Ethernet/IP Gets a Security Boost with New ODVA Profile

ODVA Ethernet/IP

The ODVA, formerly the Open DeviceNet Vendors Association, is the organization that maintains communication standards that are used by Rockwell Automation, Omron, Honeywell, and many other companies. The standards provide a roadmap for manufacturers to follow so that their components can be used on different platforms with little changes required from the end users. With IIoT and Industry 4.0 expanding across all industrial automation fields over the past years, the ODVA has been forced to take action to increase security for Ethernet/IP firewalls.

 

Ethernet devices are common in virtually every modern facility and operation. Image used courtesy of Unsplash

 

Bringing The Internet Into Automation

The internet initially provided a new way for people to communicate and share digital data. Now, with the advent of IIoT technology, the internet is becoming a way for automation equipment to communicate and share data. This presents an inherent security risk: if an unwanted guest were to access robots, equipment, or even processes remotely, factories could experience unnecessary downtime, or even worse, someone could get hurt. This is why it’s so important for companies to develop best practices and implement security tools, like firewalls.

 

CIP Security Device-Based Firewall

A firewall is a computer engineering term for software that blocks or allows traffic through a network connection. Most computers have some kind of firewall installed along with the operating system that is updated regularly, but many industrial control devices don’t have an operating system, so they do not have firewalls installed by default. For this reason, the ODVA has developed a CIP Security (common industrial protocol) device-based firewall that allows filtering of traffic based on IP address, port, and even protocol.

This common standard empowers Ethernet/IP device manufacturers with CIP security to determine which nodes can safely communicate to the network and which encryption standard is required.

 

How do Firewalls Work?

A firewall is essentially a mapping list with known IP addresses and ports, and a set of security rules that are updated regularly. The software will determine if a device has been allowed to communicate with devices on the network or not. The firewall can also allow for special routing rules depending on the connecting IP address or port. This gives the user full control over exactly which devices can interact with equipment and represents another layer of protection.

 

ODVA Logo. Image used courtesy of ODVA

 

Applications of Protocol Profiles

Data collection from automated equipment is valuable to manufacturers for predictive maintenance, calculating return on investments, and monitoring overall machine efficiency. Accessing this data in cloud applications requires that the automation equipment be connected to the internet, a process that was once a terrible risk, but is now necessary.

Today, connecting equipment to the internet is quickly becoming the norm, opening companies up to digital attacks where data can be stolen or equipment can be remotely controlled. There are many different ways to prevent outside attackers, like passwords and multi-factor authentication, but a firewall is always the first wave of protection from digital attacks. Once a firewall is configured, only the permitted devices can access the network.

The ODVA has applied a tried-and-true method from computer engineering and brought it down to the device level. This extra layer of protection could be the barrier that prevents your next digital attacker from stealing your company’s and your customers’ valuable data.