Emerson Process Management Website Home Emerson Corporate BusinessEmerson Corporate websiteSearch Emerson Corporate websiteEmerson Corporate BrandsEmerson Corporate Investor Relations  
Search Emerson Process Management WebsiteEmerson Process Management PlantWebEmerson Process Management Industry CentersEmerson Process Management News & EventsEmerson Process Management ContactsEmerson Process Management Global Presence

 
Security

Because we understand your concerns about protecting process performance and data, security is designed into Emerson’s Smart Wireless solutions right from the start.

Security for Wireless Field Network

Sensor / field device applications

At the wireless field network level, robust, multi-tiered, always-on security is provided through advanced, standards-based encryption as well as authentication, verification, key management, and anti-jamming techniques.

For example, our Smart Wireless solutions employ end-to-end 128-bit encryption using the Advanced Encryption Standard (NIST standard FIPS-197). For authentication purposes, each gateway maintains a "whitelist" of devices allowed to communicate with it, and individual devices accept messages only from a previously identified gateway or from other gateway-validated devices.

Separate Join and Network keys can be set to automatically rotate or be changed on demand. Implementation of the WirelessHART standard will add Session keys for communication between two network devices so that other devices can't "listen in." These can be rotated as well.

Message Integrity Codes are used to verify messages, both per-hop and end to end. Anti-jamming techniques such as Direct Sequence Spread Spectrum (DSSS) with channel hopping plus multi-path routing help sidestep noise sources, whether malicious or not. And gateway-to-host security leverages well-known standards such as SSL as well as complete encryption/authentication.

Security for Plant Network Applications

Business / operations applications

At the wireless plant network level, security is fundamental to the Cisco Unified Wireless Network. The standards-based Cisco Self-Defending Network solution provides confidence your plant and business data will remain private and secure. Threat-control capabilities control and contain known and unknown threats, and network admission control helps you enforce organizational security policies to allow only trusted end-point devices to access your network.

Within the wireless network, Cisco provides multiple additional layers of protection, including:

  • RF security: Detects and avoids 802.11i radio frequency interference and controls unwanted signal propagation.
  • WLAN intrusion prevention and location: Detects and locates rogue access points or field devices, as well as potential wireless threats such as an attempt to eavesdrop, which helps IT administrators to quickly assess the threat level and take immediate action. Replay attacks are prevented on both the link layer and the network layer by using non-repeating replay counters. The slotted channel hopping protocol diminishes the risks of a DoS attack by using the entire radio space.
  • Network Access Control (NAC): Enforces policies pertaining to access point configuration and behavior to help ensure that only recognized sensors can gain access to the network.
  • Secure mobility: Maintains the highest level of security in mobile environments with Cisco Proactive Key Caching, an extension to the 802.11i standard and precursor to the 802.11r Certificates: Use of X.509 certificates and AES encryption for LWAPP transactions. This X.509 and AES encryption is embedded into the wireless mesh solution with each LWAPP transaction and all encrypted traffic.
  • Encryption: CCM mode is used in conjunction with the AES-128 cipher to provide authentication and encryption on backhaul links.
  • Data integrity: Data transmitted within the packets is protected by message integrity codes to ensure that it has not been tampered with and that it originated from a known source.
  • Segmentation: Supports creation of virtual LANs (VLANs) that protect sensor networks by separating them and their traffic from other company networks (also known as flow isolation). In addition, identity-based networking enables individualized security policies for sensors with different access rights, device formats, and application requirements. Security policies include:
  • Layer 2 security: 802.1X (PEAP, LEAP, TTLS), WPA, 802.11i (WPA2), 802.11w
  • Layer 3 (and above) security: Integration with wired intrusion prevention systems (IPSs)
  • Access control lists: IP restrictions, protocol types, ports, and differentiated services code point values
  • Authentication, authorization, and accounting/RADIUS: User session policies and rights management
 		  
 


Send comments to:


Last Updated 09/25/08


© Emerson, 1996-2008
Legal and Privacy Statements