Mark VIeS Security System

Mark VIeS Functional Safety System: A Highly Reliable Security Solution for the Connected Industry

Introduction: When Industrial Interconnection Meets Functional Safety

In the era of deep integration of intelligent manufacturing and industrial Internet, the process industry is facing unprecedented challenges and opportunities. On the one hand, device interconnection, data collection, and remote operation and maintenance are significantly improving production efficiency; On the other hand, the security risks of critical infrastructure, the retirement of senior technical personnel, and increasingly stringent regulatory requirements have forced companies to re-examine the integrity and reliability of their security control systems. It is in this context that functional safety systems are no longer just the last line of defense for "parking protection", but have become the core pillar for enterprises to achieve sustainable operation, reduce liability risks, and ensure the safety of personnel and assets.

In response to the above requirements, the Mark VIeS functional safety system for SIL 2 and SIL 3 levels has emerged. This system inherits decades of technical accumulation in turbine machinery protection and control, and integrates modern industrial Ethernet, high-precision diagnosis, flexible redundant architecture, and multi-level network security management capabilities. It provides a certified, mature, reliable, and highly configurable Safety Instrumented System (SIS) solution for various extreme working conditions industries such as oil and gas, power, chemical, pulp and paper, mining, and engineering.

This article will provide a detailed and professional technical analysis of the Mark VIeS functional safety system from multiple dimensions, including system architecture, security capabilities, redundancy modes, I/O technology, software development tools, network security, certification compliance, and actual deployment value, to help engineers, project managers, and enterprise decision-makers fully understand the core advantages and applicable scenarios of the system.

System positioning and core values: from turbine protection to plant wide safety

The Mark VIeS functional safety system is not a universal SIS designed from scratch, but a specialized safety platform developed based on GE Vernova's over 30 years of experience in the field of turbine machinery control, four generations of product evolution, and over 10000 sets of Triple Modular Redundancy (TMR) system field validation worldwide. Its unique historical background determines its natural technological adaptability in high-risk applications such as high-speed rotating machinery protection, emergency shutdown logic, burner management, and fire and gas detection.

Unlike the safety modules in conventional DCS systems, the Mark VIeS is designed, validated, and produced in accordance with the IEC 61508:2010 standard, including the underlying processor, network communication, I/O modules, and engineering configuration tools. It has been evaluated by authoritative functional safety certification bodies such as Exida and has obtained SIL 2 and SIL 3 level certifications. This means that the system can be used for safety instrumented functions in low demand mode (such as emergency stop), as well as for safety protection in high demand or continuous mode (such as burner management system).

The core values of this system can be summarized into four points:

Proven safety solution: Based on long-term operational data from thousands of TMR systems, it combines "operational reliability" and "trip reliability";

Flexibility and reliability: support free combination from single channel to the third mock examination redundancy, and allow users to customize hardware configuration according to SIL level and availability requirements;

Improve production efficiency: reduce project delivery costs and human error risks through highly reusable software libraries, standardized logic modules, and integrated HMI;

Seamless integration capability: able to securely interconnect with existing basic process control systems (BPCS), forming an integrated safety protection system for the entire plant.

System architecture and main components

Mark VIeS adopts a distributed architecture based on Ethernet backbone network, and its core components include security controller, I/O module, I/O network (IONet), engineering configuration workstation, and virtual controller. All components meet the requirements for harsh environmental applications (such as Class 1 Div 2, G3 anti-corrosion level), reducing unplanned downtime caused by environmental factors.

2.1 Mark VIeS Safety Controller

The controller is the logical operation core of the system. Each controller includes a main processor, redundant Ethernet driver interfaces (for connecting distributed I/O), and additional control network interfaces. According to the security integrity level and availability requirements, users can configure:

Simplex: suitable for SIL 2 low demand applications;

Dual controller: Implement 1oo2 or 2oo2 architecture, supporting SIL 3 high/low requirements;

Triple Controller (TMR): Adopting 2oo3 voting logic, it can tolerate single point failures and maintain safety functions.

The controller runs a real-time operating system and supports mixed programming of Function Block Diagram (FBD), Cause&Effect Matrix, and Relay Ladder Diagram (RLD). The controllers synchronize key variables through IONet to ensure disturbance free redundancy switching.

2.2 I/O modules (I/O cards and terminal components)

The Mark VIeS I/O module adopts a three piece design: on-site wiring terminal block, terminal board, and I/O package. This modular structure brings two major benefits:

No need for intermediate relays or isolation terminals, directly connect to on-site instruments, reduce installation costs and minimize potential fault points;

Supports hot plugging and online replacement, and the maintenance process does not affect safety functions.

