Thursday, September 2, 2010

Security breakthrough for OPC-based industrial automation

New Tofino® OPC Enforcer technology secures any system using classic OPC, the world’s most widely used industrial integration protocol
Byres Security has released the new Tofino OPC Enforcer firewall, part of the Tofino Industrial Security Solution. This new module locks down any industrial network using the previously hard to secure OPC Classic protocol. Using deep packet inspection firewall technology, the Tofino OPC Enforcer provides superior security over what can be achieved with conventional firewall solutions. The result is improved network reliability, availability and security for any process control or SCADA company using OPC.

Byres Security have published an OPC Feature Page, which is a hub of information on OPC and security, and includes a link to download the new White Paper titled “Securing Your OPC Classic Control System” written by me and Thomas J. Burke, President of the OPC Foundation.
OPC Classic is widely used in control systems as an interoperability solution, interfacing control applications from multiple vendors. Unfortunately, as numerous studies show, the technologies underlying it were designed before network security issues were widely understood. As a result, OPC Classic has been almost impossible to secure until now.

Thomas J. Burke, the president of the OPC Foundation, notes; The Tofino OPC Enforcer is an important innovation and a great solution for all the systems that currently use OPC Classic – approximately 90% of all industrial networks”.

While the OPC Foundation is working hard to get its new and more secure OPC-UA technology into the market place, it will be years, if not decades, before all legacy OPC DA, HAD and A&E installations are replaced. In the meantime, the Tofino product addresses the security gap by providing a plug-n-protect solution that can be deployed in minutes without changes to existing OPC systems.

The Tofino OPC Enforcer provides two important benefits to control systems users:
  1. It provides robust security and stability for any system using OPC DA, HAD or A&E, thus preventing industrial network attacks and accidents. Unlike other firewalls, this product inspects, tracks and secures every connection made by an OPC application, opening only the exact TCP port required for a connection between an OPC client and server.

  2. It is implemented without any control system changes. The Tofino hardware is simply installed into the live network and configured using a drag and drop editor to select permitted clients and servers. Once installed, network security is assured, with all OPC traffic managed behind the scenes.
The recent Stuxnet worm attacks against Siemens HMIs and PLC systems has highlighted the need for better security on the plant floor. At the same time, many incidents result from internal network problems.

“Past industrial shutdowns, for example, haven’t been caused by hackers. Instead they were the result of badly configured software causing traffic storms that impacted critical controllers and other systems,” said Eric Byres, security expert and Chief Technical Officer at Byres Security. “The Tofino OPC Enforcer LSM does much more than block hackers and viruses from accessing automation systems. Its dynamic port management techniques prevent many basic network problems from spreading throughout a plant or SCADA system.”

Availability and Requirements
The Tofino OPC Enforcer is available now from Byres Security and from leading automation industrial suppliers MTL Instruments and Belden / Hirschmann. It requires the Tofino Security Appliance, the Tofino Central Management Platform and the Tofino Firewall LSM. The technology will also be available as a stand-alone appliance, the Triconex Tofino Firewall from Invensys Operations Management in Q4 2010.

No comments:

Post a Comment