WO2023079652A1 - Control device, control method, and cloud system - Google Patents

Control device, control method, and cloud system Download PDF

Info

Publication number
WO2023079652A1
WO2023079652A1 PCT/JP2021/040661 JP2021040661W WO2023079652A1 WO 2023079652 A1 WO2023079652 A1 WO 2023079652A1 JP 2021040661 W JP2021040661 W JP 2021040661W WO 2023079652 A1 WO2023079652 A1 WO 2023079652A1
Authority
WO
WIPO (PCT)
Prior art keywords
network communication
communication data
control
unit
industrial machine
Prior art date
Application number
PCT/JP2021/040661
Other languages
French (fr)
Japanese (ja)
Inventor
八起 高嶋
Original Assignee
ファナック株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ファナック株式会社 filed Critical ファナック株式会社
Priority to PCT/JP2021/040661 priority Critical patent/WO2023079652A1/en
Publication of WO2023079652A1 publication Critical patent/WO2023079652A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Definitions

  • the present invention relates to control devices, control methods, and cloud systems.
  • control device of the present disclosure is a control device having a digital twin function that controls an industrial machine in both a virtual environment and a real environment, receiving network communication data for the industrial machine from the outside, a network communication verification unit that verifies the safety of communication data; a control simulation unit that processes the received network communication data in the virtual environment; and the industrial machine in the real environment using the network communication data. and a real operation control unit that controls operation, wherein the network communication verification unit transmits the received network communication data to the control simulation unit, and the network communication data is processed based on the processing of the network communication data by the control simulation unit. The safety of the communication data is verified, and the network communication data verified as safe is output to the real motion control section.
  • One aspect of the control method of the present disclosure is a control method that enables a computer to implement a digital twin function that controls an industrial machine in both a virtual environment and a real environment, wherein network communication data for the industrial machine is received from the outside. and executing the processing of the received network communication data in the virtual environment, verifying the safety of the network communication data based on the processing of the network communication data, and using the network communication data verified to be safe.
  • the operation of the industrial machine is controlled in the real environment.
  • One aspect of the cloud system of the present disclosure includes a plurality of virtual execution environments that load and execute a virtual environment for controlling industrial machines on the cloud for each of a plurality of manufacturing bases.
  • a network communication verification unit that receives network communication data for the industrial machine and verifies the safety of the network communication data; and a control simulation unit that executes processing of the received network communication data in the virtual environment.
  • the network communication verification unit transmits the received network communication data to the control simulation unit, verifies the safety of the network communication data based on the processing of the network communication data by the control simulation unit,
  • the verified network communication data is output to the real control device located at the corresponding manufacturing base.
  • FIG. 1 is a functional block diagram showing a functional configuration example of an industrial machine control system according to one embodiment
  • FIG. 4 is a flowchart for explaining control processing of the numerical controller 10
  • FIG. 3 is a flowchart for explaining detailed processing contents of a safety verification process shown in step S3 of FIG. 2
  • FIG. 1 is a diagram showing a configuration example of an industrial machine control system
  • FIG. 1 is a diagram showing a configuration example of an industrial machine control system in which a real numerical controller is arranged in a machine tool
  • FIG. 1 is a diagram showing a configuration example of an industrial machine control system
  • FIG. 4 is a flowchart for explaining control processing of the numerical controller 10
  • FIG. 3 is a flowchart for explaining detailed processing contents of a safety verification process shown in step S3 of FIG. 2
  • FIG. 1 is a diagram showing a configuration example of an industrial machine control system
  • FIG. 1 is a diagram showing a configuration example of an industrial machine control system in which a real numerical controller is arranged in
  • FIG. 1 is a functional block diagram showing a functional configuration example of an industrial machine control system according to one embodiment.
  • a machine tool is exemplified as an industrial machine
  • a numerical controller is exemplified as a controller.
  • the present invention is not limited to machine tools and numerical control devices, but is also applicable to industrial machines such as injection molding machines, industrial robots, and service robots, and robot control devices that control industrial robots and the like. It is possible.
  • an industrial machine control system 1 includes a numerical controller 10 and network communication equipment 20 .
  • the numerical controller 10 and the network communication device 20 may be interconnected via a network (not shown) such as a LAN (Local Area Network) or the Internet.
  • the numerical controller 10 and the network communication device 20 are provided with a communication section (not shown) for mutual communication through such connection.
  • the numerical controller 10 and the network communication device 20 may be directly connected to each other via a connection interface (not shown).
  • a firewall (not shown) may be arranged between the numerical controller 10 and the network communication device 20.
  • the network communication device 20 is a computer, a tablet terminal, a smartphone, or the like connected to a network (not shown). Send and receive communication data.
  • the network communication device 20 may be a real-environment numerical control device 10 or a display device (not shown) built in a machine tool (not shown).
  • the numerical control device 10 is a numerical control device known to those skilled in the art, for example, generates an operation command based on network communication data received from the network communication device 20, and outputs the generated operation command to a machine tool (not shown). . Thereby, the numerical controller 10 controls the operation of the machine tool (not shown). If the machine tool (not shown) is a robot or the like, the numerical controller 10 may be a robot controller or the like. As shown in FIG. 1 , the numerical controller 10 includes a control section 100 .
  • the controller 100 includes a virtual numerical controller 110 and a real numerical controller 120 .
  • the virtual numerical control unit 110 also includes a network communication verification unit 111 and a CNC control simulation unit 112 as a control simulation unit.
  • the real numerical control unit 120 includes a network communication processing unit 121 and a CNC control unit 122 as a real operation control unit. Note that the virtual numerical control unit 110 and the real numerical control unit 120 may be arranged in different devices.
  • the control unit 100 has a CPU, a ROM, a RAM, a CMOS memory, etc., which are known to those skilled in the art and are configured to communicate with each other via a bus.
  • the CPU is a processor that controls the numerical controller 10 as a whole.
  • the CPU reads the system program and application program stored in the ROM through the bus and controls the entire numerical controller 10 according to the system program and application program.
  • the control section 100 is configured to implement the functions of the virtual numerical control section 110 and the real numerical control section 120 .
  • the virtual numerical control unit 110 is configured to realize the functions of the network communication verification unit 111 and the CNC control simulation unit 112 .
  • the real numerical control unit 120 is configured to implement the functions of the network communication processing unit 121 and the CNC control unit 122 .
  • Various data such as temporary calculation data and display data are stored in the RAM.
  • the CMOS memory is backed up by a battery (not shown), and configured as a non-volatile memory that retains the stored state even when the power of the numerical controller 10 is turned off.
  • the control unit 100 may execute a security application program and perform security software monitoring of network communication data transmitted and received with the network communication device 20 .
  • the virtual numerical control unit 110 executes network communication processing (simulation) on the received network communication data in the virtual environment, and performs test operations. do.
  • the virtual numerical control unit 110 confirms the state of the industrial machine control system 1 after the network communication processing of the network communication data, that is, the operation of the numerical control device 10 and the machine tool (not shown) in the virtual environment, there is no problem. , transfers the received network communication data to the real numerical control unit 120, which will be described later.
  • the virtual numerical control unit 110 includes the network communication verification unit 111 and the CNC control simulation unit 112 as described above.
  • the network communication verification unit 111 receives, for example, network communication data such as a connection request, parameter change command, and machining program from the network communication device 20, and outputs the received network communication data to the CNC control simulation unit 112, which will be described later. .
  • the network communication verification unit 111 may perform authentication processing when the network communication data from the network communication device 20 is a connection request. Further, when the network communication data from the network communication device 20 is encrypted data, the network communication verification section 111 may decrypt the network communication data and output it to the CNC control simulation section 112 .
  • the network communication verification unit 111 confirms the safety of the received network communication data based on the simulation result of the CNC control simulation unit 112, and performs real numerical control of the network communication data only when the received network communication data is determined to be safe.
  • the network communication verification unit 111 may return the verification result to the network communication device 20, for example, when a leased line or VPN (virtual private line) is accessed, or on the premise of appropriate user authentication.
  • the security verified by the network communication verification unit 111 includes (a) system operation state, (b) state after restart, (c) alarm state, and (d) program executable state, and these will be described.
  • the network communication verification unit 111 is not limited to verifying the safety of (a) system operation state, (b) state after restart, (c) alarm state, and (d) program executable state. and verifying the safety of at least one of (a) a system operational state, (b) a state after a restart, (c) an alarm state, and (d) a program executable state. You may
  • the network communication verification unit 111 processes the network communication data in the virtual environment based on the simulation results of the CNC control simulation unit 112, for example, and then processes the numerical control device 10 and the machine tool (not shown) in the virtual environment. Confirm that the industrial machine control system 1 including By doing so, even if the numerical control device 10 receives the network communication data by spoofing, it confirms that the industrial machine control system 1 does not stop due to the parameter change command and the machining program included in the network communication data. be able to.
  • the network communication verification unit 111 performs industrial machine control after processing the network communication data based on the simulation results of the CNC control simulation unit 112. By restarting the system 1, the initialization of the industrial machine control system 1 is normally performed, and the parameter change etc. are normally set and reflected in the numerical controller 10 and/or the machine tool (not shown). make sure there is
  • the network communication verification unit 111 determines the simulation result of the CNC control simulation unit 112 Confirm that the machining program can be executed (cycle start) without interference with the workpiece or the like when the network communication data is processed based on the above.
  • the CNC control simulation unit 112 executes, for example, network communication processing (simulation) of network communication data received from the network communication verification unit 111 in a virtual environment.
  • CNC control simulation section 112 outputs the simulation result to network communication verification section 111 .
  • the network communication processing (simulation) executed by the CNC control simulation unit 112 can use a known method, and detailed description thereof will be omitted.
  • the CNC control simulation unit 112 may execute network communication processing (simulation) for several years on network communication data in a short period of time, for example, by speeding up the time in the virtual environment.
  • the real numerical control unit 120 controls the operation of a machine tool (not shown) based on the network communication data received from the network communication verification unit 111 .
  • the real numerical control unit 120 returns control results to the network communication device 20 via the virtual numerical control unit 110 .
  • the real numerical control unit 120 includes the network communication processing unit 121 and the CNC control unit 122 as described above.
  • the network communication processing unit 121 receives only network communication data determined to be safe by the network communication verification unit 111, and performs network communication processing on the received network communication data.
  • the network communication processing unit 121 outputs the processed network communication data to the CNC control unit 122 which will be described later.
  • the CNC control unit 122 uses the network communication data received from the network communication processing unit 121 to control the operation of a machine tool (not shown) in a real environment. Specifically, for example, when the received network communication data is a parameter change command for the real numerical control unit 120 and/or a machine tool (not shown), the CNC control unit 122 controls the real numerical control unit 120 and/or the machine tool (not shown). In order to set and reflect the parameters in the machine (not shown), the real numerical control unit 120 and/or the machine tool (not shown) are restarted. Also, for example, when the received network communication data is a machining program, the CNC control unit 122 generates a control command based on the machining program, and outputs the generated control command to a machine tool (not shown). The CNC control unit 122 returns the control result of the machine tool (not shown) to the network communication device 20 via the network communication processing unit 121 .
  • FIG. 2 is a flowchart for explaining control processing of the numerical controller 10. As shown in FIG. The flow shown here is repeatedly executed each time network communication data is received from the network communication device 20 .
