Logo Hilscher

Introducing the First SoC With Multi-Protocol CIP Security Features

For a boost to cyber-security at the field level, we’re pleased to announce our netX 90 system on a chip (SoC) product family now includes a beta release of EtherNet/IP™ protocol firmware with CIP Security™, the goal of which is to enable Common Industrial Protocol (CIP™)-connected devices to protect themselves from malicious communications. This new EtherNet/IP CIP Security firmware supports I/O data signatures and encryption, as well as device identity verification via device identity and web server certificates. The firmware also integrates various user management features.

 

In addition, the new CIP Security profile leverages netX 90 hardware-based security features, such as Secure Boot — a “close to hardware” functionality that ensures only the original firmware is started and executed on a device. Using the netX Studio Integrated Development Environment (IDE), you can develop and sign firmware with a private key, download the signed firmware and public key to the device, and then verify the firmware with the key during netX 90 startup. As part of Secure Boot, you can also configure four security levels with options that increase the protection level.

 

Other notable cyber-security features include the following:

 

Secure communications. The new EtherNet/IP CIP Security firmware for netX 90 supports the EtherNet/IP Confidentiality Profile. Most secure communications are based on the Transport Layer Security (TLS) stack on top of the TCP/IP stack and netX 90 crypto accelerator hardware. The netX 90 chip also supports secure web server access with HTTPS protocol support, while a user database lets you easily define user groups, roles and related data access rights. 

 

Certificate deployment. The firmware provides greater flexibility when generating and deploying security certificates — with or without a public key infrastructure (PKI). It does so using two main methods:

  • Configuring security via the application with an API over the dual-port memory interface.
  • Using protocol-specific methods and tools like Rockwell FactoryTalk® Policy Manager. 

 

To learn more about our EtherNet/IP CIP Security firmware, please visit our website.