1、 TECHNICAL REPORT ISA-TR100.14.01-2011 Trustworthiness in Wireless Industrial Automation: Part I Information for End Users and Regulators Approved Date 26 May 2011 ISA-TR100.14.01-2011, Trustworthiness in Wireless Industrial Automation: Part I End Users and Regulators ISBN: 978-1-937560-14-0 Copyrig
2、ht 2011 by ISA. Not for resale. Printed in the United States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means (electronic mechanical, photocopying, recording, or otherwise), without the prior written permission of the
3、 Publisher. ISA 67 Alexander Drive P.O. Box 12277 Research Triangle Park, North Carolina 27709 - 3 - ISA-TR100.14.01-2011, Part I Preface This preface, as well as all footnotes and annexes, is included for information purposes and is not part of ISA-TR100.14.01-2011, Part I. This document has been p
4、repared as part of the service of ISA toward a goal of uniformity in the field of instrumentation. To be of real value, this document should not be static but should be subject to periodic review. Toward this end, the Society welcomes all comments and criticisms and asks that they be addressed to th
5、e Secretary, Standards and Practices Board; ISA; 67 Alexander Drive; P. O. Box 12277; Research Triangle Park, NC 27709; Telephone (919) 549-8411; Fax (919) 549-8288; E-mail: standardsisa.org. The ISA Standards and Practices Department is aware of the growing need for attention to the metric system o
6、f units in general, and the International System of Units (SI) in particular, in the preparation of instrumentation standards. The Department is further aware of the benefits to USA users of ISA standards of incorporating suitable references to the SI (and the metric system) in their business and pr
7、ofessional dealings with other countries. Toward this end, this Department will endeavor to introduce SI-acceptable metric units in all new and revised standards, recommended practices, and technical reports to the greatest extent possible. Standard for Use of the International System of Units (SI):
8、 The Modern Metric System, published by the American Society for Testing we clearly understand why you dont trust wireless for your Industrial Automation and Control System (IACS). There have been too many false starts and false claims in the past. The proclamations of ubiquitous sensing havent been
9、 realized. But there is a lot happening in the broader “M2M“ world beyond industrial sensing that lays the groundwork. (See “When Everything Connects,” The Economist, April 28-May 4, 2007.) And does the jungle of wires shown in Figure 1 really seem like the best solution? There is a lot you can do n
10、ow that makes good business sense. So what is preventing you from trusting wireless sensors for your IACS? 1. Reliability: Will the data you need be available when and where you need it? Will the maintenance of the wireless system be higher than the wired alternative? Will the additional capability
11、you get be worth the risk and capital expenditure? You need assurance against unintended consequences as you make the transition. 2. Security: Will your data stay where it belongs? Will your IT department allow wireless in the facility? Will an intruder be able to take control of your processes? 3.
12、Resiliency: When the system is disrupted, how long will it take to restore? Will it restore itself? Will your technicians be able to fix it? Will the system scale to fit your full implementation? Can early indications of an impending disruption be detected in time to compensate, mitigate, or pursue
13、an alternate control strategy? ISA-TR100.14.01-2011, Part I - 8 - These three concerns form the backbone of this document and the core of trustworthiness. We will describe how and why modern wireless IACS can be at least as trustworthy as the wired systems you are used to. We will also describe some
14、 of the ways wireless uniquely enables new capabilities that are not feasible with wires. If you think about wireless only as a one-for-one replacement for wires, you are missing the biggest reason to go wireless. Continue reading and learn how to address your concerns about using wireless sensors.
