Honeywell Picks Tofino to Secure Critical Safety Systems

Thursday, January 6, 2011 @ 04:01 PM gHale


Honeywell is expanding its use of Tofino technology with the release of the Honeywell Modbus Read-only Firewall.

Designed to secure any Safety Integrated Systems (SIS) used in industrial processes, the firewall detects and blocks any network messages that might change data, programs or settings in critical systems. The security appliance provides an additional layer of protection against unwanted and harmful network traffic, thereby increasing network security, reliability and performance.

Safety Instrumented Systems, such as Honeywell’s Safety Manager, are the last line of defense against accidents in hazardous industrial processes such as oil refining and energy generation. They monitor the process continuously and automatically shut down the plant in a safe manner if they detect anomalous conditions. Their importance to the safety and reliability of the operations and staff of the entire facility means it is essential that SIS’ remain secure from all accidental and malicious threats.

The Honeywell Modbus Read-only Firewall is a fixed configuration firewall that uses Tofino’s “deep packet inspection” technology against the SCADA protocol, Modbus TCP. This technology scans every network message, only allowing a very limited set of valid Modbus “Read-only” commands through to the safety system. These are safe commands that malware cannot use to change the functionality of the safety system. The firewall’s fixed rule sets remove the possibility of tampering or misconfiguration and significantly reduces the effort required by the plant to maintain the firewall.

This new product comes pre-configured so the firewall installs into live networks between the safety system and other control systems. There is no configuration needed. Unlike IT-style firewalls that require highly-trained staff for installation, Tofino, a Byres Security/MTL Instruments product, works instantly once it connects to the network.

The Honeywell Modbus Read-only Firewall is not just for Honeywell safety systems. It can work with any safety system product connected to Honeywell Experion systems via the Modbus TCP protocol. To date, Honeywell has tested and confirmed the firewall with three major vendor’s SIS products.



Leave a Reply

You must be logged in to post a comment.