  • step S ⁇ b>1 the network communication verification unit 111 receives network communication data from the network communication device 20 .
  • step S2 the CNC control simulation unit 112 executes network communication processing (simulation) of the network communication data received in step S1.
  • step S3 the network communication verification unit 111 performs safety verification processing based on the simulation results of step S2. A detailed flow of the safety verification process will be described later.
  • step S4 the network communication verification unit 111 determines whether or not there is any problem with the verification based on the result of the safety verification process in step S3. If there is no problem with verification, the process proceeds to step S5. On the other hand, if there is a problem with verification, the process proceeds to step S7.
  • step S5 the network communication verification unit 111 transfers the network communication data received in step S1 to the real numerical control unit 120.
  • step S6 the network communication verification unit 111 returns to the network communication device 20 a response from the real numerical control unit 120 to the network communication transferred in step S5.
  • step S7 the network communication verification unit 111 stores the network communication data received in step S1 together with the determination information in, for example, a predetermined non-acceptance data storage unit (not shown). Alternatively, an alarm may be sent to the administrator to the effect that unsafe data has been received.
  • FIG. 3 is a flowchart for explaining the detailed processing contents of the safety verification process shown in step S3 of FIG.
  • step S31 the network communication verification unit 111 confirms that the industrial machine control system 1 has not stopped in the virtual environment after processing the network communication data in the virtual environment based on the simulation result of the CNC control simulation unit 112.
  • step S ⁇ b>32 if the network communication data includes a parameter change command or the like, the network communication verification unit 111 restarts the industrial machine control system 1 after processing the network communication data based on the simulation result of the CNC control simulation unit 112 . By starting up, it is confirmed that the initialization of the industrial machine control system 1 is performed normally, and that parameter changes, etc. are set and reflected normally in the numerical controller 10 and/or the machine tool (not shown). do.
  • step S33 the network communication verification unit 111 confirms that no alarm has occurred in the industrial machine control system 1 after processing the network communication data based on the simulation result of the CNC control simulation unit 112.
  • step S34 the network communication verification unit 111 processes the network communication data based on the simulation result of the CNC control simulation unit 112. After the network communication data is processed, the network communication verification unit 111 performs machining without interference with the workpiece or the like by the machining program added or changed by the network communication data. Check that program execution (cycle start) is possible.
  • step S35 the network communication verification unit 111 determines whether or not there is any problem in all verification results from steps S31 to S34. If there is no problem in all verification results, the process proceeds to step S36. On the other hand, if at least one verification result has a problem, the process proceeds to step S37.
  • step S36 the network communication verification unit 111 sets the verification result to "no problem in verification", and returns to step S4 in FIG.
  • step S37 the network communication verification unit 111 determines that "verification has a problem" and returns to step S4 in FIG. Note that the processes from step S31 to step S34 may be executed in any order, some steps may be omitted, or they may be executed in parallel.
  • the numerical control device 10 can verify the safety by executing a simulation of the received network communication data in a virtual environment.
  • a machine tool (not shown) can be safely controlled.
  • the numerical control device 10 can perform network communication processing (simulation) of network communication data in a short period of time, such as several years, in a virtual environment, even if it is a new or unknown type of malware or virus that cannot be detected by anti-virus software. By doing so, the timed firing of the malware/virus can be detected, and the safety can be verified.
  • the numerical controller 10 decrypts even encrypted network communication data that cannot be inspected by anti-virus software, and performs network communication processing (simulation) on the network communication data in a virtual environment, thereby verifying its safety. It becomes possible. By doing so, it is possible to reduce the risk of an external attack on the numerical control device 10 mounted on the machine tool, etc., and to continue the manufacturing activities of the machine tool-using enterprise.
  • the numerical control device 10 is not limited to the above-described embodiment, and includes modifications, improvements, etc. within a range that can achieve the purpose.
  • the numerical controller 10 has a virtual numerical controller 110 and a real numerical controller 120, but is not limited to this.
  • the industrial machine control system 1 includes, as the numerical controller 10, a virtual numerical controller 10A (on the digital twin side) having the functions of the virtual numerical controller 110 and the functions of the real numerical controller 120. and the real numerical control device 10B (real side) having . 4, the network communication verification unit 111 and the CNC control simulation unit 112 included in the virtual numerical control unit 110, and the network communication processing unit 121 and the CNC control unit 122 included in the real numerical control unit 120 are shown. omitted.
  • the industrial machine control system 1 detects an attack that suspends corporate activities in response to a control request from the network communication device 20 by the virtual numerical control device 10A (digital twin side) that executes on the virtual environment. By transferring only valid requests to the real numerical controller 10B (real side), it is possible to protect the manufacturing base while providing the network communication device 20 with monitoring and control functions.
  • the virtual numerical controller 10A may be a computer or the like, and the real numerical controller 10B may be a numerical controller mounted on a machine tool (not shown).
  • a firewall (not shown) may be arranged between the virtual numerical controller 10A and the real numerical controller 10B. Thereby, the security of the industrial machine control system 1 can be further enhanced.
  • FIG. 5 is a diagram showing a configuration example of the industrial machine control system 1 when the real numerical controller 10B is arranged in the machine tool 30.
  • the real numerical control device 10B responds to the user's input operation of a machine tool display device (HMI) 31 as an input unit included in the machine tool 30 as the network communication device 20.
  • HMI machine tool display device
  • the input data is sent to the virtual numerical control unit 110 (on the digital twin side) as network communication data, and a simulation is performed in the virtual environment. Actual processing may be performed in some cases.
  • the machine tool display device 31 may display the verification result received from the virtual numerical controller 10A.
  • FIG. 6 is a diagram showing a configuration example of the industrial machine control system 1B.
  • the cloud system 40 loads and executes virtual environments (containers (registered trademark)) of n manufacturing bases/devices of the same company or different companies on the cloud, and n Virtual numerical control environments 110a-1 to 110a-n (n is an integer equal to or greater than 2) may be provided as virtual execution environments for each manufacturing site/device.
  • Each of the virtual numerical control environments 110a-1 to 110a-n includes a network communication verification section 111 and a CNC control simulation section 112, like the virtual numerical control section 110 in FIG. Accordingly, the cloud system 40 may perform verification by switching to a virtual device that operates on the virtual environment according to the industrial machine that received the network communication data. The cloud system 40 may distribute only the verified network communication data to the real numerical control device 10B arranged at the corresponding manufacturing base/device. Note that the real numerical control device 10B has the same functions as the real numerical control device 10B of FIG. By doing so, preparation of a virtual execution environment in the real numerical controller 10B arranged at each manufacturing site/device becomes unnecessary.
  • Each function included in the numerical control device 10 in one embodiment can be realized by hardware, software, or a combination thereof.
  • “implemented by software” means implemented by a computer reading and executing a program.
  • Each component included in the numerical controller 10 can be realized by hardware including electronic circuits, software, or a combination thereof.
  • the programs that make up this software are installed on the computer. These programs may be recorded on removable media and distributed to users, or may be distributed by being downloaded to users' computers via a network.
  • some or all of the functions of each component included in the above device are, for example, ASIC (Application Specific Integrated Circuit), gate array, FPGA (Field Programmable Gate Array), CPLD ( It can be composed of an integrated circuit (IC) such as a Complex Programmable Logic Device.
  • ASIC Application Specific Integrated Circuit
  • FPGA Field Programmable Gate Array
  • CPLD It can be composed of an integrated circuit (IC) such as a Complex Programmable Logic Device.
  • Non-transitory computer-readable media include various types of tangible storage media.
  • Examples of non-transitory computer-readable media include magnetic recording media (e.g., flexible discs, magnetic tapes, hard disk drives), magneto-optical recording media (e.g., magneto-optical discs), CD-ROMs (Read Only Memory), CD- R, CD-R/W, semiconductor memory (eg, mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM).
  • the program may also be supplied to the computer on various types of transitory computer readable medium. Examples of transitory computer-readable media include electrical signals, optical signals, and electromagnetic waves. Transitory computer-readable media can deliver the program to the computer via wired communication channels, such as wires and optical fibers, or wireless communication channels.
  • steps of writing a program recorded on a recording medium include not only processes that are executed chronologically in order, but also processes that are executed in parallel or individually, even if they are not necessarily processed chronologically. is also included.
  • control device control method, and cloud system of the present disclosure can take various embodiments having the following configurations.
  • the numerical control device 10 of the present disclosure is a control device having a digital twin function that controls an industrial machine in both a virtual environment and a real environment, and receives network communication data for the industrial machine from the network communication device 20.
  • a network communication verification unit 111 verifies the safety of network communication data
  • a CNC control simulation unit 112 executes processing of the received network communication data in a virtual environment, and the industrial machine is simulated in a real environment using the network communication data.
  • the network communication verification unit 111 transmits the received network communication data to the CNC control simulation unit 112, and the network communication data is processed by the CNC control simulation unit 112 based on the network communication data. It verifies the safety of the communication data and outputs the network communication data verified as safe to the CNC control unit 122 . According to this numerical controller 10, even if security measures are breached, industrial machines can be safely controlled.
  • the verification of the safety of the network communication data includes processing the network communication data in at least a virtual environment, and then performing the industrial machine control system 1 including the numerical controller 10 and the industrial machine.
  • the system operation state indicating that the is not stopped, the state after restart indicating that the industrial machine control system 1 has been restarted after processing the network communication data and the initialization of the industrial machine control system 1 has been completed, and the network communication An alarm state indicating that no alarm has occurred in the industrial machine control system 1 after processing the data, or a program executable state indicating that the industrial machine control system 1 can execute the machining program after processing the network communication data.
  • the numerical control device 10 can more reliably verify whether or not the received network communication data contains an attack that stops the industrial machine control system 1 .
  • the network communication verification unit 111 further uses the input data input by the user from the input unit included in the industrial machine as network communication data for security. After verification, the CNC control unit 122 may control the operation of the industrial machine in a real environment based on the input data verified as safe by the network communication verification unit 111 . By doing so, the numerical controller 10 can prevent erroneous operations by the user.
  • a control method of the present disclosure is a control method that enables a computer to realize a digital twin function that controls an industrial machine in both a virtual environment and a real environment, and receives network communication data for the industrial machine from the outside. Then, process the received network communication data in a virtual environment, verify the safety of the network communication data based on the processing of the network communication data, and use the network communication data that has been verified as safe to operate the industrial machine in the real environment. to control the operation. According to this control method, the same effect as (1) can be obtained.
  • the cloud system 40 of the present disclosure includes a plurality of virtual numerical control environments 110a-1 to 110a-n that load and execute a virtual environment for controlling industrial machines on the cloud for each of a plurality of manufacturing bases.
  • Each of the virtual numerical control environments 110a-1 to 110a-n receives network communication data for industrial machines from the outside, and has a network communication verification unit 111 that verifies the safety of the network communication data and processes the received network communication data.
  • the network communication verification unit 111 transmits the received network communication data to the control simulation unit 112, and based on the processing of the network communication data by the control simulation unit 112, the network communication verification unit 111 The safety of the communication data is verified, and the network communication data verified as safe is output to the real numerical controller 10B arranged at the corresponding manufacturing base. According to this cloud system 40, the same effect as (1) can be obtained.

