By: Ishaq Mian
Thousands of enterprises worldwide rely on reliable broadband wireless networks for their IoT, voice, data, and video communications needs. It is an essential part of building out and extending network coverage to all users and applications. Due to the shared nature of any technology based on radio frequencies (RF), however, wireless systems can be more vulnerable to security issues than wireline deployments.
High-availability, high-capacity wireless systems require additional levels of security, as these systems are regularly deployed to enable mission-critical and business-critical applications. Methods popular for many private Wi-Fi networks, such as restricting physical access to private areas, reducing RF emission, and site surveys, have become ineffective. A more comprehensive, risk-informed, system lifecycle management-based security approach must be adopted from the beginning, during system planning and design phases.
Mission-critical businesses need a holistic, comprehensive approach to security that will protect wireless data. These systems must also look at the management plane against security threats—such as passive and active attacks—and against physical tampering. In this context, security needs to be discussed as part of the definition of industrial-grade wireless networks.
In the last several years, enterprises have witnessed a dramatic rise in the development of smart and “context-aware” mission-critical systems that marry embedded computing devices to their respective physical environments.
In the world of industrial automation, the interdependencies introduced due to the integration of the physical with the cyber and the associated security implications for critical
infrastructure are a critical, complex topic of ongoing research.
In June 2010, cybersecurity researchers discovered the first physically destructive cyber weapon targeted at an industrial process. This complex and sophisticated malware, named Stuxnet, forever revealed the vulnerabilities of modern control systems to the industrial world. Although cyberattacks on industrial control systems in critical industries had been happening since the late 1990s, their impact remained limited because of a lack of automation in these industries. The impact of Stuxnet, however, was significant, as it demonstrated that cyber vulnerabilities could lead to degradation of critical physical processes with major implications.
Stuxnet specifically targeted the Siemens SIMATIC S7 Programmable Logic Controllers (PLCs) and WinCC Supervisory Control and Data Acquisition (SCADA) systems responsible for controlling and monitoring the high-speed centrifuges essential to the uranium enrichment process at a government facility in Natanz, Iran. The malware successfully modified the rotational speed of the centrifuges, leading to major random system faults.
Since then, the cybersecurity of CPSs has gained critical importance in industrial environments. In fact, it has evolved into a separate branch of general cybersecurity in which the systems being protected have physical characteristics which, if compromised, can lead to downtime, injury or death, and economic loss. Regulatory