Free Magazine Subscription
Printer-friendly version
Email to a Friend
MTL Instruments and Byres Security have released a loadable security module (LSM) for the Tofino Industrial Security Solution that discovers and identifies what devices are on the network and creates the firewall rules to control the traffic flowing to them, all without risk to the industrial process. This latest LSM, known as the Tofino Secure Asset Management module, locates devices and generates rules simply by analyzing the traffic on the network.
This innovation is a first in the industrial security world and possibly also in the IT security market, says MTL. Asset management tools in the IT world have been available for over a decade, but all are based on the principle of sending probing messages onto the network to discover what is deployed. Unfortunately for industrial users, there have been many documented cases where these discovery messages have caused SCADA and process control systems to crash.
In 2005, Sandia National Laboratories released a report describing a number of serious events from use of these tools, including this example: “A ping sweep was being performed to identify all hosts that were attached to the network, for inventory purposes, and it caused a system controlling the creation of integrated circuits in the fabrication plant to hang. The outcome was the destruction of $50K worth of wafers.”
As a result, many major energy and manufacturing companies have banned the use of IT-style asset tools on industrial networks, leaving control engineers without any techniques to determine what is actually connected to their network at any given moment.
Don’t probe, listen
According to MTL, with the release of the Tofino Secure Asset Management module, engineers now have a safe and secure means of locating what is on their control system networks; the Tofino does not probe the control devices but quietly listens for traffic and then uses special characterization techniques to determine the types of control devices on the network. When it discovers a new device, it prompts the system administrator to either accept its deductions and insert the new device into the network inventory diagram, or flag the device as a potential intruder.
Eric Byres, CTO at Byres Security, notes: “Passive scanning techniques have been discussed in academic literature or released in open source projects before, but as far as we are aware, this may be the first successful commercial application of the technology in the world.” And firewall expert Charles Payne of Adventium Labs said, “Tofino’s novel contextsensitive approach ensures appropriate security policies for each protected device. The new automatic asset discovery and automatic rule generation will ensure that nothing is missed. These capabilities are critical for creating informed security policy in the industrial world.”
