Triconex

Last updated

Triconex is a Schneider Electric brand that supplies products, systems, and services for safety, critical control, and turbo-machinery applications. Triconex also use its name for its hardware devices that use its TriStation application software. Triconex products are based on patented Triple modular redundancy (TMR) industrial safety-shutdown technology. Today, Triconex TMR products operate globally in more than 11,500 installations.

Contents

Company history

The history of Triconex was published in the book The History of a Safer World by Gary L. Wilkinson. The company was founded in September 1983 by Jon Wimer in Santa Ana, California and began operations in March 1984. The company was founded as a venture-capital funded private company. The business plan was written by Wimer and Peter Pitsker, an automation industry veteran and Stanford graduate. They presented the plan for a TMR (triple modular redundant) system named "Tricon" that would improve the safety and reliability of industrial applications. Among the customers they targeted were the petro-chemical giants, such as Exxon, Shell, Chevron, and BP.

Pitsker and Wimer presented the business plan to Los Angeles-based investor Chuck Cole, who was also a professor at USC. Cole was interested, so he contacted his personal attorney, future two-time Los Angeles Mayor Richard Riordan. Riordan agreed to invest $50,000 and Cole's venture capital team matched it, providing the seed money for Triconex. Wimer hired computer architect Ken Brody out of another computer manufacturer as Vice President of Research and Development and the number 2 employee. Ken Brody hired Wing N. Toy from Bell Labs. After two years, however, the company nearly failed due to the expense and complications of testing a new safety system. In February 1986, founder Wimer left the company and the board asked a seasoned executive, William K. Barkovitz, to become CEO; Barkovitz ended up leading the company for 9 years. At the end of his term, Triconex became the leading safety system in a market it largely created, made acquisitions, and completed an initial public offering. In January 1994, Triconex was acquired by British-based SIEBE for 90 million dollars.

The hardware architect of the company was Gary Hufton, and the software development manager was Glen Alleman. Along with Wing N. Toy (the lead engineer of the fault-tolerant ESS telephone switch), they led a small successful engineering team that built the first Tricon system, sold in June 1986. Soon after, Exxon became a customer and Honeywell agreed to distribute the Tricon. Among the software engineers who worked for Triconex were Phil Huber and Dennis Morin, who later left the company to found Wonderware.

System

The Triconex system is based on the TMR patented technology that supports up to Safety Integrity Level 3 (SIL 3) and is usually used as a safety rather than a control system. [1]

Operating theory

Fault tolerance in the Tricon is achieved by means of a Triple-Modular Redundant (TMR) architecture. The Tricon provides error-free, uninterrupted control in the presence of either hard failures of components, or transient faults from internal or external sources. The Tricon is designed with a fully triplicated architecture throughout, from the input modules through the Main Processors to the output modules. Every I/O module houses the circuitry for three independent legs. Each leg on the input modules reads the process data and passes that information to its respective Main Processor. The three Main Processors communicate with each other using a proprietary high-speed bus system called the TriBus. Once per scan, the three Main Processors synchronize and communicate with their two neighbors over the TriBus. The Tricon votes digital input data, compares output data, and sends copies of analog input data to each Main Processor. The Main Processors execute the user written application and send outputs generated by the application to the output modules. In addition to voting the input data, the TriBus votes the output data. This is done on the output modules as close to the field as possible to detect and compensate for any errors between the Tricon voting and the final output driven to the field.

Hardware

The Triconex system usually consists of the following typical modules: [2]

Software

The Triconex main processors can communicate with the so-called TriStation 1131 application software to download, update and/or monitor programs. [3] These programs are either written in:

(Function Block Diagram, Ladder diagram and Structured Text are defined in IEC1131-3)

Besides, a Sequence of Events (SOE) recorder software and Diagnostic monitor software are implemented.

Triton malware

In December 2017, it was reported that the safety systems of an unidentified power station, believed to be in Saudi Arabia were compromised when the Triconex industrial safety technology made by Schneider Electric SE was targeted in what is believed to have been a state sponsored attack. The computer security company Symantec claimed that the malware, known as "Triton", exploited a vulnerability in computers running the Microsoft Windows operating system. [4]

References and notes

  1. Safety Considerations Guide for Tricon v9 Systems, © 2004 Invensys Systems, Document No. 9720097-001
  2. Technical Product Guide Tricon Systems, © 2006–2007 by Invensys Systems, Inc.
  3. Developer’s Guide-TriStation 1131, Version 4.1© 2004 Invensys Systems, Document No. 9720100-001
  4. Gibbs, Samuel (2017-12-15). "Triton: hackers take out safety systems in 'watershed' attack on energy plant". The Guardian. ISSN   0261-3077 . Retrieved 2017-12-16.

Further reading

Related Research Articles

<span class="mw-page-title-main">Programmable logic controller</span> Programmable digital computer used to control machinery

A programmable logic controller (PLC) or programmable controller is an industrial computer that has been ruggedized and adapted for the control of manufacturing processes, such as assembly lines, machines, robotic devices, or any activity that requires high reliability, ease of programming, and process fault diagnosis.

