CIP Security™ encompasses security-related requirements and capabilities for CIP devices, specifically EtherNet/IP™ devices.Control system security has historically been addressed by adoption of a defense-in-depth security architecture, which has been recommended for many years. This architecture is based on the idea that multiple layers of security are more resilient to attack. The expectation is that any one outer layer could be compromised at some point in time while the automation devices at the innermost layer would remain secure.

However, as IT/OT convergence accelerates and attackers become more sophisticated, it is more important for the CIP-connected device — the final layer of defense — to defend itself. Consider the situation where a piece of malware is, unknown to control system personnel, delivered to a compromised PC via USB drive. The malware could contain code to issue malicious CIP services to devices. However if the device were able to reject such services from untrusted sources, the threat would be mitigated.The goal of CIP Security is to enable the CIP-connected device to protect itself from malicious CIP communications. A fully self-defending CIP device would be able to:

• Reject data that has been altered (integrity)
• Reject messages sent by untrusted people or untrusted devices (authenticity)
• Reject messages that request actions that are not allowed (authorization)

Recognizing that every CIP device does not need to provide the same level of support for all defined security features, CIP Security defines the notion of a Security Profile. A Security Profile is a set of well-defined capabilities to facilitate device interoperability and end-user selection of devices with the appropriate security capability.CIP Security for EtherNet/IP devices makes use of the IETF-standard TLS (RFC 5246) and DTLS (RFC 6347) protocols in order to provide a secure transport for EtherNet/IP traffic. TLS is used for the TCP-based communications (including encapsulation layer, UCMM, transport class 3), and DTLS for the UDP-based transport class 0/1 communications. This approach is analogous to the way that HTTP uses TLS for HTTPS.The secure EtherNet/IP transport provides the following security attributes:

• Authentication of the endpoints — ensuring that the target and originator are both trusted entities. End point authentication is accomplished using X.509 certificates or pre-shared keys.
• Message integrity and authentication — ensuring that the message was sent by the trusted endpoint and was not modified in transit. Message integrity and authentication is accomplished via TLS message authentication code (HMAC).
• Message encryption — optional capability to encrypt the communications, provided by the encryption algorithm that is negotiated via the TLS handshake.

CIP Sync™ provides the increased control coordination mechanism needed for industrial automation control applications where absolute time synchronization is vital to achieve real-time synchronization between distributed intelligent devices and systems. CIP Sync™ is compliant with the IEEE-1588™ standard, and allows synchronization accuracy between two devices of fewer than 100 nanoseconds. Real-time synchronization can be achieved over conventional Ethernet systems with a switch-based architecture.

CIP Sync consists of a Time Sync object and associated services that allows users to synchronize devices, including motion axes, using “time.” This synchronization method provides a more flexible and scalable network architecture, ideal for large-scale motion systems. CIP Sync is not restricted by many of the constraints imposed by event-based or time-sliced implementations.

EtherNet/IP™ with CIP Motion™ technology combines the requirements of deterministic, real-time, closed loop motion control with standard, unmodified Ethernet, offering full compliance with Ethernet standards, including IEEE 802.3 and TCP/IP.

EtherNet/IP with CIP Motion technology delivers an open, high bandwidth, high performance solution for multi-axis, distributed motion control. CIP Motion accomplishes this through application profiles that are designed to allow position, speed and torque loops to be set within a drive. Multiple axes can be coordinated for precise, synchronized motion control when combined with the power of ODVA’s CIP Sync™ technology — the IEEE-1588™ compliant Precision Clock Synchronization, which is also mapped into the CIP object model.

EtherNet/IP with CIP Motion is a scalable and comprehensive solution that provides a common application interface and services for general purpose and motion control drives using the same profile. The technology is fully compatible with standard Ethernet topologies such as star and linear.

Multi-axis motion control typically uses event-based synchronization, which requires scheduled, absolute hard delivery of time-critical cyclic data across the network. Jitter of less than 1µs for cyclic data is necessary for precise speed and/or position control, but Ethernet’s CSMA/CD data layer is not capable of delivering data with less than 1µs of jitter.

EtherNet/IP with CIP Motion solves the determinism problem by changing the approach. CIP Motion removes the requirement for strict determinism from the network infrastructure and entrusts the end devices with the timing information necessary to handle the real-time control needs of the application.

EtherNet/IP with CIP Motion can thus deliver the high performance, deterministic control required for closed loop drive operation, using standard, unmodified Ethernet. Clock synchronization of better than 200ns can be readily achieved, meeting the needs of the most demanding motion control applications. Because the clocks in the end devices are tightly synchronized and information in the message is time-stamped, a small amount of jitter in receipt time of the message is unimportant.

