Rockwell Automation has announced new industrial control products to include CIP Security.

CIP Security is an extension of the Common Industrial Protocol (CIP), which is the application-layer protocol for EtherNet/IP, CIP Security is said to be the first industrial automation protocol to support transport layer security (TLS), the same proven security standard in widespread use on the World Wide Web.

“CIP Security can protect devices and systems that use EtherNet/IP from some of the top risks in connected operations, such as unauthorized PCs,” says Tony Baker, portfolio manager, security, for Rockwell Automation. “It does this in a few key ways. First, it limits device connectivity to only trusted PCs and devices. It also guards against packet tampering to protect data integrity. Finally, it encrypts communications to avert unwanted data reading and disclosure.”

According to ODVA, the goal of CIP Security is to enable the CIP-connected device to protect itself from malicious CIP communications. A fully self-defending CIP device will:

  • Reject data that has been altered (integrity)
  • Reject messages sent by un-trusted people or un-trusted devices (authenticity)
  • Reject messages that request actions that are not allowed (authorization)

CIP Security and Rockwell devices

Engineers will be able to implement CIP Security in their systems through new Rockwell Automation products and firmware updates to existing products such as Allen-Bradley ControlLogix controllers, communication modules and Kinetix servo drives.

In addition, the newly enhanced FactoryTalk Linx communications software allows FactoryTalk visualization and information software running on a PC to communicate to CIP Security-enabled devices. The new FactoryTalk Policy Manager tool within the FactoryTalk software is used to implement and configure security policies between CIP Security-enabled devices.

The announcement was made at the 2018 Rockwell Automation Fair. The company developed this new capability to work with existing industrial control devices regardless of whether or not they were designed to support CIP Security. This allows industrial users to phase in security over time and retrofit existing installations.

In addition, Allen-Bradley ControlLogix 5580 controllers will soon be certified compliant with the IEC 62443-4-2 security standard, building on the IEC 62443-4-1 certification that the Rockwell Automation Security Development Lifecycle has already received.

This latest certification means the controllers will meet the global standard’s robust cybersecurity requirements to help companies secure their connected operations. The ControlLogix 5580 family of controllers is one of the first platforms on the market to achieve this compliance.