Mark Jarman, president of wireless sensor networks provider Inovonics, recently outlined major trends for wireless security systems for 2011. "People and assets are mobile, so security needs to be as well. People are 'connected' thanks to mobile devices, so they can stay linked to their security and data systems in real time," he explained. "When security is mobile, you need to be able to track it. People and assets are increasingly mobile, so Real Time Location Solutions (RTLS) will become increasingly important." Jarman's additional top predictions for 2011 include: 1. Integration of access control panels, video management systems and alarm sensors with IP-based security solutions will increase substantially. Jarman said there is a convergence that's been taking place in the security world with manufacturers of access control panels and video management systems integrating their systems into a cohesive IP-based solution. In 2011, development of IP-based specifications to achieve system-wide interoperability of IP security devices will accelerate and will soon become reality, forcing vendors to shift their product strategies to comply with the new requirements. 2. Location and situational awareness in conjunction with mobile security capabilities will become a key requirement of campus-wide security systems. Today, security guards are mobile and have smart phones or two-way radios driving the growing trend toward mobility. With an increasing number of security persons and human assets mobile these days, knowing where they are within a building or campus setting when they activate a duress alarm, such as a pendant, is mission critical. Then notifying others within that same environment via an integrated, easy-to-deploy and use mass notification system ensures they will get out of harm's way quickly and safely. 3. Wireless sensor networks in commercial settings will continue to gain traction against traditional hard-wired solutions due to their ease in extending monitored sensor types, speed of installation, cost savings and mobility, as well as overall reliability. Altogether, this will improve the tangible ROI property owners expect. Increasingly, security dealers and directors are leveraging wireless throughout their organizations for these reasons, especially when a security breech occurs and the weaknesses of wired solutions are exposed. "Wireless security systems are poised to take advantage of a number of market factors in 2011," said Jeff Kessler, managing director of Imperial Capital, a security market research and advisory firm. "In the coming years ahead, we will see security directors and integrators asking vendors to better integrate access control, video analytics and external sensors into a single view to achieve true Physical Security Information Management (PSIM) capabilities. Wireless systems will play an important part in this evolution." Echoing this same sentiment, Jarman added, "Despite all the advances in technology, one thing rings clear: an integrated security solution needs to be simple, not over-featured. As elegant as many integrated solutions can be, their sheer complexity can make them fall short of expectations for usability, and therefore performance, reliability and in realizing a return on investment. That is why simple to install, easy-to-use, reliable and cost-effective wireless systems will gain growing acceptance among security directors and integrators across many markets in the years ahead."
Emerson Process Management's Smart Wireless technology has helped Northstar Bluescope Steel improve furnace control at its mini-mill in Delta, Ohio. As a result, the mill has been able to boost production by as much as one batch per day, cut maintenance costs by $200,000 US annually, and improve worker safety. Emerson's self-organizing wireless network, based on the IEC 62591 (WirelessHART) standard, collects data used to control the temperature of cooling panels and water-cooled burners on the mill's electric arc furnace. This data is critical to safe furnace operation. Overheating cooling panels can lead to major furnace damage, with a blown-out panel costing as much as $20,000 US to repair. Production time is also lost when the furnace must be shut down during maintenance or repairs. "Better temperature control through wireless has allowed us to add up to one additional batch per day," said Rob Kearney, maintenance supervisor for Northstar Bluescope Steel. "With each batch worth as much as $200,000, that's a significant advantage." Emerson's wireless solution replaced a hard-wired monitoring network with hundreds of wiring junctions. The old network suffered frequent measurement failures in the mill's harsh environment, with its high electromagnetic field, flying slag, vibration, moisture and temperatures as high as 1,649 degrees C. "Between nine and 12 measurements per week would fail due to high temperatures or physical damage to sensors, cable or conduit," said Kearney. "And when a measurement point fails, the furnace must be shut down. The new wireless solution eliminated almost 100 percent of the cable and conduit, which reduced maintenance costs by $200,000 US annually." The wireless network includes 32 of Emerson's Rosemount wireless temperature transmitters; 28 are used for control and four for monitoring. The transmitters send their data to a Smart Wireless Gateway, which interfaces with the mill's transformer-regulation and burner-control system. "Safety has also been improved," Kearney said. "The furnace's cooling panels are operating consistently at a safe temperature, and there is less maintenance required around the hot furnace shell, where ambient temperatures can be 140 degrees F." Due to its success with Emerson's Smart Wireless, Northstar Bluescope intends to implement a similar wireless solution for a second electric arc furnace. www.EmersonProcess.com/SmartWireless
Rockwell Automation has added five new white papers to its resource library on managing real-time control and information flow throughout the manufacturing and IT enterprise. The new white papers share guidelines, recommendations and best practices for topics crucial to network infrastructures, such as improving network resiliency with device-level ring topologies, protecting network infrastructures to comply with emerging standards, implementing a converged Ethernet infrastructure, and installing security patches to protect industrial computers. "Forward-thinking manufacturers know that a unified, secure network infrastructure is key to plantwide optimization," said Brian Oulton, networks business manager, Rockwell Automation. "These industrial networking resources arm manufacturers with the guidance needed to enhance their plantwide network infrastructure." The new white papers include: • Control Level Network Resiliency Using Ring Topologies - This white paper describes how embedded Ethernet technology enables Ethernet ring network topologies at the device level. By providing an overview of these device-level ring (DLR) topologies and a comparison to other ring solutions, the paper shows how DLR produces a single, fault-tolerant network. • Protecting Critical Infrastructure and Cyber Assets in Power Generation and Distribution - New regulations require power companies to better protect their networks - therefore, their organizations - from physical and cyber threats. This white paper provides information designed to help companies avoid fines, improve operational efficiencies and better protect their infrastructure. • Guidelines for Industrial Ethernet Infrastructure Implementation - This white paper from Rockwell Automation and Cisco provides guidelines for using EtherNet/IP technology on the manufacturing floor and across the enterprise. Designed to help controls engineers and IT professionals implement a secure network infrastructure, the white paper shows how to improve network performance, security and reliability. • Computer System Security Updates - The real-time information flow between manufacturing and enterprise delivers big benefits, but puts manufacturing computers at risk for viruses, worms and other industrial security threats - unless you apply security patches. This white paper describes best practices for managing patches and protecting your computers. • Stratix Switches Within Integrated Architecture - Industry adoption of EtherNet/IP for control and information has driven the wide deployment of standard Ethernet within plantwide network infrastructures. This white paper outlines the Rockwell Automation Stratix family of managed switches. The white papers listed above join these existing resources: • Securing Manufacturing Computing and Controller Assets - Securing manufacturing assets requires a comprehensive security model, developed against a set of well-defined security policies that identify security risks and mitigation techniques to address the risks. This white paper shares recommendations for deploying a holistic security policy to help secure manufacturing assets. • Achieving Secure, Remote Access to Plant-Floor Applications and Data - Among the key benefits of adopting an open networking standard is the ability to share plant data, applications and resources with remote engineering personnel and external partners regardless of physical location. This white paper outlines the means to help ensure secure remote access to plant-based applications and data. For more information on the Rockwell Automation industrial networking resource library, visit www.ab.com/networks/ethernet/site-index.html.
