NETWORK SECURITY Tofino Industrial Security Appliance
PROCESS CONNECTIONS
Tofino Security Solution Deployment Over the past decade, critical control systems have increasingly adopted information technologies such as Windows, Ethernet, TCP/IP and web services. Unfortunately this means that PLC, DCS and SCADA systems are also exposed to attacks from viruses, hackers and even terrorist threats from around the world. In the field, tradesmen install the zero configuration Tofino Security Appliances in front of individual control devices or groups of control devices that require protection. Even with industries best efforts to separate control systems from the outside world, 100% isolation is no longer possible. Traditional firewalls are too complex for most control professionals to configure correctly and this problem is compounded by the location of the control devices themselves. While many industrial controllers are installed in industrial plants, others are installed in remote locations maintained by staff with little or no understanding of security technology. Thus a robust yet convenient means of remote management and administration based around a centralized management system is critical. Once activated, the Tofino Security Solution CMP quietly probes the network and locates any Tofino Security Appliances that have been installed on the network. CMP then sets up a secure encrypted link to each of these appliances for module downloading, configuration and monitoring. Alternatively, the security technician responsible for the CMP has the option to predefine the configurations and locations of the installed appliances or the system can come pre-configured direct from the factory, a true out of the box solution. The Tofino Security Architecture Getting it Right - Services The Tofino Industrial Security Solution is designed by Byres Security Inc. and MTL to offer SCADA and process control companies a layered security solution for their industrial systems by deploying security appliances directly in front of each control device (or group of up to 16 devices) that need protection. This allows a defense-in-depth strategy to be used, so even if a hacker or virus manages to get through the main corporate firewall, they will still be faced with an array of SCADA-focused security devices that need to be breached before any damage can be done to the control system itself. MTL and Byres Security offer more than just products. We offer innovative, easy to use out of the box solutions that are fully compliant with the latest industry standards. The Tofino Security System is the ideal solution to help companies address compliance with evolving security standards. The fully distributed Tofino Industrial Security Solution is much more than a firewall. With its centrally manageable, dynamically Loadable Security Modules (LSM s) it can provide encryption, intrusion detection and control protocol-aware security solutions tailored to specific plant floor situations. The Tofino Central Management Platform (CMP) will configure, monitor and manage the functions of each remote Tofino Appliance so that it can be automatically tuned to meet the security needs of the devices it is protecting. Unlike traditional IT firewall solutions, Tofino is designed with the environment, staff capabilities, and needs of industry in mind. Field technicians simply attach power to the Tofino appliance, connect two network cables and walk away. Best of all, the system is flexible enough to be used by a small plant with a single PLC, yet meet the needs of a multinational organization with thousands of critical devices scattered around the globe, allowing security specialists to respond to any threats with a coordinated effort. The Tofino Security Solution is designed to be easy to install, but if you need guidance on where to locate Tofinos or how to configure them, MTL can help. With our Industrial Network solutions we offer system review and design services so that you know your network is secure and in compliance with the latest industry standards. With either onsite support or a secure computer technology (such as VPN s), MTL can manage the Tofino system for you remotely. This includes not only system configuration, but also alarm monitoring, and exception reporting response. Keeping it Safe After your system is up and running the need for diligence does not stop and neither does your support from MTL. With our subscription based maintenance agreements and our three levels of technical support, you can be assured that you will always have the most current release of all software on your system and the expertise of the MTL-Byres Security Inc. team behind