Communication security requires that new devices support the industry standard Internet Protocol Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) suites. HART commands have been added to simplify security deployment and aid users in navigating multiple security options. Additional diagnostics and forensic requirements are also included.
Devices are required to capture audit logs that summarize communications activities, including records such as client identification, connection start/stop times and whether the device configuration was changed in that session.
Finally, HART-IP devices also must support syslogging, an industry standard means of publishing device events to a network’s security information and event management (SIEM) system. All HART-IP devices must support network time using either Network Time Protocol (NTP) or Precision Time Protocol (PTP). Consequently, all syslog messages from all network devices are time synchronized, enabling forensics on network-wide behavior and activities.
Combining communication security, audit logs and syslogging results in robust security for HART-IP enabled products.
“With Ethernet-APL, operators will have the need to really be up to date with all the of the firmware and the software they’re using,” says Thomas Rummel, senior vice president of engineering and product management, Softing Industrial Automation. “In the past, the attitude was ‘it’s running now, so never change it,’” Rummel explains. “But in the future, you’ll have to ensure that all security patches are kept up to date and no back doors are left open.”
These new requirements for intelligent device management, switch configuration and other similar tasks may well present the opportunity to have IT-trained personnel contribute more directly to the support of process operations.
“For years, we’ve talked about the convergence of IT and OT,” notes Wally Pratt, director of field communication protocols for FieldComm Group. “And while there’s sometimes been resistance from the operational side of things, it’s in the IT group’s wheelhouse to take to care of tasks like network security management, patching, firewall configurations and the like. Let the IT people do what they do best.”
Easy does it
And with HART-IP, securely commissioning a new Ethernet-APL device can be just as easy as it is to securely commission a WirelessHART instrument, Pratt continues. “Take it out of the box, put it on the bench, hook up a handheld and enter a network ID and join key. Then just put it out in the plant and it works. We’re trying to do the hard stuff inside to make it simple on the outside.”
Both Dow’s Jeff Konrad, technical solutions team leader, automation interfaces, and 3M’s Robert Sentz, senior engineering specialist, envision that Ethernet-APL field network security would be an extension of the long-established IT security practices now used at the higher levels of their companies’ Ethernet-based automation and information networks.
And when it comes to 3M’s first adventures in Ethernet-APL, “it might be nice start with something that looks very familiar,” Sentz says. “I expect that we might want to add to what’s available in HART-IP, but starting there with the ability to grow would allow for a smoother transition.”
Jason Urso, chief technology officer, Honeywell Process Solutions, agrees that industry shouldn’t waste a lot of time worrying about how devices talk to one another. “Let’s build on a widely adopted and pervasive infrastructure where we have lots of people that understand it and know how to maintain it. We may find that new devices and different industries are better suited to other protocols than HART-IP, but Ethernet-APL doesn’t preclude us using them as well.”
“So, let’s get this technology out to our customers as quickly as we can,” Urso says. “So we can learn from it, adopt and adapt.”
