Author Warren Team
Many modern machines and processes are controlled by Programmable Logic Controllers (PLC’s). PLC’s are essentially computers that have the ability, properly connected and programmed, to interface with the outside world and control the actions of a machine like a robot or conveyor. The PLC has a processor for processing the user programmed logic, and also has input / output (I/O) wiring provisions for both analog (e.g. temperatures and pressure transducers) and digital (e.g. limit switches and indicator lights) devices.
PLC’s often have provisions for other functions like communication with data acquisition systems and human machine interfaces (HMI). The PLC manipulates the outputs according to the state of the inputs, its current internal memory state, and its program. The program is created by a programmer using propriety software available from the PLC supplier.
Figure 1: A view of a section of a PLC program’s “ladder logic”. The PLC scans from top to bottom and left to right in the sequence of the program. In the example, at least one of the logical paths must be successfully achieved from the upper left to the lower right before the final element, “Upper Loader Up Solenoid”, would be powered. Note that there are parallel paths through the logic such that there may be a number of logical ways for the output to occur. This section is just one page of the program. Programs maybe hundreds of pages long.
When incidents like a fire, explosion or a personal injury occur involving industrial or commercial machines, attention should be paid to the presence of a PLC in the control system of the involved equipment. If present, usually it is advisable to try and capture the current program and data state resident in the PLC. The same holds true for any data acquisition system that may be present. This allows understanding of the logical control of the equipment, its current logical state, and how that may have impacted the incident.
For example, we recently investigated a personal injury case in which a worker was injured when a large aluminum billet fell from a material handing system. The worker was improperly standing on top of the machine when the incident occurred. The system handled the billets via various motors and hydraulic cylinders actuated by a PLC based control system. We obtained a copy of the PLC program from the machine manufacturer and determined that certain central aspects of the plaintiff’s expert’s theory of how the incident occurred were impossible given the way in which the machine’s PLC was programmed.
Figure 2: A view of a typical PLC. The blue and red wiring to the right terminate at the PLC’s input / output wiring connections. The processor is to the left at the keyed switch. This PLC has capacity to communicate over an Ethernet data link.
Obtaining the PLC program directly from the processor requires specialized work, for example you have to use the correct programming software which can be expensive. Often, an independent programmer can be enlisted to help with this step. Another important point is that the PLC program will likely lack the variable descriptions (e.g. “Upper Loader Up Solenoid”) associated with the program elements unless the software used to access the program includes the original documentation for the program. Additionally, the program may be password protected against being uploaded. Each of these factors makes enlisting the help of the original programmer, or use of the end user’s documentation files, very important. Negotiating these sorts of issues are made easier if the investigating forensic engineer is experienced with PLC control systems.
Founded in 1997, The Warren Group, forensic engineers and consultants provides technical investigations and analysis of personal injury and property claims as well as expert testimony for insurance adjusters and attorneys. Extremely well versed in the disciplines of mechanical, electrical, chemical, structural, accident reconstruction and fire and explosion investigation, our engineers and consultants are known for delivering the truth — origin, cause, responsibility and cost of an event or claim — with unmistakable clarity.
