In industrial process control, sensors for sensing physical measurements for the process being run (e.g., pressure, temperature, level, or fluid flow) and instruments for performing control output actions (e.g., control valves, actuators, or drive units) for the processing units in industrial plants may be located across a large geographic area. These instruments are generally referred to as “field devices” or “field instruments” (hereafter “field devices”), which may be located in areas that are either manned or unmanned. The levels of security at the various locations may vary. All of these factors present a challenge to assure the field devices remain operating as intended, and as verified during the commissioning process before they are placed in service.
Contemporary field devices are generally termed “smart” field devices because they provide valuable asset data besides the basic sensor or control function for a physical parameter. This asset data relates to the diagnostic health of the field device and the process/application with which it is involved. In the case of a smart position sensor, for example, an ability to self-calibrate is provided by a combination of an Application-Specific Integrated Circuit (ASIC) and an array of magneto-resistive (MR) sensors to accurately and reliably determine the position of a magnet attached to a moving object (e.g., elevator, valve, machinery, etc.), so that the object's position can be accurately determined.
Field devices generally use standard field communication protocols such as HART, WirelessHART, FOUNDATION FIELDBUS, PROFIBUS, PROFINET or ISA 100.11a, to communicate with a remote host system or device, such as a network server, distributed control system (DCS), safety system, instrument asset management system, or handheld configurator. Such host systems or devices generally include write access to the smart devices, and often the smart device itself supports configuration through its own local interfaces, such as a local display screen and switches. The configuration parameters are set for each field device by the user with any of the aforementioned hosts available so that the field device operates as intended.
Since field devices may perform mission critical measurement and control, the data security in such devices is important. Accordingly, any changes to the configuration data of the device (values held in different process parameters) need to be safely guarded, and care is generally taken to prevent unintended configuration changes to be made after commissioning. Configuration changes, whether changed inadvertently or changed maliciously, may be detrimental to the operation of the plant, and in certain cases might put human life at risk.
Traditionally, unauthorized changes to configuration data is avoided by plants having Standard Operating Procedures (SOPs) for field device access for writes/configurations, and sometime access for reads as well, where the host systems or devices provide write access control to specific users/specific scenarios, and then the field devices themselves perform write protection. The write protection for field devices is generally implemented by software or by hardware (a write protect hardware jumper), or by both.
When a field device is configured for write protection, the intent is to block unauthorized changes to its configuration data. Write protection methods are standard, and generally perform their function effectively. However, the systems and individuals responsible for the safe plant operations of the process and those responsible for the proper operations of the field devices are not made aware of attempts to change device configurations.