Manufacturers are increasing connectivity between plant floor and enterprise systems to boost productivity and reduce time to market, but interconnectivity can also bring undesirable security risks. ODVA announced the availability of a new guidelines document, Securing EtherNet/IP Networks, which discusses cyber-security recommendations for automation networks, including how to determine and deploy security strategies for various network types.
“In the past, manufacturers were able to secure industrial control systems simply by controlling physical access to their automation components,” said Katherine Voss, executive director, ODVA. “Today’s demand for increased productivity requires interconnectivity through industrial Ethernet – most often EtherNet/IP, as it provides unprecedented visibility into real-time machine and supervisory systems. As many businesses are concerned about the security risks that come from a free flow of information, ODVA outlines how to manage risks with the implementation of processes and technology.”
Here is an excerpt from the guidelines:
"Security is an essential element of network design and management in today’s industrial enterprise. This guideline introduces the concept of "cyber-security" for EtherNet/IP networks and provides direction regarding important considerations for cyber security in industrial automation applications. The audience for this guideline is end users of EtherNet/IP who need to acquire a basic understanding of cyber security for industrial automation applications and to formulate an approach to achieve effective security practices. The document should be read in its entirety in order to gain a basic understanding of how to secure industrial networks that use EtherNet/IP technology.
In the past, dedicated automation control systems were unconnected beyond their specific application. Security was sustained simply by controlling physical access to the automation components. Today, however, connectivity to all the processes of the enterprise has increased productivity while reducing the actual time to market for new offers. This advance in connectivity has created a new path for both desirable and undesirable connections. This guide aims to outline issues to consider when deciding whether to bridge the automation network to the enterprise network and, eventually, the Internet. Security is discussed for the simple, stand-alone machine or process which is unconnected to the automation or company network, all the way through to the fully integrated network which links all the processes within an enterprise. Each "more-connected" example builds on the previous to provide a continuous path of value for the stakeholders.
Industrial networks have historically used fieldbus technologies that were not connected to other networks. However, users are moving to networks based on standard Ethernet and the IP protocol suite, most frequently to EtherNet/IP™, to connect these networks to the enterprise network and the Internet. This change provides a number of benefits, including increased visibility of plant floor activities, integration with back-office applications, and lower total cost of ownership. However, users need to be aware of how this connection impacts the security and availability of their industrial network and the automation and control systems they interconnect."
Download the guidleines, Securing EtherNet/IP Networks.