This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Expanded CIP security for improved productivity

15 April 2019

ODVA has released the first round of specification enhancements to its technologies for 2019, which included specific enhancements to The EtherNet/IP specification, including key updates to the CIP Security technology.

The goal of cybersecurity enhancements to EtherNet/IP is to extend a defense-in-depth architecture to network communications with and between ICS systems, and with and between ICS systems and edge devices.  ODVA’s realisation of this goal is the enhancement of the potential defensive capability of ICS systems and devices using EtherNet/IP by providing cybersecurity mechanisms that are native to EtherNet/IP and the Common Industrial Protocol (CIP).  

The initial CIP Security specification was published in 2015, providing vendors the ability to improve the security of EtherNet/IP-connected devices by adding support for device authentication, data integrity, and data confidentiality.  Since then there have been several key updates.  Most notably – to continue to fulfill the desire from end users for easier initial commissioning of devices – CIP Security was enhanced to allow devices to perform certificate enrollment directly.  In contrast to the practice of pushing certificates out from a configuration tool, this pulling functionality will allow devices to actively request certificates, resulting in improved productivity.  

The pulling of a certificate is accomplished using standard and proven IT technologies, furthering the ability to integrate IT and OT systems.  
 
Work is ongoing for the next phase of development of CIP Security, which will add support for user authentication, non-repudiation, and device authorisation, strengthening secure end-to-end communications between CIP endpoints.  


Contact Details and Archive...

Related Articles...

Print this page | E-mail this page