Plant & Works Engineering
Machine safety, diagnostics & data security
Published:  08 December, 2022

PWE takes a look at some of the latest problem-solving solutions from Turck Banner in machine safety, diagnostics and data security

Personnel safety systems on machines are often seen as a necessary evil. In order to function correctly a safety device has to be self-checking, which adds more complexity and costs compared to a non-safety device. It does not enhance the machine’s performance and has the ability to stop the production at any point, hence the “evil” label, despite having the very “good”, function of protecting people from the dangerous motion.

Once an emergency stop has occurred, assuming that there are no other emergencies to deal with, restarting production is usually the highest priority.

Good diagnostic information is key to achieving this in the most efficient way. Gate interlocks and emergency stop buttons are normally the main problem area for diagnostics.

Gate interlocks and E-stop buttons are typically linked in series, on long chains. Whilst this reduces costs and simplifies installation, it makes identifying which E-stop has been pushed or which door has been opened difficult to find as there are multiple devices connected to a single input. As the alternative is to wire each individual point back to an input, this is obviously very costly in wiring and inputs.

The introduction of In-Series Diagnostics (ISD) changes eliminates this problem. Utilising a four wire series chain, up to 32 ISD devices can be added to each chain. Either a safety controller with ISD built in or an external ISD module monitors the status of every ISD module. This is separate from the safety function. As well as the activated/not activated status of the device, each ISD device provides an array of additional information, including a unique identifier, internal temperature and voltage, along with device-specific details such as alignment and distance between the sensor and actuator of a safety switch. The system will send warning alarms if a device is near to the tripping point, so that remedial action can be taken before a nuisance trip occurs, for example, from a door sagging on its hinges.

When a device is tripped the location of the device is identified and can be displayed through an HMI, indicator lights or other means, such as a smart phone app, or by turning the machine lighting red in the vicinity of the activated device. This clear and unambiguous information can quickly and efficiently guide an operator to the device that was activated, allowing the machine to be restarted with minimum downtime.

Devices with inbuilt ISD include RFID safety switches and illuminated E-stops, however there is also an ISD Connect device which connects conventional emergency stop buttons or safe mechanical switch contacts, such as those on a safety locking switch, to an ISD chain thus extending the diagnostic functions to those devices.

The ISD controller can connect to IO-Link or other bus systems and edge devices allowing the diagnostic data to be sent to cloud based OEE systems, where analysis of the data can highlight areas where performance improvements can be made.

IP67 safety solutions

Turck has also produced an IP67/IP69K, field mountable safety module. They have a glass fibre reinforced housing and fully potted electronics. This makes them robust enough to withstand the rigours of being mounted on a machine without the need for a cabinet.

Each module can operate in conjunction with an external safety controller or independently as a decentralised safety controller.

The benefits of the full block module include cost savings and expandability over a traditional cabinet mounted solution. Huge time savings can be made on machines requiring tooling changes, where the safety products are mounted on the tooling.

Safety I/O modules are currently available for Profinet/ Profisafe and Ethernet / IP / CIP Safety. Simple installation and commissioning is achieved with a free software tool and an integrated web server. Each IO-Link Master can take 32 inputs or outputs, giving the hybrid module a total of 68 non safety I/O.

The hybrid module has all the advantages of the full block module and can be combined with the ISD/IO-Link module to create a selfcontained safety system, with operator guidance to any doors, gates and E-stops that have been activated. As all are in IP67 field mountable devices a control cabinet is not required.

Data integrity

In recent months there has been a lot of interest around the vulnerabilities associated with connecting IT and OT (Operational Technology). IT systems have a continuous development of devices and upgrades to prevent cyber-attacks from outside of the organisation, but cyber-attacks have not been a consideration for OT until very recently. Questions are often raised about whether OT is now the weak point through which a cyberattack gains entry to the IT. That question is beyond the scope of this article however similar questions are raised as to whether a cyber attack on a connected safety system could lead to a “failure to danger” situation.

Safety systems such as those manufactured by Banner Engineering, utilising dual diverse redundancy. This involves using two different processor types running two different programs that do not share any coding. Both halves receive the same information from the safety inputs and process it independently, constantly checking that they both get the same result. If at any time the results are different, the safety controller will initiate a safe stop.

The safety circuits and the information circuits are separate parts of the controller providing another level of isolation. This combined with the redundancy principles above may not guarantee that a cyber-attack could not cause an emergency stop. However, the chances of a cyber attack being able to simultaneously create identical results by breaching the isolation in two places, and manipulating two different processors, running different coding are negligible.

That is not to say that cyber-attacks should be dismissed as a potential cause of production loss but that the safety system is unlikely to be the target.

Safety systems are an integral part of machines with dangerous motion where personnel have access. No one wants to expose their operators to potential harm without a safety system to protect them. Employing good diagnostics, combined with good operator guidance, can improve efficiency and productivity while offsetting the cost of a good safety system.