| |

New CIP Security Pull Model for Configuration Data Available

April 10, 2025

New CIP Security Pull Model for Configuration Data Available

ODVA is pleased to announce that a new pull model for configuration data is now available for CIP Security, the cybersecurity network extension for EtherNet/IP. This new profile is in addition to the existing pull model for CIP Security certificates which allows for efficient distribution of device authenticity information. The CIP Security pull model for configuration information will allow for parameters in JSON format to be automatically available for EtherNet/IP network-capable devices.

This new configuration data will make it possible for non-CIP devices, such as mobile phones and tablets, to access secure EtherNet/IP information and for hierarchical metadata to be more readily available. CIP Security now includes a pull model for configuration data and device certificates along with security properties, including a broad trust domain across a group of devices, a narrow trust domain by user and role, data confidentiality, device and user authentication, device and user identity, and device integrity.

The CIP Security pull model for configuration defines a file encoded format for delivering CIP Security configuration as well as a mechanism for a device to pull or query this configuration. The pull model for configuration is valuable when the traditional CIP object/server/attribute mechanism of delivering the CIP Security configuration is not appropriate. Use cases for the new CIP Security pull model for configuration include software that does not have CIP target functionality, such as with a mobile device application and with devices that are on a private network with Network Address Translation (NAT) that has configuration software on the public network.

Additionally, the pull model for configuration can help improve device replacement by being able to automatically provide the needed communication configuration on top of automatically pulling the certificate. The CIP Security pull model for configuration can be delivered via a JSON file, which provides the advantage over the CIP object/service method of decoupling the configuration from the transport. The CIP configuration information structure is still retained when using a JSON format. The JSON file also includes a digital signature that allows for authenticity of the data, independent of the transport over which it is delivered.

“The addition of a CIP Security pull model for configuration makes it easier to replace devices to minimize downtime and allows for configuration data to be automatically provided to mobile devices and devices on a private network,” said Dr. Al Beydoun, President and Executive Director of ODVA. “CIP Security development is a continuous effort to help deter bad actors from accessing EtherNet/IP networks that enable efficient production in critical industries across the world.”

The importance of cybersecurity continues to grow as more devices than ever before are being connected by users to the network via wireless and Single Pair Ethernet (SPE) technologies. Additionally, the connection of the device level network to ERP and cloud systems to take advantage of the latest Artificial Intelligence (AI) analytics to optimize operations means that a defense in depth approach that includes device level security is imperative.

CIP Security already takes advantage of robust, proven, and open security technologies, including TLS and DTLS for secure transport, hashes or HMAC as a cryptographic method of providing data integrity and message authentication, X.509v3 digital certificates, OAuth 2.0, and, OpenID Connect for authentication, and encryption to prevent reading or viewing of EtherNet/IP data by unauthorized parties. CIP Security now includes a pull model for configuration data to enable mobile device and private network connectivity along with improved device replacement.

CIP Security is a robust device level security protection for EtherNet/IP that can help vendors and end users to prepare for regulations such as the European Union Cyber Resilience Act (CRA) and to achieve compliance with security standards such as IEC 62443. Visit odva.org to obtain the latest version of The EtherNet/IP Specification including CIP Security.

About ODVA

ODVA is an international standards development and trade organization with members from the world’s leading automation suppliers. ODVA’s mission is to advance open, interoperable information and communication technologies for industrial automation. Its standards include the Common Industrial Protocol or “CIP™,” ODVA’s media independent network protocol – and industrial communication technologies including EtherNet/IP, DeviceNet® and others. 

For interoperability of production systems and their integration with other systems, ODVA embraces the adoption of commercial-off-the-shelf, standard Internet and Ethernet technologies as a guiding principle. This principle is exemplified by EtherNet/IP – today’s leading industrial Ethernet network.

More Information

Visit ODVA online at www.odva.org.

For more information, contact:

Steven Fales

ODVA

4220 Varsity Drive, Suite A, Ann Arbor, MI 48108-5006 USA

TEL     +1 734 975 8840

Fax      +1 734 922 0027

Email   sfales@odva.org CIP, CIP Security, and EtherNet/IP are trademarks of ODVA, Inc. DeviceNet is a registered trademark of ODVA, Inc. Other trademarks are the property of their respective owners.            

Related Story

Level Sensors Are the Latest Addition to EtherNET/IP Process Device Profiles

ODVA announced on March 31, 2025, that level sensors are the latest option for process device profiles to be added to The EtherNet/IP Specification. Process device profiles help users to reduce complexity and to more quickly install new devices in the event of an unplanned replacement. Standardized semantics and scaling for process variables and diagnostics that are made possible by process device profiles for EtherNet/IP significantly improve vendor interoperability and prepare process data for use with edge and cloud analytics.

Related Articles


Latest Articles

  • ABB Contactor Selection Guide Canada

    October 1, 2025 ABB contactors are among the most reliable electrical switching devices in industrial automation. As Canada’s leading ABB authorized distributor, Proax has helped thousands of engineers and technicians select the right ABB contactor for their applications. Whether you’re designing a new motor control panel or replacing existing equipment, choosing the right ABB contactor can… Read More…

  • 25 Advanced Motion Control Questions Answered

    October 1, 2025 Electromate has compiled a list of 25 advanced mechatronic engineering FAQs covering inertia, vibration, servo safety, control tuning, encoder resolution, and motion system design, and provided answers from their team of experts across the country. How do I model moment loading in real-world applications with offset payloads? Moment loading should be calculated… Read More…


Featured Article

Revolutionizing Material Movement with Autonomous Mobile Robots

Revolutionizing Material Movement with Autonomous Mobile Robots

In today’s fast-paced manufacturing and logistics industries, the need for efficient and flexible material movement solutions has never been greater. Traditional methods like conveyor systems, forklifts, and manual pushcarts have served us well, but they come with limitations.

That’s why Omron is thrilled to announce the launch of their game-changing MD Series of Autonomous Mobile Robots (AMRs). Read more


Products

  • PISA-M Electronic Circuit Breakers: New NEC Class 2 Compliant Variants Available

    October 6, 2025 PULS introduces new 4-channel electronic circuit breakers designed specifically for power distribution in NEC Class 2 circuits, expanding the existing PISA-M series. PISA-M enables the safe distribution of load current into four individual Class 2 circuits. This offers a cost-effective alternative to multiple individually approved NEC Class 2 compliant power supplies, reducing both acquisition costs and… Read More…

  • Meet Your PULS Team Soon at SPS 2025!

    October 6, 2025  Experience PULS’ Better Power solutions for industrial automation live Join PULS from 25th to 27th November 2025 at the Messezentrum Nürnberg in Hall 10, Booth 340. PULS is back at SPS 2025 in Nuremberg, with a fireworks display of innovations and a clear promise: Better Power – for your machines, your systems, your growth. Here is… Read More…