Abstract

The purpose of the present invention is to safely control industrial machines even when security measures are broken through. This control device has a digital twin function for controlling an industrial machine in both a virtual environment and a real environment, wherein: the control device comprises a network communication verification unit for receiving network communication data for the industrial machine from the outside and verifying the safety of the network communication data, a control simulation unit for processing the received network communication data in the virtual environment, and a real operation control unit for controlling the operation of the industrial machine in the real environment using the network communication data; and the network communication verification unit transmits the received network communication data to the control simulation unit, verifies the safety of the network communication data on the basis of the processing of the network communication data by the control simulation unit, and outputs network communication data that is verified to be safe to the real operation control unit.

Description

制御装置、制御方法、及びクラウドシステムControl device, control method, and cloud system
 本発明は、制御装置、制御方法、及びクラウドシステムに関する。 The present invention relates to control devices, control methods, and cloud systems.
 近年、製造現場のIoT化やリモートワーク推進が進む一方、ランサムウェア等により企業活動を停止させ身代金を請求する事案が増えている。工作機械やロボット等を制御する制御装置においても攻撃対象となりうる。
 これに対して、ユーザ認証、暗号鍵を用いた暗号化通信、ファイアウォール、セキュリティソフトによるウィルス・標的型攻撃監視といった一般的なセキュリティ対策が考えられる。
 この点、受信したPDFネットワークコンテンツに悪意あるネットワークコンテンツを示す少なくとも1つの不審性が含まれているかを判断すべく、当該PDFネットワークコンテンツを検査し、少なくとも1つの不審性を含むと判断されたPDFネットワークコンテンツを、少なくとも1つの仮想マシンに提供し、少なくとも1つの不審性を含むと判断されたPDFネットワークコンテンツが悪意あるネットワークコンテンツを含むかを検証すべく、当該少なくとも1つの仮想マシンより受信した応答を分析する技術が知られている。例えば、特許文献1参照。 In recent years, while the IoT in manufacturing sites and the promotion of remote work have progressed, there have been an increasing number of cases in which corporate activities are suspended and ransoms are demanded due to ransomware, etc. Control devices that control machine tools, robots, etc. can also be attacked.
General security measures such as user authentication, encrypted communication using encryption keys, firewalls, and virus/targeted attack monitoring using security software are conceivable.
In this regard, examining the received PDF network content to determine if the received PDF network content contains at least one objection indicative of malicious network content, and the PDF determined to contain at least one objection. A response received from at least one virtual machine for providing network content to at least one virtual machine and verifying whether the PDF network content determined to contain malicious content contains malicious network content. is known. See Patent Document 1, for example.
特表2014-504765号公報Japanese translation of PCT publication No. 2014-504765
 しかしながら、認証を回避する等のなりすましの攻撃が巧妙化している。また、新種・未知のマルウェア・ウィルスはセキュリティソフト監視による検出が困難であるとともに、暗号化ネットワーク通信データはセキュリティソフト監視による検出が困難であるという問題がある。 However, spoofing attacks such as bypassing authentication are becoming more sophisticated. In addition, it is difficult to detect new and unknown malware and viruses by security software monitoring, and it is difficult to detect encrypted network communication data by security software monitoring.
 そこで、セキュリティ対策が突破されたとしても、産業機械を安全に制御することが望まれている。 Therefore, even if security measures are breached, it is desirable to safely control industrial machines.
 本開示の制御装置の一態様は、産業機械を仮想環境とリアル環境との両方で制御するデジタルツイン機能を有する制御装置であって、外部より前記産業機械に対するネットワーク通信データを受信し、前記ネットワーク通信データの安全性を検証するネットワーク通信検証部と、受信された前記ネットワーク通信データの処理を前記仮想環境で実行する制御シミュレーション部と、前記ネットワーク通信データを用いて前記産業機械を前記リアル環境で動作制御するリアル動作制御部と、を備え、前記ネットワーク通信検証部は、受信した前記ネットワーク通信データを前記制御シミュレーション部に送信し、前記制御シミュレーション部による前記ネットワーク通信データの処理に基づいて前記ネットワーク通信データの安全性を検証し、安全と検証したネットワーク通信データを前記リアル動作制御部に出力する。 One aspect of the control device of the present disclosure is a control device having a digital twin function that controls an industrial machine in both a virtual environment and a real environment, receiving network communication data for the industrial machine from the outside, a network communication verification unit that verifies the safety of communication data; a control simulation unit that processes the received network communication data in the virtual environment; and the industrial machine in the real environment using the network communication data. and a real operation control unit that controls operation, wherein the network communication verification unit transmits the received network communication data to the control simulation unit, and the network communication data is processed based on the processing of the network communication data by the control simulation unit. The safety of the communication data is verified, and the network communication data verified as safe is output to the real motion control section.
 本開示の制御方法の一態様は、コンピュータに、産業機械を仮想環境とリアル環境との両方で制御するデジタルツイン機能を実現させる制御方法であって、外部より前記産業機械に対するネットワーク通信データを受信し、受信した前記ネットワーク通信データの処理を前記仮想環境で実行し、前記ネットワーク通信データの処理に基づいて前記ネットワーク通信データの安全性を検証し、安全と検証されたネットワーク通信データを用いて前記産業機械を前記リアル環境で動作制御する。 One aspect of the control method of the present disclosure is a control method that enables a computer to implement a digital twin function that controls an industrial machine in both a virtual environment and a real environment, wherein network communication data for the industrial machine is received from the outside. and executing the processing of the received network communication data in the virtual environment, verifying the safety of the network communication data based on the processing of the network communication data, and using the network communication data verified to be safe. The operation of the industrial machine is controlled in the real environment.
 本開示のクラウドシステムの一態様は、クラウド上で産業機械を制御する仮想環境を複数の製造拠点毎にロード・実行する複数の仮想実行環境を備え、前記複数の仮想実行環境それぞれは、外部より前記産業機械に対するネットワーク通信データを受信し、前記ネットワーク通信データの安全性を検証するネットワーク通信検証部と、受信された前記ネットワーク通信データの処理を前記仮想環境で実行する制御シミュレーション部と、を備え、前記ネットワーク通信検証部は、受信した前記ネットワーク通信データを前記制御シミュレーション部に送信し、前記制御シミュレーション部による前記ネットワーク通信データの処理に基づいて前記ネットワーク通信データの安全性を検証し、安全と検証したネットワーク通信データを対応する製造拠点に配置されたリアル制御装置に出力する。 One aspect of the cloud system of the present disclosure includes a plurality of virtual execution environments that load and execute a virtual environment for controlling industrial machines on the cloud for each of a plurality of manufacturing bases. a network communication verification unit that receives network communication data for the industrial machine and verifies the safety of the network communication data; and a control simulation unit that executes processing of the received network communication data in the virtual environment. , the network communication verification unit transmits the received network communication data to the control simulation unit, verifies the safety of the network communication data based on the processing of the network communication data by the control simulation unit, The verified network communication data is output to the real control device located at the corresponding manufacturing base.
 一態様によれば、セキュリティ対策が突破されたとしても、産業機械を安全に制御することができる。 According to one aspect, even if security measures are breached, industrial machines can be safely controlled.
一実施形態に係る産業機械制御システムの機能的構成例を示す機能ブロック図である。1 is a functional block diagram showing a functional configuration example of an industrial machine control system according to one embodiment; FIG. 数値制御装置10の制御処理について説明するフローチャートである。4 is a flowchart for explaining control processing of the numerical controller 10; 図2のステップS3で示した安全性検証処理の詳細な処理内容を説明するフローチャートである。FIG. 3 is a flowchart for explaining detailed processing contents of a safety verification process shown in step S3 of FIG. 2; FIG. 産業機械制御システムの構成例を示す図である。1 is a diagram showing a configuration example of an industrial machine control system; FIG. リアル数値制御装置が工作機械に配置される場合の産業機械制御システムの構成例を示す図である。1 is a diagram showing a configuration example of an industrial machine control system in which a real numerical controller is arranged in a machine tool; FIG. 産業機械制御システムの構成例を示す図である。1 is a diagram showing a configuration example of an industrial machine control system; FIG.
<一実施形態>
 図1は、一実施形態に係る産業機械制御システムの機能的構成例を示す機能ブロック図である。ここでは、産業機械として工作機械を、また制御装置として数値制御装置を例示する。なお、本発明は、工作機械及び数値制御装置に限定されず、例えば射出成形機や産業用ロボット、サービス用ロボット等の産業機械、及び産業用ロボット等を制御するロボット制御装置に対しても適用可能である。
 図1に示すように、産業機械制御システム1は、数値制御装置10、及びネットワーク通信機器20を含む。
 数値制御装置10、及びネットワーク通信機器20は、LAN(Local Area Network)やインターネット等の図示しないネットワークを介して相互に接続されていてもよい。この場合、数値制御装置10、及びネットワーク通信機器20は、かかる接続によって相互に通信を行うための図示しない通信部を備えている。なお、数値制御装置10、及びネットワーク通信機器20は、図示しない接続インタフェースを介して互いに直接接続されてもよい。
 また、産業機械制御システム1は、数値制御装置10とネットワーク通信機器20との間に、図示しないファイアウォールが配置されてもよい。 <One embodiment>
FIG. 1 is a functional block diagram showing a functional configuration example of an industrial machine control system according to one embodiment. Here, a machine tool is exemplified as an industrial machine, and a numerical controller is exemplified as a controller. It should be noted that the present invention is not limited to machine tools and numerical control devices, but is also applicable to industrial machines such as injection molding machines, industrial robots, and service robots, and robot control devices that control industrial robots and the like. It is possible.
As shown in FIG. 1 , an industrial machine control system 1 includes a numerical controller 10 and network communication equipment 20 .
The numerical controller 10 and the network communication device 20 may be interconnected via a network (not shown) such as a LAN (Local Area Network) or the Internet. In this case, the numerical controller 10 and the network communication device 20 are provided with a communication section (not shown) for mutual communication through such connection. Note that the numerical controller 10 and the network communication device 20 may be directly connected to each other via a connection interface (not shown).
In the industrial machine control system 1, a firewall (not shown) may be arranged between the numerical controller 10 and the network communication device 20. FIG.
<ネットワーク通信機器20>
 ネットワーク通信機器20は、図示しないネットワーク上に接続されたコンピュータ、タブレット端末、及びスマートフォン等であり、後述する数値制御装置10との間で、接続要求や、パラメータの変更指令、加工プログラム等のネットワーク通信データを送受信する。
 なお、ネットワーク通信機器20は、後述するように、リアル環境の数値制御装置10もしくは図示しない工作機械に内蔵された表示装置(図示しない)であってもよい。 <Network communication device 20>
The network communication device 20 is a computer, a tablet terminal, a smartphone, or the like connected to a network (not shown). Send and receive communication data.
As will be described later, the network communication device 20 may be a real-environment numerical control device 10 or a display device (not shown) built in a machine tool (not shown).
<数値制御装置10>
 数値制御装置10は、当業者にとって公知の数値制御装置であり、例えば、ネットワーク通信機器20から受信したネットワーク通信データに基づいて動作指令を生成し、生成した動作指令を図示しない工作機械に出力する。これにより、数値制御装置10は、図示しない工作機械の動作を制御する。なお、図示しない工作機械がロボット等の場合、数値制御装置10は、ロボット制御装置等でもよい。
 図1に示すように、数値制御装置10は、制御部100を含む。制御部100は、仮想数値制御部110、及びリアル数値制御部120を含む。また、仮想数値制御部110は、ネットワーク通信検証部111、及び制御シミュレーション部としてのCNC制御シミュレーション部112を含む。また、リアル数値制御部120は、ネットワーク通信処理部121、及びリアル動作制御部としてのCNC制御部122を含む。
 なお、仮想数値制御部110と、リアル数値制御部120とは、互いに異なる装置に配置されてもよい。 <Numerical control device 10>
The numerical control device 10 is a numerical control device known to those skilled in the art, for example, generates an operation command based on network communication data received from the network communication device 20, and outputs the generated operation command to a machine tool (not shown). . Thereby, the numerical controller 10 controls the operation of the machine tool (not shown). If the machine tool (not shown) is a robot or the like, the numerical controller 10 may be a robot controller or the like.
As shown in FIG. 1 , the numerical controller 10 includes a control section 100 . The controller 100 includes a virtual numerical controller 110 and a real numerical controller 120 . The virtual numerical control unit 110 also includes a network communication verification unit 111 and a CNC control simulation unit 112 as a control simulation unit. Also, the real numerical control unit 120 includes a network communication processing unit 121 and a CNC control unit 122 as a real operation control unit.
Note that the virtual numerical control unit 110 and the real numerical control unit 120 may be arranged in different devices.
 制御部100は、CPU、ROM、RAM、CMOSメモリ等を有し、これらはバスを介して相互に通信可能に構成される、当業者にとって公知のものである。
 CPUは数値制御装置10を全体的に制御するプロセッサである。CPUは、ROMに格納されたシステムプログラム及びアプリケーションプログラムを、バスを介して読み出し、システムプログラム及びアプリケーションプログラムに従って数値制御装置10全体を制御する。これにより、図1に示すように、制御部100が、仮想数値制御部110、及びリアル数値制御部120の機能を実現するように構成される。また、仮想数値制御部110は、ネットワーク通信検証部111、及びCNC制御シミュレーション部112の機能を実現するように構成される。また、リアル数値制御部120は、ネットワーク通信処理部121、及びCNC制御部122の機能を実現するように構成される。RAMには一時的な計算データや表示データ等の各種データが格納される。また、CMOSメモリは図示しないバッテリでバックアップされ、数値制御装置10の電源がオフされても記憶状態が保持される不揮発性メモリとして構成される。
