When I think of the most important things about a piece of automation equipment, there are two obvious aspects – power and communications. As automation networks grow, communications are now just as important as power. You cannot have one without the other.
Just as you would protect a piece of equipment in terms of power by using a UPS or a redundant power supply, you should also protect communications. Now this isn’t a discussion on network redundancy or resiliency to protect physical connectivity – that’s another discussion; but rather protecting the data itself potentially using something new called CIP Security.
Most security solutions for data protection have to do with protection at the network level. Think about a typical perimeter firewall that protects an entire plant floor or a Layer 2 firewall that protects a specific machine, line, or area. These all work on the principle of analyzing the pathways data travels and deciding whether to permit or allow that data based on a specified set of rules. These rules and decisions are not made by the endpoint or network switch but offloaded to another piece of equipment.
These are great solutions and should exist in your facility and be implemented – I am not by any means suggesting replacing firewalls or any additional infrastructure with an alternative; but rather adding more layers to a multi-layer defense strategy. Perimeter and Layer 2 firewalls are security devices that provide outstanding means to protect a network’s data flow, but it is assumed that the endpoints are who or what they say they are.
When you ping a device at a particular IP address and receive a response, you would assume yes, a device is there, answering at the IP address I would expect; and, according to my Excel document, this device is an Allen-Bradley ControlLogix processor. But is it really? Are you sure?
What about messages that have been adjusted – for bad or for good? Would you not want some awareness that something is different within the very message that your ControlLogix just sent to an I/O block? What if that ControlLogix processor has been compromised and has a variance in the values it is sending to the drive, causing it to operate out of specification – a “yes” becomes a “no” or an “open” a “close”? What are the consequences of that happening?
Did you know that nearly all automation network communication is in plain text? This means that a passive device listening on your network could potentially gather any data transmitted, including your recipe, your controls, your process, your intellectual property.
CIP Security: a new method of securely transmitting data at the protocol level rather than relying solely on additional hardware or applications to provide protection. It seeks to embed security into the very language that your devices use to talk to one another. It is an additional way to bolster your Defense in Depth by providing authentication of endpoint identity, preventing tampering of data in transit, and even encrypting all communications so if intercepted, it is useless to the interceptor.
How is this achieved? Read Part 2…