The ODVA has recently released updates to their specifications for EtherNet/IP, DeviceNet, CompoNet and ControlNet technologies, and the CIP Safety extension to the EtherNet/IP and DeviceNet networks. This release provides 44 enhancements to the specifications, including the additional of "quick-connect" functionality and the CIP safety extension to Ethernet/IP and DeviceNet.
As with most ICS protocols, there is little in terms of security, and this is no different with the ODVA protocols. In general, ICS protocols lack appropriate authentication between data users and data owners. Even if authentication is provided, there is little in the way of preventing session hijacking from occurring between authenticated sources due to the inability of most ICS devices to support embedded, on-board encryption (aka tunnels). This means that a sound SCADA design needs to begin with a thoroughly documented architecture diagram highlighting various control zones and communication conduits, and then provide sufficient compensating controls within the zones and conduits to mitigate the likelihood of a successful attack.
For additional information, you can view the ODVA announcement by clicking here.
No comments:
Post a Comment