ODVA released its initial CIP Security specification in 2015 to provide better security to EtherNet/IP-connected devices by adding support for device authentication, data integrity, and data confidentiality. This technology is especially useful when it comes to the communication made possible by the Industrial Internet of Things (IIoT).
The IIOT has not only gained popularity in recent years, but it is becoming a requirement to compete in the industrial space due to the real-time communication it enables between devices and the infrastructure of the business.
To enable real-time communication, manufacturing facilities need a way to connect their “things” to the Internet. Many industrial companies opt for EtherNet/IP due to its speed, ease of integration, and widespread adoption and support. According to ODVA, “EtherNet/IP is the only industrial Ethernet network that is proven, complete and ready for the Industrial Internet of Things.”
However, the concern that keeps emerging from companies with plans to implement IIoT communications is that it may not be secure from external, unauthorized entities. EtherNet/IP on its own is not designed with built-in security capabilities. To address these concerns, ODVA developed CIP Security for EtherNet/IP.
What is CIP Security?
CIP Security is an additional protocol layer that runs over the EtherNet/IP stack. Since it is a protocol layer stack like EtherNet/IP, it facilitates secure communication between I/O devices on the production floor. The goal of CIP Security software is to create a safe and secure transport of information over EtherNet/IP networks.
A self-defending CIP-connected device can:
- Verify Integrity: Reject altered data
- Verify Authenticity: Reject messages sent by untrusted people or devices
- Verify Authorization: Reject messages that request actions that are not allowed
CIP Security will require the device to authenticate all endpoints involved in the transport and ensure that the message was sent by the correct originator and was not modified in transit. It will also provide the option to encrypt messages for added security when needed.
Why is CIP Security Important?
In the past, manufacturers have implemented security in the form of a multi-layer architecture, but “as attackers become more sophisticated, it becomes more important for the CIP-connected device — the final layer of defense — to defend itself” (ODVA).
Not only are hackers’ strategies becoming more elaborate, but it turns out that many are specifically targeting manufacturing environments. According to CBS News, “While online thieves have long targeted banks for digital holdups, today’s just-in-time manufacturing sector is climbing toward the top of hackers’ hit lists.”
One of the reasons factories are being commonly targeted as opposed to other large businesses is the potential damage that can be done. With heavy-duty equipment and large production batches, there are endless ways for a hacker to wreak havoc on a factory such as stopping production, controlling devices in a way that is hazardous to employees, causing product defects, and more.
“These people who try to hack into your network know you have a set schedule. And they know hours are meaningful to what you’re doing,” John Peterson, Information Technology Officer at Toyota, said in an interview with CBS News. “There’s only a day and a half of inventory in the entire supply chain. And so, if we don’t make our product in time, that means Toyota doesn’t make their product in time, which means they don’t have a car to sell on the lot that next day. It’s that tight.”
With this knowledge, hackers know that they can easily demand ransoms due to the desperation of resuming production and the safety of employees. This is why it is crucial to ensure your communications are secure.
As more and more manufacturers begin to develop CIP Security-certified devices and applications, we are excited to see what new innovations arise from an environment that does not have to worry about hackers and can give their full attention to production and efficiency.
To continue learning about EtherNet/IP, check out the following resources.