The system is designed to make authentication and encryption of SCADA and automation communications easy for control specialists. There are no passwords to remember and no encryption keys to manage.

Deployment does not require any changes to existing control system network design or addressing. Handling of security components occurs behind the scenes, making setup a simple drag-n-drop process.

“Our approach is to deliver a system that is designed with the rugged environment, staff skills and needs of industry in mind, and that can be installed without plant downtime,” says Eric Byres, chief technology officer at Byres Security. “Unlike IT VPN solutions, the Tofino VPN products are readily configured and managed by controls engineers, they can be tested and implemented without risk to industrial processes.”

Potential uses for the Tofino VPN include:
•    monitoring and controlling remote sites from a central location;
•    providing secure access to control systems for remote personnel;
•    securing communications between critical controllers; and
•    allowing legacy non-IP control traffic to travel over IP networks (as illustrated in the diagram below).

Only “permitted” messages can be distributed, and not potentially dangerous transmissions such as a virus originating from a remote PC, or a user sending inappropriate programming commands.

The system allows specific computers (such as remote HMI PCs) to have read-only access to PLCs for operational diagnostics, and a limited set of maintenance laptops to have remote programming access to PLCs.

♦  Byres Security has signed a technology co-operation agreement with Belden/Hirschmann to launch new products jointly in the area of industrial network security. The first products, due later this year, will be based on Hirschmann industrial hardware and Byres’ Tofino security technology. Byres already has agreements with MTL and Honeywell.