Device-Level Security for Legacy Equipment

July 21, 2021
Rockwell Automation’s new CIP security proxy device allows older systems and equipment to use digital certificates and encrypted communication for enhanced cybersecurity at the device level.

With high-profile cyberattacks growing in frequency, industry has become all too aware of the potential dark side of internet-connected devices. While plant-floor networks were once air-gapped to separate them from enterprise networks, this approach has become untenable, as the core functionality of Industry 4.0 and Internet of Things (IoT) initiatives are built on integration between operational technology (OT) and information technology (IT).

As a result, defense-in-depth strategies have grown in popularity. These approaches seek to use intentional redundancies at every layer of a system down to the device level to ensure security.

Watch this video on the  recent uptick in cybersecurity breaches.

To help operators achieve this, Rockwell Automation has released the Allen-Bradley Common Industrial Protocol (CIP) Security Proxy, which aims to allow end-users to more easily retrofit their systems to be compatible with CIP security methodologies.

CIP security works by initiating a transport layer security (TLS) “handshake” whenever a new device is added to a network. Before any communication is established, the TLS handshake checks to guarantee that the device being added possesses a security certificate that must be embedded in the device by the vendor. Once the identity of the device is established, encryption keys are created and exchanged, which allow the devices to communicate cryptographically, effectively baking security into the communications themselves. This ensures that communications are authentic, that they have not been altered by an outside party, and that they remain private.

Similar techniques have been used to ensure safe and confidential network communication in the IT world for many years, but it is the increased need for device-level security in industrial environments that has brought it to the plant floor.

However, some legacy systems and equipment may not have native support for CIP security, due to lacking hardware and firmware. To remedy this, Rockwell’s CIP Security Proxy can be connected to any EtherNet/IP-compliant device, granting it a security certificate and allowing it to engage in encrypted communication with higher-level systems.

The proxy device contains three gigabit EtherNet/IP ports, and can be configured through Rockwell’s FactoryTalk Policy Manager software and FactoryTalk system services. In addition, it supports motion for Kinetix drives and offers a web server for viewing diagnostics.

Companies in this Article

Sponsored Recommendations

Versatile 2-Pole Solution for Precise Automation

Altech Corp proudly presents the 2 Pole B-Trip DLS8 Series - UL508 Manual Motor Controller, a robust and reliable solution for precise motor control in your automation and control...

Advanced 4 Pole B-Trip Manual Motor Controller by Altech Corp

Discover superior motor control with the DLS8 Series - UL508 Manual Motor Controller, now available in a 4 Pole B-Trip configuration. As your trusted source for automation and...

Reliable and Efficient 1 Pole B-Trip Supplementary Protector by Altech Corp

Introducing the cutting-edge DLS7 Series - UL1077 Supplementary Protector with B Trip Characteristics, engineered for precise protection in diverse industrial applications. Altech...

Enhance Your Control Systems with Altech Corp's DLS7 Series - UL1077 Supplementary Protector

Discover reliable circuit protection with our advanced 2 Pole B-Trip Supplementary Protector designed to meet the diverse needs of industrial applications. Altech Corp, your trusted...