Wi-Fi in plant environments: Convenience vs. risk

Wireless Ethernet is everywhere, including your manufacturing areas. It’s a great convenience, but are you protecting it adequately?

07/07/2015


Here is a typical industrial router as you might see installed in your plant. Is it the latest version? Or is it one that’s been there for many years and cannot be secured adequately to keep your network safe? This one is a current design, but can you telWi-Fi is everywhere, in our homes, offices, and even plant environments. It is now the backbone of communication and has supplanted traditional wired Ethernet for most Internet-related traffic. It has also supplanted cellular-based communication in many instances due to lower costs, higher performance, and better security.

While Wi-Fi may be ubiquitous, it seems like few truly understand how it works, or what is necessary to provide secure communication. Personal experiences working in a variety of manufacturing contexts have shown this is particularly true in process plants and other manufacturing environments. But before we consider what problems have developed, let's think about how we got to this point.

Wi-Fi history

Strictly speaking, Wi-Fi is a wireless local area network (LAN) using IEEE 802.11 standards and the specific name is owned by the Wi-Fi Alliance. IEEE (Institute of Electrical and Electronics Engineers) published the 802.11b standard in 1999, providing the first practical mechanism to transmit data wirelessly at the relatively fast rates (at least at that time) of 1 to 2 Mbps. It achieved broad adoption very quickly as most prior data connections were wired.

Before Wi-Fi, wireless communications were usually based on proprietary analog radio protocols and were slow, chugging along at 9,600 bps, or to put it in a more directly comparable format, 0.0096 Mbps, which meant Wi-Fi was more than 100 times faster. Moreover, older systems had few data integrity protocols built-in, requiring the user to add those functions.

For industrial applications, Wi-Fi created the potential to implement sophisticated high-speed communication, although the end devices still typically used proprietary serial protocols. Security at this point was not much of an issue. Communication was largely point-to-point using Modbus remote terminal unit (RTU) or something similar. While a hacker might have wanted to disrupt a control system to make a point, there was probably little in the way of data worth stealing.

Evolving technology

As PCs and other information technologies (IT) became more common in industrial automation, Ethernet made the move to the plant floor. Ethernet using Transmission Control Protocol/Internet Protocol (TCP/IP) became the norm, but still with a proprietary industrial protocol over it, such as EtherNet/IP, Modbus TCP/IP, Profinet, or another. These communication methods were much like the traditional IT networks, and the enterprise-level networks were becoming ever more connected to the industrial networks, bridging the air gap which kept the industrial side isolated. It was now possible to create a direct path from the lowest-level field device up to the business networks.

Stealing data from industrial networks was now easier because hackers could use the same tools and methods learned in IT networks, but in most environments there was still little worth stealing. Hackers did recognize, however, that industrial networks provided a means of entry over a path often less secure than enterprise IT networks.

They could use the same channels established to move manufacturing data to management-level IT systems and making such a move was usually pretty simple because the manufacturing-level networks were vulnerable.

Moving Wi-Fi to the plant

In most industrial environments, Wi-Fi deployments started popping up to solve specific application problems. Generally, they were simple point-to-point communication links where wiring was impractical or too expensive. The new technology was used in place of older proprietary systems because it was cheaper and easier to work with. Corporate IT folks usually had no idea what was going on, although these new plant networks might show up on listings of available networks if a wireless network scan was performed.

Early Wi-Fi networks did have provision for security if the user was aware of it, but usually the default was to leave the network unsecured to avoid having to bother with passwords. Prior to 2003, the available system was wired equivalent privacy (WEP), which was included in the original IEEE 802.11 standard and aimed at consumer markets (see Table 1).

Table 1: 802.11 Security Approaches
Time used:Protocol:
1999 to 2003WEP
2003 to 2006WPA with TKIP or AES
2006 to presentWPA2 with AES and CCMP

It was probably good enough to keep the neighbors out of home networks, but tools for breaking it quickly emerged. By 2003, Wi-Fi-protected access (WPA) emerged using temporal key integrity protocol (TKIP). It was much better and replacing TKIP with advanced encryption standard (AES) was yet another improvement. But before long those were broken as well.

In 2006, the problem was largely solved with the introduction of WPA2. It used AES and added counter cipher mode with block chaining message authentication code protocol (CCMP) as a replacement for TKIP. Even this proved possible to break though, although getting through it required a great deal of time and effort and simply wasn't practical for most hackers.

Sloppy security practices

So WPA2 solves the hacker problem, at least technically, but not always in practice. Most Wi-Fi routers have provision for backwards compatibility so a user can configure the security settings using one of the earlier techniques.

A high-quality industrially hardened router can operate for many years even in a tough plant environment, so it's common to find hardware installed in 2002 still working today. Unfortunately, a 12-year-old router only offers one security setting, WEP, because it was the only setting available when it was built. So, to make a new router work with the existing network, it must be set for WEP in spite of having more sophisticated security capabilities.

Many of the people installing this hardware in the plant are maintenance people, not the IT department. They install a new router and configure it for WEP to match the existing hardware, not realizing the differences in security capabilities. Security is security, right? The network shows up as secure on the available network list, so we're covered, right?

Some wireless connections aren't even installed by the company. Service people working in a plant might plug a wireless router into a programmable logic controller (PLC) or Ethernet process network to help solve a troubleshooting issue. Companies with a strong security culture prohibit this kind of thing, but in many firms it's a common occurrence.

A conscientious technician will make sure the device is removed when the work is done, but those devices are cheap. If one is left behind, few technicians will make any special effort to retrieve it. Long after the job is done it may remain, still connected and unsecured. If a hacker discovers this small and vulnerable network, a new means of entry has just been provided, potentially to the entire company IT infrastructure.

Learn more about why security is important as well some solutions and best practices to follow.


<< First < Previous Page 1 Page 2 Next > Last >>

Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
August 2018
Augmented reality and virtual reality education, autotuning PID control, cybersecurity advice, educating engineers
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
August 2018
Augmented reality and virtual reality education, autotuning PID control, cybersecurity advice, educating engineers
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
August 2018
Augmented reality and virtual reality education, autotuning PID control, cybersecurity advice, educating engineers
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me