The present invention relates to industrial control systems for controlling processes and machinery, and, in particular, to an authentication and firewall for industrial control systems.
Industrial controllers, such as programmable logic controllers (PLC's), are specialized electronic computer systems having processors and memories used in industrial control systems for the control of industrial processes and machinery. Industrial controllers are often used in factory environments, and are typically constructed to be substantially more robust against shock and damage and to better resist external contaminants and extreme environmental conditions. The processors and operating systems are optimized for real-time control and execute languages allowing ready customization of programs to comport with a variety of different controller applications and programs.
In contrast to more conventional computer systems, industrial control systems generally provide greater flexibility and hardware configuration (to match a variety of different control applications and programs) and have a higher standard of reliability and predictability necessary for real-time control of complex machinery. Greater flexibility in hardware configuration is typically obtained by a modular and distributed construction in which an industrial control system may be assembled of multiple modules, for example, a PLC connected to an arbitrary number of I/O modules, the latter providing communication with various switches and sensors on the machine.
The various components of the industrial control system may be connected together by means of a high-speed “control network” using a variety of special protocols that ensure predictable, timely and reliable communication of control data. For example, control network protocols may employ “connected messaging” in which the bandwidth of the network and buffer space is pre-allocated to dedicated “connections” to prevent lost or unpredictably delayed data transfer that can occur in standard network protocols such as Ethernet.
Protocol as used herein refers not simply to the format of the data (e.g., baud rate, the number of bits, error correction codes and the like), but also to the steps of establishing a connection, assigning addresses to connections, handling connection errors, sending acknowledgment messages and the like. Common Industrial Protocol (CIP) is a media independent industrial protocol for industrial automation applications supported by the Open DeviceNet Vendors Association (ODVA). CIP encompasses a comprehensive suite of messages and services for the collection of manufacturing automation applications, including control, safety, synchronization, motion, configuration and other information. Application extensions to CIP include CIP Safety, providing a communication between nodes such as safety I/O blocks, safety interlock switches, safety light curtains and safety PLCs in safety applications up to Safety Integrity Level (SIL) 3 according to IEC 61508 standards, CIP Motion, allowing integration of field devices and motion drives on the same network thereby eliminating the need for a separate motion optimized network, and CIP Sync, a time synchronization extension to CIP based on the recent IEEE-1588 standard—Precision Clock Synchronization Protocol for Networked Measurement and Control Systems—providing increased control coordination for sequencing demanding events recording, distributed motion control and other distributed applications. CIP maximizes compatibility among devices in an industrial system, and typical control networks implementing CIP include EtherNet/IP, DeviceNet, ControlNet and similar networks whose specifications are published and whose protocols are used broadly by a number of manufacturers and suppliers.
External clients or client devices, such as terminals having a processor, memory, keyboard, mouse and display, may typically be connected to the industrial controller through a user interface, such as a Universal Serial Bus (USB), whose specification is published and whose protocols are known. The client device, like the industrial controller, may also be connected to a Wide Area Network (WAN) or the Internet through a switch or gateway. Often, the client devices must communicate with industrial controllers to implement a variety of tasks, such as starting, stopping, updating, modifying, testing and/or monitoring the industrial controller, one or more I/O modules and/or one or more industrial processes or machines. However, CIP protocol does not actively authenticate the identity of connecting devices. Nor does CIP protocol authenticate the authority level of connecting devices. As a result, any requesting device that connects to the industrial controller may gain access to the industrial system and may compromise and/or disrupt the industrial system accordingly.