|A water authority in Pennsylvania is using the controller on the right as a communication gateway to the system’s legacy PLCs, communicating via EtherNet/IP to Modbus TCP, then to a Modbus RTU via a com server. The wireless Ethernet radio on the left transmits this data back to the water authority’s headquarters. The radio has 128-, 192- and 256-bit encryption. (Photo courtesy of Phoenix Contact)|
As wireless networks have become more prominent and widespread in industrial environments, much has been made about security. Concerns about cybersecurity, stoked by several highly publicized recent attacks, such as Stuxnet, have industrial users wondering just how safe their networks are. The good news is that when it comes to security, the suppliers of industrial wireless solutions are just as concerned as users, if not moreso. And, as such, they are going to great lengths not only to ensure the security of industrial wireless solutions, but also to communicate best practices and make end-users aware of all of the security features built into current-generation industrial wireless technologies.
Is Wireless More Secure Than Wired?
One of the common misconceptions among end-users is that data transmitted wirelessly is less secure than data transmitted via a wire. In most cases, this could not be further from the truth, as data on a wire is typically not encrypted, while wireless data, in most industrial settings, is encrypted. That said, in order to tap into data on a wire, one must have physical access to said wire, while wireless communications could, in theory, be intercepted without actually having physical access to the system. However, this is counterbalanced by the fact that most industrial wireless sensor networks are designed to transmit data only a short distance and would require somebody to be in relatively close proximity to tamper with the network.
“We take security very seriously,” says Wally Pratt, chief engineer of the HART Communications Foundation, developer of WirelessHART, a leading protocol for industrial wireless communication. “If you look at WirelessHART, it’s pretty unique because we built security into it, and you can’t turn it off. You can dumb it down, but you can’t turn it off.” Security for a wired system varies depending on the medium. For example, a typical Ethernet system would have a firewall that is used to encrypt and protect data being transmitted. Meanwhile, functions like MAC (medium access control) and IP filtering switches would prevent unwanted access. In a wireless scenario, a lot of these functions are built in.
“When you’re looking at standard I/O or serial communication, there was not much in the way of security for those because for one, there was typically no threat at the time, and two, there weren’t people out there who knew what they were looking for, or at, to want to access that type of information,” says Justin Shade, product marketing specialist for Wireless at Phoenix Contact, a provider of wireless solutions for industry. “Since technology has evolved, there are now ways to see, access and interpret that serial and I/O data, making those existing wired installations vulnerable. From a wireless perspective, transmitting I/O, serial, or Ethernet data can be sent reliably and encrypted over the air without the worry of intrusion.”
A Layered Approach
|Schematic of mesh-based WirelessHART network. (Image courtesy of HART Communications Foundation)|
To ensure the security of industrial wireless communications, a layered (or tiered) approach is often employed. For example, Shade says users will commonly install a security appliance, such as a firewall, behind the wireless access point, in addition to the security functions inherent within the device (security, encryption, MAC/IP filters), to add another layer of security to their systems.
According to Pratt, WirelessHART was designed from the ground up to provide multiple layers of security. This layered approach focuses on determining if a device joining the WirelessHART network can be trusted; ensuring the packets of data transmitted are trusted from start to finish; and protecting the confidentiality of the communication at all points along the path to its final destination. WirelessHART is based on a mesh networking principle, which means the data packets it transmits can utilize a range of relay points to find the most energy- and time-efficient route to an intended endpoint. When data is transmitted from point-topoint along the mesh network, it maintains its encryption so as not to compromise the information. “It’s as if the message were put in an envelope that can only be opened by the recipient at its final endpoint,” says Chuck Micallef, marketing manager for the HART Communication Foundation.
It’s As Secure As You Want to Make It
Ultimately, industrial wireless communications can be as secure as the user wants to make them. WirelessHART, for example, requires keys to authenticate devices attempting to join the network. Since a human enters this key, Pratt says it is a recommended best practice to change the join key once the field device is accepted to the network. This is not a requirement, but if the user establishes this as part of their operating protocol for the wireless network, Pratt says they will go a long way toward eliminating what he believes is the biggest security threat facing organizations today—i.e., the human threat.
Shade recommends users take extra care in creating strong passwords and establish a policy for rotating them on a constant interval. He says this will eliminate the threat of former or disgruntled employees from accessing the wireless network.
Shade says it is important to make sure the encryption features of wireless systems are always on and to choose the most robust security options available on wireless devices. “In many devices, there are three options for security—WEP, WPA and WPA2,” says Shade. “Both WEP and WPA are known to be ‘hackable.’ As of today, WPA2 is known as the ‘unhackable’ security standard.”
Finally, he says users should only provide access to the wireless network to those who truly need it. Security is in most cases a people problem, not a technology problem, so Shade says limiting access helps minimize the human threat.
Pratt advises WirelessHART users to use a different key for every device on the network and change the join key as soon as a device is accepted to the network so no human has access to a join key. He says it is recommended best practice to regularly roll over all keys (join, network, and session) for all devices on the network. Finally, he says users should maintain current ACLs (access control lists) to establish and monitor which devices belong on the network. While Pratt is reluctant to call any system uncrackable, he says employing these strategies will further increase the security of a WirelessHART network to a level that it will be virtually impossible to penetrate with current computing technology.
“One of the things we want to accomplish with WirelessHART is we want people to trust it as much as they trust wired HART,” says Pratt. “And we’re in the process of earning that trust.”
Matt Migliore is the director of content for Flow Control magazine and FlowControlNetwork.com. He can be reached at Matt@GrandViewMedia.com.