Enabling security and adaptability in industrial networking modules - Q&A with Shaye Shayegani, Senior Field Applications Engineer, Lantronix
Speaking with Industrial Embedded Systems, Shaye Shayegani of Lantronix explains why wireless technology and cloud environments necessitate device-side and user-side security considerations for industrial automation equipment.
Embedded modules for industrial automation are becoming more connected with the increasing acceptance of cloud computing and wireless technologies. Shaye describes the importance of making modules secure and flexible to changes, as well as other driving forces in designing networking products for the industrial market.
IES: What are the major connectivity challenges that your industrial customers are trying to deal with?
SHAYEGANI: One of the main concerns for industrial automation customers is product longevity, leading to issues with legacy designs and mass-deployed products. Unlike consumer products, industrial automation products have long life cycles; thus, changing the design on a one- to two-year cycle is not possible. The typical life cycle will exceed 15 years. In a fast-moving technological arena, upgrading and complying with new standards becomes problematic if not impossible. Enabling a communication module to accommodate any changes in technology will remove requirements for major upgrades to deployed equipment.
Wireless technology minimizes many complex deployment issues in an industrial environment. As wireless networks become better known and security risks lessen, deployment of a wireless network over a wired network becomes apparent with major cost savings.
IES: With cloud computing and connectivity dominating embedded designs, what security precautions can prevent unauthorized access?
SHAYEGANI: Cloud computing and connectivity currently cover a large area of technology – from private cloud deployments to large, open-access cloud deployments, all of which have their own security considerations. In general, there are two aspects of data security with any cloud deployment: the node or device side of the cloud and the Human-Machine Interface (HMI) or user side of the cloud, both with their own unique requirements. The node side of the cloud is the easiest to secure, but in most cases it’s the least secure deployment. Security is not viewed as critical on the data side, as it mainly focuses on uploading data to a cloud server. Lax security could result in corrupted data or overwhelmed servers, which would disrupt the service.
There are many ways to secure the link between each node and a cloud-based server. A few options include data validation, data encryption through PSK, data tunnel security via SSH/SSL, Internet Protocol/Media Access Control (IP/MAC) address filtering, and proprietary data structures.
IES: What are the key requirements for monitoring, management, and control of remote production systems?
SHAYEGANI: By their nature, monitoring and management applications seem to require fewer security considerations. However, these applications can provide access to data, blocking any changes to the operation of target devices. Active or passive remote control has security ramifications beyond monitoring. For example, turning on an X-ray machine remotely could result in severe consequences besides compromising machine safety. Any remote operation requires a detailed system design to help prevent unintended use or consequences.
IES: Briefly explain Lantronix’s embedded networking technology and the current applications for it in the industrial marketplace.
SHAYEGANI: Lantronix has more than 23 years of experience in connectivity and networking technologies, with more than 15 years of experience in embedded OEM design. Wired and wireless (802.11) modules enable quick design and short time to market with minimal risk. Available modules allow for both off-the-shelf design and customization using software development kits while removing the risk of designing for 802.11 Wi-Fi.
Standards for 802.11 are rapidly evolving to accommodate ever-expanding devices and applications. Changes in wireless technology involve both hardware (RF) and software (security and performance). For most consumer products with a life cycle of one to two years, this poses relatively low risk as target products are redesigned every two years. In industrial applications where the life cycle of a product is measured in decades, obsolescence and backward compatibility become major risks. A modular approach allows for field upgrades to equipment without requiring a major hardware or software revisions.
Lantronix has a long history in the security, medical, and industrial automation arenas. This experience has been instrumental in providing customers with a solid feature set and continuous migration path as new technologies become available. Reducing design risk and shortening time to market are major driving forces across all of our embedded modules.
IES: What is your assessment of the future of wireless technology in process control applications?
SHAYEGANI: Wireless will be on an accelerated growth path in the future as security and bandwidth concerns are reduced. New standards and technologies from the VoIP and Video on Demand markets can be applied to industrial automation with minimal modification. Concern over data latency will be minimized as these technologies mature. Wireless will become as commonplace in industrial automation as the cell phone and e-mail have become in the workplace.