| |

New CIP Security Pull Model for Configuration Data Available

April 10, 2025

New CIP Security Pull Model for Configuration Data Available

ODVA is pleased to announce that a new pull model for configuration data is now available for CIP Security, the cybersecurity network extension for EtherNet/IP. This new profile is in addition to the existing pull model for CIP Security certificates which allows for efficient distribution of device authenticity information. The CIP Security pull model for configuration information will allow for parameters in JSON format to be automatically available for EtherNet/IP network-capable devices.

This new configuration data will make it possible for non-CIP devices, such as mobile phones and tablets, to access secure EtherNet/IP information and for hierarchical metadata to be more readily available. CIP Security now includes a pull model for configuration data and device certificates along with security properties, including a broad trust domain across a group of devices, a narrow trust domain by user and role, data confidentiality, device and user authentication, device and user identity, and device integrity.

The CIP Security pull model for configuration defines a file encoded format for delivering CIP Security configuration as well as a mechanism for a device to pull or query this configuration. The pull model for configuration is valuable when the traditional CIP object/server/attribute mechanism of delivering the CIP Security configuration is not appropriate. Use cases for the new CIP Security pull model for configuration include software that does not have CIP target functionality, such as with a mobile device application and with devices that are on a private network with Network Address Translation (NAT) that has configuration software on the public network.

Additionally, the pull model for configuration can help improve device replacement by being able to automatically provide the needed communication configuration on top of automatically pulling the certificate. The CIP Security pull model for configuration can be delivered via a JSON file, which provides the advantage over the CIP object/service method of decoupling the configuration from the transport. The CIP configuration information structure is still retained when using a JSON format. The JSON file also includes a digital signature that allows for authenticity of the data, independent of the transport over which it is delivered.

“The addition of a CIP Security pull model for configuration makes it easier to replace devices to minimize downtime and allows for configuration data to be automatically provided to mobile devices and devices on a private network,” said Dr. Al Beydoun, President and Executive Director of ODVA. “CIP Security development is a continuous effort to help deter bad actors from accessing EtherNet/IP networks that enable efficient production in critical industries across the world.”

The importance of cybersecurity continues to grow as more devices than ever before are being connected by users to the network via wireless and Single Pair Ethernet (SPE) technologies. Additionally, the connection of the device level network to ERP and cloud systems to take advantage of the latest Artificial Intelligence (AI) analytics to optimize operations means that a defense in depth approach that includes device level security is imperative.

CIP Security already takes advantage of robust, proven, and open security technologies, including TLS and DTLS for secure transport, hashes or HMAC as a cryptographic method of providing data integrity and message authentication, X.509v3 digital certificates, OAuth 2.0, and, OpenID Connect for authentication, and encryption to prevent reading or viewing of EtherNet/IP data by unauthorized parties. CIP Security now includes a pull model for configuration data to enable mobile device and private network connectivity along with improved device replacement.

CIP Security is a robust device level security protection for EtherNet/IP that can help vendors and end users to prepare for regulations such as the European Union Cyber Resilience Act (CRA) and to achieve compliance with security standards such as IEC 62443. Visit odva.org to obtain the latest version of The EtherNet/IP Specification including CIP Security.

About ODVA

ODVA is an international standards development and trade organization with members from the world’s leading automation suppliers. ODVA’s mission is to advance open, interoperable information and communication technologies for industrial automation. Its standards include the Common Industrial Protocol or “CIP™,” ODVA’s media independent network protocol – and industrial communication technologies including EtherNet/IP, DeviceNet® and others. 

For interoperability of production systems and their integration with other systems, ODVA embraces the adoption of commercial-off-the-shelf, standard Internet and Ethernet technologies as a guiding principle. This principle is exemplified by EtherNet/IP – today’s leading industrial Ethernet network.

More Information

Visit ODVA online at www.odva.org.

For more information, contact:

Steven Fales

ODVA

4220 Varsity Drive, Suite A, Ann Arbor, MI 48108-5006 USA

TEL     +1 734 975 8840

Fax      +1 734 922 0027

Email   sfales@odva.org CIP, CIP Security, and EtherNet/IP are trademarks of ODVA, Inc. DeviceNet is a registered trademark of ODVA, Inc. Other trademarks are the property of their respective owners.            

Related Story

Level Sensors Are the Latest Addition to EtherNET/IP Process Device Profiles

ODVA announced on March 31, 2025, that level sensors are the latest option for process device profiles to be added to The EtherNet/IP Specification. Process device profiles help users to reduce complexity and to more quickly install new devices in the event of an unplanned replacement. Standardized semantics and scaling for process variables and diagnostics that are made possible by process device profiles for EtherNet/IP significantly improve vendor interoperability and prepare process data for use with edge and cloud analytics.

Related Articles


Latest Articles

  • Festo Didactic Showcases Technical Education and Training at Hannover Messe 2025

    Festo Didactic Showcases Technical Education and Training at Hannover Messe 2025

    May 20, 2025 By Krystie Johnston Hannover Messe 2025 was an extra special event for Festo. The Festo Group celebrated their 100th anniversary, Festo Canada celebrated their 50th anniversary, and Festo Didactic celebrated their 60th anniversary. Festo Didactic, the education arm of the company, understands how important education is for empowering individuals, driving economic growth,… Read More…

  • EtherCAT in Boost Mode

    May 14, 2025 EtherCAT and PC-based control in test bench technology EtherCAT is by far the fastest Industrial Ethernet technology. Nevertheless, the data acquisition process at Kraus & Naimer’s cam controller test benches called for an even shorter bus cycle. To achieve the required performance, Beckhoff specialists reduced the previous cycle time from 100 µs… Read More…


Featured Article

Revolutionizing Material Movement with Autonomous Mobile Robots

Revolutionizing Material Movement with Autonomous Mobile Robots

In today’s fast-paced manufacturing and logistics industries, the need for efficient and flexible material movement solutions has never been greater. Traditional methods like conveyor systems, forklifts, and manual pushcarts have served us well, but they come with limitations.

That’s why Omron is thrilled to announce the launch of their game-changing MD Series of Autonomous Mobile Robots (AMRs). Read more


Products

  • Electromate to Offer UR7e, UR12e & UR15 Collaborative Robots from Universal Robots

    May 20, 2025 Electromate is expanding its lineup of collaborative automation solutions with the addition of three advanced models from Universal Robots: the UR7e, UR12e, and UR15. These robots provide enhanced options for payload, reach, and precision in demanding collaborative applications. The UR7e delivers a 7 kg payload, 1300 mm reach, and ±0.03 mm repeatability. Positioned between the UR5e and… Read More…

  • Redefining Non-Invasive Temperature Measurement

    May 14, 2025 iTHERM SurfaceLine TM611 provides accuracy and response time comparable to invasive temperature measurement. The non-invasive thermometer iTHERM SurfaceLine TM611 by Endress+Hauser can be used across all industries for a wide range of demanding industrial applications. The surface-mounted thermometer measures process temperature without the risk of leakage and flow disruption. A specially designed… Read More…