INDUSTRIAL WIRELESS CHALLENGES OVERSTATED Simon Lillie, Product Specialist, Field Instruments, Yokogawa Australia
There have been many concerns expressed over the security and reliability of industrial wireless technologies since their inception, but these concerns have been overplayed.
W
ireless is a hot topic and is being discussed in forums, print and day-to-day conversations around the globe. In each of these discussions the security of a wireless network is the main topic of concern. This is unfortunate and almost completely unfounded, as the correct wireless system is ideally suited to many industrial situations, especially in areas where hardwired connections are expensive or impractical due to distance, access or physical hazards. Most of us have come into contact with industrial wireless via our use of wireless networks for home and office applications. We have seen that security on these types of networks was initially poor or lacking. Due to these past experiences, everyone is now wary of wireless communications, especially when we start looking at employing it in industrial process and production plants. In reality, industrial wireless systems are purpose-built to address these security issues in the same way internet banking has been securely deployed around the world. However, of the two common standards, ISA100.11a and WirelessHART, one is clearly easier to secure than the other, due to its additional in-built safety protocols (more below). Robust security features are built into the standards and the devices in each of the systems and these cannot be disabled. The two standards have been designed to ensure data and system integrity as well as ensuring they still remain easy to use and employ.
20 WHAT'S NEW IN PROCESS TECHNOLOGY - APRIL 2016
Encryption The protection of data is one of the main features of the industrial wireless standards. Data security is implemented from the device to gateway utilising Advanced Encryption Standard (AES) 128-bit encryption. Wireless messages are enciphered such that only the final destination can decipher and utilise the data. AES is based on a design principle known as a substitution-permutation network, and is extremely secure. All known attacks on AES are computationally infeasible, which is why it is used in applications such as internet banking. This is further demonstrated by the fact that the US government previously announced that the design and strength of all key lengths of the AES algorithm are sufficient to protect classified information up to the ‘secret’ level. For AES 128-bit, the key can be recovered with a computational complexity of 2126.1. To further ensure security on an industrial wireless network, a security join key is also employed. The join key serves as authentication to the network security manager for the device to be allowed onto the network. If a device does not broadcast the correct join key it is not permitted to enter the wireless network or to send any data on it, effectively preventing rogue devices from compromising the network.
Potential security risk For a WirelessHART network, a HART communicator is employed to manually enter the join key into each field device. A common
www.ProcessOnline.com.au