How CIP Security Helps CPG Firms Improve Cybersecurity

Digital technology continues to transform manufacturing. And as smart factory initiatives escalate, original equipment manufacturers (OEMs) face new demands for highly productive, information-enabled machines that support digital transformation while also helping to maintain safety and security.

Not so long ago, “productivity,” “safety” and “security” were viewed as separate machine considerations, often at odds with each other. However, in modern connected plants, they’re indelibly linked. A security breach on an industrial control system can delay production, damage equipment, injure workers or harm the environment.

Machine builders play a key role in helping manufacturers capture the benefits of connectivity — and mitigate risk. Thanks to new technologies like smart safety and CIP Security™, you can rethink your approach to machine design and step up to the challenge.

Smarter Devices, Smarter Safety

Of course, machine safety has always been a critical consideration in your designs. But conventional machine-safety systems provide little or no data.

For example, the system can notify an operator that a line has stopped, but can’t provide any information about the position or nature of the fault. So even an easily corrected safety fault — like a guarded access door being slightly ajar — can result in extensive troubleshooting and lost production time.

The key to smart safety and better machine productivity is more information. Smart safety takes advantage of digital technology and network connectivity to provide rich data that can optimize performance.

Simply put, smart safety controllers and devices acquire and process data — and can monitor and report on asset conditions in real time. They can communicate on the same EtherNet/IP™ network that runs the rest of the machine using a safety-based communication protocol — or built-in CIP Safety™ functionality, like a light curtain.

Smart safety devices provide diagnostic information that can deliver valuable insights, such as exactly where a safety-related failure is occurring or if workers are following standard operating procedures. Also, smart safety devices support better visibility into operations and deliver the information manufacturers need to make better decisions about how to improve their processes.

The results are faster troubleshooting, more machine uptime and higher throughput.

Relationship Between Safety & Security

In today’s increasingly connected plants, cybersecurity also affects safety and productivity. A bad actor that infiltrates an industrial control system can quickly cause devastating damage — from manipulating a process to compromising a safety system.

At the same time, more manufacturers are looking for ways to enable secure remote access to their equipment. Certainly, one lasting lesson from the COVID-19 pandemic is that remote access can be critical when on-site service options are limited.

The good news is that cybersecurity is a foreseeable safety issue — and risk mitigation is attainable. In fact, a cybersecurity strategy based on defense-in-depth (DiD) is one of the most effective measures manufacturers can take to help protect their systems. And your machine designs can support their efforts.

Security in Mind as You Design

Ultimately, cybersecurity risk mitigation depends on the DiD strategy implemented by your customers. Specifically, the IEC 62443

To mitigate risk, manufacturers must focus on strong policies, physical protections, network infrastructure and segmentation, and securing their equipment. At the outset, they should first define how secure their machines are, and many are demanding equipment that meets more stringent security protocols.

How can you meet your customers’ cybersecurity expectations? Design your machine control systems with security in mind. Your first step is verifying that the control system components you apply feature robust security profiles designed for industrial environments and in compliance with IEC 62443.

Make It CIP Security Ready

While your customers will no doubt use a variety of methods to help thwart cybersecurity threats, CIP Security^TM is becoming an increasingly important way to reinforce a DiD strategy. To support this, you can make your equipment “CIP Security ready.”

CIP Security helps provide a secure way to transport data — at the protocol level — on EtherNet/IP networks. A CIP Security-enabled device can help protect itself from malicious communications in three important ways:

• Rejects messages sent by untrusted people or untrusted devices.
• Rejects data that has been altered.
• Helps prevent viewing of EtherNet/IP data by unauthorized parties.

The most vulnerable access point to your machine is its workstation, which always links to the control system. To help mitigate that risk, an increasing number of controllers, drives and communication modules have built-in CIP Security capability.

To improve access control, you can group devices with CIP Security within your machine, and create a “zone” or set of devices that share the same security policy.

What about machine control devices without built-in CIP Security? Typically, these components are “allow listed” to communicate with devices within the zone. But now you can achieve an even higher level of machine protection by using the Allen‑Bradley^® CIP Security proxy

A standalone hardware solution, the proxy is designed to help protect many of the EtherNet/IP control devices in use that don’t have built-in CIP Security capabilities. As a result, you can improve security not only in your new equipment designs, but in existing installations, too.

Learn about smart machine

Like this article? Sign up for the digital magazine

_{The Journal From Rockwell Automation and Our PartnerNetwork™ is published by Endeavor Business Media.}