you to help keep your system fully secure. To learn more about the Tofino Security Solution, contact your local MTL representative and ask for a demonstration. Taking Control of Process Security If you haven't seen TofinoTM yet, you will. It is a revolutionary edge firewall that was designed to protect controllers and field devices. Walt Boyes, Editor in Chief, CONTROL Magazine "TofinoTM exceeded our expectations during our pilot testing. We threw our best hacking and DoS ammunition at the protected PLC and TofinoTM blocked every attempt, while still allowing authorized controls communication to flow unimpeded. Our operators never saw a difference. TofinoTM can, and does, provide the necessary protection for our plant devices. Manager of Plant Systems, Major Food Company The TofinoTM device is a cool thing - it allows a PLC type who has no idea what he's doing with networking or security to provide protection to the plant floor - an innovative idea. Nathan Boeger, Inductive Automation Not only did TofinoTM allow us to deploy firewalls in a very safe manner, but it also gave us a microscopic view of control traffic that we had never seen before. Control Systems Manager, Major Oil Refinery, USA
Tofino Security Solution Deployment Over the past decade, critical control systems have increasingly adopted information technologies such as Windows, Ethernet, TCP/IP and web services. Unfortunately this means that PLC, DCS and SCADA systems are also exposed to attacks from viruses, hackers and even terrorist threats from around the world. In the field, tradesmen install the zero configuration Tofino Security Appliances in front of individual control devices or groups of control devices that require protection. Even with industries best efforts to separate control systems from the outside world, 100% isolation is no longer possible. Traditional firewalls are too complex for most control professionals to configure correctly and this problem is compounded by the location of the control devices themselves. While many industrial controllers are installed in industrial plants, others are installed in remote locations maintained by staff with little or no understanding of security technology. Thus a robust yet convenient means of remote management and administration based around a centralized management system is critical. Once activated, the Tofino Security Solution CMP quietly probes the network and locates any Tofino Security Appliances that have been installed on the network. CMP then sets up a secure encrypted link to each of these appliances for module downloading, configuration and monitoring. Alternatively, the security technician responsible for the CMP has the option to predefine the configurations and locations of the installed appliances or the system can come pre-configured direct from the factory, a true out of the box solution. The Tofino Security Architecture Getting it Right - Services The Tofino Industrial Security Solution is designed by Byres Security Inc. and MTL to offer SCADA and process control companies a layered security solution for their industrial systems by deploying security appliances directly in front of each control device (or group of up to 16 devices) that need protection. This allows a defense-in-depth strategy to be used, so even if a hacker or virus manages to get through the main corporate firewall, they will still be faced with an array of SCADA-focused security devices that need to be breached before any damage can be done to the control system itself. MTL and Byres Security offer more than just products. We offer innovative, easy to use out of the box solutions that are fully compliant with the latest industry standards. The Tofino Security System is the ideal solution to help companies address compliance with evolving security standards. The fully distributed Tofino Industrial Security Solution is much more than a firewall. With its centrally manageable, dynamically Loadable Security Modules (LSM s) it can provide encryption, intrusion detection and control protocol-aware security solutions tailored to specific plant floor situations. The Tofino Central Management Platform (CMP) will configure, monitor and manage the functions of each remote Tofino Appliance so that it can be automatically tuned to meet the security needs of the devices it is protecting. Unlike traditional IT firewall solutions, Tofino is designed with the environment, staff capabilities, and needs of industry in mind. Field technicians simply attach power to the Tofino appliance, connect two network cables and walk away. Best of all, the system is flexible enough to be used by a small plant with a single PLC, yet