The Critical Role of Network Design in Hazardous Environments

Industrial networks deployed in hazardous environments—such as chemical processing plants, oil refineries, natural gas facilities, grain elevators, and underground mining operations—face a unique set of design constraints that go far beyond typical IT networking concerns. In these settings, a single spark from a network device can trigger a catastrophic explosion, while a momentary loss of communication can lead to uncontrolled process upsets, equipment damage, or personnel injury. Designing for safety and reliability is not an option; it is a fundamental requirement that underpins every decision from hardware selection to cable routing and system architecture.

The challenge lies in balancing two sometimes conflicting goals: ensuring that the network itself cannot become an ignition source in a volatile atmosphere, while simultaneously maintaining the high availability and deterministic performance that industrial control systems demand. Meeting both objectives requires a deep understanding of classification systems, protection techniques, and proven reliability engineering practices. This article provides a comprehensive guide to the key considerations, strategies, and standards that govern industrial network design in hazardous locations.

Understanding Hazardous Environment Classifications

Before any network equipment can be selected or a topology designed, engineers must first understand the specific classification of the hazardous area in question. Classification systems define the likelihood and duration of an explosive atmosphere being present, as well as the nature of the hazardous material involved. The two predominant systems used globally are the Class/Division system (common in North America) and the Zone system (used internationally and increasingly adopted in the US).

Class/Division System

Under the National Electrical Code (NFPA 70), hazardous locations are classified by Class, Division, and Group:

  • Class I: Locations where flammable gases, vapors, or liquids are present in sufficient quantities to produce explosive or ignitable mixtures. Examples include petroleum refineries, chemical plants, and paint shops.
  • Class II: Locations where combustible dusts are present, such as coal processing facilities, grain elevators, and metal powder manufacturing areas.
  • Class III: Locations where easily ignitable fibers or flyings are present but not likely to be in suspension in sufficient quantities to produce ignitable mixtures. Textile mills and woodworking shops are typical examples.

Each Class is further divided into Division 1 (where the hazardous condition is present under normal operating conditions) and Division 2 (where the hazardous condition is present only under abnormal conditions, such as equipment failure or process upset).

Zone Classification System

The IEC 60079 series of standards defines the Zone system, which is more granular and widely used in Europe, Asia, and increasingly in the Americas:

  • Zone 0 (Gas) / Zone 20 (Dust): An explosive atmosphere is present continuously or for long periods (typically more than 1000 hours per year). Equipment must be certified for these zones and often requires the highest level of protection.
  • Zone 1 (Gas) / Zone 21 (Dust): An explosive atmosphere is likely to occur in normal operation (between 10 and 1000 hours per year). Most industrial process areas fall into this category.
  • Zone 2 (Gas) / Zone 22 (Dust): An explosive atmosphere is not likely to occur in normal operation and, if it does occur, will persist for a short period (less than 10 hours per year). Many peripheral areas and storage locations are Zone 2.

Understanding the specific zone or division rating for each area of a facility is the essential first step in network design, as it directly dictates what types of equipment and installation methods are permissible.

Key Safety Considerations for Network Equipment

Once the hazardous area classification is known, the next challenge is selecting and deploying network equipment that will not act as an ignition source. There are several established protection techniques, each with its own advantages, limitations, and cost implications.

Intrinsic Safety (Ex i)

Intrinsic safety is the preferred protection technique for many instrumentation and network applications because it limits electrical and thermal energy to a level that is incapable of igniting a specific hazardous atmosphere. This is achieved through the use of intrinsically safe barriers (zener diodes or galvanic isolators) that restrict voltage, current, and stored energy in the field wiring. Intrinsic safety allows for live maintenance and adjustment of equipment without the need to declassify the area, which is a significant operational advantage. However, the power limitations mean that intrinsically safe network devices typically have lower transmit power and may require careful link budget planning, especially for long cable runs or high-speed Ethernet connections.

Explosion-Proof Enclosures (Ex d)

For equipment that inherently stores or dissipates more energy than intrinsic safety permits, explosion-proof enclosures are a common solution. These robust housings are designed to contain any internal explosion, preventing flames or hot gases from escaping and igniting the surrounding atmosphere. Precision-ground flanges and carefully designed flame paths cool and quench any escaping gases. While very effective, explosion-proof enclosures are heavy, expensive to manufacture and install, and require specialized training for maintenance personnel to ensure the integrity of the flame paths is maintained when covers are removed and replaced.

