The Schneider Electric Modicon M580 ePAC range of programmable controllers natively includes advanced security functions to protect critical processes from cyber attacks.
Access security:
>
Processor, communications, memory, operating modes.
System hardening:
> Integrity control, management of unused services.
Traceability of security events:
> Detection of intrusion and corruption attempts, event logging (Syslog).
The latest generation Schneider Electric Modicon M580 ePAC programmable controllers are developed according to the Secure Development Lifecycle (SDL) process which guarantees cybersecurity management throughout the system’s lifecycle.
What the ANSSI (National Information Systems Security Agency) requests – Detailed measures [R.218], [R220]
“For PLCs, when the equipment allows it, the following mechanisms should be activated:
• Access protection to the CPU and / or program;
• Restriction of IP addresses that can connect;
• Deactivation of remote programming mode. “
“The tools should be labeled. “
Customer benefits
Security, reliability and compliance
• Safety and reliability of operations
• Ease of configuring security settings
• Compliance with the most demanding cybersecurity regulations (LPM / ANSSI).
Description of the offer
Developed in accordance with EDSA ISA Secure certification (IEC62443-4).
The Modicon M580 ePAC PLC has extended safety functions:
>
System, Firmware, and Software Integrity.
• Real-time system integrity checks: processor, memory, system tasks.
• Signed and encrypted M580 firmware: SHA256 – RSA4096 – AES256 algorithms.
• Signed application software with permanent signature verification.
>
Reinforced access controls.
• Encrypted passwords.
• Deactivation of unused services: HTTP, FTP, EIP, DHCP, BOOTP, SNMP,…
• Protection of RUN / STOP modes.
>
Secure communication.
• Communication between PLC and secure maintenance console. IPSEC protocol.
Compliance with current requirements (IEC62443-4, LPM, ISO 27000, Achilles L2, ANSSI-CSPN).
Availability of installations (reliability of equipment, “Hot Standby” redundancy mechanisms).
The Schneider Electric Modicon M580 ePAC programmable logic controller is CSPN certified by ANSSI.
Schneider Electric NEC – Network Engineering & Cybersecurity – offers a support service in the implementation of Modicon M580 ePAC: FR-NEC@schneider-electric.com
Modicon M580 ePAC Control at the heart of EcoStruxure
The Modicon M580 combines the existing functionality of Unity programmable controllers with innovative technologies to offer the full Ethernet programmable controller from Schneider Electric.
The Modicon M580 ePAC (Programmable Automation Controller) offers openness, flexibility, robustness and durability.
M580 modules are designed with an Ethernet backbone to optimize connectivity and communications. They support X80 common I / O modules, which can be easily integrated into their architecture.
Powerful processors provide high levels of computation for complex network communications, for display and for control applications.
Innovative
EPAC concept
> Standard Ethernet network from top to bottom.
> Open architecture with direct Ethernet connection in the backplane.
Advanced technologies
> High speed dual core processor (ARM® type).
> High speed communication, application and execution.
> Innovative electronic and mechanical design for high immunity to electromagnetic interference and greater robustness than that required by IEC standards.
> Supports a wide temperature range, from -25 ° C to +70 ° C.
High accuracy
> Native deterministic Ethernet network.
> Possibility of offering an I / O resolution of 1 ms by a native “time stamping” at the source with specific “time stamping” modules via an OPC server.
> The applications include functions such as:
- recording of sequences of events (SER: Sequence Of Events Recording),
- automation of the electricity distribution substation,
- history of protection relay trips,
- alarm / event logs,
- timestamping of electrical monitoring data logs,
- internal data timestamp.
No program needed with “Solution mode” time stamping mode.
Designed to be flexible
> Flexible topology that facilitates equipment integration.
> Ability to simultaneously use remote equipment, distributed equipment and other devices on the same field Ethernet network with full software integration.
> Transparent data access via the main Ethernet network.
> Simple HMI integration via a third port on the remote I / O module.
> Interface with other popular fieldbuses and device networks, including AS-Interface, Modbus, Profibus, and HART.
Easily expand processes or applications with flexible Modicon M580 topology.
Optimized architecture
> Simple daisy chain loop.
No switch is required for the main single ring.
Easy diagnosis
> The Ethernet network provides information anywhere.
