Ethernet I/O Module with Embedded Security

Wednesday, November 18, 2015 @ 09:11 AM gHale

Bedrock Automation introduced the first software configurable 5-channel Ethernet I/O module.

The new SIO4.E Ethernet I/O module plugs into the Bedrock pinless electromagnetic backplane to receive Bedrock’s patented Black Fabric cyber security protection. Each of the module’s five I/O channels is independently software configurable.

The initial library of Ethernet protocols includes Ethernet IP, Modbus TCP, and OPC UA on TCP IP. All channels also deliver Power over Ethernet (PoE) while Bedrock’s unrivaled computing horsepower and advanced electronics enable easier integration into real-time communications and control strategies.

Tightly coupling Ethernet into the process control and I/O network enables deployment of a wide range of edge device and enterprise data into real-time control logic, much in the same way an engineer incorporates more typical process sensor and actuator data. This results in real-time communication channels for the exchange of data between OT production and IT enterprise systems.

“Unlike an Ethernet switch traditionally sitting at Purdue levels 3 to 5 with the operations and business networks, the SIO4.E module delivers Ethernet as secure I/O at levels 0 and 1 with the sensor, actuator and process control logic. This collapses the legacy hierarchical ICS model into a simplified and inherently more secure automation architecture. Equally empowering is the deployment of OPC UA on any of the SIO4.E Ethernet I/O channels, opening up a world of opportunity and innovation while reducing all aspects of software lifecycle cost. This is the way of the future,” said Albert Rooyakkers, Bedrock CTO and engineering vice president.

Ethernet is becoming widely adopted for open ICS applications because it builds on proven, high speed stacks enhanced for use on industrial devices such as robots, PLCs, sensors, CNCs and other industrial machines. Bedrock secures Ethernet I/O in many ways, including by connecting the FIPS compliant anti tamper SIO4.E I/O module on a pinless electromagnetic backplane, embedding authentication logic, true random number generation (TRNG) and cryptographic keys into the semiconductor hardware and by isolating information flow within each channel by way of separation kernel functionality in a secure real-time operating system (RTOS).

The Bedrock SIO4.E Ethernet I/O module is available at $2000, about the same as a traditional Ethernet IP card. But unlike a typical Ethernet card, the five channel SIO4.E is cyber secure, software configurable for multiple protocols, and has more bandwidth, higher computing power and additional performance advantages. Support for Modbus TCP and OPC UA will be available in the coming months by way of firmware and software field updates. Profinet support is on schedule for second half of 2016.