ODVA announced several enhancements to its EtherNet/IP and CIP specifications during the SPS IPC Drives Trade Fair in Nuremberg. The first relates to cybersecurity. The second involves time-sensitive networking.
ODVA announced that it has achieved a milestone with the pending publication of a new volume in its specifications specifically dedicated to cybersecurity. This body of work will be released under the name of CIP Security and will join the family of distinctive CIP services which includes CIP Safety, CIP Energy, CIP Sync, and CIP Motion. CIP Security will be initially applicable to EtherNet/IP.
Because EtherNet/IP relies on commercial-off-the-shelf (COTS) technologies for Ethernet and the Internet, users have been able to deploy traditional defense-in-depth techniques in EtherNet/IP systems for some time, explained by ODVA as early as 2011 in its publication “Securing EtherNet/IP Networks.” CIP Security will help users take additional steps to protect their industrial control systems with industry-proven techniques for securing transport of messages between EtherNet/IP devices and systems and thus reduce their exposure to cybersecurity threats.
The initial release of CIP Security includes mechanisms to address spoofing of identity, tampering with data and disclosing of information. Mechanisms supported in the initial release of CIP Security include device authorization, integrity of message transport and confidentiality of messages. To support these mechanisms, ODVA has adapted encryption standards from the Internet Engineering Task Force (IETF) for encryption based on Transport Layer Security (TLS), Data Transport Layer Security (DTLS) and authentication based on the X.509v3 standard for certificate handling. Details of ODVA’s initial implementation of CIP Security and outlook for the future were presented in a technical paper at ODVA’s 2015 Industry Conference and 17th Annual Meeting of Members.
“The publication of the volume dedicated to cybersecurity in The EtherNet/IP Specification is the next step in providing users with methods to help them manage threats and vulnerabilities in EtherNet/IP systems,” said Katherine Voss, ODVA president and executive director. “Following this publication will be the realization of the mechanisms provided by CIP Security in ODVA CONFORMANT EtherNet/IP products.”
ODVA’s focus on cybersecurity is not only a function of increased emphasis on cybersecurity for industrial control systems but also because of the widespread adoption of EtherNet/IP in broad range of applications from manufacturing to critical infrastructure. As a result of the breadth of applications, the next edition of The EtherNet/IP Specification will expand support for IEC 62439-3 “Industrial communication networks – high availability automation networks – part 3” to include High Availability Seamless Redundancy (HSR) in addition to Parallel Redundancy Protocol (PRP). HSR is commonly used in electrical substation automation as specified in IEC-61850. Other high reliability techniques supported in The EtherNet/IP Specification include Rapid Spanning Tree (RSTP) and Device Level Ring (DLR).
Other ODVA Industrial Networking News
One area of focus will be the adaptation of certain emerging standards for Time-Sensitive Networking (TSN) to EtherNet/IP. In particular, ODVA will create enhancements to The EtherNet/IP Specification for frame preemption and stream reservation based on the standards being defined in the IEEE-802.1 projects. ODVA’s adaptation of TSN technologies is a straightforward evolution of the EtherNet/IP technology, which relies on commercial-off-the-shelf (COTS) technologies for Ethernet and the Internet to solve demanding applications in industrial automation. Users of EtherNet/IP will be able to realize performance improvements in systems using EtherNet/IP by as much as two orders of magnitude by combining TSN with existing standards already included in The EtherNet/IP Specification, such as Quality of Service, Gigabit Ethernet and CIP Sync — ODVA’s adaptation of IEEE-1588.
To complement the adoption of EtherNet/IP in a diverse range of industries and applications, ODVA is expanding CIP to include data models to facilitate the exchange of application information within EtherNet/IP systems and between EtherNet/IP systems and supervisory systems which may or may not use EtherNet/IP. One application area where specification enhancements are underway is the adaptation of the recommendations in NAMUR NE-107 “Self-monitoring and Diagnosis of Field Devices“ to the data format and access methods needed to retrieve such process data from EtherNet/IP field devices. Another application area where enhancements to the ODVA specifications are expected in 2016 is the inclusion of a machine data model and services for machine-to-supervisory communications. By instantiating standards for application data models for process field devices and machinery, EtherNet/IP will provide yet another way for users to decrease their reliance on proprietary implementations by using vendor-independent standards designed for multi-vendor interoperablity.
ODVA is now expanding The EtherNet/IP Specification to include standards for the integration of data between EtherNet/IP and HART and IO-Link. Joining the already-published integration of data between EtherNet/IP and Modbus-TCP, these standards will allow users to accelerate their progress towards a converged network architecture.
“Because EtherNet/IP is based on commercial-off-the-shelf technologies and uses widely accepted standards from the Ethernet and Internet, EtherNet/IP is now a major industry catalyst for the realization of the Industrial Internet of Things,” said Katherine Voss, ODVA president and executive director. “The enhancements to EtherNet/IP that are underway for 2016 are at the forefront of innovations that are driving the future of industrial automation toward the fourth industrial revolution.”