Wednesday, January 16, 2013

Hardening vulnerable SCADA protocols

Successful security testing results announced!

Belden has announced vulnerability testing results of the Tofino Security Appliance by Digital Bond. Presented at the SCADA Security Scientific Symposium (S4) in Miami, Digital Bond’s findings revealed that the industry’s known sophisticated cyberattacks could not compromise the Tofino firewall.

“Advanced industrial communications opened the door to outside attacks and over the past few years these attacks have greatly increased in both volume and impacts. It’s our job to ensure that organizations stay secure in a rapidly evolving industrial environment,” said Eric Byres, CTO of Belden’s Tofino Security. (see also Major acquisition strengthens war on Stuxnet and other malware Sept 2011)

Digital Bond's Reid Wightman
“The Digital Bond team, led by Reid Wightman, a researcher at IOActive (and formerly with Digital Bond), shares our goal. Their testing and results demonstrate the strength of our security solutions, but also emphasize the critical nature of continuous assessment and the immediate resolution of discrepancies.”

Considered one of the world’s most respected sources for control system security research, Digital Bond’s security evaluations are among the most rigorous tests in the industry.

Both the Tofino Security Appliance and its management software withstood a variety of sophisticated reverse engineering attacks. The firewall was also subjected to flooding, fragmentation and fuzzing attacks designed to determine if it could be tricked into either blocking good messages or allowing bad messages. The Tofino Security Appliance passed these tests without issue.

Testing also included attacks on Modbus communications, the world’s leading industrial protocol. “Tofino Security provides an awesome security appliance that does the best possible job with the current protocols. It did an excellent job of securing the Modbus protocol, preventing disallowed function codes from getting through,” said Wightman.

He concluded: “I would recommend the appliance to anyone in search of an industrial cyber security solution. In all, I’m quite impressed with the Tofino Security Appliance.” Wightman’s concerns were with the SCADA and IP protocols themselves - he would like to see the industry start creating standards for new, more robust protocols this year.

Byres acknowledged Wightman's concerns, "The SCADA protocols were never designed with security in mind. It will take a major effort to either fix the existing protocols or create new ones. In the meantime, Tofino’s advanced Deep Packet Inspection determines if a message is a read or a write message and drops all write messages, significantly improving the security of the technologies that industry is using today."

In addition to Modbus, Tofino Security provides Deep Packet Inspection for the widely-used OPC and Ethernet/IP protocols. It is a key reason that major automation vendors Schneider, Honeywell, Emerson, Yokogawa and Invensys/Triconex have adopted Tofino and Belden firewalls to secure their systems. As a result, many new sales of critical SIS, PLC and DCS products include a robust industrial security solution from Belden.

For those companies that want even more security, Belden products such as the Tofino Virtual Private Network modules and Hirschmann Power Mice switches with Dynamic ARP Inspection provide robust anti-spoofing and integrity features. Belden's vision is to offer a layered solution that covers all aspects of critical industrial security.

“Customers need solutions designed for long-term implementation that just work,” said Byres. “Our advanced technologies—including Deep Packet Inspection—and our comprehensive lifecycle approach to industrial security contribute to such solutions. Thank you to Digital Bond for their thorough testing of our products.” (See Digital Bond Testing Proves Tofino Hardens Vulnerable SCADA Protocols on Tofino Blog page!)

No comments:

Post a Comment