Connectivity solutions are at the heart of advances in automation and machine control networking. This special report provides the perspective of industry experts, and how meeting cybersecurity requirements and concerns has come forward as a front and center issue for automation connectivity technologies.
Factory connectivity solutions make higher levels of automation and machine control networking possible. This ability to interface a wide range of devices is key to manufacturing excellence and has helped to create an ecosystem of solutions aimed at systematic production improvement.
In this special report, the Industrial Ethernet Book offers comprehensive coverage and offers the perspective of industry leaders on how connectivity technology is shaping the future of the smart factory.
Intelligence at the edge
IO-Link technology solutions
According to Jonathan Law, Director of Process Control and Factory Automation at Analog Devices, the combination of trends helping to drive higher levels of factory automation device and networked automation connectivity are the needs created by edge computing.
“As Industry 4.0 continues to evolve, there is a drive to deliver more Intelligence to the Edge of the factory floor. This new capability enables a fabric of intelligent sensors and actuators that provide a higher quality of information that allows Productivity software algorithms better data to make better decisions to optimize the productivity of a manufacturing line” Law told Industrial Ethernet Book recently.
“At the heart of this evolution is an exciting new technology called IO-Link, which enables flexible manufacturing to improve factory throughput and operational efficiency.”
IO-Link® is a short distance, bi-directional, digital point-to-point, 3-wire industrial communications standard (IEC 61131-9) designed for linking sensors and actuators into control networks. IO-Link applications, the transceiver acts as the physical layer interface to a microcontroller running the data-link layer protocol while supporting up to 24V digital inputs and outputs.
Law said that IO Link technology enables sensors to become interchangeable via a common physical interface that uses software in the form of a protocol stack and a IO Device Description (IODD) file to allow a configurable sensor port.
He added that an IO Link port now becomes the ultimate Universal IO that can support any type of sensor or actuator. It is truly plug & play ready while providing the ability to re-configure its parameters on the fly.
IO-Link offers specific technology and application benefits that are making on impact on the connected factory.
“IO Link provides a new capability to reconfigure a sensor and actuators performance parameters on-the-fly to allow manufacturing lines to accommodate a variety of products at one factory,” Law said. This flexibility and ability to provide a higher quality of information to enable productivity algorithms to make better optimization decisions differentiates IO Link and sets it apart from traditional binary and analog sensors. This provides the connected factory the ability to react to any changes in the work environment to ensure productivity remains optimized.”
Automation engineers face many challenges in designing production systems, that IO-Link connectivity is able to address?
Law said that, in the manufacturing environment, all products manufactured require an array of sensors working in unison to help machines figure out distance to an object, detection of an object, colors and composition of an object, as well as monitor the temperature and pressure of an object or liquid.
“Now if we think about the amount of time and cost involved to send a technician down to the factory floor to change a sensor and then re-calibrate it to the correct parameters necessary to manufacture a single product, this impacts the manufacturing flow in a negative way and represents lost productivity,” Law said. “If we multiply this same level of maintenance necessary to support many different types of products on a manufacturing line, then the unproductive time spent to shut down production and change or re-configure a sensor is the single most costly expense that all manufacturing lines incur.”
“IO Link technology reduces the time it takes to commission sensors and actuators which improves the overall productivity and operating expenses of a factory,” he added.
Performance vs. security
Connectivity requires balancing needs
One connectivity megatrend that Josh Eastburn, Director of Technical Marketing at Opto 22, pointed to is the need to balance use of connectivity solutions while also addressing rising security concerns.
“Right now, there is a lot of tension in factory floor communication. On the one hand, we want more and more connectivity between systems: OT to IT as well as within OT networks. On the other hand, lack of security is a major concern. Improvements on both of these fronts are helping things to move forward,” Eastburn said.
For one thing, embedded OPC UA capabilities in edge controllers like Opto 22’s groov EPIC, industrial gateways, and even some traditional controllers are making inter-system connectivity much easier. Engineers can use it to stitch together disparate OT networks and devices without the overhead of configuring and maintaining an additional communications server.
“IT technologies, like MQTT, RESTful APIs, Node-RED, Python, and other high-level programming and scripting languages are also becoming more prevalent, which gives designers some really creative options for connecting everything together,” Eastburn said. “And fortunately, IT tech brings with it a recognition of modern security requirements, so things like client authentication and encryption are already built-in.”
Focus on technology solutions
One key development is that new solutions for automation and control networking are leveraging more sophisticated, open source software technologies.
When something like OPC UA or REST interfaces are distributed throughout automation devices, OT connectivity becomes a lot more flexible. Devices can communicate directly with each other, and automation networks that use different protocols can be unified into a common network without requiring server hardware in the network core to mediate the transactions. That fact also relieves Operations of dependence on IT to manage communication because it already controls the devices.
“Essentially, we are seeing the same shift happening for security as well where it is becoming more distributed and less centralized,” Eastburn said. “Newer devices require users and other network clients to login or provide an API key before they are allowed to communicate. They provide their own network firewalls and are able to create encrypted connections, so it’s much easier to design automation that can communicate with external networks safely.”
