Keeping wireless networks secure

As technology continues to evolve, so do the risks that threaten the security of an industrial network. With more devices now being connected, outsiders have better opportunities to disrupt industrial processes.

07/29/2015


Many factories are connecting tablets and smartphones to their processes via Wi-Fi or Bluetooth. This can make the user interaction easier, but without proper precautions, it opens the door to cyberthreats. Courtesy: Phoenix ContactSecurity is a growing concern on all industrial networks, whether wired or wireless, but because wireless data travels over the air, it leads to special concerns. There is always the question of, "Is my information really secure?" or "Is this as safe as a wire?" A wireless network can be just as secure as wired networks by taking the right considerations in the planning stages of the system to make it as secure as possible. 

Build a secure wireless network

When considering a wireless platform, it is important to look at all aspects of the product, not only for security reasons, but also for the flexibility, the function, and the future expandability of the product. The accessibility to a wireless network changes, depending on if the system is based on a public or proprietary standard. Public wireless standards, such as Wi-Fi or Bluetooth, operate on open standards that are publically available. A simple Google search on hacking a Wi-Fi network can turn up millions of results.

Proprietary wireless systems, which only communicate with other devices from the same manufacturer, have a built-in layer of security. It is more difficult for an intruder to learn the technology behind these devices because third-party devices do not connect to that particular network.

In many applications, however, a public wireless network is a better fit, due to backward-compatibility or interoperability. Because these technologies are public, they are widely understood and easy to install. One Wi-Fi network can have multiple devices from different manufacturers that can communicate with each other. However, the "widely understood" part can be a disadvantage if somebody has bad intentions. Still, by choosing the proper technology and applying smart installation practices, threat of unwanted network traffic can be minimized.

Improve wireless security

1. Encryption—Encryption takes network data and uses a key to make the data unreadable as it travels the network. If somebody is "eavesdropping" on the network, the intruder will not be able to make sense of the information. There are several different levels of encryption, including wired equivalent privacy (WEP), wireless protected access (WPA), and WPA2.

WEP and WPA are easy to hack. WPA2 uses an Advanced Encryption Standard (AES) for encryption, providing the highest level of protection for a wireless network. Even WPA2 has the potential for intrusion today, but combining it with other best practices can lower the risk.

A defense-in-depth approach will improve security for the entire network, not just the wireless side. Courtesy: Phoenix Contact2. Authentication—Authentication defines all of the people on my network and what level of access they have. It asks, "Are you supposed to be on this network? If so, at what level are you permitted to communicate?"

Access levels can range from allowing users to have full access to a network, to allowing them to only have access to one specific device. An example of this is setting up a guest and a production network. The production network would be where all the confidential information is stored, and only certain users have access to it. The guest network would be open to all users who want to access it.

3. Common sense best practices—Even if a wireless network has the highest levels of encryption and authentication, it can still be unsecure. Taking a defense-in-depth approach to an entire network-the wired and wireless sides-means implementing steps such as:

  • Limiting transmit power: Consider the environment and application where the wireless system is being used. Most wireless devices allow the configuration of transmission power. If the application is short-range, consider turning down this setting so the network identification (ID) is not visible past the areas required.
  • Installing firewalls where necessary and taking other steps to limit network access: Most wireless devices are strictly a conduit for data. Although some do have some firewall and routing functions, many just provide an avenue to pass data. Securing a network via a hardware firewall device on the wired side of the main wireless device will allow another layer of security if someone can access the wireless or wired network at a "remote" location.
  • Strong policies about passwords and thumb drives: The integrity of any wireless system is only as strong as the policies implemented to protect it. Implementing requirements for strong passwords (not using "password," the system's default, or your dog's name as your password), requiring periodic password changes, and restricting access to physical ports on networked devices are a few things to consider.
  • Good communication between IT staff and plant staff: As devices become connected, so too, do the plant floor and the information technology (IT) groups. Constant communication between the two, so that both groups know what is going on in the respective areas, will make a more smooth integration between groups. For example, if the plant staff wants to install a Wi-Fi system in a warehouse, IT can let them know what channels may be free so that communication is as reliable as possible. It's also important to communicate when personnel changes, so the policies for that user change as well. If an employee leaves the company, it is critical to change the network passwords as soon as possible to avoid unwanted access from outside the company.

Consequences of an industrial network breach can include downtime, loss of production, environmental problems, and damage to corporate image. Taking the time to consider options and make decisions that make the network as secure as possible are important. Most manufacturers provide training, technical support, and white papers on wireless products to review available security options. Now is the time to ensure industrial networks are prepared for the next threat.

- Justin Shade is a wireless product marketing specialist at Phoenix Contact. Edited by Eric R. Eissler, editor-in-chief, Oil & Gas Engineering, eeissler@cfemedia.com.

Key concepts

  • Encrypt wireless communications
  • Authenticate who is on the network and their levels of access
  • Use common sense.

Consider this

The integrity of any wireless system is only as strong as the policies implemented to protect it.

ONLINE extra

See related stories on wireless security linked below.



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me