Controllers protect IoT automation technology
To protect IoT applications and production data, WAGO have developed the PFC100 and PFC200 controllers.
They are characterised by a cross-platform, real-time Linux system, and can be used as secure gateways. The factory-installed Linux foundation supports essential security protocols, and ensures that these will be constantly refined thanks to the large Linux community. The controllers are Linux computers which support CODESYS PLC Runtime, as well as various interfaces and fieldbuses, such as CANopen, PROFIBUS DP, DeviceNet and Modbus-TCP.
All members of the PFC200 family are also designed to implement the current highest security requirements according to ISO 27000, depending on the application and the risk analysis. They provide onboard VPN functionality based on the strongSwan package and the OpenVPN package, which is a secure communications solution for Linux OS. Data in the PFC200 can already be encoded using SSL/TLS 1.2 (Secure Sockets Layer/Transport Layer Security) encryption. A VPN tunnel is then established directly via IPsec or OpenVPN and transfers the data to the cloud, even wirelessly if desired. While IPsec encrypts at the OS level or layer 3, OpenVPN ensures data integrity on the application layer (layer 5). This results in communication connections between the controllers and network access points that cannot be bugged or manipulated by third parties. An upstream VPN router is no longer required.
During communication with a PFC200, an encrypted LAN/WAN connection can be established between two endpoints. Connections are established only after successful authentication. An encryption method with a pre-shared key, which must be known to both parties prior to communication. Alternatively, a x.509 certificate is provided, which is a method in which a public key infrastructure generates digital certificates. The PFC200 currently fulfills all relevant guidelines for IT security as well as a large number of the requirements for applications in the field of energy and water supply.
The PFC200 can also be used as a scalable node, which can be retrofitted into pre-existing automation systems without involving the automation process. Data is collected in parallel and can be transmitted to the cloud, via MQTT or OPC UA, for example. Internal production of the data is also possible via a link to the manufacturing execution system (MES). Viewable via the Cloud. Processes can be recorded, as well as mapped and visualised via smartphones or tablets. Relevant areas can be filtered according to depth of detail by using a graduated hierarchy, to localize potential error functions earlier.