Power limitations have always plagued process sensors, whether because of intrinsic safety requirements (safety achieved through power limitation) or because of the limitations of the 4/20mA protocol (only 4mA available when transmitting a zero value).
The 4/20mA protocol is tried and trusted, relatively easy to install and support, EMI-robust, and long-range. But it is slow, and without adding HART, it can only transmit a single variable. The available power is minimal, making it suitable for use in intrinsic safety applications. While you can argue that, because of its point-to-point nature, it doesn’t need cybersecurity, that means you have to place your trust in the data you receive from it. While these level 0 devices in the Purdue reference model have often been ignored to date, will this still be possible when the EU’s CRA comes into place?
In this blog, I will discuss a replacement for 4/20mA called Ethernet APL and its implications for functional safety, cybersecurity, and intrinsic safety, most importantly what you can do with the extra power available with Ethernet APL and how to use it to achieve increased levels of functional safety and cybersecurity while also still being intrinsically safe to the highest level (Ex ia for gas group IIC).
Figure 1: Comparison of 4-20mA and Ethernet APL
First, let’s give a quick introduction to Ethernet APL. Ethernet APL is defined in IEC TS 6344:2023 and is based on 10BASE-T1L but made more robust for industrial applications. The APL in the name stands for Advanced Physical Layer, meaning it’s more robust. It brings 10 megabit / second bidirectional Ethernet-based communications down to the factory floor and into process control with a range of up to 1km for trunk ports and 200m for spur ports. Both the signal and power are transmitted on the same 2 wires, and in some brown field sites, this allows you to reuse the wires from a previous 4/20mA install. Ethernet APL only covers the physical levels, and so you can use any high-level Ethernet protocol on top of APL. The spurs use 1V pk-pk signalling, which limits their range to 200m maximum, and the trunk uses 2.4V pk-pk signalling. At each end of the spur ports, you will have a power source port and, at the field end, a power load port.
Figure 2: APL network topology
The main chip used in the example above is the ADIN1100, whose full datasheet is available on analog.com.
Figure 3: ADIN100 datasheet snapshot
IEC 63444 defines various power classes. Power class A is suitable for use in intrinsic safety applications that require Ex ia for gas group IIC. With power class A, you have 540mW available in the field. This can be a game-changer for functional safety, intrinsic safety, and cybersecurity. IEC TS 60079-47 defines 2-WISE (2 Wire Intrinsically Safe Ethernet) and specifies the intrinsic safety requirements for Ethernet APL.
Figure 4: IEC TS 63444 abstract
The LT8440 from Analog Devices has been specifically designed to handle power control in Ethernet APL intrinsic safety applications and to facilitate redundancy to meet the 2 countable faults required for EX ia.
Figure 5: 3XLT8440 to meet the power requirements in a field device for EX ia
In a future blog, I might cover what else is required after the LT8440 to make a system intrinsically safe. Still, for now, I ask you to accept that it is possible, and let’s explore what we can do in terms of functional safety and cybersecurity with the 540mW available to the field device.
With 540mW, you should have enough to implement an SCL (safety communication layer) to meet the requirements for safe communications according to IEC 61784-3, including PROFIsafe. You should also have sufficient power to implement a uC and a safety concept that addresses systematic failure modes and diagnostics, meeting IEC 61508 hardware metrics, including SFF and PFD. Those diagnostics might also be useful to validate your measurements for cybersecurity purposes, but that is a topic for a future blog.
For cybersecurity, the 540mw also gives you enough power to add a secure uC such as the MAX32690, which is low power but includes a 120Mz ARM Cortex M4 processor with FPU and a crypto engine.
Figure 6: Snapshot of the security features from the MAX32690 datasheet
This could be especially significant for SL (security level) 3, according to IEC 62443, when there is a preference for hardware-based security.
Figure 7: Some examples of the preference for hardware-based cybersecurity mechanisms in IEC 62443-4-2 for SL 3 and SL 4
Security compliance will be more urgent from 2027 when the CRA (Cyber Resiliency Act) comes into force in Europe. It is expected/hoped that IEC 62443 compliance will give a presumption of conformity with the essential requirements of the CRA. Even if the CRA applies only in Europe, I presume most transmitter manufacturers will want to sell the same instrument worldwide, so there will be benefits, even for transmitters sold for use outside Europe.
While I have focused on process control in this blog, Ethernet APL has broader implications for factory digitization. In upcoming blogs, I will give more details of a transmitter solution based on the above principles.
For more information on Ethernet APL, see lots of articles on analog.com, such as:
- 10BASE-T1L Single-Pair Ethernet Cable Reach and Link Performance
- A video from my colleague Christophe Tremlet on security Ethernet APL end nodes
- A video introducing a new Ethernet APL reference design called HockeyPuck
Check back next month on the second Tuesday of the month for the next blog in this series. Until then, I hope to post “mini blogs” on the other Tuesdays in the month directly from my LinkedIn account. Please follow me on LinkedIn if interested.
Related Blogs
- An introduction to the IEC 62443 series of standards
- Functional safety for networking
- Functional safety for 4/20mA
For previous blogs in this series, see here
For the full suite of ADI blogs on the EngineerZone platform, see here
For the full range of ADI products, see here