By Bob Webb
One of many important aspects of a good control system design is the system's ability to tolerate transients seen on any system interface, as well as the system's electronic environmental friendliness to others. You should expect transients (typically fast, short high-voltage or high-energy impulses-perhaps 500 or 1,000 volts or more, lasting from nanoseconds to milliseconds) on any input, output, or interface not filtered and shielded from such electromagnetic garbage. This is particularly true in any industrial facility where large electric loads routinely start and stop.
Wiring running near switchgear that controls motors and other large loads acts as an antenna to collect such impulses. So input and output lines from your PLC or DCS running to your motor control center are typical sources of transients. Sensors and final control elements in exposed locations that can be subject to lightening are another potential source of transients. Other electromagnetic noise spanning the frequency range of the electromagnetic spectrum may also be expected, depending on the application. Not only can transients and noise enter the system on input and output lines, but on communications lines, power supply feeds, and pretty much any interface to your system.
Is this for real?
If you do not believe this kind of noise is there, borrow an analyzer and see for yourself. A variety of specialized recorders and analyzers are available (such as line disturbance analyzers designed to measure transients on power supply feeds to important systems). We recently ran one on the input and output of a UPS system originally designed to provide clean instrument power for a power plant. We found literally hundreds of transients exceeding 100 volts in magnitude on the UPS system's output. Clearly, they were not supposed to be there. Fortunately, the DCS and other instrumentation connected to that system were well designed; as a result, there were no miss-operations or failures due to this garbage.
Standards, product specifications
There are good standards related to transient protection, including those by IEEE and several mil specs. Even 30 years ago, this phenomena was easy to understand, and control systems designs withstood these kinds of environments. So why bring it up now?
If you buy a system from those who have the heritage of designing for noisy, transient ridden environments, you should be taken care of because their equipment design should assure operation in spite of transients, and the ancillary equipment they supply or specify should provide defense in depth at many layers throughout their systems, by design. Regardless, the equipment you purchase should be type tested, or specifically tested to demonstrate compliance if you require more than typical transient immunity. Look at the system specifications for common- and normal-mode noise rejection on all input/output (I/O) and other interface lines, including the power supply specifications. These specifications should cover broadband noise. Look at their specifications for transient protection. Look at their testing on the equipment you intend to use.
If you are planning to buy a few parts and a PC or two and build your own data acquisition or control system, instead of buying one from a manufacturer with extensive experience in your industry, you will have to make sure you design these features into your system. How do the experienced manufacturers do it? They include appropriate filtering and suppression technology on all interfaces to the extent their hardware is sensitive to such noise. Most technology provides levels of protection at a non-destructive level and further protection which requires replacement of protection components. You need to know the typical and expected worst case environments, and you also need a solid system design in other respects (such as grounding) to have effective transient suppression.
Inheriting a questionable system
If you already have systems, how do you know whether transients are a problem or not? Do you have unexplained failures or system changes? If so, transients could be one of the possible causes. Most of the time, however, something goes wrong with your system, and there are no obvious indications of why the problem occurred. What then? Transients on any interface with the system and adequate grounding are two typical causes to examine. Are there other possible causes? Sure. One example often overlooked during failure investigations is unintentional or intentional remote access. Could a hacker or a corporate IT "expert" have remotely accessed your system and made changes? Do you think of these things along with the other perhaps more typical causes when you go to repair or replace equipment? You should.
If you suspect transients on the power or system I/O may be related to the problem, you can use a transient analyzer to look for transients that correlate to system events classified as problems.
If you suspect system security problems, check your facility or site automation systems security program against ISA99 requirements. Is your system isolated from undesired outside communications better than it was protected against transients? In addition to programmatic adequacy, you may also need to add hardware or make changes to your system. One example is the addition of a dedicated firewall specifically designed to work with legacy controllers.
ABOUT THE AUTHOR
Bob Webb is a consultant for ICS Secure in Poulsbo, Wash. He serves on the ISA Standards and Practices Board and is managing director of ISA67, Nuclear Power Plant Standards.