The global site of the UK's leading magazine for automation, motion engineering and power transmission
4 December, 2023

Twitter link

Firewall promises protection for OPC-based systems

07 October, 2010

The Canadian industrial cyber-security expert, Byres Security has developed a firewall module that protects any industrial network that uses the world’s most common industrial integration protocol – OPC “Classic” – which has previously been hard to secure. The Tofino OPC Enforcer is said to provide better security than conventional firewalls, resulting in improved network reliability, availability and security for any system based on OPC Classic.

OPC Classic is used widely to link control applications from different vendors. But the technologies underlying it were designed before network security issues were widely understood, so it has been almost impossible to secure – until now.

The OPC Foundation is working to get its new and more secure OPC-UA technology into the market, but it will be many years before all existing OPC DA, HAD and A&E installations are replaced. The Tofino product is designed to bridge the gap by providing a plug-and-protect security system that can be deployed within minutes without changing existing OPC systems.

The hardware is installed into the live network and configured using a drag-and-drop editor to select permitted clients and servers. Once installed, all OPC traffic managed securely behind the scenes.

“The Tofino OPC Enforcer is an important innovation and a great solution for all the systems that currently use OPC Classic – approximately 90% of all industrial networks,” says Tom Burke, president of the OPC Foundation.

Unlike other firewalls, the Tofino product inspects, tracks and secures every connection made by an OPC application, opening only the exact TCP port required for a connection between an OPC client and server.

Eric Byres, chief technical officer at Byres Security, points out that many security incidents result not from cyber-attacks but from internal network problems. “Past industrial shutdowns, for example, haven’t been caused by hackers,” he says. “Instead they were the result of badly configured software causing traffic storms that impacted critical controllers and other systems.”

The Tofino module does more than block hackers and viruses from accessing automation systems. Its dynamic port management techniques prevent many basic network problems from spreading throughout a plant or Scada system.

Versions of the Tofino OPC Enforcer are available from Byres Security, MTL Instruments and Belden/Hirschmann. (whose Eagle20 system is shown above). At the moment, the module needs to be used with other Tofino modules, but later this year it will also be available as a standalone appliance called the Triconex Tofino Firewall from Invensys Operations Management.

  • To view a digital copy of the latest issue of Drives & Controls, click here.

    To visit the digital library of past issues, click here

    To subscribe to the magazine, click here



"Do you think that robots create or destroy jobs?"



Most Read Articles