Wireless Security, Standards Are Still Hurdles to Potential Users

Industrial Wireless Worries Delay Adoption and User Affinity

By Ian Verhappen, ISA fellow, Certified Automation Professional

1 of 3 < 1 | 2 | 3 View on one page

]Industrial wireless networks are the "next big thing" for industrial automation and industrial networking in particular. However as with all new technology, the adoption rate often lags both the level of coverage in the press and, of course, the number of purchase orders that companies developing the technology need to recover their investment, at least in the short term. Experience has shown that any new technology in the industrial arena follows the traditional chasm model of early adopters and major companies that install small-scale pilot plants or test systems to see how it works and understand the technology. The results of these small-scale tests then form the basis of corporate standards and practices for larger-scale rollout and adoption of the new technology.

A recent study by ON World confirms that this trend is being repeated for industrial wireless. As a result, it is unlikely that large-scale adoption of industrial wireless will take place until the middle of this decade. If the challenges of security and standards are not addressed, this date likely will move farther into the future.

So just what is the current situation on these two important considerations?

All industrial protocols use the OSI seven-layer model as the basis for design, and the 802.15.4 radios on which the industrial wireless protocols are based use the lower two layers  — physical and data link — of the model (Figure 1). This makes it possible for the various protocols to use the same basic radio while all being unique, based on how to define the network through user layers to meet the requirements of target vertical industries.


Fortunately, the engineers designing the industrial wireless communications protocols were aware of the concerns and impending regulations such as the North American Electric Reliability Council Critical Infrastructure Protection (NERC CIP) standards that deal with security of the electrical grid and include cybersecurity as a key component of the nine published documents, and the ISA-99 standards themselves. In fact, part of the mandate for the ISA-100 committee is that it work with the ISA-99 committee on this aspect of the standard development and ISA-84 for safety-related parts of the documents as well.

The developers of the industrial wireless standards incorporate a variety of security features in the protocols. Message encryption is a commonly used tool to maintain data integrity and prevent deliberate or inadvertent interception of the data between two nodes on a network. The process automation wireless protocols include industry-standard, 128-bit AES encryption, unique encryption keys for each message, and have the access point provide rotating encryption keys as part of its responsibilities when new devices attempt/request permission to join the network.

Other features incorporated into industrial wireless standards include data integrity — data is not corrupted — and device authentication — the device really is who it claims to be — two of the three pillars of cybersecurity, the third being authority — the device has sufficient security privileges to make the change being requested.

A channel-hopping feature makes it more difficult for a device that is not part of the network — no access to the hopping key — to be able know at which frequency the next transmission will take place.

Multiple levels of security keys for access by different individuals with different responsibilities are another important feature. This reinforces the concept of authority, that third pillar of security.

Adjustable transmit-power levels let the user manage signal spillage beyond the boundary of the plant environment. If the radio signals do not go beyond the edge of a facility, it becomes much more difficult for someone to either steal information or capture enough data packets to be able to decipher and compromise the data package format.

Wireless networks have security servers similar to RADIUS servers in the office environment, and the network manager records every attempt to join the network. By keeping track of the attempts, indication of failed access attempts can provide a measure of how vigorously someone is attempting to compromise your network.

1 of 3 < 1 | 2 | 3 View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments