Safety over EtherCAT was already internationally standardized within IEC 61748-3-12:2010 in 2010 as FSCP 12 (Functional Safety Communication Protocol) and is still valid today in the original edition 1.0. The review by TÜV SÜD now confirms that the FSoE protocol also meets the new normative requirements of IEC 61784-3:2021 Ed. 4.0 without any changes and is therefore still suitable for use in applications up to a Safety Integrity Level (SIL) 3. Full compatibility with devices from 2010 onwards is thus still ensured.
The FSoE protocol is based on the so-called black channel approach, in which the transport medium is not included in the safety consideration and therefore does not place any requirements on the nature of the communication system itself. Safety over EtherCAT therefore not only exists on the basis of EtherCAT, but is also frequently routed via other communication protocols and media, for example for machine networking via standard Ethernet or for connecting mobile machines via radio transmission.
Dr. Guido Beckmann, ETG expert in the IEC working group WG12 on IEC 61784-3, said: «We actively support the work of the IEC in order to discuss and help shape new findings and requirements for secure communication. The security measures of the FSoE protocol were already cleverly chosen at the very beginning so that they also meet the new requirements of IEC 61784-3:2021. For EtherCAT device users and the many suppliers of the technology, this guarantees stable and open safety-related communication with the greatest possible investment protection.»
IEC 61784-3 defines the general requirements for functionally safe communication profiles in industrial networks. The new edition IEC 61784-3:2021 has essentially been extended by two normative requirements. Firstly, a model has been introduced that estimates the residual error probability for timeliness, authenticity and data integrity in a secure logical connection. Secondly, the standard now requires the safeguarding of explicit and implicit mechanisms in a safety protocol. In this case, the implicit mechanism does not transmit all the data corresponding to safety measures, but uses data that is known in both the sender and the receiver to calculate the complete CRC signature. In the case of Safety over EtherCAT, for example, this corresponds to the incrementing cycle counter.