 なお、制御部100は、セキュリティのアプリケーションプログラムを実行し、ネットワーク通信機器20との間で送受信されるネットワーク通信データのセキュリティソフト監視を行ってもよい。 The control unit 100 has a CPU, a ROM, a RAM, a CMOS memory, etc., which are known to those skilled in the art and are configured to communicate with each other via a bus.
The CPU is a processor that controls the numerical controller 10 as a whole. The CPU reads the system program and application program stored in the ROM through the bus and controls the entire numerical controller 10 according to the system program and application program. Thereby, as shown in FIG. 1, the control section 100 is configured to implement the functions of the virtual numerical control section 110 and the real numerical control section 120 . Also, the virtual numerical control unit 110 is configured to realize the functions of the network communication verification unit 111 and the CNC control simulation unit 112 . Also, the real numerical control unit 120 is configured to implement the functions of the network communication processing unit 121 and the CNC control unit 122 . Various data such as temporary calculation data and display data are stored in the RAM. The CMOS memory is backed up by a battery (not shown), and configured as a non-volatile memory that retains the stored state even when the power of the numerical controller 10 is turned off.
Note that the control unit 100 may execute a security application program and perform security software monitoring of network communication data transmitted and received with the network communication device 20 .
<仮想数値制御部110>
 仮想数値制御部110は、ネットワーク通信機器20から接続要求や加工プログラム等のネットワーク通信データを受信した場合、仮想環境において受信したネットワーク通信データに対するネットワーク通信処理(シミュレーション)を実行し、試験動作を実施する。仮想数値制御部110は、ネットワーク通信データのネットワーク通信処理後の産業機械制御システム1の状態、すなわち仮想環境における数値制御装置10及び工作機械(図示しない)の稼働に問題が無いことを確認した場合、受信したネットワーク通信データを後述するリアル数値制御部120へ転送する。
 これらの機能を実現するために、前述したように、仮想数値制御部110は、ネットワーク通信検証部111、及びCNC制御シミュレーション部112を備える。 <Virtual Numerical Control Unit 110>
When receiving network communication data such as a connection request or a processing program from the network communication device 20, the virtual numerical control unit 110 executes network communication processing (simulation) on the received network communication data in the virtual environment, and performs test operations. do. When the virtual numerical control unit 110 confirms the state of the industrial machine control system 1 after the network communication processing of the network communication data, that is, the operation of the numerical control device 10 and the machine tool (not shown) in the virtual environment, there is no problem. , transfers the received network communication data to the real numerical control unit 120, which will be described later.
In order to implement these functions, the virtual numerical control unit 110 includes the network communication verification unit 111 and the CNC control simulation unit 112 as described above.
 ネットワーク通信検証部111は、例えば、ネットワーク通信機器20から接続要求や、パラメータの変更指令、加工プログラム等のネットワーク通信データを受信し、受信したネットワーク通信データを後述するCNC制御シミュレーション部112に出力する。なお、ネットワーク通信検証部111は、ネットワーク通信機器20からのネットワーク通信データが接続要求の場合、認証処理を実行してもよい。また、ネットワーク通信検証部111は、ネットワーク通信機器20からのネットワーク通信データが暗号化されたデータの場合、ネットワーク通信データを復号化してCNC制御シミュレーション部112に出力してもよい。
 ネットワーク通信検証部111は、CNC制御シミュレーション部112のシミュレーション結果に基づいて受信したネットワーク通信データの安全性を確認し、受信したネットワーク通信データが安全と判定した場合にのみネットワーク通信データをリアル数値制御部120へ転送する。受信したネットワーク通信データが安全でないと判定された場合、当該ネットワーク通信データを判定情報とともに、例えば所定の不受理データ記憶部(図示しない)に記憶するようにしてもよい。そうすることで、管理者は、安全でないデータによる攻撃状況を把握し、その対策を検討することができる。なお、ネットワーク通信検証部111は、例えば、専用回線又はVPN(仮想専用線)をアクセスされた場合、又はユーザの適切な認証を前提として、検証結果をネットワーク通信機器20に返信してもよい。
 ネットワーク通信検証部111が検証する安全性には、(a)システム動作状態、(b)再起動後の状態、(c)アラーム状態、(d)プログラム実行可能状態があり、これらについて説明する。ただし、ネットワーク通信検証部111は、(a)システム動作状態、(b)再起動後の状態、(c)アラーム状態、(d)プログラム実行可能状態の安全性の検証に限定されず、これら以外の状態の安全性を検証してもよく、(a)システム動作状態、(b)再起動後の状態、(c)アラーム状態、(d)プログラム実行可能状態のうち少なくとも1つの安全性を検証してもよい。 The network communication verification unit 111 receives, for example, network communication data such as a connection request, parameter change command, and machining program from the network communication device 20, and outputs the received network communication data to the CNC control simulation unit 112, which will be described later. . Note that the network communication verification unit 111 may perform authentication processing when the network communication data from the network communication device 20 is a connection request. Further, when the network communication data from the network communication device 20 is encrypted data, the network communication verification section 111 may decrypt the network communication data and output it to the CNC control simulation section 112 .
The network communication verification unit 111 confirms the safety of the received network communication data based on the simulation result of the CNC control simulation unit 112, and performs real numerical control of the network communication data only when the received network communication data is determined to be safe. transfer to unit 120; If the received network communication data is determined to be unsafe, the network communication data may be stored together with the determination information in, for example, a predetermined non-acceptance data storage unit (not shown). By doing so, the administrator can grasp the attack status by unsafe data and consider countermeasures. Note that the network communication verification unit 111 may return the verification result to the network communication device 20, for example, when a leased line or VPN (virtual private line) is accessed, or on the premise of appropriate user authentication.
The security verified by the network communication verification unit 111 includes (a) system operation state, (b) state after restart, (c) alarm state, and (d) program executable state, and these will be described. However, the network communication verification unit 111 is not limited to verifying the safety of (a) system operation state, (b) state after restart, (c) alarm state, and (d) program executable state. and verifying the safety of at least one of (a) a system operational state, (b) a state after a restart, (c) an alarm state, and (d) a program executable state. You may
(a)システム動作状態について
 ネットワーク通信検証部111は、例えば、CNC制御シミュレーション部112のシミュレーション結果に基づいて仮想環境においてネットワーク通信データの処理後に仮想環境で数値制御装置10及び工作機械(図示しない)を含む産業機械制御システム1が停止していないことを確認する。
 そうすることで、数値制御装置10は、たとえなりすましでネットワーク通信データを受信したとしても、ネットワーク通信データに含まれるパラメータの変更指令や加工プログラムにより、産業機械制御システム1が停止しないことを確認することができる。 (a) System operation state The network communication verification unit 111 processes the network communication data in the virtual environment based on the simulation results of the CNC control simulation unit 112, for example, and then processes the numerical control device 10 and the machine tool (not shown) in the virtual environment. Confirm that the industrial machine control system 1 including
By doing so, even if the numerical control device 10 receives the network communication data by spoofing, it confirms that the industrial machine control system 1 does not stop due to the parameter change command and the machining program included in the network communication data. be able to.
(b)再起動後の状態について
 ネットワーク通信検証部111は、ネットワーク通信データにパラメータの変更指令等含まれる場合、CNC制御シミュレーション部112のシミュレーション結果に基づいてネットワーク通信データの処理後に、産業機械制御システム1の再起動を行うことで、産業機械制御システム1の初期化が正常に行われ、数値制御装置10及び/又は工作機械(図示しない)にパラメータの変更等が正常に設定・反映されていることを確認する。 (b) State after rebooting If the network communication data includes a parameter change command, etc., the network communication verification unit 111 performs industrial machine control after processing the network communication data based on the simulation results of the CNC control simulation unit 112. By restarting the system 1, the initialization of the industrial machine control system 1 is normally performed, and the parameter change etc. are normally set and reflected in the numerical controller 10 and/or the machine tool (not shown). make sure there is
(c)アラーム状態について
 ネットワーク通信検証部111は、CNC制御シミュレーション部112のシミュレーション結果に基づいてネットワーク通信データの処理後に産業機械制御システム1にアラームが発生していないことを確認する。 (c) Alarm State Based on the simulation results of the CNC control simulation section 112, the network communication verification section 111 confirms that no alarm has occurred in the industrial machine control system 1 after processing the network communication data.
(d)プログラム実行可能状態について
 ネットワーク通信検証部111は、例えば、ネットワーク通信データに加工プログラムにおける軸等の移動量等を追加又は変更するコマンド等が含まれる場合、CNC制御シミュレーション部112のシミュレーション結果に基づいて当該ネットワーク通信データの処理をさせた場合に当該加工プログラムによってワーク等との干渉が発生することなく加工プログラム実行(サイクルスタート)が可能なことを確認する。 (d) Program executable state If, for example, the network communication data includes a command for adding or changing the amount of movement of an axis or the like in the machining program, the network communication verification unit 111 determines the simulation result of the CNC control simulation unit 112 Confirm that the machining program can be executed (cycle start) without interference with the workpiece or the like when the network communication data is processed based on the above.
 CNC制御シミュレーション部112は、例えば、ネットワーク通信検証部111から受信したネットワーク通信データのネットワーク通信処理(シミュレーション)を仮想環境で実行する。CNC制御シミュレーション部112は、シミュレーション結果をネットワーク通信検証部111に出力する。なお、CNC制御シミュレーション部112が実行するネットワーク通信処理(シミュレーション)は、公知の手法を用いることができ、詳細な説明は省略する。
 なお、CNC制御シミュレーション部112は、例えば、仮想環境での時刻を速めることにより、ネットワーク通信データに対する数年分のネットワーク通信処理(シミュレーション)を短時間で実行するようにしてもよい。
 そうすることで、数値制御装置10は、所定の日時で動作するマルウェア・ウィルス等を含むネットワーク通信データを受信したとしても、仮想環境で当該マルウェア・ウィルスの有無を調べることができ、産業機械制御システム1に対する攻撃を回避することができる。 The CNC control simulation unit 112 executes, for example, network communication processing (simulation) of network communication data received from the network communication verification unit 111 in a virtual environment. CNC control simulation section 112 outputs the simulation result to network communication verification section 111 . The network communication processing (simulation) executed by the CNC control simulation unit 112 can use a known method, and detailed description thereof will be omitted.
The CNC control simulation unit 112 may execute network communication processing (simulation) for several years on network communication data in a short period of time, for example, by speeding up the time in the virtual environment.
By doing so, even if the numerical control device 10 receives network communication data containing malware, virus, or the like that operates at a predetermined date and time, it is possible to check the presence or absence of the malware or virus in the virtual environment, thereby enabling industrial machine control. Attacks on system 1 can be avoided.
<リアル数値制御部120>
 リアル数値制御部120は、ネットワーク通信検証部111からネットワーク通信データを受信したネットワーク通信データに基づいて、図示しない工作機械に対して動作制御する。リアル数値制御部120は、仮想数値制御部110を介して制御結果をネットワーク通信機器20に返信する。
 これらの機能を実現するために、前述したように、リアル数値制御部120は、ネットワーク通信処理部121、及びCNC制御部122を備える。 <Real Numerical Control Unit 120>
The real numerical control unit 120 controls the operation of a machine tool (not shown) based on the network communication data received from the network communication verification unit 111 . The real numerical control unit 120 returns control results to the network communication device 20 via the virtual numerical control unit 110 .
In order to implement these functions, the real numerical control unit 120 includes the network communication processing unit 121 and the CNC control unit 122 as described above.
 ネットワーク通信処理部121は、ネットワーク通信検証部111により安全と判定されたネットワーク通信データのみを受信し、受信したネットワーク通信データに対してネットワーク通信処理を行う。ネットワーク通信処理部121は、処理したネットワーク通信データを後述するCNC制御部122に出力する。 The network communication processing unit 121 receives only network communication data determined to be safe by the network communication verification unit 111, and performs network communication processing on the received network communication data. The network communication processing unit 121 outputs the processed network communication data to the CNC control unit 122 which will be described later.
 CNC制御部122は、ネットワーク通信処理部121から受信したネットワーク通信データを用いて図示しない工作機械をリアル環境で動作制御する。
 具体的には、CNC制御部122は、例えば、受信したネットワーク通信データがリアル数値制御部120及び/又は工作機械(図示しない)に対するパラメータの変更指令の場合、リアル数値制御部120及び/又は工作機械(図示しない)に当該パラメータを設定・反映させるために、リアル数値制御部120及び/又は工作機械(図示しない)を再起動する。
 また、CNC制御部122は、例えば、受信したネットワーク通信データが加工プログラムの場合、当該加工プログラムに基づいて制御指令を生成し、生成した制御指令を工作機械(図示しない)に出力する。CNC制御部122は、ネットワーク通信処理部121を介して工作機械(図示しない)の制御結果をネットワーク通信機器20に返信する。 The CNC control unit 122 uses the network communication data received from the network communication processing unit 121 to control the operation of a machine tool (not shown) in a real environment.
Specifically, for example, when the received network communication data is a parameter change command for the real numerical control unit 120 and/or a machine tool (not shown), the CNC control unit 122 controls the real numerical control unit 120 and/or the machine tool (not shown). In order to set and reflect the parameters in the machine (not shown), the real numerical control unit 120 and/or the machine tool (not shown) are restarted.
