ODVA Announces CIP Security Enhancements to Support Resource-constrained ETHERNET/IP Devices

  Enquiry / contact me

CIP Security can now provide device authentication, a broad trust domain, device identity via Pre-Shared Keys (PSKs), device integrity, and data confidentiality for resource-constrained devices such as contactors and push-buttons.

Industry 4.0

ODVA Announces CIP Security Enhancements to Support Resource-constrained ETHERNET/IP Devices
ODVA Announces CIP Security Enhancements to Support Resource-constrained ETHERNET/IP Devices

On April 12, following the ODVA press conference, the organization announced a batch of three exciting news including the extension of EtherNet/IP network to in-cabinet resource-constrained devices, CIP Security Enhancements for resource-constrained devices, and ODVA moves to inclusive network and device terminology.

Despite the progress brought about by Industry 4.0 and the Industrial Internet of Things (IIoT), a large portion of the installed nodes in automation applications are still not using Ethernet. Limitations including cost, size, and power have historically been a hindrance to EtherNet/IP pushing out to the edge of the network. The recent integration of single pair Ethernet has opened up the door to overcoming lower-level device constraints and ultimately to expanding the footprint of EtherNet/IP. Adding simpler devices to EtherNet/IP allows for the benefits of additional remote diagnostics, asset information, and parameterization capability. The addition of more nodes to the network within the context of IT/OT convergence makes device level security a fundamental need to ensure that indispensable assets and people are protected from physical harm and monetary loss
 
The new CIP Security specification has added a Resource-constrained CIP Security Profile in addition to the EtherNet/IP Confidentiality and the CIP User Authentication Profiles. The Resource-constrained CIP Security Profile is similar to the EtherNet/IP Confidentiality Profile, but is streamlined for resource-constrained devices. The same basic security aspects of endpoint authentication, data confidentiality, and data authenticity remain. Access policy information is also included to allow a more capable device, such as a gateway, to be used as a proxy for user authentication and authorization of the resource constrained device. Implementation of CIP Security for resource-constrained devices requires only DTLS (Datagram Transport Layer Security) support instead of DTLS and TLS (Transport Layer Security), as it is used only with low-overhead UDP communication. 
 
"The continuous updating of CIP Security, including the recent addition of new security features for resource-constrained devices, provides EtherNet/IP devices an enhanced defensive posture to help protect against malicious industrial network intrusion", stated Jack Visoky, EtherNet/IP System Architecture Special Interest Group (SIG) vice-chair. "The availability of CIP Security across more portions of the EtherNet/IP network helps end users to better safeguard vital automation applications. The addition of CIP Security for resource constrained EtherNet/IP devices is an essential step in securing the edge", said Dr. Al Beydoun, President and Executive Director of ODVA.
 
The protections offered by CIP Security are now available for EtherNet/IP networks via a resource-constrained version of CIP Security that includes fewer mandatory features. This ensures that devices with the smallest power, size, and cost budgets can be secure and enjoy the communication and control advantages of being connected to an EtherNet/IP network. The latest CIP Security updates demonstrate the deep commitment of ODVA to maintain its position of device security leadership within the automation community. 


EtheNet/IP Network Extended to In-cabinet Resource-constrained Devices

 
Besides, ODVA announced that the EtherNet/IP Specification has been enhanced to allow vendors to bring the network to resource-constrained devices in-cabinet, including push buttons and contactors. Cost, size, and power restrictions have historically limited the usage of EtherNet/IP at the edge, where many nodes are still hardwired. However, the continued decrease in the cost of semiconductor chips has enabled increased connectivity of simple devices, as evidenced by the rapid expansion of the Industrial Internet of Things (IIoT). The sustained, strong growth of EtherNet/IP combined with accelerating IT/OT convergence has made it possible to deploy EtherNet/IP within cabinets on lower-level automation devices such as contactors and push buttons
 
The inclusion of resource-constrained devices within cabinets on an EtherNet/IP network is enabled by recently published enhancements to the EtherNet/IP Specification including the physical layer In-Cabinet Profile for EtherNet/IP along with low overhead UDP-only resource-constrained EtherNet/IP communication. Resource requirements have been reduced via enhancements such as an IT friendly LLDP node topology discovery mechanism, auto-commissioning support, and auto-device replacement support. Additionally, a specification for a new select line circuit facilitates the efficient delivery of system wide sequential commands. 
 
The EtherNet/IP in-cabinet bus solution reduces interface components through use of single pair Ethernet (IEEE Std 802.3cg-2019 10BASE-T1S) and reduces node cost via multidrop cabling that spans a single cabinet with one interface per device and one switch port that supports many devices. Cost is further reduced via cables that use composite network and control power to eliminate separate parallel runs. The select line for topology eliminates configuration switches by enabling discovery based on relative position and allows for direct connection with programming tools during assembly for parameterization. Assembly time is lowered by eliminating most wire or cable preparation with insulation displacement (piercing) connectors. Nodes will also be able to be replaced with compatible nodes of the same type during normal system operation without any engineering tools in a plug and play manner. 
 
