How distributed control systems bridge automation to the future

Automation is becoming increasingly open and vendor-agnostic. Likewise, field devices that must be digitalized and interoperable for reporting, maintenance, analytics and decision-making are becoming more remote and automated.

Recently, Schneider Electric’s Marcel Rameil, global offer manager for Control Software for Foxboro DCS, and Thad Frost, business leader for Foxboro DCS, talked with Control about today’s best practices for all aspects of plant automation, and how autonomous plant operations can be achieved.

Q: Thad, what are some of the challenges engineers and operators encounter today?

Thad Frost, business leader, Foxboro DCS

A: The first is the pace at which technology is changing. There are plants that turn around once every 10 years, and within those 10 years, technology could change three, four or maybe even more times.

My first job was to look at process and instrument diagrams (P&ID) and their instrument tags, and write them on paper to be loaded into the distributed control system (DCS). My second job was looking at those P&IDs and drawing process operator graphics. Today, P&IDs are automatically scanned to get I/O loading and graphics.

We also have artificial intelligence (AI), which I believe is the next industrial revolution. The speed of these changes in technology, coupled with an aging workforce and everyone being asked to do more with less, isn’t a good recipe for success.

Q: Marcel, how can an existing plant be sustained in the future?

A: First, it’s about managing obsolescence. For that, owners and operators interacting with automation must be aware of their current situations. Transparent lifecycle workshops, with all their vendors involved, should be conducted to enable proactive planning of upgrades and migrations.

Process elements stuck in obsolete lifecycles must be prioritized for the next upgrade. Until they can be exchanged, additional perimeter protections must be implemented around those critical assets, and follow the onion (defense-in-depth) principle to protect them against malicious cyber-attacks. For example, this means using physically locked equipment, restricted access, enforced user authentications, effective and maintained endpoint protection, backup and restore philosophies, and segmented networks and conduits with restrictive firewalls.

Another aspect is virtualizing server workloads, which can help decouple aging hardware from the need to reinstall software. With a virtualized server, you can migrate from old to new hardware without service interruption.

Also, modern ways of implementing operator interfaces help when operators retire, and new operators must catch up. This can be accomplished with digital twins that help build training simulators, so new operators can learn how to handle a plant in abnormal conditions without having to introduce any danger to people, equipment or the environment.

Q: Hardware and software changes quickly. Thad, how can operators guard against software obsolescence?

A: Hopefully, in guarding against software obsolescence, you've selected a DCS vendor with a compelling vision for openness and interoperability by using standards. Ideally, this DCS vendor has also demonstrated the ability to handle software obsolescence in the past.

Select technologies that are mainstream and high volume in their markets to ensure the longest lifecycles. Based on the existing product lifecycle information, start planning future upgrades and migrations, and work with your chosen vendors on how to get there with minimized cost, risk and plant disruption.

Q: Marcel, what are the keys to cybersecurity compliance considering the ever-evolving requirements

Marcel Rameil, global offer manager for Control Software, Foxboro DCS

A: It’s about compliance, with cybersecurity built into automation products from the beginning following a standard, such as IEC 62443 that seems to be the emerging, consolidated standard for industrial cybersecurity. A vendor usually supports this standard with certifications, and in this case, the standard is supported by three dimensions of certifications. The first is the secure development lifecycle assurance (SDLA). The second is for individual modules or components, and is called the embedded device security assurance (EDSA). The third defines a reference architecture that guides users of a certain automation product to combine the components of a product into a holistic certified reference architecture. This is called system security assurance (SSA).

Certification isn’t the only aspect. Cybersecurity is all about technology, people and processes, and we need to understand that attack vectors today are multifold, and studies reveal they come from inside and outside companies that run process automation equipment.

It's critical to understand all the dependencies of hardware and software to learn about different lifecycle states, and integrate predictions from respective vendors to develop an upgrade/migration plan. Everything needs to be kept current, so that known vulnerabilities are addressed and patched, and updates can be consumed. It's also important to align IT and OT teams on a joint approach for keeping everything current. Again, operating critical elements like computers, operating systems, embedded modules and databases in an obsolete lifecycle without support from the vendor should be absolutely unacceptable, and needs to be addressed at the next possible opportunity.

Q: Marcel, how can automation knowledge in an asset be sustained?

A: It’s critical to maintain a digital twin that can be enriched with related information, such as documents, drawings or engineering artifacts, to help maintain remnants from the engineering phase of the plant's automation into its operations phase, where it can stay relevant and up to date. This also means these artifacts must be updated with each maintenance activity in the plant and, ideally, digitalize the artifacts from previous engineering efforts, so they can be brought forward.

When we talk about a digital twin, it’s certainly best to build an operator training simulator from it. A simulator is a nice feature to help new team members get up to speed on running and maintaining the plant. Modern simulators can emulate involved systems, and replicate the plant's dynamic functions in high-fidelity, including mass and energy balances and geodetic topology, piping geographies and/or exothermal chemical reactions. With such simulations, near-reality simulation scenarios can be set up. Operators can be exposed to fires, leaks and plant behaviors without posing physical danger to plants, products or people.

Q: Marcel, how does Foxboro DCS support industry challenges and trends we've discussed?

A: First, we introduced a new update called Control Software v8.0 at the beginning of 2024, which is based on Aveva System Platform 2023 for real-time operations, as well as its human machine interface called Aveva Managed InTouch for system platform, Aveva Historian and Aveva Application-Server. The system is designed for maximum availability and minimum downtime. There's no single point of failure, and this allows maximum profitability and minimized process disruption.

Enhancements on the upgrade let users renew firmware or fault-tolerant controllers in the plant while it’s operating. The system supports contemporary, Ethernet-based I/O infrastructure, with Ethernet/IP and OPC UA client or Profinet protocols, enabling future Ethernet-Advanced Physical Layer (APL)-based I/O topologies.

In addition, the Aveva software portfolio can bridge operations in the control room with the business decision layer on the user's enterprise level throughout software solutions for planning, reporting, dashboarding, enterprise historians and data lake applications. From engineering via operations to maintenance, it enables retention of engineering artifacts and training scenarios with real-time, digital twins and simulators. The full range of software can be a bridge between operations and the enterprise.