> Simple, remote and mobile diagnosis (smartphone, tablet, etc.).
> Embedded web server for web access.
> Management of supervision screens on the HMI and access to the screens of the HMI.
> Integrated Vijeo Citect objects for advanced integrated diagnostics.
Modify the configuration on the fly without stopping the process
> Add or remove digital and analog I / O modules on the RIO drop (without time stamp) or the local I / O rack. 3
> Add a new RIO station.
> Modify the channel configuration parameters.
> Automatic reconfiguration of modules during hot swapping.
> Online application changes during process execution, including addition of new variables shared with the human / machine interface (HMI).
Guaranteed associations in the EcoStruxure architecture
Modicon M580 Ethernet programmable controllers can be perfectly combined with:
The partners
> Possibility of developing X80 modules on an Ethernet backplane with the backplane of the Ethernet connection kit.
> For specific applications or communication modules: weighing, Wi-Fi, etc.
The Vijeo Citect HMI
> To manage time-stamped events via an OPC server in a system approach.
> To display Unity Pro diagnostic buffers.
> To integrate objects quickly and easily to provide advanced diagnostic information.
The Wonderware System Platform (WSP)
> Integration with Schneider Electric’s OPC offering.
Altivar Process variable speed drives
> Integration of a tool for implementation, commissioning and diagnostics via FDT / DTM.
> Single point of entry, DFB, predefined profiles and implicit data structure (DDT) for drives to reduce development time.
> Integrated Ethernet port for integration into many network topologies (ring, tree, star and linear).
> The dual port provides a single connection and high availability (ring topology).
> Standard and proven Ethernet protocols: Modbus TCP and EtherNet / IP.
> “Fast Device Replacement” (FDR) and main standard Ethernet services (RSTP, SNMP, SNTP, DHCP, QoS, HTTP Web server).
The MagelisTM HMI range
> Connection via Wi-Fi of the X80 module, access to the Web server, several screens on the main Ethernet network, diagnostic buffers supported by Vijeo Designer, export of Unity Pro data to Vijeo Designer.
The Schneider Electric range of services dedicated to the installed automation fleet
> Schneider Electric provides smooth migration paths for migrating existing hard-wired I / O to M580.
Protect investments
> Adopting the Modicon family with common X80 modules enables training and maintenance costs to be reduced.
Modicon family with common X80 modules.
Keep the existing Modicon Premium or Quantum I / O and wiring.
Modernize the installed fleet smoothly and step by step according to a budget thanks to tailor-made solutions.
Smooth migration paths for hardware (quick cabling adapter) and software (software converters).
Architectures
The Modicon M580 automation platform offers 4 different types of architecture with local racks or racks in remote stations. These four options are presented on the following pages.
The Modicon M580 automation platform offers an I / O architecture distributed over local racks, field buses and Ethernet, which connect the M580 main rack to remote I / O stations (RIO) installed on a Modicon X80 rack (The Modicon X80 range offers common I / O modules that can be used in Ethernet RIO stations connected to Modicon M580 automation platforms.) and distributed I / O devices ( DIO).
The Modicon M580 solution includes:
> RIO stations on a Modicon X80 station,
> Ethernet DIO devices,
> a choice of three CRA Ethernet station head couplers (standard or high performance) in each Modicon X80 RIO station,
> two optical fiber repeaters, for single-mode or multimode optical fiber, on a Modicon X80 RIO station,
> three types of managed double ring switches (DRS) from the ConneXium range (ConneXium switches supported: TCSESM083F23F1 / 063F2CU1 / 063F2CS1), configurable using predefined configuration files for immediate installation.
Different architectural possibilities are therefore possible, such as:
> Ethernet RIO architectures with or without managed ConneXium switches,
> architectures with Ethernet RIO and Ethernet DIO devices separated or combined on the same physical medium.
This solution also offers several options and standard functions:
> high process availability, with the possibility of connecting Ethernet RIO and Ethernet DIO in a ring (“Daisy Chain Loop”),
> deterministic data exchanges between the PLC and Ethernet RIO devices,
> a remote service, with a SERVICE port on the M580 processor or on the Modicon X80 CRA Ethernet station head couplers.
The typical architecture shown here is a block diagram of the network and does not represent the actual characteristics of the cabling.
