As industrial companies use digital transformation to improve productivity and profitability, they must also address its inherent security risks. CIP Security was created to help protect critical industrial communications as part of a defense-in-depth security strategy.
Rockwell Automation released its first industrial control products on the market that allow companies to deploy CIP Security in their operations.
ODVA, a global association of automation companies, developed CIP Security. It is an extension to the Common Industrial Protocol (CIP), which is the application-layer protocol for EtherNet/IP. CIP Security is an industrial automation protocol to support transport layer security (TLS), a security standard in widespread use on the web.
“CIP Security can protect devices and systems that use EtherNet/IP from some of the top risks in connected operations, such as unauthorized PCs,” said Tony Baker, portfolio manager, security, for Rockwell Automation. “It does this in a few key ways. First, it limits device connectivity to only trusted PCs and devices. It also guards against packet tampering to protect data integrity. Finally, it encrypts communications to avert unwanted data reading and disclosure.”
Engineers will be able to implement CIP Security in their systems through Rockwell Automation products and firmware updates to existing products such as Allen-Bradley ControlLogix controllers, communication modules and Kinetix servo drives.
In addition, the newly enhanced FactoryTalk Linx communications software allows FactoryTalk visualization and information software running on a PC to communicate to CIP Security-enabled devices. The new FactoryTalk Policy Manager tool within the FactoryTalk software is used to implement and configure security policies between CIP Security-enabled devices.
Rockwell Automation developed this new capability to work with existing industrial control devices regardless of whether or not they were designed to support CIP Security. This allows industrial users to phase in security over time and retrofit existing installations.