The CIP (Common Industrial Protocol) Security from ODVA includes the definition of security-related requirements and capabilities for CIP devices, specifically EtherNet/IP devices. The goal of CIP Security is to enable CIP-connected devices to protect themselves from malicious CIP communications. Consequently, CIP devices would be able to reject altered data, reject messages sent by untrusted people or untrusted devices, reject messages requesting unallowed actions. CIP Security defines the notion of a Security Profile that is a set of well-defined capabilities to facilitate device interoperability with the right security capability.
Ongoing development for better security and productivity
ODVA has made several updates to CIP Security, for easier initial commissioning of devices. CIP Security was enhanced to allow devices to perform certificate enrollment directly. The 'pulling' functionality will allow devices to actively request certificates. The April 2019 edition aims to increase efficiency with timeout responses, increase protection by allowing for a mandatory CIP Security connection for changes, and expand behaviors for certificate verification. The next phase of development will add support for user authentication, non-repudiation, and device authorization, strengthening secure end-to-end communications between CIP endpoints.
