Process control systems can be complex and comprise a number of different types of computers, such as operator work stations or terminals, engineering work stations or terminals, control servers and other types of control, monitoring and protection computers.
These control systems are furthermore typically delivered with a set of generic and configurable software functions for controlling and monitoring the process. The activity to configure this software for a specific application, i.e. to control a specific process, is commonly referred to as engineering, and is typically to a large extent performed on an engineering workstation, often before the rest of the computers in the system are connected or even delivered.
Engineering typically also includes defining the control system itself, including controllers, servers, and workstations, and how these are connected to each other over a control system network.
Computers are normally delivered from a manufacturer with a pre-installed operating system. Computers that are intended to be used as system nodes in a control system may also have control system specific software pre-installed.
The control systems do in many situations need to have a high security. If unauthorized computers are able to access a process control system, they may be able to disrupt the control of the industrial process, which can be dangerous and even fatal.
However a process control system is also not a fixed system, it may need the addition of new computers or the replacing of old computers. This means that there is a need for improved security when adding a computer to a process control system, either as a new node or as a replacement node.
Normally it is required that relevant software is pre-installed in the computer that is to be joined, or that web technologies are used for downloading components as they are needed. Pre-loading of software is time consuming, adding to the cost for joining the new computer. Web technologies are associated with security problems of various kinds.
There exist some prior art directed towards adding computers to computer systems.
U.S. Pat. No. 7,814,181 does for instance describe connecting a trusted configuration device to a network element, setting up a secure connection to a provisioning server and receiving a configuration from the server.
US 2008/0281953 describes establishing of a secure connection to an administrator device for obtaining configuration data for a computer.
US 2010/0131652 describes the provisioning of a configuration file that can be transferred to a computer via a transportable physical medium.
However, none of the documents are concerned with the problems of adding computers to a process control system.
There is thus a need for a way to connect computers to a control system that has an improved security.