MythBusters: Security and WiNG Wireless Monitoring
We regularly hear from site managers who are concerned about security risks and implementation challenges associated with the installation of a wireless monitoring system. While it’s true that wireless technology presents a different set of attack vectors than traditional wired sensors, it would be unfair to categorically declare all wireless sensor technology as inherently insecure. Security is best thought of as a spectrum. You could spend millions of dollars to build a secret underground bunker with armed guards, redundant backup generators, no internet access, etc. and an adversary could spend billions of dollars buying technology and personnel to defeat it. To quote security expert Bruce Schneier,
“The question to ask when you look at security is not whether this makes us safer,
but whether it’s worth the trade-off.”
To understand exactly what the trade-offs would be, let’s first consider the benefits of wireless sensors:
- Ease of installation (which translates directly into cost of installation) is a major benefit of wireless technology.
In many cases there is no feasible way to get a wired sensor into a location where monitoring is needed.
- System maintenance (and its associated expense) is simplified since wireless sensors can be quickly relocated as site
configurations change. With a 10 year battery life, WiNG wireless sensors provide reliable, maintenance free operation.
- A wired system has practical physical limits regarding the number of devices that can be connected to a given manager device. WiNG wireless technology allows up to 400 sensors to connect to one single manager.
- Aesthetically there are also benefits. Wireless technology eliminates the need for extra sensor wiring that clutters up your data center. A wireless system also reduces the chance of a wired sensor accidentally becoming unplugged or tripped over.
Now let’s look at some of the common security and implementation concerns we address and learn how these risks can be mitigated – or may not even apply to a wireless sensor system such as WiNG:
1. “My IT department won’t allow wifi devices on our network.”
You’re in luck! The wireless communications over the 868/900Mhz ISM band frequencies used by the WiNG system are not the same as connecting an 802.11x wifi device to your network. The sensors will only talk directly to the WiNG manager over special frequencies allocated for industrial equipment. The WiNG manager itself is where the data is collected and analyzed before being pushed over a standard Ethernet or RS-485 connection to your building’s BMS system.
2. “Someone will be able to use these wireless signals from miles away to hack into my network, disable alarms, manipulate the manager firmware, download data, etc.”
There are many reasons this statement is inaccurate. First, communications from WiNG sensors to the WiNG manager or range extender (WiNG-RXT) are one-way communications and consist only of a unique sensor ID and that sensor’s data reading – the manager does not send data back to the sensors. The firmware, alarm settings, configuration settings, etc. are all stored onboard the WiNG manager. These settings are never transmitted wirelessly and cannot be changed via the wireless interface. A WiNG manager can be configured to listen only to certain sensor IDs, so multiple WiNG managers can be used in close proximity with one another and each manager will ignore data from sensors not associated with it.
It is true that the WiNG manager itself may be connected to a building network so it can push data to a BMS system, but this poses no more risk than any other sensor equipment connected to that network. Since the WiNG manager does not require a connection to the internet standard firewall and network security practices can be put in place to further mitigate any risk. Alternatively, the WiNG manger can be fully disconnected from the standard network and operated as a stand-alone unit, using relay outputs or the RS485 BMS network to signal alarm conditions reported by the wireless sensors.
3. “Using wireless technology means someone will be able to spy on my system from miles away.”
The WiNG network uses a proprietary communications protocol in the 868/900Mhz spectrum. The one-way signals from the battery powered sensors are relatively weak and will be attenuated significantly by any external building walls. It would be very impractical for an adversary to attempt to sniff data by receiving these signals. Secondly, even if they do succeed in obtaining any data, the only information transmitted by the sensor is the unique sensor ID and the sensor’s reading. The sensor name, description, location, alarm configuration, history, etc. are stored only on the manager and are never transmitted wirelessly. Sensitive, proprietary data has no way of getting out.
4. “Wireless sensor systems are unreliable and the data they provide can’t be trusted.”
Every wireless packet contains a cyclic redundancy check (CRC) to ensure the data has not been corrupted during transmission. The WiNG manager will automatically ignore any packets that are corrupted. Also, by configuring the WiNG manager to listen only to sensors with specific serial numbers, you can be sure the data you are seeing is meaningful within your environment. Consider as well that you will not have the issues seen with a traditional sensor system where wires are accidentally severed, tripped over, etc.
5. “Installing a wireless sensor system introduces another point of failure.”
Looking at the top reasons for data center failures you’ll see problems such as UPS system failures, water leaks, CRAC unit failures, and generator issues. Using a trusted wireless sensor network to identify problems with these systems allows you to address infrastructure issues before they become critical and create downtime.
6. “Wireless systems are inevitably more expensive due to subscription fees and recurring battery replacement costs.”
The WiNG system has no recurring fees or costs. All of your data is stored locally on the WiNG manager or handled by your BMS system. We do not require a subscription to an online service or charge recurring fees of any kind. With a battery life of 10+ years and the ability to easily relocate sensors as your data center configuration changes, you can be sure that WiNG’s recurring future costs will be extremely low.
7. “No respectable industry leaders would consider trusting a wireless system.”
We work with many industry leaders who have fallen in love with our revolutionary sensor system. The ease of use, cost point, and reliability have far surpassed industry expectations.
Leave a Reply