Specification volume dedicated to cyber security announced
ODVA announced the pending publication of a new volume in its specifications specifically dedicated to cyber security. This body of work will be released under the name of CIP Security and will be initially applicable to EtherNet/IP. Because EtherNet/IP relies on commercial-off-the-shelf (COTS) technologies for Ethernet and the Internet, users have been able to deploy traditional defense-in-depth techniques in EtherNet/IP systems for some time. CIP Security is designed to help users take additional steps to protect their industrial control systems with techniques for securing transport of messages between EtherNet/IP devices and systems and thus reduce their exposure to cybersecurity threats.
CIP Security addresses spoofing of identity, data tampering, and disclosing information. Mechanisms supported in the initial release of CIP Security include device authorization, integrity of message transport and confidentiality of messages. To support these mechanisms, ODVA has adapted encryption standards from the Internet Engineering Task Force (IETF) for encryption based on Transport Layer Security (TLS), Data Transport Layer Security (DTLS) and authentication based on the X.509v3 standard for certificate handling. Details of ODVA’s initial implementation of CIP Security and outlook for the future were presented in a technical paper at ODVA’s 2015 Industry Conference and 17th Annual Meeting of Members. ODVA’s focus on cyber security is a function of increased emphasis on cybersecurity for industrial control systems as well as the widespread adoption of EtherNet/IP in broad range of applications from manufacturing to critical infrastructure.
– Edited by CFE Media. See more Control Engineering cyber security stories.