When the SCADA Security Scientific Symposium (S4) convenes in Miami every year, the security world expects to hear about how various systems, products or devices have huge gaping holes.
This year, at least one firewall stymied security researchers trying to crack the device: The Tofino Security Appliance.
“It is really important for vendors to work with testers,” said Eric Byres, CTO of Belden’s Tofino Security. “I would really rather have these guys find a problem and embarrass me compared to North Korea finding a problem and not telling anyone.”
New age industrial communications opened the door to outside attacks in the manufacturing automation sector and over the past few years the attacks have increased in volume and with severe impact.
“The (Digital Bond) testing and results demonstrate the strength of our security solutions, but also emphasize the critical nature of continuous assessment and the immediate resolution of discrepancies,” Byres said. “This just goes to show, you really can design in security without spending billions of dollars.”
The Tofino Security Appliance and its management software withstood a variety of sophisticated reverse engineering attacks. The firewall was also the subject of flooding, fragmentation and fuzzing attacks designed to determine if any of those ploys could trick it into either blocking good messages or allowing bad messages. The Tofino Security Appliance passed these tests without issue.
Testing also included attacks on Modbus communications, the world’s leading industrial protocol.
“Tofino Security provides an awesome security appliance that does the best possible job with the current protocols. It did an excellent job of securing the Modbus protocol, preventing disallowed function codes from getting through,” said Reid Wightman, a researcher at IOActive (and formerly with Digital Bond). “I would recommend the appliance to anyone in search of an industrial cyber security solution.”
Wightman did have concerns about the SCADA and IP protocols themselves.
“The SCADA protocols were never designed with security in mind,” Byres said. “It will take a major effort to either fix the existing protocols or create new ones. In the meantime, Tofino’s advanced Deep Packet Inspection determines if a message is a read or a write message and drops all write messages, significantly improving the security of the technologies that industry is using today.”
In addition to Modbus, Tofino provides Deep Packet Inspection for the widely-used OPC and Ethernet/IP protocols.