Day 2 here are ISA Expo, mostly networking topics today. Two points of learning for me today: 802.11 is getting more industrial strength, and with the acceptance of industrial Ethernet comes a whole set (not new, but new-to-many-industrial-folks) of Security issues.

802.11 networking is getting easier for industrial apps with a new player: GainSpan. Spun out of Intel, they’ve created a new SoC with a pair of ARM7s driving an 802.11 stack. One GS1010, a single balun, and an antenna, and you’re on the air. Details being announced shortly, but besides the SoC nature of the solution, battery life and ease of programming is a big part of the story.

And I saw the first module with a GainSpan chip and a four-channel Quickfilter device from Oceana Sensor. Very small, making Wi-Fi sensor networks easy to implement. Alex Kalasinsky says Oceana has ported six reference sensor designs to the WSeM.

Regarding security, there are a lot of different paths being considered. Industrial Defender’s Todd Nicholson said that “… [many of these industrial] networks were not built with cyber security in mind.” That’s probably the understatement of the show. Their tools and services set up a perimeter and help with assessing and mitigating threats with the goal of stopping cascading failures.

At the device level, Wurldtech is tackling a different problem - how to characterize traffic from an industrial device. Using a grammar-based, protocol-aware testing engine, they can assess potential vulnerabilities and certify devices. It’s a quite different approach - this is their coming-out event and more detail should be available as this approach builds momentum. One tidbit was BP has adopted certification of devices via testing with their Achilles Satellite as part of their procurement specification.

And I talked to Tom Beggan from Enterasys Networks on yet another dimension of the security problem. Their switches do role-based per-port configuration, providing 4 basic functions on traffic at layers 2, 3, or 4: allow, deny, rate limit, or contain to a VLAN. Policies are enforced at the port level based on who you are (IP, business role). Similar but less sophisticated approaches are in enterprise-grade switches, but this is the first I’ve seen this type of capability in an industrial-grade Ethernet switch.

Interesting times as industrial apps continue to shift from legacy-based connectivity to more open networking standards - and hit many of the same issues the enterprise networking folks have encountered before.