While it is a top concern today, cybersecurity did not figure into the design case when most communication protocols for industrial automation were first developed. ODVA has recently added services for cybersecurity to its specification for EtherNet/IP. This significantly enhances cybersecurity, with very little impact on the architecture of existing applications.
EtherNet/IP Leverages IP Heritage with CIP Security by Harry Forbes, ARC Advisory Group
Cybersecurity: A Critical Missing Link in Communication Protocols for Industrial Automation
Most communication protocols for industrial automation were developed before there was any need for cybersecurity. Indeed, many industrial protocols in use today were originally developed for applications on the factory floor for isolated islands of automation and before Ethernet and/or the Internet were in widespread use. For these applications, design use cases for the protocol did not include cybersecurity. Neither was cybersecurity part of the initial design basis for the Internet protocols since the primary design use case was a small network of large computers for which access was limited and controlled. Count these design use cases as remarkably shortsighted!
Another barrier to including cybersecurity in industrial automation is the widespread belief in "the air gap" – the belief that industrial control systems were not directly connected to the Internet or, if connected, could effectively be isolated from cybersecurity threats. This belief has been questioned in the wake of the Stuxnet and Shamoon incidents and several other high-profile industrial cyber-attacks. As a result, the industry now understands that the cyber attack threat encompasses industrial control systems and that the risk is very serious, not only in systems that operate critical infrastructure but also to the factory and plant floor, extending all the way to field devices.
Now that industry has awakened to the threat, the response has been to protect automation systems and networks with multi-layered security, often referred to as "defense-in-depth." Read further by clicking here to download a copy of the ARC View.
For more information on ARC Views, please visit www.arcweb.com/Blog/Post/1122/EtherNet/IP-Leverages-IP-Heritage-with-CIP-Security.