A secure, reliable automation controller from the silicon up

If you could design and build a new programmable automation controller, what characteristics would you include? Of course, it would have to be small and modular; able to resist shock, temperature and humidity extremes; capable of working with common PLC languages; and versatile. Beyond these basics, security would start at the transistor level, the controller would have as few mechanical “pin and socket” connections as possible, and the I/O boards would be defined functionally in software rather than hardware—limiting the number of I/O boards needed to be kept in stock.

Bedrock Secure Industrial Automation has created a controller that meets all these specifications. The company was cofounded a couple of years ago by Bob Honor, CEO; Albert Rooyakkers, CTO and vice president, engineering; and Robert Bergman, vice president, sales and business development. Its goal was to create a completely new, secure automation controller. The finished product has some novel design features that let the device withstand harsh environments, achieve a tight level of security and provide control system builders with some new freedom in automation design. Bedrock has applied for more than 75 patents, and to date, 25 have been approved with no contest; the remaining applications are pending. FE caught up with Honor and Rooyakkers to learn more about this controller.

FE: How did you start Bedrock?

Bob Honor: Albert and Rob were part of the business development team at Maxim Integrated, and one of Albert’s responsibilities was R&D. Albert developed a proof of concept around a secure industrial control system using Maxim’s silicon, and the CEO of Maxim decided to fund further development. After positive feedback from the industry, the decision was made to form a new company to take the system to market, and that’s when I was recruited from Rockwell Automation.

FE: What was/is the primary goal of your company?

Honor: Primarily to secure the infrastructure of the country from cyberattack, which is becoming more and more prevalent throughout the world. At the same time, to rethink industrial control systems from the end-user’s perspective so the new technology that is revolutionizing other industries can be applied to control systems today. Our primary design criteria are: simple, scalable and secure.

FE: What makes your design different?

Albert Rooyakkers: Our roots are in Silicon Valley with access to state-of-the-art technologies, yet all of our backgrounds are in industrial control. It’s a unique combination that allows the timely adoption of technology to address timeless automation solutions.

FE: When you say security is embedded in the transistors of the chips, what do you mean?

Rooyakkers: We use secure microcontrollers in all system modules as the basis for the design. Secure microcontrollers are designed and built with specific technologies including non-volatile, secure memory; anti-tamper metal layers; side attack sensors; true random number generators; and encryption hardware accelerators. This is what we mean by security starting at the transistor. By employing a “layered and embedded” design philosophy starting at the transistor level and extending into the supply chain, a control system can become extremely secure.

FE: What happens if a hacker tries to break into the controller—or someone physically steals it from a location?

Rooyakkers: We use secure microcontroller technology, which has an anti-tamper design and prevents physical access to the embedded keys. In addition to the silicon, the modules feature an all-metal sealed case. Someone would literally need a hacksaw to get access to the electronics. And in the CPU, we have a super-cap [capacitor] that shorts out all the active electronics if the case is cut open.

FE: What other physical specifications of the device would benefit the food and beverage environment?

Honor: We have built a fully metal package, NEMA 12, no plastic, rated by UL as Class I, Division 2 with an operating temperature specification of -40° to 80°C. It is designed to reduce panel space and part numbers, so using this control system in a NEMA 4X panel will save food and beverage companies money.

FE: The backplane in this unit is totally different. How does it work, and why is it important?

Honor: To eliminate a common method for reverse engineering control systems and improve overall reliability, we designed an electromagnetic backplane. The benefits to the user are numerous besides the inherent secure design. In addition to eliminating thousands of pins that can bend, break or corrode, the backplane forms a galvanic isolation barrier between the I/O and the CPU. We transmit both power and data, and the data bus is designed to be fully parallel, full duplex, asynchronous and symmetrical, allowing a standard 1ms update rate for field I/O independent of point count. The symmetrical design also allows users to install I/O modules in any orientation, giving flexibility in cable management for high-density installations.

FE: Could you describe this system further and how it benefits automation engineers?

Honor: We use advanced silicon and software to make every I/O channel software configurable to be either analog or digital input or output. This allows great flexibility in panel design and commissioning besides reducing by 90 percent typical spare part requirements.

FE: What local area networks and plant control networks are supported by the controller?

Honor: For HMI/SCADA requirements, we are initially supporting only OPC UA, the latest secure standard from the OPC Foundation, with over 1Gb/s Ethernet ports. On the backplane, we have a flexible fieldbus module for remote serial networks like PROFIBUS or DeviceNet—and an Ethernet I/O module for several of the popular industrial Ethernet protocols like Modbus TCP, EtherNet/IP and PROFINET. We will have a Foundation Fieldbus module available next year.

FE: Is it possible to tie this machine into an existing control system as a subsystem?

Honor: We have a completely open design, and the controller can be used as a simple, rugged, remote I/O device. The flexibility from software configurability of all I/O and, therefore, reduced installation and maintenance costs will make this attractive. However, without our CPU to authenticate not just the I/O but also the control software, you will not be taking advantage of all the security capabilities.

FE: You’ve had a few test systems in the field so far. What has been the reaction?

Honor: Overwhelmed is the only way I can describe the general reaction. The benefits extend over the total lifecycle of a control system. We have not spoken about the CPU capability, but this modern, redundant controller not only handles all control languages, it also has two 1GB Ethernet ports, 512MB of program memory and 32GB of data memory, allowing real-time data analytics to be executed within the control system. As the Internet of Things becomes present in more and more facilities, the fundamental benefit of this new connectivity will be the use of ever-increasing amounts of data to improve operations and reduce downtime. Our control system makes this real and available today in a secure, reliable system.

FE: When will the automation controller be available?

Honor: Production is scheduled for July 2015, and the price will be comparable to that of existing large PLC and DCS controllers.

For more information, visit www.bedrockautomation.com.

The premier live event in the commercial membrane and membrane technology sector. It is the go-to source for processors, plant managers, engineers, chemists, equipment manufacturers, research and development professionals, sales & marketing specialists, technicians with informative technical sessions covering current topics and emerging trends.