Industrial Control Devices Support CIP Security

Industrial Control Devices Support CIP Security

I didn’t attend Automation Fair this year, but I have been watching for news. Here is a first product release from Rockwell Automation using CIP Security—an extension of the Common Industrial Protocol promulgated by ODVA designed for, well, secure communication as one part of a defense-in-depth strategy.

CIP is the application-layer protocol for EtherNet/IP. CIP Security supports transport layer security (TLS), the most proven security standard in widespread use on the World Wide Web today.

“CIP Security can protect devices and systems that use EtherNet/IP from some of the top risks in connected operations, such as unauthorized PCs,” said Tony Baker, portfolio manager, security, for Rockwell Automation. “It does this in a few key ways. First, it limits device connectivity to only trusted PCs and devices. It also guards against packet tampering to protect data integrity. Finally, it encrypts communications to avert unwanted data reading and disclosure.”

Engineers will be able to implement CIP Security in their systems through new Rockwell Automation products and firmware updates to existing products such as Allen-Bradley ControlLogix controllers, communication modules, and Kinetix servo drives.

In addition, the newly enhanced FactoryTalk Linx communications software allows FactoryTalk visualization and information software running on a PC to communicate to CIP Security-enabled devices. The new FactoryTalk Policy Manager tool within the FactoryTalk software is used to implement and configure security policies between CIP Security-enabled devices.

Rockwell Automation developed this new capability to work with existing industrial control devices regardless of whether or not they were designed to support CIP Security. This allows industrial users to phase in security over time and retrofit existing installations.

In addition, Allen-Bradley ControlLogix 5580 controllers will soon be certified compliant with the IEC 62443-4-2 security standard, building on the IEC 62443-4-1 certification that the Rockwell Automation Security Development Lifecycle has already received.

This latest certification means the controllers will meet the global standard’s robust cybersecurity requirements to help companies secure their connected operations. The ControlLogix 5580 family of controllers is one of the first platforms on the market to achieve this compliance.

ODVA Industry Conference and Annual Meeting

ODVA Industry Conference and Annual Meeting

The ODVA held its Industry Conference and 19th Annual meeting this week in Atlanta. Perhaps more than the Common Industrial Protocol (CIP), the topic of conversation was Michael—the hurricane. We started getting rain from its outer bands in the late afternoon Wednesday. By the time I awoke at 5:30 am to get ready to catch my flight out, it was all over. Not so fortunate were the millions directly impacted. My prayers go out to them.

I have missed the last two or three of these. It was good to get an update. There was no announcement while I was there, but there were some people from Honeywell Process Solutions present who talked about using EtherNet/IP for process automation applications. These switching industry alignments are fascinating to watch. Foundation Fieldbus seems to have lost momentum recently. Will EtherNet/IP, the CIP network, absorb some of the market share?

A well organized series of speakers started Wednesday morning tech sessions with a quick update from all of the SIGs. There are many volunteers putting out an incredible amount of hours developing and updating the various specifications. I can‘t report on them all here—it would be too deep into the weeds anyway. But let‘s just say that ODVA is alive and well.

As even casual readers here know, I am a fan of Time Sensitive Networking (TSN). Yes, I know that it‘s not ready for prime time, yet. Products are beginning to appear in the market, and interest is building across the industry.

I sat in two sessions focused on TSN and CIP. There is technical work going on. The sessions and ensuing questions laid bare the engineering challenges involved in developing CIP over TSN. It‘s non-trivial, but doable. Some may still question TSN, but I‘m even more bullish.

On another front, work has begun on updating the ODVA product data sheet specifications. This work will eventually provide for more and better information to users.

IT and OT Training for Industrial Ethernet

IT and OT Training for Industrial Ethernet


Industrial IP Advantage has launched an eLearning course focused on IT/OT integration for Industrial Ethernet. This is the fourth in a series of training courses designed to meet the emerging needs of control engineers and IT professionals tasked with deploying a secure network architecture. These courses are jointly developed by Cisco, Panduit and Rockwell Automation and available on the Industrial IP Advantage website.

Controls engineers have the plant-level domain knowledge needed to identify and analyze new industrial technologies that will help improve production efficiency and flexibility. Meanwhile, IT engineers have the domain knowledge needed to present actionable information where it is needed within an enterprise and throughout the value chain. This new course provides both with a sufficient level of knowledge to collaboratively architect a smart, integrated control system.

