Why Soft PLCs Are Revolutionizing Industrial Automation
Traditional Programmable Logic Controllers (PLCs) are no longer the sole solution for industrial control. With the advent of Soft PLCs, control is now achieved through software running on Industrial PCs (IPCs) that use standard operating systems like Windows or Linux. This transition allows for easier deployment, backup, and restoration of controller images, and simplifies maintenance processes.
Additionally, advanced technologies such as real-time kernels (PREEMPT_RT and Xenomai) and deterministic communication protocols like EtherCAT and Time-Sensitive Networking (TSN) ensure that control loops remain reliable. Soft PLCs also reduce space and energy consumption by consolidating multiple functions (control, HMI, and data gateway) into a single IPC. Moreover, these systems align with stricter security regulations like IEC 62443 and NIS2, making them more secure and adaptable to continuous updates.
Implementing Soft PLCs in Industrial Environments
Soft PLCs are typically deployed on IPCs running a standard operating system, with real-time extensions to manage control loops. These systems are often paired with fieldbus master stacks, such as EtherCAT or PROFINET, to maintain real-time performance comparable to traditional PLCs.
For enhanced security and performance, a hypervisor can be used to separate real-time tasks from non-real-time functions, such as HMI or data processing. In more advanced setups, Virtual PLCs (VPLCs) or containers are used to centralize management, while ensuring that safety functions remain separate. In cases requiring Functional Safety (FS), dedicated hardware, such as a Safety PLC, is often used alongside the Soft PLC.
Multiple Roles of a Single Industrial PC (IPC)
An IPC running a Soft PLC doesn’t just control industrial processes—it also supports a variety of functions. These include:
-
Soft PLC runtime for motion, sequence, and robotic control
-
HMI and Engineering Workstation (EWS) agents for monitoring and deploying logic
-
Industrial communication stacks (EtherCAT, PROFINET, Modbus/TCP)
-
Data gateways (OPC UA servers, MQTT brokers)
-
Security and management agents (asset identification, patching, backup, access control)
With so many critical functions coexisting on a single platform, perimeter security measures like firewalls are no longer enough. Direct connections to the IPC, such as through a laptop, can bypass these defenses, leaving systems vulnerable to attack.
Integrating Security at the Controller Level
The traditional approach of using an OTAC Trusted Access Gateway (TAG) inline between a switch and a PLC still applies in some cases. However, for Soft PLCs, where the controller is integrated into the IPC, embedding the OTAC Trusted Access Gateway (TAG) directly into the controller offers a more natural and robust security model.
In this setup, whenever a user attempts to access sensitive services (e.g., programming ports or write permissions via OPC UA), the TAG triggers a challenge-response authentication process. Access is granted only for a specific session, ensuring that unauthorized users are blocked. This method prevents physical bypass attempts, such as direct cable connections to the IPC, while minimizing jitter by isolating tasks to different CPU cores.
Even in offline environments, pre-issued policies and one-time codes ensure secure maintenance, even without an active network connection.
Aligning with International Security Standards
Integrating the OTAC Trusted Access Gateway (TAG) within the controller aligns perfectly with the IEC 62443 standards for industrial cybersecurity. The solution directly supports several foundational security requirements, including:
-
SR 1.x (Identification and Authentication Control)
-
SR 2.x (Use Control)
-
SR 3.x (System Integrity)
-
SR 5.x (Restricted Data Flow)
-
SR 6.x (Timely Response to Events)
By embedding security directly into the controller, Soft PLCs can meet or exceed the necessary security levels, ensuring compliance and protecting critical industrial operations.
Security Must Start Within the Controller
As industrial automation systems evolve, so too must their security. The shift to Soft PLCs requires a rethinking of security boundaries. External barriers, such as firewalls, are no longer sufficient to protect sensitive control systems. High-risk tasks, like program downloads and parameter changes, must be governed by session-aware authentication that begins inside the controller itself.
For systems adopting Soft PLCs, embedding the OTAC Trusted Access Gateway (TAG) within the controller should be the default choice—ensuring that security is as dynamic and adaptable as the controllers themselves.