ODVA announced Nov. 14 that its CIP Security cybersecurity network extension for EtherNet/IP protocol has added a new device-based firewall for enhanced intrusion deterrence. This firewall gives users a simple traffic filter similar to how the IP Tables program enables a firewall to be setup in Linux. The device-based firewall is enabled via a new CIP Security device-based firewall profile, which gives users the flexibility to enable or disable this feature as desired. This profile allows only known IP addresses to communicate using standard EtherNet/IP.
The CIP Security device-based firewall is a mechanism to filter traffic based on IP address, port and protocol. It’s implemented via a new CIP object called the Ingress Egress Object, which enables an allow list of known IP addresses, configuration of available cipher suites, and routing rule definitions based on IP addresses and port numbers. This means that EtherNet/IP devices with CIP Security can determine what nodes can be safely communicated with, and whether TLS or DTLS encryption is required. Also, users can decide whether other devices can route CIP communications through the configured CIP Security device. The new device-based firewall adds another layer of deterrence as a part of a defense in depth approach to help protect physical and digital assets from harm.
“CIP Security continues to add additional security capabilities such as the new device-based firewall to help protect EtherNet/IP devices from misuse that could lead to critical system damage or information loss,” says Jack Visoky, vice chair of the EtherNet/IP System Architecture Special Interest Group (SIG).
Dr. Al Beydoun, president and executive director of ODVA adds, “The prevention of unauthorized IP address and port numbers from accessing CIP Security-enabled EtherNet/IP devices allows for another layer of protection for critical industrial automation applications as a part of a defense-in-depth approach. The addition of the device-based firewall profile for CIP Security is another important update to continue the fight against malicious cyber intrusions that can lead to financial and reputational loss.”