meet the needs of a multinational organization with thousands of critical devices scattered around the globe, allowing security specialists to respond to any threats with a coordinated effort. The Tofino Security Solution is designed to be easy to install, but if you need guidance on where to locate Tofinos or how to configure them, MTL can help. With our Industrial Network solutions we offer system review and design services so that you know your network is secure and in compliance with the latest industry standards. With either onsite support or a secure computer technology (such as VPN s), MTL can manage the Tofino system for you remotely. This includes not only system configuration, but also alarm monitoring, and exception reporting response. Keeping it Safe After your system is up and running the need for diligence does not stop and neither does your support from MTL. With our subscription based maintenance agreements and our three levels of technical support, you can be assured that you will always have the most current release of all software on your system and the expertise of the MTL-Byres Security Inc. team behind you to help keep your system fully secure. To learn more about the Tofino Security Solution, contact your local MTL representative and ask for a demonstration. Taking Control of Process Security If you haven't seen TofinoTM yet, you will. It is a revolutionary edge firewall that was designed to protect controllers and field devices. Walt Boyes, Editor in Chief, CONTROL Magazine "TofinoTM exceeded our expectations during our pilot testing. We threw our best hacking and DoS ammunition at the protected PLC and TofinoTM blocked every attempt, while still allowing authorized controls communication to flow unimpeded. Our operators never saw a difference. TofinoTM can, and does, provide the necessary protection for our plant devices. Manager of Plant Systems, Major Food Company The TofinoTM device is a cool thing - it allows a PLC type who has no idea what he's doing with networking or security to provide protection to the plant floor - an innovative idea. Nathan Boeger, Inductive Automation Not only did TofinoTM allow us to deploy firewalls in a very safe manner, but it also gave us a microscopic view of control traffic that we had never seen before. Control Systems Manager, Major Oil Refinery, USA
AUSTRALIA MTL Instruments Pty Ltd, 1/30 Canvale Road Canning Vale, Perth, WA 6155 T + 61 (0)8 9455 2994 F + 61 (0)8 9455 2805 E enquiries@mtlaus.com.au CANADA MTL Canada Safety Instrumentation #102, 4249 97 Street, Edmonton Alberta, T6E 5Y7 T +1 780 485 3132 F +1 780 485 3122 E-mail: cinfo@mtlnh.com CHINA MTL Instruments Pte, Room 1002A, The Gateway No 10 Yabao Road, Chaoyang District, Beijing 100020 T + 86 010 8562 5718/5720/5721 F + 86 010 8562 5725 E bjsales@mtl-inst.cn FRANCE MTL Instruments sarl, Les Carrés du Parc 10 rue des Rosiéristes, 69410 Champagne au Mont d Or T + 33 (0)4 78 64 98 32 F + 33 (0)4 78 35 79 41 E info@mtl-inst.fr GERMANY MTL Instruments GmbH, An der Gümpgesbrücke 17 D-41564 Kaarst T + 49 (0)2131 718930 F + 49 (0)2131 7189333 E info@mtl.de INDIA MTL India Pvt. Limited, No.36, Nehru Street Off Old Mahabalipuram Road Sholinganallur, Chennai - 600 119 JAPAN MTL Instruments KK, 3rd Floor Gotanda Masujima Building 1-8-13 Higashi-Gotanda, Shinagawa-Ku Tokyo 141-0022 T + 81 (0)3 5420 1281 F + 81 (0)3 5420 2405 E sales@mtlkk.co.jp NETHERLANDS MTL Instruments BV, de Houtakker 33 6681 CW Bemmel T +31 (0)481 450250 F +31 (0)481 450260 E info@mtlbenelux.com SINGAPORE MTL Instruments Pte Ltd, 31 Ubi Road 1 #04-01 Aztech Building Singapore 408694 T + 65 6 487 7887 F + 65 6 487 7997 E sales@mtlsing.com.sg UNITED ARAB EMIRATES MTL Instruments, PO Box 53234, 8th Floor West Tower, Abu Dhabi Trade Centre Abu Dhabi T +971 2 645 2620 F +971 2 645 2630 E mtlgulf@mtl-inst.com UNITED KINGDOM MTL Instruments Limited Power Court, Luton, Bedfordshire LU1 3JJ T +44 (0)1582 723633 F +44 (0)1582 422283 E enquiry@mtl-inst.com T + 91 (0) 44 24501660 /24501857 F + 91 (0) 44 24501463 E sales@mtlindia.com USA MTL Incorporated, 9 Merrill Industrial Drive Hampton, NH 03842 ITALY MTL Italia srl, Via Cantù 11 I - 20092 Cinisello Balsamo MI T + 1 800 835 7075 F + 1 603 926 1899 E info@mtlnh.com T +39 02 61802011 F +39 02 61294560 E info@mtl-inst.it For further information contact: Tofino Marketing, MTL, Power Court, Luton, Bedfordshire, LU1 3JJ. T +44 (0) 1582 723633 F +44 (0) 1582 422283 E tofino@mtl-inst.com Toll free in North America 1-888-9TOFINO www.mtl-inst.com tofino@mtl-inst.com Whilst every care has been taken to ensure the accuracy of the enclosed data, MTL accept no responsibility for errors or omissions.