Applying Open Industrial Control Systems Securely and Reliably

The reliability and security of numerous open systems have helped these technologies gain a lot of attention. But there continues to be some trepidation around the use of open systems in industrial control operations.

Helping to overcome this hesitancy is the fact that several well-known companies, such as Weidmuller, support an open control systems approach and offer open system products.

To learn more about open industrial control technologies, Automation World connected with Ken Crawford, senior director of automation at Weidmuller.

For starters, we asked Crawford to explain what the term “open control system” really means and how this technology differs from the proprietary systems manufacturers have long used.

According to Crawford, “an open control system is a platform that allows you to install publicly available applications to build a custom control solution to meet your requirements. Since you are using proven and widely adopted applications, you don’t need a huge design team to write your software from scratch. Plus, the public availability of these apps breaks any single-source dependencies — meaning you're not stuck with a single-source hardware and software vendor. This allows you to design, validate, build and test a solution in record time.”

He added that many open platforms employ common industrial protocols like OPC UA, MQTT and Modbus, and all are supported by large developer-based communities.

Crawford noted that the characteristics of open control systems stand in contrast to proprietary systems, which are “built on a copyrighted code base, making them a closed architecture that dissuades adoption of software outside the manufacturer’s ecosystem. Closed systems also have a commercial model that requires continual investment to keep their internal design teams and technologies funded.”

Security and reliability

Two of the main concerns manufacturers tend have about open control systems are security and reliability. While such concerns are well-reasoned, they can be addressed by looking at the reputation of the company providing the technology and the suitability of the application for which the control system is being selected.

Ken Crawford, senior director of automation at Weidmuller.

To determine this, Crawford said manufacturers should first review the open control systems technology documentation.

“Find out if there is a large user or developer following you can tap into,” he said. “And consider criteria like number of downloads, forum activity, time between releases and reputation in the community. For instance, Grafana is one of the largest open-source applications for visualization and dashboarding. They have more than a billion downloads and offer 24x7 subscription-based support.”

As for security, Crawford said to check on compliance with security certifications like IEC 62443 for industrial cybersecurity and other applicable ISO type standards. Also, consult the national vulnerability database, maintained by NIST.

“Relating to both reliability and security, it’s always best practice to design and architect the solution in such a way as to have error checking,” he said. “You should generate core log files to capture booting processes, faults and failures. Also, have third-party test houses test your solution and ask about having a long-term support plan in place.”

An open system rather than a vendor-based ecosystem

As a well-known proponent of open control systems, particularly with its release of u-OS, Weidmuller stresses the difference between what it considers a truly open control system and one that is built around a partner ecosystem approach. To explain the difference, Crawford began by defining an ecosystem.

Weidmuller's PROCON-Connect can be used to provide EtherNet/IP communication to smart sensors in an open control system.

“Many single source automation vendors offer turnkey solutions where every component needed to build a control system is bundled together under one proprietary umbrella. This all-in-one, closed approach is what I refer to as a vendor-based ecosystem,” he said. “At Weidmuller, we offer our PAC-level controller hardware in the M Series controller line. This hardware runs on our open-architected operating system called u-OS. With u-OS being open architected, you can let it operate and support the hardware while running a suite of installed applications. For example, you can use Codesys for programming and control, MQTT for IoT communications, Grafana for dashboards and visualizations, and PROCON-Connect to provide EtherNet/IP communication to your smart sensors.”

Crawford stressed the point of u-OS is to allow users to select their own “building blocks outside of our hardware and software portfolio to build your control solution. This approach liberates you from vendor lock-in,” he said. “You are free to select the best components, whether from Weidmueller or another supplier, to build a control system that precisely meets your needs.”

In terms of what this openness means for manufacturers who are likely already using closed proprietary control system technologies or those that are part of a vendor and partner ecosystem, Crawford gave an example of how an OEM can use an open control system approach to achieve a higher level of integration and simplicity.

“Users can integrate applications like combining a time-stamped historian with dashboard-like visualization, cloud-based data aggregation, SCADA-like enterprise connectivity and IEC 61131 control — with all of it running in the same software-defined box instead of needing many different boxes from different vendors to achieve the same solution,” he explained. “Many different boxes mean higher cost, higher complexity, more cabinet space and lower reliability, along with the user’s frustration caused by rising costs, obsolescence and availability.

He noted that Weidmuller’s u-OS enables manufacturers to significantly reduce their open-source adoption time by using “our open-architected platform, which allows for use of containerization or containerized applications. Users can implement their own proprietary C code or pick from hundreds of open applications and combine them to build their solution in our container-ready platforms.”

Real-world applications of u-OS

To better understand how manufacturers are using open control systems like u-OS, we asked Crawford to provide some examples of manufacturing customers that have built open system applications using u-OS and highlight the kinds of technologies they integrated with u-OS to do this.

One example he provided was of a manufacturer who wanted to use a Codesys-based PLC as their control system. “They wanted to enhance the function of their dosing skid (a device designed to correctly meter and inject chemical substances) to create a three-tiered offering: a stand-alone appliance, a connected mid-level performance skid, and a connected high-performance multi-control-loop skid. The primary distinctions between these tiers were capability, connectivity and the ability to run multiple controllers. This manufacturer wanted a scalable solution that would allow them to standardize [these three offerings] on a single controller, while expanding functionality [as needed for each tier] through open software in an open-control architecture.”

To deliver this, Crawford said a Codesys controller was used as the base model for containerization on the standalone skid offering. The connected mid-level system added data aggregation, notification, SMS texting, historization and cloud connectivity at no additional cost with the open system approach. And the high-performance system used Kubernetes to run multiple instances of the control loops, enabling the single programmable automation controller to manage up to five control loops.

“By adopting this flexible software-driven approach, the manufacturer was able to expand its product capabilities without significantly increasing hardware costs to create more competitive and more profitable skids,” said Crawford.

Another example Crawford offered was of a power company using the Weidmuller Edge Agent for remote access to their control system during downtime events. When they first approached Weidmuller, “they were in the process of commissioning a large and complex installation that frequently required remote access to reset devices, adjust parameters, receive failure notification and log events for better troubleshooting insights,” Crawford explained. “They needed a way to monitor and validate whether their system was issuing commands and receiving acknowledgments correctly, as they suspected that any failures in these processes could be early indicators of future system issues. We recommended and implemented Node-Red — an open-source visual programming tool used for IoT applications — on our open-architected edge gateway running u-OS. This enabled the power company to compare existing system behavior to real-time control responses. Any detected failures or anomalies triggered an e-mail notification with an attached report.”

He pointed out that this approach allowed the power company to enhance its system’s functionality without replacing, upgrading or adding additional hardware.

“By leveraging a widely used, off-the-shelf application with over 1,000,000 downloads, they were able to extend and optimize the capabilities of their open-architected gateway efficiently and cost effectively,” he added.