On Safe and Secure Communication in Process Automation

Abstract: In the process industry, network and system security have become important since the introduction of Ethernet-based fieldbus protocols. As an example, a successful attack on a power plant, supporting large cities with energy, could result in a temporal but total power loss. Such attacks could be devastating for the society. The security threats are real, and motivations for attacking industrial communication systems may be political or economical.The visions of autonomous systems, which can be supervised, diagnosed and maintained from remote is not far from reality, but stress the need for security and safety measures. Wired fieldbus protocols are mature with respect to safety and there are existing standards for safe communication. However, the wired fieldbuses lack adequate security measures to be deployed in industrial automation. In wireless sensor networks security is addressed thoroughly in the standards, but is not mature with respect to safety. Future automation systems need ideally to seamlessly support safety and security in heterogeneous networks while hiding the complexity for the end-users in order to successfully manage large-scale industrial production.This thesis presents one feasible solution towards safe and secure communication in heterogeneous industrial networks for process control. The presented solution addresses several other important aspects such that engineering efficiency, transparency, possibilities for retrofitting, coexistence with international standards in order to protect the return-of-investment of products, systems, and installed base within the area of process automation. Field trials show that several improvements of wireless sensor networks with respect to determinism in both the uplink and the downlink are needed. This is not only true when it comes to the research problems addressed within the scope of this thesis, but rather a necessity for market acceptance and deployment in process automation in general. The major contribution of this thesis is a method that enables end-to-end safe and secure communication in heterogeneous automation networks without major changes in existing standards, while preserving engineering and integration efficiency.