ConneXium Tofino: a simple way to secure automation systems

Belden Inc. is announcing that Schneider Electric has selected its Tofino Security technology to protect its industrial automation systems. The new ConneXium Tofino Security Solution is a suite of products that hardens industrial systems against network incidents and cyberattacks, improving operational security, reliability and performance.

In the last decade, industrial automation systems have been increasingly linked to business systems as organisations look to work smarter and more efficiently. Legacy industrial communication systems originally designed to work only within facility walls are now a hub of information activity, with intelligence passing back and forth between the plant floor and, when necessary, the outside world. At the same time, the cyber threat level for critical infrastructure, especially threats aimed at energy, water and transportation systems, has increased.

Dave Doggett, programme director for Industry Cyber Security at Schneider Electric, says: "Processors and manufacturers are continuously threatened by new and increasingly dangerous cyberattacks, which require greater vigilance and security. The ConneXium Tofino Industrial Security Solution provides a key element in mitigating risks by managing the traffic to and from Schneider Electric automation devices before patches are applied or new more secure products deployed.

"In addition this capability can be used to enforce plant procedure by blocking inappropriate programming commands to devices, preventing mistakes. By collaborating with the experts at Tofino Security, we are able to provide our customers with an easy-to-deploy industrial grade firewall that works seamlessly with our systems."

At the core of the new product line is the ConneXium Tofino Firewall, a rugged security appliance. By inspecting each network message that passes through it, the firewall can ensure that only the right network messages from the right computers can be sent to critical controllers. Hacking attempts, deliberately corrupted messages and even network traffic storms are stopped dead by the ConneXium Tofino Firewall.

The popular Modbus protocol is further secured using the Deep Packet Inspection capabilities provided by the ConneXium Tofino Modbus TCP Enforcer module. Only "˜allowed' Modbus commands from "˜allowed' devices go through the firewall, preventing incidents caused by inappropriate remote programming or deliberately corrupted messages from malware until appropriate patches or changes can be applied to the control system.

Plug-n-Protect technology

The firewall is configured using the new ConneXium Tofino Configurator, Windows-based software that includes Tofino's patented Plug-n-Protect technologies. Eric Byres, CTO and vice president of engineering at Tofino Security, says: "We have worked hard to make the ConneXium Tofino a solution that can be used out of the box. Engineers don't need to be security experts to secure their facility with Tofino."

An example of the Plug-n-Protect technologies included in the ConneXium Tofino are 15 pre-configured templates for major Schneider automation products. Engineers simply select the models of Schneider product they are using in their plant from the templates. They then decide which devices they want to allow communications to and the ConneXium Tofino Configurator automatically determines the appropriate rules. The software also includes expert technology that looks for common mistakes in firewall programming and proposes possible improvements.

Bob Lockhart, senior research analyst, Pike Research comments: "Automation systems face unique cyber security challenges that require protection, built by companies that understand how those systems work. Lacking extravagant IT budgets, automation systems also require cyber security systems that just work, with a minimum of human intervention. Companies want to focus on their core business, not the enabling technology."

Once in the field, it is easy to keep the ConneXium Tofino Firewall up-to-date using Tofino Security Profiles. These are sets of tailored rules and protocol definitions that defend against newly disclosed vulnerabilities and malware. Each Tofino Security Profile is packaged so that it can be quickly deployed without impacting operations, thereby providing a quick and effective defense against new threats. For example, recently Schneider Electric utilised the Tofino Security Profile feature to make available mitigation against publicly announced vulnerabilities in its Modicon PLC product line, allowing customers quick access to a mitigation prior to the subsequent release of new firmware without the need to interrupt production for a firmware update until a scheduled maintenance period.

The ConneXium Tofino Security Solution is the latest offering in the ConneXium family of industrial communications and security products. Earlier in 2012 the ConneXium Eagle Firewall was released, providing boundary protection and encryption for industrial facilities. The ConneXium Tofino Firewall is available for order now from Schneider Electric. For further information about Belden's Tofino Security technology, go to www.belden.com.

Belden

Edisonstraat 9
Postus 9
5928 PG Venlo
5900 AA
NETHERLANDS

+31 77 387 8555

venlo.salesinfo@belden.com

www.belden.com

More from Belden

Alliance to secure industrial automation and control networks

Posted 2 years ago

Belden publishes "˜Time-sensitive Networking for Dummies'

