Surf’s up! Named for the famous British Columbia surfing beach Tofino, MTL Instruments and Byres Security have finally released the first integrated hardware/software suite of cyber security applications designed specifically for use on the plant floor.
This suite, called the Tofino Security Solution, is based on Eric Byres’ significant observation about the biggest problem in industrial security. Byres, CEO of Byres Security Inc., has said many times, “The purpose of IT security is to protect the data on the server. All of the edge devices (PCs, network appliances, etc.) and even logged on users are expendable. The purpose of plant floor cyber security is to protect the local control devices and the process. In an emergency, the entire control network is expendable, as long as local loop control can be maintained.”
The Tofino Security Solution is designed to protect the local control devices and maintain them free from attack.
This is a necessary solution because industrial control networks were never designed for security in the way that enterprise IT networks have been. They have always, in fact, been designed to be open networks, as open as possible.
“It is easy to see how open networks benefit end users, EPCs and system vendors alike,” says Graeme Philp, CEO of MTL Instruments, “being based on international standards. Openness brings with it public familiarity and that can open the way to security issues such as hacking or viruses. Open systems need multilayer protection that can be installed and commissioned without needing a PhD in IT. And the protection needs to be idiotproof, bombproof and basically install and configure itself.”
With that, MTL introduces the Tofino Security Solution, developed by Byres Security.
“For years,” says Byres, “the IT world has known that a big corporate firewall is just not enough when it comes to security. The Tofino Security Solution brings the strategy of critical edge protection to the control system, giving the most important devices in our plants (the PLC, DCS, HMI) the same defense in depth security that the IT department gives the receptionist’s desktop computer. In other words, Tofino is the personal firewall, IDS and VPN for the plant floor controller.”
The complete Tofino Industrial Security Solution consists of four basic components.
The first is the Tofino Security Appliance, which is an industrially hardened field device intended to be installed in front of individual and/or clusters of digital communications devices in the field that use Ethernet or serial communications.
Next are Tofino Loadable Security Modules (LSMs) that are a variety of software plugins providing security services such as firewalls, intrusion detection systems and VPN encryption. Easch LSM is downloaded into the Security Appliances.
The management of the solution is provided by the Tofino Central Management Platform (CMP) – a Windows-based central management and database control system for monitoring and configuration of each security device. The CMP sits anywhere on the plant control system network. Finally, there is the Tofino CMP Graphics Station, a Java-based GUI station for remote access to the CMP by security and controls specialists.
All of the Tofino Security Suite will be available immediately except this last product, which will be available in early 2008.
According to Byres, “Tofino is designed to make security work for the control technician, not the other way around.”
The Tofino products are unique,” says Ian Verhappen, Director of Networking for MTL, the marketers of Byres Security’s Security Solution, “in that they are designed by control engineers for control engineers. The product is based on many of the same principles as Foundation Fieldbus, the reliability of the system is inherent to the design, and many operators will be easily familiarized with its operation. Not only are the Tofino modules suitable for the plant environment but in addition to being secure they are also simple to install, maintain and still “just keep ticking.”
For more information contact MTL Instruments www.mtl-inst.com or in North America, 1-877-334-3579