The HART Communication Foundation welcomes the recent report and confirmation by NAMUR that WirelessHART technology meets the requirements for wireless sensor networks in process applications. After conducting an extensive multi-vendor field test, NAMUR reports that WirelessHART Communication provides the flexibility, security, robust performance, coexistence with other radio technologies and device interoperability within a WirelessHART network that its members should expect. The NAMUR field test used WirelessHART products from ABB, Emerson Process Management, Endress+Hauser, MACTek, Pepperl+Fuchs and Siemens to evaluate and verify WirelessHART compliance with NAMUR Recommendation NE124, "Requirements for Wireless Automation" and NAMUR Working Document NA115, “IT Security for Process Automation Systems.” The field test conducted at the BASF facility in Ludwigshafen, Germany, included laboratory evaluation of performance characteristics and several implementations in operating process plant environments. "Our tests prove that WirelessHART is an appropriate technology for applications within the NAMUR use class ‘Monitoring’ for wireless sensor networks," reports Martin Schwibach, senior automation manager for BASF and chairman of the NAMUR AK4.15 Wireless Automation Working Group responsible for the field test. "WirelessHART technology provides a good alternative where wired networks are too expensive or too difficult to install. This field test verified the alignment of the WirelessHART standard with the NAMUR requirements for wireless automation in process applications." Founded in Germany in 1949, NAMUR is an international user association of 121 member companies in the chemical/pharmaceutical processing industry. NAMUR represents approximately 15,000 PCS experts, of whom approximately 300 are active in 33 working groups covering the fields of measurement and control, automation, communication, process control and electrical engineering over the entire lifecycle of systems. "We are delighted that the NAMUR field test showed WirelessHART meets user needs," says HART Communication Foundation executive director Ron Helson. "Other user installations have also proven the capabilities of WirelessHART, a technology designed specifically for process applications that builds on experience gained with millions of wired HART devices installed around the world. We look forward to working with NAMUR and others to continue improving the technology and extend its benefits to even more users worldwide." The WirelessHART standard is an evolutionary enhancement to the HART Communication Protocol, the leading communication technology for intelligent process measurement and control field devices and systems with more than 30 million devices installed worldwide. The WirelessHART technology is backward compatible with currently installed HART devices, is supported by existing HART tools, and provides additional capabilities to access asset management information in both existing and new monitoring and control applications. The HART Communication Foundation is an international, not-for-profit, membership organization supported by more than 230 companies worldwide. Founded in 1993, the Foundation is the technology owner, standards setting body and central authority on the HART Protocol and provides global support for application of the HART technology. The Foundation establishes and controls the HART Communication standards including new developments and technology enhancements that benefit and support the needs of the industry. www.hartcomm.org www.namur.de
Ethernet has been the de facto standard for business enterprise systems for many years, and the industry adoption of EtherNet/IP for control and information has enabled of network convergence between manufacturing and enterprise networks. Converging technologies between traditional information technology (IT) systems and manufacturing operations provides manufacturers with opportunities to reduce risk and costs, provide secure information access, and improve agility and overall business performance. By getting real-time information at the right time and at the right levels, they can take advantage of network convergence. Industrial Ethernet links the manufacturing environment with the enterprise level, helping enable migration from the traditional three-tier network model to a converged Ethernet model (as shown on page 11). To assist manufacturers in successful migration to this model, ODVA, with support from other manufacturing industry leaders, began promoting a Common Industrial Protocol (CIP) to keep Ethernet standard and unmodified, and thus help integrate the plant floor and enterprise. The Common Industrial Protocol Traditional three-tier networks were designed and optimized for performance in specific applications, most commonly in device, control, information, motion and safety. Although well suited for their designated functionality, they were not developed with a single architecture in mind. Manufacturers were forced to use many specialized and often incompatible networks across their plant to meet their production requirements. Providing real-time data between the different networks became difficult, if not impossible, for manufacturing engineers to manage. To take full advantage, convergence requires seamless integration throughout a manufacturer’s enterprise. Open systems connected these disparate systems together but have not yet lived up to expectations. Integrating different systems and protocols required gateways, extra configuration and programming yet still achieved limited functionality. As a result, manufacturers had limited success reaching the productivity and quality benefits they were hoping for from open systems and had to compromise on their investments. Common application layers help solve the interoperability problem by creating integrated communication networks. The CIP networks — including DeviceNet, ControlNet and EtherNet/IP — share the CIP at their upper levels while remaining media independent at their lower levels. This allows manufacturers to specify the best network for their application, eliminating complex gateways when connecting dissimilar upper-level networks. Model networks, such as EtherNet/IP, play a key role