security on the factory floor: why and how?why and...
TRANSCRIPT
Security on the factory floor:Why and How?Why and How?How is security handled by Automation EngineersHow is security handled by Automation Engineers in their in Industrial Wireless applications
Bruno ForgueProSoft Technology SAS - Marketing Manager EMEA
Why do they go wireless?Reducing engineering and installation time & costs
I i ti ti (hi h li bilit )
Reducing Environment Impact (less hardware, copper…)
Improvingmachine performances (speed)
Increasing operation times (higher reliability)
Network engineering simplifiedInstallation made easier
Reducing Environment Impact (less hardware, copper…)
♦ Less to buy, transport, handle, manipulate, install…Network Reliability!♦ Communication breaks liquidated
Maintenance reduced♦ Cables, contact-rails, slip-rings
Moving sub-architectures♦ Rotating, linear…
DistanceDistance♦ Last kilometer…
Flexibility…
2 ETSI 6th Security WorkshopA03E‐09 ‐ 2011‐01‐19&20
Why do they need security?Safety and security of persons♦ Example: NemaSystems (high speed cranes)
Competition – industrial espionage♦ Example: Procter & Gamble (high speed bottling)
Terrorism/vandalism♦ Example: Lyonnaise des Eaux (SUEZ Environnement)
3 ETSI 6th Security WorkshopA03E‐09 ‐ 2011‐01‐19&20
No collision riskThe challenge: Use new machines at full speed♦ Increase uploading and downloading operations♦ Transparent integration with existing control systems
The need: 2 automatic cranes♦ Both doing the same handling operations♦ Moving along 220 m at high speed♦ One above the other, with no load collision
The solution: Safe wireless network solution
220 m
network solution ♦ High and reliable traffic of control data
on both crane networks (cable not a good fit).g )The benefits:
♦ Lower hardware and installation costs♦ Productivity increased +5 to +10%y♦ Operation costs decreased Monthly
savings
4 Wireless Congress 2010, Systems & Applications | Munich | 10‐11 Nov.2010‐Q4
No sniffing risk (competition)Challenges:♦ Rotation causes constant and
t i ti f th Eth tsevere twisting of the Ethernet cables
– Results in fatigue and failure
♦ Significant downtime attributed to cable bl h i d i
Wiredtroubleshooting and repair
♦ Use of heavy duty cabling and creative cable securing did not alleviate problems
♦ High data traffic was considered as potential limitation 1 fixed PLC; 16 moving PLCs
80 EtherNet/IP messages per RPI; High Speed g pto Wireless before analysis and tests (500 pps: 2 ms per Ethernet packet).
Results:♦ No modification of PLC programming was required
80 EtherNet/IP messages per RPI; High Speed
♦ No modification of PLC programming was required♦ No more downtime associated with communication
errors (Improved Network Reliability)♦ Strong buy-in from plant technicians
Wireless
♦ Rolled out to all lines♦ Selected radios offering higher security (802.11i)
than imposed by P&G IT security specialists
5 Wireless Congress 2010, Systems & Applications | Munich | 10‐11 Nov.2010‐Q4
No intrusion riskFresh water pumpingT f d t b tTransfer data between remote pumping stations (water wells)(water wells)Prohibitive cost of the wired optionSecurity & Reliability No intrusion (anti terrorismSecurity & Reliability – No intrusion (anti-terrorism French Plan)Easy configuration and maintenance – Must for nonEasy configuration and maintenance Must for non RF-specialists24/24 & 7/7 & 365/36524/24 & 7/7 & 365/365Low paperwork, security
6 Wireless Congress 2010, Systems & Applications | Munich | 10‐11 Nov.2010‐Q4
Originally: What first strategies?Strategies that were first implemented:♦ Proprietary wireless protocols (FHSS) and encryption♦ Proprietary transported protocols with encryption
MAC ID hit li t♦ MAC-ID white lists♦ ARC4 / WEP
A03E‐09 ‐ 2011‐01‐19&207 ETSI 6th Security Workshop
What Standard?802.11i (2004)♦ WAP♦ WAP2 (FIPS 140-2 compliant AES)
RADIUS♦ RADIUS
A03E‐09 ‐ 2011‐01‐19&208 ETSI 6th Security Workshop
What are they still missing?Standard strategies for detecting and identifying♦ external RF sources ♦ rogue radios
A03E‐09 ‐ 2011‐01‐19&209 ETSI 6th Security Workshop