ODVA to enhance EtherNet/IP and add cybersecurity

Dec. 9, 2015

In a Nov. 24 media briefing at the SPS IPC Drives tradeshow in Nuremburg, Germany, ODVA reported that it plans to undertake major areas of technical work in 2016 that will benefit users of EtherNet/IP, and also announced the pending publication of a new volume in its specifications dedicated to cybersecurity.

One focus area will be the adaptation of certain emerging standards for Time-Sensitive Networking (TSN) to EtherNet/IP. In particular, ODVA will create enhancements to the EtherNet/IP specification for frame preemption and stream reservation based on the standards being defined in the IEEE-802.1 projects. ODVA's adaptation of TSN technologies is a straightforward evolution of EtherNet/IP, which relies on commercial, off-the-shelf (COTS) technologies for Ethernet and the Internet to solve demanding applications in industrial automation.

As a result, EtherNet/IP users will be able to realize performance improvements in systems using EtherNet/IP by as much as two orders of magnitude by combining TSN with existing standards already included in the EtherNet/IP specification, such as quality of service, gigabit Ethernet and CIP Sync—ODVA's adaptation of IEEE-1588.

Meanwhile, the cybersecurity volume will be released under the name of CIP Security, and will be initially applicable to EtherNet/IP. CIP Security will help users take additional steps to protect their industrial control systems with industry-proven techniques for securing transport of messages between EtherNet/IP devices and systems, and thus reduce their exposure to cybersecurity threats.

The initial release of CIP Security includes mechanisms to address spoofing of identity, tampering with data and disclosing information. Mechanisms supported in the initial release of CIP Security include device authorization, integrity of message transport and confidentiality of messages. To support these mechanisms, ODVA has adapted encryption standards from the Internet Engineering Task Force (IETF) for encryption based on Transport Layer Security (TLS), Data Transport Layer Security (DTLS) and authentication based on the X.509v3 standard for certificate handling.

About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control.