SCADA security simulator

Byres Security (now part of Beldon - see our blog Major Acquisition strengthens war on Stuxnet etc...) has released the new Tofino SCADA Security Simulator (TSSS), part of the Tofino Industrial Security Solution. The product is a complete control system in a box, designed to demonstrate the vulnerability of SCADA and PLC components to security failures, and to test new solutions. It makes the impact of security failures to critical industrial processes easy to grasp, and it shows how to secure processes using the Tofino Security Appliance (TSA). The TSSS is an important tool for helping infrastructure operators, vendors, systems integrators, government agencies and researchers improve Industrial Control System (ICS) security.

Eric Byres demonstrates the new TSSS in this video!

“Cyber threats to industrial processes have been difficult to demonstrate, making it hard to test designs, train staff or research mitigating technologies,” remarked Eric Byres, CTO and VP Engineering of Byres Security. “Now, with the Tofino SCADA Security Simulator anyone can understand both the impact of security breaches on industrial processes and how to stop them.”

A typical TSSS demonstration starts by showing how SCADA and Industrial Control Systems operate, using a widely deployed PLC to control production. Next, SCADA specific malware attacks the control system and destroys the process. Finally, the system is secured using leading technology such as the Tofino Industrial Security Solution. The TSSS provides hands-on experience and reveals the impact of SCADA security in a tangible and visual manner.

Joel Langill, CSO of SCADAhacker.com, explains: "You can only be so effective when trying to explain cyber security to someone using a deck of PowerPoint slides. When you shift the discussion to an actual demonstration showing both an attack and a successful mitigation to an attack, people actually understand it."

Joel continues: "As a security consultant, I use the TSSS not only for simple demonstrations of cyber security controls, but also to implement various security strategies in an offline manner. I can then develop corresponding Tofino Security Appliance configuration schemes which can be applied to online production systems. I find it very handy to be able to use the TSSS with a variety of SCADA / HMI applications, and with associated field control equipment like PLCs, RTUs and application servers."

The Tofino “complete SCADA simulation system in a box” is available in a portable carry-on case, or in a large “trade-show” format. It comes with simple step-by-step instructions for demonstrating SCADA operations, security risks and security solutions. Simulations are available for gas pipelines, power facilities, chemical plants and water utilities. The product is available now from Byres Security and from Tofino Certified VARs.

• See Eric Byres's blog: A Truly Portable SCADA Security Simulator (29/9/2011)