Read about the Tofino™ Industrial Security Solution below, or Click here to be directed to the all NEW  Tofino Security website.

The Tofino™ Industrial Security Solution Intrinsically Secure™

The threat to safe and reliable control systems
Over the past decade, critical control systems have increasingly adopted information technologies such as Windows™ Ethernet™, TCP/IP and web services. Unfortunately this means that PLC, DCS and SCADA systems are now exposed to attack from viruses, hackers and possibly terrorists from around the world. In 2003 the Slammer Worm interrupted power distribution SCADA systems, infected the safety parameter display system (SPDS) and process computers in a nuclear plant and impacted oil operations in the Gulf of Mexico. Hackers have also infiltrated water treatment SCADA systems with key loggers, shut down petroleum loading facilities and deliberately caused sewage spills. Even innocent security scans of PLC and SCADA networks have caused millions of dollars of production losses for companies.

Tofino_Page_Image_1.png













Figure 1: Pathways Used by External Cyber Attacks on Control Systems (Source: Industrial Security Incident Database, June 2006)

Traditional firewall solutions aren’t working
Despite industries’ best efforts to isolate our control systems from the outside world, the bad guys (and bugs) still get in. Traditional firewalls are too complex for most security professionals to configure correctly and are even harder to set up properly on the plant floor. And once a virus or hacker gets past the control system firewall, the typical PLC or DCS is an easy target for attack. Control devices and protocols offer no authentication, integrity or confidentiality mechanisms and can be completely controlled by any individual that can “ping” the device. Nor can they be easily patched or have security features added to them even when security vulnerabilities are discovered. This leaves millions of legacy control systems open to attack from even the most inexperienced hacker.

Tofino_Page_Image_2.pngFigure 2: Critical Errors in Professionally Configured Firewalls
(Source: Avishai Wool, IEEE Computer Magazine, June 2004)

A defense-in-depth solution for industry
The Tofino™ Industrial Security Solution is designed specifically to provide industrial companies with a defense-in-depth solution for both new and legacy control systems. Think of it as a combination personal firewall and intrusion detection system for operator stations, PLCs, RTUs and DCS, giving your control system layers of security with which to protect itself, rather than one single point of security failure. Plug a Tofino™ appliance onto the control network in front of a PLC, DCS or HMI station and it learns what type of device it needs to protect, looks up the device’s vulnerabilities in a central database and then tunes itself to protect that specific device. It even understands SCADA and process control protocols, so it acts as a barrier to prevent all unauthorized access while in no way obstructing valid control commands. And traffic can be controlled down to specific commands from specific devices, such as only allowing read commands from certain HMIs or blocking all PLC programming commands.

Tofino.jpg
Figure 3: The Tofino Industrial Security Appliance

More than a firewall, more than a VPN
Best of all, the Tofino™ Industrial Security Solution is much more than a firewall since its dynamically loadable security modules can provide encryption, intrusion detection and control protocol-aware security solutions tailored to specific plant floor situations. For example, one Tofino™ appliance might be configured to act as a firewall for a group of PLCs, while another might be configured to be an encryption system for DCS traffic. Tofino™ appliances can even be loaded with multiple security modules, so that they can offer multiple security features at the same time.

A security solution created by controls engineers for controls engineers
The Tofino™ Industrial Security Solution revolutionizes industrial Ethernet security by providing an Intrinsically Secure™ solution right out of the box. Unlike traditional IT firewall or encryption solutions, the Tofino™ Industrial Security Solution was designed from the ground up with the environment, staff capabilities and needs of industry in mind. Its patent-pending zero configuration features make it so simple that electricians and instrumentation mechanics can install it without any training. Field technicians simply attach power to a Tofino™ appliance, connect the network cables and walk away, instantly transforming vulnerable control devices into highly secure fortresses. No IP addressing to worry about, no complex firewall rules to set up. At the same time, the Tofino™ Industrial Security Solution gives company security experts and control system specialists the tools to confidentially monitor and manage the security of the control system from anywhere in the world. Its management console is based on standard control systems concepts (such as PLC programming and Fieldbus configuration tools) so an industrial controls practitioner, rather than the security specialist, can commission and manage security for the plant floor. For example, the patent-pending “Device-Focused Rule Creation” means that all firewall rule sets are automatically created with the needs of the device to be protected in mind, not with the design of the firewall in mind. This is very different from the traditional firewall, which takes a very firewall-centric viewpoint, often to the confusion of the firewall administrator.

Helping you meet the emerging industrial security standards
The Tofino™ Industrial Security Solution is the only security system flexible enough to be used by a
small plant with a single PLC, yet still able to meet the needs of a multi-national organization with thousands of critical devices scattered around the globe. Features like remote thin-client management, configurable heartbeat reporting and global policy control make it scalable for all sizes and types of industrial environments.

CMP_1.jpgThe Tofino™ Industrial Security Solution is the ideal solution to help companies address compliance with evolving security standards such as ISA SP-99 and the North American Electrical Reliability Council’s (NERC) security regulations CIP-002…009. For example, ISA SP-99 Part 2 states “The organization shall design or select mitigation controls to address the risks identified. The set of risk mitigation controls should be common across the organization to reduce the likelihood of implementation issues between different groups.” The ability for the Tofino™ Solution to be tailored for specific control devices, yet be deployed and managed across the entire organization directly addresses this requirement.

If making your plant floor, SCADA system or manufacturing facility secure, safe and reliable is important to you, then check out the Tofino™ Industrial Security Solution. It will make your control system Intrinsically Secure™.

Download Product Information sheet
tofino_brochure_new.jpg





For detailed product and pricing information please click here or email tofino@byressecurity.com

Tofino™ is MUSIC certified. For more information click here.

                                          Music_Logo.png

Tofino™ uses General Public License (GPL) code for its operating system and some of its utilities. If you would like a copy of the GPL code please send your name, shipping address and a money order (sorry, no cheques) for $20 CAD to cover DVD duplication and shipping and handling. Please allow 6-8 weeks for delivery. (March 24, 2008)

Byres Security Inc. and Byres Research
P.O. Box 178
Lantzville BC V0R 2H0

Phone: 250-390-1333
Fax: 250-390-3899
Email: info@byressecurity.com