FIG. 3 is a block diagram showing an example of background-art networks constructed based on a wireless communication standard ISA100.11a for industrial automation. Plant management devices 11 and 12 are connected to a first network NW1. These plant management devices 11 and 12 constitute a first security area SA1.
The first network NW1 is connected to a second network NW2 through a firewall 21.
Wireless network management devices 31 and 32 are devices each having a system manager function and a gateway function in ISA100.11a so that each of the wireless network management devices 31 and 32 can manage a wireless network and exchange information with any device on the wireless network.
In addition, the wireless network management devices 31 and 32 are not only connected to the second network NW2 but also connected to a third network NW3.
A maintenance terminal 4 is also connected to the third network NW3. These wireless network management devices 31 and 32 and the maintenance terminal 4 constitute a third security area SA3.
The third network NW3 is connected to a fourth network NW4 through a firewall 22.
Field devices 51 to 5n are connected to the fourth network NW4. These field devices 51 to 5n constitute a fifth security area SA5.
Here, the firewalls 21 and 22 are provided in network boundaries respectively in order to satisfy different security policies of the first security area SA1, the third security area SA3 and the fifth security area SA5.
Incidentally, for example, each security policy corresponds to information including IP address information for permitting connection to a corresponding network. When an IP address permitted for connection is set for a communication port, connection from another IP address through the communication port is not permitted.
A security policy for using the plant management devices 11 and 12 in a redundant configuration is set in the first security area SA1.
A security policy for using the wireless network management devices 31 and 32 in a redundant configuration is set in the third security area SA3.
A security policy for parallel driving the plurality of field devices 51 to 5n is set in the fifth security area SA5.
Patent Literature 1 discloses a technique about a control network management system in which a process control system in industrial automation is configured as a wireless control network system, so that falsification etc. by a malicious third party can be avoided and a process control wireless communication signal which is required to have a high real-time property with ensured priority and a signal which is not required to have such a high real-time property can be made to coexist on one and the same network.