New ConneXium Tofino Products Deliver a Simple Way to Secure Automation Systems
Schneider Electric has selected Tofino Security technology, from Belden Inc., to protect its industrial automation systems. The new ConneXium Tofino Security Solution is a suite of products that hardens industrial systems against network incidents and cyberattacks, improving operational security, reliability and performance.
In the last decade, industrial automation systems have been increasingly linked to business systems as organisations look to work smarter and more efficiently. Legacy industrial communication systems originally designed to work only within facility walls are now a hub of information activity, with intelligence passing back and forth between the plant floor and, when necessary, the outside world.
At the same time, the cyber threat level for critical infrastructure, especially threats aimed at energy, water and transportation systems, has increased dramatically.
“Processors and manufacturers are continuously threatened by new and increasingly dangerous cyberattacks, which require greater vigilance and security,” said Dave Doggett, program director for Industry Cyber Security at Schneider Electric. “The ConneXium Tofino Industrial Security Solution provides a key element in mitigating risks by managing the traffic to and from Schneider Electric automation devices before patches are applied or new more secure products deployed.”
“In addition this capability can be used to enforce plant procedure by blocking inappropriate programming commands to devices, preventing mistakes. By collaborating with the experts at Tofino Security, we are able to provide our customers with an easy-to-deploy industrial grade firewall that works seamlessly with our systems.”
The core of the new product line is the ConneXium Tofino Firewall, a rugged security appliance. By inspecting each network message that passes through it, the firewall can ensure that only the right network messages from the right computers can be sent to critical controllers. Hacking attempts, deliberately corrupted messages and even network traffic storms are stopped dead by the ConneXium Tofino Firewall.
The popular Modbus protocol is further secured using the Deep Packet Inspection capabilities provided by the ConneXium Tofino Modbus TCP Enforcer module. Only “allowed” Modbus commands from “allowed” devices go through the firewall, preventing incidents caused by inappropriate remote programming or deliberately corrupted messages from malware until appropriate patches or changes can be applied to the control system.
The firewall is configured using the new ConneXium Tofino Configurator, Windows-based software that includes Tofino’s patented Plug-n-Protect technologies. “We have worked hard to make the ConneXium Tofino a solution that can be used out of the box,” said Eric Byres, CTO and vice president of engineering at Tofino Security. “Engineers don’t need to be security experts to secure their facility with Tofino.” See Eric Byres article on the Tofino Blog, "Making SCADA Security Simple with the Schneider ConneXium Tofino Firewall" (14/11/2012).
An example of the Plug-n-Protect technologies included in the ConneXium Tofino are 15 pre-configured templates for major Schneider automation products. Engineers simply select the models of Schneider product they are using in their plant from the templates. They then decide which devices they want to allow communications to and the ConneXium Tofino Configurator automatically determines the appropriate rules. The software also includes expert technology that looks for common mistakes in firewall programming and proposes possible improvements.
Bob Lockhart, senior research analyst, Pike Research commented, “Automation systems face unique cyber security challenges that require protection, built by companies that understand how those systems work. Lacking extravagant IT budgets, automation systems also require cyber security systems that just work, with a minimum of human intervention. Companies want to focus on their core business, not the enabling technology.”
Once in the field, it is easy to keep the ConneXium Tofino Firewall up-to-date using Tofino Security Profiles. These are sets of tailored rules and protocol definitions that defend against newly disclosed vulnerabilities and malware. Each Tofino Security Profile is packaged so that it can be quickly deployed without impacting operations, thereby providing a quick and effective defense against new threats. For example, recently Schneider Electric utilized the Tofino Security Profile feature to make available mitigation against publicly announced vulnerabilities in its Modicon PLC product line, allowing customers quick access to a mitigation prior to the subsequent release of new firmware without the need to interrupt production for a firmware update until a scheduled maintenance period.
The ConneXium Tofino Security Solution is the latest offering in the ConneXium family of industrial communications and security products. Earlier in 2012 the ConneXium Eagle Firewall was released, providing boundary protection and encryption for industrial facilities.
Short Takes – 12-20-24
-
*We need to address APT threats. Oh, by the way what is an APT*?
SCADAMAG.Infracritical.com article. Pull quote: “After this non-exhaustive
search for a ...
No comments:
Post a Comment