Why you should upgrade your control system every 10 years

It’s the beginning of the new year, and everyone’s capital budget is going to get reset and be revised. People will come out with their five-year and 10-year and 20-year plans, and once again plant management will ask the question: “Can we upgrade the control systems?”

Once again, the yearly debate will continue with all the answers to the questions about spares, capacity, resources and insurance already known, but having to be answered to repopulate the study for the C suite.

Most maintenance managers will call on their project managers and planners and engineers and technicians to fill in the blanks for the justifications. They will field the 100 phone calls from the integrators and the original equipment manufacturers (OEMs) saying how great their components are this year and that “this is the best time to upgrade.” Then the list will go out, and the contenders who won the prize will sigh relief and then be disappointed that the front-end loading process for project management of engineering projects will take a year to make sure the design is correct and to get proper bids and contracts in place.

The fallout from the cost centers that do not get machine upgrades will be varied. Some people might quit in defiance and find a company that prioritizes keeping machines up to date. Others will see what they can do to keep the machine going and alleviate downtime. But what can one really say if the company does not upgrade the control systems in a timely manner?

The risks of not upgrading are many. Risks in general are related to cybersecurity, reliability, operability and resource access.

Cybersecurity risks are exposed by legacy systems, such as programmable logic controllers (PLCs) that do not encrypt communications or have certificate management, secure boot or user-role separation. Older PLCs also do not allow for live updates so that people can maintain proper backups or do hot online changes. New networks and edge computers make legacy PLCs subject to ransomware, remote access problems, protocol spoofing and firmware tampering.

Reliability and operability may be related, but in general legacy PLCs are reliable. However, they become more at risk as they age. Sometimes the simple act of having to power legacy components off and then back on can cause component failure. Electrical wiring has a lifespan, and, when PLCs are being used for 40-plus years, there becomes a time when power-up means that the dice are going to land on snake eyes and the card is going to smoke, or the 40-year-old component will fail, and then there will be one person left in the plant that can figure that the replacement card needs to be programmed with firmware to work.

The two things occurring here are simple: the cards are obsolete, and the new engineers are depending on the tribal knowledge to maintain the system. The company risk is that the skills are not being built in real time.

People do not learn that all PLC cards need firmware or configurations, regardless of whether the card requires two hands or one hand to carry. Second, the chances of finding a card if the firmware update fails are slim past 40 years. Thus, there is not a guaranteed reliability when a company is going off using “spares in the storeroom” and depending on the last known person in the plant that can remember how to configure that card—"You know, that one card that we have not had to change in 20 years.”

Reliability and operability are only touching the surface of the costs that are related to the vendor lock-in and the maintenance costs. If a company runs on 40-year-old systems, then they are stuck using the one integrator that will service that machine and they are paying a premium. On top of that, replacement components are on average more expensive than if the system were updated to a modern PLC. Downtime is one issue, but upgrades become harder because there is no guarantee that the old cards will stay reliable to the end of a PLC system conversion. The cost of maintenance on a hybrid system with legacy and new equipment or on multi-vendor systems becomes harder.

Get your subscription to Control Design’s daily newsletter.

Interoperability is at risk because old system protocols were not open standards like OPC UA, MQTT or Ethernet-APL. Legacy systems use proprietary protocols. This means money must be spent on some way to convert the protocol, and that requires money and skills. If components cannot communicate, then there becomes the risk of not having a like-for-like replacement. This increases the risks of downtime from two days to weeks.

Another part of operability is related to safety compliance. Hybrid systems can be hard to integrate with safety standards. Why? There is a mix of hardwired safety and safety over Ethernet IP. If both sides are not integrated properly, then there could be problems.

Resources to run a hybrid system can be difficult, and, if the control system is large, the time and costs to upgrade the system will span millions and years. During the upgrade time, the machine’s operational readiness will be affected.

Thus, the yearly discussion about whether this is the year to upgrade the controls system will continue. Is this enough? In modern manufacturing, companies should know by now that, to stay competitive, they need to cycle their control systems, at a minimum every 10 years. Mind you, that means that the actual change would occur every 20 years due to budget and project management and machine availability. But if the machines just automatically go on an upgrade cycle, then that alleviates the begging for new equipment and 10 years is middle ground for tech expirations.

Another way to alleviate the pain of upgrading is to adopt design specifications that allow for interoperability and expansion. For instance, today’s upgrades are requiring network upgrades and infrastructure. If companies choose to build on that and create PLC systems with good architectures and choose proper field architectures, then upgradeability may become easier due to being more compartmentalized. Ie, put the machine into sections that are easily shut down for maintenance while other parts of the machine may run. Use redundancy for human machine interface (HMI) servers. Use modular field systems that allow everything in one section to be upgraded at a time instead of centralizing wiring. Choose nonproprietary protocols for communications. Use virtual PLCs.

In conclusion, too many times on a controls retrofit, companies and integrators just copy and paste into a new system. However, if the time is spent to look for a design that makes life easier in the future, then it may be worth pursuing if the reward is worth the risk. Either way, both the end user and the integrators need to keep in mind that the era of the SLC or PLC5 or the Modicon Quantum, or the GE 90/70 is over. New PLCs will not last 40 years. Companies should adjust their retrofit cycles to the changing times. Doing so will alleviate untold maintenance down time hours and bloated maintenance costs due to holding on to legacy systems.