Plant & Works Engineering
Keep plants secure in an era of threats
Published:  16 April, 2021

In the fourth panel discussion in our Talking Industry series, three experts on plant safety and security got together to discuss the latest thinking on these topics. Andy Pye, consultant editor of PWE, who chaired the session, reports on some of the highlights of the lively discussion.

Safety and security in industrial plants may need rethinking. The future of manufacturing processes is digital, which is creating many opportunities for plant operators to enhance efficiency, increase flexibility and make their plants futureproof. But there is a downside: threats to plant security arising from rapidly growing and increasingly sophisticated cyber-criminals, as well as an increased risk of unintentional security incidents from within organisations.

In the latest of our series of online discussions called Talking Industry, three expert panellists (see box below) focussed on three broad areas:

• rethinking the relationship between safety and security;

• increasing productivity through safety; and 

• safety in large systems, integrated machines and production lines.

Jason Reed took the reins for the first section,  concentrating on the relationship between safety and security. In doing so, he took on the challenge of condensing three hours of presentation material into around five minutes.

Today, he asserted, not only do we have a desire to connect and share information, but we also have a need to do so. So the buzzwords such as the Internet of Things, Industry 4.0 and smart factories, are becoming the norm.

The traditional process of setting up a factory or a production line to manufacture thousands of widgets cost-effectively, is being replaced by smart factories or single production cells that can manufacture batches or one-off orders.

However, there’s a downside to this – there are people, organisations and even nationstates that want to exploit weaknesses in the IT infrastructures. Common points of entry are via the Internet, removable media such as USB memory sticks, and email campaigns.

Historically, IT security has been about confidentiality of information. Threats are made over companies’ IT structures – typically in the form of ransomware, where a system is locked down until a payment is made, or IT breaches in which company or customer data is stolen.

The cost to the company of either of these forms of attack is financial. But with smart factories, industrial security involves protecting production and industrial plants against faults, whether intentional or unintentional. In the past, communications would have been carried out via manufacturerspecific protocols. To do any damage, an attacker would probably need to enter a factory physically or access machines via telephone lines.

Now, these protocols are now increasingly being replaced by Ethernet-based communications, allowing attacks to be carried out via the Internet. Jason Reed suggested that anything with an Ethernet connection is a risk.

Some of the remedies that the panel discussed included:

• protecting plant and machinery so that only authorised personnel have access, thus preventing manipulation of the control systems by external attackers;

• using anti-virus scanning software;

• training staff not to click on malicious attachments or links from emails, or log on to unsecure WiFi networks;

• keeping track of passes of anyone entering buildings;

• keeping records of who is competent to carry out patch updates to machines;

• when buying new equipment, making sure that its operating systems are up-to-date; and

• managing passwords properly, or avoiding them by using RFID tags and alternatives.

Standard practice

The ISO standard 62443 (industrial communication networks, network and systems security) deals with IT security and automation. It currently offers the best guide for both operators and device manufacturers when it comes to implementing security efficiently.

However, as Eve Edwards confirmed, standards are lagging badly in this area. As technology moves forward at pace, it takes a while for standards committees and their publications to catch up.

Martin Kidman gave the example of sensing devices based on radar, even though radar is not actually mentioned in most of the standards. Standards are now being drawn up so that they are almost “technology-agnostic”. They are being written around the requirements that a device needs to meet, rather than the technology employed. The requirements are the same, even if the device is actually based on a different technology.

Martin Kidman observed that, historically, there has always been a perception that safety has a negative impact on productivity – put simply, stopping movement creates downtime.

“When I started out as a test engineer on the Low Voltage Directive back in my early 20s, safety was seen as a cut-off device,” he recalled. “So you had thermostats for temperature fuses and for current, and the focus was basically turning everything off. Sometimes in industry, there can be a similar mentality about safety. You often get an angry production manager storming down the aisle!”

But he argues that if you can design properly, you can reduce the impact of safety and can even start to get marginal gains, which can aggregate into quite large gains. “As a typical example, if we look at a mechanical press, normally you’d have a safety light curtain across the front, and hopefully, if you put your hand through, it would stop the press,” he explained. “And then you’d have to press the reset button, and you’d often see a two-hand control in front of the press to start a press cycle.

“You can also speed up the cycle times by applying different techniques – such as presence sensing device initiation (PSDI),” he continued. “This is where you add additional motion control sensors such as cams, proximity switches and encoders. And this then becomes part of the safety control system.”

With a more dynamic approach to safety, designers can now create systems capable of allowing continuous working. Whereas safety used to be added at the end, designers are now considering functional safety from the beginning. “We work with lots of customers in industry before even a bolt has been screwed in,” Kidman reported. “We have many customers considering concepts from the beginning – like localisation, navigation, safe, dynamic field switching, safe position, safe speed, and even wireless safety, in some cases.”

He recommends reaching out to experts “from the beginning of a project, rather than just sticking safety on at the end, because nine times out of ten, it’s much more costly to do that, and much more difficult to do.”

Integrated systems

In the final section of the Webinar, Eve Edwards led on integrated manufacturing systems and risk assessments. She began by referring to a sightly lesser-known standard called ISO 11161, that covers integrated manufacturing systems – and is currently being rewritten.

With multiple machines, large lines integrate those machines with each other. There may be converters or robots in between. ISO 11161 attempts to cover the additional level of associated risk.

Users need to consider which bits of an installation can be shut down safely on their own, and which bits you can turn off while others keep running. How do they interact with each other? In most ISO standards, this is not well defined. However, people are aware of the risks and hazards of unexpected start-ups and having whole-body access across a wide area, not just around one machine.

“One way of getting around this is to have presence sensing,” Edwards suggested. “You can make sure you absolutely know whether there’s someone inside that area. But that can be difficult in large areas with lots of moving parts, lots of shadows and places where you could be hidden. So you then invoke inhibit functions. This is currently only used in US standards, but is being brought over into ISO standards at the moment.

“I really like the term inhibit function – it really helps understand the idea,” she continued. “It’s inhibiting the reset function. And you get both proactive and reactive inhibit functions.

Proactive means giving personal control to the people going inside a large safeguard in space, maintenance, or teach mode; reactive means escape release or people stopping the machine if you are inside and you realise that the machine is starting up while you are inside!”

The discussion then moved on to how to carry out risk assessments, which you can access by viewing the on-demand version of

the discussion here:

The Panel

Eve Edwards

Commercial Manager Fortress Interlocks

Eve, a machinery safety specialist, is a member of ISO TC 199 Working Group 7 – Safety of Machinery – Interlocking Devices, and sits on the ANSI Z244.1 Lockout/Tagout committee in the US. In the past 12 months, she has presented more than 80 Webinars on machinery safety topics, written a monthly newsletter, and co-starred in a YouTube video, “Eve and Malc’s Safety Show”.

Martin Kidman,

Market Product Manager (UK & Ireland),

Safety Solutions Sick Sensor Intelligence

After gaining a BEng (Hon) and MSc (Eng), Martin started his career in 1999 working for a notified body testing equipment to the Low Voltage Directive. He took a four-year break to gain a PhD at the University of Liverpool, and since 2006 has been involved in industrial automation, working for various sensor manufacturers. Martin has been with Sick since 2013 providing services, support and consultancy for industrial safety applications.

Jason Reed

Account Manager,

Pilz Automation

Jason Reed is an electromechanical engineer who has been involved in the machinery safety industry for more than 16 years, including participation in standards committees. He has experience of projects across a variety of industries and applications and is wellversed in the issues that manufacturing companies are facing and need to consider to comply with the latest safety legislation and standards.