FUD Holds Back Industrial Ethernet Growth

Industrial Ethernet Growth Slowed by FUD

October 21, 2008

By Bill Lydon - Contributing Editor

While industrial Ethernet use is growing, the adoption rate is hampered by the FUD factor:

Fear, Uncertainty, and Doubt!

Many control engineers I talk with are concerned with the complexity of Ethernet.  The promise of Industrial Ethernet is clear; it will revolutionize manufacturing by tightly integrating control and business systems.   Industrial control network uptime is critical because it can directly impact profitability and the quality of output.  One failure can trigger others creating cascading problems and result in a significant loss of time and money.   Reading industry articles, attending conference presentations, and technical sessions it is clear that there are many issues surrounding the use of Ethernet in industrial control applications that give control engineers reasons for concern. 

Most control engineers have learned from experience to keep things simple because they are the ones answering the phone call in the middle of the night and take the “heat” when production is down with control problems.

These are some of the big issues surrounding the application of industrial Ethernet that give control engineers pause:
 
Security - Cyber Threats
The increase of industrial Ethernet means that there is an accompanying increase in threats that companies must protect themselves against.   Poorly engineered and executed security will not just negate the benefits of industrial Ethernet but threaten manufacturing and business integrity in ways never imagined before. 
 
The IT industry has developed a wide range of software and hardware to protect their networks but can these be effective in industrial Ethernet networks?
 
The control engineer needs to consider the application consequences of using IT type security measures.  In today's dynamic threat environment consider trading-off security for performance.  The consequences of blocking legitimate traffic, slowing critical control applications, vs. leaving industrial processes vulnerable to attack pose difficulty tradeoff decisions.  Can you afford to sacrifice performance or security?
 
Technical
Installing and maintaining industrial Ethernet presents unique challenges compared to traditional industrial networks such as DeviceNet and PROFIBUS.  This is further complicated if the control systems share Ethernet networks with other IT, manufacturing, and operations.
 
Connections
The RJ-45 is not in any way, shape, or form an industrial connection and this can be the source of the most basic network problems.
 
Retail Products
The availability of Ethernet equipment from a wide range of retail sources can create problems when a machine builder, system integrator, or other supplier installs these devices in a manufacturing environment.
 
You can buy Ethernet switches at your local drug store! 
 
Think this is fantasy? Last year I visited a controls shop that had “off the shelf” Ethernet switches mounted in control cabinets.  I questioned the engineer who stated these Ethernet switches were, "just as good an industrial switch."  The switches he was using are sold at a big box chain store and manufactured by a well known company.  I tried to find temperature specifications on this Ethernet switch and the manufacturer does not publish any.  This type of product could easily become a weak link in your production process. 

Troubleshooting
All nodes speak only one protocol on non-Ethernet industrial networks, for example, a DeviceNet, Modbus, or PROFIBUS network.  On an Ethernet network, each sequential packet may use a different application protocol. This is common in business applications.  From your PC you access the Internet, e-mail, and transfer large files at almost the same time causing sequential packets of HTTP, SMTP, and FTP protocols.   Due to these differences, protocol analysis tools are needed to speed new product developments containing industrial Ethernet, migration of legacy networks to Ethernet, and troubleshooting faults in installed networks.
 
Network Variations
A further complication is the use of industrial Ethernet switches and routers.  This gets more complicated with the use of VPNs (Virtual Private Networks).    Sophisticated industrial Ethernet networks require more sophisticated troubleshooting tools. One of the best tools for troubleshooting networks is a network sniffer or protocol analyzer which can translate the traffic on the network into meaningful data for the operator.   Connecting a sniffer to a network is no simple task. A misunderstanding of how a switched Ethernet network operates can lead to faulty analysis.
 
Fiefdoms
The organizational issues surrounding Ethernet are also not to be underestimated in planning and execution.  Ethernet has been the domain of the IT people and here come the control engineers that want to connect to “the IT network.”
 
Controls and IT both have risks that need to be managed and the integration of IT and controls adds further complexity. 
 
IT is getting involved to protect their systems from harm.   The average IT guy generally has little knowledge about industrial control systems.  Partnerships must be developed between IT and controls people.
 
Resources
The good news is that there are many resources available for control engineers.  These are a few and please let me know of any you know of any other good resources so we can publish them for other control engineers.  You can contact me at [email protected]

Cyber Security Resources 
 
 
Technical 
 
Fiefdoms IT and Controls 
 
Smarter Troubleshooting Tool
Fluke has developed the EtherScope Industrial Kit which is an intelligent field tool to prequalify, deploy, qualify and troubleshoot Industrial Ethernet.  The kit includes the LinkReflector tester which lets you perform complete Ethernet transport qualification from physical layer to higher TCP/IP layers. Key capabilities include:
 
  • Characterizing your network for deterministic performance including latency and jitter
  • Detection of network bottlenecks, switch element provisioning, management, and troubleshooting
  • Test port-level security and Quality of Service (QoS)
  • Simulate multicast traffic and other data to stress test and understand worst-case loading
  • Perform wireless service turn-up and troubleshooting