The Importance of Cybersecurity in Smart Temperature Controls

Connected devices provide alerts and information, but it is necessary to adopt technologies that include safeguards against cyberattacks.Connected devices provide alerts and information, but it is necessary to adopt technologies that include safeguards against cyberattacks.

By Peter Sherwin, Eurotherm by Schneider Electric

The world is going crazy for connected devices and  the Internet of Things (IoT): Nearly 25 million smart speakers were sold last year, with about 11 million moved in the holiday season alone.(1) So why the fuss around Industrial IoT? Instead of a dumb device getting smarter (as with Bluetooth­ connected speakers), you now have the potential to make a smart device - an industrial temperature controller - truly brilliant. But, how do you also protect from cyber threats?

An earlier Process Heating article(2) outlined how it is possible to wrap modern technology solutions around existing as­ sets. Doing so allows users to leverage cloud technology to improve the maintenance of burner tuning through predictive methods - and ultimately save energy. Such upgrades were achieved by using a tablet or smartphone to take field readings, and that information is analyzed over time to predict when burner adjustments are necessary to optimize combustion performance. Unfortunately, these solutions do not have a physical connection to the temperature control system that manages the industrial burner operation.

Another Process Heating article(3) out­ lined the developments of process controls over the past decade. Modern controls provide tighter temperature uniformity, enhanced data acquisition and storage capability, scalable architecture, improvements in user interface and communication and data security.

To find out which temperature controller best fits your needs:

Real-time solutions that take advantage of direct Ethernet or 3G/4G connection to the temperature control system for an industrial furnace and oven can now also benefit from many cloud-based enhancements. Here are a few examples.

Example 1: Alerts When You Need Them
Adding SMS or email capability to  an instrument  to  alert (if deviating from the desired setpoint/output) is a complicated setup   in   most on-premise   solutions to integrate into  the local IT mail servers. This situation is made more straight¬ forward via the cloud due to native integration with cloud-based mail solutions. How long does it take to add functionality? It is about as fast as you can type your email address.

Example 2: Analytics That Make a Difference

Leveraging the cloud platform and the immense computing power of server­ farms, it is possible to not only achieve after-event analytics but also to provide stream (or real-time) analytics. A typical example is a predictive-maintenance program that leverages machine-learning algorithms. The system self-learns the behaviour of the plant or component in the plant and then remains in active alert, searching for anomalies. Information not captured by the instrument such as environmental conditions (temperature, vibration, etc.) also may be linked to the cloud directly from a sensor.

It soon will be possible to merge information with synthetic sensors. For example, rather than instrument each piece of equipment with distinct special-purpose sensors (say for predictive maintenance), users can utilize a block of super-sensors" to blanket an area of the plant. This solution could give additional general information related to temperature, vibration, energy use and equipment use. In addition, it can provide machine context via a learned fingerprint of a machine.

Example 3: Quick Reaction to Issues
A simple alarm system will alert on a problem. A more complex alarm system will give more of an indication of where the problem is, its duration and other information. A cloud solution can alarm (triggering the SMS as detailed before) and also direct the user to the source of the alarm; its trigger point; duration; and trends before and after the event.

Example 4: Data Integrity Protection
A common question is how do you link the instrument to the cloud, and what happens in the event of a blip or outage in the WiFi signal or the 3G network? Most professional devices in this category incorporate a buffer unit into the architecture.

This unit becomes a central hub to receive data from the instrument and sensors, and it has onboard data storage in case of transmission failures.

Cybersecurity is no longer a secondary requirement in the industrial controls world. It is as important as safety or high availability. Industrial control systems based on computer technology and industrial-grade networks have been in use for decades. Earlier control system architectures were developed with proprietary technology and were isolated from the outside world, thus making attacks more difficult. In many cases, physical perimeter security was deemed adequate, and cyber­ security was not a primary concern.

Today, many control systems use open or standardized technologies such as Ethernet TCP/IP to reduce costs and improve performance. Many systems also employ direct communications between control and business systems to improve operational efficiency and manage  production assets  more  cost  effectively. This technical evolution  exposes  control  systems  to vulnerabilities previously thought to affect only office and business computers. Control systems now are vulnerable to cyber-attacks from both inside and outside of the industrial control system network.

Real-time solutions that take advantage of direct Ethernet connection to the burner  temperature control unit  should  take precautions to protect against an attack via the  Ethernet  port. The latest control de­ vices have a range of built-in algorithms to help protect against cybersecurity threats.


A simple alarm system will alert on a problem. A more complex alarm system will give more of an indication of where the problem is, its duration and other information.


Ethernet Security Features 
Ethernet connectivity is now available as an  option  on  a  range of industrial  temperature controllers. Typically, the smallest footprint to allow a native Ethernet connection would be a 1/16  DIN  size (l.772xl.772",or 45x45 mm). 

Ethernet Rat e Protection . One  form of cyberattack is  to  try to  make a controller process so much Ethernet  traffic that this drains systems resources, and useful control is compromised. For  this reason, the latest controllers  include  an  Ethernet  rate-protection algorithm, which will  detect excessive network activity and help to ensure the controller's resources are prioritized on the control strategy rather than the Ethernet.

Storm Protection.
A broadcast storm is a condition that may be created by a cyber­ attack: Spurious network messages are sent to devices, which cause the  system  to  respond with further network messages in a chain reaction that  escalates until the net­ work is unable to transport normal traffic. A broadcast  storm protection  algorithm, which will automatically detect this condition, stops the controller from responding to the spurious traffic.

Communications  Watchdog.
The  latest  type of  controllers  include  a "comms watchdog" feature. This can be configured to  raise an  alert if  any of  the  supported digital  communications  are  not  received for a specified period of time. This feature provides a way to  configure an appropriate response if malicious action interrupts the controller's digital communications.

Configuration Backup and Recovery.
Using instrument software, you  can save configuration  and  parameter settings to  a file. This then can be copied onto another controller or used  to restore  the  original controller's settings. For cybersecurity reasons, passcode-restricted parameters are not saved in  the  clone file when in opera-tor  mode. Clone files are signed digitally using  an  SHA-256  cryptographic  algo­ rithm, meaning that if the file content is tampered with, it  will not  load back into a controller.

Definite benefits can be provided from smart devices connected  to the cloud, but this needs to be balanced with appropriate measures regarding cybersecurity. The  latest industrial temperature control devices have specialized algorithms to aid protection from cyberattacks.


Article first appeared in Process Heating magazine, August 2018.
Written by Peter Sherwin, global heat treatment business leader, at Eurotherm by Schneider Electric.

Additional Reading
To find out more information about the article referenced in this article, please follow this links:
1.“Smart Speaker Sales More Than Tripled in 2017.” December 28, 2017. https://www.billboard.com/articles/business/8085524/smart-speaker-sales-tripled-25-million-year-2017.
2.Sherwin, Peter and Clarke, Joe. “Reducing Energy Use in Existing Gas-Fired Ovens and Furnaces” (Process Heating, August 2017). https://www.process-heating.com/articles/92363.
3.Geracie, Frank. “Advanced Thermal Process Controls Provide Benefits” (Process Heating, February 2015). https://www.process-heating.com/articles/90730.
Always be ready for an Audit

Interested to learn more about EOS Advisor?

contact us

Have a specialist contact you

12 Key Changes from AMS2750D to AMS2750E
Why Eurotherm Materials Processing Solutions?

Visit the Eurotherm Materials Processing microsite

Nadcap compliance statement for Eurotherm products

Eurotherm Heat Treat Solutions with Peter Sherwin
Schneider Electric © 2018