Coding Guidelines For Qualitative and Standardized PLC Programming

Coding Guidelines For Qualitative and Standardized PLC Programming

Can we bring more discipline to PLC programming in industrial control?

Discussion swirls at every gathering of automation professionals about the new generation of engineers entering (we hope) the industry. One thing for sure, the new generation begins with a much deeper computer science background than any before. Will they want to continue to code programmable logic controllers (PLCs) in the same relay graphical representation as their predecessors? Even the Structured Text language popular in Europe and other places can string together like an old BASIC program.

I am guessing they will bring more discipline to the craft of coding industrial control than ever before. Evidently PLCopen, the organization devoted to developing standards for PLC programming, does also. It has just announced a new set of coding guidelines.

The organization notes in its press release, “Software is becoming increasingly responsible, complex, and demanding. This does not come without its challenges. Due to the greater complexity, programs are more difficult to maintain, more time consuming, and potentially therefore more expensive. This is why quality is taking such an important role these days.”

Continuing, they note, “Unlike in other industries, such as that of embedded software and computer science, there has not previously been a dedicated standard for Programmable Logic Controller (PLC) programs. This has meant that programs were not measured against anything and were often of a poor quality. But that’s where the independent association PLCopen has come in and set the standard with the release of their coding guidelines. These guidelines are a set of good practice programming rules for PLCs, which will help to control and enhance programming methods within industrial automation.”

PLCopen, whose mission is to provide industrial control programming solutions, collaborated with members from a number of companies in different industries to create these coding guidelines. These companies include PLC vendors such as Phoenix Systems, Siemens, and Omron, to software vendors such as Itris Automation and CoDeSys, and educational institutions such as RWTH Aachen. These guidelines were inspired by some pre-existing standards from other domains such as IEC 61131-3, JSF++ coding standard and MISRA-C, and they are the product of three years of work by the working group. PLCopen’s reference standard can be used for testing the quality of all PLC codes, independent of brand and industry.

PLCopen’s coding guidelines are made up of 64 rules, which cover the naming, comments and structure of the code. By following these guidelines, the quality of the code will be improved and there will be greater consistency amongst developers. This will result in greater efficiency, as better readability means a faster debug time, and a program that is easier to maintain. This then results in lower costs as less time is required in order to maintain the program, and the maintenance should be easy enough for both an internal or external programmer as the code will be more straightforward. If the original developer fails to follow certain guidelines when creating a program, this could obstruct other developers and maintenance teams when working with the code during the product lifecycle, thus creating delays and additional costs.

In safety-critical industries, there is the standard IEC 61508 which in 2011 was also extended to PLCS. However, as quality is becoming an ever more important factor across the board, as programs become bigger and more complex, it is generally good practice to follow a set of rules or a standard in all industries. PLCopen’s coding guidelines suggest a standard that can be used across all industries to greatly improve the quality of the code and, as a result, to help companies save time and money. The introduction of such a standard will allow PLC programs to be verified not only from the simple functionality perspective but also from a coding perspective by confirming that good practice programming rules have been followed in their creation. Consistency across PLC programs can only be achieved through the respect of a global corporate or industrial standard, with PLCopen now being the de facto standard in the automation industry.

With quality playing a greater role in industry and with companies always looking for cost saving methods, the answer is to use some sort of standard or set of rules in order to meet these goals. PLCopen have created this standard to improve quality and consistency across PLC programs and so that individual industries and companies don’t have to go to the effort of creating a set of rules themselves. In addition to the internal benefits, this standard will also allow companies to enforce their quality requirements on suppliers, software contractors and system integrators. The only issue for now is that the process for verifying these rules is done manually by most users as they are unaware that some tools are available to do this automatically. But overall, following a standard such as the one proposed by PLCopen, will greatly improve the quality of the program and will save time and money throughout the whole duration of the product lifecycle.

The PLCopen coding guidelines v1.0 are available to download for free from the PLCopen website.

Cyber Secure Industrial Control System Available for Purchase

Cyber Secure Industrial Control System Available for Purchase

Bedrock Automation ControllerPotentially viable start-ups are rare in the industrial automation space. Recently Russ Fadel, Rick Bullotta, and John Richardson did it with ThinkWorx an Internet of Things oriented software they sold to PTC. That was their second effort having previously sold Lighthammer to SAP.

