How Today’s Smarter Motor Controls Are Becoming Safer, Too

Today’s manufacturing floors are more automated – and more connected – 
than ever, and that efficiency-boosting trend is only accelerating. With
 greater connectivity, however, comes greater risk, as industrial 
operations can become cyber targets. A new approach to improving 
security of such operations aims to boost the safety of the entire 
network by protecting individual pieces of control equipment.<br> Rockwell Automation

Chuck Ross

Today’s manufacturing floors are more automated – and more connected – than ever, and that efficiency-boosting trend is only accelerating. With greater connectivity, however, comes greater risk, as industrial operations can become cyber targets. A new approach to improving security of such operations aims to boost the safety of the entire network by protecting individual pieces of control equipment.

In 2015, the international industry trade and standards organization ODVA announced an extension to its Common Industrial Protocol (CIP) that would add extra layers of protection to connected devices in EtherNet/IP industrial networks. Devices and firmware updates now are beginning to show up on factory floors certified to the requirements of this CIP Security standard, which takes previous network-level protections down to local devices, such as motor controls.

The development of CIP Security recognizes how manufacturing facilities have evolved over the last couple decades. Automation isn’t anything new in these settings, but earlier networks were generally walled-off from larger corporate networks. Old-school SCADA (supervisory control and data acquisition) systems operated independently and weren’t connected to the internet in the way they are today. Now, every sensor and control device might have its own Internet Protocol (IP) address, creating hundreds or thousands of vulnerable attack points for individuals or governments seeking to hijack a plant’s operations.

According to an ODVA statement on the new standard, devices certified to the standard’s highest levels should demonstrate three significant capabilities:

  • Integrity – the ability to reject data that has been altered.
  • Authenticity – the ability to reject messages sent by untrusted people or devices.
  • Authorization – the ability to reject messages that request actions that are not allowed.

“CIP Security can protect devices and systems that use EtherNet/IP from some of the top risks in connected operations, such as unauthorized PCs,” said Tony Baker, portfolio manager, security, for Rockwell Automation. “It does this in a few key ways. First, it limits device connectivity to only trusted PCs and devices. It also guards against packet tampering to protect data integrity. Finally, it encrypts communications to avert unwanted data reading and disclosure.”


Photo courtesy of Rockwell Automation