May 29 2023
Safety and Industrial Security – A one stop shop
We have shown that there will be extensive normative and legal changes in the field of security, and that the whole of industry is affected. But when we talk with customers and partners, we are currently noticing some uncertainty when dealing with security.
Everyone knows of the risk due to security vulnerabilities, but who in the company should be responsible for questions relating to industrial security? IT experts or safety officers? To what extent do the normative changes affect me as an employer? If these knowledge gaps are not closed, questions on security will not be answered fully. So it’s clear that there’s a great need for information and further training to prepare a company and its specialist employees for the challenges of security.
Our customers have long put their trust in our safety expertise, which we share worldwide in our training and services. Through practical experience, e.g. when developing our products to the standard IEC 62443-4-1 (secure product development lifecycle), and many years of collaboration in international standards committees, we at Pilz also have extensive expertise in industrial security.
Pilz is an industrial machinery security expert!
So what can machine manufacturers and operators do in practice to increase the level of industrial security?
First of all it’s necessary to build knowledge. That’s why we’re sharing what we know in our new CESA training course, Certified Expert for Security in Automation. Our trainers provide delegates with the appropriate security knowledge, up-to-date with current standards, to prepare them for the upcoming challenges. The standard IEC 62443 is at the centre. Its content includes threat scenarios and potential defence strategies.
As with safety, the risk analysis is the first priority for implementation. This includes the determination and assessment of existing and potential threats in all relevant phases of the machine lifecycle, the estimation and assessment of risk, as well as recommendations for the risk reduction procedure.
A holistic safety concept that incorporates safety and security includes comprehensive identification and access management. Plant and machine operators define who can carry out which activity on which machine, and assign personalised access permissions to employees with the relevant qualifications. For this Pilz offers the access permission system PITreader, which we are continuously expanding, so that it now includes new transponder formats or functions for maintenance safeguarding, for example.
Control networks represent another vulnerable area, which must only be accessible to authorised users. Because even with remote access, there are often opportunities open that would otherwise only be possible locally via physical access. Firewalls can guarantee the necessary protection in this case. For example, the SecurityBridge industrial firewall from Pilz, which not only protects Pilz controllers but also third-party controllers from manipulation.
From Pilz, machine builders and users receive a service package and a technical solution package, which is holistic, including all aspects of safety and industrial security at the machine. A one-stop shop.
Safety and Security for the packaging industry – Approach and solutions from Pilz
Without security there can be no safety. And without safety, people cannot be protected! This applies even more when products can be tampered with, and people then face immediate danger to life and limb. In the case of foodstuffs, for example, which are deliberately contaminated or even spiked with deadly substances for criminal purposes such as product extortion. This is an exact case in which the security of the product itself must be valued highly, where preventing unauthorised access from outside is an absolute imperative.
This concerns pharmaceutical products – such as tablets or ointments – in exactly the same way as produce from the food and beverage industry. That’s why they must offer the highest possible security for end customers, i.e. consumers. A prerequisite here is that they are produced and packaged safely and securely. We provide support to manufacturers and operators in the packaging industry with our solutions, in which Pilz incorporates both machinery safety and industrial security. Our all-round safe solution approach for the sector aims to protect production – i.e. the manufactured product and the machine – and also to protect the human.
Safe solutions for primary, secondary and end-of-line packaging
A compact packaging machine or even a distributed bottling plant features varying degrees of covers, flaps or gates – or sometimes also protective devices only. Such machines mask various levels of risk. Packers must consider these risks in accordance with legal requirements. This is why – in addition to protecting the human – our solution also aims to guarantee the flexibility and productivity of packaging machines. We say: safe automation solutions are key factors in whether this is successful.
Our solution packages for the packaging industry combine products from our sensor and control technology portfolio. These are joined by others from the control elements range, as well as our software solutions. They can be assembled individually for all packaging types in this industry (primary, secondary or end-of-line packaging). Such as our safety solution for secondary packaging, for example.
In this area, the product (e.g. a bottle) already has its primary packaging and is receiving its outer packaging. That could be a cardboard box – the cardboard feed in particular is potentially dangerous. We safeguard this step of the process using our TÜV Süd-certified solution, comprising photoelectric sensors and Pilz controllers. In other words, we monitor the material infeed so that a person can no longer be injured if the cardboard feed runs empty.
So operating personnel could have reached into the infeed area. Our evaluation units in this solution – either the small controller PNOZmulti 2 or the modular safety relay myPNOZ – initiate a safe stop in the case of danger.
