Phoenix Contact

Avoiding a mental breakdown when choosing circuit breakers

Guest contributor: Jessica Yeh, Phoenix Contact USA

Sizing circuit breakers is confusing because there are so many factors to take into consideration. Of course, there are the typical concerns: price, size, and delivery time. But what about everything else?

What trip mechanism should be used? What ampere rating? Dual rated or regular voltage ratings? Why do I need a lockout/tagout? Does a shunt do the same thing as an auxiliary? What does bidirectional mean? What approvals do I need to take into consideration? Do I need NEC Class 2? NEMA? CSA? UL? IEC or IEEE certifications?

These are just a few of the things to consider when choosing a circuit breaker for a specific application.

Stop the ride, I want to get off!

Here’s the thing. Selecting breakers is a complex task, but the following list will give you a few basic ideas to get started in the right direction. This is by no means everything you should consider, but it’s a nice breakdown.

(The good kind, not the mental kind.)

What type of protection are you looking for?

Breakers are activated by various factors including PCB components in the case of electronic breakers, heat in terms of thermal breakers, magnetism for both thermal-magnetic and hydraulic-magnetic breakers, and more. Each trigger has a different reaction time. Depending on how critical the equipment you’re protecting is, you may want to use this basic guide.

Size matters (Use the 80 percent rule)

It’s common practice to choose a breaker with an ampere rating at around 80 percent of the nominal rating of your application. This ensures that you have a nice little buffer in case the current spike is particularly strong. The breaker will be able to trip well before the current level can get too high and cause damage.

Embrace the trip curves  

When someone says “trip curve,” you either have one of two reactions.

A) Cringe and gulp down the nauseating feeling at the thought of having to squint over all those lines and numbers, or

B) Pass the information along to someone else so that they can exhibit reaction A.

While many companies add their own custom trip curves, the most common include B, C, and D curves, which are considered industry standard.

What you want to keep in mind when it comes to trip curves is that it’s not about all the little calculations, but the overall picture. Besides thinking “how fast does this thing need to trip?” also consider it in terms of your equipment.  Sensitive devices should be protected by a breaker that reacts quickly. On the opposite end, equipment with higher startup currents like motors would probably be best protected by a breaker with a delayed trip curve.

Need for approvals

You may have heard the term “Listed” or “Recognized.” You may have also heard the terms “supplemental” and “branch” protection. Depending on your requirements and the type of breaker you’re using, you might need to select a specifically approved breaker. In most cases, these are the four basic types you’ll often see.

Supplementary protectors (UL Recognized) interrupt an electrical distribution circuit and are intended to protect equipment.

Branch circuit protectors (UL Listed) open a circuit during overload and short circuit and are intended to protect the circuit conductors.

Completing the outfit

When choosing an outfit, you always want to get the basics down first, before you start accessorizing. Outfitting a cabinet is no different. Once you’ve chosen your breaker, you can add additional bells and whistles to give you a little something extra. Here are just a few options.

To reset or activate/deactivate the breaker remotely, you would use its remote reset/control. Combined with remote status indication, you can easily service and maintain breakers without going to a job site.

But if you’re already on site, the local status indication feature uses color codes that allow you to easily service and maintain breakers.

Busbars reduce wiring by connecting a series of breakers to a common a power source.

And finally, lockout/tagout keeps things safe by attaching to the trip mechanism and preventing unwanted tampering during testing or maintenance.

As you get further into the process, you’ll still have to consider some of the more advanced questions raised above, but this list gives you some of the basic break(er)down that you need to know to get started! To learn more about circuit breakers and overcurrent protection options, visit


CMA/Flodyne/Hydradyne is an authorized Phoenix Contact distributor in Illinois, Wisconsin, Iowa and Northern Indiana.

In addition to distribution, we design and fabricate complete engineered systems, including hydraulic power units, electrical control panels, pneumatic panels & aluminum framing. Our advanced components and system solutions are found in a wide variety of industrial applications such as wind energy, solar energy, process control and more.

Secure Protection from Attacks, Malicious Software and Unauthorized Access

Guest contributors: Gerrit Boysen and Mariam Coladonato, Phoenix Contact

High system availability is very important in process engineering, because ongoing processes must not be interrupted. A fence is a physical, easily identifiable safety measure to secure systems from unauthorized persons. In addition to such physical protections, implementing IT security practices is also becoming more important.

The current trend toward interconnectivity is driving the growing need for IT security in process engineering. Not only is there an increasing number of horizontal interconnections from one system to another, but also the field level is more connected to the office level. In addition, all levels are using more and more Ethernet components. The good news is that this interconnection increases efficiency and reduces costs. The downside of this, however, is that it also increases the risk that malicious software will quickly spread throughout all areas of a company.