“Convergence between the IT and OT worlds is demanding new skills and knowledge,” said Ricardo Borlone, product manager at Precision Inc. “These self-paced courses are filling the skills gaps, and allow each participant to advance in their own time, rhythm and learning capacity. I especially enjoy this training format as it provides me the opportunity to focus on areas that match my interest and needs.”

The online training brings together the combined knowledge, best practices and application-specific expertise of three industry leaders to help engineers build a holistic IP-based network architecture. The courses are designed to help engineers drive design decisions from the device-level to the enterprise-wide network, leveraging interactive, scenario-based training on topics, such as logical topologies, protocols, switching and routing, security, physical cabling and wireless considerations.

The four available courses include:

  • Courses 1 and 2: Designing for the Cell/Area Zone
  • Course 3: Designing for Industrial Zone
  • Course 4: IT/OT Integration

The full training program is offered for $350 on the Industrial IP Advantage website.

“A critical mass of industrialized networking technology is now available. And for many manufacturers, the real challenge is finding qualified staff to design, deploy and maintain these networks,” said Paul Brooks, networks business development manager, Rockwell Automation. “The eLearning courses offered by Industrial IP Advantage are designed to help fill this skills gap.”

“Building a skilled and competent workforce ready to deploy a converged architecture presents businesses with more than just greater connectivity. It offers tremendous productivity gains, process efficiencies, and business value,” said Paul Taylor, senior manager, Cisco.

“A structured, engineered approach to assessing, designing, deploying and monitoring the physical infrastructure is necessary to ensure that investments in critical manufacturing networks deliver optimum performance,” said Ryan Lepp, director of business development, Panduit.  “These new training courses help both IT and OT professionals work together to deliver optimal network performance with adherence to industry standards.”

Industrial IP Advantage is a community established by Cisco, Panduit and Rockwell Automation – three like-minded organizations joining together to educate the market on the benefits of Ethernet, Internet Protocol and EtherNet/IP. Industrial IP Advantage was formed in cooperation with ODVA, the organization that manages and commercializes the EtherNet/IP specification and standard.

The vision of Industrial IP Advantage is enabling smart manufacturing with a workforce that is fully prepared to accelerate the transformation to secure information architectures with best practices, education and training that drive IT/OT convergence.

IT and OT Training for Industrial Ethernet

Festo All About Connectivity at Automation Fair

Rockwell Automation was all about Connected Enterprise at Automation Fair 2016. Festo joined in the fun showcasing seamless connectivity with Rockwell Automation’s factory automation and process automation architectures in such areas as:

  • IO-Link Premier Integration
  • Ethernet/IP
  • Integrated Architecture Builder (IAB)
  • Studio 5000 Software with L5K export
  • World class training

Ethernet/IP is the primary interface node for Festo pneumatic solutions, which now extends to the sensor level with process data, service data, and events information because of IO-Link Premier Integration. The IO-Link section of the Festo Flexible and Modular Automation exhibit features products that facilitate top down/bottom up integration.

Encompass products on display include the Festo CTEU bus node for easily adding Fieldbus connectivity to pneumatic valve terminals. Fieldbus connectivity to valve terminals also significantly reduces installation and engineering costs. The CTEU bus node inexpensively integrates Rockwell PLCs with multiple Festo valve terminal models, including MPA-L and the VTUG. Since a single CTEU node serves two valve terminals, it contributes to lower inventory requirements and simplifies logistics.

The MPA-L is a modular valve terminal suitable for most pneumatic applications for discrete and process automation. The high flow rate to size ratio makes for universal applications from food and beverage packaging to semiconductor fabrication. MPA-L can run pressure and vacuum, with multiple zones. The VTUG is an electrical terminal for solenoid valves. It provides diagnostics via fieldbus and has up to 24 valve positions. Festo valve terminals offer two functions on a single valve positon for greater functionality in a small footprint terminal.

Also on display are the IO-Link integrated SDAT analog sensor for reporting the piston position of a pneumatic cylinder and the VPPM proportional pressure regulator with IO-Link for greater data transfer and diagnostic information availability. IO-Link Premier Integration provides the data foundations to Industry 4.0 concepts and Industrial Internet of Things IIoT functionality.