in successfully deploying a converged Ethernet manufacturing network. EtherNet/IP is a CIP adaptation of TCP/IP that fully utilizes the standard IEEE 802.3 Ethernet physical layer and supports both TCP and UDP at the transport layer. This TCP/UDP/IP approach provides real-time technology in the Ethernet domain. With the network extensions of CIP Safety, CIP Sync and CIP Motion, CIP networks allow for safety communication, time synchronization, and simple to high-performance motion all over the same EtherNet/IP network. In addition, Ethernet users can take advantage of commercial, off-the-shelf Ethernet hardware and standardize on network architectures fully compatible with TCP/IP and UDP/IP. Safety Like other digital safety protocols using a “black channel” approach, CIP Safety is an extension to the application layer. It provides a set of highly integrated safety services that leverage the underlying communications stacks of the standard CIP networks to transport data from a source to a destination. It is certified compliant with the functional safety standard IEC 61508 up to safety integrity level (SIL) 3. CIP Safety’s end-to-end protocol gives responsibility for ensuring safety to the end nodes rather than the bridges, routers or intermediate nodes. If an error occurs during data transmission or in the intermediate router, the end device will detect the failure and take the appropriate action. Since the safety coding and not the underlying communication layers ensure data integrity, the underlying communication layers can be interchanged and intermixed even across subnets. CIP Safety allows users to mix standard and safety devices on the same open network. Time synchronization Use of time in a control system generally is applied to time-stamping applications and frequency-based applications. CIP Sync is a time-synchronization extension based on the IEEE 1588 (IEC 61588) standard — Precision Clock Synchronization Protocol for Networked Measurement and Control Systems — commonly referred to as the Precision Time Protocol (PTP). PTP provides a standard mechanism for distributing Coordinated Universal Time (UTC) across a standard Ethernet network of distributed devices. By time stamping in UTC, events can easily be compared across time zones without having to be adjusted for geographic origination. CIP Sync allows users to base control on true time synchronization rather than the limited event synchronization model used historically. Using a 100-megabits-per-second switched Ethernet system, advanced testing shows CIP Sync can deliver time-synchronization accuracy of less than 500 nanoseconds between devices, meeting some of the most demanding real-time applications’ requirements. Distributed motion control Integrated motion on EtherNet/IP uses CIP Motion technology to combine the requirements of deterministic real-time motion control applications with standard, unmodified Ethernet providing full compliance with the Ethernet standards IEEE 802.3 and TCP/IP. This allows the use of standard Ethernet components and infrastructure without special switches or gateways. CIP Motion accomplishes this with a set of application profiles designed to allow users to set position, speed and torque loops in the drive. With CIP Sync technology, multiple axes can be coordinated for precise, coordinated applications. Using time-stamped data and a simple timing model eliminates hard synchronization constraints between the drive and the controller. Real-time data values are adjusted at the end device when the data is applied with no need to hard schedule the network traffic. In addition, CIP Motion enables the same network connection to be used for a high-performance servo drive with precise synchronization requirements and a low-performance Volts/Hertz drive with no time synchronization capability. Reference architectures for manufacturing As we said, Ethernet has been the standard for business enterprise systems for many years. However, information or data access from anywhere at any time presents new challenges. The need to protect assets from both internal and external threats is important to consider, and therefore the design and deployment of a robust, secure network infrastructure has caused some unclear demarcations between manufacturing and IT professionals. To help bridge the gap between these groups, Rockwell Automation and Cisco are working together to deliver design guidance through Converged Plantwide Ethernet Architectures. These resources provide education, design guidance, recommendations and best practices to help establish a robust and secure network infrastructure. Built on technology and manufacturing standards common between IT and manufacturing, Converged Plantwide Ethernet Architectures follow standards, such as IEEE 802.3 Ethernet, Internet Engineer Task Force (IETF), Internet Protocol (IP) and CIP. This design guidance creates a foundation for network segmentation for network management and policy enforcement, such as security, remote access and Quality of Service (QoS). The joint architectures follow standards such as ISA-95 Enterprise-Control System Integration, ISA-99 Manufacturing and Control Systems Security, and the Purdue Reference Model for Control Hierarchy. The convergence of manufacturing and enterprise networks increases access to manufacturing data, helping manufacturers make more informed decisions. They recognize that to achieve their business objectives and be competitive in a global environment, their organizations need to get this data to the right people, at the right time. CIP allows complete integration of control with information, multiple CIP networks and standard Internet technologies.It also provides manufacturers with a scalable and coherent architecture incorporating discrete, process, safety, synchronization and motion applications using the same network technology as the ERP, MES enterprise levels applications. Similar solutions are available from other industrial protocols, such as Profibus, and under development by Fieldbus Foundation. Ultimately, network convergence helps align technology with business goals for business process transformation and enterprise-wide visibility. Mike Hannah is a product business manager for NetLinx with Rockwell Automation.
