CIP (Common Industrial Protocol): CIP messages, device types, implementation and security in CIP
Common Industrial Protocol (CIP) was created by Open DeviceNet Vendors Association Company (ODVA) specifically for automating industrial processes for sharing the data among various components in ICS (Industrial Control Systems) networks through their protocols. ODVA supports different sections and extensions of CIP: CIP safety, CIP Energy, CIP Sync and CIP Motion.
The design and implementation of CIP is neither as simple as Modbus nor as complex and heavy as PROFINET. CIP comprises a set of messages and services for security, control, synchronization, configuration and sharing of information.
Learn ICS/SCADA Security
CIP has been adapted widely in ICS networks because it provides integration and inter-communication with different types of networks. They are:
- Ethernet/IP/IP: CIP adaptation to TCP (Transmission Control Protocol) technologies
- ControlNet: CIP adaptation to CTDMA (Concurrent Time Domain, Multiple Access) technologies
- DeviceNet: CIP adaptation to CAN (Controller Area Network) technologies
- CompoNet: CIP adaptation to TDMA (Time Division Multiple Access) technologies
CIP messages
CIP follows a pattern called the producer-consumer pattern. As the name suggests, producers produce and put messages into circulation for various consumer nodes in the network. Consumer receive messages and decide whether the particular message is intended for them or not. This is done on the basis of the identifier field present in the message.
Producers produce two types of messages, depending on the type of architecture being implemented and followed:
- Implicit message: An implicit message has identifier, data and CRC fields in it. The consumer node decides whether the received message is intended on the basis of the Identifier field present in the message
- Explicit message: A typical explicit message has four fields: origin, destination, data and CRC. The consumer node decides whether the received message is intended for it by reading the destination field value and accordingly takes the necessary action
CIP device types
On the basis of the functionality offered, CIP devices have been broadly categorized into four types:
- Messaging server: A messaging server supports only explicit messaging operations. This kind of device is used to store/push ASCII data in barcodes or RFID applications
- Messaging client: A messaging client supports only explicit messaging operations. This kind of device is used to pull ASCII data from barcodes or RFID applications
- I/O server: An I/O server supports both implicit and explicit messaging operations and are used in applications like photeyes, I/O muxes and valves
- I/O scanner: An I/O scanner supports all the functionalities offered in an I/O server. On top of that, it adds the capabilities for opening the connection and initiating the transfers. It can serve as both receivers and senders of output data
CIP implementation
As discussed above, CIP is implemented for four types of networks. While implementation remains the same for ControlNet, DeviceNet and CompoNet, implementation for Ethernet/IP is different.
- Ethernet/IP implementation: Introduced in 2001, Ethernet/IP is one of the protocols implementing CIP protocol. Thus, CIP was implemented to the Ethernet network via Ethernet/IP. CIP works on the application layer in the Ethernet network and Ethernet/IP functions on the transport and network layer of the TCP/IP stack. Explicit messages use TCP (Transmission Control Protocol) and implicit messages use UDP (User Datagram Protocol) for communication. Explicit messages use TCP port number 44818, while implicit messages use UDP port number 2222 for communication
- ControlNet, DeviceNet and CompoNet implementation: Unlike Ethernet/IP implementation, ControlNet, DeviceNet and CompoNet implementation uses different media for transmission and data transfer. These are CANBus, coaxial and round cables. CIP implementation varies depending upon the physical mechanism being used
Security in CIP
Since CIP is implemented in two forms, security considerations also vary depending on the implementation:
- Security concerns for Ethernet/IP implementation: Ethernet/IP is affected by all the vulnerabilities of Ethernet. Some of them include traffic capture and spoofing (impersonating messages from legitimate devices). Since it uses UDP, it is susceptible to malicious traffic injection and possibility of transmission route manipulation using IGMP
- Security concerns for ControlNet, DeviceNet and CompoNet implementation: This implementation uses a physical mechanism for transmission of information; thus, the best way to protect this kind of implementation is to segregate the implementation from the rest of the network, and they must be isolated from external connection. Implementing IDS/IPS systems is also advisable
Irrespective of the type of implementation, a typical CIP network should consider and implement a few other factors for maintaining optimum level security. Some of them include:
- Integrity: Rejecting data and messages that have been altered
- Authentication: Rejecting data and messages that have been sent by untrusted people/devices
- Authorization: Rejecting data and messages that request actions that are not allowed
Conclusion
That’s really all there is for CIP. CIP is a great protocol for industrial process automation. With the elegance and simplicity in design, it can be adopted and implemented easily and operated reliably and efficiently.
