Realizing Greater System Robustness Through Combining CIP Safety and CIP Security Abstract

Technical Paper Abstract

Users need industrial communication protocols supporting both safety and security, like CIP Safety and CIP Security. There have been concerns that these two technologies may interfere, especially that the addition of security may be detrimental to the Functional Safety Argument. In particular there have been concerns regarding the Bit Error Rate, BER, to model in the communication system.

In this paper, we have shown via analysis and Markov Model that the addition of CIP security to CIP Safety improves the safety argument rather than interfering with it and that overly conservative bit error rates do not need to be assumed. This is mainly due to the collision resistant properties of the HMAC, the diffusion properties of encryption, and possible additional robustness via security mandated testing (e.g. testing mandated by the IEC 62443 V&V model).Through the Markov model analysis, the device internal interface between the security layer (broadly black channel) and safety layer is identified as the most critical part. The security standard IEC 62443 has similar requirement to the systematic capability defined in the safety standard IEC 61508. Hence adding a security implementation to the black channel part of the device will decrease systematic errors and reinforce the interface part.

Paper and presentation from the 2022 ODVA Industry Conference  & 21st Annual Meeting

Vivek Hajarnavis, Rockwell Automation

Xiaobo Peng, Rockwell Automation

Jack Visoky, Rockwell Automation

Steve Seidlitz,  Rockwell Automation