"Expanding the connectivity of EtherNet/IP to include devices with the smallest physical footprint and most limited hardware resources opens up tremendous opportunity for further digital transformation within automation at the edge. The ability to obtain diagnostic, prognostic, and asset identity information remotely from more devices will further drive down incidents of unplanned downtime and improve the efficiency of existing assets", said Dr. Al Beydoun, President and Executive Director of ODVA. "The connection of resource-constrained devices to EtherNet/IP increases the value of existing networks for end users and reduces the need for secondary lower-level networks and associated gateways."
 
The extension of EtherNet/IP for in-cabinet resource-constrained devices will critically increase the return-on-investment of adding the simplest of in-panel devices to the digital network. This will be made possible through reduced hardware requirements enabled by UDP-only EtherNet/IP communication, usage of single pair Ethernet, and shared in-cabinet external power and cabling. Adding low-level in-panel devices to the network will allow the benefits of additional remote diagnostics, asset information and parameterization capability, automatic node topology discovery, and plug and play device replacement. The lowered cost and improved value of these devices along with the ability to use one seamless network for both constrained and non-constrained devices is a clear win for automation end users. 

 
ODVA Updates Terminology in Specifications to Help Create a more Inclusive Industry
 

Last, ODVA announced that the April 2021 publication of the DeviceNet® and ControlNet® Specifications have replaced the usage of the words 'master' and 'slave' within ODVA references. Developers of devices for ODVA networks will now utilize the words 'client' and 'server' (EtherNet/IP, including the integration of Modbus® devices), 'controller' and 'device' (DeviceNet), and 'system time supervisor' or 'active keeper' (ControlNet) to describe these functions. With the goal of eliminating terminology that is hurtful, these changes are the first in a series to update the entire library of ODVA specifications and documents to rectify the use of these terms. 
 
"ODVA strives to be on the cutting edge of open, interoperable information and communication technologies in industrial and process automation", said Dr. Al Beydoun, President and Executive Director of ODVA. "ODVA's intentional movement toward inclusive and accurate language throughout its specifications is a positive step in ensuring that industrial automation is a first choice for all professionals."
 
As other organizations update terminology included in their publications, ODVA will update any normative references in the ODVA library of specifications. To obtain the April 2021 publication of any of the ODVA library of specifications and know more about CIP Security enhancements, visit www.odva.org.

Posted on April 15, 2021 - (622 views)
ODVA Open DeviceNet Vendors Association
4220 Varsity Drive, Suite A
48108 Ann Arbor - USA
+1-734 975 8840
+1-734 922 0027
View full company profile
Location
Related articles
Carlsberg Announces Extension of Digital Manufacturing Solutions Across 28 Breweries
Predictive Maintenance of Rotating Equipment
Global Survey Conducted by Molex Highlights Continued Progress in Industry 4.0
Presto Engineering and Cadence Partner to Expand Semiconductor Package Design Solutions for Automotive and IoT Markets
Computer-On-Module With 4 to 16 Cores
IERA 2021 Awarded to ABB's PixelPaint Solution
Nidec ASI continues its efforts for greener and more sustainable mobility
Prevent control network cyber attacks
Seamless Connectivity Fuels Industrial Innovation
Brady Further Strengthens Capabilities as a Full-service Provider of Printer & Material Expertise with the Acquisition of Nordic ID
Mobilizing Real-time Remote Operations
JUMO IoT Platform for Reliable Process Management
Robot Tools RFID Identifications
Open Standards Platforms
Open Standards Platforms
Co-creating the Future of the IoT World
Co-creating the Future of the IoT World
Procentec: Industry 4.Human
Robot Tools RFID Identifications
Co-creating the Future of the IoT World
Global Survey Conducted by Molex Highlights Continued Progress in Industry 4.0
Versatile Industrial 5G Router
Unistream® PLC: Robust PLC Hardware with Virtual HMI
A Revolution of the Modern Data Center
IP67 Ultra-robust HMI Devices
Wireless Kits - Wi-Fi5/BT5.0 and LTE Cat.16
Eco-friendly Augmented RFID Solution
Compact & Configurable Rugged Industrial Computers
IO-Link Position Sensors
Ultra-low Power Radio Module
IERA 2021 Awarded to ABB's PixelPaint Solution
PTC Leverages Spatial Computing Capabilities with Vuforia Engine Area Targets
HMS Networks Releases the World’s First Industrial 5G Router and Starterkit
New Series of Transducers for High Performance Gaging Probes
Ultrasonic Sensors with IO-Link Interface
Turning Data into Actionable Information is Vital to the Success of any Industry 4.0 Projects
AI Convention 2020 Replays: Tilkal
AI Convention 2020 Replays: Oracle
Capgemini Launches First Set of Intelligent Industry Offering for 5G & Edge Technologies
Mouser's Digital AI Conference is now Available On-Demand