Thursday, 6 January 2011

First fixed configuration firewall for Modbus TCP!

Honeywell is expanding its use of Tofino technology with the release of its third Byres Security/MTL Instruments product – the Honeywell Modbus Read-only Firewall. Designed to secure any Safety Integrated Systems (SIS) used in industrial processes, the firewall detects and blocks any network messages that might change data, programs or settings in critical systems. The new security appliance provides an additional layer of protection against unwanted and harmful network traffic, thereby increasing network security, reliability and performance.

Honeywell products that use Tofino technology
• NEW - Honeywell Modbus Read-only Firewall
• OneWireless Firewall
• Honeywell Modbus TCP Firewall
Safety Instrumented Systems, such as Honeywell’s Safety Manager™, are the last line of defense against accidents in hazardous industrial processes such as oil refining and energy generation. They monitor the process continuously and automatically shut down the plant in a safe manner if they detect anomalous conditions. Their importance to the safety and reliability of the operations and staff of the entire facility means it is essential that SIS are secure from all threats, both accidental and malicious.

This is unique in the industry as it is the first fixed configuration firewall to use Tofino’s “deep packet inspection” technology against the popular SCADA protocol, Modbus TCP. This technology scans every network message, only allowing a very limited set of valid Modbus “Read-only” commands through to the safety system. These are safe commands that cannot be used by malware to change the functionality of the safety system. The firewall’s fixed rule sets remove the possibility of tampering or mis-configuration and significantly reduces the effort required by the plant to maintain the firewall.

This new product is Plug-n-Protect™ and pre-configured so that the firewall is simply installed into live networks between the safety system and other control systems. There is no configuration needed. Unlike IT-style firewalls that require highly-trained staff for installation, it can be used by facilities that need a solution that works instantly once it is connected to the network.

The Honeywell Modbus Read-only Firewall is not just for Honeywell safety systems. It can be used with any safety system product connected to Honeywell Experion systems via the Modbus TCP protocol. To date, Honeywell has tested and confirmed the firewall with three major vendor’s SIS products.

“We are delighted that Honeywell continues to expand its relationship with us, showing that Tofino technology is effective for Honeywell customers, and that there are multiple applications for Tofino within Honeywell’s product lines,” said Joann Byres, CEO of Byres Security Inc.

“Honeywell is a true industry leader in its focus on security for critical systems.” remarked Eric Byres, CTO of Byres Security Inc. “The fact that Honeywell has tested this product for other vendor’s safety systems shows that they want a solution that works for the entire industry.”

No comments:

Post a Comment