Resilient Wireless Data Communication for Critical Infrastructure

March 12, 2012
NEW! Starting in 2012, the AW staff will provide abstracts of white papers, technical research or surveys in the automation space.

This 13-page white paper provides an introduction on wireless data communication systems, security issues and strategies to thwart breaches to devices and networks. The paper identifies security intrusions and denial of service as the main security challenge for all plant and factory environments. Baseline network and security strategies are explored in the research, along with information on a typical wireless network—Grant Gerke, Digital Managing Editor

A good network security strategy needs to address and implement policies that serve as safeguards, making it difficult to circumvent security measures and limit the potential impact of a security breach of the wireless network. Consider those added layers of security.

Limitation of Permitted Activities
One method to implement safeguarding is to limit permitted activities on the wireless network to only those absolutely required on the network. The basic idea is that if a wireless network were to be compromised, the impact would be limited. In other words, a wireless network primarily used for sensor data collection and remote control of devices should not allow a hacker that compromised the network to gain access to financial or other critical data.

Such a limitation of permitted activities can be achieved through the following:

1. Firewalls and packet filters: These essentially separate the limitation as needed on the wireless network from that available on the other parts of the network.

2. Virtual local area network (LAN): Separating the wireless network infrastructure and its management from the production network and devices of communication endpoints by using virtual LAN’s introduces another level of security, especially if combined with Quality of Service (QoS) mechanisms. Think of it as an emergency access to your wireless network infrastructure for remote management and control in case a Denial of Service (DoS) attack overwhelms the actual payload and production network.

3. User level access: By implementing user level access (password protected), you can provide access to your wireless infrastructure and devices to e.g. maintenance personnel, but limited to monitoring system health or performance without opening the system up to misuse or sabotage because configuration and other privileges are reserved for a different user level and password.

4. Access limitation of local ports: By controlling who is allowed access from local ports (e.g. through MAC address filtering) or even completely turning off local port access when it is not in use, you can essentially make it impossible (or at least very hard) for someone who gained physical access to your network infrastructure and devices to get connected and gain access to your network.

5/ Audit logs: Not really limiting permitted activities; activity logs do provide a trail of access and activities and can be a useful tool in auditing and tracing potential security breaches and issues.

This is by no means a complete list of options to secure a data communication network, although it does provide a good baseline. When considering wireless data communication devices and equipment for critical infrastructure applications, find out if they only provide basic connectivity, or if they support these advanced features and even Secure Shell (SSH) for their own configuration menus. 

Link to the full version of this white paper at bit.ly/awtech006

This white paper was written by Matthias H. van Doorna, FreeWave Technologies.
Publication Date: July 2010

Companies in this Article

Sponsored Recommendations

Crisis averted: How our AI-powered services helped prevent a factory fire

Discover how Schneider Electric's services helped a food and beverage manufacturer avoid a factory fire with AI-powered analytics.

How IT Can Support More Sustainable Manufacturing Operations

This eBook outlines how IT departments can contribute to amanufacturing organization’s sustainability goals and how Schneider Electric's products and...

Three ways generative AI is helping our services experts become superheroes

Discover how we are leveraging generative AI to empower service experts, meet electrification demands, and drive data-driven decision-making

How AI can support better health – for people and power systems

Discover how AI is revolutionizing healthcare and power system management. Learn how AI-driven analytics empower businesses to optimize electrical asset performance and how similar...