Autopro Blog


February 09, 2017


Our recent webinar, PLC vs DCS, resulted in some excellent questions being asked by participants. Here are a few that we thought would be especially informative for many of you.

Is it common to see an existing facility having both PLC and DCS?

A distributed control system often encompasses or includes PLCs in its architecture. So yes, it is very common to have both, especially today with the requirements of Safety Instrumented Systems and SIL rated devices. However, some DCS vendors have manufactured their own PLC to integrate into their system. It is common for someone to say “I have a PLC or an SIS controller that interfaces with my DCS”. One way to look at it is that the DCS encompasses control/automation for the entire facility whereas the PLC is focused on specific functions or specific equipment. So yes, it is common to see a hybrid system and, in fact, this has been and is a standard architecture for most facilities.

Which one provides more security, a PLC or a DCS?

From the perspective of a piece of machinery or equipment I believe that the PLC is more robust and offers greater security. The initial design intent for the PLC was to be a self-contained controller with limited connectivity to an HMI or a network. However, some DCS architectures now have firewalls that will limit access to Layer 2 of the ISO-OSI model.

As there is a requirement for the DCS to connect to the business LAN and perhaps to the Internet, this increases their vulnerability and risk of security attacks. PLCs have also evolved to provide this level of connectivity but a standalone PLC would be more secure.

However, if a computer is connected to the PLC or the control system for configuration/programming or monitoring, this could make the PLC or controller more vulnerable.

What is the impact of Windows operating systems in DCS systems? Was it more robust with proprietary hardware and software?

Personally, I prefer the proprietary system from a security standpoint, as these operating systems and software were not well known outside of the automation circle. Viruses were less of a concern due to the proprietary nature of the DCS. Patches were less of an issue as they were developed and tested by the DCS vendor on their software – no one else’s hardware/software was typically involved. With the advent of Windows and desire by industry to have open connectivity to other equipment/devices/networks, this has made the current system more open to outside attacks.

It was also more robust as both the hardware and software were sourced from the DCS vendor. If there were any issues, all issues/problems/questions would be directed to one source – the DCS vendor. This is complicated in current systems as these issues may now need to be addressed by the operating system manufacturer (typically Microsoft), DCS vendor hardware/software and computer hardware vendor. There are more interactions and interfaces for current systems (given the number of vendors) which can make it challenging to resolve issues.

Do you have other questions about how to determine whether PLC or DCS is the right choice for your facility? Feel free to contact us for assistance.