Wireless Communication Options: Part 5

Cybersecurity Features

It must be understood by those implementing a modern IP-based wireless system that it will be part of a network, and network security is of vital importance to end users. Before any system is purchased, the security requirements must be understood and included in the project. This is one reason that IT professionals are today more commonly involved in the design, installation and operation of any wireless system.

Cyber-crime is one of the fastest-growing and lucrative illegal activities. Both private individuals and foreign government agencies are involved in attacks. Many of the projects in which industrial wireless offers are incorporated include monitoring and control of critical infrastructure. It is vital that communication media employed on such projects provide a high degree of protection from cyber-attacks.

As the sophistication and frequency of attacks increase, so also must the investment in wireless cybersecurity tools. Some inherent security capability exists with wireless devices, as hackers may not initially know the operating frequency or configuration details. However, clever hackers may be able to use a spectrum analyzer to determine frequency, may steal a configured radio, or access a network drive containing the system configuration files.

The better data radios today include many features for cybersecurity purposes, including multi-user authentication and access logs, AES-GCM encryption, Radio Access Control, sophisticated filtering firewalls, the ability to disable unused ports, HTTP Secure access and more. The threat must however be monitored constantly, and new features added as necessary, to ensure each system remains well able to defend against attacks. Additional tools must be considered as the threat level increases. For example secure configuration files, firmware tamper protection, two-factor Radius Authentication and more.

Older wireless devices, whether new or already installed, may have fewer tools for cybersecurity - a single login password perhaps, AES128 or 256 encryption, not much more. It may be argued that frequency hopping is a security feature, but if a radio or its configuration file is acquired by a bad actor this is of no assistance. These older systems need to be evaluated for potential threat level, and to see if any interim mitigation strategies can be implemented to extend their lifespan.

When designing any project which includes IP-based connectivity, wireless or not, the other devices in the system must also include features to protect against cyber attacks. RTU's, PLC's and other field devices must be secured against intrusion and protected against exploits such as Denial of Service (DoS) attacks. Connected computers (e.g. SCADA Hosts) must be well protected with tools such as firewalls and anti-virus software, and must be isolated from the Internet. And perhaps most importantly, all staff must be well educated to understand the threat environment.

Value-Added Features

Industrial wireless vendors are increasingly offering optional capabilities. There is strong competition from devices such as cellular, satellite and high-data-rate solutions, which may be less expensive to purchase, or may offer higher data rates. It must be noted that the lower-frequency narrow-band licensed radios and license-free devices do provide some inherent benefits, such as better ability to handle complex terrain, but often this is not the deciding factor.

One feature being offered by some vendors is to include two or more different wireless modules within a single housing.  Modules offered might be VHF or UHF licensed, 900 MHz or 2.4 GHz license-free, industrial WiFi or cellular. This concept may assist in projects where installation space in equipment enclosures is very limited. However, it can be more difficult than with separate devices to change one to a different technology. Also, if one module fails the entire unit may need to be replaced.

Several manufacturers are now offering radios with a small amount of on-board I/O for monitoring or control. There may just be a couple of digital I/O points, or there may be a larger mix of digital and analog points. Certain manufacturers include expansion I/O modules which can be easily attached to the radio, to grow the I/O as system requirements change at different sites or over time. Depending on the vendor, the I/O may be accessed through a standard protocol such as Modbus, or it may require a proprietary interface.

And in a related development, some models may be purchased with an operating system (separate from the radio's functionality) which allows for 3^rd party Linux-based applications to be run. It seems clear that there is a trend towards merging the capabilities of the RTU and radio. An offsetting factor, however, is that many customer applications demand low power consumption. Processors must be powerful and yet operate on a tiny power budget.

Manufacturers are moving to highly flexible hardware and device operating systems, capable of a very wide range of data rate depending on link demands and challenges. (e.g. 56 kbps to 4 Mbps in a single model) Also some include the capability to switch between license-free and licensed within a single module, though using only one at a time. This can be done more easily with new models due to the increasing use of SDR (software-defined radio) technology.

Earlier wireless systems were designed, installed and maintained by highly skilled and experienced experts. As those workers retire, however, there is a growing gap in the workforce’s ability to specify, design, install and maintain complex wireless systems. Younger workers interested in high-tech are tending to choose careers in other fields. As a result, there is a strong push towards new devices which are simple to configure, and easy to maintain. Some vendors offer configuration "Wizard" modes which anticipate typical configuration scenarios, and Youtube videos have become quite popular for basic instruction. 

Summary

With the increasing complexity of wireless devices, combined with the demand to reduce cost, some manufacturers have left the remote SCADA and Telemetry market as they are not able to compete. Despite this, others are rising to fill the gap, often offering products with “outside the box” thinking, as discussed above. And multiple new LEO satellite providers have appeared within just a few years. Clearly there is still room for growth.

The wireless industry is in flux due to rapidly increasing demands, as well as dramatic changes in available technologies. While the wireless “world of tomorrow” will retain many of the aspects we understand today, there will be new requirements and more tools to meet those requirements. It is vital to begin to at least consider these demands now, to avoid being overwhelmed by the complex array of options.

One thing is clear – wireless is not going away. In fact the industry is growing. The landscape is changing, faster than ever, but there are many areas for improvement in reliability, data rates, cybersecurity and innovative features to help wireless system operators.