Emerson Process Management’s Smart Wireless solutions, the company says, are improving profitability and environmental compliance for Tecpetrol by making new measurements at three of its natural gas compression and delivery facilities in Argentina. Smart Wireless was a cost-effective solution for Tecpetrol, which quickly needed to collect real-time gas flow data. The continuous data helps the company track gas venting, comply with environmental regulations, measure gas sold to third parties, and perform AGA3 calculations needed for economic balancing of its three facilities. “The wireless applications saved us a total of $34,000 in installation costs compared to installing a wired solution, a 27-percent savings,” said Odin FernÃ¡ndez, automation and energy head at Tecpetrol. “We preferred Smart Wireless because it’s a secure, robust, self-organizing network. It’s reliable and easy to install, expand and use.” Ten each of Emerson’s Rosemount wireless pressure, DP and temperature, transmitters are installed in the orifice plates at gas well heads across these facilities. The devices transmit data every 15 seconds to Smart Wireless Gateways installed at each facility that forward the data to the company’s DeltaV digital automation system. The wireless network monitors the gas balance of the treatment plants, including dew point, primary separation, compression stages contracted, consumption and plant venting. Some of the data points tapped had never been monitored before. Other points had been checked manually by staff reading local gauges. “We needed to closely watch our gas balance because excessive gas venting can impact our company’s bottom line through lost product and because our gas venting levels must comply with environmental regulations,” FernÃ¡ndez said. Installation of the equipment took one day.The devices were easy to configure and have performed perfectly with no data loss since commissioning, despite these areas being heavily congested with pipes and equipment. Smart Wireless has eliminated the need for clipboard rounds. “One of the advantages in using this equipment is that our process is very variable and involves piping modifications, compressor layouts and primary separation, among others,” FernÃ¡ndez said. “We can move the measurement points when we need to and do not depend on pipes, cabling, etc.” Tecpetrol plans to expand its Smart Wireless use to include test measurements during well drilling. In addition to the Smart Wireless solutions already installed at Tecpetrol, Emerson offers a wide range of wireless field instrumentation and plant operations equipment, including Fisher position monitors, Rosemount analytical and Machinery Health Management devices, native wireless interface to AMS Suite predictive maintenance software and SmartStart Services. www.emersonprocess.com/smartwireless
Prospects for continued adoption of device-level factory automation networks remain overwhelmingly tempered by the weight of current and future economic pressures felt by OEM machine builders and end users.
The ISA Standards & Practices Board (S&P) has voted to approve the ISA-100.11a wireless standard "Wireless Systems for Industrial Automation: Process Control and Related Applications," thereby making it an official ISA Standard. The approval of this major new industry standard by the ISA S&P Board certifies that ISA's accredited procedures have been followed in the development of the standard. The ISA-100.11a standard received final approval by the ISA100 committee in July of this year with 81 percent of the voting members approving, before being passed along to the ISA S&P Board. With the ISA S&P Board approval, the ISA-100.11a standard will now be submitted to the American National Standards Institute (ANSI) for approval as an ANSI standard, and will be submitted to the International Electrotechnical Commission (IEC) for consideration as an IEC standard. "The ISA-100.11a standard was developed by a committee consisting of over 600 end users and equipment manufacturers from around the world, and represents a truly consensus standard created in an open, unbiased forum by a global team of industry experts," said Wayne Manges, ISA100 co-chair from Oak Ridge National Laboratory. The ISA100 committee was established by ISA to address wireless manufacturing and control systems in areas including: * the environment in which the wireless technology is deployed; * technology and life cycle for wireless equipment and systems; and * the application of wireless technology "The committee has been very active in pursuing its charter and I am delighted that this initial standard has been issued," said Manges. The ISA-100.11a standard is intended to provide reliable and secure wireless operation for non-critical monitoring, alerting, supervisory control, open loop control, and closed loop control applications. The standard defines the protocol suite, system management, gateway, and security specifications for low-data-rate wireless connectivity with fixed, portable, and moving devices supporting very limited power consumption requirements. The application focus addresses the performance needs of applications such as monitoring and process control where latencies on the order of 100 ms can be tolerated, with optional behavior for shorter latency. "To meet the needs of industrial wireless users and operators, the ISA-100.11a standard provides robustness in the presence of interference found in harsh industrial environments and with legacy non-ISA-100 compliant wireless systems," said ISA100 co-chair Pat Schweitzer of ExxonMobil. The standard addresses coexistence with other wireless devices anticipated in the industrial workspace, such as cell phones and devices based on IEEE 802.11x, IEEE 802.15x, IEEE 802.16x, and other relevant standards. Further, the standard allows for interoperability of ISA-100 devices. The standard is available at www.isa.org/ISA100-11a. For more information on the full scope of ISA100 committee activity, visit ISA100.org.
