User Group

April 2019 New Orleans User Group

Introduction to CIP Security
South Louisiana User Group


Audio Recording (Podcast)


Presentation


About our Topic

As industrial companies use digital transformation to improve productivity and profitability, they must also address its inherent security risks. CIP Security was created to help protect critical industrial communications as part of a defense-in-depth security strategy. Now, Rockwell Automation is introducing the first industrial control products on the market that allow companies to deploy CIP Security in their operations.

ODVA, a global association of the world’s leading automation companies, developed CIP Security. It is an extension to the Common Industrial Protocol (CIP), which is the application-layer protocol for EtherNet/IP. CIP Security is the first industrial automation protocol to support transport layer security (TLS), the most proven security standard in widespread use on the World Wide Web today.

“CIP Security can protect devices and systems that use EtherNet/IP from some of the top risks in connected operations, such as unauthorized PCs,” said Tony Baker, portfolio manager, security, for Rockwell Automation. “It does this in a few key ways. First, it limits device connectivity to only trusted PCs and devices. It also guards against packet tampering to protect data integrity. Finally, it encrypts communications to avert unwanted data reading and disclosure.”

Engineers will be able to implement CIP Security in their systems through new Rockwell Automation products and firmware updates to existing products such as Allen-Bradley ControlLogix controllers, communication modules and Kinetix servo drives.

In addition, the newly enhanced FactoryTalk Linx communications software allows FactoryTalk visualization and information software running on a PC to communicate to CIP Security-enabled devices. The new FactoryTalk Policy Manager tool within the FactoryTalk software suite is used to implement and configure security policies between CIP Security-enabled devices.

Rockwell Automation developed this new capability to work with existing industrial control devices regardless of whether or not they were designed to support CIP Security. This allows industrial users to phase in security over time and retrofit existing installations.

In addition, Allen-Bradley ControlLogix 5580 controllers will soon be certified compliant with the IEC 62443-4-2 security standard, building on the IEC 62443-4-1 certification that the Rockwell Automation Security Development Lifecycle has already received.

This latest certification means the controllers will meet the global standard’s robust cybersecurity requirements to help companies secure their connected operations. The ControlLogix 5580 family of controllers is one of the first platforms on the market to achieve this compliance.


Additional Resources

Technical Publications

ControlLogix System Selection Guide, 1756-SG001
1756 ControlLogix Communication Modules Specifications Technical Data, 1756-TD003
ControlLogix EtherNet/IP Network Devices User Manual, 1756-UM004
EtherNet/IP Network Devices User Manual, ENET-UM006
Ethernet Design Considerations Reference Manual, ENET-RM002
EtherNet/IP Device Level Ring Application Technique, ENET-AT007
EtherNet/IP Parallel Redundancy Protocol Application Technique, ENET-AT006
Troubleshoot EtherNet/IP Networks, ENET-AT003
EtherNet/IP QuickConnect Application Technique, ENET-AT001
EtherNet/IP Socket Interface Application Technique, ENET-AT002

Looking for more information?
Contact your local automation specialist or account manager at The Reynolds Company to discuss your automation applications. Find your specialist.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.