Keeping wireless networks secure

As technology continues to evolve, so do the risks that threaten the security of an industrial network. With more devices now being connected, outsiders have better opportunities to disrupt industrial processes.


Many factories are connecting tablets and smartphones to their processes via Wi-Fi or Bluetooth. This can make the user interaction easier, but without proper precautions, it opens the door to cyberthreats. Courtesy: Phoenix ContactSecurity is a growing concern on all industrial networks, whether wired or wireless, but because wireless data travels over the air, it leads to special concerns. There is always the question of, "Is my information really secure?" or "Is this as safe as a wire?" A wireless network can be just as secure as wired networks by taking the right considerations in the planning stages of the system to make it as secure as possible. 

Build a secure wireless network

When considering a wireless platform, it is important to look at all aspects of the product, not only for security reasons, but also for the flexibility, the function, and the future expandability of the product. The accessibility to a wireless network changes, depending on if the system is based on a public or proprietary standard. Public wireless standards, such as Wi-Fi or Bluetooth, operate on open standards that are publically available. A simple Google search on hacking a Wi-Fi network can turn up millions of results.

Proprietary wireless systems, which only communicate with other devices from the same manufacturer, have a built-in layer of security. It is more difficult for an intruder to learn the technology behind these devices because third-party devices do not connect to that particular network.

In many applications, however, a public wireless network is a better fit, due to backward-compatibility or interoperability. Because these technologies are public, they are widely understood and easy to install. One Wi-Fi network can have multiple devices from different manufacturers that can communicate with each other. However, the "widely understood" part can be a disadvantage if somebody has bad intentions. Still, by choosing the proper technology and applying smart installation practices, threat of unwanted network traffic can be minimized.

Improve wireless security

1. Encryption—Encryption takes network data and uses a key to make the data unreadable as it travels the network. If somebody is "eavesdropping" on the network, the intruder will not be able to make sense of the information. There are several different levels of encryption, including wired equivalent privacy (WEP), wireless protected access (WPA), and WPA2.

WEP and WPA are easy to hack. WPA2 uses an Advanced Encryption Standard (AES) for encryption, providing the highest level of protection for a wireless network. Even WPA2 has the potential for intrusion today, but combining it with other best practices can lower the risk.

A defense-in-depth approach will improve security for the entire network, not just the wireless side. Courtesy: Phoenix Contact2. Authentication—Authentication defines all of the people on my network and what level of access they have. It asks, "Are you supposed to be on this network? If so, at what level are you permitted to communicate?"

Access levels can range from allowing users to have full access to a network, to allowing them to only have access to one specific device. An example of this is setting up a guest and a production network. The production network would be where all the confidential information is stored, and only certain users have access to it. The guest network would be open to all users who want to access it.

3. Common sense best practices—Even if a wireless network has the highest levels of encryption and authentication, it can still be unsecure. Taking a defense-in-depth approach to an entire network-the wired and wireless sides-means implementing steps such as:

  • Limiting transmit power: Consider the environment and application where the wireless system is being used. Most wireless devices allow the configuration of transmission power. If the application is short-range, consider turning down this setting so the network identification (ID) is not visible past the areas required.
  • Installing firewalls where necessary and taking other steps to limit network access: Most wireless devices are strictly a conduit for data. Although some do have some firewall and routing functions, many just provide an avenue to pass data. Securing a network via a hardware firewall device on the wired side of the main wireless device will allow another layer of security if someone can access the wireless or wired network at a "remote" location.
  • Strong policies about passwords and thumb drives: The integrity of any wireless system is only as strong as the policies implemented to protect it. Implementing requirements for strong passwords (not using "password," the system's default, or your dog's name as your password), requiring periodic password changes, and restricting access to physical ports on networked devices are a few things to consider.
  • Good communication between IT staff and plant staff: As devices become connected, so too, do the plant floor and the information technology (IT) groups. Constant communication between the two, so that both groups know what is going on in the respective areas, will make a more smooth integration between groups. For example, if the plant staff wants to install a Wi-Fi system in a warehouse, IT can let them know what channels may be free so that communication is as reliable as possible. It's also important to communicate when personnel changes, so the policies for that user change as well. If an employee leaves the company, it is critical to change the network passwords as soon as possible to avoid unwanted access from outside the company.

Consequences of an industrial network breach can include downtime, loss of production, environmental problems, and damage to corporate image. Taking the time to consider options and make decisions that make the network as secure as possible are important. Most manufacturers provide training, technical support, and white papers on wireless products to review available security options. Now is the time to ensure industrial networks are prepared for the next threat.

- Justin Shade is a wireless product marketing specialist at Phoenix Contact. Edited by Eric R. Eissler, editor-in-chief, Oil & Gas Engineering,

Key concepts

  • Encrypt wireless communications
  • Authenticate who is on the network and their levels of access
  • Use common sense.

Consider this

The integrity of any wireless system is only as strong as the policies implemented to protect it.

ONLINE extra

See related stories on wireless security linked below.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me