The result is that support for high-level IT languages allows data processing to be distributed as well. Field devices can not only generate the raw process data but they can filter it and format it into something like Sparkplug or JSON that can be understood throughout the organization.
Potential impact in manufacturing
According to Eastburn, what this all means is that it’s becoming safer and easier to build a common data infrastructure across the enterprise without some of the traditional hurdles. Connectivity and security are inherent in the design of the network, rather than additional components that need to be licensed, configured, and managed. And as we look at popular concepts like IIoT that many organizations are now dabbling with, it’s more feasible to imagine a network where everything is connected to everything.
And, along with the use of these new software technologies, incorporating security measures has become an absolute must.
“Cybersecurity is a long-standing concern in automation and consistently appears at the top of the list of obstacles to IIoT adoption. And when something like IIoT or a digital transformation project is undertaken, actually getting OT systems connected to other systems isn’t trivial,” Eastburn concluded. “Critical data about energy, performance, are not readily available in formats that can be understood and used by backend systems. So on top of addressing the security of data and control systems, engineers struggle to find efficient ways to bridge these systems and to make data usable.”
No longer just an IT function
According to Charles Norz, Automation Product Manager at WAGO Corporation, network security on the plant floor is paramount today and the responsibility for network security is no longer just an IT function. Control engineers also need to help ensure that plant floor networks are secure. A secure network is one way to drive higher levels of connectivity because a breach of the network can result in catastrophe.
“It is a good practice to use defense in depth strategies for network security. Start with zoning you plant into multiple networks. This can be done using separated networks or with VLANs,” Norz stated. “Controls engineers should also look to reduce the risk of physical access to their networks. Keep control cabinets locked and be sure that unused Ethernet ports on switches are turned off and only allow approved devices to be used within the network. And in cases where networks cannot be physically secured like between systems or buildings, use encryption to help prevent unwanted access to your systems.
Effective use of network switches
Norz said that unmanaged switches abound in most industrial systems. These devices require no set up, are reliable and cost efficient. However, they are very difficult to secure. In many cases using a fully managed switch can address security issues, but can be cost prohibitive for systems.
“Controls engineers now can use Lean Managed Switches to help them reduce security risks and keep their budget low,” he added. “Lean Managed Switches are managed devices that only have features required for the plant floor operations, without the costs associated of a fully managed switch used at the IT level. Lean Managed Switches can be used in lieu of unmanaged switches; providing tools to help secure networks including VLANs along with the ability to turn off unused ports and only allow approved devices.”
He added that, in applications where it is not possible to secure the physical cable or connections, users should consider encrypting their communications. This may seem to be an expensive and complex task, but it can be done easily and economically. Engineers can use IEEE 802.1AE Media Access Control security standards (AKA MACsec) for encrypting data. A MACSec network is point to point, using two matched managed switches.
These specialized switches have ports that can manage communications with standard Ethernet devices such as PLCs, Drives or HMIs that are all within a locked control cabinet. There are one or two ports on the device that are used for MACsec encryption for network cables that leave the enclosure. At the other end of the cable there is another MACsec switch that de-encrypts the information and routs the frames to the proper Ethernet device. With this architecture, if a hacker does intercept the encrypted messages, they can’t decipher the information or inject frames.
“In the past, automation engineers have been focused on ensuring their control networks and operating at peak performance,” Norz said. “Now, they also have to help ensure the network is also operating in a secure manner. There is a learning curve to understand methods to help secure their plant floor networks. The investment in learning this methodology is extremely beneficial and far outweighs the consequences of a not understanding or protecting your network.”
Switches play a key role in industrial connectivity solutions
WAGO’s line of lean managed switches are a cost effective solution for industrial networking. These switches come with an easy to use dynamic web-based dashboard and topology mapping for instant updates on network status and system health. Features include tools for network performance, security and availability. There are several variants available, all with 1 GB RJ45 ports and a choice of 8 or 16 ports as well as two supplementary fiber optic ports.
WAGO’s two Media Access Control Security (MACSec) industrial managed switches offer innovative solutions for network security. They allow users to easily implement network encryption and provide point-to-point network security that protects against numerous threats. Each come with eight RJ45- 1GB ports with six that are not encrypted for local communication. However, the 852-1322 switch comes with two ports for MACSec encrypted for communication throughout the building or plant floor. The 852-1328 switch has two SPF ports for fiber optic MACSec encrypted communication.
Focus on wireless Ethernet applications
According to Brian Allport, Global Business Development Manager at ProSoft, factory automation has been riding the wave of increased automation connectivity for several years, and it’s trends just like this that ProSoft has built theirbusiness model around. A continuing focus has been working with customers to modernize and optimize their applications by providing solutions that enable the connectivity between their islands of automation, no matter if they are leveraging legacy or modern equipment.
