Secure Management of Wireless Systems

May 18, 2006

Hesh Kagan Supplementing manufacturing processes with low-cost, radio-enabled sensors could increase the number of measurable process points, improving process control and tracking, while eliminating wiring costs. But unlike wired

Hesh Kagan

Supplementing manufacturing processes with low-cost, radio-enabled sensors could increase the number of measurable process points, improving process control and tracking, while eliminating wiring costs. But unlike wired networks, which are virtually as expandable as the budget permits, each enterprise is endowed with only a finite amount of radio bandwidth, and this must be shared across multiple departments — departments that may have had little need to coordinate activity in the past. Further complicating the implementation of wireless networks, wireless frequencies can be accessed with even the most rudimentary wireless communications devices, thus giving rise to security concerns.

The greatest threats to wireless security are not as much from malicious interference as from otherwise well-intentioned people engaged in sloppy networking practices, such as not changing passwords according to policy, using obvious passwords like initials, adding or deleting devices improperly, and/or any number of other lapses. Wireless networks are also subject to interference from other nonmalicious factors, environmental or accidental radio frequency (RF) noise, broken RF equipment, dynamic changes in the characterization of the RF site, and noncompatible RF devices. To prevent such problems from occurring, industrial wireless users must engineer security and reliability into their wireless network from its inception by employing an enterprise-aware security and management model.

For example, while one network user might be taking wireless process measurements from a temperature transmitter, another person in the same plant might be running a wireless video camera for perimeter security. A third might be running an RFID (radio frequency identification) inventory tracking application. Because these folks are in different departments and locations and doing different things on different protocols, they might think they are isolated. But in reality, the radio waves that these disparate applications rely on are co-mingling, creating tremendous potential for performance problems and mismanagement.

In such an environment, these applications must be coordinated to ensure performance and security. Coordination, however, can be a cumbersome process. If each department that wants to deploy a wireless solution had to check with every other department to see how their wireless activity would impact others, there would be gridlock. As such, there must be a higher level framework that respects what people need to do to perform their jobs in the context of the business strategy and related job responsibilities. At the same time, customers must be assured that if they do select technologies and practices that conform to company policy, they will enjoy reliable, secure network operation.

Unlike wired networks, which can be fairly well isolated, closed by function or protocol, and kept independent of other networks, wireless signals cannot be managed physically. Wireless traffic is controlled by agreements and rules, which require buy-in from everyone who has access to the bandwidth spectrum.

The data may travel down the same virtual wire or air link, but would not necessarily have to be interspersed with like data. A process packet and an IP packet would not necessarily have to be on the same link. Instead, rules could limit access to process data to users on the process side of the house; or transmit data on to receivers on that side. You have the power to dictate what goes where and to configure the rules in any shade of gray.

One key to flexible, secure operation is the ability to validate any packet of information moving across the network with a recognized and authorized sender or receiver. This type of identity management can be done in a number of ways, including certificates and tokens. Both can authenticate devices with a unique identifier. Management must determine how those certificates are assigned, distributed, evaluated, and what privileges that ID would have as it moves through the system. They must define exactly how to treat an entity as an object with its own unique properties or attributes. It is a better way of assigning an ID than an IP address or a MAP address. It is the token, the unique identifier, which then allows you to assign attributes to that object. This is a well-understood technology, but its effectiveness decreases significantly without enterprise-wide coordination of wireless applications.

With every wireless device comes a package of setup and configuration software, which more often than not will get a system working acceptably, but does little good if a traffic-related problem emerges after implementation. Although each may include a troubleshooting guide, many troubleshooting paths likely point to some unknown device on the network, each of which is likely to point to another unknown device. From a technical and practicable standpoint, users need a single point of access to the whole network of networks, using a common network and a common lexicon.

At some point in the future, from a network management perspective, no one would care if the network is wired or wireless — your network management center would just treat it as another network, and the focus would be on managing communications, not technology. But we are far from that point today. In any company, for example, you might find the IT organization managing both the IT network and the telephone, but they are managed as completely different systems. Only recently have we begun to see the technology blending in voice-over IP systems, raising the need for integrated management of these technologies. But this has been years in the making and has many growth years yet to come.

Wireless technology is clearly in a transitional phase, but it’s pretty obvious at this point there will never be a single wireless protocol and exclusive frequency. Protocols and frequencies will be optimized based on applications. The requirements for power management, distance, site characteristics, bandwidth, cost, and security will always result in the need for a wide range of technologies.

What is needed is an integrated, yet flexible, management strategy that can deliver benefits today, but can be adapted to support business and technology changes going forward. Following is a checklist of best practices process manufacturers can use to take full advantage of wireless technology today and tomorrow:
• Survey your entire company to determine where wireless technologies can best support your business strategy.
• Design architecture that will achieve these goals most effectively and create a policy manual governing its use.
• Select and purchase hardware and software that is most cost-effective, proven, and scalable.
• Implement the solution seamlessly.
• Conduct ongoing maintenance, support, and optimization services

Few companies have the resources to maintain staff necessary for all of these steps, especially because demand for specialists with relevant skills is very high. As such, outsourcing to one of the emerging specialist firms is currently the most cost effective strategy for companies that want to immediately enjoy the benefits of wireless networking.

Harris (Hesh) Kagan is technology director, new ventures, for Invensys
Process Systems and president of the Wireless Industrial Network
Association (WINA). He leads the Invensys wireless technologies program, which assists companies in integrating wireless networks for enterprise
asset performance management, and for the last 15 years Mr. Kagan has been leading the effort to coordinate development and technology across
Invensys. He has worked in the automation and controls industry for
more than 25 years. Mr. Kagan can be reached at [email protected] or 508 549-2782.

www.invensys.com
www.wina.org

Sponsored Recommendations

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Micro Motion™ G-Series Compact, Drainable Coriolis Flow and Density Meters

Micro Motion G-Series Coriolis flow and density meters are ideally suited for Process Monitoring and Optimization applications, offering easy selection with pre-selected models...

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.

Micro Motion 4700 Coriolis Configurable Inputs and Outputs Transmitter

The Micro Motion 4700 Coriolis Transmitter offers a compact C1D1 (Zone 1) housing. Bluetooth and Smart Meter Verification are available.