Most Industrial Internet of Things (IIoT) applications will use some type of wireless communication network for transmitting data collected by sensors to host systems. If an IIoT installation is not protected from intrusion, this can create an entry point for hackers into the larger company-wide IT systems.
Using WirelessHART as an example of a secure wireless system, Bob Karschnia, VP of Wireless at Emerson Automation Solutions, explains cybersecurity issues in his article, IIoT Wireless Cybersecurity, in the July issue of CiO Story. First, he describes the “attack vectors” that give hackers unauthorized access:
“Rogue access points (APs) may offer service to either sanctioned or unsanctioned clients. The rogue AP may be maliciously attached to the network, or a rogue AP may be attached by a legitimate employee. Fake failure messages or requests can cause the AP’s resources to be consumed by bad communications, leaving it with insufficient bandwidth to serve a legitimate client.”
Bob continues with descriptions of “Man in the middle,” ad-hoc wireless bridges, denial of service, interference, and reconnaissance and cracking attacks—and then shows how WirelessHART defends against cyberattacks:
“Controlling access to the network requires every device to authenticate with a WirelessHART gateway. Emerson’s WirelessHART solution ensures that only authenticated devices have access to the network, so users can be assured that no unauthorized devices are allowed on the network. All wireless communications are encrypted utilizing AES 128-bit encryption to prevent unauthorized eavesdropping or data manipulation.”
All devices on the network are authenticated to prevent unauthorized devices from accessing the network. Devices are added to the network using a secure provisioning process. The system monitors and logs network activity (authorized or illegitimate), allowing administrators to follow up on any attempts to breach the network, or attempt to access resources without prior authorization.
Finally, Bob advises users to examine cybersecurity safeguards in detail: “Good security practices should be in force to protect passwords and encryption keys. Ensure all the latest security patches have been downloaded and installed. Emerson also strongly recommends that any device (wired or wireless) participating in an industrial solution should not have access to e-mail or the internet because those are sources of infection.”