<span class="mw-page-title-main">Embedded system</span> Computer system with a dedicated function

An embedded system is a computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is embedded as part of a complete device often including electrical or electronic hardware and mechanical parts. Because an embedded system typically controls physical operations of the machine that it is embedded within, it often has real-time computing constraints. Embedded systems control many devices in common use. In 2009, it was estimated that ninety-eight percent of all microprocessors manufactured were used in embedded systems.

<span class="mw-page-title-main">Modular synthesizer</span> Synthesizer composed of separate modules

Modular synthesizers are synthesizers composed of separate modules for different functions. The modules can be connected together by the user to create a patch. The outputs from the modules may include audio signals, analog control voltages, or digital signals for logic or timing conditions. Typical modules are voltage-controlled oscillators, voltage-controlled filters, voltage-controlled amplifiers and envelope generators.

A distributed control system (DCS) is a computerized control system for a process or plant usually with many control loops, in which autonomous controllers are distributed throughout the system, but there is no central operator supervisory control. This is in contrast to systems that use centralized controllers; either discrete controllers located at a central control room or within a central computer. The DCS concept increases reliability and reduces installation costs by localizing control functions near the process plant, with remote monitoring and supervision.

Invensys Limited was a multinational engineering and information technology company headquartered in London, United Kingdom. At its height, the company had offices in more than 50 countries and its products were sold in around 180 countries.

<span class="mw-page-title-main">Redundancy (engineering)</span> Duplication of critical components to increase reliability of a system

In engineering and systems theory, redundancy is the intentional duplication of critical components or functions of a system with the goal of increasing reliability of the system, usually in the form of a backup or fail-safe, or to improve actual system performance, such as in the case of GNSS receivers, or multi-threaded computer processing.

A Systems Applications Products audit is an audit of a computer system from SAP to check its security and data integrity. SAP is the acronym for Systems Applications Products. It is a system that provides users with a soft real-time business application. It contains a user interface and is considered very flexible. In an SAP audit, the two main areas of concern are security and data integrity.

Fault tolerance is the ability of a system to maintain proper operation despite failures or faults in one or more of its components. This capability is essential for high-availability, mission-critical, or even life-critical systems.

Object-oriented analysis and design (OOAD) is a technical approach for analyzing and designing an application, system, or business by applying object-oriented programming, as well as using visual modeling throughout the software development process to guide stakeholder communication and product quality.

<span class="mw-page-title-main">Profinet</span> Computer network protocol

Profinet is an industry technical standard for data communication over Industrial Ethernet, designed for collecting data from, and controlling equipment in industrial systems, with a particular strength in delivering data under tight time constraints. The standard is maintained and supported by Profibus and Profinet International, an umbrella organization headquartered in Karlsruhe, Germany.

<span class="mw-page-title-main">Opto 22</span> Manufacturing company

Opto 22 is a manufacturing company specializing in hardware and software products for industrial automation, remote monitoring, and data acquisition. The company is based in Southern California and sells solid state relays and Ethernet-based input/output systems and controllers. It is based in Temecula, California.

In computer programming, flow-based programming (FBP) is a programming paradigm that defines applications as networks of black box processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented.

An industrial control system (ICS) is an electronic control system and associated instrumentation used for industrial process control. Control systems can range in size from a few modular panel-mounted controllers to large interconnected and interactive distributed control systems (DCSs) with many thousands of field connections. Control systems receive data from remote sensors measuring process variables (PVs), compare the collected data with desired setpoints (SPs), and derive command functions that are used to control a process through the final control elements (FCEs), such as control valves.

<span class="mw-page-title-main">Structured analysis</span>

In software engineering, structured analysis (SA) and structured design (SD) are methods for analyzing business requirements and developing specifications for converting practices into computer programs, hardware configurations, and related manual procedures.

Integrated modular avionics (IMA) are real-time computer network airborne systems. This network consists of a number of computing modules capable of supporting numerous applications of differing criticality levels.

<span class="mw-page-title-main">Triple modular redundancy</span> Method for increasing reliability

In computing, triple modular redundancy, sometimes called triple-mode redundancy, (TMR) is a fault-tolerant form of N-modular redundancy, in which three systems perform a process and that result is processed by a majority-voting system to produce a single output. If any one of the three systems fails, the other two systems can correct and mask the fault.

<span class="mw-page-title-main">Function model</span>

In systems engineering, software engineering, and computer science, a function model or functional model is a structured representation of the functions within the modeled system or subject area.

The ICL DRS was a range of departmental computers from International Computers Limited (ICL). Standing originally for Distributed Resource System, the full name was later dropped in favour of the abbreviation.

AURIX is a 32-bit Infineon microcontroller family, targeting the automotive industry. It is based on multicore architecture of up to three independent 32-bit TriCore CPU's.

The AN/AYK-14(V) is a family of computers for use in military weapons systems. It is a general-purpose 16-bit microprogrammed computer, intended for airborne vehicles and missions. Its modular design provides for common firmware and support software. It is still in use on Navy fleet aircraft including the F/A-18, and the AV-8B. The AN/AYK-14(V) family of systems is designed to meet MIL-E-5400 (airborne) requirements.