Increased Safety (Ex e)

Increased Safety is a protection technique that applies additional measures to prevent the possibility of excessive temperatures, arcs, or sparks occurring under normal or abnormal operating conditions. It is commonly used for terminal boxes, cable glands, and lighting fixtures. For network equipment, Ex e enclosures allow the use of higher-power devices than intrinsic safety permits, as long as the design prevents any hot spots or arcing. This technique can be a cost-effective solution for Zone 1 or Division 2 locations.

Non-Incendive (Ex n) and Pressurization (Ex p)

Non-incendive equipment (Ex n) is designed such that it is incapable of igniting a surrounding explosive atmosphere under normal operating conditions. This is a lower level of protection typically suitable for Zone 2 or Division 2 locations. Pressurization (Ex p) involves filling the enclosure with a protective gas (such as clean air or nitrogen) at a positive pressure relative to the surrounding atmosphere, preventing the ingress of flammable gases or dust. This technique is often used for large equipment cabinets or analyzer houses.

Reliability Strategies for Industrial Networks in Hazardous Areas

Safety and reliability are deeply interconnected in hazardous environments. A network failure can lead to loss of critical safety monitoring, inability to execute emergency shutdown sequences, or uncontrolled process conditions. Therefore, reliability engineering must be treated as a core design pillar from the outset.

Redundant Network Topologies

The physical and logical topology of the network has a direct impact on its resilience. The most commonly deployed topologies for hazardous environment networks include:

  • Ring Topology with Rapid Spanning Tree Protocol (RSTP): A ring provides a redundant path that can be activated within milliseconds if a single link or switch fails. RSTP is well-understood and widely supported, but recovery times can vary from 10 to 50 ms per hop in a well-tuned ring.
  • Parallel Redundancy Protocol (PRP) and High-Availability Seamless Redundancy (HSR): These IEC 62439-3 compliant protocols provide zero-loss redundancy by sending duplicate frames over two independent networks (PRP) or a ring topology (HSR). They are ideal for mission-critical control and safety applications where even a few milliseconds of data loss is unacceptable.
  • Media Redundancy: In addition to topology redundancy, using diverse physical media—such as a combination of fiber optic and copper (where permitted)—can protect against cable damage from fire, mechanical impact, or environmental degradation.

Industrial-Grade Hardware Selection

Commercial-grade networking equipment is rarely suitable for hazardous environments. Industrial-grade switches, routers, and media converters are specifically designed to withstand:

  • Extended temperature ranges: Typically -40°C to +75°C or wider, compared to the 0°C to 40°C range of commercial equipment.
  • High humidity and condensation: Conformal coatings and sealed enclosures prevent moisture ingress and corrosion.
  • Vibration and shock: Robust mounting options and rugged internal construction ensure reliable operation in machinery-rich environments.
  • Voltage fluctuations and transients: Wide-range DC power inputs and built-in surge protection help the network ride through power disturbances common in industrial settings.

When selecting hardware, engineers must verify that the device holds the appropriate hazardous area certifications (such as ATEX, IECEx, or UL/CSA) for the intended location. A switch certified for Zone 2 is not safe to install in a Zone 1 area, regardless of how robust its other specifications are.

Cabling and Installation Best Practices

The physical layer is often the most vulnerable part of an industrial network. In hazardous environments, cabling decisions have both safety and reliability implications:

  • Fiber optic cabling: Because fiber uses light rather than electrical current, it is inherently non-incendive and is the preferred medium for long runs and areas with the highest hazard classifications. Optical fiber carries no risk of sparking and is immune to electromagnetic interference (EMI) from heavy machinery, variable frequency drives, and high-voltage lines.
  • Armored cables and conduit: Where copper cabling is used (e.g., for Power over Ethernet devices), it must be installed in rigid metal conduit or armored cable assemblies that provide mechanical protection and containment. Proper grounding and bonding of conduit runs are critical to prevent static buildup and ensure fault current paths.
  • Cable glands and sealing fittings: Every cable entry point into an enclosure must use a certified cable gland that maintains the enclosure's protection rating. In Class I Division 1 or Zone 1 locations, sealing fittings are required within 18 inches of the enclosure to prevent the passage of gases or vapors through the cable core.

