Tightening Up SCADA, ICS Security

Wednesday, April 23, 2014 @ 05:04 PM gHale


Revealing sensitive source code is a very difficult proposition for manufacturers and some new software may help alleviate that issue.

Belden Inc. released the Tofino Enforcer Software Development Kit (SDK), which allows third parties to create next generation security solutions using the company’s Deep Packet Inspection (DPI) technology.

RELATED STORIES
Cisco’s Hadoop-Based Security Tool
Attackers Use a Malware Potpourri
PowerShell Used for Power Malware
Email Trojan Malware Within Malware

Tofino Enforcer modules developed with the SDK protect supervisory control and data acquisition (SCADA) and industrial control system (ICS) protocols.

Using the toolkit, developers can design custom loadable security modules (LSMs) for the wide variety of SCADA and ICS protocols currently in use:
• For major automation vendors, the Tofino Enforcer SDK enables them to secure their proprietary protocols with DPI technology, without having to disclose sensitive internal information. Companies can create a custom solution, controlling their own development cycle and the management of future updates.
• System integrators can create custom DPI modules to secure unusual SCADA protocols or devices. Instead of starting from scratch, they can take advantage of DPI firewall technology in any scenario or application.

“Most major companies have proprietary network architectures, and for competitive reasons, they do not want to share things, like source code, publically. It’s been a concern of theirs for years,” said Frank Williams, senior product manager for security at Belden. “Now, with our SDK tool, they can address specific needs on their own timeframe — creating exactly what they need to protect their internal protocols.”

The Tofino Enforcer technology performs multi-level analysis and filtering of all SCADA messages. And unlike intrusion protection or detection (IPS/IDS) technologies, it offers very fast message forwarding for the time sensitive applications, like power distribution or manufacturing.

The combination of in-depth content inspection with fast packet processing allows owners of control and SCADA systems to regulate network traffic to a level of detail that has never before been possible. By using the Enforcer module for a particular SCADA protocol, engineers can block all attempts to write to a PLC or SCADA device, while still allowing access to data values over the network. The result is improved network reliability, availability, and security for any SCADA, process control or safety system.

Key features:
• A common virtual machine (VM) development platform, with pre-configured layer 3 and layer 4 firewalls and logging systems.
• The ability to utilize Tofino Enforcer DPI technology that provides the fine-grained inspection of SCADA protocols necessary to secure industrial systems.
• Example source code — illustrating a Tofino Enforcer Module for a well-known protocol.
• Easy creation of additional LSMs.
• Easy-to-use debugging tools.



Leave a Reply

You must be logged in to post a comment.