x45 mm).
Ethernet Rat e Protection . One form of cyberattack is to try to make a controller process so much Ethernet traffic that this drains systems resources, and useful control is compromised. For this reason, the latest controllers include an Ethernet rate-protection algorithm, which will detect excessive network activity and help to ensure the controller's resources are prioritized on the control strategy rather than the Ethernet.
A broadcast storm is a condition that may be created by a cyber attack: Spurious network messages are sent to devices, which cause the system to respond with further network messages in a chain reaction that escalates until the net work is unable to transport normal traffic. A broadcast storm protection algorithm, which will automatically detect this condition, stops the controller from responding to the spurious traffic.
The latest type of controllers include a "comms watchdog" feature. This can be configured to raise an alert if any of the supported digital communications are not received for a specified period of time. This feature provides a way to configure an appropriate response if malicious action interrupts the controller's digital communications.
Configuration Backup and Recovery.
Using instrument software, you can save configuration and parameter settings to a file. This then can be copied onto another controller or used to restore the original controller's settings. For cybersecurity reasons, passcode-restricted parameters are not saved in the clone file when in opera-tor mode. Clone files are signed digitally using an SHA-256 cryptographic algo rithm, meaning that if the file content is tampered with, it will not load back into a controller.
Definite benefits can be provided from smart devices connected to the cloud, but this needs to be balanced with appropriate measures regarding cybersecurity. The latest industrial temperature control devices have specialized algorithms to aid protection from cyberattacks.