Tofino VPN Module for Securing Remote SCADA Communication

Byres Security Inc. and MTL Instruments, a division of Cooper Crouse-Hinds, have announced the introduction of the Tofino Virtual Private Network (VPN) product line as part of the Tofino Industrial Security Solution, extending cyber security beyond plant walls. The Tofino VPN Server LSM , the Tofino VPN Client LSM, and the Tofino VPN Client License are designed specifically to be simple to use and to securely connect facilities and people together over untrusted networks, such as the Internet.

Security for the Tofino VPN is provided by Secure Sockets Layer (SSL) – a proven technology that is the foundation of all web ecommerce and is widely considered to be less complex to configure than other VPN technologies. Deployment is completed centrally using the Tofino Central Management Platform (CMP), and does not require any changes to existing control system network design or addressing. Like other Tofino products, the Tofino VPN modules can also be operated in “test” mode before they are activated. All of these features make the setup of the Tofino VPN easy, ensuring that neither industrial security nor industrial reliability are compromised by complex configuration errors.

The Tofino VPN solution also integrates with the Tofino Firewall LSM and the Tofino Modbus TCP Enforcer LSM. According to Bryes, the Tofino VPN is unique, having an integrated SCADA-capable firewall that provides a high degree of granularity in setting access rules. For example, it allows the designation of specific computers (such as remote Human Machine Interface PCs) to have read-only access to PLCs for operational diagnostics, whereas a limited set of maintenance laptops can have remote programming access to PLCs.

Eric Byres, the CTO of Byres Security Inc., points out, “Our approach with the Tofino Industrial Security Solution is to deliver a system that is designed with the rugged environment, staff skills and needs of industry in mind, and that can be installed without plant downtime. Unlike IT VPN solutions, the Tofino VPN products are readily configured and managed by controls engineers, they can be tested and implemented without risk to industrial processes, they are part of an industrially hardened system and they support legacy automation devices and protocols.”