IEC 62591 WirelessHART Security Podcast

by | Mar 10, 2011 | Cybersecurity, Industrial IoT | 0 comments

I discovered a podcast done by Dale Peterson of the security-related Digital Bond blog. In the first part of the podcast (1:45 to 31:30), Dale talks with Emerson’s Jeff Potter about the security in the WirelessHART / IEC 62591 global standard. Dale notes:

In the US ICS security community this standard seems to take a backseat to the ISA 100 wireless LAN specifications, but this is a mistake. WirelessHART has been out for a few years now with a significant installed base. It is a completed standard, and it has been blessed as an IEC and European standard.

Jeff describes the security involved in a WirelessHART device joining the network. These devices need to provide a 128-bit AES-encrypted join key. The network can be set up for a common join key or unique join keys from each device. A HART handheld or software program such as AMS Wireless Configurator can create these unique keys for each wireless device. Jeff notes that there is no “read key” command to find out what key is inside the device. There is only a “write key” command to set these join keys.

Once devices have successfully joined the network, then a network key is shared by all the devices on the WirelessHART network that protects status down at the data link layer, hop by hop. Next, there are session keys, which are multi-hop at the transport layer that may go from an end device through possibly a number of hops over to the WirelessHART gateway. Only the end device and the gateway share the secret of an individual session key. Like the join keys, these network and session keys are also 128-bit AES encrypted.

Jeff was asked about the possibility of jamming these wireless communications. Even though the devices are extremely low power, through frequency diversity, path diversity, and time diversity these communications are extremely robust. I highlighted these techniques in an earlier post, Coexistence and Diversity Techniques for Reliable Wireless.

Jeff highlights two concerns most process manufacturers ask about when they consider adding wireless field devices. The first is how it will coexist with existing wireless and radio communications. Once they understand the diversity techniques and perhaps conduct a pilot project with a few devices and gateway, this concern usually subsides. The second major concern is the perception that it can open a “back door” at level 0 of the Purdue Model. Once the security model of the IEC 62591 standard is understood, this concern is reduced.

The flexibility of the HART communications standard and WirelessHART have expanded where data from valve signatures, vibration waveforms, and other complex data types can be communicated from the end device to the automation and/or asset management system to which the wireless network is connected. This opens visibility to the diagnostics in valves and other devices not previously connected back to the operators and maintenance teams.

Dale provides links to a HART Communications Foundation whitepaper on WirelessHART security and a WirelessHART security whitepaper from the Emerson team as good sources to better understand the security aspects of this standard.

| iTunes

Popular Posts

Comments

Author

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to stay up to date on the latest news, events and innovations that will help you face and solve your toughest challenges.

Do you want to reuse or translate content?

Just post a link to the entry and send us a quick note so we can share your work. Thank you very much.

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.

PHP Code Snippets Powered By : XYZScripts.com