In contrast to smartphones, controllers and control systems as automation components have had comparatively leisurely innovation cycles to date. This currently seems to be changing - for various reasons. These include the poor availability of some electronic components as a result of the semiconductor crisis, new regulatory requirements for cyber security and rising user expectations in terms of AI capability, performance and convenience of modern control software. 'Proven' controllers are often simply overwhelmed by this.

In view of these factors, many companies in the machine and equipment manufacturing sector are faced with the decision to develop completely new controllers - or to have them developed. When awarding contracts, clients should make sure that new controllers eliminate identified deficits, fit the planned application and score highly in terms of flexibility and future-proofing. Not an easy task for the development partner.

It starts with the issue of component availability, which highlights the advantages of modular hardware architectures. It is easier to redesign individual assemblies with components that are difficult to deliver than to redesign the entire 'single board'.

Modular hardware architecture for (future) security

In light of the increasing demands on computing power due to AI and machine learning, a carrier board/SoM (system on module) design is becoming more interesting than ever. At the moment, a module with an i.MX 8 CPU and suitable GPU or other AI extension can be sufficient for simpler tasks. A defined interface makes it possible to accommodate SoMs of different price and performance levels on the carrier board in future. If the demands on AI performance increase, it is relatively easy to switch to SoMs with more powerful processors. Although ARM architectures are also increasingly supplying AI and ML extensions, the later integration of specialized tensor processors (TPU) remains possible, provided that their connection via a suitable (PCI) interface has been planned.

On the hardware side, there are also a few basics to consider when developing a new controller: for example, sufficient non-volatile memory (NVRAM) to secure the PLC's retain variables even in the event of sudden power failures. In general, the hardware should also be equipped to withstand voltage fluctuations and failures of up to 200 ms. For longer power failures, the controller should also be able to buffer enough power to put itself into a safe state. A good thermal design and electromagnetic compatibility (EMC) are also important, especially when integrating the display and controller.

Cybersecurity is crucial

The current version of the Universal Controller from Grossenbacher Systeme was developed in accordance with the industrial products standard IEC 62443.

© Grossenbacher systems

A key reason for new developments is the issue of cyber security with its conglomerate of directives, laws and standards. There is therefore much to be said for ensuring that new controllers comply with the industrial product standard IEC 62443. The prevailing opinion is that it will form the basis for future harmonized specifications such as the EU Radio Equipment Directive (RED). The IEC 62443-4-1 part defines the requirements for a secure development process for hardware and software and is a mandatory prerequisite for product certification, for example in accordance with IEC 62443-4-2.

With the industrial product standard, operators, integrators or manufacturers of industrial automation systems as OEMs not only create the prerequisites for the subsequent granting of CE marks, but also provide the best possible protection against cyber attacks and improve the general security of their processes, products or systems. IEC 62443 therefore also has a major influence on the design of the software (boot mechanisms, operating system, application protection, etc.).
The new development of the software elements of a controller is no less demanding than the hardware development - quite the opposite: the system software almost always requires significantly more development effort than the hardware. For this reason, the priority should be on a flexible and modular software architecture. An OEM partner must therefore have a modular system with software modules for the system software that are modern and 'cybersecure'. This gives the OEM the freedom to concentrate on 'its' application software - be it the PLC, visualization, an (edge) application with AI character or other applications.

Containers make the difference

A modern controller is based on the optimum interaction of various hardware and software components.

© Grossenbacher systems

When developing the system software, it is advisable to use a container environment. It should consist of a Linux operating system based on Yocto and a tool for container management - Podman, for example. The latter is an open source tool for managing container groups, known as pods. Podman can be used to develop, manage and run containers in Yocto Linux conveniently and efficiently. In contrast to other container engines, the tool does not use daemons, which act as a quasi-invisible intermediary between the user and the container, but can be a potential security vulnerability. Podman also assigns the containers to the CPU cores, whereby a processor core can 'process' one or more containers. Communication between the containers is usually Ethernet-based using TCP/IP or OPC UA. The Yocto-Linux of the controller must also cover other areas, such as chroot (change root) oriented functions for the management of RAM disks.

Focus on security

Security extensions such as AppArmor and SELinux are examples of security functions that make life difficult for hackers if the system security of the controller is to be a priority. The 'Seccomp (Secure Computing Mode) Policies', which regulate which actions are permitted within the containers, also serve this purpose - a crucial point if third-party applications are to run. If these are to interact with other applications and storage areas and be able to access interfaces, special security measures are required to prevent an Achilles' heel for the overall system.

There is also one thing to bear in mind in connection with a soft PLC: In order to be able to implement them - with or without real-time capability - in a container, the runtime system of the soft PLC must also be 'container-compatible'. Various manufacturers are working on this. Until it is available, however, the runtime system must be integrated directly into the task management of Yocto-Linux.

Another aspect whose complexity should not be underestimated is the connection to the cloud. Whether this involves reporting functions, extended control options or communication with the controller in general, all of them put the software developers' skills to the test, especially when data is transmitted via wireless networks.

Diverse skills are required

The author: Jonas Schuster is a member of the management team at Grossenbacher Systeme AG.

© Grossenbacher systems

Developing an application-specific, future-proof and cyber-secure embedded controller is therefore a challenge. Grossenbacher Systeme, among others, has proven that it can be solved. The company developed a controller for the environmental simulation expert Weiss Technik in accordance with IEC 62443 and produces it in series. Another factor is the availability of an extensive modular system of modern and proven hardware and software modules - they allow the OEM to focus on its own strengths and core applications. The OEM can therefore be sure that its new controller will meet current and future cybersecurity requirements as well as customer expectations in terms of performance and software convenience.