CIP Motion Profile

The CIP Motion profile defines extensions focused on drive control:

• Torque, velocity, or position control of servo and variable speed drives
• Drive configuration, status, and diagnostic attributes and services
• Unicast control-to-drive communications
• Multicast peer-to-peer communications allow position and velocity synchronization in drives controlled by multiple distributed controllers
• Centralized and distributed motion support
• Common configuration, status and diagnostic services and common application instruction support for variable speed and servo drives makes those drives interchangeable at the application level.
• IEEE 802.3 and TCP/IP Compliance

Full compliance with IEEE 802.3 and TCP/IP gives CIP Motion many performance advantages:

• Standard Ethernet components (e.g., chips, switches and routers) reduce system cost with their high volume, commercial availability
• Network does not have to be scheduled
• Packet size and content can be dynamically changed, allowing dynamic inclusion or deletion of status or command data and dynamic drive operating mode changes
• Any Ethernet IEEE 802.3 compliant device can reside on the network without special switches or gateways
• Compatible with standard Ethernet topologies such as star and linear
• Performance upgrades to 1 Gigabit/sec and 10 Gigabit/sec are easy for both users and device suppliers.

EtherNet/IP™ is a best-in-class Ethernet communication network that provides users with the tools to deploy standard Ethernet technology (IEEE 802.3 combined with the TCP/IP Suite) in industrial automation applications while enabling Internet and enterprise connectivity…data anytime, anywhere. The Industrial Internet of Things (IIoT) and Industry 4.0 are providing manufacturers with significant opportunity for innovation. To capitalize on this opportunity and be able to connect all devices – not just those connected to controllers – industrial users must invest in networks that support the Internet Protocol. Through its reliance on standard Internet and Ethernet standards, EtherNet/IP is proven, complete and ready for Industry 4.0 and IIoT both today and tomorrow.

EtherNet/IP offers various network topology options including star or linear with standard Ethernet infrastructure devices, or device level ring (DLR) with specially enabled EtherNet/IP devices. QuickConnect™ functionality allows devices to be exchanged rapidly (e.g., a tool changer on a robot arm) while the network is running. Compliance with IEEE Ethernet standards provides users with a choice of network interface speeds — e.g., 10, 100 Mbps and 1 Gbps — and a flexible network architecture compatible with commercially available Ethernet installation options including copper, fiber, fiber ring and wireless. Options for industrially rated devices incorporating IP67 or better rated connectors with module and network status LEDs with device labeling provide ease of use.

Like all CIP Networks, EtherNet/IP utilizes the Common Industrial Protocol (CIP™) for its upper layers. CIP Networks follow the Open Systems Interconnection (OSI) model, which defines a framework for implementing network protocols in seven layers: physical, data link, network, transport, session, presentation and application. Networks that follow this model define a complete suite of network functionality from the physical implementation through the application or user interface layer.

CIP encompasses a comprehensive suite of messages and services for a variety of manufacturing automation applications, including control, safety, security, energy, synchronization & motion, information and network management. As a truly media-independent protocol that is supported by hundreds of vendors around the world, CIP provides users with a unified communication architecture throughout the manufacturing enterprise.

CIP Security™ encompasses security-related requirements and capabilities for CIP devices, specifically EtherNet/IP™ devices.Control system security has historically been addressed by adoption of a defense-in-depth security architecture, which has been recommended for many years. This architecture is based on the idea that multiple layers of security are more resilient to attack. The expectation is that any one outer layer could be compromised at some point in time while the automation devices at the innermost layer would remain secure.

However, as IT/OT convergence accelerates and attackers become more sophisticated, it is more important for the CIP-connected device — the final layer of defense — to defend itself. Consider the situation where a piece of malware is, unknown to control system personnel, delivered to a compromised PC via USB drive. The malware could contain code to issue malicious CIP services to devices. However if the device were able to reject such services from untrusted sources, the threat would be mitigated.The goal of CIP Security is to enable the CIP-connected device to protect itself from malicious CIP communications. A fully self-defending CIP device would be able to:

• Reject data that has been altered (integrity)
• Reject messages sent by untrusted people or untrusted devices (authenticity)
• Reject messages that request actions that are not allowed (authorization)