Environmental Monitoring and Predictive Maintenance

Reliability is not a static property; it must be actively managed throughout the network's lifecycle. Deploying environmental sensors that monitor temperature, humidity, gas concentration, and vibration at key points in the network allows operators to identify deteriorating conditions before they lead to failure. Integrating these sensors with the facility's Distributed Control System (DCS) or Safety Instrumented System (SIS) provides early warnings and enables predictive maintenance. Regularly scheduled inspections of cable glands, enclosure seals, and ground connections should be documented and tracked to ensure long-term compliance and performance.

Network Architecture for Hazardous Areas: Segmentation and Security

In addition to physical safety and redundancy, the logical architecture of the network plays a vital role in both safety and operational reliability. Network segmentation using firewalls, routers, and virtual LANs (VLANs) ensures that a failure or cyberattack in one part of the facility does not propagate to critical safety systems. The Purdue Enterprise Reference Architecture (PERA) model, often referenced in the ISA-95/IEC 62264 standard, provides a useful framework for organizing industrial networks into hierarchical levels, from Level 0 (field devices) to Level 4 (enterprise IT). Hazardous area networks typically reside at Levels 0 through 2, where real-time control and safety functions are performed.

Security in hazardous environments extends beyond cybersecurity to include physical security. Access to network cabinets in classified areas should be restricted to qualified personnel, and tamper-evident seals or locks can help prevent unauthorized modifications that could compromise the protection technique (e.g., leaving an explosion-proof enclosure cover unsealed).

Standards and Regulations Governing Hazardous Area Networks

Compliance with internationally recognized standards is not optional; it is a legal and ethical imperative. The following standards form the backbone of safe network design in hazardous locations:

IEC 60079 Series

The IEC 60079 series is the most comprehensive international standard covering equipment for explosive gas atmospheres. Key parts relevant to networking include:

  • IEC 60079-0: General requirements for all Ex equipment.
  • IEC 60079-11: Intrinsic safety (Ex i) requirements.
  • IEC 60079-14: Electrical installations design, selection, and erection in hazardous areas.
  • IEC 60079-15: Type of protection "n" (non-incendive) for Zone 2.
  • IEC 60079-18: Encapsulation "m" protection.

NFPA 70 (National Electrical Code)

In the United States, NFPA 70 (commonly referred to as the NEC) governs electrical installations, including those in hazardous locations. Articles 500 through 516 cover classification, wiring methods, and equipment requirements for Classes I, II, and III locations. The NEC is updated on a three-year cycle, and engineers must stay current with the latest edition to ensure compliance.

NFPA 70E (Electrical Safety in the Workplace)

While not specifically about network design, NFPA 70E provides essential guidance for the safe work practices that maintenance and commissioning personnel must follow when working on or near energized equipment in hazardous areas, including arc flash safety and proper use of personal protective equipment (PPE).

ISA-62443 (IEC 62443) Series

The ISA/IEC 62443 series of standards addresses cybersecurity for industrial automation and control systems. Applying these standards to hazardous area networks is critical because a cyber incident—such as a denial-of-service attack or a manipulated control command—can have safety consequences that extend beyond data loss to physical harm. Zones and conduits defined in ISA-62443 align well with the physical zoning already established for hazardous area classification.

ATEX and IECEx Certification Schemes

ATEX (EU directives 2014/34/EU and 1999/92/EC) and IECEx (International Electrotechnical Commission System for Certification to Standards Relating to Equipment for Use in Explosive Atmospheres) are the two major certification schemes for equipment used in hazardous locations. ATEX is mandatory within the European Union, while IECEx is an internationally recognized system that facilitates global trade. Equipment bearing either mark has been independently tested and certified to meet the applicable protection standards. When specifying network components, engineers should require certification from one or both of these schemes, depending on the installation location.

The field of hazardous area networking is evolving, driven by advances in wireless technology, optical sensing, and Power over Ethernet (PoE).

Wireless Networks in Hazardous Areas

Wireless communication offers significant advantages in hazardous environments, including reduced cabling costs, the ability to access remote or rotating equipment, and easier retrofitting. ISA-100.11a and WirelessHART (IEC 62591) are two industrial wireless standards designed with intrinsic safety and reliability in mind. Wireless access points and field devices must be certified for the relevant zone or division, and careful site surveys are required to ensure adequate signal coverage without interference. The latency and bandwidth limitations of current wireless technologies make them more suitable for monitoring and asset management than for high-speed control loops, but this is likely to improve with the adoption of 5G private networks in industrial settings.

