Controllers in safety applications form risk mitigation systems usually known as Safety Instrumented Systems (SIS). The development of these systems over the past 10 years has seen an increase in performance, reduce their footprint by more than half and allow integration with the higher-level Process and Operation digital systems. The latter has resulted in more awareness that networks in critical control applications don't share the same requirements as those of a corporate network. The design of these safety systems, taking into consideration cyber-security and network performance, is taking a new turn that Software Defined Networking (SDN) is driving. Over the past deployments of the Hexagon Technology Inc. (HTI) Safety Control Unit (SCU) in SIS applications, discussions with peers and customers concerning the impact SDN will have on the future development and design of the SCU have taken place. To understand those effects, let's touch on the following key points.

First, a brief introduction of Software Defined Networking (SDN) and reasons clients are considering this approach. SDN is a means by which all data flow control decisions in an Ethernet-based network are centralized in a single Controller. Connected to the Controller are simple devices that forward data according to pre-defined instructions over the same CAT5 or CAT6 cables used in today's networks. These simple devices replace the routers and switches distributed throughout a typical network that we are all familiar with today. Because of this centralized nature, SDN provides the means to comply with ISA84-TR84.00.09 (Security Countermeasures for SIS) in the best possible way and fulfills the critical infrastructure requirements in reliability, deny-by-default security, latency guarantees, and deterministic transport capabilities.

Second, it is important to note that the SCU is a SIL3 rated unit with the sole purpose of performing advanced diagnostics and, in certain rare cases, triggering a safety function. The dual or triple voting controllers and communication hardware of the SIS to the Process Controller (DCS), on the other hand, are based on standard off-the-shelf components from global automation suppliers. Since the SCU is contained within the SIS and is not intended to connect to the outside process controllers, it is designed to be a component that is part of a certified system. This means that once the certification is obtained no change to the configuration should occur without the proper risk and validation (HAZOP) and SIL Determination tasks first taking place. In short, the SCU should be decoupled from a control network and shouldn't be part of a Software Defined Network.

However, proof of concepts using SDN to enhance network reliability to never seen before levels are in the works in the Energy industry using predictive software tools to diagnose and prevent communication failures by failing over to alternate paths. Favourable outcomes in this area are expected in 2016 and will lead to new ways of achieving higher levels of safety capabilities with lower cost hardware. The SCU is uniquely designed to incorporate new network functionality enhancements driven by SDN due to its supplier-neutral platform architecture.

On a last note, although SDN provides interesting opportunities to Hexagon Technology's SCU, proven key encryption algorithms and certificate management are recommended for ensuring proper network security to the overall process control / SIS system.

If you liked what you read, please feel free to share this article with others you know via LinkedIn, Twitter, Google+ or Facebook. It’s good to share.

by Peter Darveau

For more about Hexagon Technology Inc., visit www.hexagontechinc.com .