WirelessHART - the only fieldbus with native encryption

WirelessHART (IEC 62591) is a wireless communication protocol for process automation, standardized in 2010 as the first wireless fieldbus technology. Developed by FieldComm Group as a wireless extension of the HART protocol, WirelessHART stands out for one fundamental feature - it is the only fieldbus protocol with native, mandatory cryptographic security built into the specification.

WirelessHART operates in a mesh topology on the 2.4 GHz frequency (IEEE 802.15.4), with TDMA (Time Division Multiple Access) and channel hopping mechanisms that provide deterministic and interference-resistant communication. It is used wherever wiring is expensive, difficult, or impossible - large process installations, tanks, facilities in explosion hazard zones.

Protocol architecture

Parameter	WirelessHART
Physical layer	IEEE 802.15.4, 2.4 GHz ISM
Topology	Mesh (self-organizing network)
Speed	250 kbps (radio), effective throughput depends on topology
Authentication	Yes - network and session keys
Encryption	AES-128-CCM (mandatory)
Integrity	MIC (Message Integrity Code) based on AES-128
Range	Up to 250 m between nodes (with mesh: multi-hop)
Channels	15 channels with channel hopping (FHSS)
Medium access	TDMA (10 ms slots)

The WirelessHART network architecture consists of:

• Field devices - sensors and actuators with WirelessHART radios. Each can serve as a router in the mesh network
• Gateway - connects the WirelessHART network to the wired network (Ethernet, HART, Modbus). Manages the communication schedule
• Network Manager - software that manages network topology, TDMA scheduling, and cryptographic keys. Can run on the gateway or a separate server
• Access point - the gateway’s radio access point, physically separated from the gateway electronics (allows for redundancy)

Channel hopping (FHSS) means each transmission occurs on a different channel from the 15 available - significantly complicating both eavesdropping and jamming. TDMA guarantees communication determinism critical in process automation.

Security - what WirelessHART does well

WirelessHART is an exception among fieldbus protocols - cryptographic security is a mandatory part of the specification, not an optional add-on.

Security mechanisms:

• AES-128-CCM encryption - every packet is encrypted with a network or session key. CCM (Counter with CBC-MAC) provides both confidentiality and integrity
• Network keys (Network Key) - shared by all devices in the network, protecting broadcast communication
• Session keys (Session Key) - unique for each device-gateway pair, protecting unicast communication
• Join Key - key used to authenticate a new device joining the network
• MIC (Message Integrity Code) - a cryptographic integrity code on every packet, preventing in-transit modification
• Counter-based replay protection - packet numbering prevents replay attacks

Security assessment - where the limits are

Despite built-in cryptography, WirelessHART is not immune to all threats. Furthermore, wired protocols have a significant advantage that cryptography cannot replace - physical resilience against manipulation.

WirelessHART security limitations:

• Jamming - the 2.4 GHz ISM band is shared with Wi-Fi, Bluetooth, and other technologies. Intentional jamming can disrupt communication despite channel hopping. This is an availability attack that cryptography does not protect against
• Key management - key rotation in networks with hundreds of battery-powered devices is an operational challenge. Keys are often not changed for years
• Join Key compromise - if an attacker obtains the Join Key (e.g. from service documentation), they can join their own device to the network
• Gateway as single point of failure - compromising the gateway gives access to the Network Manager and network keys

Advantage of wired protocols:

Wired protocols (HART 4-20mA, Modbus RTU, PROFIBUS) have no encryption, but they have something wireless protocols lack - physical resilience against remote access. To attack an RS-485 bus or a 4-20 mA current loop, an attacker must physically reach the cable. With WirelessHART, the radio signal is available to anyone within antenna range - cryptography is the only barrier.

This does not mean WirelessHART is less secure than wired HART. It means the risk profile is different - with wires, physics provides protection (cable access), with WirelessHART, cryptography provides protection (AES-128). Effective protection requires understanding both models.

Segmentation and protection

WirelessHART network segmentation:

1. Gateway as zone boundary - the WirelessHART gateway is a natural segmentation point. The gateway’s Ethernet interface should be behind a firewall with DPI, in a dedicated OT zone
2. Gateway separation - separate WirelessHART gateways for different process areas (e.g. tanks vs. distillation columns), with independent network keys
3. Network Manager access control - the server managing the WirelessHART network requires strict access control (dedicated engineering workstation, multi-factor authentication)
4. Radio spectrum monitoring - detecting jamming attempts and unauthorized radio devices in the 2.4 GHz band within the facility
5. Joining procedure - adding new devices to the network should require physical authorization (e.g. pressing a button on the gateway + entering the Join Key)

Detailed guidelines for zones and conduits in OT networks, including wireless networks, are described in our article on OT network segmentation.

Sources

• IEC 62591 - WirelessHART - international standard
• FieldComm Group - WirelessHART - official documentation
• NIST SP 800-82 Rev. 3 - Guide to OT Security, OT wireless network security
• IEEE 802.15.4 - physical layer standard
• ISA-100.11a - alternative wireless standard for comparison