1660318045997 Ethernetaplasecureyetfamiliarpathforwardhero2

Ethernet-APL: A secure yet familiar path forward

Nov. 12, 2021
To reap the benefits of Ethernet-APL, potential barriers to industrywide acceptance must be minimized. In the process industries, only HART-IP delivers both the built-in security and comfort level needed to achieve that reality

Bringing Ethernet technology that last mile to the field instrument represents perhaps the ultimate convergence of information and operational technology (IT/OT) for the process industries. For operational technologists, it’s an opportunity to fully capitalize on the dramatic advances in networking technology that have already transformed the architectures of the automation and information management systems upon which they rely. But it’s also like facing the loss of a familiar old friend in the form of the 4-20mA analog loops that have served industry so well for so long.

Yes, HART-IP over Ethernet-APL replaces that analog signal with fully digitalized process variables and control signals. But it also brings forward HART’s industrywide familiarity, unrivaled interoperability ecosystem and proven utility when it comes to instrumentation monitoring and diagnostics data.

More than 30 years ago, HART was created as a command/response protocol, in which a host issues a command, and a device responds. When there are many devices in an installation and a host is communicating with many of these devices, the host needs to know the name or address of the device it wants to issue a command to. This addressing scheme is defined in the HART protocol specification.

But when HART was adapted to Internet Protocol (IP) back in 2007 to backhaul data from WirelessHART gateways, the addressing scheme defined by HART was no longer required. Rather, IP-addressing is used, and each device is assigned an IP address. It’s as simple as that: HART-IP is the same as HART, but with IP addressing. It’s the Ethernet-APL physical layer that makes it dramatically faster.

Inherent security

While Ethernet and IP represent much of what’s good in the networking world, IP-addressable devices also come with the need to address potential security concerns. “If you’re going all digital with an IP-routable protocol, you have to ensure security,” says Peter Zornio, CTO Automation Solutions, Emerson. “And with HART-IP, these security features are mandatory, not optional as they are with some other device protocols for Ethernet-APL.”

So, with the 2020 revision 7.7 of the HART specifications, requirements for specific security suites are now specified to provide communication security, audit logs and syslogging.

Communication security requires that new devices support the industry standard Internet Protocol Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) suites. HART commands have been added to simplify security deployment and aid users in navigating multiple security options. Additional diagnostics and forensic requirements are also included.

Devices are required to capture audit logs that summarize communications activities, including records such as client identification, connection start/stop times and whether the device configuration was changed in that session.

Finally, HART-IP devices also must support syslogging, an industry standard means of publishing device events to a network’s security information and event management (SIEM) system. All HART-IP devices must support network time using either Network Time Protocol (NTP) or Precision Time Protocol (PTP). Consequently, all syslog messages from all network devices are time synchronized, enabling forensics on network-wide behavior and activities.

Combining communication security, audit logs and syslogging results in robust security for HART-IP enabled products.

“With Ethernet-APL, operators will have the need to really be up to date with all the of the firmware and the software they’re using,” says Thomas Rummel, senior vice president of engineering and product management, Softing Industrial Automation. “In the past, the attitude was ‘it’s running now, so never change it,’” Rummel explains. “But in the future, you’ll have to ensure that all security patches are kept up to date and no back doors are left open.”

These new requirements for intelligent device management, switch configuration and other similar tasks may well present the opportunity to have IT-trained personnel contribute more directly to the support of process operations.

“For years, we’ve talked about the convergence of IT and OT,” notes Wally Pratt, director of field communication protocols for FieldComm Group. “And while there’s sometimes been resistance from the operational side of things, it’s in the IT group’s wheelhouse to take to care of tasks like network security management, patching, firewall configurations and the like. Let the IT people do what they do best.”

Easy does it

And with HART-IP, securely commissioning a new Ethernet-APL device can be just as easy as it is to securely commission a WirelessHART instrument, Pratt continues. “Take it out of the box, put it on the bench, hook up a handheld and enter a network ID and join key. Then just put it out in the plant and it works. We’re trying to do the hard stuff inside to make it simple on the outside.”

Both Dow’s Jeff Konrad, technical solutions team leader, automation interfaces, and 3M’s Robert Sentz, senior engineering specialist, envision that Ethernet-APL field network security would be an extension of the long-established IT security practices now used at the higher levels of their companies’ Ethernet-based automation and information networks.

And when it comes to 3M’s first adventures in Ethernet-APL, “it might be nice start with something that looks very familiar,” Sentz says. “I expect that we might want to add to what’s available in HART-IP, but starting there with the ability to grow would allow for a smoother transition.”

Jason Urso, chief technology officer, Honeywell Process Solutions, agrees that industry shouldn’t waste a lot of time worrying about how devices talk to one another. “Let’s build on a widely adopted and pervasive infrastructure where we have lots of people that understand it and know how to maintain it. We may find that new devices and different industries are better suited to other protocols than HART-IP, but Ethernet-APL doesn’t preclude us using them as well.”

“So, let’s get this technology out to our customers as quickly as we can,” Urso says. “So we can learn from it, adopt and adapt.”

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.