Thomas Pilz: The Spirit of Safety in Digital Automation

(Check against delivery)

Machinery safety – from requirement to facilitator 
From the beginning of the industrial revolution to the start of the last century, the primary focus for machinery was productivity. The cost of human labour was low, which unfortunately meant no impetus to invest in protective measures. Machinery safety as we know it today dates back not even 40 years. 1986 brought us a change to the Machinery Directive; from this point machinery safety became mandatory in Europe.

Until then, the easiest way to ensure safety was implemented using physical separation. Barriers were set up that only just allowed workers to operate a press with their fingertips. No risk of injury, but also no employee satisfaction or ergonomics. 

Then, 35 years ago in 1987, the PNOZ – Pilz Not-Aus zwangsgeführt (Pilz positive-guided E-STOP) – took advantage of the change to the Machinery Directive and arrived on the market. The first safety relay to ensure that machines stop reliably in the case of danger. Smaller than a conventional circuit, easier to operate, and above all safer thanks to a certified type examination – just the right thing in an era when machinery safety was becoming increasingly important, also with regard to the legal situation, and the implementation of this machinery safety should be as uncomplicated as possible for the plant operators. In the early days, machinery safety was implemented with PNOZ. Today PNOZ is synonymous with safety relays. 

Safe automation as we understand it today has only been around since 1995, when Pilz launched the first freely programmable safety controller PSS 3000. From this point it was finally possible to use electronic controllers in safety technology. Before then, this had been expressly prohibited! The legal requirements only changed following tough negotiations with federal ministries and European committees. 

And now? With the European Machinery Directive and the North American standards from OSHA or UL as the role model, work has begun in recent years to establish a global network of safety standards. It is nowhere near complete. But more and more companies are coming to understand that, quite apart from relieving human suffering, safety is also worthwhile in economic terms. We are grateful for the past and present opportunities to contribute to this positive development. 

And this development continues: In many areas, gaps between man and machine are shrinking as they share tasks and workspaces. Safety is becoming a facilitator for human-robot collaboration. In addition, our safety also facilitates productivity by increasing the availability of plant and machinery. Our solutions are thus entirely in line with the need for engineering oriented toward machine productivity as well as with the needs of machine users. Topics such as digitisation and security create new challenges for the protection of man and machine. Today we will be presenting some of Pilz’s responses to these challenges – under the banner of the Spirit of Safety in Digital Automation. 

Safety and security go hand in hand
While engineering and industry are well positioned when it comes to safety, they are sorely lacking with regard to security. Security is no longer one of those topics that should perhaps be dealt with when one’s schedule allows. Instead, it is currently possibly the most important and urgent topic in engineering, or even in industry. 
Security used to be the task of information technology (IT) in the form of IT security. Today, production and industrial plants are also highly interconnected using information technology. We call this OT or industrial security. This describes the protection of production and industrial plants from faults, whether intentional or unintentional. The objective of industrial security is to guarantee the availability of plant and machinery and the integrity and confidentiality of machine data and processes.
If I am not in control of my data, after all, then the company and the safety of my employees are at risk: Without security no safety, and without safety no protection of people! 
Pilz believes that only a holistic approach to safety and security can guarantee the protection of humans and machinery. It is thus absolutely necessary to also implement security measures directly in the devices (such as controllers). The entire lifecycle of the system must be considered here, meaning that security starts in development.
For around 20 years, our Functional Safety Management (FSM) has been checking and certifying safety. Additionally, for the last several years Pilz has also oriented its development processes to IEC 62443-4-1 “Security for industrial automation and control systems – Part 4-1: Secure product development lifecycle requirements”, resulting in demonstrably secure development. TÜV Süd has now certified this in an audit. Strategically, certification is equally as important as the certifications for functional safety. 

From safe product to safe application
I would like to show you what a safe machine can look like in 2022.

Safe process access for operating mode selection
The operating mode selection and access permission system PITmode is available for protection against unauthorised access on site. Operators use RFID transponder keys to control access permissions reliably and individually to their specifications and requirements.

Process access to HMI & control systems
Operator terminals PMI (Pilz Human Machine Interface) are used by operators to operate, monitor and control their technical processes. Pilz offers a web-based visualisation solution for plant and machinery with PASvisu.

Physical access via gates or flaps
Personnel and process protection for flaps as well as accessible doors: Pilz safety gate systems protect against hazardous movements and flying plant and machine parts by shutting down machine movements. They can be combined with safe control technology such as the safety relay myPNOZ or the configurable safe small controller PNOZmulti 2.

Remote access to HMI & control systems
SecurityBridge firewall prevents manipulation of data. Within the control network, connections between the diagnostic or configuration tools and the controllers are protected from manipulation, enabling secured connections to the outside world. The data is transferred almost without delay. 
Our safety and security portfolio will be rounded out in future by our range of services for industrial security, which my sister will introduce later.

Standards for safety & security around the world
The topics of digitisation and security necessitate the adaptation of existing standards and directives as well as the development of new standards. The European Machinery Directive remains an important driver for the further development of machinery safety: It is currently being revised to form the new EU Machinery Regulation. It touches upon the challenges that may result from the technical progress of digitisation. The definition of safety components thus now also includes software if this performs a safety function. Parallel to the Commission’s draft, a separate draft of the EU regulation on artificial intelligence (AI) was also published. This is intended to cover all products with AI and use thereof. The topic of security also becomes mandatory with the new Machinery Regulation. The essential standards for compliance with functional safety during the design and construction of machinery was or is currently being revised. ISO 13849 is expected in the summer and has a greater focus on software and its requirements. IEC 62061 was published in 2021 and handles the topic of security, among other things.
Keyword security: A new IT security law is being developed in Germany. At the European level, the directive for guaranteeing high network and information security (NIS Directive) is being revised to create the NIS2 Directive and the Cyber Resilience Act, and work is being undertaken on a number of regulations that are absolutely mandatory in China.
Previously only “essential entities”, meaning critical infrastructures, were affected by the NIS Directive. In the pending NIS2 Directive – expected in 2024 – the scope will be expanded to include “important entities”. This would then include machine builders in Europe, for example, if they have 50 or more employees or an annual turnover of € 10 million. The VDMA estimates that there are around 9,000 companies in Europe, including Pilz, affected by this. 
Machine builders can thus expect new and at times extremely strict legal requirements with regard to security. However, these companies are currently completely unaware of this. And this is the case for the operation of information systems (IT/OT security) as well as for networked systems (components, plant, machinery). 

The legal specifications concerning security are also becoming stricter in other parts of the world. In China, for example: In September 2021, the “Data Security Law” (DSL) and the “Regulations on the Management of Network Product Security Vulnerability” both took effect. The latter more clearly defines reporting channels and obligations (“Disclosure”) in the event of security vulnerabilities in products. Starting 1 November 2021, the “Personal Information Protection Law” – similar to the European General Data Protection Regulation – now applies. Foreign companies that collect data in China are also subject to this regulation. 

As an “Ambassador for Safety”, Pilz has spent decades working intensively to shape current standards and is involved in developing directives. We represent issues arising from practice. Over 30 experts from Pilz are actively helping to shape around 100 product and application standards in almost 80 standards committees and play a part in the creation of safety standards around the world. Among others, in the Chinese standards committee “SAC/TC 208 National Technical Committee on Safety of Machinery of Standardization Administration of China”, the most important standards committee in the machinery safety segment. Pilz was the first foreign company that became a member there in 2004.