Industrial control systems have enabled modern factories to become partially or completely automated in many circumstances. These systems generally include a plurality of Input and Output (I/O) modules that interface at a device level to switches, contactors, relays and solenoids along with analog control to provide more complex functions such as Proportional, Integral and Derivative (PID) control. Communications have also been integrated within the systems, whereby many industrial controllers can communicate via network technologies such as Ethernet, ControlNet, DeviceNet or other network protocols and also communicate to higher level computing systems. Generally, industrial controllers utilize the aforementioned technologies along with other technology to control, cooperate and communicate across multiple and diverse applications.
Industrial controllers and associated control systems have increasingly become more sophisticated and complicated as control applications have been distributed across the plant floor and in many cases across geographical or physical boundaries. As an example, multiple controllers and/or other devices can communicate and cooperate to control one or more aspects of an overall manufacturing process via a network, whereas other devices can be remotely located, yet still contribute to the same process. In other words, control applications have become less centrally located on a singular control system having associated responsibilities for an entire operation. Thus, distribution of an overall control function and/or process frequently occurs across many control components, systems or devices.
Advances in networking technologies have further facilitated automating in manufacturing in an industrial environment. For example, utilization of the Internet has allowed indirect communication between high-level systems, such as Enterprise Resource Planning systems, and factory floor devices (e.g., programmable logic controllers) across substantial geographic boundaries. The communication is indirect because in conventional systems middleware is required to map data and data records that are employed by applications within the ERP system(s). Accordingly, if the middleware is compromised, an entire automation system can be subject to failure. Attempting to eliminate the middleware, however, is also problematic. For instance, if the middleware is removed, then controllers and other low-level devices require a greater amount of intelligence, and must be able to recognize and generate data structures that can be recognized and generated by the high-level system. Further, eliminating middleware can compromise control logic, data records, and data structures that are associated with automation controllers and other low-level devices.
These devices and data associated therewith can be compromised due to communication protocols that are employed in connection with conventional data exchange. In particular, conventional industrial automation systems employ server computers as middleware to receive requests over the Internet, and requests and data responding to such requests are communicated over the HyperText Transfer Protocol (HTTP). Web servers facilitate sending and receipt of such requests, and the requests are serviced by server computers. Particularly, the server computers (which act as middleware) pull data from the automation controllers and map such data to the higher-level systems, thus enabling the high level systems to recognize and manipulate the data. By employing HTTP as a communication protocol, the server computers are subject to attacks that are common to the Internet, but the automation controllers are insulated from such attacks by the server computers. Eliminating the server computers while retaining use of conventional communication methods would subject automation controllers to Internet-based attacks, thus compromising products being manufactured as well as safety of workers within an industrial environment. For instance, a malicious user skilled in computer programming may be able to obtain access directly to an automation controller if the server computers do not buffer such controller. Such access can be obtained because the conventional Internet data exchange protocol is HTTP.
Accordingly, there exists a need in the art for a system and/or methodology for protecting automation controllers and other low-level automation devices if middleware that maps data between the automation controllers/low-level automation devices and high-level systems is removed.