There are many types of industrial plant control systems (IPCS) known in the art for controlling industrial equipment and processes. One such conventional IPCS 102 is shown in FIG. 1. The IPCS 102 can have a distributed network configuration, i.e., there are application specific modules connected to each other, industrial equipment, and user interfaces via a local control network. As shown in FIG. 1, the IPCS 102 generally includes a computing system 104 and a memory device 106. The computing system 104 is typically a desktop personal computer system, a laptop personal computer system, a personal digital assistant, a wireless computing device, or any other general purpose computer processing device. The computing system 104 is configured to allow users to monitor and/or control an industrial process or equipment 118. More particularly, the computing system 104 is configured to (a) enable a user to customize security settings for various employee types (e.g., program level (PROG), engineer level (ENGR), supervisor level (SUPR), and operator level (OPER)) of an industrial plant, (b) enable a user (e.g., an engineer or operator) to obtain information regarding one or more parameters of an industrial process based on the customized security settings, and (c) enable a user (e.g., an engineer or operator) to change one or more parameters of an industrial process based on the customized security settings. Such parameters generally include, but are not limited to, temperature parameters, timing parameters, and liquid level parameters.
The memory device 106 is configured to retain a default security setting data file (DSSDF) 108 containing default security setting data 110 and a customized security setting data file (CSSDF) 112 containing customized security setting data (CSSD) 114. Such security setting data 110, 114 can generally include information indicating a user type (or access level) and information indicating process parameters (e.g., temperature and liquid level) that a particular type of user can change. The user types (or access levels) can generally include, but are not limited to, a program user type (or access level), an engineer user type (or access level), a supervisor user type (or access level), and an operator user type (or access level)). For example, the CSSDF 112 includes data PP11—E O indicating that a user logged into the IPCS 102 having an operator status can change a process parameter PP35. The phrase “log in” as used herein refers to a process of identifying a user to the IPCS 102 for gaining access to the IPCS 102 as a legitimate user.
As shown in FIG. 1, if a user having an operator status initiates actions using the computing system 104 associated with changing the value of the process parameter PP35, then the computing system 104 can perform actions to access the memory device 106, retrieve CSSD 114 therefrom, and determine whether the process parameter PP35 change is allowed based on the CSSD 114. If it is determined that the user having an operator status is authorized to change the process parameter PP35, then the computing system 104 allows the requested action to be completed, such as writing a new value to the memory device 106. Alternatively, if it is determined that the user having an operator status is not authorized to change the process parameter PP35, then the computing system 104 can perform actions to display a message to the user indicating that the process parameter PP35 change was not allowed (or blocked).
One can appreciate that there are certain advantages to connecting a second IPCS 122 to the first IPCS 102. For example, IPCSs are expensive and complex to install. The installation generally includes electronically connecting numerous circuits together. Each of the circuits and associated connections often need to be tested and certified by one or more government agencies. As such, users of an IPCS 102 are often unwilling to replace the IPCS 102 with an upgraded version of the control system. Instead, users may want to build on top of or expand the capabilities of an existing IPCS 102 by adding additional software and/or hardware to the IPCS 102. Such software and/or hardware can include a second IPCS 122.
However, a control system configuration including two or more IPCSs (such as IPCSs 102, 122) generally suffers from certain drawbacks. For example, the first IPCS 102 and the second IPCS 122 may not be compatible with one another, i.e., each IPCS 102, 122 may employ a different communications format. As such, a gateway node 120 may be provided to enable the communications between the first IPCS 102 and the second IPCS 122. Consequently, the control system configuration becomes more hardware intensive. Furthermore, the second IPCS 122 generally does not utilize the customized security settings of the first IPCS 102 for allowing or blocking a user from manipulating process parameters. Rather, the second IPCS 122 user may instead be forced to utilize the default security settings of the first IPCS 102 for allowing or blocking the user from manipulating process parameters stored in its associated memory device 106. One can appreciate that this may be a disadvantage when a user (e.g., an engineer) of another computer system (e.g., IPCS 122) can not change a certain process parameter during emergency situations associated with the first IPCS 102 (that would be able to be changed by users of the first IPCS 102). Thus, there is a need for an improved system and methodology for coordinating security settings between two or more control systems.