Threat Modeling CIP Security

Technical Paper Abstract
CIP Security brings a number of important cybersecurity protections to CIP and EtherNet/IP communication. However, CIP Security is not meant to defend against all possible threats, but rather stands as a part of a Defense-in-Depth approach to cybersecurity of industrial equipment. It is important for vendors and users to understand what types of protections CIP Security provides, as well as limitations of those protections and areas where other technologies might be able to boost overall defense. This paper provides a sample of some of the interesting and impactful threats where CIP Security provides protection, as well as areas where CIP Security is meant to fit into a layered approach to cyber protection. This paper is not meant to be a full Threat Model of CIP Security, but rather provides some illustrative examples around Threat Modeling and the Defense-in-Depth approach to security in which CIP Security plays a major role in protecting important plant assets.

Paper and presentation from the 2022 ODVA Industry Conference  & 21st Annual Meeting

David Smith, Schneider Electric
Jack Visoky, Rockwell Automation
Joakim Wiberg, HMS Networks