CIP Security – Implementation Considerations

Technical Paper Abstract
CIP Security (Profile 1) adds transport layer security to the CIP protocol, and has a large, system-wide impact on CIP based products. As such, there are many considerations that product developers must take into account when designing CIP Security enabled products. Many of these issues can have potential security implications and as a result require careful thought. Although the ODVA CIP Security specification provides sufficient information for the implementation of this protocol, it is still beneficial to product developers to have some additional guidance at their disposal. The aim of this paper is to provide non-normative guidance around many of the important considerations that have an impact on CIP Security implementations. This paper does not seek to replace or replicate the information within the CIP Security specification, but rather provides additional guidance and information. Furthermore, as this paper is non-normative, the information described within is not necessary for compliance (unless it is also stated within the official CIP Security specification).

Paper and presentation from the 2017 Industry Conference & 18th Annual Meeting of Members 

Ron Floyd, Pyramid Solutions
Michael Mann, Pyramid Solutions
Jack Visoky, Rockwell Automation
Joakim Wiberg, HMS Industrial Networks

CIP Security, Cyber Security, Certificates, Authentication, Integrity, TLS