Security enhanced for digitalised industrial boilers

Bosch Industriekessel GmbH, part of the Bosch Home Comfort Group, has been making industrial boilers since 1865, and specialises in producing steam and hot water boilers, including large-scale units that generate up to 55 tonnes of steam per hour.

“We’ve been making industrial boilers for a long time and now stand as market leaders in our segment,” said Klaus-Hinrich Koch, Development Engineer at Bosch.

A key factor in Bosch’s success is the ability to evolve with the times, offering modern solutions such as remote management of boilers and a range of decarbonised, electrical boilers: “We recently worked with a fish factory in Iceland where they produce their own packaging material using steam from one of our electrical boilers, powered by 100% green electricity,” Koch said.

Bosch has been using industrial networking technologies from HMS in its boilers since 2011, when it started to include Anybus X-Gateways with its Boiler Control (BCO) and System Control (SCO) systems. The BCO manages the boiler itself, while the SCO oversees the entire boiler house, automating systems like feed water conditioning, condensate return and fuel monitoring.

“For a typical installation with two boilers, each boiler has its own BCO, with a dedicated connection to the SCADA system,” Koch explained. “Additionally, the SCO manages the overarching systems and is also connected to the SCADA system. In this scenario, we use three Anybus gateways: one for each BCO and one for the SCO.”

The Anybus gateways play a critical role in ensuring connectivity.

“If a customer wants data from our boiler system, we use an Anybus gateway to connect their SCADA system to our BCO or SCO. Our systems use Profinet, but the customer might use Modbus/TCP, RTU or Profibus, so we use the gateway to convert the protocols,” Koch said.

But the gateways don’t just offer protocol conversion; they also enhance security.

“For maximum security of our systems, it is important to decouple system control from data communication. This helps avoid security-critical misuse from outside the system while maximising the integration of data into the local automation system,” Koch said. “That is why we still use a gateway even if the customer uses Profinet. For security reasons, we have to separate the boiler house network from the customer’s network.”

To simplify the installation at the customer site, Bosch preconfigures the gateways for its side and, if provided with the necessary information, also for the customer side before shipping. The company also conducts comprehensive testing before anything leaves the factory.

“We want to spot and resolve problems before we deliver anything. Trying to solve issues later is very time-consuming and expensive,” Koch said.

In the interest of keeping up with the latest technology, Bosch is currently transitioning from the Anybus X-Gateways to the next-generation Anybus Communicators.

“We’ve delivered some boiler systems with the new Modbus/TCP-to-Profinet and Profibus-to-Profinet Communicators,” Koch said. “The web-based user interface makes configuration easier. It’s quicker to install and also easier to understand. We also use the diagnostics tab in our test system to check the connections during our integration tests.

“The Ethernet connection is also useful. I can put the Communicator in the same address range as our PLC, program our PLC, and see the connection on the Communicator’s webpage. It’s easier because I don’t have to change addresses.”

Improvements in cybersecurity capabilities have also come in handy for Bosch.

“Cybersecurity is becoming increasingly important, and the Communicator helps us improve security,” Koch said. “It provides an extra layer of security by segmenting the network, but I particularly like the small security switch on the Communicator. It prevents changes to parameters, addresses and so on, in an easy way. During our testing process, we performed some hacking tests, and the Communicator passed them all. It was not possible to access our PLC from the customer’s side of the network, so the security features worked well.”

Image credit: Bosch Industriekessel GmbH