Security breakthrough for OPC-based industrial automation

BRITISH COLUMBIA, Canada -- Byres Security Inc. today announced the release of the new Tofino OPC Enforcer firewall, part of the Tofino Industrial Security Solution. This new module locks down any industrial network using the previously hard-to-secure OPC Classic protocol.According to a company spokesperson, the Tofino OPC Enforcer provides superior security over what can be achieved with conventional firewall solutions. The result is improved network reliability, availability and security for any process control or SCADA company using OPC.

OPC Classic is widely used in control systems as an interoperability solution, interfacing control applications from multiple vendors. Unfortunately, as numerous studies show, the technologies underlying it were designed before network security issues were widely understood. As a result, OPC Classic has been almost impossible to secure until now.

Thomas J. Burke, the president of the OPC Foundation, notes; "The Tofino OPC Enforcer is an important innovation and a great solution for all the systems that currently use OPC Classic – approximately 90% of all industrial networks."

While the OPC Foundation is working hard to get its new and more secure OPC-UA technology into the marketplace, it will be years, if not decades, before all legacy OPC DA, HAD and A&E installations are replaced. In the meantime, the Tofino product addresses the security gap by providing a plug-and-protect solution that can be deployed in minutes without changes to existing OPC systems.
 
The Tofino OPC Enforcer provides two important benefits to control systems users:

1.    It provides robust security and stability for any system using OPC DA, HAD or A&E, thus preventing industrial network attacks and accidents. Unlike other firewalls, this product inspects, tracks and secures every connection made by an OPC application, opening only the exact TCP port required for a connection between an OPC client and server.

2.    It is implemented without any control system changes. The Tofino hardware is simply installed into the live network and configured using a drag-and-drop editor to select permitted clients and servers. Once installed, network security is assured, with all OPC traffic managed behind the scenes.

The recent Stuxnet worm attacks against Siemens HMIs and PLC systems has highlighted the need for better security on the plant floor. At the same time, many incidents result from internal network problems.

"Past industrial shutdowns, for example, haven't been caused by hackers. Instead they were the result of badly configured software causing traffic storms that impacted critical controllers and other systems," said Eric Byres, security expert and chief technical officer at Byres Security. "The Tofino OPC Enforcer LSM does much more than block hackers and viruses from accessing automation systems. Its dynamic port management techniques prevent many basic network problems from spreading throughout a plant or SCADA system."

Availability and Requirements
The Tofino OPC Enforcer is available now from Byres Security and from leading automation industrial suppliers MTL Instruments and Belden/Hirschmann. It requires the Tofino Security Appliance, the Tofino Central Management Platform and the Tofino Firewall LSM. The technology will also be available as a stand-alone appliance, the Triconex Tofino Firewall from Invensys Operations Management in Q4 2010.

What are your comments?

You cannot post comments until you have logged in. Login Here.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments