Loading

CIP Security - The Final Layer of Defense

Securely Connect Your Data and Devices
3D Render of a CPU on a motherboard with Locked CPU symbol representing industrial cybersecurity and data protection.
Cybersecurity
    • Overview
    • Overview
    • Overview
    • Zero Trust
    • Zero Trust
    • Identity & Access Management
    • Identity & Access Management
    • IT / OT Convergence
    • IT / OT Convergence
    • CIP Security
    • CIP Security
    • Technology & Certification
    • Technology & Certification
    • Security & LifecycleIQ
    • Security & LifecycleIQ
    • Secure Digital Transformation
    • Secure Digital Transformation
    • Overview
    • Overview
    • Overview
    • Managed Services
    • Managed Services
    • Threat Detection
    • Threat Detection
    • Incident Response
    • Incident Response
    • SOC as a Service
    • SOC as a Service
    • IT Cybersecurity Services
    • IT Cybersecurity Services
    • Overview
    • Overview
    • Overview
    • Critical Infrastructure
    • Critical Infrastructure
    • Life Sciences
    • Life Sciences
    • Automotive
    • Automotive
    • Manufacturing
    • Manufacturing
    • Food & Beverage
    • Food & Beverage
    • Mining
    • Mining
    • Overview
    • Overview
    • Overview
    • Advisories & Support
    • Advisories & Support
    • Design & Planning
    • Design & Planning
    • Network Security
    • Network Security
    • Penetration Testing
    • Penetration Testing
    • Respond & Recover
    • Respond & Recover
    • Risk Assessment
    • Risk Assessment
    • Vulnerability Assessment
    • Vulnerability Assessment
  • World Class Partners
    • Blogs
    • Blogs
    • Press Releases
    • Press Releases
    • Webinars
    • Webinars
    • Whitepapers
    • Whitepapers

Common Industrial Protocol (CIP™) Security is an open-standard secure communication protocol developed by ODVA for EtherNet/IP™ communications, providing the final layer of defense against malicious communication attacks commonly carried out over large organizational networks.

CIP Security™ can play an important part of a defense-in-depth strategy by:

  • Using Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) cryptographic protocols, for secure transport of EtherNet/IP traffic
  • Using keyed-Hashed Message Authentication Code (HMAC), for data integrity and message authenticity
  • Using X.509v3 digital certificates, for cryptographically secured identities to devices

Protection with Security

33% of Exploitations Involve Man in the Middle Attacks

More than a third of exploitations of communications network weaknesses involve Man in the Middle (MitM) attacks, attempting to steal information or change asset configurations. MitM attacks "intercept" communications to alter or steal information. Defense-in-depth strategies, such as products enabled with CIP Security, are the best way to help prevent these kinds of intrusions.

When you build your networks with products and solutions from Rockwell Automation, you are leveraging over 100 years of industrial design experience, based on definitions and metrics like ICE 64223-3-3-3 and other industry leading standards. Rockwell Automation is one of the only manufacturers of ICS equipment with this kind of security built in.

Video
Understanding CIP Security

CIP Security enabled devices can play an important part in a defense in depth strategy. Watch this video showing how CIP Security works to make products more secure.


Video
CIP Security Demonstration

Watch this demonstration of how CIP Security interrupts Man in the Middle (MitM) attacks to protect physical assets.

 

Legacy Systems Updated with CIP Security

The Power of CIP Security Proxy for Legacy Devices

Rockwell Automation continually builds on our portfolio of security enabled products. Yet many industrial organizations still depend on legacy products that can’t be updated easily, due to age or logistical challenges.

To facilitate the protection of these systems, we’ve released a new product called Bulletin 1783 CIP Security™ Proxy. Placed in front of legacy devices, it secures communications like TLS and DTLS on behalf of the devices it’s protecting, for two immense benefits – speeding protection to vulnerable legacy systems, while not requiring any update to the applications running on the older systems.

With the CIP Security Proxy, you now have the power to update the security of your critical systems, regardless of their age.


Secure and Reliable Converged Plant-wide Architectures

Converged Plantwide Ethernet (CPwE) Best Practices

Converged Plantwide Ethernet (CPwE) is a collection of architected, tested and validated designs. The testing and validation follow the Cisco Validated Design (CVD) and Cisco Reference Design (CRD) methodologies. CPwE is relevant to both operational technology (OT) and informational technology (IT) disciplines and consists of documented architectures, best practices, guidance and configuration settings to help industrial organizations and OEMs achieve the design and deployment of a scalable, reliable, secure and future-ready plant-wide or site-wide industrial network infrastructure.

CPwE’s proven designs can also help industrial organizations and OEMs reduce costs, speed deployment and lower risks around new technology implementations. CPwE, which emerged from the strategic alliance between Rockwell Automation and Cisco, leverages the combined experience of three industrial powerhouses – Rockwell Automation, Cisco and Panduit, combining this ecosystem’s strengths in industrial automation, communications and security.

Deploy CIP Security within a CPwE Architecture
Two men in a manufacturing setting, wearing hard hats, safety glasses, and manufacturing uniforms looking at a laptop together.
Technical Data
Deploy CIP Security within a CPwE Architecture

See our IEC 62443-based security architecture use cases for designing and deploying CIP Security™ technology across plant-wide or site-wide IACS applications.

Download Now

Protect Your Information with Our Solutions

FactoryTalk Policy Manager Getting Results Guide
Three men in a manufacturing setting wearing hard hats looking at a tablet. The first man and the third man are wearing safety vests. The man in the middle is holding the tablet and wearing a business suit with a tie.
Manual
FactoryTalk Policy Manager Getting Results Guide

This guide provides information on installing and using FactoryTalk® System Services and FactoryTalk Policy Manager.

Download Now
CIP Security with Rockwell Automation Products
Woman wearing a yellow hard had and yellow safety vest looking at a laptop getting information. The information she is seeing is being shown in the background.
Application Technique
CIP Security with Rockwell Automation Products

Learn how to implement the Common Industrial Protocol (CIP) Security standard in your control system in this manual.

Download Now

Explore Our CIP Security Enabled Products

Chassis-based Communication Modules
Chassis-based Communication Modules
Hardware
Hardware
Chassis-based Communication Modules
Chassis-based communication modules help connect and implement network-based access control for users, devices and networks in the 1756 chassis.
Product Details
FactoryTalk Linx Software
FactoryTalk Linx Software
Software
Software
FactoryTalk Linx Software
FactoryTalk Linx it the most modern, secure, supported, and preferred communication platform for Integrated Architecture.
Get Started
Contact a Rockwell Automation Cybersecurity Specialist
Contact Us

Recommended For You

Loading
  1. Chevron LeftChevron Left Middle East
  2. Chevron LeftChevron Left Capabilities
  3. Chevron LeftChevron Left Modern Industrial Security Starts Here
  4. Chevron LeftChevron Left CIP Security to Prevent MitM Attack
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our {0} Privacy Policy
CloseClose