Also, for example, when the received network communication data is a machining program, the CNC control unit 122 generates a control command based on the machining program, and outputs the generated control command to a machine tool (not shown). The CNC control unit 122 returns the control result of the machine tool (not shown) to the network communication device 20 via the network communication processing unit 121 .
<数値制御装置10の制御処理>
 次に、図2を参照しながら、数値制御装置10の制御処理の流れを説明する。
 図2は、数値制御装置10の制御処理について説明するフローチャートである。ここで示すフローは、ネットワーク通信機器20からネットワーク通信データを受信する度に繰り返し実行される。 <Control processing of numerical controller 10>
Next, the flow of control processing of the numerical controller 10 will be described with reference to FIG.
FIG. 2 is a flowchart for explaining control processing of the numerical controller 10. As shown in FIG. The flow shown here is repeatedly executed each time network communication data is received from the network communication device 20 .
 ステップS1において、ネットワーク通信検証部111は、ネットワーク通信機器20からネットワーク通信データを受信する。 In step S<b>1 , the network communication verification unit 111 receives network communication data from the network communication device 20 .
 ステップS2において、CNC制御シミュレーション部112は、ステップS1で受信されたネットワーク通信データのネットワーク通信処理(シミュレーション)を実行する。 In step S2, the CNC control simulation unit 112 executes network communication processing (simulation) of the network communication data received in step S1.
 ステップS3において、ネットワーク通信検証部111は、ステップS2のシミュレーション結果に基づいて安全性検証処理を行う。なお、安全性検証処理の詳細なフローについては、後述する。 In step S3, the network communication verification unit 111 performs safety verification processing based on the simulation results of step S2. A detailed flow of the safety verification process will be described later.
 ステップS4において、ネットワーク通信検証部111は、ステップS3の安全性検証処理の結果に基づいて、検証に問題が無いか否かを判定する。検証に問題が無い場合、処理はステップS5に進む。一方、検証に問題がある場合、処理はステップS7に進む。 In step S4, the network communication verification unit 111 determines whether or not there is any problem with the verification based on the result of the safety verification process in step S3. If there is no problem with verification, the process proceeds to step S5. On the other hand, if there is a problem with verification, the process proceeds to step S7.
 ステップS5において、ネットワーク通信検証部111は、ステップS1で受信したネットワーク通信データをリアル数値制御部120へ転送する。 In step S5, the network communication verification unit 111 transfers the network communication data received in step S1 to the real numerical control unit 120.
 ステップS6において、ネットワーク通信検証部111は、ステップS5で転送したネットワーク通信に対するリアル数値制御部120からの応答をネットワーク通信機器20に返信する。 In step S6, the network communication verification unit 111 returns to the network communication device 20 a response from the real numerical control unit 120 to the network communication transferred in step S5.
 ステップS7において、ネットワーク通信検証部111は、ステップS1で受信したネットワーク通信データを判定情報とともに、例えば所定の不受理データ記憶部(図示しない)に記憶する。また、安全でないデータを受信した旨のアラームを管理者に通知するようにしてもよい。 In step S7, the network communication verification unit 111 stores the network communication data received in step S1 together with the determination information in, for example, a predetermined non-acceptance data storage unit (not shown). Alternatively, an alarm may be sent to the administrator to the effect that unsafe data has been received.
 図3は、図2のステップS3で示した安全性検証処理の詳細な処理内容を説明するフローチャートである。 FIG. 3 is a flowchart for explaining the detailed processing contents of the safety verification process shown in step S3 of FIG.
 ステップS31において、ネットワーク通信検証部111は、CNC制御シミュレーション部112のシミュレーション結果に基づいて仮想環境においてネットワーク通信データの処理後に仮想環境で産業機械制御システム1が停止していないことを確認する。 In step S31, the network communication verification unit 111 confirms that the industrial machine control system 1 has not stopped in the virtual environment after processing the network communication data in the virtual environment based on the simulation result of the CNC control simulation unit 112.
 ステップS32において、ネットワーク通信検証部111は、ネットワーク通信データにパラメータの変更指令等が含まれる場合、CNC制御シミュレーション部112のシミュレーション結果に基づいてネットワーク通信データの処理後に、産業機械制御システム1の再起動を行うことで、産業機械制御システム1の初期化が正常に行われ、数値制御装置10及び/又は工作機械(図示しない)にパラメータの変更等が正常に設定・反映されていることを確認する。 In step S<b>32 , if the network communication data includes a parameter change command or the like, the network communication verification unit 111 restarts the industrial machine control system 1 after processing the network communication data based on the simulation result of the CNC control simulation unit 112 . By starting up, it is confirmed that the initialization of the industrial machine control system 1 is performed normally, and that parameter changes, etc. are set and reflected normally in the numerical controller 10 and/or the machine tool (not shown). do.
 ステップS33において、ネットワーク通信検証部111は、CNC制御シミュレーション部112のシミュレーション結果に基づいてネットワーク通信データの処理後に産業機械制御システム1にアラームが発生していないことを確認する。 In step S33, the network communication verification unit 111 confirms that no alarm has occurred in the industrial machine control system 1 after processing the network communication data based on the simulation result of the CNC control simulation unit 112.
 ステップS34において、ネットワーク通信検証部111は、CNC制御シミュレーション部112のシミュレーション結果に基づいてネットワーク通信データの処理後にネットワーク通信データにより追加又は変更された加工プログラムによってワーク等と干渉が発生することなく加工プログラム実行(サイクルスタート)が可能なことを確認する。 In step S34, the network communication verification unit 111 processes the network communication data based on the simulation result of the CNC control simulation unit 112. After the network communication data is processed, the network communication verification unit 111 performs machining without interference with the workpiece or the like by the machining program added or changed by the network communication data. Check that program execution (cycle start) is possible.
 ステップS35において、ネットワーク通信検証部111は、ステップS31からステップS34の全ての検証結果に問題が無いか否かを判定する。全ての検証結果に問題が無い場合、処理はステップS36に進む。一方、少なくとも1つの検証結果に問題が有る場合、処理はステップS37に進む。 In step S35, the network communication verification unit 111 determines whether or not there is any problem in all verification results from steps S31 to S34. If there is no problem in all verification results, the process proceeds to step S36. On the other hand, if at least one verification result has a problem, the process proceeds to step S37.
 ステップS36において、ネットワーク通信検証部111は、検証結果を「検証に問題無し」とし、図2のステップS4に戻る。 In step S36, the network communication verification unit 111 sets the verification result to "no problem in verification", and returns to step S4 in FIG.
 ステップS37において、ネットワーク通信検証部111は、「検証に問題有り」とし、図2のステップS4に戻る。
 なお、ステップS31からステップS34の処理は、任意の順序で実行されてもよく、一部のステップを省略されてもよく、並列に実行されてもよい。 In step S37, the network communication verification unit 111 determines that "verification has a problem" and returns to step S4 in FIG.
Note that the processes from step S31 to step S34 may be executed in any order, some steps may be omitted, or they may be executed in parallel.
 以上により、一実施形態に係る数値制御装置10は、なりすまし等によりセキュリティ対策が突破されたとしても、受信したネットワーク通信データに対するシミュレーションを仮想環境で実行することでその安全性の検証が可能となり、図示しない工作機械を安全に制御することができる。
 また、数値制御装置10は、ウィルス対策ソフトで検出できない新種・未知のマルウェア・ウィルスであっても、仮想環境で数年分等に亘る期間を短時間でネットワーク通信データをネットワーク通信処理(シミュレーション)することで当該マルウェア・ウィルスの時限発火を検出でき、その安全性の検証が可能となる。
 また、数値制御装置10は、ウィルス対策ソフトで検査できない暗号化ネットワーク通信データであっても仮想環境上で復号してネットワーク通信データをネットワーク通信処理(シミュレーション)することで、その安全性の検証が可能となる。
 そうすることで、工作機械に搭載される等の数値制御装置10に対する外部からの攻撃に対するリスクを低減することができ、工作機械利用企業の製造活動を継続することできる。 As described above, even if the security countermeasures are breached by impersonation or the like, the numerical control device 10 according to one embodiment can verify the safety by executing a simulation of the received network communication data in a virtual environment. A machine tool (not shown) can be safely controlled.
In addition, the numerical control device 10 can perform network communication processing (simulation) of network communication data in a short period of time, such as several years, in a virtual environment, even if it is a new or unknown type of malware or virus that cannot be detected by anti-virus software. By doing so, the timed firing of the malware/virus can be detected, and the safety can be verified.
In addition, the numerical controller 10 decrypts even encrypted network communication data that cannot be inspected by anti-virus software, and performs network communication processing (simulation) on the network communication data in a virtual environment, thereby verifying its safety. It becomes possible.
By doing so, it is possible to reduce the risk of an external attack on the numerical control device 10 mounted on the machine tool, etc., and to continue the manufacturing activities of the machine tool-using enterprise.
 以上、一実施形態について説明したが、数値制御装置10は、上述の実施形態に限定されるものではなく、目的を達成できる範囲での変形、改良等を含む。 Although one embodiment has been described above, the numerical control device 10 is not limited to the above-described embodiment, and includes modifications, improvements, etc. within a range that can achieve the purpose.
<変形例1>
 一実施形態では、数値制御装置10は、仮想数値制御部110と、リアル数値制御部120と、を有したがこれに限定されない。例えば、産業機械制御システム1は、図4に示すように、数値制御装置10として、仮想数値制御部110の機能を有する仮想数値制御装置10A(デジタルツイン側)と、リアル数値制御部120の機能を有するリアル数値制御装置10B(リアル側)と、の異なる装置で構成されてもよい。なお、図4では、仮想数値制御部110に含まれるネットワーク通信検証部111及びCNC制御シミュレーション部112と、リアル数値制御部120に含まれるネットワーク通信処理部121及びCNC制御部122と、の図示を省略している。
 そうすることで、産業機械制御システム1は、ネットワーク通信機器20からの制御要求に対して企業活動を停止させるような攻撃を仮想環境上で実行する仮想数値制御装置10A(デジタルツイン側)で検出し、有効な要求のみリアル数値制御装置10B(リアル側)へ転送することでネットワーク通信機器20への監視・制御機能を提供しつつ製造拠点を守ることができる。
 なお、仮想数値制御装置10Aは、コンピュータ等で、リアル数値制御装置10Bは、図示しない工作機械に搭載される数値制御装置であってもよい。
 また、仮想数値制御装置10Aとリアル数値制御装置10Bとの間に、図示しないファイアウォールが配置されてもよい。これにより、産業機械制御システム1のセキュリティをより牽牛なものにすることができる。 <Modification 1>
In one embodiment, the numerical controller 10 has a virtual numerical controller 110 and a real numerical controller 120, but is not limited to this. For example, as shown in FIG. 4, the industrial machine control system 1 includes, as the numerical controller 10, a virtual numerical controller 10A (on the digital twin side) having the functions of the virtual numerical controller 110 and the functions of the real numerical controller 120. and the real numerical control device 10B (real side) having . 4, the network communication verification unit 111 and the CNC control simulation unit 112 included in the virtual numerical control unit 110, and the network communication processing unit 121 and the CNC control unit 122 included in the real numerical control unit 120 are shown. omitted.
By doing so, the industrial machine control system 1 detects an attack that suspends corporate activities in response to a control request from the network communication device 20 by the virtual numerical control device 10A (digital twin side) that executes on the virtual environment. By transferring only valid requests to the real numerical controller 10B (real side), it is possible to protect the manufacturing base while providing the network communication device 20 with monitoring and control functions.
The virtual numerical controller 10A may be a computer or the like, and the real numerical controller 10B may be a numerical controller mounted on a machine tool (not shown).
A firewall (not shown) may be arranged between the virtual numerical controller 10A and the real numerical controller 10B. Thereby, the security of the industrial machine control system 1 can be further enhanced.
 また、図4のリアル数値制御装置10Bは、工作機械に配置されてもよい。
 図5は、リアル数値制御装置10Bが工作機械30に配置される場合の産業機械制御システム1の構成例を示す図である。
 図5に示す産業機械制御システム1の場合、リアル数値制御装置10Bは、例えば、ネットワーク通信機器20として工作機械30に含まれる入力部としての工作機械表示機器(HMI)31のユーザによる入力操作に対し、誤操作等がないか検証するために、入力データをネットワーク通信データとして仮想数値制御部110(デジタルツイン側)に送信して仮想環境上でシミュレーションを実行し、シミュレーション結果から検証に問題が無い場合に実際の処理を行うようにしてもよい。また、工作機械表示機器31は、仮想数値制御装置10Aから受信した検証結果を表示してもよい。 Also, the real numerical control device 10B of FIG. 4 may be arranged in a machine tool.
FIG. 5 is a diagram showing a configuration example of the industrial machine control system 1 when the real numerical controller 10B is arranged in the machine tool 30. As shown in FIG.
In the case of the industrial machine control system 1 shown in FIG. 5, the real numerical control device 10B, for example, responds to the user's input operation of a machine tool display device (HMI) 31 as an input unit included in the machine tool 30 as the network communication device 20. On the other hand, in order to verify whether there are any erroneous operations, etc., the input data is sent to the virtual numerical control unit 110 (on the digital twin side) as network communication data, and a simulation is performed in the virtual environment. Actual processing may be performed in some cases. Moreover, the machine tool display device 31 may display the verification result received from the virtual numerical controller 10A.
<変形例2>
 また例えば、上述の実施形態では、数値制御装置10は、1つの図示しない工作機械を動作制御したが、これに限定されない。
 図6は、産業機械制御システム1Bの構成例を示す図である。
