Bedrock Automation

[FactoryTalktotheHand]

I mean, I kinda see it, but Stuxnet mostly attacked the engineer's programming PC, not the PLC. Nothing they've done would prevent a virus from infecting their Codesys based programming software, and then downloading a slightly modified project to the controller.

To me, reverse engineering prevention is protection for the vendor, not the customer.

Not mostly, entirely. That was the attack vector: Programming PCs connected to the internet. Plus, it pretty much could have only been accomplished by a government, most likely the U.S. and Israel. The level and type of knowledge required is something only a government would have access to. Otherwise, it was some rogue Siemens engineer with a double major in computer hacking who prioritized ruining Iran's nuclear centrifuges over personal gain. I think Occam's razor comes into play, here.

The idea that someone would reverse-engineer an I/O card, sell it commercially, unleash a virus onto the automation world, and not have it traced back to them in a million different ways and get caught is just patently absurd.

Besides, you think someone this intelligent with that bad of judgement is going to be stopped by a mere lack of pins?

What really happened was that someone invented a solution no one asked for for a problem that doesn't exist, and the CEO is desperately trying to convince people there is a problem where there isn't, and that you want something when you don't.

 

[mk42]

What really happened was that someone invented a solution no one asked for for a problem that doesn't exist, and the CEO is desperately trying to convince people there is a problem where there isn't, and that you want something when you don't.

To be fair, it is literally the job of any marketing dept to convince people they want something they don't need, but it sounds like they have a mountain to climb here...

 

[Craig.Allen]

All Bedrock products currently exist, are available and are priced equal or better to other high end industrial controllers while matching or exceeding speed and reliability. I hear a lot of you asking why, Bedrock has asked why not. You talk about these features as if they have cons when for the most part, they're all pros or neutral, if you do not need them don't worry about them. In existing controllers, adding these features would add cost, however, when Bedrock redesigned the industrial controller from the ground up it looked at all the inefficiencies in today industrial controllers and was able to reduce costs while providing a more solid infrastructure. For instance, an electro-magnetic back-plane is not only faster, more reliable and secure in almost every way but it is also cheaper and simpler than the cost of building a hundred pin bus using complex connectors. Bedrocks parent company is Maxim Integrated allowing Bedrock to custom build its microchips with embedded security and application dependent circuitry drastically reducing the number of components on the circuit board. Yes, Bedrock offers the most cyber secure controller on the market today, but that is only one of dozens game changing features it has to offer, if you honestly think cyber security is not a concern, then don't worry about it, but its there, running in the background and you will never notice it. Lastly, do some research on industrial controller attacks, it will scare you how sophisticated the thousands of attacks truly are. By all means, if you have any questions submit them to [email protected] or we will try to respond to any posted here.

 

[RussB]

To be fair, it is literally the job of any marketing dept to convince people they want something they don't need, but it sounds like they have a mountain to climb here...

Mount CoDeSys.

 

[mk42]

By all means, if you have any questions submit them to [email protected] or we will try to respond to any posted here.

Please don't take my comments above as an insult; I'm more being critical of the marketing than the product itself. I think there are some revolutionary ideas in there, but I was having trouble finding details that weren't just marketing fluff (manuals, anything?). I couldn't even look at whitepapers without giving contact information. It is possible that the Bedrock system involves a completely different mindset from what I'm used to, I'm just trying to understand where it fits into the marketplace, and what kinds of customers benefit most from the features. For example: a 4Gb backplane is way faster than the PLCs I normally use, but the backplane also isn't currently a bottleneck for me.

Disclosure: I am curious strictly on a personal level. I can't imagine much chance I'll be using them professionally any time soon, whether I like them or not (it isn't my call).

1) What communications does your platform offer, especially to third party platforms? Most systems I've worked on have required a large amount of distributed IO, including robots, drives, etc, over some network (Ethernet/IP, Profinet, Modbus TCP, etc). If a customer is looking for the securty of Bedrock, is it possible to include third party devices on the network? How would you communicate to a third party PLC, like Siemens or Rockwell?

2) Is the Bedrock controller certified for any safety standards (SIL3/PLe)?

Lastly, do some research on industrial controller attacks, it will scare you how sophisticated the thousands of attacks truly are.

Most of the attacks that I've seen involve exploits at the engineerng station level or the SCADA level, not at the PLC level. What has Bedrock done to harden the engineering platform? If an attacker has rooted the engineer's PC, what is preventing them from making undesirable changes? Is it more secure than any other Codesys based system?

The main attack I've seen recently that involved something close to a PLC level exploit is the theoretical PLC Blaster worm presented at Black hat earlier this month. Someone reverse engineered the mechanism that Siemens uses to download code to the PLC, and was able to replicate that communication from another system. Even then, it only works it access protection is turned off in the PLC. Does your controller allow open TCP communications? Does your programming software use TCP to download to the PLC? If so, its theoretically vulnerable.

 

[kamenges]

Originally posted by Craig.Allen:

All Bedrock products currently exist, are available and are priced equal or better to other high end industrial controllers while matching or exceeding speed and reliability.