In light of this information, process-engineering systems are repeatedly being threatened by new security gaps and a growing number of malicious programs. The computers and control systems used in industrial networks must have much more extensive protection from attacks, malicious software, and unauthorized access than they have so far (Figure 1).


Figure 1: The Process Analysis Center is protected by a firewall.

The security strategies used in conventional office IT, however, usually are not designed for industrial systems. Industrial networks require special protective measures. The IT systems used in production environments differ fundamentally from those used in office environments in four ways.

  1. Patches cannot typically be applied to industrial systems
  2. Industrial systems use special protocols such as OPC Classic, which are not used in the office world
  3. Large systems can have structurally identical modular assemblies with identical IP addresses
  4. Production systems often require different firewall rules and standards during maintenance and in the event of remote servicing

Office PCs usually have virus scanners that perform security updates at regular intervals. These measures do not normally work for industrial systems for a few reasons. Sometimes, the manufacturer of the operating systems or applications used in the industrial sector no longer provides security updates. In addition, test measures must be performed on industrial PCs before each operating system, antivirus software, or application update, and this cannot be done efficiently in terms of operation.

The use of specific industrial firewalls can protect these non-patchable systems against attacks from outside the network. To do this, hardware-based firewall appliances are connected between industrial PCs and outside networks. Another advantage of using external security hardware is that the system’s resources do not have to be used for security tasks (Figure 2).


Figure 2: Security example from the process industry.

Targeted restriction of network communications

With firewalls, the user can configure the protocols and ports that can be used to access the protected systems. This can prevent or at least limit the attempt of an attacker to gain access to the network through insecure ports. The Stateful Packet Inspection Firewall approach is an ideal way to manage these systems. This approach uses rules to filter incoming and outgoing data packets in both directions: from the outside to the protected internal network and vice versa. Based on the protocol, source addresses and ports and destination addresses and ports can be used to limit network communications selectively to a defined scope required for production. Here, the Connection Tracking function identifies the response packets on permitted connections and lets them through.

When selecting a suitable firewall, the engineer must ensure that the selected firewall understands any protocols used in the particular industry. Otherwise, reliable protection cannot be guaranteed. For example, office firewalls typically do not support industrial protocols such as OPC Classic, so they cannot provide appropriate protection for the application.

While conventional firewalls cannot reliably protect data traffic via OPC Classic, industrial variants – such as one with a license for OPC Inspector – can provide a suitable solution. The firewall checks the OPC Classic communications data packets and filters them precisely, based on Deep Packet Inspection. For this purpose, the Stateful Inspection principle is also applied to OPC Classic data. This means that the firewall identifies the port changes negotiated in the OPC Classic protocol and approves them dynamically. In this context, it inspects whether a port opened by OPC is used within a timeout period and whether the data traffic moving through this port corresponds to the OPC protocol. This method provides high-access security (Figure 3).


Figure 3: Deep Package Inspection in the OPC protocol.

Unique and clear mapping to virtual external networks

Complex production sequences are typically structured into networked, largely standalone cells. For an efficient design of the engineering, documentation, and cell operation, the use of identical IP addresses for all systems of a single type proves to be advantageous. If all communications are initiated from the internal cell networks, several identical systems can be connected with simple masquerading NAT (Network Address Translation) routers to the operator’s production network. If the higher level network also needs to establish a connection to the individual cell nodes, however, this solution is not sufficient, because the cell nodes cannot be addressed from the outside. In this case, the user requires a router that can map internal machine networks universally or selectively to unique virtual external networks using 1:1 NAT.

Because of this, an industrial firewall offers the so-called 1:1 NAT routing function, in addition to the pure NAT routing. OPC Inspector, mentioned above, allows this NAT function for the OPC Classic protocol. This sets it apart from conventional office firewalls and other industrial firewalls.

Event-controlled (de)activation of firewall rules

Different firewall rules and standards have advantages in different situations. This is because during production operation or maintenance and remote system servicing, different connections are allowed or forbidden. In practice, the user usually solves the problem by summarizing the various firewall requirements in a set of rules. This procedure inevitably lowers the level of security, because the firewall rules allow all connections required for the different operating states, even if they are not required for the current operation.

An industrial firewall solves the problem by implementing a Conditional Firewall. This function allows the firewall rules to be activated or deactivated depending on events. A variety of events – such as an externally connected button, switch, control window in a web interface, API command line, or establishing or disconnecting a VPN (Virtual Private Network) connection – can be selected to trigger a specific firewall rule (Figure 4).

Rexroth-BR_Catalog2 (1)

Figure 4: Secure remote access to the system.


The requirements placed on a firewall in a production zone are different from those in the office world. Therefore, using an industrial firewall with a NAT function can support the individual, simple segmentation of networks. This allows the Defense-in-Depth concept based on the ISA-99 and IEC 62443 international standards to be implemented even in systems using the OPC Classic protocol.