I learned something really important and rather alarming this week: Operations folks do not consider security when choosing their control system technology. They know they must have some form of security tacked on to the base system, be it a firewall or virus protection software, but they don’t ask for it as part of their industrial control system (ICS) because, well, it’s just not on the requirements list. This is shocking. People, do we need another Stuxnet-like assault to open our eyes? Because the next cyberattack that targets a PLC or DCS could take down your company—or worse.
I’m confused, actually, as to why security isn’t on the ICS requirement list. But, as Robert Bergman, a founder and vice president of sales and business development at Bedrock Automation told me: “No one has had embedded security in a control system, so it’s not something [manufacturers] would think about when buying a control system. Because it just didn’t exist.”
Well, it does now.
This week, the Bedrock Universal Control System hit the market. It is a system for all control modes—continuous, batch, and discrete—housing a PLC or DCS and scaling from 10 to up to 4,000 I/O per controller. By adding control modules, the scalability is virtually unlimited, company officials say, easily accommodating 100,000 I/O points and more. The design is completely different from anything in the industrial space. It is based on the company’s proprietary Black Fabric technology, a 4GB electromagnetic backplane that eliminates all I/O connector pins.
The design is a simplified yet sophisticated next-generation architecture. Aside from the electromagnetic interconnection—which is basically a wireless connection at an extremely short distance—it touts an asynchronous, parallel, redundant power and communication architecture. The parallel architecture supports very fast scan times, and the removal of I/O pins improves reliability and increases cybersecurity, the company says. In addition, the flexibility of the backplane allows installation of I/O modules in any orientation and location. The company even has a patent on a special cable that can adjust to different directions.
The result of this reengineered ICS is one controller for every conceivable application and size of control task. Reduced parts, which also reduces maintenance, staffing, and spare parts. And security from the inside out.
I’m not going to go into detail on the technology, as David Greenfield already did an excellent job of describing the guts of the Bedrock architecture in his article Industrial Control Redesigned. Instead, I’m going to elaborate on the embedded cybersecurity, which to me is truly the disruptive innovation here.
The advancements in semiconductor technology is the stimulus for change in control design. “That and an extremely creative person,” says Bedrock founder and CEO Bob Honor who was referring to Albert Rooyakkers, another founder of Bedrock who is also CTO. It was Rooyakkers who came up with the idea to embed security after Stuxnet. Moore’s law had driven semiconductors to be thousands of times more powerful than what is in the last generation of control systems, and he wondered what could be done with that in conjunction with cybersecurity. Turns out, a lot.
Here’s how it works: Bedrock uses cyber secure microcontrollers from Maxim Integrated that have encrypted keys embedded within all of the system modules including the controller, power supply, and I/O. The key is inserted into the chip at the time of manufacturing and used to authenticate everything, including the software that will run on the system. If the software is not signed with the key embedded in the chip, it will not work.
“It is a completely different approach than what everyone else is trying to do, which is to put a hard shell around the control system,” says Honor. “We took the opposite approach and made the control system center very secure.”
This, the team thought, would be the main selling point when they began previewing the technology with prospective customers. “When we initially started responding to inquiries about a year ago, we led with the security as it is embedded in everything we do. But no one buys security,” Honor says. “When we started talking about all the innovations in automation, however, that’s where the interest was.”
So it’s the innovations that are attracting manufacturers—mainly in the continuous process and batch manufacturing space—to Bedrock. Things like the Black Fabric, the fact that everything is software configurable, the pin-less connections, the swivel cable, and the new power system (to be rolled out in a few months) that uses lithium battery technology which is about 1/10th of the size and charges much faster than lead acid batteries. In addition, the system has an OPC UA server embedded to authenticate the messaging stream from any OPC UA client. This, along with two 1Gbit Ethernet ports and 32GB of data storage, and the Bedrock Universal Control Systems look like a nice fit for the Internet of Things as it is a powerful data acquisition and collection engine.
The system officially became available this week in North America, with global roll out in the next year. The starting price is $20,000. This is with security built-in – so no adding extra layers of protection to the DCS, SCADA RTU, PAC or PLC. Of course, “we are not advocating in any way that people get rid of firewalls, this is just for the control system, which we are taking to another level,” Honor says. “Security is like a game where all you are trying to do is make it harder [to gain access to a system]. We are making it harder for someone with bad intentions to take down a control system.”
And if security is a game, well, Bedrock Automation just changed the rules. Which means manufacturers will be adding security to their ICS requirements list, and other automation vendors better be figuring out how they’ll deliver cybersecurity capabilities that will meet the new demand.