15 Apr 2013
Tofino Undergoes Advanced Cyber Security Testing Performed By Digital Bond
Belden's Security Product Helps Harden Vulnerable SCADA Protocols
Neckartenzlingen, Germany - April 8, 2013 - Belden Inc., a global leader in signal transmission solutions for mission-critical applications, in collaboration with security experts at Digital Bond Inc., today announced vulnerability testing results of the Tofino Security Appliance, a product of Tofino Security, a Belden Brand. Presented at the SCADA Security Scientific Symposium (S4) in Miami, Digital Bond’s findings revealed that the industry's known sophisticated cyberattacks could not compromise the Tofino firewall.
“Advanced industrial communications opened the door to outside attacks and over the past few years these attacks have greatly increased in both volume and impacts. It’s our job to ensure that organizations stay secure in a rapidly evolving industrial environment,” said Eric Byres, CTO of Belden’s Tofino Security.
“The Digital Bond team, led by Reid Wightman, a researcher at IOActive (and formerly with Digital Bond), shares our goal. Their testing and results demonstrate the strength of our security solutions, but also emphasize the critical nature of continuous assessment and the immediate resolution of discrepancies.”
Considered one of the world’s most respected sources for control system security research, Digital Bond’s security evaluations are among the most rigorous tests in the industry.
Both the Tofino Security Appliance and its management software withstood a variety of sophisticated reverse engineering attacks. The firewall was also subjected to flooding, fragmentation and fuzzing attacks designed to determine if it could be tricked into either blocking good messages or allowing bad messages. The Tofino Security Appliance passed these tests without issue.
Testing also included attacks on Modbus communications, the world’s leading industrial protocol. “Tofino Security provides an awesome security appliance that does the best possible job with the current protocols. It did an excellent job of securing the Modbus protocol, preventing disallowed function codes from getting through,” said Wightman.
He concluded: “I would recommend the appliance to anyone in search of an industrial cyber security solution. In all, I’m quite impressed with the Tofino Security Appliance.”
Wightman’s concerns were with the SCADA and IP protocols themselves - he would like to see the industry start creating standards for new, more robust protocols this year.
Byres acknowledged Wightman's concerns, "The SCADA protocols were never designed with security in mind. It will take a major effort to either fix the existing protocols or create new ones. In the meantime, Tofino’s advanced Deep Packet Inspection determines if a message is a read or a write message and drops all write messages, significantly improving the security of the technologies that industry is using today."
In addition to Modbus, Tofino Security provides Deep Packet Inspection for the widely-used OPC and Ethernet/IP protocols. It is a key reason that major automation vendors Schneider, Honeywell, Emerson, Yokogawa and Invensys/Triconex have adopted Tofino and Belden firewalls to secure their systems. As a result, many new sales of critical SIS, PLC and DCS products include a robust industrial security solution from Belden.
For those companies that want even more security, Belden products such as the Tofino Virtual Private Network modules and Hirschmann Power Mice switches with Dynamic ARP Inspection provide robust anti-spoofing and integrity features. Belden's vision is to offer a layered solution that covers all aspects of critical industrial security.
“Customers need solutions designed for long-term implementation that just work,” said Byres. “Our advanced technologies—including Deep Packet Inspection—and our comprehensive lifecycle approach to industrial security contribute to such solutions. Thank you to Digital Bond for their thorough testing of our products.”
Reader enquiries
Belden
P.O. Box 9
5900 AA VENLO
Netherlands
Notes for editors
Tofino Security, a Belden Brand, provides practical and effective industrial network security and SCADA security products that are simple to implement and that do not require plant shutdowns. Its products include configurable security appliances with a range of loadable security modules plus fixed function security appliances made for specific automation vendor applications. Tofino Security products protect zones of equipment on the plant floor, and are complementary to Belden’s Hirschmann brand, which leads industrial networking solutions. Both groups service and secure industrial networks in the oil and gas, utilities, transportation and automation industries. www.tofinosecurity.com.
Hirschmann, a Belden Brand, manufactures Ethernet switches, wireless access points, firewall/VPN routers and network management software for harsh industrial environments. The Hirschmann brand stands for experience and expertise in the automation, power transmission and distribution, transportation and energy industries, having pioneered the development of Ethernet as a common standard for industrial control systems. Hirschmann products ensure hassle-free and secure data communication under the harshest conditions due to their ruggedized design and construction. For more information about Hirschmann, please visit www.hirschmann.com or e-mail inet-sales@belden.com for product inquiries.
About Belden
St. Louis-based Belden Inc. designs, manufactures, and sells connectivity solutions for markets including industrial, enterprise, and broadcast. It has approximately 6,700 employees, and has manufacturing capabilities in North America, South America, Europe, and Asia, and a market presence in nearly every region of the world. Belden was founded in 1902, and today is a leader with some of the strongest brands in the signal transmission industry. For more information, visit www.belden.com. Follow Belden on Twitter: @BeldenInc
Editorial enquiries
Berry Medendorp
Belden
Nancy van Heesewijk
EMG
Also available in