Field of the Invention
The present invention relates to a process control apparatus and system, and to a method for determining the normality thereof.
Priority is claimed on Japanese Patent Application No. 2013-153875, filed Jul. 24, 2013, the contents of which are incorporated herein by reference.
Description of Related Art
In a plant or a factory or the like (hereinafter, collectively simply called a “plant”), a process control system controlling various state quantities (for example, pressure, temperature, and flow amount) in an industrial process is built, and a high level of automated execution is implemented. Specifically, for example, as noted in Japanese Patent No. 4399773, PCT International Publication No. WO 2005/050336, and United States Patent Application, Publication No. 2007/0078980, a controller forming the core of a process control system acquires detection results from a plurality of sensors (flowmeters, temperature sensors, and the like), determines the actuation amounts of actuators (valves and the like) in accordance with the detection results, and operates the actuators in accordance with the actuation amounts, so as to control the various state quantities.
Although plant control systems in the related art have been built using dedicated apparatuses having unique specifications, many plant control systems in recent years are tending to be open, and are built using general-purpose apparatuses (computers, workstations, and the like) with public specifications. A plant control system using such general-purpose apparatuses, similar to general information systems, requires software improvements, such as functional expansion of operating system (OS) and applications, and correction or the like of problems and vulnerabilities of the operating system and the application.
Although process control systems in the related art have been often built independently, in order to improve productivity and the like in plants, there are increasing opportunities for plant control systems in recent years to be connected to another information systems managing, for example, production. In an environment such as this in which a process control system is connected to another information system, because a risk from external cyberattacks can be envisioned, it is important to make the software improvements (such as functional expansion of the operating system and the application, and correction or the like of problems and vulnerabilities of the operating system and the application) on a continuing basis.
Compared with a general information system, a plant control system built in a plant has the following peculiarities (1) and (2).
(1) Demand for Tight Security
Because there are many flammable chemical substances used in a plant, when a cyberattack results in unpredicted execution, in the worst case an explosion may occur. Given this, a plant control system built in a plant needs to have tighter level 2 security than a general information system. The level 2 security refers to a protection from external attacks and a protection from internal attacks. The protection from external attacks means that the control system is protected from unauthorized access of external attackers. The protection from internal attacks means that, when a part of apparatuses provided in the control system is hacked by attackers, other apparatuses provided in the control system are protected from the attack of hacked apparatus.
(2) Maintenance of Long-Term Normality Countermeasures
The life of a plant is approximately 30 years, which is a number of times the life of a general information system. It is necessary for a plant control system designed for a plant to maintain security countermeasures over a long period of time that is approximately the same as the life of the plant. For example, it is necessary to continue to obtain corrective patches to correct vulnerabilities in an operating system and applications used until the plant reaches the end of its life.
The maintenance of security countermeasures over such a long period of time is not necessarily achievable. For example, if the period during which an operating system is supported ends (if it reaches the end of service (EOS)), it becomes impossible to obtain such corrective patches. Then, there are cases in which it is impossible to correct vulnerabilities in the operating system.
When support for an operating system that has been used ends, it can be imagined that a new operating system could be introduced. However, in order to introduce a new operating system, it is necessary to verify that the same type of operation is possible as with the operating system that has been used, there are cases in which a long time is required for the verification. Also, if the operability of the newly introduced operating system changes, it is necessary to retrain users (operators), there are cases in which costs and time are required.