MTL, Byres advance cyber security plans
24 Nov 2006
Luton, UK -- MTL and Byres Security Inc. are ramping up their recently started cooperation to develop, manufacture and distribute a new industrial Ethernet security system, called Tofino, for both new and legacy SCADA and process control systems.
Under the deal, Luton-based MTL is to provide both the hardware platform and global sales/support channel for the product while Byres Security of Lantzville, British Columbia, will develop the security modules.
The partners are already in advanced talks with Honeywell as well as holding on-going discussions with Yokogawa, ABB and other automation majors to offer Tofino as an integrated part of their control system platforms, an MTL spokesman said.
Indeed, both partners were well represented at the Honeywell EMEA Users’ Group conference, 13-16 Nov in Seville. At the event, Eric Byres, CEO of Byres Security detailed the cyber security aspects of the latest version of Honeywell Safety Manager Release 110. Safety Manager – the safety instrumented system (SIS) component of its Experion process control and automation platform.
According to Byres: “Honeywell submitted its Safety Manager system for cyber-security testing, and the comprehensive tests did not impact the safety functions in any way,” said Eric Byres, who is founder of BCIT’s Critical Infrastructure Security Research team and also currently director of security at Wurldtech Research.
MTL, meanwhile, said the first Tofino product offering is due for release by Q2 2007 and will include Firewall, Intrusion Detection, MODBUS, and Ethernet/IP protection modules. An associated drag and drop, thin client network management interface will make security management and monitoring as easy as navigating a web page or installing an I/O module in a PLC, it claims.
According to MTL, Tofino is designed for optimum security and ease of installation and use. Field technicians, it said, can simply attach power, connect two network cables and walk away, instantly transforming vulnerable control devices into highly secure units.
Unlike traditional IT firewall or encryption solutions, Tofino was designed from the ground up with the environment, staff capabilities and needs of industry in mind. “Its patent pending zero configuration features make it so simple that electricians and instrumentation mechanics can install it without any training,” MTL claims.
Tofino is much more than a firewall, since its dynamically loadable security modules can also provide encryption, intrusion detection and control protocol-aware security solutions tailored to specific plant floor devices, the company added.
According to Byres: “Based on our research at the BCIT Centre for Critical Infrastructure Security, we knew that industry needed a security system flexible enough to be used by a small plant with a single PLC, yet still be able to meet the needs of multi-national organizations with thousands of critical devices scattered around the globe.”
Byres went on to comment: “It is time we accepted the fact that the staff operating and maintaining our critical control systems are, by necessity, highly trained control systems specialists and not information technology or security specialists. An electrician can’t afford to worry about creating access control lists for firewalls or configuring encryption certificates. Industrial security systems need to be based on a new paradigm that is understandable to the control technician.”