Loading

Blog

Recent ActivityRecent Activity

Using CIP Security to Strengthen Your Defense In Depth Strategy

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Dictumst vestibulum rhoncus est pellentesque elit ullamcorper. Aliquet risus feugiat in ante metus dictum at tempor. Urna condimentum mattis pellentesque id nibh tortor id aliquet. Nisi quis eleifend quam adipiscing vitae proin sagittis nisl. Nunc sed augue lacus viverra vitae congue eu consequat ac. Elit pellentesque habitant morbi tristique senectus et netus et.

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Dictumst vestibulum rhoncus est pellentesque elit ullamcorper. Aliquet risus feugiat in ante metus dictum at tempor. Urna condimentum mattis pellentesque id nibh tortor id aliquet. Nisi quis eleifend quam adipiscing vitae proin sagittis nisl. Nunc sed augue lacus viverra vitae congue eu consequat ac. Elit pellentesque habitant morbi tristique senectus et netus et. Egestas integer eget aliquet nibh praesent. Tristique sollicitudin nibh sit amet. Sed adipiscing diam donec adipiscing tristique risus nec feugiat in. Lobortis scelerisque fermentum dui faucibus in ornare quam viverra. Lacinia at quis risus sed vulputate odio. Ante in nibh mauris cursus mattis molestie a iaculis at. Non consectetur a erat nam at. Faucibus ornare suspendisse sed nisi lacus. In cursus turpis massa tincidunt dui ut ornare lectus. Fringilla ut morbi tincidunt augue interdum velit euismod.

Id aliquet risus feugiat in. In aliquam sem fringilla ut morbi tincidunt augue. Volutpat lacus laoreet non curabitur. Eget magna fermentum iaculis eu non diam phasellus. Bibendum arcu vitae elementum curabitur vitae nunc sed velit. Pellentesque habitant morbi tristique senectus et. Blandit volutpat maecenas volutpat blandit aliquam. Tellus integer feugiat scelerisque varius morbi. Sit amet purus gravida quis blandit turpis cursus. Viverra orci sagittis eu volutpat odio facilisis. Rhoncus est pellentesque elit ullamcorper dignissim cras tincidunt lobortis. Mi sit amet mauris commodo. Adipiscing at in tellus integer feugiat scelerisque varius morbi enim. Amet nisl purus in mollis nunc sed. Eget dolor morbi non arcu risus quis varius quam. Mattis enim ut tellus elementum sagittis vitae et. Lectus magna fringilla urna porttitor rhoncus dolor purus non.

At auctor urna nunc id cursus metus aliquam eleifend. Ipsum dolor sit amet consectetur adipiscing. Congue mauris rhoncus aenean vel elit scelerisque. Nunc mi ipsum faucibus vitae aliquet nec. Venenatis tellus in metus vulputate eu scelerisque felis imperdiet proin. Scelerisque fermentum dui faucibus in. Vel fringilla est ullamcorper eget nulla facilisi etiam dignissim diam. Est velit egestas dui id ornare arcu. Vel pretium lectus quam id leo in vitae turpis massa. Eu tincidunt tortor aliquam nulla. Hendrerit dolor magna eget est lorem ipsum.

Et pharetra pharetra massa massa ultricies. Tellus at urna condimentum mattis pellentesque id nibh tortor. Non diam phasellus vestibulum lorem sed risus ultricies tristique. Vel pretium lectus quam id leo. Mi sit amet mauris commodo. Id ornare arcu odio ut sem nulla pharetra. Pharetra sit amet aliquam id diam maecenas ultricies. Pharetra diam sit amet nisl suscipit. Vitae nunc sed velit dignissim sodales ut eu. Integer feugiat scelerisque varius morbi enim nunc. Egestas purus viverra accumsan in nisl nisi scelerisque. Sit amet nulla facilisi morbi tempus iaculis.

