Rockwell Automation introduces industrial control devices to support ODVA’s CIP Security

CIP security defines security-related requirements and capabilities for EtherNet/IP devices

By Wayne Labs, Senior Contributing Technical Editor

Rockwell Automation has announced new industrial control products to include CIP Security.

CIP Security is an extension of the Common Industrial Protocol (CIP), which is the application-layer protocol for EtherNet/IP, CIP Security is said to be the first industrial automation protocol to support transport layer security (TLS), the same proven security standard in widespread use on the World Wide Web.

“CIP Security can protect devices and systems that use EtherNet/IP from some of the top risks in connected operations, such as unauthorized PCs,” says Tony Baker, portfolio manager, security, for Rockwell Automation. “It does this in a few key ways. First, it limits device connectivity to only trusted PCs and devices. It also guards against packet tampering to protect data integrity. Finally, it encrypts communications to avert unwanted data reading and disclosure.”

According to ODVA, the goal of CIP Security is to enable the CIP-connected device to protect itself from malicious CIP communications. A fully self-defending CIP device will:

Reject data that has been altered (integrity)
Reject messages sent by un-trusted people or un-trusted devices (authenticity)
Reject messages that request actions that are not allowed (authorization)

CIP Security and Rockwell devices

Engineers will be able to implement CIP Security in their systems through new Rockwell Automation products and firmware updates to existing products such as Allen-Bradley ControlLogix controllers, communication modules and Kinetix servo drives.

In addition, the newly enhanced FactoryTalk Linx communications software allows FactoryTalk visualization and information software running on a PC to communicate to CIP Security-enabled devices. The new FactoryTalk Policy Manager tool within the FactoryTalk software is used to implement and configure security policies between CIP Security-enabled devices.

The announcement was made at the 2018 Rockwell Automation Fair. The company developed this new capability to work with existing industrial control devices regardless of whether or not they were designed to support CIP Security. This allows industrial users to phase in security over time and retrofit existing installations.

In addition, Allen-Bradley ControlLogix 5580 controllers will soon be certified compliant with the IEC 62443-4-2 security standard, building on the IEC 62443-4-1 certification that the Rockwell Automation Security Development Lifecycle has already received.

This latest certification means the controllers will meet the global standard’s robust cybersecurity requirements to help companies secure their connected operations. The ControlLogix 5580 family of controllers is one of the first platforms on the market to achieve this compliance.

KEYWORDS: cybersecurity

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Wayne Labs has more than 30 years of editorial experience in industrial automation. He served as senior technical editor for I&CS/Control Solutions magazine for 18 years where he covered software, control system hardware and sensors/transmitters. Labs ran his own consulting business and contributed feature articles to Electronic Design, Control, Control Design, Industrial Networking and Food Engineering magazines. Before joining Food Engineering, he served as a senior technical editor for Omega Engineering Inc. Labs also worked in wireless systems and served as a field engineer for GE’s Mobile Communications Division and as a systems engineer for Bucks County Emergency Services. In addition to writing technical feature articles, Wayne covers FE’s Engineering R&D section.