Industrial Cybersecurity for EtherNet/IP™ Networks
As industrial networks become more connected through Industrial Internet of Things (IIoT) and Industry 4.0 initiatives, organizations require scalable cybersecurity architectures that protect devices, communications, and operations. ODVA helps manufacturers implement defense-in-depth industrial cybersecurity strategies with CIP Security™ for EtherNet/IP networks.
Defense-in-Depth for OT Networks
As a result of the growing amount of data being transferred from the device level to the edge and cloud, there has been a steady increase in the number of cyberattacks targeting industrial facilities, which have led to significant adverse business impacts. Industrial cybersecurity requires multiple layers of protection to reduce risk and maintain operational continuity. A defense-in-depth strategy combines physical security, secure network infrastructure, company policies and procedures, and device-level protection to help keep industrial operations safe from evolving cyber threats.
Physical security is a key consideration when it comes to minimizing the attack surface of a manufacturing facility. With technologies becoming more sophisticated and third parties having more access to critical systems and data, manufacturers must adopt a holistic strategy to stay a step ahead of threats.
ODVA provides cybersecurity guidance, best practices, and technologies such as CIP Security or EtherNet/IP.
CIP Security for EtherNet/IP
CIP Security is a cybersecurity network extension for EtherNet/IP. CIP Security helps devices protect their EtherNet/IP communications through authentication, integrity validation, encryption, and authorization.
CIP Security is designed for use in devices where the risk to life, property, and operations is the most critical. This means that CIP Security can be deployed in only those zones where workers could potentially be hurt by motion equipment, in devices that could reveal product recipes or manufacturing process secrets, or in lines that could cause great environmental damage.
CIP Security leverages widely adopted security technologies including:
- TLS and DTLS secure communications
- Message integrity validation with HMAC
- OAuth 2.0 and OpenID Connect authentication
- X.509 device certificates
It also helps users to adhere to modern cybersecurity initiatives and regulations including IEC 62443 and the EU Cyber Resilience Act (CRA).
Industrial Security Harmonization Group
The Industrial Security Harmonization Group (ISHG) is one of many collaborative activities in which ODVA is engaged to ensure that end users across industries benefit from a consistent application of the technologies they utilize. As a part of the ISHG, ODVA joins other industrial automation standards development organizations FieldComm Group, OPC Foundation, and PI to work to harmonize cybersecurity strategies and concepts, so that end users do not face unnecessary complexity when using security concepts in their automation systems.
Download the ISHG Resources:
- FAQ whitepaper to explain different topics of the security concepts of industrial automation environments, such as Public-key infrastructures, variations of certificate types, and certificate management tools.
- Secure Deployment of Industrial Communication Protocols – A Risk Management Based Approach whitepaper to provide guidance for industrial communication protocols usage in alignment with the EN 40000-1-2.
- Also, a presentation from ODVA’s Industry Conference is available here, which provides an in-depth look at the collaborative benefits of the ISHG.
Get Started with Industrial Cybersecurity Resources
ODVA offers a free virtual online Introduction to CIP Security training course for product developers and end users interested in learning more about CIP Security. This course is available in both live (2x/year) and on-demand formats.
FAQs
Why is industrial security important?
As IT and OT systems converge, every connected industrial device becomes part of the cybersecurity strategy. Device-level security is critical for protecting critical infrastructure, intellectual property, worker safety, and operations.
What is CIP Security?
CIP Security is an EtherNet/IP network extension designed to help improve the defensive capability of EtherNet/IP devices as a part of a defense-in-depth architecture. It protects against unauthorized access, ensures secure data transmission, and supports integrity mechanisms, aiding manufacturers in meeting cybersecurity compliance.
What key security standards does CIP Security help users to adhere to?
CIP Security supports a defense-in-depth approach for industrial architectures. CIP Security supports users in meeting the IEC 62443 series of standards for implementing and maintaining secure industrial automation and control systems (IACS). In addition, CIP Security helps manufacturers meet the mandates set forth by the EU Cyber Resilience Act (CRA).