The technical specifications for CIP Security were first published in the Ethernet/IP Specification in November 2015. This enabled manufacturers to start developing solutions to protect industrial control systems, allowing users to implement additional protective measures. CIP Security includes procedures to prevent impersonation, data manipulation and information disclosure. Features supported by CIP Security include device authorization, message transport integrity and message confidentiality protection. For encryption, ODVA has adopted Internet Engineering Task Force (IETF) standards based on Transport Layer Security (TLS), Data Transport Layer Security (DTLS) and authentication based on the X.509v3 standard for certificate handling.

The demonstration of CIP security solutions developed by ODVA members Danfoss, HMS Industrial Networks and Rockwell Automation will show these security mechanisms and how they work in an automation environment. The presentation will show the impact of a 'man-in-the-middle' attack on both a secured and unsecured Ethernet/IP node. The communication between a controller and the devices is intercepted and an attempt is made to change the transmitted data. The secured devices can protect themselves against the attack. They continue to work as configured by the controller program. Unprotected devices, on the other hand, cannot distinguish between the data originally sent by the control unit and the data modified by the attack, so that the attack disrupts their function. During the attack, the operator continues to receive feedback that the device is operating within normal parameters.

"CIP Security offers device manufacturers another way to protect the intellectual property contained in their products," explains Katherine Voss, President of ODVA. "Users can ensure that their equipment continues to function properly even during a malicious attack. In our presentation, they can experience the process live."