“Secure wireless” not an oxymoron: Industrial wireless standards offer unprecedented protection
By Ian Verhappen
By Ian Verhappen
One of the reasons that many people hold back on implementing an industrial wireless system is security concerns. Obviously, you don’t want to install a wireless system if it can be a "back door" into your control system.
Luckily, the engineers who are developing the standards and products intended for industrial uses understand these concerns. Consequently, a number of security features have been included in the industrial wireless standards to alleviate them.
I’ve mentioned in past columns that the OSI model ensures each layer of the communications protocol is partially independent of all others. Once again, with industrial wireless, this good planning comes into play since the majority of the industrial Ethernet protocols all use 802.15.4 radios for the lower layers of the protocol but then differentiate themselves at the higher ‘application and user layers’ with unique features.
How industrial systems differ
The 802.15.4 radio replaces the twisted pair wire associated with HART. And just as each of the fieldbus protocols have a migration path to an Ethernet-enabled version (802.3), 802.15.4 could also be replaced with 6LoWPAN or low power version of 802.11in the future with minimal impact to the protocol itself.
Bandwidth sharing at 2.4 GHz beyond ISA100.11a, WiHART (HART 7.1), and ZigBee stipulates that an IEEE 802.15.4 radio be used. In addition, while the 802.15.4 radio could be operated at a number of different frequencies, only the 2450 (+/-) MHz frequency range is available licence-free worldwide. Because of this, it’s the range most commonly used in the licence free Industry Scientific Medical (ISM) bands. Unfortunately, many other items such as cellular phones, wireless home phones, and various other items including remote control cars and toys use this frequency as well.
Message encryption is one technique used to maintain data integrity and prevent deliberate or inadvertent interception of the data between two nodes on a network. The process automation wireless protocols include industry standard 128-bit AES encryption, unique encryption keys for each message, and an access point that provides rotating encryption keys when new devices attempt or request permission to join the network (see sidebar for other industrial wireless standard features).
Techniques such as Direct Sequence Spread Spectrum (DSSS) technology, also known as coding diversity, and adjustable transmission power, or power diversity, also help WirelessHART provide reliable communication even in the midst of other wireless networks. WirelessHART also uses time-synchronized communication (time diversity) as a means to minimize the potential for collisions through the use of "blacking out" channels being used by other devices and networks.
All WirelessHART device-to-device communication is done in a pre-scheduled time window, which enables collision-free messaging. In addition, each message has a defined priority to ensure appropriate Quality of Service (QoS) delivery. Fixed time slots also enable the network manager to create and manage the network for any application without user intervention.
Keeping it safe
The ISA-100.11a standard committee is in the process of revising their document to incorporate a ‘use case’ that was not adequately addressed in the first revision. The expectation is that a revised document will be approved in 2011 and resubmitted to ANSI for approval at that time. After approval as an ANSI standard it will then be possible to submit the document to IEC for consideration as an international standard. WirelessHART is presently in the IEC approval process as an international standard.
Despite the best efforts of the specification developers, all the above capabilities are only as good as what you choose to implement. Including such basic items as managing your signal and antenna gain (receiving strength) at the perimeter of your property, changing default passwords and using defensive indepth security practices will help you protect your wireless system from intruders. When it comes to security, you’re only as good as your weakest link. In many cases, the old saying rings true: We have seen the enemy and he is us.
Features incorporated into industrial wireless standards
• Data integrity and device authentication are two of the three pillars of cybersecurity. The third being authority, or does the device have sufficient security privileges to make the change being requested.
• Channel hopping makes it more difficult for a device that is not part of the network to know at which frequency the next transmission will take place.
• Multiple levels of security keys for access by different individuals with different responsibilities. This reinforces the concept of authority, the third pillar of security mentioned above.
• Adjustable transmit power levels allow the user to manage the signal ‘spillage’ beyond the boundary of the plant environment. If the radio signals do not go beyond the edge of a facility it will become much more difficult for someone to either "steal" information or capture enough data packets to be able to decipher the data package format so that it can be compromised.
• Security servers, similar to RADIUS servers in the office environment, allows the wireless network manager to record every attempt to join the network. By keeping track of all the attempts, the details of failed access attempts can provide an indication of how vigorously someone is attempting to compromise your network.
Ian Verhappen, P.Eng. is an ISA Fellow, ISA Certified Automation Professional, and a recognized authority on Foundation Fieldbus and industrial communications technologies. Verhappen operates a global consultancy Industrial Automation Networks Inc. specializing in field level industrial communications, process analytics and heavy oil / oil sands automation. Feedback is always welcome via e-mail at firstname.lastname@example.org.