15、We want your feedback, but most of all we want you to start using wireless sensors. Our purpose is to give you the tools you need to make informed decisions about whether to consider wireless in your industrial automation and control systems (IACS). We will neither tell you which wireless technology
16、 to pursue, nor will we provide detailed trade-offs between alternative technologies. Rather, we will provide some background on the fundamental opportunities and challenges associated with wireless in the industrial environment and, we hope, enough knowledge to allow you to decide whether to push (
17、or to support) your staff in evaluating wireless for particular applications in your organization. We are confident that wireless technology will become common in the IACS environment, but we believe prudence while we build and refine this technology is appropriate. We hope this document will contri
18、bute to your understanding. - 9 - ISA-TR100.14.01-2011, Part I FOREWORD This document is the first of a pair of documents distinguished by the intended audiences. This document, Part I, is written primarily for the end user (owner) and regulator (includes all compliance authorities). A companion doc
19、ument will be written primarily for manufacturers, vendors, designers, integrators, operators, and maintainers. That document, Part II, will contain more technical detail. This page intentionally left blank. - 11 - ISA-TR100.14.01-2011, Part I Table of Contents 1 Scope 13 2 Purpose . 13 3 Terms, def
20、initions, and acronyms . 14 3.1 Terms and definitions 14 3.2 Acronyms 19 4 Introduction 20 4.1 Why is trustworthiness important? . 23 4.2 What is trustworthiness? . 23 4.3 What are the impediments to trusting wireless? 24 4.4 How will you know when you can trust wireless at the same level as wired I
21、ACS? . 24 4.5 What can the end user do to overcome the impediments? 24 4.6 What can the regulator do to overcome the impediments? 25 4.7 Security of wireless transmissions . 25 4.8 Steps to achieving trustworthiness in wireless IACS. 26 5 Attributes of trustworthiness . 27 5.1 Reliability 28 5.2 Sec
22、urity 29 5.3 Resiliency . 31 5.4 Designability . 32 5.5 The role of standards 34 6 Summary and review 36 6.1 The wireless advantage. 36 6.2 The pitfalls of wireless IACS 36 6.3 Trustworthiness in wireless 37 6.4 Wireless through the life cycle . 37 6.5 Next steps. 38 This page intentionally left bla
23、nk. - 13 - ISA-TR100.14.01-2011, Part I Trustworthiness in Wireless Industrial Automation: Part I Information for End Users and Regulators 1 Scope This Part 1 Technical Report, in combination with the forthcoming Part 2, discusses trustworthiness associated with the use of wireless technology in ind
24、ustrial automation systems. Specifically excluded are those attributes that may be in common with wired systems and are therefore covered elsewhere, or attributes that are specific to other application domains such as healthcare applications. Also excluded are those attributes associated with ancill
25、ary issues such as health effects of RF or component materials (such as batteries). For this document, trustworthiness encompasses attributes associated with reliability, security and resiliency. 2 Purpose Trustworthiness in Wireless Industrial Automation is divided into two distinct parts. Part 1 (
26、this document) provides introductory information for the end users and regulators; Part 2 will provide more thorough technical details associated with trustworthy wireless systems. Part 1 provides end users and regulators with information needed to understand the risks and advantages associated with
27、 use of wireless systems. The result should be confident decisions about when and where to use them in order to realize the benefits they offer. It is also intended to provide those in a regulator role with sufficient background information to understand the implications and consequences of rules an
28、d regulations that apply to use of wireless technology in industrial automation applications. The document contains introductory material and information intended to demonstrate to the reader that wireless is a viable solution today. The reader will find embedded in Part 1 a few technical bits of gu
29、idance as an incentive to read Part 2. Part 1 introduces and uses technical terms to describe concepts that are common to many areas of computer technology and applications. The existence of multiple disciplines and communities which have developed their own approaches to deal with technical issues
30、has produced a literature containing many different technical terms with considerable overlap in use and meaning. A set of terms has been adopted for Part 1 for purposes of presenting a consistent point of view. Detailed discussion of the choices of technical language and terminology is being deferr
31、ed to Part 2. ISA-TR100.14.01-2011, Part I - 14 - 3 Terms, definitions, and acronyms 3.1 Terms and definitions 3.1.1 actuator a mechanical device for moving or controlling a mechanism or system and operated by a source of energy, usually in the form of an electric current, hydraulic fluid pressure o
