Get smart but stay safe

22 November 2019

Find out more about CIP Security – an enhancement to EtherNet/IP technology to address cybersecurity – which allows devices to defend themselves using industry-standard, widely adopted technology.

Device level security is a crucial component in industrial digital transformation as Ethernet continues to take over from traditional fieldbus networks. Indeed, HMS Networks estimates that industrial Ethernet now makes up 59% of new nodes installed on the factory floor today. 

Ethernet will become commonplace in process plants as well with the current work being done on Advanced Physical Layer for Ethernet, also known as Ethernet-APL, which will be capable of installations in all zone and division locations and 1,000m cable lengths. 

The benefits of having Ethernet down to the device level and up to the cloud include economies of scale, fewer gateways, streamlined commissioning, and quicker error resolution. Ultimately, ubiquitous Ethernet will drive cost effective operational technology (OT) and information technology (IT) convergence, cloud connectivity, and device analytics. 

However, as soon as a formerly isolated industrial network is connected externally, security becomes an imperative because it is not a question of if, but when an attack will come. This is where CIP Security, the security layer for the EtherNet/IP industrial communication network, comes into play. CIP Security is the last level of defense that is designed to keep your workers, assets, and intellectual property safe and secure.  

Defense in depth 
A best in class security strategy focuses on creating multiple hurdles to overcome instead of a single fortification that is difficult, but not impossible to get past. This defense in depth concept includes strong policies, physical protections, network infrastructure, and equipment security. Multiple layers of defense can slow down a bad actor enough to allow it to be noticed before serious damage is done and such a system can also reduce the desirability of a network as a target. Note that there is no such thing as an impenetrable security system. The goal is to create a system that is hard enough to break into relative to the value of what is being protected to motivate a bad actor to simply move on. 

CIP security
CIP Security – the enhancement to EtherNet/IP technology to address cybersecurity – allows devices to defend themselves using industry-standard, widely adopted technology. CIP Security was designed using Transport Layer Security (TLS), the same secure communication standards used in online banking, and is intended to be applied in industrial automation and control systems. The IEC 62443 family of standards are the leading cybersecurity standards recognised worldwide and contain minimum requirements for building secure automation systems. CIP Security addresses some of the hard-to-meet system-level requirements in those standards, such as:

Identity: Is the sender actually who they say they are?
• Integrity: Is the data complete? Has the data been changed?
• Authenticity: Did the data originate from the expected sender and in a complete, unchanged format? 
• Confidentiality: Is an unauthorised party viewing the communication?

CIP Security allows a certificate to be embedded into the device to identify itself. The certificate provides a verifiable root of trust. When a network connection between devices is initiated, a ‘TLS handshake’ is used to exchange the certificate. This is similar to how web browsers work. These certificates are used to identify the device and determine if trust should exist between the devices. At the end of the process, the devices share a secret key that can be used for secure communications and to authenticate that each message has been sent from the correct device and that the data has not been modified. 

The CIP Security standard uses the Hashed Message Authentication Code (HMAC) which is commonly used with TLS and DTLS communications. If an imposter device tries to send the data, or a man-in-the-middle tries to modify the data, the HMAC will not be valid. Not all automation data on the network needs to be encrypted, so to avoid overhead on the communication process, encryption is optional. If confidential process information or secret recipes are being sent, every packet can be secured with the TLS and DTLS encryption. 

CIP Security has recently been enhanced to allow devices to perform certificate enrollment directly for easier initial commissioning of devices. In contrast to the practice of pushing certificates out from a configuration tool, this ‘pulling’ functionality will allow devices to actively request certificates, resulting in improved productivity. The enhancements allow for increased efficiency with timeout responses, increased protection by allowing for a mandatory CIP Security connection for changes, and expanded behaviours for certificate verification.

Work is ongoing for the next phase of development of CIP Security, which will add support for user authentication, non-repudiation, and device authorisation. The ultimate roadmap of CIP Security development is to enable EtherNet/IP devices to become autonomous, taking responsibility for their own security and effectively securing themselves from attack.

Understanding where to add extra layers of security in a factory is critical. Portions of the industrial network are opened up the cloud to enable predictive maintenance and quality improvement. Other parts contain critical intellectual property. Still others include control of machines that workers interact with regularly and could be hurt if improper signals were sent. Finally, there are areas where incorrect commands could lead to significant product loss or even environmental catastrophe. Some parts of the network are so critical that they are closed off from other areas or are located behind a firewall, but even these areas are still vulnerable to determined attackers. It is clear that the most sensitive areas of a network require the highest level of protection. It I here that CIP Security controllers and devices are a must have to provide a crucial final layer of defense. 

Contact Details and Archive...

Related Articles...

Print this page | E-mail this page