Firewall Mitigates OPC Cyber Risks

April 30, 2010
Since introducing the Tofino industrial firewall in 2007, Byres Security Inc. has partnered with a variety of automation suppliers to roll out numerous versions of the system.

The latest name added to the list is Invensys Operations Management (IOM), with the announcement today of the Triconex/Tofino OPC firewall.

Billed as a “groundbreaking” cyber-security solution, the product is the first firewall that protects integrated solutions based on OPC Classic, according to IOM. The text of the press release from Invensys Operations Management follows:

April 30, 2010/Plano, Texas—Invensys Operations Management, a global provider of technology systems, software solutions and consulting services to the manufacturing and infrastructure operations industries, has teamed with Byres Security Inc. and MTL Instruments to deliver a ground-breaking cyber security solution. The new Triconex/Tofino OPC firewall will harden industrial safety systems against network accidents and attacks. It is the first firewall that protects integrated applications based on OPC Classic, the world’s most widely used industrial integration protocol.

To enable greater interoperability of its Triconex safety systems, Invensys pioneered embedding OPC servers within its Tricon communications module (TCM). To ensure that these modules were cyber secure, Invensys teamed with Byres Security, which had recently introduced the world’s first content inspection firewall for the Modbus TCP protocol as part of Byres Security’s Tofino product line, in order to create a firewall specifically for Triconex systems. The two companies then enlisted the services of MTL Instruments to build the security hardware. The result is the Triconex/Tofino OPC firewall, which is now available for Invensys customers using the Triconex TCM with the embedded OPC solution.

“Processors and manufacturers are continuously threatened by new and increasingly dangerous cyber attacks, which requires greater vigilance and security,” said Joe Scalia, portfolio architect, Invensys Operations Management. “The Triconex/Tofino OPC firewall mitigates those risks by managing the traffic to and from the Triconex TCM, providing further assurance that a cyber incursion will not compromise integrated communications between the safety and critical control systems and supervisory HMI or distributed control systems. By tapping into the Invensys Operations Management ecosystem of partners and collaborating with the renowned experts from Byres Security and MTL, we co-innovated to resolve a crucial client challenge and help them achieve safety excellence.”

The Triconex/Tofino OPC firewall provides security features developed specifically for Triconex and its embedded OPC Classic server to protect against malicious attacks and other threats to network operations. Users deploy the new firewall in front of the Triconex OPC server, thwarting attacks and traffic storms before they reach the safety and critical control system. It automatically mitigates risks related to previously published DCOM vulnerabilities, while providing packet management and rate limiting to prevent network traffic problems that could have an adverse effect on the stability of the safety system.

For many companies, good network reliability, like that provided by the Triconex/Tofino OPC firewall, is just as important as good security, and with its unique features and capabilities, the Triconex/Tofino OPC firewall can help avoid multi-million dollar accidents and untold environmental damage.

“Past plant shutdowns, for example, haven’t been caused by hackers. Instead they were the result of badly configured software causing traffic storms that impacted critical controllers and other systems,” said Eric Byres, security expert and technical officer at Byres Security. “The Triconex/Tofino OPC firewall does much more than block hackers and viruses from accessing the safety system. Its dynamic port management and built-in traffic-rate controls prevent many basic network problems from spreading throughout a plant.”

“The next generation of the OPC Foundation interoperability specifications, the OPC Unified Architecture, incorporates similar cyber security protection, based on the excellent work of founding companies like Byres Security, MTL Instruments and Invensys,” said Thomas J. Burke, president, OPC Foundation. “Launching the unique Invensys solution is the important milestone in demonstrating that users can secure the interoperability of OPC Classic within other applications without worrying about cyber security. As the use of OPC Unified Architecture expands, we look forward to collaborating with these market leaders to develop additional innovative, readily deployable solutions for the benefit of the entire OPC user community.”

“We were pleased to join Invensys in developing a firewall for their industry-leading Triconex safety solutions,” Byres said. “Together with MTL, we have delivered a solution that will improve plant safety and security, as well as enable manufacturers to deploy OPC to achieve new levels of interoperability for all of their operations, enabling, for example, tighter integration of safety and asset management systems to share data and help prevent trips.”

To download a free white paper or for more information about the new Triconex/Tofino OPC firewall, please visit www.tofinosecurity.com/triconex. For more information about migrating existing Triconex safety and critical control systems, please visit Invensys Operations Management at http://iom.invensys.com.  

Invensys Operations Management
http://iom.invensys.com

Sponsored Recommendations

Meet our experts - Reduce complexity of a DCS Migration

Sign up for a complementary onsite assessment.

Revolutionizing Germany’s energy landscape: The Wilhelmshaven floating LNG terminal

The German LNG terminal lays the groundwork for future sustainable energy initiatives. Here's how Schneider Electric helped make it happen.

Navigating Distributed Control Systems Migration

Navigating Distributed Control System (DCS) migrations doesn't have to be as complex as it seems. Whether you are planning a migration or seeking to enhance ...

Revolutionize process safety with Tricon CX V12

The most versatile TĂśV certified safety instrumented system. One system with a choice of architectures and form factors delivering a lifetime of safe, resili...