Introduction to CIP Security
South Louisiana User Group
Audio Recording (Podcast)
About our Topic
As industrial companies use digital transformation to improve productivity and profitability, they must also address its inherent security risks. CIP Security was created to help protect critical industrial communications as part of a defense-in-depth security strategy. Now, Rockwell Automation is introducing the first industrial control products on the market that allow companies to deploy CIP Security in their operations.
ODVA, a global association of the world’s leading automation companies, developed CIP Security. It is an extension to the Common Industrial Protocol (CIP), which is the application-layer protocol for EtherNet/IP. CIP Security is the first industrial automation protocol to support transport layer security (TLS), the most proven security standard in widespread use on the World Wide Web today.
“CIP Security can protect devices and systems that use EtherNet/IP from some of the top risks in connected operations, such as unauthorized PCs,” said Tony Baker, portfolio manager, security, for Rockwell Automation. “It does this in a few key ways. First, it limits device connectivity to only trusted PCs and devices. It also guards against packet tampering to protect data integrity. Finally, it encrypts communications to avert unwanted data reading and disclosure.”
Engineers will be able to implement CIP Security in their systems through new Rockwell Automation products and firmware updates to existing products such as Allen-Bradley ControlLogix controllers, communication modules and Kinetix servo drives.
In addition, the newly enhanced FactoryTalk Linx communications software allows FactoryTalk visualization and information software running on a PC to communicate to CIP Security-enabled devices. The new FactoryTalk Policy Manager tool within the FactoryTalk software suite is used to implement and configure security policies between CIP Security-enabled devices.
Rockwell Automation developed this new capability to work with existing industrial control devices regardless of whether or not they were designed to support CIP Security. This allows industrial users to phase in security over time and retrofit existing installations.
In addition, Allen-Bradley ControlLogix 5580 controllers will soon be certified compliant with the IEC 62443-4-2 security standard, building on the IEC 62443-4-1 certification that the Rockwell Automation Security Development Lifecycle has already received.
This latest certification means the controllers will meet the global standard’s robust cybersecurity requirements to help companies secure their connected operations. The ControlLogix 5580 family of controllers is one of the first platforms on the market to achieve this compliance.
- Links to IACS Cybersecurity Resources
- Rockwell Automation Industrial Network Products
- Rockwell Automation Industrial Network Services
|ControlLogix System Selection Guide, 1756-SG001|
|1756 ControlLogix Communication Modules Specifications Technical Data, 1756-TD003|
|ControlLogix EtherNet/IP Network Devices User Manual, 1756-UM004|
|EtherNet/IP Network Devices User Manual, ENET-UM006|
|Ethernet Design Considerations Reference Manual, ENET-RM002|
|EtherNet/IP Device Level Ring Application Technique, ENET-AT007|
|EtherNet/IP Parallel Redundancy Protocol Application Technique, ENET-AT006|
|Troubleshoot EtherNet/IP Networks, ENET-AT003|
|EtherNet/IP QuickConnect Application Technique, ENET-AT001|
|EtherNet/IP Socket Interface Application Technique, ENET-AT002|
Looking for more information?
Contact your local automation specialist or account manager at The Reynolds Company to discuss your automation applications. Find your specialist.