Now that security issues have moved front and center in the industrial control discussion thanks to Stuxnet, industry operations of all sizes and types are starting to develop security strategies.
To help address this issue of control system security strategy development, Byres Security Inc., a subsidiary of Belden Inc., has released the Tofino SCADA Security Simulator (TSSS). TSSS, which is part of the Tofino Industrial Security Solution, is basically a control system in a box, designed to demonstrate the vulnerability of SCADA and PLC components to security failures and allow for the testing of solutions to address the gaps. Beyond testing of solutions for training purposes, the software also demonstrates how to secure specific processes using the Tofino Security Appliance.
Available simulations in TSSS include gas pipelines, power facilities, chemical plants and water utilities.
According to Byres Security, a typical TSSS demonstration starts by showing how SCADA and industrial control systems operate. Next, SCADA-specific malware attacks the control system and destroys the process. Finally, the system is secured using applications such as the Tofino Industrial Security Solution.
The core benefit of TSSS is the demonstration, rather than simple presentation, of security system protection. "You can only be so effective when trying to explain cyber security to someone using a deck of PowerPoint slides,” Joel Langill, CSO of SCADAhacker.com. “When you shift the discussion to an actual demonstration showing both an attack and a successful mitigation to an attack, people actually understand it."
Langill, a security consultant, says he uses TSSS not only for simple demonstrations of cyber security controls, but also to implement various security strategies offline. Using these offline strategies, he then develops corresponding Tofino Security Appliance configuration schemes that can be applied to online production systems such as SCADA/HMI applications as well as PLCs, RTUs and application servers.