Posted 3 years ago

Belden releases Industrial Cyber Security for Dummies

Posted 4 years ago

Multiprotocol I/O modules simplify machines for global markets

Posted 4 years ago

Belden demonstrate "TSN Ready" switches at Hannover Messe

Posted 4 years ago

TSN software update for Hirschmann switches RSPE35 and RSPE37

Posted 4 years ago

Belden's BAT867-R Wireless Access Point is compact and rugged

Posted 4 years ago

Belden's MSP40 switch offers flexible port options

Posted 4 years ago

Reduce risk and maximise uptime with Industrial HiVision 7.0

Posted 4 years ago

Belden launches OWL LTE M12 cellular router

Posted 4 years ago

The changing face of future automation networks

Posted 4 years ago

Belden launches additions to Lumberg LioN-Power System

Posted 4 years ago

Time-sensitive networking: a key automation network technology

Posted 4 years ago

Belden's connectivity technology meets future PROFINET Standard

Posted 4 years ago

Belden joins industry effort for time-sensitive networking

Posted 4 years ago

Belden to highlight tomorrow's technologies at SPS/IPC/Drives

Posted 4 years ago

New space-saving Hirschmann OCTOPUS switch from Belden

Posted 5 years ago

Belden offers secure remote access for industrial networks

Posted 5 years ago

Belden delivers complete industrial LAN for Saudi pharma plant

Posted 5 years ago

Two new lines of switches for cost-effective data transfer

Posted 5 years ago

Mid-range Gigabit speed switch for industrial networks

Posted 5 years ago

Hirschmann OCTOPUS Gigabit Switch offers Power over Ethernet

Posted 5 years ago

TRUMPF customers enjoy guaranteed communication availability

Posted 5 years ago

Belden enhances security OS to better secure industrial networks

Posted 5 years ago

Hirschmann and Secomea sign Partnership Agreement

Posted 5 years ago

Cordsets deliver reliability in confined automation settings

Posted 5 years ago

Multiprotocol I/O modules boost flexibility and convenience

Posted 5 years ago

Belden unmanaged switch: send data over long distances

Posted 5 years ago

ICS Security Guide to Hirschmann Switches

Posted 5 years ago

Belden to highlight innovations at SPS/IPC/Drives 2015

Posted 5 years ago

Belden contributes to standards for time-sensitive networks

Posted 6 years ago

Industrial HiVision software now offers comprehensive security

Posted 6 years ago

Belden is a Development Partner for Connected Industry Platform

Posted 6 years ago

Belden and Weidmüller present modular infrastructure box

Posted 6 years ago

Belden router streamlines management of industrial networks

Posted 6 years ago

WLAN software enables secure and reliable wireless connections

Posted 6 years ago

Belden joins AVnu Alliance to support IoT

Posted 6 years ago

Flexible, entry-level Ethernet switch for industrial networks

Posted 6 years ago

Gigabit switch redesigned: improved uptime in harsh environments

Posted 6 years ago

Moulded cord sets support high-speed network connections

Posted 6 years ago

Belden's multi-port industrial firewalls gain added flexibility

Posted 7 years ago

Versatile new industrial router and security appliance

Posted 7 years ago

Cord sets designed for extreme wash-down environments

Posted 7 years ago

Industrial Ethernet switches for future-proof network design

Posted 7 years ago

Tofino Xenon and Configurator 2.0 for control system security

Posted 7 years ago

Belden introduces EMEA-wide network certification program

Posted 7 years ago

Entry-level industrial Ethernet switches for harsh environments

Posted 7 years ago

"˜Near wired' reliability for industrial wireless devices

Posted 7 years ago

Less complexity for managed switches for industrial networks

Posted 7 years ago

Monitor Hirschmann switch status with new HiMobile App

Posted 7 years ago

Industrial HiVision 5.1 can increase network availability

Posted 7 years ago

Belden to show Industry 4.0 live demo at Hanover Fair 2014

Posted 7 years ago

DataTuff Industrial Ethernet cables and connectivity

Posted 7 years ago

ConneXium Tofino Firewall protects EtherNet/IP communications

Posted 7 years ago

Belden offers efficient option for power over Ethernet

Posted 7 years ago

Industrial Ethernet infrastructure design seminar with Belden

Posted 7 years ago

Belden launches 24/7 technical support plan in EMEA

Posted 7 years ago

Network protection with EAGLE One industrial security router

Posted 7 years ago

WLAN firmware extends useful life of industrial wireless devices

Posted 7 years ago

Belden launches Industrial HiVision v5.0 with free trial

Posted 8 years ago

Hirschmann Brand OBR40 optical bypass relay

Posted 8 years ago

Complete Lumberg Automation connector portfolio from Belden

Posted 8 years ago

New service for automatic update of Industrial HiVision

Posted 8 years ago

Hirschmann field-attachable valve connectors from Belden Inc.

Posted 8 years ago

Belden extends its Lumberg Automation LioN-R Series

Posted 8 years ago

Belden adds Hirschmann PowerMICE switch for DIN rail mounting

Posted 8 years ago

Lumberg Automation I/O modules for PROFINET and EtherNet/IP

Posted 8 years ago

OCTOPUS PoE switches with integrated power supply

Posted 8 years ago

New Lumberg automation robotic product programme from Belden

Posted 8 years ago

OCTOPUS Train-BP, a new Hirschmann brand managed IP67 switch

Posted 8 years ago

New Lumberg Automation wash-down connectors from Belden

Posted 8 years ago

Optical communications technology for tunnel-boring machines

Posted 8 years ago

The Connectivity Center speeds up customer-specific developments

Posted 8 years ago

Belden adds Hirschmann and Lumberg Automation brands

Posted 12 years ago

Wolfgang Babel named new president of Belden EMEA

Posted 13 years ago

Belden launches new distributor programme

Posted 13 years ago

New DataBus cables for Fieldbus applications

Posted 13 years ago

Specialist cables for factory and process automation

Posted 13 years ago

Belden to exhibit new products at GITEX 2007

Posted 14 years ago

Belden to exhibit at INTERKAMA 2007

Posted 14 years ago

Belden publishes 500-page connectivity catalogue

Posted 14 years ago

PAT becomes Hirschmann's Electronic Control Systems division

Posted 14 years ago

Hirschmann Automation and Control founds joint venture in China

Posted 14 years ago

More news