IIoT Wireless Cybersecurity

By Bob Karschnia, VP of Wireless, Emerson Automation Solutions

Most Industrial Internet of Things (IIoT) applications will utilize some type of wireless communication network for transmitting data collected by sensors to host systems. These host systems use the sensor data for control, monitoring and analysis—both at the operational technology (OT/IIoT) and the IT levels.

These industrial wireless networks are commonly connected to wired systems, introducing other possible points of vulnerability, but the entire network infrastructure can be effectively protected from cyber and other attacks.

Most users want their IIoT installation to connect to their IT systems because users outside of the OT arena want to have access to the collected data. But if an IIoT installation is not protected from intrusion, this can create an entry point for hackers into the larger company-wide IT systems. Not all wireless IIoT systems are created the same when it comes to cybersecurity, so users are advised to examine cybersecurity safeguards in detail.

As an example, this article will look at the cybersecurity safeguards built into WirelessHART®, an open standard often used in process plants and other industrial settings to transmit data from sensors to host systems. WirelessHART is administered by the FieldComm Group (https://fieldcommgroup.org/), an independent organization with hundreds of vendor and industrial end user members.

With WirelessHART, communications from the sensors to the host system are routed through one more gateways, and these components provide multiple cybersecurity measures and features.

Although many of the details below are specific to WirelessHART, the concepts discussed are applicable to many different types of industrial wireless networks, particularly with respect to attack vectors.

Possible Attack Vectors
A wireless defense-in-depth strategy is required to protect the network against unauthorized access, such as these attack vectors.

Rogue access points (APs)
Rogue APs may offer service to either sanctioned or unsanctioned clients. The rogue AP may be maliciously attached to the network, or a rogue AP may be attached by a legitimate employee, for example by adding an unauthorized router to improve wireless coverage around their cubicle.

Ad-hoc wireless bridges
Most wireless networks are attached to wired systems at some point. Components connected to the wired network may be configured to also participate in the wireless system via an ad-hoc connection. The link between the two networks could then be bridged, thereby allowing unsanctioned wireless network access from the wired network.

Man in the middle (Evil Twin, Honeypot AP, etc.) attacks
An intruder inserts a wireless node between a legitimate client and the resources that client is attempting to access. This can be done between the client and the legitimate infrastructure, or by getting the client to connect to a rogue AP imitating the legitimate network.

Denial of service (DoS) attacks
Fake failure messages or requests can cause the AP’s resources to be consumed by bad communications, leaving it with insufficient bandwidth to serve a legitimate client.

Interference (also considered DoS)
It is possible to cause radio interference on frequencies within the wireless spectrum by aiming a wireless transmitter at a particular area and disrupting communications.

Reconnaissance and cracking
Although few tools exist to allow WirelessHART communication to be intercepted, it could in theory be possible for an attacker to attempt to eavesdrop on the WirelessHART communication. If an attacker were able to capture WirelessHART communication data, he or she could try to crack the encryption using various tools in an attempt to decipher wireless traffic, either on-the-fly or offline, although this would be very difficult and time consuming.

The Table shows wireless defense in depth strategies to counter these attack vectors, and these strategies are explained below.

Control Access to the Network
Controlling access to the network requires every device to authenticate with a WirelessHART gateway. Emerson’s WirelessHART solution ensures that only authenticated devices have access to the network, so users can be assured that no unauthorized devices are allowed on the network. All wireless communications are encrypted utilizing AES 128-bit encryption to prevent unauthorized eavesdropping or data manipulation.

The system monitors and logs network activity (authorized or illegitimate), allowing administrators to follow up on any attempts to breach the network, or attempt to access resources without prior authorization.

Protect the Network
As mentioned above, all wireless communication is encrypted with AES-128 bit encryption with multiple keys. All devices on the network are authenticated to prevent unauthorized devices from accessing the network. Devices are added to the network using a secure provisioning process. All WirelessHART security features are enabled by default and can’t be disabled, either intentionally or inadvertently. All these features work together to ensure network security.

Interference
WirelessHART networks incorporate many technologies to ensure they are robust, even in very noisy environments. Direct Sequence Spread Spectrum is used to increase reliability, and Time Division Multiple Access is used for latency-controlled communication. The WirelessHART protocol also uses frequency hopping for increased reliability. To deal with interference, countermeasures exist to triangulate the source location of the noise. These technologies make WirelessHART very robust in noisy environments.

Ensure Client Integrity
Good security practices should be in force to protect passwords and encryption keys. Additionally, it is important to ensure all the latest security patches have been downloaded and installed. Emerson also strongly recommends that any device (wired or wireless) participating in an industrial solution should not have access to e-mail or the internet because those are sources of infection.

Conclusion
IIoT wireless cybersecurity must be addressed upfront, starting with selection of a network with the required security features. Once the proper network is selected, users must be vigilant to ensure ongoing cybersecurity. If these steps are taken, the network will be sufficiently secure for the most critical applications.

Figure, courtesy of Emerson Automation Solutions
Table, Plant Wireless Attacks versus Mitigating Defenses, from page 12 of the Emerson Wireless Security White Paper. This table lists possible attack vectors and corresponding defenses.

Cyber Security possible attack vectors and corresponding defenses.
Cyber Security – possible attack vectors and corresponding defenses.