30 years of development have made automation systems very similar and based on broadly the same, open technologies. That's both good and potentially also extremely bad. Andrew Bond explains
It's 30 years this year since the process automation industry and its process industry customers entered the digital era with the launch by Yokogawa and Honeywell within a few months of each other of the world's first distributed control systems (DCSs). By the end of the 1970s pretty well every process automation vendor – and there were a whole lot more of them then than there are now – had its own implementation of the concept.
While there were still plenty of plants controlled by analogue electronic instrumentation, and probably rather more by pneumatics, there was little doubt which way the technological wind was blowing.
Those early DCSs, although based almost entirely on proprietary technology, had a few key characteristics in common which have carried right through to the present day: microprocessor-based, multi-loop controllers in place of single loop analogue controllers; graphical operator consoles in place of mimic diagrams measuring tens of feet in both dimensions; and communication between the various elements over a shared digital medium or control network.
Move forward to the mid '80s and it's clear that further development of, and reliance on, proprietary technology is no longer sustainable for even the largest of DCS vendors. However, it's left to the then still independent Foxboro – which had failed fully to embrace the DCS concept at the outset – to in effect jump a generation and release a new DCS, dubbed I/A (for Intelligent Automation) Series, using non-proprietary or 'open' technologies such as Ethernet and Unix.
Wind forward another decade to the mid '90s and the DCS offerings of the now considerably smaller number of major process automation vendors are all looking increasingly mature. Most, one suspects, reckon that the concept has been taken about as far as it will go, and that they won't have to invest in the development of a new generation.
This time it's Fisher-Rosemount (the company created by Emerson Electric when it acquired Fisher Controls from Monsanto and merged it with its already innovative Rosemount instrument and control systems business) which upsets the technological applecart by adopting PC-based Windows technology, aided by the acquisition of the Intellution SCADA/HMI (supervisory control and data acquisition / human machine interface) business. Like the original DCSs of 20 years earlier, the resultant DeltaV system comes in for plenty of flack initially, but today virtually every major vendor is offering what is in essence a DeltaV look-alike, with PC-based consoles running Windows, a high speed Ethernet-based control network and an ever increasing focus on fieldbus digital plant communications technology for communication with field instrumentation.
Come right up to date and the 10 year innovation cycle is delivering once more. This time the focus is less on further development of the DCS itself and more on extending its reach into safety instrumentation.
Traditionally, any potentially hazardous process has been protected by a safety instrumented system (SIS) which is entirely separate from, and independent of, the DCS and will shut down the plant or drive it to a safe state if a potentially hazardous condition is detected.
Getting it together
Now a combination of factors – new international standards, pressure for enhanced operational efficiency and the desire of users to deal with a single automation contractor – is driving a trend toward much closer integration of the DCS (often in this context referred to as the basic process control system or BPCS) and the safety system. As a result no less than three of the leading DCS vendors – Fisher-Rosemount, now renamed Emerson Process Management, Yokogawa and ABB – have within the past year announced new closely integrated safety controllers or, in the jargon, 'logic solvers', based to a greater or lesser extent on their DCS controllers.
The net result of these 30 years of on-going development is a process automation market in which all of the major contenders are offering broadly the same capability, based on broadly the same commercial off the shelf (COTS) technologies. Consequently, hardware and DCS related software are accounting for an ever smaller proportion of the vendors' DCS revenues, as the emphasis shifts to the provision of project services and operations or 'after sales' services. Indeed DCS hardware and software are rapidly becoming not so much an end in themselves as the vehicle by which process automation vendors deliver the services from which they now earn their living.
Honeywell Process Solutions' president Jack Bolick argued, in a presentation to financial analysts at the end of 2004, that today's DCS vendors can be divided into two broad categories. In one, in which he included his own organisation alongside Invensys and ABB, are those which are essentially 'control room-driven' and whose focus is primarily on advanced control solutions, higher level process management and optimisation applications and integration with the enterprise. In the second group, in which he placed Emerson, Yokogawa and, rather surprisingly, Rockwell Automation, are those which are 'field device-driven' and whose focus is primarily on valves and instruments.
To some extent that looks like an attempt to make a virtue of necessity, given that Honeywell currently has a comparatively limited instrument and field device portfolio compared with the comprehensive offering of arch rival Emerson. It's certainly true that Emerson's strength in both field instruments and control valves has put it at the forefront of the development of fieldbus and, specifically, of 'control in the field', whereby control algorithms are executed not in the DCS controller but in the now intelligent field devices themselves.
