Supervisory Control and Data Acquisition (SCADA) and industrial control systems have long been considered immune to the cyber-attacks suffered by corporate information systems. The move to open standards such as Ethernet TCP/IP and web technologies has seen control systems affected by a growing number of both malicious and non-malicious network security events impacting critical infrastructure and manufacturing industries.You may never be attacked by a serious hacker, but typical control networks are extremely vulnerable to simple day to day security and reliability issues. Human errors, poor network segmentation and unprotected points of entry into the network, ‘soft’ targets such as un-patched PCs and vulnerable PLCs, can result in significant production losses and even safety issues.
Traditional firewalls are too complex for most security professionals to configure correctly and are even harder to set up properly on the plant floor. Control devices and protocols offer limited authentication, integrity or confidentiality mechanisms and can be completely controlled by any individual that can “ping” the device. Nor can they be easily patched or have security features added to them even when security vulnerabilities are discovered.
The MTL Tofino™ Industrial Security Solution is much more than just a firewall. It has revolutionised the approach of control system cybersecurity by introducing ‘Enforcer modules’ for popular Industrial Control System protocols in IEC 62443 ‘Zones’ and ‘Conduits’, providing a ‘defence in depth’ architecture. The system changed the way industrial ethernet security is managed by providing an intrinsically secure solution right out of the box. This provides a simple, effective cybersecurity solution for control and automation engineers which does not require IT skills for configuration and installation. The Tofino Configurator (TC) platform will configure, monitor and manage the functions of each remote Tofino™ Appliance so that it can be automatically tuned to meet the security needs of the devices it is protecting.
The 9202-ETS is Eaton's next generation MTL Tofino™ security system and continues to provide the highest level of network security for process automation applications.
The MTL Tofino™ security solution is a combined solution consisting of the 9202-ETS MTL Tofino security appliance hardware, MTL Tofino Configurator (TC) and any additional MTL Loadable Security Modules (LSMs) if required, delivering three levels of protection. This solution requires zero configuration before installation - at a time convenient to project execution, simple rules are set delivering an easy and flexible solution that provides the ultimate protection for your process systems. The software based modular design allows an additional layer of security to be added enforcing deep packet inspection on certain Industrial Control System (ICS) protocols. Intuitive configuration and management software allows users to assign global, talker and special rules for specific network segments.
9202-ETS MTL Tofino appliance
The MTL Tofino appliance is a layer 2 Ethernet bridge with no IP address, making it almost impossible to detect or attack. Its industrial form factor makes it suitable for installation into harsh and hazardous industrial environments with multiple front facing interfaces for ease of accessibility.
MTL Tofino configurator (TC)
The MTL Tofino configurator is a free software with intuitive user-friendly interface for quick and simple configuration and management. Flexibility in configuration methods over the network or with a secure USB key, allows local or remote configuration options for engineers or field technicians with the required authorisation.
MTL Loadable Security Modules (LSMs)
Various LSMs are available to create additional layers of protection to meet specific applications.
Configure via network connection
Enhanced functionality: Content inspection LSMs
Three simple steps to a complete security solution - First select the required 9202-ETS MTL Tofino security appliance hardware which is supplied with the 9522-FW LSM license including event logging. Then determine if additional Loadable Security Modules are required for the application. New users can then download the 9211-TC Tofino Configurator on receipt of the hardware.