The highest level of safety

Festo features the Encompass product MS6-SV-E soft start and quick exhaust valve which can be used with GuardLogix Integrated Safety applications.  MS6-SV-E reduces pressure quickly and reliably and builds up pressure gradually in industrial pneumatic systems. The pneumatic system safety device is a self-testing, redundant system conforming to the requirements of EN ISO 13849-1. Thanks to the 2-channel design and its monitoring, the device fulfills category 3 and 4 requirements, which enables a performance level “e” to be attained – the highest safety level.

21st Century mechatronic training

Festo Didactic, one of the world’s leading providers of mechatronic training, showcases in the Festo Flexible and Modular Automation exhibit its curriculum supporting Rockwell PLCs. The Festo Didactic product and service portfolio offers customers holistic education solutions for all areas of manufacturing technology and process automation, such as pneumatics, hydraulics, electrical engineering, production technology, mechanical engineering, mechatronics, CNC, HVAC, and telecommunications.

FDT Group Announces IIoT Server and Extensions at SPS in Nuremberg

FDT Group Announces IIoT Server and Extensions at SPS in Nuremberg

FDT IIoT Server

FDT IIoT Server

The FDT Group announced a revised mission statement, an IIoT Server, and agreements with other organizations—OPC Foundation, ODVA for CIP, and AutomationML–at its press conference at SPS 2016 in Nuremberg.

This highlights the role of technology organizations in this connected era—they must cooperate and collaborate or die.

“FDT is the open standard for industrial automation integration of networks and devices, harnessing IIoT and Industrie 4.0 for enterprise-wide connectivity” proclaims the organization on its updated Website.

The FDT Group launched FDT/IIoT Server (FITS) for mobility, cloud, and fog enterprise applications. The FITS solution protects industry investments in FDT through advanced business logic, well-defined interfaces and common components, and enables operating system (OS) agnostic implementation of the technology while supporting today’s integrated automation architecture.

The server features robust layered security leveraging vetted industry standards and utilizing encrypted communications with transport layer security (TLS).

FITS also takes advantage of an OPC Unified Architecture (OPC UA) annex enabling sensor-to-cloud, enterprise-wide connectivity in industrial control systems used in the process, hybrid and factory automation markets. Together, FDT and OPC UA allow sensor, network and topology information to permeate the enterprise, including mobile devices, distributed control systems (DCSs), programmable logic controllers (PLCs), enterprise resource planning (ERP) systems, the cloud, and the IIoT and Industry 4.0.

According to Glenn Schulz, managing director of the FDT Group, the FITS solution represents the key architectural role that FDT plays in an intelligent enterprise. “The FDT Group is working with the various IIoT initiatives around the world to ensure that our new architecture meets their emerging requirements,” Schulz said. “In addition, the FDT platform is being enhanced to include operating system agnostic support for standard browsers, fit-for-purpose apps, and general web services for any potential expansion. These advancements underscore our support for the hundreds of thousands of installed FDT/FRAMES and tens of millions of FDT-enabled products in the global installed base.”

It announced the release of an annex to the FDT standard for the OPC Unified Architecture (OPC UA).
The FDT/OPC UA annex is intended for implementation by automation system manufacturers in FDT Frame Applications (FDT/FRAMEs). System suppliers with an FDT/FRAME embedded in their distributed control system (DCS), asset management system, programmable logic controller (PLC) or other system have the ability to include an OPC UA server in an application accessible from any OPC UA client application.

The combined FDT/OPC standards create a single system infrastructure that standardizes the connection of industrial networks, automation systems and devices. This approach enables unification of system engineering, configuration and diagnosis in Industrie 4.0, and supports Industrie 4.0 devices, but is also able to build a bridge to Industrie 3.0 networks and devices.

Also announced was release of an updated annex to the current FDT standard for ODVA’s media-independent Common Industrial Protocol (CIP). Network adaptations of CIP include EtherNet/IP, DeviceNet, CompoNet and ControlNet. The latest version of the CIP annex to the FDT specification enables the use of proven and widely implemented ODVA networks in FDT/FRAME Applications with the latest enhancements.

And a further announcement was integration of the open AutomationML data exchange standard into open, non-proprietary FDT Technology. Together, the two standards will help advance global adoption of Industrie 4.0 solutions.

First developed in 2006, AutomationML is intended to standardize data exchange in the engineering phase of production systems.

Follow this blog

Get a weekly email of all new posts.