 図6に示すように、例えば、クラウドシステム40は、クラウド上で同一企業又は異なる企業のn個の製造拠点・装置の仮想環境(コンテナ(登録商標))をロード・実行して、n個の製造拠点・装置毎に仮想実行環境としての仮想数値制御環境110a-1~110a-nを有してもよい(nは2以上の整数)。なお、仮想数値制御環境110a-1~110a-nそれぞれは、図1の仮想数値制御部110と同様に、ネットワーク通信検証部111、及びCNC制御シミュレーション部112を備える。
 これにより、クラウドシステム40は、ネットワーク通信データを受信した産業機械に応じて仮想環境上で動作する仮想装置に切り替えて検証するようにしてもよい。クラウドシステム40は、検証されたネットワーク通信データのみを対応する製造拠点・装置に配置されたリアル数値制御装置10Bに配信するようにしてもよい。なお、リアル数値制御装置10Bは、図4のリアル数値制御装置10Bと同様の機能を有する。
 そうすることで、各製造拠点・装置に配置されたリアル数値制御装置10Bでの仮想実行環境の準備が不要となる。 <Modification 2>
Further, for example, in the above-described embodiment, the numerical controller 10 controls the operation of one machine tool (not shown), but the present invention is not limited to this.
FIG. 6 is a diagram showing a configuration example of the industrial machine control system 1B.
As shown in FIG. 6, for example, the cloud system 40 loads and executes virtual environments (containers (registered trademark)) of n manufacturing bases/devices of the same company or different companies on the cloud, and n Virtual numerical control environments 110a-1 to 110a-n (n is an integer equal to or greater than 2) may be provided as virtual execution environments for each manufacturing site/device. Each of the virtual numerical control environments 110a-1 to 110a-n includes a network communication verification section 111 and a CNC control simulation section 112, like the virtual numerical control section 110 in FIG.
Accordingly, the cloud system 40 may perform verification by switching to a virtual device that operates on the virtual environment according to the industrial machine that received the network communication data. The cloud system 40 may distribute only the verified network communication data to the real numerical control device 10B arranged at the corresponding manufacturing base/device. Note that the real numerical control device 10B has the same functions as the real numerical control device 10B of FIG.
By doing so, preparation of a virtual execution environment in the real numerical controller 10B arranged at each manufacturing site/device becomes unnecessary.
 なお、一実施形態における数値制御装置10に含まれる各機能は、ハードウェア、ソフトウェア又はこれらの組み合わせによりそれぞれ実現することができる。ここで、ソフトウェアによって実現されるとは、コンピュータがプログラムを読み込んで実行することにより実現されることを意味する。 Each function included in the numerical control device 10 in one embodiment can be realized by hardware, software, or a combination thereof. Here, "implemented by software" means implemented by a computer reading and executing a program.
 数値制御装置10に含まれる各構成部は、電子回路等を含むハードウェア、ソフトウェア又はこれらの組み合わせにより実現することができる。ソフトウェアによって実現される場合には、このソフトウェアを構成するプログラムが、コンピュータにインストールされる。また、これらのプログラムは、リムーバブルメディアに記録されてユーザに配布されてもよいし、ネットワークを介してユーザのコンピュータにダウンロードされることにより配布されてもよい。また、ハードウェアで構成する場合、上記の装置に含まれる各構成部の機能の一部又は全部を、例えば、ASIC(Application Specific Integrated Circuit)、ゲートアレイ、FPGA(Field Programmable Gate Array)、CPLD(Complex Programmable Logic Device)等の集積回路(IC)で構成することができる。 Each component included in the numerical controller 10 can be realized by hardware including electronic circuits, software, or a combination thereof. When realized by software, the programs that make up this software are installed on the computer. These programs may be recorded on removable media and distributed to users, or may be distributed by being downloaded to users' computers via a network. In addition, when configured by hardware, some or all of the functions of each component included in the above device are, for example, ASIC (Application Specific Integrated Circuit), gate array, FPGA (Field Programmable Gate Array), CPLD ( It can be composed of an integrated circuit (IC) such as a Complex Programmable Logic Device.
 プログラムは、様々なタイプの非一時的なコンピュータ可読媒体(Non-transitory computer readable medium)を用いて格納され、コンピュータに供給することができる。非一時的なコンピュータ可読媒体は、様々なタイプの実体のある記録媒体(Tangible storage medium)を含む。非一時的なコンピュータ可読媒体の例は、磁気記録媒体(例えば、フレキシブルディスク、磁気テープ、ハードディスクドライブ)、光磁気記録媒体(例えば、光磁気ディスク)、CD-ROM(Read Only Memory)、CD-R、CD-R/W、半導体メモリ(例えば、マスクROM、PROM(Programmable ROM)、EPROM(Erasable PROM)、フラッシュROM、RAM)を含む。また、プログラムは、様々なタイプの一時的なコンピュータ可読媒体(Transitory computer readable medium)によってコンピュータに供給されてもよい。一時的なコンピュータ可読媒体の例は、電気信号、光信号、及び電磁波を含む。一時的なコンピュータ可読媒体は、電線及び光ファイバ等の有線通信路、又は、無線通信路を介して、プログラムをコンピュータに供給できる。 Programs can be stored and supplied to computers using various types of non-transitory computer readable media. Non-transitory computer-readable media include various types of tangible storage media. Examples of non-transitory computer-readable media include magnetic recording media (e.g., flexible discs, magnetic tapes, hard disk drives), magneto-optical recording media (e.g., magneto-optical discs), CD-ROMs (Read Only Memory), CD- R, CD-R/W, semiconductor memory (eg, mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM). The program may also be supplied to the computer on various types of transitory computer readable medium. Examples of transitory computer-readable media include electrical signals, optical signals, and electromagnetic waves. Transitory computer-readable media can deliver the program to the computer via wired communication channels, such as wires and optical fibers, or wireless communication channels.
 なお、記録媒体に記録されるプログラムを記述するステップは、その順序に沿って時系列的に行われる処理はもちろん、必ずしも時系列的に処理されなくとも、並列的あるいは個別に実行される処理をも含むものである。 It should be noted that the steps of writing a program recorded on a recording medium include not only processes that are executed chronologically in order, but also processes that are executed in parallel or individually, even if they are not necessarily processed chronologically. is also included.
 以上を換言すると、本開示の制御装置、制御方法、及びクラウドシステムは、次のような構成を有する各種各様の実施形態を取ることができる。 In other words, the control device, control method, and cloud system of the present disclosure can take various embodiments having the following configurations.
 (1)本開示の数値制御装置10は、産業機械を仮想環境とリアル環境との両方で制御するデジタルツイン機能を有する制御装置であって、ネットワーク通信機器20より産業機械に対するネットワーク通信データを受信し、ネットワーク通信データの安全性を検証するネットワーク通信検証部111と、受信されたネットワーク通信データの処理を仮想環境で実行するCNC制御シミュレーション部112と、ネットワーク通信データを用いて産業機械をリアル環境で動作制御するCNC制御部122と、を備え、ネットワーク通信検証部111は、受信したネットワーク通信データをCNC制御シミュレーション部112に送信し、CNC制御シミュレーション部112によるネットワーク通信データの処理に基づいてネットワーク通信データの安全性を検証し、安全と検証したネットワーク通信データをCNC制御部122に出力する。
 この数値制御装置10によれば、セキュリティ対策が突破されたとしても、産業機械を安全に制御することができる。 (1) The numerical control device 10 of the present disclosure is a control device having a digital twin function that controls an industrial machine in both a virtual environment and a real environment, and receives network communication data for the industrial machine from the network communication device 20. A network communication verification unit 111 verifies the safety of network communication data, a CNC control simulation unit 112 executes processing of the received network communication data in a virtual environment, and the industrial machine is simulated in a real environment using the network communication data. The network communication verification unit 111 transmits the received network communication data to the CNC control simulation unit 112, and the network communication data is processed by the CNC control simulation unit 112 based on the network communication data. It verifies the safety of the communication data and outputs the network communication data verified as safe to the CNC control unit 122 .
According to this numerical controller 10, even if security measures are breached, industrial machines can be safely controlled.
 (2) (1)に記載の数値制御装置10において、ネットワーク通信データの安全性の検証には、少なくとも仮想環境においてネットワーク通信データの処理後に数値制御装置10及び産業機械を含む産業機械制御システム1が停止しないことを示すシステム動作状態、ネットワーク通信データの処理後に産業機械制御システム1の再起動を行い産業機械制御システム1の初期化が完了していることを示す再起動後の状態、ネットワーク通信データの処理後に産業機械制御システム1にアラームが発生していないことを示すアラーム状態、又はネットワーク通信データの処理後に産業機械制御システム1が加工プログラムを実行可能であることを示すプログラム実行可能状態のいずれかを含んでもよい。
 そうすることで、数値制御装置10は、受信したネットワーク通信データが産業機械制御システム1を停止させるような攻撃を含むものか否かをより確実に検証することができる。 (2) In the numerical controller 10 described in (1), the verification of the safety of the network communication data includes processing the network communication data in at least a virtual environment, and then performing the industrial machine control system 1 including the numerical controller 10 and the industrial machine. The system operation state indicating that the is not stopped, the state after restart indicating that the industrial machine control system 1 has been restarted after processing the network communication data and the initialization of the industrial machine control system 1 has been completed, and the network communication An alarm state indicating that no alarm has occurred in the industrial machine control system 1 after processing the data, or a program executable state indicating that the industrial machine control system 1 can execute the machining program after processing the network communication data. may include either
By doing so, the numerical control device 10 can more reliably verify whether or not the received network communication data contains an attack that stops the industrial machine control system 1 .
 (3) (1)又は(2)に記載の数値制御装置10において、ネットワーク通信検証部111は、さらに産業機械に含まれる入力部からユーザにより入力された入力データをネットワーク通信データとして安全性を検証し、CNC制御部122は、ネットワーク通信検証部111により安全と検証された入力データに基づいて産業機械をリアル環境で動作制御してもよい。
 そうすることで、数値制御装置10は、ユーザによる誤操作等を防ぐことができる。 (3) In the numerical control device 10 described in (1) or (2), the network communication verification unit 111 further uses the input data input by the user from the input unit included in the industrial machine as network communication data for security. After verification, the CNC control unit 122 may control the operation of the industrial machine in a real environment based on the input data verified as safe by the network communication verification unit 111 .
By doing so, the numerical controller 10 can prevent erroneous operations by the user.
 (4)本開示の制御方法は、コンピュータに、産業機械を仮想環境とリアル環境との両方で制御するデジタルツイン機能を実現させる制御方法であって、外部より前記産業機械に対するネットワーク通信データを受信し、受信したネットワーク通信データの処理を仮想環境で実行し、ネットワーク通信データの処理に基づいてネットワーク通信データの安全性を検証し、安全と検証されたネットワーク通信データを用いて産業機械をリアル環境で動作制御する。
 この制御方法によれば、(1)と同様の効果を奏することができる。 (4) A control method of the present disclosure is a control method that enables a computer to realize a digital twin function that controls an industrial machine in both a virtual environment and a real environment, and receives network communication data for the industrial machine from the outside. Then, process the received network communication data in a virtual environment, verify the safety of the network communication data based on the processing of the network communication data, and use the network communication data that has been verified as safe to operate the industrial machine in the real environment. to control the operation.
According to this control method, the same effect as (1) can be obtained.
 (5)本開示のクラウドシステム40は、クラウド上で産業機械を制御する仮想環境を複数の製造拠点毎にロード・実行する複数の仮想数値制御環境110a-1~110a-nを備え、複数の仮想数値制御環境110a-1~110a-nそれぞれは、外部より産業機械に対するネットワーク通信データを受信し、ネットワーク通信データの安全性を検証するネットワーク通信検証部111と、受信されたネットワーク通信データの処理を仮想環境で実行する制御シミュレーション部112と、を備え、ネットワーク通信検証部111は、受信したネットワーク通信データを制御シミュレーション部112に送信し、制御シミュレーション部112によるネットワーク通信データの処理に基づいてネットワーク通信データの安全性を検証し、安全と検証したネットワーク通信データを対応する製造拠点に配置されたリアル数値制御装置10Bに出力する。
 このクラウドシステム40によれば、(1)と同様の効果を奏することができる。 (5) The cloud system 40 of the present disclosure includes a plurality of virtual numerical control environments 110a-1 to 110a-n that load and execute a virtual environment for controlling industrial machines on the cloud for each of a plurality of manufacturing bases. Each of the virtual numerical control environments 110a-1 to 110a-n receives network communication data for industrial machines from the outside, and has a network communication verification unit 111 that verifies the safety of the network communication data and processes the received network communication data. and a control simulation unit 112 that executes in a virtual environment, the network communication verification unit 111 transmits the received network communication data to the control simulation unit 112, and based on the processing of the network communication data by the control simulation unit 112, the network communication verification unit 111 The safety of the communication data is verified, and the network communication data verified as safe is output to the real numerical controller 10B arranged at the corresponding manufacturing base.
According to this cloud system 40, the same effect as (1) can be obtained.
 1 産業機械制御システム
 10 数値制御装置
 100 制御部
 110 仮想数値制御部
 111 ネットワーク通信検証部
 112 CNC制御シミュレーション部
 120 リアル数値制御部
 121 ネットワーク通信処理部
 122 CNC制御部
 20 ネットワーク通信機器
 30 工作機械
 31 工作機械表示機器
 40 クラウドシステム 1 industrial machine control system 10 numerical control device 100 control unit 110 virtual numerical control unit 111 network communication verification unit 112 CNC control simulation unit 120 real numerical control unit 121 network communication processing unit 122 CNC control unit 20 network communication equipment 30 machine tool 31 machine tool Machine display device 40 Cloud system

