Optimization of Industrial Cybersecurity (OIC™)
In order to address cybersecurity issues in automation networks such as EtherNet/IP, adoption of a defense-in-depth security architecture has been recommended by ODVA for many years. This approach is based on the idea that multiple layers of security are more resilient to attack.
The expectation is that any one layer could be compromised at some point in time, alerting the owner to respond, while the automation devices at the innermost layer remain secure.
Ultimately, the best solution would be to allow each of the layers to add additional security to the layer above it. In their present form, however, automation networks generally lack the security measures necessary to protect the innermost layer — the industrial control systems device itself. The ability for devices to know that the sender or receiver of a message is a trusted entity, or to have cryptographic proof that a message has not been maliciously tampered with while in transit, is very limited.
In the Optimization of Industrial Cybersecurity (OIC™), ODVA seeks to improve the defensive capability of devices connected to EtherNet/IP and other CIP Networks. This added approach will become the final level of defense in a defense-in-depth architecture. The ultimate goal is to allow vendors to build interoperable EtherNet/IP devices that can defend themselves, the communications between them, and communications with third parties.
Read about the initial vision of ODVA’s approach to industrial cybersecurity in the white paper Cybersecurity for Industrial Control Systems: ODVA’s Vision for Security the Flow of Data in Industrial Networks.” In the second publication cycle of The EtherNet/IP Specification, ODVA included cybersecurity features in its initial publication of CIP Security™.