Use wired Ethernet for real-time control
Use wired Ethernet for PLC-to-drive and PLC-to-IO connections. Reserve wireless for HMIs, laptops, and monitoring sensors.
7.4 Antennas and OT Wireless
Encryption safeguards data in transit. Antenna selection and OT-specific constraints determine whether wireless works reliably in an industrial environment.
Antenna Types
Section titled “Antenna Types”An omnidirectional antenna radiates signal equally in all horizontal directions. A directional antenna focuses signal in 1 direction for longer range. dBi (decibels relative to isotropic) measures antenna gain: higher dBi means a more focused beam.
| Antenna Type | Pattern | Typical Gain | Use Case |
|---|---|---|---|
| Omnidirectional | 360 degrees horizontal | 2 to 5 dBi | Indoor APs, general coverage |
| Patch / Panel | 60 to 120 degree sector | 6 to 14 dBi | Hallways, directed coverage |
| Yagi | Narrow beam | 10 to 18 dBi | Point-to-point links |
| Parabolic dish | Very narrow beam | 20+ dBi | Long-distance backhaul |
Wireless in OT Environments
Section titled “Wireless in OT Environments”Wireless in OT serves specific use cases: mobile HMIs, maintenance laptops, asset tracking, and sensor data collection. Wireless does not replace wired connections for real-time control.
PROFINET over Wi-Fi
Section titled “PROFINET over Wi-Fi”PROFINET RT operates at Layer 2 with EtherType 0x8892. Standard Wi-Fi adds variable latency (1 to 10 ms per hop) and jitter that violates PROFINET RT cycle time requirements (1 to 4 ms in typical deployments). PROFINET IRT, which requires sub-millisecond determinism, is incompatible with Wi-Fi entirely. Use wired Ethernet for all PROFINET connections.
Industrial Wireless Standards
Section titled “Industrial Wireless Standards”| Standard | Frequency | Topology | Use Case |
|---|---|---|---|
| WirelessHART | 2.4 GHz (IEEE 802.15.4) | Mesh | Process instrumentation (temperature, pressure, flow) |
| ISA100.11a | 2.4 GHz (IEEE 802.15.4) | Mesh / Star | Process monitoring, non-critical control |
| Wi-Fi (802.11) | 2.4 / 5 / 6 GHz | Infrastructure | HMIs, laptops, cameras |
WirelessHART and ISA100.11a are designed for industrial sensor networks. Both standards use mesh topologies for reliability, time-synchronized communication for determinism, and AES-128 encryption. Both standards are appropriate for monitoring (reading sensor values every 1 to 10 seconds) but inappropriate for real-time closed-loop control.
Why Wireless Is Inappropriate for Hard Real-Time Control
Section titled “Why Wireless Is Inappropriate for Hard Real-Time Control”Wireless introduces 3 challenges for real-time control:
- Variable latency: Wi-Fi contention and retransmissions add unpredictable delay
- Interference: 2.4 GHz is shared with motors, welders, and other industrial equipment that generates electromagnetic noise
- No deterministic scheduling: Wi-Fi has no mechanism to guarantee a frame arrives within a specific time window
For these reasons, use wired Ethernet for all closed-loop control (PLC to drive, PLC to I/O). Reserve wireless for monitoring, HMIs, and maintenance access.
Detecting Rogue Access Points
Section titled “Detecting Rogue Access Points”A rogue AP is an unauthorized access point connected to the network. A rogue AP creates an uncontrolled entry point that bypasses firewall rules and network segmentation. The following script uses Scapy to capture 802.11 beacon frames and compare detected SSIDs against an approved list.
from scapy.all import sniff, Dot11, Dot11Beacon, Dot11Elt
APPROVED_SSIDS = {"PlantWiFi", "PlantGuest", "Maintenance"}seen_aps: dict[str, str] = {} # bssid -> ssid
def check_beacon(pkt): if not pkt.haslayer(Dot11Beacon): return bssid = pkt[Dot11].addr2 ssid_elt = pkt[Dot11Elt] ssid = ssid_elt.info.decode(errors="ignore") if ssid_elt.ID == 0 else "" if bssid in seen_aps: return seen_aps[bssid] = ssid status = "APPROVED" if ssid in APPROVED_SSIDS else "ROGUE" print(f"[{status}] SSID='{ssid}' BSSID={bssid}")
# Requires monitor mode: sudo ip link set wlan0 down# sudo iw wlan0 set monitor control# sudo ip link set wlan0 upsniff(iface="wlan0", prn=check_beacon, store=False, timeout=60)print(f"\nTotal APs detected: {len(seen_aps)}")rogue = {b: s for b, s in seen_aps.items() if s not in APPROVED_SSIDS}print(f"Rogue APs: {len(rogue)}")Run the script periodically from a laptop with a wireless adapter in monitor mode. Any SSID outside the approved list warrants investigation. A rogue AP broadcasting “PlantWiFi” with a different BSSID than the approved APs indicates an evil twin attack.
Key Takeaways
Section titled “Key Takeaways”WirelessHART for process monitoring
WirelessHART and ISA100.11a deliver mesh reliability and AES-128 encryption for sensor data collection at 1 to 10 second intervals.
Detect rogue APs on a regular schedule
Scan for unauthorized access points. A rogue AP bypasses network segmentation and firewall rules.
What Comes Next
Section titled “What Comes Next”Wireless extends the physical network, but modern infrastructure increasingly lives in the cloud. The next chapter covers cloud networking: VPCs, security groups, and how traditional networking concepts translate to virtualized, on-demand infrastructure.
References
Section titled “References”- IEC 62591:2016 — WirelessHART
- ISA-100.11a-2011 — Wireless Systems for Industrial Automation