A programmable logic controller (“PLC”) is a digital computer commonly used for the automation of industrial processes, such as control of machinery used in factory assembly lines, oil refineries, power plants, etc. A remote terminal unit (“RTU”) is similar to a PLC, but generally does not provide closed loop control functionality. Both a PLC and RTU may monitor one or more process parameters and provide status signals to a monitoring station, over a communications link such as a local area network (“LAN”). With the growth in the use of wireless communications equipment, it has become commonplace to include a wireless communications interface in PLCs, RTUs and similar devices to output status information. Each such device is connected to a network (wired or via the wireless device) and can be addressed via an associated IP address. This is shown, for example, in FIG. 1 where a PLC 10 includes an interface for coupling to a network 20. This interface may be wired or wireless. However, connection to a network can lead to security issues. For example, if an unprotected wireless network is used or if someone gains access to the network, commands can be issued to PLC 10 which might comprise the associated industrial process. In an oil refinery or power plant, this could lead to significant and severe consequences. In particular, this may be a significant problem for PLCs, RTUs and similar devices which are used only for monitoring a process, because such devices were never intended to allow the preconfigured operating parameters to be changed, even though the communications link provides the ability to do so.
Highly engineered solutions, such as the Owl Computing Technologies Dual Diode, (described in U.S. Pat. No. 8,068,415, the disclosure of which is incorporated herein by reference) provide a direct point-to-point optical link between network domains in the low-to-high direction or in the low-to-high direction. The unidirectionality of the data transfer is enforced in the circuitry of the network interface cards at both network endpoints and in the cable interconnects. In this way, the hardware provides an added layer of assurance of unidirectional information flow and non-bypassable operation. In contrast to software based one-way data transfer systems, it is easy to prove that data is not bypassing the Dual Diode.
In such systems, shown as system 100 in block diagram form in FIG. 2, a first server (the Blue Server) 101 includes a transmit application 102 for sending data across a one-way data link, e.g., optical link 104, from a first network domain coupled to server 101 to a second network domain coupled to server 111. First server 101 also includes a transmit (here a phototransmission) component, e.g., optical emitter 103. Transmit application 102 provides data to the optical emitter for transmission across the optical link 104. A second server (the Red Server) 111 includes a receive (here a photodetection) component, e.g., optical detector 113, for receiving data from the optical link 104, which data is then provided to the receive application 112 for further processing. The first server 101 is only able to transmit data to second server 111, since it does not include any receive circuitry (e.g., an optical detector comparable to detector 113) and the second server 11 is only able to receive data from first server 101, since it does not include any transmit circuitry (e.g., an optical emitter comparable to emitter 103).
It is an object of the present invention to provide a front-end interface for a PLC, RTU or similar device which overcomes the problems of the prior art and provides greater protection for the integrity of the PLC, RTU or similar device.