Understanding Benefits and Security Implications of Using Wireless for Safety
A look at the multiple benefits of using wireless for industrial safety applications, along with a detailed discussion of implications and pitfalls to avoid when implementing the latest wireless security measures.
In recent years, wireless communication systems have become ubiquitous. A standard feature in your local coffee shop, wireless networks have also been increasing in industrial and manufacturing settings, delivering value and reliability even in the harshest environments. As such, their growth continues strong in this sector, particularly for safety applications.
“Historically, industrial safety involves three scenarios: when something is moving on its own, when something is moving on a piece of equipment, and when an individual is moving within an environment,” says Tom Elswick, principal systems engineer, Factory Automation Safety, Siemens Industrial. “These applications were handled a certain way ten or 15 years ago; but, with the prevalence of wireless networks in the industrial setting, wireless technology has become a means to solve safety problems more effectively or to add additional safety into the production process.”
According to Elswick, there are multiple benefits for taking a wireless approach to machine and industrial safety:
- Wireless fits seamlessly into a totally integrated automation approach. Using wireless does not preclude wired from being used in the same application; whether you locate your safety drives, starters, I/O, or other safety CPUs beyond a wireless link or on the wired system, it does not impact anything other than response time.
- Commissioning is faster, easier, and less expensive. There is less wiring to install and check when compared to running all individual wires back to a central station. Before the use of wireless, slip rings, brushes, and so on may have been required.
- Productivity gains can be expected due to better decision-making because of more granular information. Because of limitations with earlier safety approaches, the number of signals crossing a moving interface was likely to be limited. It might have been more appropriate to have different sensors provide special or even localized shutdowns to meet safety requirements. With a wireless approach, applications can be easily deployed to more closely match the ideal shutdown requirements.
- Flexibility is improved. “Siemens offers a full family of safety CPUs for factory automation,” says Elswick. “All of them can utilize I/O, drives, and so forth on wireless networks. So if you need a large system, then use one of the larger CPUs; but, if you just need a small, fast solution with a smaller system architecture, use a smaller CPU to drive down cost.”
- Wireless can easily leverage PROFIsafe to meet standards requirements. In the past, safety automation had to be “hard-wired” and based on relay technology because of existing international standards. This situation changed with the advent of IEC 61508, which specifies how controllers and software can be used in safety automation. This change triggered the development of PROFIsafe, which integrated safety into the existing standard PROFIBUS/PROFINET fieldbus technologies. Running PROFIsafe and PROFINET/PROFIBUS together provides a commonality of approach for safety implementations.
- PROFIsafe is the first open functional safety communication technology for distributed automation systems worldwide. PROFIsafe is the same whether used over wireless or not. From a pure communications standpoint, there is no difference, except that response times are typically slower over wireless. If a network is capable of doing PROFINET/PROFIBUS, then it is capable of doing PROFIsafe; PROFIsafe is transparent to the user.“Those using PROFIsafe over wireless can use Siemens’ wide range of I/O families, including, of course, safety I/Os,” says Elswick. This would include ET 200pro for outside cabinets, ET 200M for higher density inside cabinets, and ET 200S for lower density inside cabinets.
- High safety levels are attainable. Category 4/SIL 3/Performance Level e can be accomplished regardless of whether or not the network includes wireless. “You can do safety I/O in the same rack with the CPU—at Category 4, SIL3, or PL e—in S7-300 and ET 200s F-CPU approaches, with additional I/O located over both wired and/or wireless networks,” adds Elswick.
- To ensure uptime and faster commissioning, high levels of diagnostics are available across wireless networks, just as in wired.
When companies use wireless networks, they need to take a fresh look at security issues. While using wireless standards entails a few more security concerns, many of the steps taken to safeguard the technology are similar to those used for wired networking schemes. “”Every network needs to be professionally planned to be secure, it doesn’t matter whether wired or wireless., so with the standards, which are available today, a wireless network can reach the same security level as a wired network ” says Tim Pitterling, networking manager for Siemens Industry.
