7 Questions for Industrial Wireless Security

Thursday, November 6, 2014 @ 04:11 PM gHale

Editor’s Note: Julia Santogatta, Belden’s director responsible for the wireless initiatives, with expertise from Daniel Wade, chief architect-wireless products and Jeffrey Caldwell, chief architect-security contributed to part 1 of this two-part report.
By Heather MacKenzie
What is the No. 1 concern when it comes to wireless solutions in the industrial world? While the answer might be debatable, but it seems it always comes down to one of two things – is it reliable enough and can I secure it?

At the Belden Industrial Ethernet Infrastructure Design Seminar, Jeff Caldwell, chief architect for security at Belden, posed this question to the audience – is wireless more secure or less secure than a wired network?

Dragonfly: Offense in Depth
Dragonfly: Pharma Industry Targeted
Mitigating Havex, an ICS Threat
Havex an ICS Game Changing Threat

But when you start thinking about it and boiling it down to the basics, maybe he has something here. Consider this:
• Passwords generally aren’t needed to plug a wired PC into a router and access a network, but they are required to connect to a wireless network. You can lay down a hub, use Wireshark or the like and see all of your data streams.
• Not the case with wireless, even if you’ve only set up the most basic and common place security, which 95 percent of the population does.

While saying wireless is more secure than wired networking may be hard to grasp, comparing the reality of the two options can be helpful.

You’re probably thinking, “I still worry. I hear about so many attacks these days.”

Well, today I’d like to introduce you to the 7 key questions to ask yourself when planning your WLAN. Shared medium or not, wireless can be secure. So let’s combine these questions with the “Golden Rule of Industrial Wireless Security” and calm your fears a bit.

How do you deploy securely? We’ll get into that in a second, but let’s briefly talk about the importance of monitoring regularly.

You can have the best security strategy in the world – wired or wireless – but things change. Researchers continually identify new threats, automation equipment vulnerabilities are frequently revealed and unintential cyber security incidents happen regularly.

Therefore, an important part of your security strategy must be setting up systems to monitor your network, automatically alerting for unusual activity. In addition, establishing a process for regularly updating the system, software and plan is critical.

Secure Way to Deploy Wireless
How is it possible to deploy wireless securely?

While you need to consider several different aspects, it doesn’t have to be overwhelming. If you want to ensure you’ve covered all of your bases, ask yourself these seven questions:
• Have I protected the network devices?
• Have I set up protection for my network from misconfigured devices and from bad behavior?
• Are the authenticated, legitimate wireless users or devices safeguarded from other users or equipment?
• If using a WLAN controller, have I protected the network between the access point and controller?
• Have I set myself up to recognize Denial of Service (DoS) potentials, air interference, or when other “bad stuff” might be happening?
• Do I have legacy devices? Have I handled them properly so I don’t open up accidental vulnerabilities?
• Are there physical considerations around the wireless devices themselves or the wireless coverage areas I need to address?

If you’re not sure how to address some of these questions, today’s industrial wireless equipment has numerous security features built-in. It’s often just a question of making sure you use them.

If you are looking for details, stay tuned. I’ll address strategies for each of the questions, expand on the Golden Rule, and discuss what security features to make sure are included (and turned on) in wireless devices in Part 2.
Heather MacKenzie is with Tofino Security, a Belden company.

Leave a Reply

You must be logged in to post a comment.