32、r pneumatic pressure, that converts that energy into some kind of motion 1 3.1.2 authentication verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system 2 3.1.3 authorization access privileges that are granted to an entity
33、, conveying an official sanction to perform a function or activity 3 3.1.4 availability the ratio of time a system or component is functional to the total time it is required or expected to function. It can be expressed as a direct proportion, a percentage, or in terms of average downtime per a time
34、 period (week, month, year). Availability is a key attribute supporting the notion of dependability. 4 3.1.5 confidentiality preserving authorized restrictions on information access and disclosure 2 3.1.6 data integrity guarding against improper modification or destruction (of data), and includes en
35、suring information non-repudiation and authenticity 5 3.1.7 dependability likelihood that the service will be available when and where it is needed 6 NOTE Many standards working groups have debated use of this term. Among IEC working groups the term “reliability” is preferred instead. Reliability is
36、 independent of use and has an extrinsic character in contrast to dependability which has an intrinsic character. 3.1.8 designability the characteristic of a component, system or subsystem expressing how effectively it can be deployed, scaled as needed during operation, then finally decommissioned a
37、t its end of life 3 3.1.9 digital signature result of a cryptographic transformation of data that, when properly implemented, provides the services of source authentication; data integrity; - 15 - ISA-TR100.14.01-2011, Part I signer non-repudiation when the cryptographic transformation uses asymmetr
38、ic-key cryptography 3 NOTE In a general information security context, an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchan
39、ged 7 3.1.10 direct-sequence spread spectrum (DSSS) a spread-spectrum method of transmitting signals in which the data signal at the sending station is combined with a higher data rate bit sequence, or chipping code, that divides the user data according to a spreading ratio. The chipping code is a r
40、edundant coding technique that allows the original data to be recovered if damaged during transmission. 8 3.1.11 encryption a process which is applied to data and alters it to make it more difficult to read and/or interpret without knowing how to decode it 8 NOTE In cryptography, encryption is the p
41、rocess of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. 9 3.1.12 end user the person or organization for whom a hardware or software product is designed (
42、used to distinguish from developers, installers, and maintainers) 10 3.1.13 frequency-hopping spread spectrum (FHSS) a spread-spectrum method of transmitting signals by rapidly switching a carrier among many frequency channels, using a pseudorandom sequence known to both transmitter and receiver 11
43、3.1.14 hybrid spread spectrum a combination of frequency-hopping spread spectrum and direct-sequence spread spectrum 12 3.1.15 latency delay from when data is created at a data source device to when it is available to be consumed at the destination device 3 NOTE The designated points may be a) physi
44、cal devices, or b) layer boundaries within multi-layer software (e.g., from sending transport to receiving transport functionality, or from sending application to sending modem. 3.1.16 life cycle phases a logical sequence of activities in project management or product development to accomplish a set
45、 of goals or objectives. The number of phases in a sequence depends on the system or activity but contains elements of planning, deployment, operation and maintenance, and disposition. 13 3.1.17 maintainability a characteristic expressed as the probability that an item can be retained in or restored
46、 to a specified condition within a given period of time 14 ISA-TR100.14.01-2011, Part I - 16 - 3.1.18 mesh topology network configuration in which redundant physically-diverse routing paths are available between each pair of network nodes 3 3.1.19 public-key encryption a cryptographic system requiri
47、ng two separate keys, one to lock or encrypt the unencrypted data, and one to unlock or decrypt the encrypted data 15 NOTE Neither key will do both functions. One of these keys is published (or public) and the other is kept private. If the lock/encryption key is the one published then the system ena
48、bles private communication from the public to the unlocking keys owner. If the unlock/decryption key is the one published then the system serves as a signature verifier of documents locked by the owner of the private key. 15 3.1.20 recoverability ability to respond to disruption expressed as the rat
49、io of time interval between failures (a measure of reliability) and the interval of time from the moment of failure to restoration of operations (a measure of maintainability) 8 3.1.21 regulator official, agency or organization that controls a particular activity and makes certain that regulations are complied with 16 3.1.22 reliability probability that a system performs all required functions under stated conditions for a specified period of time 17 3.1.23 resiliency ability of a system to accommodate significant changes in
