ConneXium Tofino: a simple way to secure automation systems

Belden Inc. is announcing that Schneider Electric has selected its Tofino Security technology to protect its industrial automation systems. The new ConneXium Tofino Security Solution is a suite of products that hardens industrial systems against network incidents and cyberattacks, improving operational security, reliability and performance.

In the last decade, industrial automation systems have been increasingly linked to business systems as organisations look to work smarter and more efficiently. Legacy industrial communication systems originally designed to work only within facility walls are now a hub of information activity, with intelligence passing back and forth between the plant floor and, when necessary, the outside world. At the same time, the cyber threat level for critical infrastructure, especially threats aimed at energy, water and transportation systems, has increased.

Dave Doggett, programme director for Industry Cyber Security at Schneider Electric, says: "Processors and manufacturers are continuously threatened by new and increasingly dangerous cyberattacks, which require greater vigilance and security. The ConneXium Tofino Industrial Security Solution provides a key element in mitigating risks by managing the traffic to and from Schneider Electric automation devices before patches are applied or new more secure products deployed.

"In addition this capability can be used to enforce plant procedure by blocking inappropriate programming commands to devices, preventing mistakes. By collaborating with the experts at Tofino Security, we are able to provide our customers with an easy-to-deploy industrial grade firewall that works seamlessly with our systems."

At the core of the new product line is the ConneXium Tofino Firewall, a rugged security appliance. By inspecting each network message that passes through it, the firewall can ensure that only the right network messages from the right computers can be sent to critical controllers. Hacking attempts, deliberately corrupted messages and even network traffic storms are stopped dead by the ConneXium Tofino Firewall.

The popular Modbus protocol is further secured using the Deep Packet Inspection capabilities provided by the ConneXium Tofino Modbus TCP Enforcer module. Only "˜allowed' Modbus commands from "˜allowed' devices go through the firewall, preventing incidents caused by inappropriate remote programming or deliberately corrupted messages from malware until appropriate patches or changes can be applied to the control system.

Plug-n-Protect technology

The firewall is configured using the new ConneXium Tofino Configurator, Windows-based software that includes Tofino's patented Plug-n-Protect technologies. Eric Byres, CTO and vice president of engineering at Tofino Security, says: "We have worked hard to make the ConneXium Tofino a solution that can be used out of the box. Engineers don't need to be security experts to secure their facility with Tofino."

An example of the Plug-n-Protect technologies included in the ConneXium Tofino are 15 pre-configured templates for major Schneider automation products. Engineers simply select the models of Schneider product they are using in their plant from the templates. They then decide which devices they want to allow communications to and the ConneXium Tofino Configurator automatically determines the appropriate rules. The software also includes expert technology that looks for common mistakes in firewall programming and proposes possible improvements.

Bob Lockhart, senior research analyst, Pike Research comments: "Automation systems face unique cyber security challenges that require protection, built by companies that understand how those systems work. Lacking extravagant IT budgets, automation systems also require cyber security systems that just work, with a minimum of human intervention. Companies want to focus on their core business, not the enabling technology."

Once in the field, it is easy to keep the ConneXium Tofino Firewall up-to-date using Tofino Security Profiles. These are sets of tailored rules and protocol definitions that defend against newly disclosed vulnerabilities and malware. Each Tofino Security Profile is packaged so that it can be quickly deployed without impacting operations, thereby providing a quick and effective defense against new threats. For example, recently Schneider Electric utilised the Tofino Security Profile feature to make available mitigation against publicly announced vulnerabilities in its Modicon PLC product line, allowing customers quick access to a mitigation prior to the subsequent release of new firmware without the need to interrupt production for a firmware update until a scheduled maintenance period.

The ConneXium Tofino Security Solution is the latest offering in the ConneXium family of industrial communications and security products. Earlier in 2012 the ConneXium Eagle Firewall was released, providing boundary protection and encryption for industrial facilities. The ConneXium Tofino Firewall is available for order now from Schneider Electric. For further information about Belden's Tofino Security technology, go to


Edisonstraat 9
Postus 9
5928 PG Venlo
5900 AA

+31 77 387 8555

More news
1 day ago
Making linear motion and pneumatics product selection simple
Matara UK has launched its new website. Redesigned from the bottom up, and now supports ecommerce with an advanced filter system enabling customers to quickly and easily select products that meet their exact criteria.
2 days ago
Thorite accredited to Norgren Premier Partnership Programme
Norgren has announced long standing distributor, Thorite, has become the first company to be accredited on its new Premier Partnership Programme.
2 days ago
Fanuc unites automation community to address labour crisis
In a bid to address the ongoing manufacturing labour crisis, Fanuc UK is uniting a collective of automation experts, bringing together more than 30 leading names from across the automation and robotics industry to debate and discuss the most pressing issues facing the manufacturing sector.
2 days ago
ABB rebrands autonomous mobile robot portfolio
ABB has launched its first range of rebranded autonomous mobile robots (AMRs) following its acquisition of mobile robot leader ASTI Mobile Robotics in 2021.
3 days ago
Roxtec creates new role to support green energy projects
Cable and pipe seal manufacturer Roxtec will deliver increased support for its customers on their green energy journey with the creation of a new key decarbonisation role within the business.
3 days ago
Festo aims for CO2 neutrality by 2023
Festo has committed to massively reduce its carbon footprint over the next two years, aiming for CO2 neutrality by 2023.
3 days ago
Essentra opens new eastern Europe hub
Essentra Components has opened a new European distribution hub in Łódź, Poland to enhance service and lay the foundations for future growth.
3 days ago
Double accolade for NSK at Toyota supplier awards
NSK Europe is celebrating a double scoop at the prestigious Toyota Motor Europe (TME) awards: a Certificate of Recognition (in the Supply category) and a Superior Performance Award (in the Quality category).
4 days ago
Lesjöfors expands to Turkey through the acquisition of Telform
Lesjöfors has signed an agreement to acquire 100 percent of the shares in Telform, a Turkish spring manufacturer. With the transaction, Lesjöfors expands its production footprint, in line with its ambition to build the leading spring, wire and flat strip component group.
4 days ago
Siemens and Sustamize collaborate on carbon emissions data
To provide access to the most up to date CO2e emission data for materials and energies, Siemens Digital Industries Software is collaborating with climate tech company Sustamize to enable companies to measure, optimise and manage CO2 emissions.

Login / Sign up