“It’s interesting to see the evolution of what drives this demand for increased connectivity,” Allport said. “It could be to collect data and diagnostics for a digital twin to build a model for preventative maintenance. It could be to increase data visibility, allowing management or an algorithm to make smarter and faster decisions. Regardless, what all of these drivers have in common is that they are focused on maximizing the value of their automation equipment. To maximize the value, you need decreased downtime and increased efficiency.
Allport said that, while wireless Ethernet is not new, what is new are the applications it enables. Increasingly, ProSoft is seeing end users leverage different types of mobile robots. These robots range from intelligent cranes in a material handling environment, to AGVs in a production environment, to ASRS systems in an automated logistics environment. It is critical that these mobile robots reliably and safely maintain connectivity to a main control system.
“As end users are increasing their reliance on mobile robotics, they are essentially building stronger partnerships with third-party suppliers. As more and more specialty OEMs provide innovative solutions to end users, it makes sense that end users begin to lose the expertise required to maintain all of their systems,” Allport said.
“The result is that OEMs are increasingly leveraging Secure Remote Access technology to remotely access their equipment so they can provide to their customers an enhanced level of service and support.”
Having been a technology that has been around for a while, wireless Ethernet isn’t seen as a new technology. He added that what makes the solution unique is that they have enhanced the base technology with proprietary algorithms that better facilitate next-generation applications while decreasing downtime often associated with traditional wireless Ethernet.
For example, in mobile robotics applications, it is critical that the robot maintains connectivity to the main PLC throughout the application. To do this, the wireless technology must be intelligent, it must be fast, and it must not drop packets. This is especially true when leveraging a safety protocol over wireless like CIP safety or PROFIsafe.
Then, if we look to secure remote access, customers need a solution that is IT-friendly in terms of security, and OT-friendly in terms of ease of use. Secure Remote Access on ProSoft Connect goes above and beyond the industry-leading security practices, and takes the complicated security and networking considerations off of the user so they can focus on bring the most value to their customer.
Addressing automation challenges
Specific to wireless Ethernet on mobile robots, Allport said that the biggest challenges are uptime and safety. Safety is a critical consideration with mobile robotics, so they often leverage a safety protocol to meet the functional safety requirements of the application. Safety protocols essentially have a heartbeat between the robot and the main PLC, and if that heartbeat is ever missed, the system must shut down to a safe state.
Traditional wireless Ethernet technologies are often unreliable in mobile applications, so these safety heartbeats are often missed resulting in nuisance safety timeouts. ProSoft’s proprietary solution was engineered to prevent these safety timeouts, by intelligently and autonomously maintaining connectivity between the robot and the main PLC.
“While our wireless Ethernet solution was designed to prevent downtime, there are still cases where other pieces of automation may be having some issues. In these situations, the automation engineer’s main focus is on finding a solution as efficiently as possible. This is where the engineer can leverage Secure Remote Access to enable a service provider to efficiently remote into the network of the troubled machine to troubleshoot, service, and ultimately get it back up and running,” Allport said.
Securely connected remote experts
Jessica Forguites, Technical Platform Lead at Rockwell Automation told IEB that key remote maintenance and use of securely connected remote experts is helping manufacturers leverage connectivity solutions
“One key driver of greater connectivity has been the need to improve maintenance workflows using securely connected remote experts. Being able to troubleshoot and diagnose machine or equipment issues remotely can provide big savings, especially when companies can avoid needing to send an expert on site to resolve an issue. Secure remote connectivity has been a high priority since travel restrictions were put in place during the pandemic,” Forguites stated.
“Digital transformation is also driving greater connectivity in many industries. Many companies want to adjust their processes efficiently and securely so they can better respond to customer demands and supply chain dynamics.”
Unique technology solutions
ODVA’s EtherNet/IP technology is a market-leading solution for automation control for good reason. It’s designed with the Connected Enterprise and digital transformation use cases in mind. And it takes advantage of standard unmodified Ethernet at both Layer 2 and 3 of the network, even for applications like safety and motion control that have demanding performance needs.
“Leveraging standard IP (Internet Protocol) makes these communication flows highly portable and flexible to help companies collect and react to their production data,” Forguites said. “It also allows companies to take advantage of well-established security technologies to help protect IP-based networks in control applications. For example, CIP Security uses standard and proven IT technology to help protect industrial control devices and their communications from cyber threats.”
Digital transformation enabled by highly portable and secured data flows between production and enterprise systems can deliver a wide range of outcomes. Some examples include: improved reaction to customer demand, improved reaction to changes in supply chains that would otherwise impact production schedules to meet these demands, and improved collaboration with both on- and off-premises experts.
“Automation engineers are challenged with unpredictable human factors every day,” Forguites concluded. For example, they need to secure access and data coming to and from control systems against both intentional and unintentional threats. Cyber threats are increasingly targeting industrial control systems and have caused high-profile security incidents this year in the U.S. Engineers also face challenges in making sure the right information can reach the right people at the right time.”