Claims (5)

  1.  産業機械を仮想環境とリアル環境との両方で制御するデジタルツイン機能を有する制御装置であって、
     外部より前記産業機械に対するネットワーク通信データを受信し、前記ネットワーク通信データの安全性を検証するネットワーク通信検証部と、
     受信された前記ネットワーク通信データの処理を前記仮想環境で実行する制御シミュレーション部と、
     前記ネットワーク通信データを用いて前記産業機械を前記リアル環境で動作制御するリアル動作制御部と、を備え、
     前記ネットワーク通信検証部は、受信した前記ネットワーク通信データを前記制御シミュレーション部に送信し、前記制御シミュレーション部による前記ネットワーク通信データの処理に基づいて前記ネットワーク通信データの安全性を検証し、安全と検証したネットワーク通信データを前記リアル動作制御部に出力する
     制御装置。     A control device having a digital twin function that controls an industrial machine in both a virtual environment and a real environment,
    a network communication verification unit that receives network communication data for the industrial machine from the outside and verifies the safety of the network communication data;
    a control simulation unit that executes processing of the received network communication data in the virtual environment;
    a real operation control unit that uses the network communication data to control the operation of the industrial machine in the real environment;
    The network communication verification unit transmits the received network communication data to the control simulation unit, verifies safety of the network communication data based on processing of the network communication data by the control simulation unit, and verifies safety. a control device for outputting network communication data received to the real operation control unit.
  2.  前記ネットワーク通信データの安全性の検証には、少なくとも前記仮想環境において前記ネットワーク通信データの処理後に前記制御装置及び前記産業機械を含むシステムが停止しないことを示すシステム動作状態、前記ネットワーク通信データの処理後に前記システムの再起動を行い前記システムの初期化が完了していることを示す再起動後の状態、前記ネットワーク通信データの処理後に前記システムにアラームが発生していないことを示すアラーム状態、又は前記ネットワーク通信データの処理後に前記システムが加工プログラムを実行可能であることを示すプログラム実行可能状態のいずれかを含む、請求項1に記載の制御装置。 The verification of the safety of the network communication data includes a system operation state indicating that the system including the control device and the industrial machine does not stop after processing the network communication data at least in the virtual environment, and processing of the network communication data. A post-restart state indicating that the system has been restarted later and initialization of the system has been completed, an alarm state indicating that no alarm has occurred in the system after processing the network communication data, or 2. The controller of claim 1, including any of a program executable state indicating that the system is capable of executing a machining program after processing the network communication data.
  3.  前記ネットワーク通信検証部は、さらに前記産業機械に含まれる入力部からユーザにより入力された入力データを前記ネットワーク通信データとして前記安全性を検証し、
     前記リアル動作制御部は、前記ネットワーク通信検証部により安全と検証された前記入力データに基づいて前記産業機械を前記リアル環境で動作制御する、請求項1又は請求項2に記載の制御装置。     The network communication verification unit further verifies the safety of input data input by a user from an input unit included in the industrial machine as the network communication data,
    3. The control device according to claim 1, wherein said real operation control unit controls operation of said industrial machine in said real environment based on said input data verified as safe by said network communication verification unit.
  4.  コンピュータに、産業機械を仮想環境とリアル環境との両方で制御するデジタルツイン機能を実現させる制御方法であって、
     外部より前記産業機械に対するネットワーク通信データを受信し、
     受信した前記ネットワーク通信データの処理を前記仮想環境で実行し、
     前記ネットワーク通信データの処理に基づいて前記ネットワーク通信データの安全性を検証し、
     安全と検証されたネットワーク通信データを用いて前記産業機械を前記リアル環境で動作制御する
     制御方法。     A control method that enables a computer to realize a digital twin function that controls an industrial machine in both a virtual environment and a real environment,
    receiving network communication data for the industrial machine from the outside;
    executing processing of the received network communication data in the virtual environment;
    verifying the security of the network communication data based on the processing of the network communication data;
    A control method for controlling the operation of the industrial machine in the real environment using network communication data verified as safe.
  5.  クラウド上で産業機械を制御する仮想環境を複数の製造拠点毎にロード・実行する複数の仮想実行環境を備え、
     前記複数の仮想実行環境それぞれは、
     外部より前記産業機械に対するネットワーク通信データを受信し、前記ネットワーク通信データの安全性を検証するネットワーク通信検証部と、
     受信された前記ネットワーク通信データの処理を前記仮想環境で実行する制御シミュレーション部と、を備え、
     前記ネットワーク通信検証部は、受信した前記ネットワーク通信データを前記制御シミュレーション部に送信し、前記制御シミュレーション部による前記ネットワーク通信データの処理に基づいて前記ネットワーク通信データの安全性を検証し、安全と検証したネットワーク通信データを対応する製造拠点に配置されたリアル制御装置に出力する
     クラウドシステム。     Equipped with multiple virtual execution environments that load and execute virtual environments that control industrial machines on the cloud for each of multiple manufacturing bases,
    Each of the plurality of virtual execution environments,
    a network communication verification unit that receives network communication data for the industrial machine from the outside and verifies the safety of the network communication data;
    a control simulation unit that executes processing of the received network communication data in the virtual environment;
    The network communication verification unit transmits the received network communication data to the control simulation unit, verifies safety of the network communication data based on processing of the network communication data by the control simulation unit, and verifies safety. A cloud system that outputs the network communication data collected to the real control device located at the corresponding manufacturing base.
PCT/JP2021/040661 2021-11-04 2021-11-04 Control device, control method, and cloud system WO2023079652A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/040661 WO2023079652A1 (en) 2021-11-04 2021-11-04 Control device, control method, and cloud system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/040661 WO2023079652A1 (en) 2021-11-04 2021-11-04 Control device, control method, and cloud system

