PLANO, Texas - Invensys Operations Management has teamed with Byres Security Inc. and MTL Instruments to deliver what it calls "a ground-breaking cyber security solution." The new Triconex/Tofino OPC firewall will harden industrial safety systems against network accidents and attacks. It is the first firewall that protects integrated applications based on OPC Classic.
To enable greater interoperability of its Triconex safety systems, Invensys pioneered embedding OPC servers within its Tricon communications module (TCM). To ensure that these modules were cyber secure, Invensys teamed with Byres Security, which had recently introduced the world's first content inspection firewall for the MODBUS TCP protocol as part of Byres Security's Tofino product line, in order to create a firewall specifically for Triconex systems. The two companies then enlisted the services of MTL Instruments to build the security hardware. The result is the Triconex/Tofino OPC firewall, which is now available for Invensys customers using the Triconex TCM with the embedded OPC solution.
"Processors and manufacturers are continuously threatened by new and increasingly dangerous cyber attacks, which requires greater vigilance and security," said Joe Scalia, portfolio architect, Invensys Operations Management. "The Triconex/Tofino OPC firewall mitigates those risks by managing the traffic to and from the Triconex TCM, providing further assurance that a cyber incursion will not compromise integrated communications between the safety and critical control systems and supervisory HMI or distributed control systems. By tapping into the Invensys Operations Management ecosystem of partners and collaborating with the renowned experts from Byres Security and MTL, we co-innovated to resolve a crucial client challenge and help them achieve safety excellence."
The Triconex/Tofino OPC firewall provides security features developed specifically for Triconex and its embedded OPC Classic server to protect against malicious attacks and other threats to network operations. Users deploy the new firewall in front of the Triconex OPC server, thwarting attacks and traffic storms before they reach the safety and critical control system. It automatically mitigates risks related to previously published DCOM vulnerabilities, while providing packet management and rate limiting to prevent network traffic problems that could have an adverse effect on the stability of the safety system.
"Past plant shutdowns, for example, haven't been caused by hackers. Instead they were the result of badly configured software causing traffic storms that impacted critical controllers and other systems," said Eric Byres, security expert and technical officer at Byres Security. "The Triconex/Tofino OPC firewall does much more than block hackers and viruses from accessing the safety system. Its dynamic port management and built-in traffic-rate controls prevent many basic network problems from spreading throughout a plant."
"The next generation of the OPC Foundation interoperability specifications, the OPC Unified Architecture, incorporates similar cyber security protection, based on the excellent work of founding companies like Byres Security, MTL Instruments and Invensys," said Thomas J. Burke, president, OPC Foundation. "Launching the unique Invensys solution is the important milestone in demonstrating that users can secure the interoperability of OPC Classic within other applications without worrying about cyber security. As the use of OPC Unified Architecture expands, we look forward to collaborating with these market leaders to develop additional innovative, readily deployable solutions for the benefit of the entire OPC user community."
"We were pleased to join Invensys in developing a firewall for their industry-leading Triconex safety solutions," Byres said. "Together with MTL, we have delivered a solution that will improve plant safety and security, as well as enable manufacturers to deploy OPC to achieve new levels of interoperability for all of their operations, enabling, for example, tighter integration of safety and asset management systems to share data and help prevent trips."