Today, the term ‘security’ can cause a media storm, especially as part of the discussion around cyber security. Automation and communication technology are not spared from this. This can sometimes create the impression that issues surrounding IT security are a new phenomenon. The experts of PROFIBUS & PROFINET International however have concerned themselves for many years with the issue of secure operation of communication technology components, which by nature have always been tightly networked. Safe and Secure operation of aerial railways is an important example.
In the area of safety, PI laid the critical cornerstone for automation of safety-related machinery and equipment already around 2000 with the first PROFIsafe specification. The PROFIsafe solution is based on the “black channel” principle, which is meanwhile part of IEC standards and considered as state of the art: Because of the close connection between safety-related and standard automation, safety-related and standard data are carried together on the same communication medium. This reduces the costs of devices and engineering and of operation of safety-related machinery and equipment. The core of the principle is that safety-related information is packaged in a safe “PROFIsafe Container”. At an Emergency Stop, for example, the signal status of the safety sensor or Emergency Off pushbutton is transmitted via a PROFIsafe frame to the safety controller where it is processed and then forwarded, for example, to a drive. After arrival of this frame in the drive unit, the requested safety reaction is triggered. The radio transmission takes place in the “black channel” without a special security certificate. PROFIsafe has been approved for radio transmission from the start.
An interesting aspect of the PROFIsafe concept is that it also offers possibilities for connecting the requirements of safety and security together. Numerous systems, specifically many automation concepts of aerial railways for example (as operated between Manhattan and Roosevelt Island, see figure), are proving this. Errors that can occur again and again are, for example, denial of service through remote television cameras or malfunction due to frequency collision. Likewise, in the case of remote diagnostics, falsified non-safety-related data can lead to incorrect instructions to operating personnel. While these errors are not automatically willful in nature, they do show how carefully the risks have to be assessed. For aerial railways, for example, the automation system is threatened, so to speak, at two places. First, the owner controls the system itself using a wireless connection. Second, the manufacturer engages directly in the system for maintenance or troubleshooting. In such applications each controller of these two are areas are safeguarded using PROFIsafe.
In the very demanding sector of secure and safe aerial railways operation all of the applications defined by PROFIBUS & PROFINET International are used:
- Safe communication between the bottom and top stations and/or the car that is used in a safety function,
- Safe communication with higher-level operator control and monitoring systems and
- Safe communication during remote diagnostics and maintenance of the system by its manufacturer.