24 Jul 2024


Next-generation device protects plants against cyber-attacks

Eaton has announced a new generation of the Tofino industrial security technology that it sells under its MTL brand. It claims that the 9202-ETS MTL security appliance provides the highest level of network security for process automation applications. The system is said to be easier to install than others and includes configurator software to protect industrial networks against cyber-attacks.

“When industrial control and Scada (supervisory control and data acquisition) systems were not connected, they were considered immune to attacks, but the trend towards open standards, such as Ethernet TCP/IP, and Web technologies has seen these systems affected by a growing number of threats,” says Eaton product manager, Roger Highton.

“Traditional firewalls are not designed for control systems or industrial threats, thereby putting essential utilities at risk, and each year, the damage to critical infrastructure from network incidents and cyber-attacks runs into billions of dollars,” he adds. “The MTL 9202-ETS gives process managers in the power, utilities, oil and gas and water and wastewater industries a cost-effective security protection that is highly effective and quick to install.”

The new module supports all popular industrial protocols with a firewall LSM (loadable security module) that compares network traffic with a set of rules. It includes the EtherNet/IP Enforcer LSM for deep-packet inspection of EtherNet/IP (CIP) communications.

The module can also be configured remotely with the Netconnect LSM, providing further flexibility. Other LSMs can be specified, such as Modbus and OPC enforcer LSMs, providing deep-packet inspection for these protocols, and an event-logger LSM that logs security events and sends alarms. The LSMs are available pre-installed or can be bought separately.

The new security appliance offers defence-in-depth for a wide range of DCS, PLC, Scada, networking and automation systems. Because it does not have its own IP address, it sits as an “invisible” device on the network, designed to stop threats without disrupting critical applications.

The Tofino system includes templates to simplify installation with a wide range of automation protocols. In addition, it provides rules and a test mode, so users can check that proposed configurations will not interfere with the operation of the plant before putting the security appliance into operation. The configurator checks for missing or invalid rules and suggests remedies, thus simplifying set-ups.

The rugged, DIN-rail-mounting appliance can be used in harsh and hazardous environments. It will operate in temperatures from –40 to +70°C, and has Class 1 Division 2 and Atex Zone 2 hazardous area approvals.