Now we have Albert Rooyakkers, CTO and inventor, and Bob Honor, president and former VP at Rockwell Automation and GE Intelligent Platforms, releasing a new industrial control system and company—Bedrock Automation. This company was introduced to Manufacturing Connection readers last December.

This is a tough area for an entrant. I’ve watched the rise and fall of PC-based control from back in the late 90s. Rockwell Automation and Siemens are so entrenched in the market. The next tier is solid with AutomationDirect, B+R Automation, Beckhoff Automation, Mitsubishi, and Schneider Electric.

When you develop a product for a crowded market, you basically have to execute one of two strategies. Either you think that the products have reached commodity status and that you can make them better, faster, cheaper (at least the last two). Or, you totally disrupt the industry by bringing out something that does what others do better—and adds some significant new features and benefits.

Disruptive?

Bedrock Automation executives believe they have accomplished the latter. The design begins with built-in cyber security. Its patented architecture features a pin-less, electromagnetic backplane. It addresses “virtually all control applications with fewer than a dozen part numbers, reducing cyber attack vectors, cutting lifecycle costs, and simplifying engineering, commissioning and maintenance.”

“Starting from a blank sheet of paper while inventing and deploying advanced semiconductor, mechanical design, cyber computing and communication technologies has resulted in a completely new automation platform. The future is now,” said Bedrock Automation CTO and Engineering VP, Albert Rooyakkers.

Commitment to simple, elegant design is a core tenet of the system. Bedrock delivers I/O, power and communications across the pin-less electromagnetic backplane with a parallel architecture that supports ultra fast scan times regardless of I/O count. The removal of I/O pins improves reliability and increases cyber security while forming a galvanic isolation barrier for every I/O channel. This innovative backplane also allows installation of I/O modules in any orientation and location for “unprecedented” flexibility in I/O and cable management.

Secure I/O modules use layers of advanced technology to deliver software-defined I/O for universal analog, discrete, Ethernet and Fieldbus signal types. A secure power module is functionally and physically coupled to the backplane to deliver single and dual redundant cyber secure power for the control system. A secure universal controller can run virtually every application independent of size or control task: discrete, batch, continuous, or multivariable control from one device that supports as few as ten, to as many as thousands of I/O points. No longer are separate programmable logic controllers (PLC) and distributed control systems (DCS) required.

“As cyber threats to all industries grow, traditional control system vendors respond by adding cost and complexity to their legacy technology. With deep roots in both automation and semiconductors, and unburdened by legacy, Bedrock Automation has created not only the most cyber secure system available today but we have also established new benchmarks for performance, scalability and affordability,” said Bedrock Automation President, Bob Honor.

Layers of protection

Replacing pins with an electromagnetic backplane is one of many layers of cyber security protection that Bedrock Automation has implemented. Additional cyber security layers include:

  • A real time operating system with the highest safety (SIL 4) and security (EAL6+) rating of any RTOS available today
  • Cyber secure microcontrollers with encrypted keys and TRNG embedded in all system modules including the controller, power supply and I/O
  • All modules encased in anti-tamper metal that is impenetrable without metal cutting tools
  • Authentication extending throughout the supply chain, including third party software and applications

Adding so many layers of protection to a conventional DCS, SCADA RTU, PAC or PLC would add cost and complexity and degrade performance. With Bedrock, they were built in from the start.

“Brown Engineers is excited to join the Bedrock revolution. Clients in our focus markets of electric, water, and sewer utilities, are increasingly concerned about cyber security and are confident that installing Bedrock will give them peace of mind to tell their ratepayers and their board members that they are taking every precaution to protect their processes. Brown Engineers demonstrates its continued commitment to keeping clients on the forefront of technical innovation,” said Dee Brown of Brown Engineers, an industrial systems integration firm based in Little Rock, Arkansas.

Open, flexible engineering

Bedrock delivers an Integrated Development Environment (IDE) based on an open IEC 61131 software toolset that supports embedded OPC UA. The IDE enables users to develop, operate and authenticate control for a vast array of PLC, SCADA and DCS applications. Fewer components means fewer panel layouts and wiring diagrams to contend with. Software configurable I/O can be changed in the field with the click of a mouse. Ninety percent fewer I/O module types means fewer spare parts to keep and manage. Such innovations contribute to reducing overall engineering design costs by up to 33 percent.

