Wireless networks can save money and speed turnarounds


Wireless plant networks

WPNs are often implemented using Wi-Fi (IEEE 802.11-2007) and are used for applications like video, mobile worker, location tracking, video over wireless, field data backhaul, and control network bridging, each with its own characteristics and requirements. Messages can be much longer than those of a wireless field network, and may include such traffic as streaming video.

It’s important to note that WPNs use a set of protocols that were developed by the IT community, not industrial networking designers with knowledge of process plant operations.

A professional site assessment is critical to the successful implementation of a WPN. This generally requires engineers to visit the plant to conduct an RF FEED (radio frequency front-end engineering design), determine access point locations, and collect other on-site information. This is followed by system architecture design; based on the site survey result and the plant’s requirements, engineers design the overall system architecture, including the network infrastructure and the appropriate applications. This is followed by the network design and planning process, which creates a detailed network infrastructure. The last step is physical network installation management and system commissioning.

Keeping wireless systems secure

A frequent question raised when wireless networks are discussed is, what about security? Can’t someone outside the plant monitor the signals and gather intelligence on plant activities, production rates, and so on? And what about hacking? If an intruder can get into the system to monitor it, can’t he also make changes? What if someone changes setpoints to cause a shutdown or even a catastrophe?

That’s where modern security comes in. Wireless field networks and WPNs are different: field networks use mesh architecture that is generally considered secure thanks to a series of critical features:

  • Channel hopping on top of the standard direct-sequence spread spectrum. This makes the system inherently resistant to jamming attacks.
  • AES-128 encryption (NIST/IEEE compliant) for all communications within the device mesh network and the gateway. At this point AES-128 can be considered secure against all expected attacks.
  • Individual device session keys to ensure end-to-end message authenticity, data integrity, receipt validation, and secrecy through data encryption. This makes eavesdropping almost impossible.
  • Hop-by-hop CRC (cyclical redundancy check) and MIC (message integrity code) calculations to ensure message authentication and verification as to source and receiver of communications. This blocks man-in-the-middle (backdoor) attacks.
  • Devices must have a join key pre-configured on the device. This can be either a common join key per WFN, or optionally an individual join key per device. This prevents replay (or delay) attacks.
  • White listing with individual join keys gives devices explicit permission to join the network via the gateway/network manager via an ACL entry, which also includes their globally unique HART address.

In general, although an unauthorized person might be able to detect that wireless communication exists on a wireless field network, he would be unable to gain access, eavesdrop, or otherwise disrupt the device-level network.

While the WirelessHART field network is itself secure, the host gateway by which it connects to the host may use a wired connection or a WPN. For a gateway connected to the host via Ethernet (particularly if the gateway is in an unsecured location), the best choice is to install a firewall in a secure location on the plant side of the wire. For a gateway connected via a WPN, there are additional considerations.

Security for WPNs

Fig. 4: Technical measures to protect a WPN include a wireless intrusion prevention system (wIPS), a wireless control system (WCS), and a firewall. Courtesy: Emerson Process ManagementWPNs generally use Wi-Fi (IEEE 802.11-2007) and are more vulnerable to attack than are wireless field networks. There are plenty of warnings and horror stories about Wi-Fi networks being hacked, and in fact it wasn’t long after Wi-Fi first appeared that wardriving—traveling about with a laptop, PDA, or smartphone, often connected to a homemade high gain antenna, in an effort to find unsecured Wi-Fi networks—became popular. There are multiple types of threat vectors by which the ill-intentioned can attack a WPN, including rogue access points, ad-hoc wireless bridges, man-in-the-middle (e.g., evil twin, honey pot app, MAC spoofing, etc.) attacks, denial of service (DoS) attacks, jamming (also considered DoS), reconnaissance, and cracking.

Securing against these threats requires both administrative and technical measures. Administrative measures include managing identities such as assigning and terminating privileges as each employee’s situation changes, authentication, authorization, and accounting. Authentication ensures that a person is who he or she claims to be. It can be done using a shared secret arrangement or the IEEE 802.1x extensible authentication protocol (EAP). Authorization determines what a person is allowed to do, while accounting monitors what each person does and when, while monitoring attempts to perform unauthorized actions.

Technical measures include a wireless intrusion prevention system (wIPS), a wireless control system (WCS), and a firewall (Fig. 4). A wIPS is a system to monitor the wireless network and the RF signals in the open air. Its purpose is to detect suspicious clients or access points.

The WCS is the graphical tool that allows the administrator to configure and manage the entire wireless network easily by allowing network managers to design, control, and monitor enterprise wireless networks from a single location, simplifying operations. It oversees a series of WLAN controllers. This software provides network management including diagnostics and troubleshooting tools to keep the network running smoothly.

A firewall should be installed at each network level to serve as a belt-and-suspenders measure to ensure only traffic meant for each network level is routed through. The table summarizes common plant network threats and strategies to mitigate them.

Table 1: Threats and mitigations

It is not difficult to secure a WPN, yet unsecured installations certainly exist. In a presentation at Emerson’s 2012 Global Users Exchange, Neil Peterson, Emerson’s wireless plant solution marketing manager, suggested the main reasons for unsecured networks are human factors, poorly formulated policy (or none at all), poor configuration, bad assumptions, lack of understanding of the problem, and failure to stay up-to-date. “The latest encryption algorithm,” Peterson points out, “cannot make up for poor business processes.”

Wireless networks, at both field level and plant level, can have multiple benefits. Wireless field networks allow field devices to be installed in places where wired devices could not be economically justified, or in some cases installed at all. Wireless plant networks make it possible to speed up plant restarts, and give field operators the ability to perform actions that previously could be done only in the control room. They also allow for personnel tracking and much more. But to make such a network worthwhile it must be installed with care, and with close attention to security.

Steve Elwart, PE, PhD, is director of systems engineering, Ergon Refining, Inc., and he thanks Neil Peterson for contributions to this article.




Read more about worker mobility below.

For more on wireless security, see “Emerson Wireless Security: WirelessHART and Wi-Fi Security” 

Key concepts:

  • Wireless networks can allow operators to perform control-room functions anywhere in the plant
  • In a plant context, there is usually more than one kind of wireless network to cover all needed functionalities
  • Wireless networks can provide a major cyber attack surface if not deployed with sufficient thought to security

<< First < Previous Page 1 Page 2 Next > Last >>

The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
Doubling down on digital manufacturing; Data driving predictive maintenance; Electric motors and generators; Rewarding operational improvement
2017 Lubrication Guide; Software tools; Microgrids and energy strategies; Use robots effectively
Prescriptive maintenance; Hannover Messe 2017 recap; Reduce welding errors
The cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Research team developing Tesla coil designs; Implementing wireless process sensing
Commissioning electrical systems; Designing emergency and standby generator systems; Paralleling switchgear generator systems
Natural gas engines; New applications for fuel cells; Large engines become more efficient; Extending boiler life

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
The maintenance journey has been a long, slow trek for most manufacturers and has gone from preventive maintenance to predictive maintenance.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Maintenance Manager; California Oils Corp.
Associate, Electrical Engineering; Wood Harbinger
Control Systems Engineer; Robert Bosch Corp.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me