Companies can also easily segment wireless networks. Segmenting the network into zones or cells provides the ability to quarantine should unauthorized access or a virus affect a targeted system.
Take the Proper Steps
One of the first security steps to be taken is a comprehensive site survey to determine what wireless networks are already in place. Wireless networks in the company’s business offices should be examined to ensure that there aren’t any potential conflicts or unwanted openings. This survey will also detect any neighboring networks that could impact either performance or security. Potential signal dropouts and other communication problems are often detected in these site surveys.
Even when popular standards such as Wi-Fi are used, facility managers can still isolate their networks by using ruggedized hardware that’s not compatible with mainstream consumer equipment. Many industrial networks use versions of Wi-Fi that aren’t the same as those used in home and office environments. Their industrial nodes transmit on different frequencies to provide security, blocking intruders who have conventional notebooks.
“Most notebooks use 802.11g, which broadcasts over a 2.4 GHz frequency. IEEE 802.11a is used a lot in plants. It can run at 54 Mbps on a 5 GHz frequency,” says Pitterling.
While this “functional incompatibility” brings a certain amount of protection, it is not an indicator of any shift away from the trend to compatible standards. “Everyone wants to use IEEE standards,” says Pitterling. “Not many customers want to get locked into a proprietary wireless network.”
Though this frequency can prevent outsiders from gaining access, plant managers can communicate with both 2.4 and 5 GHz devices. Modern equipment can handle either multiple or single frequencies. Siemens has antennas that support all the current 802.11 standards, as well as ones that communicate only on a single channel.
Most companies will want to at least encrypt their most critical data. Many are encrypting all communications, making it difficult for unauthorized parties to monitor or pirate information from the network. From the many viable encryption techniques available, some of the most common use the Advanced Encryption Standard (AES), a specification for the encryption of electronic data. AES has been adopted by the United States government and is now used commonly worldwide. The specification uses a symmetric key scheme with various key sizes. Users must pick one protection level from the three current offerings, which use key sizes of 128, 192, and 256 bits. Larger key sizes provide more protection, but they take more computing power to run.
One of the major alternatives to AES is the Temporal Key Integrity Protocol (TKIP). TKIP was developed specifically for use with Wi-Fi. As an upgrade over Wired Equivalent Privacy (WEP), a weaker security algorithm introduced as part of the original 802.11 standard, it provides more security.
Users can further deter intruders by changing their encryption keys frequently and regularly. This is another basic decision largely determined by the potential for problems. Some companies change encryption keys daily, while others alter them every week. Still others make changes only when key personnel leave the company.
Many of the processes in wireless security are similar to those used in wired networks. Passwords are an important tool. Only certain IP addresses can be open to access; all others are blocked.
Limiting wireless access to certain IP and MAC addresses will block authorized personnel when they’re not logging in from remote sites (e.g., trade show hotels). But there is a secure way for them to gain remote access: virtual private networks can provide secure access so maintenance personnel can log in remotely without compromising security.
While many technical aspects will help provide layers of protection for wireless networks, experts worldwide note that the people side can be just as important. This human element is pervasive; according to industry analyst Forrester Research, insiders are as insidious a threat as outsiders to security. Without fail, employees need to go through training so they clearly understand the need for vigilance and know what steps they’re expected to take.
Personnel procedures range from basics such as not pasting passwords on monitors to not plugging in USB memory sticks found in the work environment. With wireless communications, there is more of a need to ensure that any computer connected to the network is uninfected, showing no signs of malware or viruses.
Addressing both human and technical aspects are necessary steps towards securing any type of network. A few extra procedures are needed for wireless, but they are well worth the benefits gained—not the least of which is the capability of implementing better applications for machine and industrial safety.
To view a short YouTube video on this topic that was created in conjunction with Camotion, please click here.Have an Inquiry for Siemens about this article? Click Here >>