This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Ethernet/IP set to benefit from cybersecurity specifications

08 December 2015

The Open DeviceNet Vendors Association (ODVA) has announced the imminent publication of a new volume in its specifications specifically dedicated to cyber security. This will provide users with additional tools to secure their industrial control systems using EtherNet/IP by augmenting traditional defense-in-depth techniques with CIP Security.

This latest body of work will be released under the name of CIP Security and will join the family of other CIP (Common Industrial Protocol) services such as CIP Safety, CIP Energy, CIP Sync and CIP Motion. CIP Security will be initially applicable to EtherNet/IP.

Because EtherNet/IP relies on commercial-off-the-shelf (COTS) technologies for Ethernet and the Internet, users have been able to deploy traditional defense-in-depth techniques in EtherNet/IP systems for some time. CIP Security aims to help users take additional steps to protect their industrial control systems with industry-proven techniques for securing transport of messages between EtherNet/IP devices and systems.  

The initial release of CIP Security will include mechanisms to address spoofing of identity, tampering with data and disclosing of information. Mechanisms supported in the initial release of CIP Security include device authorisation, integrity of message transport and confidentiality of messages. 

“The publication of the volume dedicated to cybersecurity in The EtherNet/IP Specification is the next step in providing users with methods to help them manage threats and vulnerabilities in EtherNet/IP systems,” said Katherine Voss, ODVA president and executive director.  “Following this publication will be the realisation of the mechanisms provided by CIP Security in ODVA CONFORMANT EtherNet/IP products.”

ODVA’s focus on cybersecurity comes not only as an acknowledgement of the increased emphasis on cybersecurity for industrial control systems but also because of the widespread adoption of EtherNet/IP. The next edition of The EtherNet/IP Specification will expand support for IEC 62439-3 ‘Industrial communication networks – high availability automation networks – part 3’ to include High Availability Seamless Redundancy (HSR) in addition to Parallel Redundancy Protocol (PRP). HSR is commonly used in electrical substation automation as specified in IEC-61850.  Other high reliability techniques supported in The EtherNet/IP Specification include Rapid Spanning Tree (RSTP) and Device Level Ring (DLR).

Contact Details and Archive...

Print this page | E-mail this page