Each I/O pack is equipped with two IONet ports and a local processor, with a built-in high-precision real-time clock that can provide 1 millisecond resolution sequence of events (SOE) recording for all discrete input-output signals. Users only need to select the corresponding channel in the configuration software to enable SOE, without the need for dedicated hardware, significantly reducing system complexity and costs.

Analog quantity I/O module supports universal configuration. Each channel on the same module can be set as AI or AO independently, reducing spare parts types and cabinet space.

2.3 I/O Network (IONet)

IONet is a deterministic, full duplex, point-to-point communication network designed specifically for security systems, with a transmission rate of 100 Mbps, supporting local or remote cabinet deployment. Within one scanning cycle, the online controller completes the following tasks in parallel:

Read data from the input module;

Write the calculated results into the output module;

Synchronize intermediate variables between controllers in dual machine or TMR configuration.

IONet switches are custom designed for GE Vernova, with wide temperature capability and high anti-interference performance, ensuring uninterrupted communication in extreme environments.

2.4 Virtual Mark VIeS Controller

For the convenience of training, logic verification, and factory acceptance testing, the system provides a PC based virtual controller. This virtualization environment can:

Execute actual application program code;

Communicate with ToolboxST engineering software;

Support Ethernet Global Data (EGD) service;

Simulate process alarm management.

Users can complete most of the logic debugging and simulation without connecting to real hardware, significantly reducing the on-site debugging time of the project.

Flexible redundant architecture: configure SIL levels and availability as needed

One of the most prominent technical features of Mark VIeS is its segmented redundancy design. Traditional security systems typically require all components to use the same level of redundancy, resulting in high costs or excessive local redundancy. And Mark VIeS is based on the Ethernet backbone network, allowing the following parts to independently choose redundancy levels:

Controller: single, dual or TMR;

IONet communication: single, dual, or TMR;

I/O module: single or TMR.

This flexibility allows users to accurately match the actual risk reduction needs of each Safety Instrumented Function (SIF). For example, for the low demand emergency stop function of SIL 2 level, a combination of a single controller, dual IONets, and single I/O can be used; For high demand turbine overspeed protection at SIL 3 level, TMR controller, TMR network, and TMR I/O can be selected.

The specific supported configuration modes include:

TMR 2oo3 SIL 3 high/low demand, used for de energizing to trip during power outages;

TMR 2oo3 SIL 2 low demand, used for energy to trip;

TMR downgrade mode 1oo2 SIL 3: When one channel in TMR fails, SIL 3 capability is still maintained;

TMR downgrade sequence: 2oo3 → 1oo2 → fail safe, ensuring progressive reliability;

Dual machine 1oo2 SIL 3 high/low requirements;

Dual machine 2oo2 SIL 2 low demand, suitable for power on or power-off trip;

Single machine 1oo1 SIL 2 low demand.

The above configuration changes are completely completed during the hardware configuration phase, which is transparent to the application layer code and greatly simplifies project design and later upgrade work.

Software Tools and Engineering Efficiency: Integration of ControlST and exSILentia

An excellent security system not only relies on hardware reliability, but also on efficient engineering software support. Mark VIeS adopts ControlST as a unified configuration, monitoring, and diagnostic platform, and integrates the industry's authoritative exSILentia safety lifecycle management tool.

4.1 ControlST Function

ControlST provides the following core capabilities:

Logic programming: supports three languages: FBD, causal matrix, and ladder diagram, to meet the needs of different engineers;

Library management: supports the establishment of tested and validated OEM algorithm libraries, and can be quickly deployed to multiple projects through advanced replication tools;

Online testing and change monitoring: All modifications to the application can be tested and recorded through the software's built-in validation tools;

Diagnosis and Alarm: Real time display of detailed diagnostic information for controllers, networks, I/O, and power distribution units. Even if communication is interrupted, diagnostic data will be retained locally in the controller and will not be lost.

4.2 exSILentia Safety Lifecycle Management

ExSILentia is a professional SIL calculation and management tool developed by Exida company. The functional safety parameters of Mark VIeS components have been pre embedded in the logical solver database of the tool. When designing SIF, users can fully evaluate:

Sensors (such as pressure and temperature transmitters);

Logic solver (Mark VIeS controller and I/O);

Final components (such as shut-off valves, contactors).

The software automatically calculates key indicators such as average requirement failure probability (PFDavg), critical failure frequency per hour (PFH), hardware fault tolerance (HFT), and system capability (SC) to ensure SIL level compliance. This automated workflow significantly improves consistency and design efficiency, reducing the risk of human computational errors.

Network Security: A Defense System Designed for the Connected World

As industrial control systems evolve towards open networks, security systems themselves have become potential targets of attack. Mark VIeS incorporates multi-layer network security protection mechanisms from the beginning of its design and has obtained Achilles Level 1 certification, verifying its network robustness.

