Page 35: of Offshore Engineer Magazine (Sep/Oct 2014)

34 36

“They could write a password on a sticky note and leave though wireless today sees use mainly for monitoring and and security, the bottom line is you need to think on an all- encompassing level.

it lying around, or they’ll make their password too easy.” Or reporting and not control, because of security and reliability people assume the wireless networks are segregated. “They get concerns, in the next ? ve years we will start to see more com-

Security standard enables defense bored out there, so they plug in their USB sticks and download fort and use of control in noncritical areas.

web sites for personal use or charge their phone,” Speake said. The ISA99 control system security standards played a major Today’s use of real-time wireless communication for safety “They aren’t necessarily making phone calls but maybe listen- role in the development of a new architecture for one company uses should help spur on acceptance. In an emergency, wireless ing to music, and you don’t know what’s on the phone.” While operating a platform on the US continental shelf. By using a devices can help operators know who’s made it to the lifeboats most oil platforms have a separate line accessing the internet Defense in Depth network architecture (an information assur- and who hasn’t. One helpful tool is as a card helicopter passen- that might not be available for the control room. “But they’ll ance strategy from the US National Security Agency [NSA]) in gers swipe to ensure they’re compliant with regulations before ? nd ways,” Speake said. “They might hook up a separate wire- accordance with ANSI/ISA-99 standards and the Department boarding the rig. When a person gets off the helicopter, he gets less hub off of their personal laptop and connect to it from the of Homeland Security guidelines, the new architecture isolated tagged. “We can monitor personnel to ? nd out which ? oor of control room.” layers of the business and process control network, using rout- the platform they’re on. In case of emergency, when somebody

The key to isolating traf? c is to think about radio frequency ers and ? rewall appliances to permit only the minimum traf? c has to initiate a rescue, you don’t want people searching the (RF) protection and include only what is really needed. “The that was necessary between these layers. platform to ? nd those individuals.” onshore link should only be used for things that are absolutely “The concepts of zones and conduits in ISA-99 (now IEC With so many older platforms needing upgrades, wireless necessary, Gilsinn said. “Email is necessary, but web sur? ng 62443) are critical to any communications, whether wired or will see more use, and more checks will be in place, ensuring should be limited. The actual process communication should wireless, because these models give you the ability to divide your devices only connect to other devices, and ? agging those from a have a higher priority,” he said. “You should control network platform into security zones so you can tailor your defenses to separate access point, Speake said. ? ow going through your wireless link, since it’s your sole link speci? c areas as well as security capabilities and needs,” said Today’s technology will only get more sophisticated as from corporate to the outside world.” So while you can never Eric Byres, CTO of To? no Security. The case above is a prime time goes on. The way new engineers interact with technol- eliminate web traf? c, you can limit it in terms of the bandwidth example of using ISA/IEC 62443 zone and conduits with security ogy is quickly evolving, with technologies such as a touch it uses. products, Byres said. “The ? rewalls give engineers the ability to screens instead of a mouse and monitor. Today’s workforce control what traf? c ? ows into a zone (see graphic), and sends out has to interact differently and come up to speed a lot faster.

Standards as an anchor alarms when it notices suspicious traf? c.” In addition to ? rewalls and levels of encryption, the industry

Knowing which standard to use with offshore wireless technol- is seeing more use of retina and ? nger-print recognition and

Bene? ts over risks ogy isn’t so easy because such a variety of groups developed digital video. independently and represent different industries and needs. As users become more educated about the potential for wire- There are applications and ef? ciencies the industry has not

Some choices include IEEE 802.11 WiFi for use in wireless less communication offshore and the savings it represents, seen yet. That is why it is just scratching the tip of the automa- local area networks (WLANS) or Zigbee or Bluetooth stan- experts believe they will realize bene? ts over risks. Even tion-networking iceberg. dards for personal area network systems are intended for short-range communication. Yet, as the automation industry is moving to IP-based technologies, some experts are now opting for standards that allow more system ? exibility. ANSI/

ISA-100.11a-2011, Wireless systems for industrial automation:

Process control and related applications, “has tried to go a lot farther than WirelessHART,” Czubba said. “It’s object orien- tated and designed to support a lot more functionality, such as Foundation Fieldbus, which sees use more offshore than onshore. Plus the standard has a high performance and reliabil- ity factor.” “One great element about ISA-100 is it allows system ? exibil- ity and is aligned to IP networking, Amidi said. “A distributed system allows you to have a central hub from which you can get all your data and manage transmitters.”

The standard also allows vendors with big data packets, such as vibration, to use proprietary protocols without having to make changes, Amidi said. They can use the tunneling features of ISA100.

Advanced encryption standards (AES) let you protect data in ? ight. “AES-256 tells you how big the key is to encrypt and decrypt the data. It’s pretty much unhackable,” Schaffer said. “The 802.11 Internet protocol (IP) standard will sup- port radios as a way to authenticate. But some of the other industrial protocols, such as Bluetooth, which can be used in industrial settings, have weak or nonexistent authentica- tion,” Schaffer said. “You can follow the standards and have a secure system or insecure system based on the choices

Industrial Bolting Systems Advanced Tensioning Systems Hydraulic Torque Wrenches Pneumatic Multipliers you make. The standard doesn’t demand you use AES-256 encryption. If you choose not to do that, you’re still fol-

Electric Multipliers Hands-Free Safety Time Saving Simplicity Industry-Leading Accuracy Patented Innovations lowing the standards, but you’ve severely weakened your security.” In such a diverse world of standards for wireless oedigital.com September 2014 | OE 37 034_0914_FPSO2_OER Avoiding.indd 37 8/21/14 2:49 PM