Learn ICS/SCADA Security
Sources
- Protocols and network security in ICS infrastructures, Incibe
- Common Industrial Protocol (CIP™), ODVA
- What is CIP?, RTA
- Common Industrial Protocol (CIP), PLC Manual
Learn ICS/SCADA Security
Build your critical infrastructure security skills with hands-on training in Infosec Skills. Train how you learn best:- Practice realistic scenarios
- Build hands-on skills
- Learn live or on-demand
- Get certified
In this Series
- CIP (Common Industrial Protocol): CIP messages, device types, implementation and security in CIP
- Securing operational technology: Safeguard infrastructure from cyberattack
- Operation technology sees rise in targeted remote access Trojans and ransomware
- Vehicle hacking: A history of connected car vulnerabilities and exploits
- Operational technology compromises: Low sophistication, high-frequency
- ICS/SCADA threats and threat actors
- Incident response and recovery best practices for industrial control systems
- BPCS & SIS
- Security Technologies for ICS/SCADA environments
- Data Loss Protection (DLP) for ICS/SCADA
- ICS/SCADA Wireless Attacks
- Security controls for ICS/SCADA environments
- SCADA & security of critical infrastructures [updated 2020]
- Open vs proprietary protocols
- Critical security concerns facing the energy & utility industry
- ICS/SCADA Social Engineering Attacks
- ICS/SCADA Malware Threats
- Biggest threats to ICS/SCADA systems
- SIEM for ICS/SCADA environments
- Intrusion Detection and Prevention for ICS/SCADA Environments
- Firewalls for ICS/SCADA environments
- ICS/SCADA Security Technologies and Tools
- The state of threats to electric entities: 4 key findings from the 2020 Dragos report
- Modbus, DNP3 and HART
- RS-232 and RS-485
- BACnet
- TASE 2.0 and ICCP
- FOUNDATION Fieldbus
- Account Management Concepts for ICS/SCADA environments
- PROFIBUS and PROFINET
- ICS Strengths and Weaknesses (from security perspective)
- Access Control Implementation in ICS
- ICS Components
- Access Control Models for ICS/SCADA environments
- ICS/SCADA Security Specialist/Technician Role
- Credential Management and Enforcement for ICS/SCADA environments
- IT vs ICS
- Process control network (PCN) evolution
- ICS protocols
- Saving lives with ICS and critical infrastructure security
- ICS/SCADA Access Controls
- Types of ICS
- Physical security for ICS/SCADA environments
- Introduction to SCADA security
- ICS/SCADA security overview
- Who Is Targeting Industrial Facilities and ICS Equipment, and How?
- Configuration of Anti-Virus and Anti-Malware Software within an ICS Environment
- MyPublicWiFi – A Windows Utility to manage ICS
- Situational awareness and ICS Using GRASS MARLIN
- Cyber risks for Industrial environments continue to increase
- Advice to a New SCADA Engineer
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Critical infrastructure
Securing operational technology: Safeguard infrastructure from cyberattack
Critical infrastructure
Operation technology sees rise in targeted remote access Trojans and ransomware
Critical infrastructure
Vehicle hacking: A history of connected car vulnerabilities and exploits
Critical infrastructure
Operational technology compromises: Low sophistication, high-frequency