“Bedrock is the first unique platform to enter the control market in the last 15 years. It diverges radically from the typical platforms and is superior in terms of processing power, redundancy, scalability, security and cost efficiency. We plan to use it as a point of differentiation for our business,” said Chris McLaughlin of Vertech, a Phoenix-based industrial systems integrator.

Pricing and availability

The Bedrock control system is available now in baseline configuration starting at $20,000 MSRP. A growing network of world-class system integrators and automation solution providers is available to provide local sales and support.

For more information about the Bedrock revolution, download the first white paper in the series: Revolution – Chapter One: The Backplane.

Integrated PLC Driving Down Cost of Industrial Controllers

Integrated PLC Driving Down Cost of Industrial Controllers

Splatco HMINo doubt current trends in industrial controllers, programmable logic controllers (PLC) and human-machine interfaces (HMI) include driving down the cost of control. Here is one that is an integrated HMI/PLC for less than $400. Interestingly, this is the first product pitched to me in years that touts RS485 serial connectivity. I’d darn near forgotten all about those serial protocols.

Anyway, here are some specifics from SPLat Controls.

The HMI430 board-level programmable logic controller (PLC) with an integrated 4.3-inch color touchscreen is available at nearly half the cost of previous products with similar functionality. With onboard, ruggedized digital I/O, analog I/O, and the SPLat MultiTrack built-in multitasking operating system, the HMI430 delivers “professional-quality control that is affordable and easy to program, minimizing development time.”

According to the press release, “With multiple serial ports HMI430 offers OEMs an ideal way to flexibly integrate a touchscreen into their solution for small- and medium-sized industrial control applications. The touchscreen—a 4.3-inch 470×272 pixel screen with resistive touch and 64K colors—comes with a repertoire of standard buttons, fonts, and other screen elements. With support for alpha blending, image files, and Z-ordering, HMI430 offers sophisticated visual effects at a price point that OEMs can afford.”

“With the advent of smartphones, all controller applications—medical, industrial, building control—are affected by the end-customers’ expectation of a GUI-driven interface,” noted David Stonier-Gibson, CEO of SPLat Controls. “The HMI430 with an integrated color touchscreen enables OEMs to respond to this ‘iEffect’ and provides the innovative edge that helps small- and medium-sized equipment manufacturers make their products smarter and more competitive.”

IOActive Uncovers Multiple Vulnerabilities in Switch Family

IOActive Uncovers Multiple Vulnerabilities in Switch Family

Cybersecurity experts, and especially the media that reports on cybersecurity vulnerabilities, often love to just point fingers at companies. Seldom do they acknowledge a good response. Here is an item I picked up from a security services company, IOActive.

The company announced Jan. 9 that it has uncovered multiple vulnerabilities in Siemens’ SCALANCE X-200 Switch Family. These Ethernet switches are used to connect to Industrial Control Systems (ICS) components like Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs). The switches enable remote diagnostics and simplified configuration through a common web browser.

Senior security consultant for IOActive, Eireann Leverett, discovered two vulnerabilities in the switches. Both vulnerabilities were discovered in the web server authentication of the product. The first vulnerability could allow an attacker to perform administrative operations over the network without authentication, gaining access to critical services. The second vulnerability could allow an attacker to hijack web sessions over the network without authentication.

“Siemens ProductCERT were professional, courteous, and did not adopt an adversarial attitude when I contacted them about the vulnerabilities. Consequently, we were able to clarify the vulnerabilities quickly, and they produced a patch within three months,” said Eireann Leverett, senior security consultant for IOActive. “I challenge other ICS vendors to match this timeline for security patching in the future.”

Speedy Response

As soon as IOActive notified the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the vulnerabilities, Siemens ProductCERT wasted little time resolving the issue.

Leverett added, “The speed at which Siemens ProductCERT responded to the notification of these two vulnerabilities is something to be applauded. IOActive has always pushed vendors to respond when they receive notifications on vulnerabilities in their products. Siemens is the perfect example of how companies should respond when addressing these issues.”

Siemens ProductCERT is a team dedicated to accepting and handling security issues and vulnerabilities within their products. They co-ordinate with external and internal security researchers and work closely with the company’s product teams to develop fixes. ProductCERT publish the fixes as soon as they have been tested and credits the researchers who discovered the issues. The very existence of this team illustrates Siemens serious commitment to handling security issues smoothly and quickly.

Siemens has addressed both issues by providing a firmware update for the affected products.

Follow this blog

Get a weekly email of all new posts.