MTL, Byers advance cyber security technology

Luton, UK - MTL Instruments, part of Cooper Crouse-Hinds, and Byres Security Inc. have launched a loadable security module (LSM) for their Tofino cyber security system that can discover and identify what devices are on the network and create firewall rules to control the traffic flowing to them without risk to the industrial process. The Tofino Secure Asset Management module, locates devices and generates rules simply by analyzing the traffic on the network, said, MTL, which claimed the innovation as a first in the industrial security world and possibly also in the IT security market.

Asset management tools in the IT world have been available for years, but all are based on the principle of sending probing messages onto the network to discover what is deployed. However, these discovery messages have caused SCADA and process control systems to crash - leading many major energy and manufacturing companies to ban the use of IT-style asset tools on industrial networks, leaving control engineers without any techniques to determine what is actually connected to their network at any given moment.

Designed specifically for industrial control operations in critical industries such as oil and gas, manufacturing, utilities and power generation, the Tofino never probes the control devices. Instead, it quietly listens for traffic and then uses special characterisation techniques to determine the types of control devices on the network, explains MTL. When it discovers a new device, it prompts the system administrator to either accept its deductions and insert the new device into the network inventory diagram, or flag the device as a potential intruder. This way, an up-to-the-minute network map is always available to the control engineer.

Once it discovers everything on the network, the module guides the user through creating appropriate firewall rules to allow or block messages, based on what it has learned about the network traffic. Technical complexities such as IP addressing and TCP/UDP port numbers are managed behind the scenes, making the normally byzantine art of firewall configuration easy for the controls professional, claims MTL.

Among users who have tried out a pre-release version, Charles Payne of Adventium Labs, a firewall expert who has lead numerous US Navy security projects, said "Tofino's novel context-sensitive approach ensures appropriate security policies for each protected device. The new automatic asset discovery and automatic rule generation will ensure that nothing is missed. These capabilities are critical for creating informed security policy in the industrial world."

Passive scanning techniques have been discussed in academic literature or released in open source projects before, but notes Eric Byres, CTO of Byres Security "as far as we are aware, this may be the first successful commercial application of the technology in the world."