Equally, Honeywell's recent acquisition of the real-time simulation assets of the former Hyprotech – which Aspen Technology was forced to divest itself of at the end of 2004 under pressure from the US anti-trust authorities – underlines its own emphasis on higher level applications. However the implication that 'field device-driven' DCS vendors are behind the game in terms of advanced control and process optimisation might not stand up to close examination, given Yokogawa's acquisition of Isle of Wight-based Marex and Emerson's of Teesside-based MDC Technology at the end of the '90s.
What could be said to distinguish the two groups in this context is a difference in approach. Thus while Honeywell is focussed on the provision of advanced, model-based control and plant-wide optimisation above the DCS level, Emerson seems to be more interested in trying to commoditise such techniques so that they can be applied at little or no extra cost on a control loop by loop basis in the DCS controller. There's a similar divergence in the approach to the currently hot topic of asset management, with 'field device-driven' vendors more focussed on exploiting the 'smart' capabilities of their own instrumentation while others aim to achieve similar levels of diagnostics, and hence predictive maintenance, through host-based software.
Asset management is currently the principal focus of efforts to achieve greater integration of process automation systems with higher level, enterprise wide IT. Systems which monitor the condition and predict the potential failure of key field devices need to integrate with the maintenance management modules of the user's ERP system so that the information can be translated into work orders, materials requirements and the rest, and hence into remedial action.
And while the current emphasis is principally on instrumentation and control assets, it's already shifting to embrace general plant assets as well. Emerson, for example, recently launched a 'machinery health transmitter', which uses expert system technology to diagnose potentially catastrophic conditions in rotating equipment such as pumps and motors, and to report their health to the asset management system.
Shop floor to top floor
This 'shop floor to top floor' integration has been the holy grail of process automation for two decades. Now, however, use of the same technologies – principally Windows and Ethernet – in both computing environments is removing many of the barriers to that goal. Unfortunately, however, they're also removing the physical separation that has traditionally so protected industrial systems from the threat of intrusion.
The precise scale of that threat is difficult to quantify. The British Columbia Institute of Technology (BCIT), which maintains a database of reported cyber attacks on industrial installations and public utilities, currently knows of only about 50 confirmed incidents world-wide to date. However, according to Justin Lowe of consultancy PA Technology, which offers a security risk reduction service, the true number could be very much greater, given that organisations are extremely reluctant to admit to having been targeted. What is clear is that the frequency of such incidents is increasing and that their impact is by no means trivial. The average cost in financial terms of reported incidents has been of the order of $1 million each.
What is also clear is that the nature of the threat is changing. Whereas the IT world reckoned its greatest security problems were internal to organisations, today that position is reversed and that pattern seems to be being repeated in the industrial sector, with some 70% of attacks now believed to be external in origin. And while it is certainly true that hackers are beginning to target process automation systems specifically, such systems are just as much, if not more, under threat from random viruses and worms as they are from the bearded Al Quaida hacker of one's more fevered imagination.
Undoubtedly a major factor in meeting this challenge is the different perceptions and priorities of the process automation and IT worlds. Graeme Pinkney, head of threat intelligence for Europe, Middle East and Africa with cyber security specialist Symantec, accuses both users and vendors of process automation systems of naivety in adopting generic IT technologies without considering the security consequences or adopting the IT community's best practices.
For its part the process automation world argues that it faces different challenges from the IT sector, not least in terms of the need for the highest levels of availability, and in the consequences of systems either failing or being maliciously manipulated.
Arguably the most worrying issue for process automation system users currently is the time that elapses between Microsoft releasing new security patches for Windows and those patches being validated and implemented in their live systems. That delay currently runs into weeks and months – during which time said patches can be reverse engineered by an enthusiastic band of hackers, and the vulnerabilities they address identified and then harnessed.
Nevertheless, and despite the fact that some users in, for example, the pharmaceutical industry, are turning back the clock and breaking the links between their plant floor and corporate systems, there's little sign of the advance of 'shop floor to top floor' integration being halted. Nor is there much evidence of any but the very highest level of mission critical industrial applications reducing their dependence on Microsoft technologies.
What is apparent, however, is that an increasing number of industrial automation users are asking themselves whether the wholesale adoption of Microsoft technology was – for all the benefits and cost advantages it has brought – an unqualified good.