Industrial wireless networks are the "next big thing" for industrial automation and industrial networking in particular. However as with all new technology, the adoption rate often lags both the level of coverage in the press and, of course, the number of purchase orders that companies developing the technology need to recover their investment, at least in the short term. Experience has shown that any new technology in the industrial arena follows the traditional chasm model of early adopters and major companies that install small-scale pilot plants or test systems to see how it works and understand the technology. The results of these small-scale tests then form the basis of corporate standards and practices for larger-scale rollout and adoption of the new technology.
A recent study by ON World confirms that this trend is being repeated for industrial wireless. As a result, it is unlikely that large-scale adoption of industrial wireless will take place until the middle of this decade. If the challenges of security and standards are not addressed, this date likely will move farther into the future.
So just what is the current situation on these two important considerations?
All industrial protocols use the OSI seven-layer model as the basis for design, and the 802.15.4 radios on which the industrial wireless protocols are based use the lower two layers —physical and data link — of the model (Figure 1). This makes it possible for the various protocols to use the same basic radio while all being unique, based on how to define the network through user layers to meet the requirements of target vertical industries.
Fortunately, the engineers designing the industrial wireless communications protocols were aware of the concerns and impending regulations such as the North American Electric Reliability Council Critical Infrastructure Protection (NERC CIP) standards that deal with security of the electrical grid and include cybersecurity as a key component of the nine published documents, and the ISA-99 standards themselves. In fact, part of the mandate for the ISA-100 committee is that it work with the ISA-99 committee on this aspect of the standard development and ISA-84 for safety-related parts of the documents as well.
The developers of the industrial wireless standards incorporate a variety of security features in the protocols. Message encryption is a commonly used tool to maintain data integrity and prevent deliberate or inadvertent interception of the data between two nodes on a network. The process automation wireless protocols include industry-standard, 128-bit AES encryption, unique encryption keys for each message, and have the access point provide rotating encryption keys as part of its responsibilities when new devices attempt/request permission to join the network.
Other features incorporated into industrial wireless standards include data integrity — data is not corrupted — and device authentication — the device really is who it claims to be — two of the three pillars of cybersecurity, the third being authority — the device has sufficient security privileges to make the change being requested.
A channel-hopping feature makes it more difficult for a device that is not part of the network — no access to the hopping key — to be able know at which frequency the next transmission will take place.
Multiple levels of security keys for access by different individuals with different responsibilities are another important feature. This reinforces the concept of authority, that third pillar of security.
Adjustable transmit-power levels let the user manage signal spillage beyond the boundary of the plant environment. If the radio signals do not go beyond the edge of a facility, it becomes much more difficult for someone to either steal information or capture enough data packets to be able to decipher and compromise the data package format.
Wireless networks have security servers similar to RADIUS servers in the office environment, and the network manager records every attempt to join the network. By keeping track of the attempts, indication of failed access attempts can provide a measure of how vigorously someone is attempting to compromise your network.
The ISA100.11a protocol incorporates two important characteristics to help deal with coexistence.
Slow hopping permits the radio to move from channel to channel, looking for one that is not busy. Unlike other protocols, ISA100.11a can return to a previously busy channel to determine if it might now be available.
Other approaches use "black listing," whereby a channel is declared off-limits, or not available, and is never revisited. ISA100.11a embraces "white listing" that indicates channels that have been found to be particularly good for the needs of the network. To enable "white-listing," the ISA-100 standard modifies the 802.15.4 data link layer to increase signal reliability in the industrial environment.
Any protocol compliant with the full specification of IEEE 802.15.4 must yield to IEEE 802.11 as a requirement of claiming compatibility with the standard. ISA100.11a is not fully IEEE 802.15.4-compliant. IEEE 802.15.4 radios are used since they are inexpensive and available, but the team has implemented a different media access control (MAC) protocol to improve the reliability and reduce the coexistence issues associated with the 802 family.
Profiles in ISA100.11a allow users to select the amount of protection desired. A key feature of ISA100.11a is the key distribution approach. ISA100.11a allows redistribution of keys in real time so the theft of a device does not give the thief access to a key that will be used forever more in the plant. This redistribution is done over the air so the user maintenance staff is not troubled with touching every device being rekeyed. Other protocols in the marketplace use a key entered during manufacture so it can't be changed or one that can only be changed with an out-of-band signal from a handheld unit that must touch every node in the network. The end users on the ISA100 committee were very vocal about this feature and agreed to the momentary risk of the over-the-air transmission as the best compromise available in this situation.