White Paper: A Construction Kit for Secure Wireless Network Design

Tobias Heer
Head of Embedded Development – Functions Hirschmann Automation and Control GmbH

Bernhard Wiegel
Lead Engineer –  Wireless Hirschmann Automation and Control GmbH

Belden logo

While most wireless office networks can cope with short downtimes and disruptions, mission-critical machines cannot tolerate such problems without interrupting their operation, and ultimately impacting the bottom line.

Executive Summary

Security has always been an important consideration when applying wireless technology in industrial applications. Influenced by discussions in the IT world, the perceived threats often relate to a loss of confidential data or intrusion by an attacker. As a result, industrial control system (ICS) security discussions are often reduced to the need for encryption mechanisms.

Modern security procedures, however, offer much more than data encryption. Topics, such as central access control systems, intrusion detection, firewalling and the protection of management frames, are also important components of a comprehensive security concept.

Another critical aspect of ICS security is deploying multiple layers of protection to guard critical assets. Through an approach to security called Defense in Depth1, both overt and unintentional external and internal threats can be detected, isolated and controlled. While this white paper will describe several defense solutions, reliance on one solution can expose a system to a single point of failure. Defense in Depth is a far more effective strategy for reliable ICS security measures as it incorporates several complementary and overlapping technologies.

While evaluating security needs, it is often difficult to see the big picture in the maze of various technologies and strategies. This white paper classifies the different security mechanisms available for wireless network design and describes their effects and limitations using examples from a variety of industrial applications.

Contents

  • Executive Summary
  • Identifying the Security Needs of Industrial Wireless Networks
  • Assessing ICS Security  From the Outside In
  • Protecting the Edge of the  Wireless Network
  • Maintaining a Robust, Reliable Network
  • Detecting Attacks and Anomalies
  • Communicating Between WLAN Devices Via Ethernet
  • Protecting Network Boundaries with Firewalls and IDS
  • Available ICS Security Functions
  • Summary
  • References
White Paper: A Construction Kit for Secure Wireless Network Design image