Lantronix Inc., a provider of secure, remote management, device networking and data center management technologies, has joined with Spectrum CNC, developer of DNC software, to deliver a highly-dependable wireless industrial automation solution that eliminates the need for wiring throughout the production floor.Spectrum CNC’s Multi-DNC is a software-based machine tool communications system, and the first product to enable simultaneous uploads, downloads and dripfeeding of data into multiple CNC machines. Following its launch, customers began demanding a wireless solution that would simplify installations, reduce costs and increase flexibility for machine movement.Spectrum CNC chose Lantronix to assist in engineering the product because of its expertise in wireless network connectivity. Lantronix’ engineers paired its embedded wireless device server, MatchPort b/g, with Spectrum CNC’s software. The combined product allows wireless connections between CNC machines using IEEE 802.11b/g networks. Spectrum CNC can now offer its customers the flexibility to locate equipment practically anywhere on the shop floor while monitoring it via a centralized operations console."Working with a recognized industry leader like Lantronix ensured our ability to innovate the most reliable wireless solution, which provides great benefits to our customers," said Toni Novak, president of Spectrum CNC. "MatchPort was the perfect complement to our software and has allowed us to edge out competitors, while continuing to evolve our offerings to meet our customers’ needs.""Spectrum CNC has provided innovative technologies to the industrial automation space for years, and we’re happy that we can contribute our expertise to assist in the evolution of their solutions," said Jerry Chase, CEO of Lantronix. "The combined offering meets growing customer demand to create a more flexible operating environment for computer controlled manufacturing equipment while cutting cost." For a case study, visit www.lantronix.com/solutions/industrial-case-spectrum.html.www.lantronix.comwww.multi-dnc.com
The International Society of Automation has voted to approve "a major new industry standard"–ISA100.11a, "Wireless Systems for Industrial Automation: Process Control and Related Applications."The approval, by 81 percent of the voting members of the Standards Committee on Wireless Systems for Automation, follows two rounds of balloting and refinements to the document to reflect the suggestions received from many interested parties, the ISA said."We have passed a major milestone with the Committee vote approving the ISA100.11a draft standard," said ISA100 co-chair Pat Schweitzer of ExxonMobil Research and Engineering Co., Fairfax, Va. "Once the remaining steps in the process are complete, end-users around the world will have an accredited ANSI/ISA wireless standard which has been developed in an open forum that is the hallmark of ISA standards development."With over 600 members from around the world, ISA100 brings together wireless experts representing diverse industrial and technical interests in an open forum. The committee was established by ISA to address wireless manufacturing and control systems in areas including:""" • the environment in which the wireless technology is deployed;""" • technology and life cycle for wireless equipment and systems; and""" • the application of wireless technology.www.isa.org
Recent studies indicate that the industrial Ethernet market will grow at a compounded annual rate in the range of 30 percent per annum over the next three years. It is no surprise then that Ethernet technologies connected both physically and wirelessly are becoming more common in modern digital control systems. With the adoption of open technologies such as Ethernet, both the control system and office environment share many of the same security risks that information technology faces. Wireless systems introduce another variable into the system because the components are not physically joined, causing concern that this is another potential entry point into computer networks. Today, wired and fibre Ethernet are not very common at the field level. There are a number of field devices starting to come to market that incorporate Ethernet communications capability, though these applications are typically data-intensive operations. Copper media are the most commonly used means of transmitting data in a plant; however, wireless has been used in SCADA for many decades. By considering changing the Ethernet media from physical (copper and fibre) to wireless, a whole new range of opportunities present themselves, including WirelessHART, OneWireless, ISA-100 and ZigBee, as well as complete SCADA systems using licensed radio. SCADASCADA systems use a variety of technologies to connect the widely distributed field signals and controllers to the centralized control system. In the past, SCADA tended to use a combination of proprietary communication protocols and, when using wireless, licensed radio bands were the norm. A licensed radio band presented much less risk of interference, typically worked at greater distances and lowered the exposure of competition from other radio signals in the same frequency. However, getting a license for the plant or factory appeared difficult. Today, with advances in wireless technology, license-free solutions are being deployed at an accelerated rate. License-free radios do not carry the stigma of having to get and maintain a license from the government. Many users find this attractive and, therefore, are more willing to deploy a wireless solution. WIRELESSThe most commonly used wireless protocol is 802.11 (Wi-Fi). These commercial standards were developed by the IEEE and contained an inherent form of security protection called WEP (Wired Equivalent Privacy). Very quickly, WEP was shown to be a weak form of protection and has since been upgraded. In June 2004, the new 802.11i standard was released that includes the U.S. government's basic security algorithm, Rijndael Advance Encryption Standard, with stronger encryption, authentication and key management strategies. Wireless is also susceptible to jamming or other interference techniques. The wider the band, the harder it is to jam. Some suppliers suggest that frequency hopping provides adequate protection from jamming. This is not true because most frequency hopping is synchronized - master unit transmits a regular beat and the slave units hop to the beat. A jamming signal covering a couple of consecutive channels is enough to interrupt the hopping sequence on every hopping cycle, which effectively stops the system from working. WIRELESSHARTHART Technology is widely deployed in industry, but not all control systems are able to make use of the maintenance and diagnostic information available from these devices because the I/O does not directly support the HART communications superimposed on the underlying analogue communications signal. The key features of the new HART 7, as compared to HART 5, include: 32 character tags; device status; peer-to-peer messages; enhanced data publishing; time-stamped data; time-triggered actions; process variable trends; command aggregation; and support for WirelessHART. WirelessHART uses the same tools and practices as wired HART, making it compatible with any HART-enabled control or asset management system and the underlying EDDL technology. For security purposes, WirelessHART includes AES-128 Encryption and a standard 2.4-GHz IEEE802.15.4 frequency-hopping radio. ISA-100ISA formed the ISA-100 committee in 2005 to establish standards, recommend practices, publish technical reports and define technologies and procedures for implementing wireless systems in the automation and control environment. The work will support the complete life cycle of a wireless installation, including the design, implementation, on-going maintenance, scalability and management of the resulting control systems. The standards being developed by ISA-100 must also be compliant with ISA-99 (security) and ISA-84 (safety). The committee's focus is to improve the confidence, integrity and availability of components or systems used for manufacturing or control, and provide criteria for procuring and