Bernd Schäfer, product manager OPC/SCADA/HMI and Alexandre Terentiev, DCS Expert - TÜV functional safety engineer #3956/11, SIS at HIMA discuss increased security protection of HART devices


he digitisation of field devices offers huge potential for plant operators to

reduce operating costs and increase productivity. Highway Addressable Remote Transducer (HART)-based field devices, however, carry risks of tampering, and their configuration is comparatively error prone. By channeling communication via a SIL 3 safety controller, plant operators can use the data from field devices for diagnostic and process optimisation purposes without incurring safety or security risks. The HART communication protocol is the

most widely used digital communication technology in the process industry. Although the HART signal has thus far been used predominantly for parameterisation, with the appropriate tools it can enable continuous device monitoring and diagnostics as well as multivariable process information. Until now, it has been difficult or even

impossible to obtain truly useful data in safety-related applications. The problem: although many field devices are equipped with the HART protocol, in most cases these are only used during commissioning. In addition, conventional HART communication is susceptible to manipulation and misconfiguration  especially during operation. Conventional HART communication in

safety-related field devices – usually done via a separate HART multiplexer or standard tunneling – involves safety risks. This is because the safety system is more or less completely bypassed and doesn’t notice the HART communication. As a result, potential cybersecurity risks arise, as employees may be able to change instrument parameters of field devices

unintentionally or hackers may do so deliberately, which can endanger the safety and availability of a plant. For example, if a Safety Instrumented

Function (SIF) limit value within the safety controller is set to 75% of a measuring range of 0 - 10 bar (equivalent to 4 - 20 mA) and someone changes this range to 0 - 100 bar only within the sensor, the corresponding reaction is only triggered when a measured value of 75 bar is reached. As a result, the SIF does not perform its function, potentially causing safety and production problems. HIMA has developed a HART solution

that enables the implementation of comprehensive diagnostic options at the field level in HIMax safety systems. The solution enables important information to be transferred from the field devices to both the asset management system and the user program via the HART protocol. The solution consists of the HIMax

module X-HART 32 01 and the HIMax- HART package. The 32-channel HART module can be installed alongside any AI/AO without additional wiring requirements. It enables centralised access to the HART information of the field devices connected to the HIMax system. The module can be inserted in any slot of a HIMax base plate, with the exception of those for system bus modules. It can be combined with analogue input or output modules in a mono or a redundant version through the use of connector boards (figure 1). The HIMax HART software package

allows HART data to be utilised in the user program, supplies a predefined function library, and can be extended with additional libraries. It includes import files

The HART solution from HIMA closes an important safety loophole in the process industry and enables the acquisition of diagnostic data from field devices in safety circuits. Plant operators can make this diagnostic data acquired with field devices easily and securely usable for the asset management system

for predefined HART variables via a preprogrammed communication driver plus a predefined block library for selected standard HART commands. Specific commands of each device manufacturer can be implemented quickly. Tasks such as individual evaluations and reports, which were time-consuming, are now easier. HART data from field devices are

channeled via HIMax for increased safety and security (figure 2). In this process, the data is transmitted from the X-HART modules via the internal system bus to the assigned X-COM module. From there, they find their way into the asset management system or the HART-OPC server via HART over IP protocol. Channeling the HART communication

Bernd Schäfer, product manager OPC/SCADA/ HMI

via the HIMax safety controller – this includes “listening in” to HART communication and the option of restricting or preventing unwanted communication in SIL quality – ensures secure and protected asset management. This is the only solution on the market with complete control of the HART communication traffic with SIL 3 quality in accordance with IEC 61508, IEC 61511 and IEC 62061. The additional possibility of monitoring

Alexandre Terentiev, DCS Expert – TÜV functional safety engineer #3956/11

Figure 1: The HIMax module X-HART 32 01 can be combined with analogue input or output modules in a mono or redundant version through the use of connector boards (far left)

Figure 2: HART data from field devices are channeled via HiMax for increased safety and security (left)

Images © HIMA Paul Hildebrandt GmbH


changes to configuration, e.g., on site with the device or with handhelds, allows manipulations to be prevented or at least detected so action can be taken. This extra degree of cybersecurity eliminates previously common risks when using HART devices in safety applications. The security features of the safety

controller make it possible to achieve a security concept in accordance with IEC 62443 for HART device access. These features include separate communication pathways for secure and non-secure data as well as clearly defined communication ports. They also contain an integral HART filter in SIL 3 quality, which “listens” to the data traffic and can be controlled to only allow read access to the field devices, or it can block all write commands.



Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52