Industrial Security as second player
Industrial security is also part of our solution package. Here Pilz has its sights on comprehensive access and permission management, as well as data protection. Above all, if packaging plants are very widespread and complex, it is difficult to maintain an overview of them. That’s why secure access and the assignment of permissions must be a safety-related issue on such plants.
With our solution PITmode fusion, our modular operating mode selection and access permission system, we go beyond safety to also cover industrial security tasks. This means that operators can only make interventions that correspond to their personal permission level. So it is very difficult to tamper with the end product, leading to less misuse and manipulation and greater product safety.
And as regards the protection of data itself, here too our SecurityBridge industrial firewall can provide protection, and establish the necessary security for pharmaceutical and food packaging.
“All-inclusive safety” for furnaces
I’d like to introduce the subject of “Burner management” with a short description of wafer production. The gas burners in the ovens on a wafer machine must be controlled and monitored safely. The ignition process alone comprises almost 20 individual steps: the minimum and maximum gas pressure, the suction function, compliance with the permitted maximum temperature and much more are monitored during firing.
It’s already clear that such a machine has a complex control sequence. Therefore, burner management systems for automatic operation of furnaces and burner systems have a complex structure. Safety is an elementary component because, due to the high hazard potential, strict safety regulations apply in order to avoid unburned fuel in the combustion chamber.
Maximum safety where burners play a role
We have failsafe burner management systems specifically for these requirements. Our system solution consists of the configurable small controller PNOZmulti 2 – our base unit PNOZ m B1 Burner – and, if necessary, expansion modules can be added. This solution can not only control and monitor the burner itself, but can also monitor and simultaneously control the entire furnace safely – as well as controlling various burner types, such as master or slave burners, direct or indirect ignition, low or high temperature operation.
How do we do it? Our burner function block emulates the advanced functionality of an electronic automatic burner control system with flexible configuration. Thanks to technical diversity – i.e. safe, diverse relay outputs – we achieve maximum safety (i.e. safety level up to PL e) when controlling a burner’s safety valves.
Worldwide, cross-sector application possible
Our focus is on the potential worldwide application of our solution. We know that manufacturers of burner and thermal plant and machinery have a large number of international legal and normative requirements to consider. Our safety solution meets these requirements in many parts of the world: via standards compliance in accordance with European standards, confirmed by TÜV-SÜD, also through certification by Underwriters Laboratories (UL), the global testing organisation UL for the USA and Canada, or also by AGA, the Australian Gas Association.
Our safe burner management systems are already in use in the widest range of applications: in metalworking, the food and confectionery industry – for example at the wafer baking oven manufacturer Bühler Haas – as well as in sugar cane or ethyl alcohol production, the paper industry or the automotive sector. Particularly when we look at petrochemicals or gas processing, in these times it is now all the more important not to waste energy, nor for it to present any further hazard.
Two strong partnerships for safe, digital rail
A year ago I introduced you to our newly established Business Unit Rail and gave you an insight into digitisation of the railway. Since then our team has already reached important milestones.
This includes our presence at the International Trade Fair for Transport Technology, InnoTrans 2022 Last September in Berlin we attracted the attention of the railway industry and enjoyed some interesting conversations when we presented our EULYNX adapter.
The EULYNX technology is an important step in promoting cross-vendor and transnational digitisation of the railway. With our development partner ProRail, the largest railway infrastructure operator in the Netherlands, the joint innovation project on EULYNX has entered the next stage: this year, a test installation will go into operation in the Netherlands, to field-test the technology.
In the past year we have also sealed a development partnership with Pintsch, the expert in safe railway infrastructure. Digitisation and automation are the prerequisite for successful implementation of the programme “Digital Rail Germany”. We are both convinced that we can promote rail digitisation with our jointly developed innovations, which comprise industry-proven control technology from Pilz and the safety-related rail expertise of Pintsch. That is why we are working closely with each other.
And if we are talking about increasing automation, we can’t get away without mentioning security in the same breath. Just as in industrial production halls, there is a real need for action in railway maintenance halls and premises. One difference to industry is the lower level of automation. This means that people carry out very many tasks in the railway. So it’s all the more important here to assign tasks clearly and control access, to guarantee that manipulation does not occur, whether intentionally or otherwise. Because the effects on railway operation can be immense.
The standards and laws for safety in an industrial environment are currently facing upheaval. This is being driven by the issues of security and Artificial Intelligence (AI). For industry in general and for mechanical engineering, there are three new or upcoming legal requirements for security that are relevant: EU Directive NIS 2, the new Machinery Regulation and the Cyber Resilience Act.