implementing wireless technology in the control system environment. The result will be a robust, flexible and scalable architecture to meet a wide range of plant requirements and environments. SECURITYEthernet is susceptible to such things as data storms, viruses and other forms of intentional and unintentional consequences. Compounding the problem is the fact that most control systems are not inherently protected from these forms of failures. Work done by CERN when selecting the PLCs to be used on the supercollider found that at least 25 percent of PLCs can be compromised with the most commonly used security test tools on the Internet. The most important tool for a secure system is the creation of an effective security policy outlining such things as cryptography, firewalls, logins, physical and virtual security, back-ups and other decisions often similar for IT and process control networks (PCN). Much of the policy and resulting practices for the IT and PCN systems will be similar; however, the biggest difference will be the mindset of how each support group maintains their high levels of reliability. The IT community typically is interested in protecting the core or servers, and is willing to sacrifice an edge device such as your desktop computer to do so. Unfortunately for the PCN, it is these edge devices that are the most important because they are the ones directly connected to the process. It is important to have open and regular communication between these groups so that simple things such as management of IP addresses across a facility will not result in duplication of addresses in two locations. Not only is security being regulated by industrial groups such as NERC (North American Electrical Reliability Corporation), but standards are being written by groups like ISA's ISA-99 committee. The regulations prepared by NERC are being considered for adoption in other parts of the world for the electrical industry in particular, while the work being done by ISA is being considered by the IEC. The NERC documents are presently undergoing revision to more actively promote a "defence in depth" strategy similar to the one being developed by ISA-99. The U.S. government's National Institute of Standards and Technology also recently released a draft document of Special Publication 800-82 - Guide to Industrial Control Systems Security. Both groups are supportive of the "defence in depth" principle that implements several layers of protection between the potential methods of attack and the control system. Having multiple layers will not only provide more protection, but in the event that one of the layers is compromised, it will give you the opportunity to catch and stop attackers before they are able to get to the sensitive parts of your system. A key component of "defence in depth" is the use of a DeMilitarized Zone (DMZ). The DMZ is installed and configured so that there is no direct connection between the office/corporate LAN and the PCN. All data requests from the LAN are through mirror historians in the DMZ, and if the data is not on those servers, they can request it from the PCN. Fortunately there are products and tools available to assist in managing a network. One of the tools to help determine the level and type of protection required is the "Zone and Conduit" concept proposed in the ISA-99 standards. This model is similar to what has been used for years in the safety system market - break the entire system into zones; for each zone determine a target Security Level SLT; compare it against the calculated Security Level SLC; and if the two are not the same, then some additional form of security protection is required. Similarly, if there is communication required between zones, suitable protection must be put in place to ensure that the message is of the same security level as it crosses the boundary. Security must be continuously monitored to be sure that it has not been compromised. Tools used for measuring the level of security in a system include such items as firewalls and intrusion detection systems. POWER OVER ETHERNETThis leaves one other significant roadblock to the adoption of Ethernet, and that is the issue of power in the field. The solution in this case is Power over Ethernet (PoE). One of the enablers to the wide adoption of PoE is the IEEE 802.3af standard. The IEEE 802.3af standard is based on a 30-volt signal and, therefore, is not suitable for Intrinsic Safe (IS) applications. Fortunately, a range of products that have been used in the mining industry for many years have now been approved for use in the hydrocarbon industry. The system is somewhat like traditional IS installations with an isolator as the boundary between the safe and hazardous areas, and then an IS power supply is required to go to each of the devices mounted in the classified area. As an alternate to running a separate DC power cable to each device, PoEx can supply up to 500 mA at 12 volts to each of the ports from the managed five-port switch. Industrial Ethernet in its various forms provides significant opportunities to better control our processes, yet at the same time opens up potential new vulnerabilities, especially as it relates to security. Fortunately, the industry is working to resolve this conflict through the development of appropriate standards and products to ensure safe, reliable and secure control systems. Ian Verhappen, P.Eng., is an ISA Fellow, Certified Automation Professional and director of industrial networks at MTL, a provider of industrial connectivity solutions. Frank Williams is president of Elpro Technologies, a division of MTL Instruments and a leader in wireless solutions.
Wireless networks have become an essential part of communication in the last century. From the Internet to cell phones, this invisible technology has grown in popularity since the first radio broadcast and has since become one of the world’s favorite buzz words. While consumers and commercial users tend to take immediate advantage of wireless technologies as they become available, industrial users have historically been a bit more cautious. This caution is generally due to concerns related to critical infrastructure security and reliability. However, if they choose the right wireless solution, early adaptors of industrial wireless technology can have the best of both worlds – security and reliability while leveraging the efficiency and benefits of wireless technology.The decision to implement wireless technology in an industrial facility is a strategic choice. So how can industrial plants truly begin to make sense of this new wireless world and choose which wireless solution (if any) is the right one? The answer can be found by asking the right questions.Question #1: Should I choose a single versus multi-purpose network? While single-purpose networks may appear to be the most cost-effective approach for your first deployment, this is rarely the case. Very few plants ultimately use wireless technology for only a single task. A multi-purpose network that handles multiple functions is typically about the same initial price and will yield greater efficiency and be a more effective solution for the long-term.Are you willing to consider simple control applications? Many operators might want to consider open-loop control for non-critical assets in the future. It is far easier to take a wireless system capable of doing simple control and use it for monitoring and alerting than the opposite, taking a monitoring network and trying to use it for control. This encourages future flexibility of the system.Do you want field workers with wireless handheld devices to be able to access data and interact with servers in the facility? Because field workers and first responders typically communicate via Wi-Fi networks, the industrial wireless network could jam during a plant emergency if it is not Wi-Fi compatible. Therefore, if you plan to enable field workers at some point in the future, it would be a good idea to select a compatible network when making the initial wireless investment. Question #2: Do I need multi-speed support? Do you need information to reach the control room quickly for some applications and less quickly for others? Can you afford to have