Cyber security: Firewall device creates its own rules

Security appliance is smart enough to create rules based on its own observations. The new module from MTL Instruments and Byres Security is said to provide a safe and secure means of locating what is on control system networks. It is designed for industrial control operations in critical industries such as oil and gas, manufacturing, utilities and power generation, and it can....


Creating cyber defense-in-depth often involves adding small firewall devices at internal levels of a control system. Now those devices can be smart enough to create their own firewall rules based on observation of traffic patterns.


MTL Instruments and Byres Security Inc . have released a new loadable security module (LSM) for their Tofino industrial security device that reportedly discovers and identifies network


Tofino provides device-level industrial Ethernet security.


Asset management tools from the IT world have been available for over a decade, but they are typically based on the principle of sending probing messages onto the network to discover what is deployed. Unfortunately for industrial users, there have been many documented cases where these discovery messages have caused SCADA and process control systems to crash.


In 2005, Sandia National Laboratories released a report describing a number of serious events from use of these tools, including this example: “A ping sweep was being performed to identify all hosts that were attached to the network, for inventory purposes, and it caused a system controlling the creation of integrated circuits in the fabrication plant to hang. The outcome was the destruction of $50,000 worth of wafers.”


As a result, many major energy and manufacturing companies have restricted or banned the use of IT-style asset tools on industrial networks, leaving control engineers without any techniques to determine what is actually connected to their network at any given moment.


The company says the new module provides a safe and secure means of locating what is on control system networks. Designed specifically for industrial control operations in critical industries such as oil and gas, manufacturing, utilities and power generation, the Tofino never probes the control devices. Instead, it listens for traffic and then uses special characterization techniques to determine the types of control devices on the network.


When it discovers a new device, it prompts the system administrator to either accept its deductions and insert the new device into the network inventory diagram, or flag the device as a potential intruder. This way, an up-to-the-minute network map is always available to the control engineer.


Eric Byres, CTO at Byres Security Inc., notes: “Passive scanning techniques have been discussed in academic literature or released in open source projects before, but as far as we are aware, this may be the first successful commercial application of the technology in the world.”


The module also guides the user while creating appropriate firewall rules to allow or block messages, based on what it has learned about the network traffic. Technical complexities such as IP addressing and TCP/UDP port numbers are managed behind the scenes, making firewall configuration easier for a controls professional.Also from Control Engineering :

Inside look: How MTL Instruments fits with Cooper Industries


—Edited by Peter Welander, process industries editor, ,
Process & Advanced Control Monthly
Register here and scroll down to select your choice of free eNewsletters.


No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Sister act: Building on their father's legacy, a new generation moves Bales Metal Surface Solutions forward; Meet the 2015 Engineering Leaders Under 40
2015 Mid-Year Report: Manufacturing's newest tool: In a digital age, digits will play a key role in the plant of the future; Ethernet certification; Mitigate harmonics; World class maintenance
2015 Lubrication Guide: Green and gold in lubrication: Environmentally friendly fluids and sealing systems offer a new perspective
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security
Cyber security attack: The threat is real; Hacking O&G control systems: Understanding the cyber risk; The active cyber defense cycle
Designing positive-energy buildings; Ensuring power quality; Complying with NFPA 110; Minimizing arc flash hazards
Building high availability into industrial computers; Of key metrics and myth busting; The truth about five common VFD myths
New industrial buildings: Greener, cleaner, leaner; New building designs for industry; Take a new look at absorption cooling; Offshored jobs start to come back

Annual Salary Survey

After almost a decade of uncertainty, the confidence of plant floor managers is soaring. Even with a number of challenges and while implementing new technologies, there is a renewed sense of optimism among plant managers about their business and their future.

The respondents to the 2014 Plant Engineering Salary Survey come from throughout the U.S. and serve a variety of industries, but they are uniform in their optimism about manufacturing. This year’s survey found 79% consider manufacturing a secure career. That’s up from 75% in 2013 and significantly higher than the 63% figure when Plant Engineering first started asking that question a decade ago.

Read more: 2014 Salary Survey: Confidence rises amid the challenges

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.