Recognizing that every CIP device does not need to provide the same level of support for all defined security features, CIP Security defines the notion of a Security Profile. A Security Profile is a set of well-defined capabilities to facilitate device interoperability and end-user selection of devices with the appropriate security capability.CIP Security for EtherNet/IP devices makes use of the IETF-standard TLS (RFC 5246) and DTLS (RFC 6347) protocols in order to provide a secure transport for EtherNet/IP traffic. TLS is used for the TCP-based communications (including encapsulation layer, UCMM, transport class 3), and DTLS for the UDP-based transport class 0/1 communications. This approach is analogous to the way that HTTP uses TLS for HTTPS.The secure EtherNet/IP transport provides the following security attributes:

• Authentication of the endpoints — ensuring that the target and originator are both trusted entities. End point authentication is accomplished using X.509 certificates or pre-shared keys.
• Message integrity and authentication — ensuring that the message was sent by the trusted endpoint and was not modified in transit. Message integrity and authentication is accomplished via TLS message authentication code (HMAC).
• Message encryption — optional capability to encrypt the communications, provided by the encryption algorithm that is negotiated via the TLS handshake.

CIP Sync™ provides the increased control coordination mechanism needed for industrial automation control applications where absolute time synchronization is vital to achieve real-time synchronization between distributed intelligent devices and systems. CIP Sync™ is compliant with the IEEE-1588™ standard, and allows synchronization accuracy between two devices of fewer than 100 nanoseconds. Real-time synchronization can be achieved over conventional Ethernet systems with a switch-based architecture.

CIP Sync consists of a Time Sync object and associated services that allows users to synchronize devices, including motion axes, using “time.” This synchronization method provides a more flexible and scalable network architecture, ideal for large-scale motion systems. CIP Sync is not restricted by many of the constraints imposed by event-based or time-sliced implementations.

EtherNet/IP™ with CIP Motion™ technology combines the requirements of deterministic, real-time, closed loop motion control with standard, unmodified Ethernet, offering full compliance with Ethernet standards, including IEEE 802.3 and TCP/IP.

EtherNet/IP with CIP Motion technology delivers an open, high bandwidth, high performance solution for multi-axis, distributed motion control. CIP Motion accomplishes this through application profiles that are designed to allow position, speed and torque loops to be set within a drive. Multiple axes can be coordinated for precise, synchronized motion control when combined with the power of ODVA’s CIP Sync™ technology — the IEEE-1588™ compliant Precision Clock Synchronization, which is also mapped into the CIP object model.

EtherNet/IP with CIP Motion is a scalable and comprehensive solution that provides a common application interface and services for general purpose and motion control drives using the same profile. The technology is fully compatible with standard Ethernet topologies such as star and linear.

Multi-axis motion control typically uses event-based synchronization, which requires scheduled, absolute hard delivery of time-critical cyclic data across the network. Jitter of less than 1µs for cyclic data is necessary for precise speed and/or position control, but Ethernet’s CSMA/CD data layer is not capable of delivering data with less than 1µs of jitter.

EtherNet/IP with CIP Motion solves the determinism problem by changing the approach. CIP Motion removes the requirement for strict determinism from the network infrastructure and entrusts the end devices with the timing information necessary to handle the real-time control needs of the application.

EtherNet/IP with CIP Motion can thus deliver the high performance, deterministic control required for closed loop drive operation, using standard, unmodified Ethernet. Clock synchronization of better than 200ns can be readily achieved, meeting the needs of the most demanding motion control applications. Because the clocks in the end devices are tightly synchronized and information in the message is time-stamped, a small amount of jitter in receipt time of the message is unimportant.

CIP Motion Profile

The CIP Motion profile defines extensions focused on drive control:

• Torque, velocity, or position control of servo and variable speed drives
• Drive configuration, status, and diagnostic attributes and services
• Unicast control-to-drive communications
• Multicast peer-to-peer communications allow position and velocity synchronization in drives controlled by multiple distributed controllers
• Centralized and distributed motion support
• Common configuration, status and diagnostic services and common application instruction support for variable speed and servo drives makes those drives interchangeable at the application level.
• IEEE 802.3 and TCP/IP Compliance

Full compliance with IEEE 802.3 and TCP/IP gives CIP Motion many performance advantages:

• Standard Ethernet components (e.g., chips, switches and routers) reduce system cost with their high volume, commercial availability
• Network does not have to be scheduled
• Packet size and content can be dynamically changed, allowing dynamic inclusion or deletion of status or command data and dynamic drive operating mode changes
• Any Ethernet IEEE 802.3 compliant device can reside on the network without special switches or gateways
• Compatible with standard Ethernet topologies such as star and linear
• Performance upgrades to 1 Gigabit/sec and 10 Gigabit/sec are easy for both users and device suppliers.