Home » Byres and MTL Take Tofino Outside the Plant
Byres and MTL Take Tofino Outside the Plant
By Andrew Bond, Industrial Automation Insider
Byres Security and MTL have jointly announced a significant addition to their Tofino cybersecurity solution, extending protection beyond the plant to communications with remote sites. Designed specifically to make authentication and encryption of SCADA and automation communications easy for control specialists, the Tofino Virtual Private Network (VPN) product line comprises Server and Client Loadable Security Modules (LSMs) and a VPN Client License and can be used securely to connect facilities and people together over untrusted networks such as the Internet. Applications are seen in the monitoring and control of remote sites from a central location; providing remote personnel with secure access to control systems; securing communications between critical controllers; and enabling legacy non-IP control traffic to be carried over IP networks.
As with Byres'earlier Tofino offerings, the emphasis is on providing a solution that can be set up and administered by control technicians without specialist IT support and ensuring that neither security nor reliability are compromised by configuration errors.
Security is provided by Secure Sockets Layer (SSL), widely used in commerce and selected because it is reckoned to be less complex to configure than other VPN technologies. Once the technician has installed the Tofino Security Appliances (SAs) in the field, deployment is completed centrally using the Tofino Central Management Platform (CMP) and without any changes to the existing control system network or addressing. Handling of security components occurs behind the scenes, with setup simply involving logging into and installing the VPN loadable modules into the SAs and then dragging and dropping the icons for SAs to pair the units. The LSMs create secure tunnels for communication between SAs, between SAs and PCs, and between SAs and supported third-party devices and, as with other Tofino products, VPN modules can be operated in "test" mode before they are activated.
As well as providing secure tunnels for communication, the VPN solution integrates with the Tofino Firewall and Modbus TCP Enforcers, ensuring that only "permitted" messages are distributed while preventing potentially dangerous transmissions such as a virus originating from a remote PC or a user sending inappropriate programming commands. As a result, it is claimed to be the only VPN solution currently available which has an integrated SCADA-capable firewall. The resultant high degree of granularity in setting access rules allows, for example, the designation of certain specific computers, such as remote HMI PCs, to have read-only access to PLCs for operational diagnostics, while a limited set of maintenance laptops can have remote programming access to PLCs.
"Our approach … is to deliver a system that is designed with the rugged environment, staff skills and needs of industry in mind, and that can be installed without plant downtime," said Byres Security CTO Eric Byres (Byres' wife Joann is CEO). "Unlike IT VPN solutions, the Tofino VPN products are readily configured and managed by controls engineers; they can be tested and implemented without risk to industrial processes; they are part of an industrially hardened system; and they support legacy automation devices and protocols."
ProComSol Distributes PowerXpress HART Power Solution
ProComSol Announces It Now Distributes PowerXpress HART Calibration Power Solution
West Texas Investigation Hampered by Inter-Agency Cat Fight
ATF and CSB in dispute about access to plant, witnesses, evidence.
News You Might Have Missed This Week from ControlGlobal and Elsewhere
Our Recap of Stories, Events and Ideas Floating Around the Internet Now
Fieldbus Foundation Launches Project Gemstone
New initiative is designed to make the fieldbus experience easier, more application-centered.
Pressure Sensors Monitor Remote Field Safety Trailers
AST Pressure sensors are used to monitor Nomadic safety trailers in the field in remote oil field locations.
Great Moments in Process Automation History
Take a broken soda fountain machine, a car a.c. unit, flavor mixes, water and CO2, add inventiveness; you get Americaís favorite frozen drink.
Smart Grid: Independent Testing Of Rossi's E-Cat Cold Fusion Device Shows Positive Results
Forbes magazine's tech contributor Mark Gibbs writes that independent testing of Andrea Rossi's E-CAT Cold Fusion Reactor has positive results.The implications of the possible commercialization of cold fusion power sources are incredible.
Compressor Controls: Saudi Aramco Buys First GE Compressor Control Systems
Saudi Aramco has purchased advanced compressor control technology from GE for the Haradh GOSP-1 facility in Saudi Arabia's Eastern Province.
SANS Control Security Training Coming to Houston
SANS Institute will hold ICS Security Training event on June 10-15 in Houston
ISA Training Through June in Houston
Technician training, engineering survival and SIS boot camps for condensed, intense, comprehensive educational experience.
- All news »
Access the entire print issue on-line and be notified each month via e-mail when your new issue is ready for you. Subscribe today.
- Featured White Papers