Wireless networks can save money and speed turnarounds
Wireless plant networks
WPNs are often implemented using Wi-Fi (IEEE 802.11-2007) and are used for applications like video, mobile worker, location tracking, video over wireless, field data backhaul, and control network bridging, each with its own characteristics and requirements. Messages can be much longer than those of a wireless field network, and may include such traffic as streaming video.
It’s important to note that WPNs use a set of protocols that were developed by the IT community, not industrial networking designers with knowledge of process plant operations.
A professional site assessment is critical to the successful implementation of a WPN. This generally requires engineers to visit the plant to conduct an RF FEED (radio frequency front-end engineering design), determine access point locations, and collect other on-site information. This is followed by system architecture design; based on the site survey result and the plant’s requirements, engineers design the overall system architecture, including the network infrastructure and the appropriate applications. This is followed by the network design and planning process, which creates a detailed network infrastructure. The last step is physical network installation management and system commissioning.
Keeping wireless systems secure
A frequent question raised when wireless networks are discussed is, what about security? Can’t someone outside the plant monitor the signals and gather intelligence on plant activities, production rates, and so on? And what about hacking? If an intruder can get into the system to monitor it, can’t he also make changes? What if someone changes setpoints to cause a shutdown or even a catastrophe?
That’s where modern security comes in. Wireless field networks and WPNs are different: field networks use mesh architecture that is generally considered secure thanks to a series of critical features:
- Channel hopping on top of the standard direct-sequence spread spectrum. This makes the system inherently resistant to jamming attacks.
- AES-128 encryption (NIST/IEEE compliant) for all communications within the device mesh network and the gateway. At this point AES-128 can be considered secure against all expected attacks.
- Individual device session keys to ensure end-to-end message authenticity, data integrity, receipt validation, and secrecy through data encryption. This makes eavesdropping almost impossible.
- Hop-by-hop CRC (cyclical redundancy check) and MIC (message integrity code) calculations to ensure message authentication and verification as to source and receiver of communications. This blocks man-in-the-middle (backdoor) attacks.
- Devices must have a join key pre-configured on the device. This can be either a common join key per WFN, or optionally an individual join key per device. This prevents replay (or delay) attacks.
- White listing with individual join keys gives devices explicit permission to join the network via the gateway/network manager via an ACL entry, which also includes their globally unique HART address.
In general, although an unauthorized person might be able to detect that wireless communication exists on a wireless field network, he would be unable to gain access, eavesdrop, or otherwise disrupt the device-level network.
While the WirelessHART field network is itself secure, the host gateway by which it connects to the host may use a wired connection or a WPN. For a gateway connected to the host via Ethernet (particularly if the gateway is in an unsecured location), the best choice is to install a firewall in a secure location on the plant side of the wire. For a gateway connected via a WPN, there are additional considerations.
Security for WPNs
WPNs generally use Wi-Fi (IEEE 802.11-2007) and are more vulnerable to attack than are wireless field networks. There are plenty of warnings and horror stories about Wi-Fi networks being hacked, and in fact it wasn’t long after Wi-Fi first appeared that wardriving—traveling about with a laptop, PDA, or smartphone, often connected to a homemade high gain antenna, in an effort to find unsecured Wi-Fi networks—became popular. There are multiple types of threat vectors by which the ill-intentioned can attack a WPN, including rogue access points, ad-hoc wireless bridges, man-in-the-middle (e.g., evil twin, honey pot app, MAC spoofing, etc.) attacks, denial of service (DoS) attacks, jamming (also considered DoS), reconnaissance, and cracking.
Securing against these threats requires both administrative and technical measures. Administrative measures include managing identities such as assigning and terminating privileges as each employee’s situation changes, authentication, authorization, and accounting. Authentication ensures that a person is who he or she claims to be. It can be done using a shared secret arrangement or the IEEE 802.1x extensible authentication protocol (EAP). Authorization determines what a person is allowed to do, while accounting monitors what each person does and when, while monitoring attempts to perform unauthorized actions.
Technical measures include a wireless intrusion prevention system (wIPS), a wireless control system (WCS), and a firewall (Fig. 4). A wIPS is a system to monitor the wireless network and the RF signals in the open air. Its purpose is to detect suspicious clients or access points.
The WCS is the graphical tool that allows the administrator to configure and manage the entire wireless network easily by allowing network managers to design, control, and monitor enterprise wireless networks from a single location, simplifying operations. It oversees a series of WLAN controllers. This software provides network management including diagnostics and troubleshooting tools to keep the network running smoothly.
A firewall should be installed at each network level to serve as a belt-and-suspenders measure to ensure only traffic meant for each network level is routed through. The table summarizes common plant network threats and strategies to mitigate them.
Table 1: Threats and mitigations
It is not difficult to secure a WPN, yet unsecured installations certainly exist. In a presentation at Emerson’s 2012 Global Users Exchange, Neil Peterson, Emerson’s wireless plant solution marketing manager, suggested the main reasons for unsecured networks are human factors, poorly formulated policy (or none at all), poor configuration, bad assumptions, lack of understanding of the problem, and failure to stay up-to-date. “The latest encryption algorithm,” Peterson points out, “cannot make up for poor business processes.”
Wireless networks, at both field level and plant level, can have multiple benefits. Wireless field networks allow field devices to be installed in places where wired devices could not be economically justified, or in some cases installed at all. Wireless plant networks make it possible to speed up plant restarts, and give field operators the ability to perform actions that previously could be done only in the control room. They also allow for personnel tracking and much more. But to make such a network worthwhile it must be installed with care, and with close attention to security.
Steve Elwart, PE, PhD, is director of systems engineering, Ergon Refining, Inc., and he thanks Neil Peterson for contributions to this article.
Read more about worker mobility below.
For more on wireless security, see “Emerson Wireless Security: WirelessHART and Wi-Fi Security”
- Wireless networks can allow operators to perform control-room functions anywhere in the plant
- In a plant context, there is usually more than one kind of wireless network to cover all needed functionalities
- Wireless networks can provide a major cyber attack surface if not deployed with sufficient thought to security