A major aerospace manufacturer needed to secure access to large mobile crawlers with PLCs for aircraft assembly.
To ensure that both IT access policies were enforced and that SCADA engineers maintained full control over their network systems and devices, an integrated solution was needed.
It was provided with the use of a SCADAnet architecture, IF-MAP standards and Tofino Endboxes, as discussed in this application note.
The Tofino Security Appliance can support virtually any controller, network device or communication protocol that uses Ethernet. This application note is a partial listing of the controllers, servers, application programs, and communication protocols that have pre-defined profiles in the Tofino CMP software version 1.7.0 and later. If you do not see your application or control system listed, please feel free to contact us.
One of the issues with Stuxnet is that in certain cases it will directly modify the PLC firmware and not just user logic. Erasing the CPU memory, including the MMC card, would completely clear out the memory on the S7 controllers and remove the worm.
In case you are not certain how to do this, we have provided the relevant section from the Siemens CPU 31xC and CPU 31x: Installation Manual.
Please remember that you must be certain that the STEP7 project file used to download the program after the memory reset is uninfected, otherwise you start all over again. Stuxnet hid in STEP7 project files it to re-infect the ES when the project file was opened (Special thanks to Joel Langill for help confirming this).
Stuxnet is a computer worm designed to target one or more industrial systems that use Siemens PLCs. However, it is aggressive on all networks and can negatively affect any control system.
Stuxnet spreads rapidly using Local Area Network communications and one of the most effective ways to prevent this type of distribution is to make use of zone-based defenses.
This Application Note describes how to divide the control network into security zones and how to use the Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm.
Stuxnet is a computer worm designed to take advantage of a number of previously unknown vulnerabilities present in the Windows operating system and Siemens SIMATIC WinCC, PCS7 and S7 PLS systems.
It takes advantage of numerous vulnerabilities in the Windows operating system and the Siemens product line. As a result, full mitigation requires multiple actions.
The Stuxnet Mitigation Matrix shows mitigation measures by Windows operating system and it includes dynamic links to detailed information on each of the patches and mitigations.
Secure and reliable OPC Classic communications between Safety Integrated Systems (SIS) and primary control systems can now be realized using a defense-in-depth strategy that combines the Triconex® Tofino™ Firewall and the TriStation™ access control system.
The bigger networks are the more vulnerable they get. To use the advantages of Ethernet infrastructures it is important to limit the traffic to the required protocols and to the required communication relations. A lot of customers use, or plan to use, firewalls. One available industrial solution is the Tofino SA (security appliance) from Byres Security. This is a software solution integrated into products from MTL, Hirschmann and Honeywell. This document describes how to best use the firewall with HIMA products.
This application note describes how a petroleum refinery used the Tofino Industrial Security Solution to provide secure communications between a Triconex™ Emergency Shutdown (ESD) system and a Honeywell Experion™ process control system. It also explains the use of the Tofino system in redundant networks, techniques for grouping large numbers of identical devices in “networks” and the management of nuisance alarms generated by unwanted multicast traffic.
Pre-staging or pre-deploying Tofino Security Appliances offers a unique solution offering enhanced security and easy deployment for remote or operational installations. This application note contains information on configuring and using this method of deployment.
The Tofino Central Management Platform (CMP) is a software application program that allows all Tofino Security Appliances (SAs) in a control network to be managed from a single workstation in the plant.
The Tofino CMP may be located anywhere in the network, as long as it is able to communicate with the Tofino SAs that it manages. If any routers or firewalls are located between the Tofino CMP and a Tofino SA in the network, then each router/firewall device must be configured to allow the Tofino CMP traffic to pass through these devices.