Publications (1)

Publication Number Publication Date
WO2023079652A1 true WO2023079652A1 (en) 2023-05-11

Family

ID=86240824

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/040661 WO2023079652A1 (en) 2021-11-04 2021-11-04 Control device, control method, and cloud system

Country Status (1)

Country Link
WO (1) WO2023079652A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018078878A1 (en) * 2016-10-31 2018-05-03 三菱電機株式会社 System design assisting apparatus, control device, control system, and operation screen
WO2021117868A1 (en) * 2019-12-13 2021-06-17 川崎重工業株式会社 Robot system and method for forming three-dimensional model of workpiece
JP2021146435A (en) * 2020-03-18 2021-09-27 日本電産株式会社 Robot system, method to be executed by robot system and method for generating teaching data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018078878A1 (en) * 2016-10-31 2018-05-03 三菱電機株式会社 System design assisting apparatus, control device, control system, and operation screen
WO2021117868A1 (en) * 2019-12-13 2021-06-17 川崎重工業株式会社 Robot system and method for forming three-dimensional model of workpiece
JP2021146435A (en) * 2020-03-18 2021-09-27 日本電産株式会社 Robot system, method to be executed by robot system and method for generating teaching data

Similar Documents

Publication Publication Date Title
Gehrmann et al. A digital twin based industrial automation and control system security architecture
Wu et al. Cybersecurity for digital manufacturing
JP2023162405A (en) Process control software security architecture based on least privileges, and computer device
Waidner et al. Security in industrie 4.0-challenges and solutions for the fourth industrial revolution
US8989386B2 (en) Method and device for providing at least one secure cryptographic key
CN109791514B (en) Control system design for resisting network attack
KR101256295B1 (en) Collaborative malware detection and prevention on mobile devices
US8990923B1 (en) Protection against unauthorized access to automated system for control of technological processes
US20180124064A1 (en) Separated application security management
Maggi et al. Rogue robots: Testing the limits of an industrial robot’s security
Klick et al. Internet-facing PLCs as a network backdoor
KR102251600B1 (en) A system and method for securing an industrial control system
US9306953B2 (en) System and method for secure unidirectional transfer of commands to control equipment
US11568088B2 (en) Method, processor and device for checking the integrity of user data
JP2016019280A (en) Industrial control system redundant communication/control module authentication
Pan et al. Review of PLC security issues in industrial control system
CN105278398A (en) Secure power supply related to industrial control system
RU2739864C1 (en) System and method of correlating events for detecting information security incident
RU2746105C2 (en) System and method of gateway configuration for automated systems protection
KR101287220B1 (en) Network security system for plant integrated control system
WO2023079652A1 (en) Control device, control method, and cloud system
RU2750629C2 (en) System and method for detecting anomalies in a technological system
RU2724796C1 (en) System and method of protecting automated systems using gateway
Liebl et al. Analyzing the attack surface and threats of industrial Internet of Things devices
Negi et al. Intrusion Detection & Prevention in Programmable Logic Controllers: A Model-driven Approach

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21963248

Country of ref document: EP

Kind code of ref document: A1