Nunc aliquet bibendum enim facilisis gravida neque convallis. Sed euismod nisi porta lorem mollis aliquam ut. Elementum facilisis leo vel fringilla est ullamcorper. Orci ac auctor augue mauris augue neque gravida in. Scelerisque viverra mauris in aliquam sem fringilla ut morbi. Tincidunt vitae semper quis lectus nulla at volutpat diam ut. Scelerisque varius morbi enim nunc faucibus a pellentesque sit. Orci porta non pulvinar neque laoreet suspendisse interdum consectetur libero. Nisi porta lorem mollis aliquam ut porttitor leo a diam. Pulvinar etiam non quam lacus suspendisse faucibus interdum posuere lorem. Risus pretium quam vulputate dignissim suspendisse in est ante. Commodo sed egestas egestas fringilla phasellus faucibus. Aenean et tortor at risus viverra adipiscing at in tellus. Quis imperdiet massa tincidunt nunc pulvinar. Diam ut venenatis tellus in metus vulputate eu scelerisque. Enim blandit volutpat maecenas volutpat. Lectus arcu bibendum at varius vel.

Industrial operations are increasingly becoming the target of cybersecurity attacks. There are new devices adding network connectivity as they migrate from traditional fieldbuses and standalone operation. Additional connections are being created between the IT and OT space and machine builders increasingly offer analytics if their machine can be connected to the cloud. International standards for cybersecurity, known as IEC 62443, are being updated and expanded, including requirements for end users, system integrators, and device manufacturers. These standards require defense in depth strategies to reduce the risk of attacks that cause harm considering the additional connectivity.

As you advance the cybersecurity of your operations, you need more capability at deeper levels of the defense in depth strategy. Have you performed cybersecurity assessments, minimized your attack surface with cybersecurity essentials and implemented best network segmentation practices? If you're ahead of all these, you're on the right track!

Even once you have strong security policies and protections, adding security at each layer improves your resilience against attacks. For example, how will you protect your process if a malicious actor has access behind your firewall? You may be susceptible to various attacks that need additional measures to mitigate.

What do you mean, a firewall isn’t enough?

A malicious actor could create an unauthorized connection to hardware in your system by pretending to be another kind of device. This has been demonstrated recently in industrial automation, with an imposter computer improperly configuring devices and injecting code based on insecure identification credentials.

Another attack type that's possible without communication integrity is the man-in-the-middle attack and a variant of that - the replay attack. During these attacks, someone would intercept and modify data between two devices, sometimes after collecting data that can be used to mimic normal operation. That could mask abnormal behavior that can cause equipment damage or endanger human safety.

Cybercriminals could also gain proprietary information by snooping on the network traffic between industrial devices. Whether those are secret recipes going from the MES to the PLCs, analytic data that could be used to steal manufacturing best practices, or production volume information that could be used to short stocks, data transmitted without confidentiality could be used for harm.

Every layer of defense helps, so get to the devices

To bolster security at the device level and reduce the risk of those attacks, IEC 62443-3-3 and IEC 62443-4-2 include common minimum requirements for device identity, integrity and authenticity of communications, and options for confidentially transmitting data. Four of the requirements in the standard (SR 1.2, SR 3.1, SR 3.13, SR 4.1) are almost impossible to implement at a system level without the right hardware and firmware at the device level. If you want to use devices from multiple vendors that meet those system requirements, standards and conformance testing are needed.

The CIP Security protocol is an open standard from ODVA, which helps solve important communication requirements that device vendors using industrial Ethernet cannot solve themselves. This standard is the only standard designed for securing communications between PLCs and devices. The CIP Security protocol provides mechanisms for validating device identity, device authentication, data integrity and data confidentiality. All three of the functional requirements and their requirement enhancements can be met using CIP Security and configured using FactoryTalk Policy Manager.

Rockwell Automation is releasing CIP Security on more products each year and other vendors are adopting this standard right now. Some of upcoming devices include retrofit opportunities to reduce the risk of cyber incidents with existing equipment too, so don’t think that you must wait for a greenfield plant to make improvements. Start considering when and how you will add more layers to your defense in depth!


Oliver Haya
Oliver Haya
Business Development Manager, EtherNet/IP Technology Adoption, Rockwell Automation
Subscribe

Subscribe to Rockwell Automation and receive the latest news, thought leadership and information directly to your inbox.

Recommended For You