your alarms transmitted back at the same rate as monitoring information? Some measurements require fast responses while others can endure a slower update rate. For example, if a network only supports a fast speed, the slower applications can unnecessarily consume battery life and bandwidth. On the other hand, slower-speed networks may not provide sufficient reporting for more critical applications. In general, you should ensure your network can support multiple reporting needs.Question #3: How reliable is my network? Is it important that the data is available within the scheduled update time, or is data timeliness not important? Different applications have different requirements. To ensure future flexibility, look for a system that not only has industrial-grade uptime, but one that does so with predictable, sub-second latency. Also, make sure the system can recover from RF path failure or hardware failures.Question #4: What type of security do I need? Security is essential to protect against malicious intent and to safeguard your people, intellectual property and your bottom line. Security should be simple to deploy, easy to maintain and offer multiple layers of protection. What type of security do you need? Consider the location of the plant, any potential harm that could come from a security breach and the criticality of the data. For systems that require high security, a system should offer strong encryption, robust authentication and layered protection from attack. It is important that the system offer end-to-end security, meaning that data is not decrypted until it reaches the wired network. Quiz your vendors and implementation team about how security is integrated into the system design and architecture. Security is only as good as its implementation, so make sure that the system you purchase has been tested and validated by credible third-party organizations. Question #5: Do I need self-contained and predictable power management? When most users consider wireless deployments, they focus on the cost advantage and the absence of wiring, but they also envision the downside of changing batteries in devices throughout the entire facility. How long do you want your wireless devices to be self-powered? The maintenance expense of swapping batteries should not negate the cost savings of less wiring. Generally speaking, plants should ask for at least a three to five year battery life. Make sure that your vendors specify battery life at a specific and reasonable update rate. One update every five seconds is a good benchmark for comparing battery life under general usage. Also, inquire about the cost of replacement batteries and if these batteries are standard or proprietary.Ask yourself what level of a predictable maintenance schedule you require. Certain wireless designs consume battery power at a very deterministic and predictable rate, allowing for scheduled battery replacements. Other designs may consume batteries in a non-deterministic manner, eliminating the ability to schedule battery changes for the system in advance. In order to keep maintenance expenses at a minimum, operators should select systems with predictable battery consumption.Question #6: How scalable should my network be? How many devices can your network handle? Do not fall into the trap of only considering your immediate needs. To allow flexibility for the future, select a system that can easily scale to thousands of devices.Ask yourself how scalable you want your network to be. For operators who want to start small and grow, choose a system that is scalable enough to meet future requirements. Some systems can grow very large with minimal performance impact, while other systems quickly degrade after a small number of devices. Question #7: How many application interfaces should my wireless network serve? Wireless goes beyond supporting legacy devices. Companies also need flexibility to support future protocols that might not exist in the plant today.Typically, plants contain multiple application interfaces driven by various departments. Many users also want information coming from their wireless devices to use these existing legacy applications and protocols. When selecting a strategic wireless network, you must have the ability to easily interface with all your legacy applications that will require wireless data. This is crucial because this network will service your overall operation, not just one department.Question #8: Is my network ready for the future? Can the system be easily upgraded in the future? Does it support multiple radios? Wireless systems will continue to evolve and improve in the future. To protect your investment, select a system that can be easily upgraded via software and one that supports different types of radios. This flexibility is critical in ensuring that the system will be ready for the future.And the answer is... Despite the many benefits, wireless can be a complex enabling technology, and you must carefully research all the options before implementing a solution. If implemented in the correct way, this technology can deliver long-term benefits that directly impact a plant’s efforts to improve safety, optimize the plant and ensure compliance. Industrial wireless networks that do not address each area satisfactorily may not fit your long-term strategic use of wireless technology. WJeff Becker is the director of global wireless business for Honeywell Process Solutions and is responsible for all aspects of the wireless business in the organization.
Today's competitive and global manufacturing climate is driving the deployment of new technologies at an accelerated rate. Growth-oriented businesses recognize that retaining a competitive advantage means understanding and wisely selecting these new technologies, and then deploying them with maximum effect. Many industrial manufacturing firms are finding compelling reasons to take a hard look at wireless solutions. Wireless technology changes the way that business is conducted and how it's connected to management, employees, the sales channel, vendors and, most importantly, to its customers. But while the application of wireless technology brings such advantages as lower installation and maintenance costs, faster up time, more system flexibility, and easier scalability, it also presents new challenges to the would-be user, including issues related to secure and reliable communications of corporate and operational data. Wireless changes everythingFor more than 20 years, industrial applications have found value in wireless solutions. Supervisory control and data acquisition (SCADA) systems, such as those used in water and wastewater treatment, as well as oil and gas pipeline applications where the transfer of data can be over many miles, have benefited from wireless technology. Although wireless is not new to industrial applications, it still carries a certain mystique. Sending corporate data through free-air seems inherently loose to the industrial plant or manufacturing engineer. Rather, seeing point "A" physically connect to point "B" retains a certain comfort level, suggesting a more secure and reliable communications medium. Wireless does work, and advances in the technology make it robust and inherently more secure for current industrial applications. Ethernet technology has become the local area network (LAN) protocol of choice for industrial use on the plant floor. The sheer simplicity of wired Ethernet allows easy, reliable and inexpensive deployment. And Ethernet provides a perfect platform for wireless technology. Through the use of an access point - a device that connects wireless communication devices together to form a wireless network - wireless extends the power of a wired Ethernet. Wireless access points present a new paradigm for industrial engineers, allowing them to access operational data when needed, with quick installation times and under more mobile conditions. Adding human machine interface visibility anywhere along the operation no longer requires hard wiring, electricians or system downtime, a very attractive thought to the plant manager on a never-ending quest for productivity gains. The most common wireless access point uses the 802.11 protocol. However, due