Power over Ethernet (PoE) for Hazardous Locations

The ability to deliver both data and power over a single Ethernet cable has made PoE attractive for devices such as gas detectors, video cameras, and wireless access points. However, the power levels involved (up to 60W or more with PoE++) pose challenges for intrinsic safety in Zones 0 and 1. Specialized intrinsically safe PoE injectors and limited-energy circuits are being developed to address this, but engineers must verify that the entire cable run—from injector to powered device—maintains the required energy limitation. In many cases, a combination of explosion-proof enclosures for the PoE switch and intrinsically safe barriers for the field wiring provides a workable solution for Zone 1 or Division 1 applications.

Time-Sensitive Networking (TSN)

Time-Sensitive Networking (TSN) is a set of IEEE 802.1 standards that enable deterministic, low-latency communication over standard Ethernet infrastructure. For hazardous environments, TSN has the potential to unify control, safety, and monitoring traffic on a single network while guaranteeing the timing constraints of each. Combined with PRP or HSR redundancy, TSN-based networks can provide the high availability and predictable performance that safety instrumented systems require. While TSN adoption is still in its early stages in the process industries, it represents a significant step toward simpler, more flexible, and equally reliable architectures.

Practical Steps for Designing and Validating a Hazardous Area Network

The following process provides a structured approach to network design for hazardous environments:

  1. Define the hazardous area classification for all physical locations where network equipment will be installed, using either the Class/Division or Zone system as applicable.
  2. Identify the required protection techniques for each zone or division. Select intrinsically safe (Ex i) solutions for field instrumentation and Zone 0/20 locations, and consider explosion-proof (Ex d) or increased safety (Ex e) enclosures for switches and controllers in Zone 1/21 areas. For Zone 2/22, non-incendive (Ex n) equipment is often acceptable.
  3. Choose a network topology that provides the required level of availability. For most safety-critical applications, a ring topology with RSTP or a dual-redundant topology using PRP is recommended. Document the expected recovery times for each failure scenario.
  4. Select certified hardware that matches the protection technique and environmental requirements (temperature range, shock, vibration, EMI). Verify that the certification mark (ATEX, IECEx, UL, or CSA) is valid for the specific zone or division.
  5. Design the physical layer with fiber optic cabling for backbone links and long runs, and use copper only where PoE is required and the protection technique permits it. Specify certified cable glands, sealing fittings, and conduit systems.
  6. Implement network segmentation to separate safety-critical traffic (SIS, emergency shutdown) from non-critical monitoring and business systems. Use firewalls and VLANs to enforce boundaries.
  7. Plan for maintenance and lifecycle management. Include environmental monitoring, regular inspection schedules for enclosure seals and cable glands, and a strategy for firmware updates and hardware replacements that does not compromise the protection technique.
  8. Validate the design through a formal review process that includes stakeholders from process safety, electrical engineering, instrumentation, and operations. Conduct a hazard and operability (HAZOP) study if the network is part of a safety instrumented function.
  9. Perform commissioning tests to verify that all equipment is correctly installed, grounded, and sealed. Test redundant paths, failover times, and emergency shutdown integration.

Conclusion

Designing industrial networks for hazardous environments requires a disciplined, systematic approach that integrates safety engineering, reliability analysis, and a thorough understanding of international standards. The network engineer working in these settings must think beyond data throughput and latency to consider ignition energy, fault tolerance, environmental resilience, and the long-term maintainability of systems that are difficult and expensive to access. By applying the principles of intrinsic safety, selecting certified and ruggedized hardware, deploying redundant topologies, and adhering to standards such as IEC 60079, NFPA 70, and ISA-62443, it is possible to build networks that are both safe and highly reliable. As wireless technology, PoE, and TSN continue to evolve, the toolbox available for hazardous area networking will expand, but the fundamental commitment to safety and reliability must remain at the core of every design decision.

For engineers seeking further information, the following resources provide authoritative guidance: the IEC 60079 series available from the International Electrotechnical Commission; NFPA 70 (National Electrical Code) from the National Fire Protection Association; and the ISA-62443 series from the International Society of Automation. Additionally, the IECEx System website offers a searchable database of certified equipment and Ex personnel competencies that is invaluable for specifying compliant solutions.