The main safety measures include:

Brand and lock application code: prevent unauthorized modifications;

Specialized security processes and responses: covering vulnerability management and patch release;

Minimum data access principle: role-based permission control;

Strengthen password strategy: support complex passwords and regular replacement;

User authentication and access control: integrated Windows domain or local account management;

Security log: Record all login, configuration changes, and alarm events;

Black Channel Communication: Overlaying security layers on standard Ethernet protocols to achieve large-scale secure communication across multiple security controllers without reducing SIL levels.

In addition, the system supports a trusted host table and only allows authorized computers to connect to the controller; The 'controller lock' mode can prevent unexpected modifications during operation; The application branding feature ensures that only digitally signed code can be downloaded and executed.

High availability features: HART, SOE, and advanced diagnostics

6.1 HART Smart Instrument Support

The Mark VIeS I/O module supports the HART protocol and can simultaneously obtain process variables, instrument status, diagnostic information, calibration data, and more. Users can integrate smart meter data into asset management systems without the need for additional hardware, enabling predictive maintenance and performance monitoring.

6.2 Integrated 1ms SOE

Traditional SOE systems require dedicated timing modules and expensive time synchronization servers. The Mark VIeS has built-in high-precision timestamp function in all discrete input and output channels, and users only need to check it in the configuration to enable 1ms SOE. The captured events can be combined and replayed through real-time or historical trend analysis tools to quickly locate the cause of process disturbances and accelerate production recovery.

6.3 Advanced Diagnosis and Alarm

The system continuously monitors the integrity of each safety loop, including:

Channel open/short circuit detection;

The signal exceeds the range;

Inconsistent redundant paths;

Power and grounding faults;

Controller health status (CPU load, memory, temperature).

All alarm and diagnostic information is time stamped and stored in the non-volatile memory of the controller, ensuring that critical evidence is not lost even if communication with the upper computer is interrupted.

Adaptability to harsh environments

GE Vernova deeply understands that security systems are not always installed in clean central control rooms. The entire range of Mark VIeS components (processors, switches, I/O modules) have passed the following certifications:

Class 1, Division 2: Suitable for hazardous areas with combustible gases or vapors (similar to Zone 2);

G3 anti-corrosion grade: meets ISA standards and can withstand corrosive gas environments such as high concentrations of hydrogen sulfide and sulfur dioxide.

Combining a wide temperature range (-40 ° C to+70 ° C, depending on the component) and anti vibration design, this system can be deployed on offshore platforms, desert oil fields, polar LNG receiving stations, and high dust mining environments.

Certification and Compliance

The Mark VIeS functional safety system follows international mainstream standards, including:

Electrical safety standards:

CAN/CSA-C22.2 No. 61010-1-12

UL Std. No. 61010-1 (3rd edition)

EN 61010-1 (3rd edition)

Functional safety standards:

IEC 61508:2010 Part 1-7, certified by Exida

EN 50402:2005+A1:2008 (applicable to logic solvers for gas detection systems)

Network security authentication:

Achilles Level 1 (Controller Network Robustness)

Quality System:

ISO 9001

In addition, the system meets regional directives such as ATEX (Application Dependency), PED, EMC, and can be deployed in compliance worldwide.

Application scenarios and industry value

Based on the above technical characteristics, Mark VIeS has been widely used in the following typical safety functions:

Factory Emergency Shutdown System (ESD): Factory level safety interlock, requiring high reliability and short response time. TMR configuration is combined with power-off trip logic to ensure reliable shutdown when danger is detected.

Burner Management System (BMS): Continuous monitoring of flames, fuel valves, and purge timing is required, with SIL 3 high demand mode ensuring combustion safety.

Turbomachinery protection: Processing high-speed signals such as overspeed, vibration, and shaft displacement. The TMR architecture can prevent unnecessary tripping caused by false alarms from a single sensor.

Fire and Gas Detection System (F&G): Covering a large area, multiple remote controllers are connected through black channel communication to achieve linkage logic between fire and combustible gases.

Pipeline and tank overpressure protection: Using a HART intelligent pressure transmitter, combined with a 1oo2 dual controller configuration, balances safety and operational availability.

From an industry value perspective, adopting Mark VIeS can help businesses achieve:

Reduce accident rates and liability risks: Through SIL 2/SIL 3 certification, meet regulatory safety requirements for high-risk processes;

Reduce unplanned downtime: Flexible redundancy design and online maintenance capabilities enable equipment replacement or software upgrades without downtime;

Shortening the project cycle: software reuse, pre certified components, virtual debugging and other means can compress project delivery time by more than 30%;

Protecting network security investments: Built in Achilles authentication and layered protection system to prevent security systems from becoming a breakthrough point for hackers.