to its commercial origins, the developers of 802.11 gave little thought to security, standards or network management. As wireless access points became more pervasive, would-be users recognized the inherent weakness in Wired Equivalent Privacy (WEP) encrypted 802.11 wireless installs - part of the IEEE 802.11 wireless networking standard. This concern for security is rooted in a fundamental question for industrial use: How secure is a wireless link compared to running wire? Assessing your wireless security needsIn industrial applications, it is imperative to clearly understand how the system will behave when transferring data throughout the factory or plant. Imagine if a competitor could easily gain access to your plant data. They could model your plant, determine your cost of product, understand unused capacity, recognize the state of your equipment and potentially predict some of your future maintenance needs. Therefore, engineers thinking of applying wireless solutions must understand how to protect the system against hackers, competitors and other perpetrators; how to handle jamming or unwanted messages from getting into the process; and how to protect the application/network from malicious damage (e.g. disgruntled employees).Determining how secure is secure, defining a hierarchy of access which aligns access privileges with functional uses for each work area, and selecting wireless products to best protect against unauthorized access to system operation, can be daunting. The fact is, no single wireless solution fits all applications. Application requirements (e.g. distance, data speed, topography, network function) all help to select the correct wireless technology. The balance between the risk and the cost of security must be considered in any protection scheme. Wireless deployment for a small manufacturing firm might only require a minimum level of security, while mission-critical information on a process inside Procter & Gamble demands the highest security available to prevent competitive espionage. Security optionsDefining wireless security requires attention to both network and data messaging. SP100 is an emerging standard in industrial automation for wireless devices. It has defined networking security protection against deliberate attack or human error, and data messaging communications against deliberate attacks and eavesdropping. Wireless products that conform to this standard can provide a good base to your wireless security scheme.Many suppliers of wireless solutions rely on spread spectrum as the only protection. Spread spectrum was developed by the military to inhibit unwanted intrusions by using a frequency-hopping mode of data transmission. Basically, data continually hops across a wide range of frequencies that constantly change in a random sequence. This protection method is a good start, but not good enough. To listen to data, an intruder must know the hopping sequence. It simply forces the perpetrator to use the same model wireless products that they are hacking into, which is not a big hurdle. Fundamentally, transferring data in a secure wireless manner is divided into two parts - authentication and encryption. Authentication schemes, similar to passwords, verify the user's identity, ensuring that the identity of a wireless client to an access point is who it says it is and vice versa. This is typically accomplished by passing "keys" and other pre-programmed information known only to the client device and its host back and forth. Encryption involves enabling a certain bit capability established in many wireless devices. Encryption defines the management of these keys that feed into an algorithm to encode or decode the data running over the network. These measures are used to prevent unauthorized "data sniffing." Wireless local area networks (WLAN) are common in short-distance data communications within a factory or small plant where normal security precautions are in effect. These devices typically operate in the 2.4 GHz frequency range. Initially, 2.4 GHz 802.11 used media access control (MAC) for authentication and WEP for encryption. However, obvious weakness in the WEP encryption scheme and the openness of the encryption information made this approach an easy target for hackers. The Institute of Electrical and Electronic Engineers task force worked to correct this inherent security flaw and amended the standard, which was adopted in June 2004. Called 802.11i, the standard includes the basic security algorithm defined in the United States government's official cipher, the Advanced Encryption Standard (AES), also known as Rijndael, and adds stronger encryption, authentication and key management strategies that go a long way toward guaranteeing data and system security. Are AES and MAC enough? Because no security method is perfect, many wireless manufacturers find value in proprietary security methods or add features that fatigue the intruder such as multiple levels of security. For example, cracking any encryption method requires a large number of encrypted data samples to be collected and processed by the intruder. Wireless products that make the data transmission random, makes this collection process harder. Devices that use exception-reporting protocols elongate this time. The longer it takes, the less likely the intruder will expend the necessary time.Wireless products using multiple levels of security provide added flexibility. Anyone wanting to steal or inject a wireless message has to overcome various levels of protection. To be successful, the perpetrator has to figure out how all levels work to obtain your wireless data. These security levels cannot be bypassed by using an identical manufacturer's wireless product.Multiple levels of protection should include modulation techniques; unique data format structure with added security encryption; network and address validation; the transmission of messages intermittently; and password protection.For longer distance transmission of wireless data, or to protect the network when outside access is required, the use of a wireless gateway with full firewall protection is necessary. There is little point in securing the wireless data if messages can be fed via an interface device such as a gateway (or wireless access point) unless some form of firewall protection is in effect. Firewalls are core components of network security implementation. They can be standalone hardware solutions or built into the software scheme. Firewall to level protection 7 - the applications layer of the ISO/OSI network model that provides network services to end-users - should be the minimal acceptable for use in industrial applications.Any worthwhile security scheme should also include protection against jamming techniques. Most frequency hopping is synchronized, so a jamming signal covering a couple of consecutive channels is enough to interrupt the hopping sequence on every hopping cycle, which effectively stops the system from working. Wireless solutions that use non-synchronized frequency-hopping data transmission give a much better performance against this type of attack.You can't relaxSecurity is vital for proper use of wireless technology. As the benefits of wireless become more obvious, greater vigilance must be paid to security. You can't let your guard down just because you have implemented a security program. Many suppliers of wireless products provide cutting-edge security methods, but one certainty remains: as security technology progresses, hackers and other malicious efforts will continue to evolve in an attempt to crack the code. Choosing an experienced wireless partner and maintaining company-wide security awareness may be the most effective way to confidently gain advantage from wireless technology.Frank Williams is the vice-president for Elpro Technologies, an industrial wireless solutions provider. Williams earned a BSEE from San Diego State University and has considerable experience in the instrumentation business.
ATS Knowledge Day
March 28, 2019
Hannover Messe 2019
April 1-5, 2019
RFID Journal LIVE!
April 2-4, 2019
April 8-11, 2019
2019 Annual Valve Industry Knowledge Forum
April 9-11, 2019
Advanced Design & Manufacturing (ADM) Canada
June 4-6, 2019