Money where mouth is time.

Show price and availability on a system with a plc, 32 points of digital input, 32 points of digital output, 16 points of analog input and 16 points of analog output. Pretty basic system from a physical I/O standpoint. I will decide for myself how complex the underlying code needs to be. I'll even let you off the hook on fieldbus connectivity. I'll also assume I need a top-of-the-line controller in my chosen platform to meet the performance of a Bedrock controller.

Since I don't specifically need any of the features that make the Bedrock solution unique and the position is that I can just ignore them if I don't need them, this boils down to a price/performance/availability argument. I suspect the vast majority of us are in this position.

Keith

 

[JesperMP]

A control system designed from the ground up with security in mind, why not.

But I dont see (after a quick glance on the website) any of the typical features associated with "mission critical" control systems. Do Bedrock have redundancy and CiR features ?
Someone have mentioned Codesys, if Bedrock is based on Codesys, then it does not have redundancy or CiR as Codesys does not have it (as far as I know).
edit: Just went and checked, and it seems that Codesys do have solutions for Redundancy now. So I could be wrong.
However, it is a requirement that the IO is connected either via Profibus and a Hilscher card, or via Ethercat. And it does not look like Bedrock does either of these.
edit edit: Still no CiR from Codesys.

And I personally do not like the arcaic way to wire the IO to the system. A dense terminal block that require special cables to connect to interposing terminal strips. That is so 1980's.

 

[Paullys50]

...but I was having trouble finding details that weren't just marketing fluff (manuals, anything?). I couldn't even look at whitepapers without giving contact information...

I hit this roadblock and lost my interest as well. I saw the product at the Ignition Community Conference and made mental note to educate myself better when I had some spare time. Go to the website and I need to submit contact info were all fields are REQUIRED. Meh.... You got me to the front door, all you had to do was allow me to open it without a key.

Today I see there is a video of the "Bedrock IDE" they claim was "built from the ground up". Looks like Codesys v3 to me. Nothing against using Codesys, I just don't think Bedrock can make the claim they built the IDE. At most the IDE was "tweaked", much like any other platform that uses Codesys.

It's definitely an interesting product, and I think some of the concepts they have incorporated are a nice 'modernization' of traditional controller hardware. I'm not sold on using security as a primary marketing feature, there are plenty of ways to mitigate security threats w/o changing out controllers. I think the challenge is competing with everyone else on price, support and availability. There are plenty of controllers out there that beat Rockwell on pricing.

 

[Paullys50]

Money where mouth is time.

You can use their online configurator, submit requirements along with your contact info and be pursued by sales

 

[jawolthuis]

Want to impress me?
Put every manual and spec sheet for every product on your website for all to see.
Why would a company NOT do this?
I should not have to contact anyone, or sign up for anything to get the information about your product.

 

[diat150]

Want to impress me?
Put every manual and spec sheet for every product on your website for all to see.
Why would a company NOT do this?
I should not have to contact anyone, or sign up for anything to get the information about your product.

yep.

 

[Phil Buchanan]

Want to impress me?
Put every manual and spec sheet for every product on your website for all to see.
Why would a company NOT do this?
I should not have to contact anyone, or sign up for anything to get the information about your product.

Put the list pricing on there as well. I hated when Rockwell removed the list pricing from the online configuration tool.

 

[Phil Buchanan]

When I have to provide contact info just to browse and look around I just move on. Best Buy does not ask for my contact info before I walk around the store and look. They get it when I make a decision to do business with them and make a purchase in most cases but not before they let me in the door.

Keyence used to do this also and they may still I don't know because I stopped using their products and stopped checking out anything new that I got an email on or saw an ad in a trade magazine because I had to provide my info just to look and if the product was not a fit I had to deal with multiple sales call interrupting my already busy day.

 

[Highland Controls]

It is obviously CoDeSys v3. Not a bad thing at all, as I think CoDeSys is great. I just don't see how it can be "developed from the ground up" by Bedrock. Don't lie to me.

FYI-I have customer that wants me to log data from a sensor. The sensor did not have a standard protocol, only a built-in webserver. I had to sign an NDA before the supplier would let me see their protocol document. It took 2 weeks from first inquiry till I say the docs. I don't mind filling in contact info for something I have interest in, but this was crazy.

 

[kolyur]

Put the list pricing on there as well. I hated when Rockwell removed the list pricing from the online configuration tool.

I don't know why Rockwell did this but the funny thing is that the price is still there, it's just commented out in the html so it doesn't show up. If you look at the source of the webpage you'll see the price about halfway down.

Keyence used to do this also and they may still I don't know because I stopped using their products and stopped checking out anything new that I got an email on or saw an ad in a trade magazine because I had to provide my info just to look and if the product was not a fit I had to deal with multiple sales call interrupting my already busy day.

Keyence still locks up all of their product information and this is yet another reason why I won't do business with them. I would guess they get lots of flak about this policy and I'm surprised they've stuck to it for so long.