Ethernet/IP set to benefit from cybersecurity specifications
08 December 2015
The Open DeviceNet Vendors Association (ODVA) has announced the imminent publication of a new volume in its specifications specifically dedicated to cyber security. This will provide users with additional tools to secure their industrial control systems using EtherNet/IP by augmenting traditional defense-in-depth techniques with CIP Security.
This latest body of work will be released under the name of CIP Security and will join the family of other CIP (Common Industrial Protocol) services such as CIP Safety, CIP Energy, CIP Sync and CIP Motion. CIP Security will be initially applicable to EtherNet/IP.
Because EtherNet/IP relies on commercial-off-the-shelf (COTS) technologies for Ethernet and the Internet, users have been able to deploy traditional defense-in-depth techniques in EtherNet/IP systems for some time. CIP Security aims to help users take additional steps to protect their industrial control systems with industry-proven techniques for securing transport of messages between EtherNet/IP devices and systems.
The initial release of CIP Security will include mechanisms to address spoofing of identity, tampering with data and disclosing of information. Mechanisms supported in the initial release of CIP Security include device authorisation, integrity of message transport and confidentiality of messages.
“The publication of the volume dedicated to cybersecurity in The EtherNet/IP Specification is the next step in providing users with methods to help them manage threats and vulnerabilities in EtherNet/IP systems,” said Katherine Voss, ODVA president and executive director. “Following this publication will be the realisation of the mechanisms provided by CIP Security in ODVA CONFORMANT EtherNet/IP products.”
ODVA’s focus on cybersecurity comes not only as an acknowledgement of the increased emphasis on cybersecurity for industrial control systems but also because of the widespread adoption of EtherNet/IP. The next edition of The EtherNet/IP Specification will expand support for IEC 62439-3 ‘Industrial communication networks – high availability automation networks – part 3’ to include High Availability Seamless Redundancy (HSR) in addition to Parallel Redundancy Protocol (PRP). HSR is commonly used in electrical substation automation as specified in IEC-61850. Other high reliability techniques supported in The EtherNet/IP Specification include Rapid Spanning Tree (RSTP) and Device Level Ring (DLR).
Contact Details and Archive...
Most Viewed Articles...