ANSI / ISA99 security standards and the Tofino Industrial Security Solution

ANSI / ISA-99 standards Security for Industrial Automation and Control Systems are summarized, particularly the concepts of Zones and Conduits.  In addition, Tofino is shown as a solution for achieving the standards.....

PRESENTATION SUMMARY:

BUILDING INTRINSICALLY SECURE CONTROL AND SAFETY SYSTEMS USING ANS I/ ISA-99 SECURITY STANDARDS FOR IMPROVES SECURITY AND RELIABILITY

May, 2009. The ANSI / ISA-99 standard focuses on containing communication in control subs-systems to avoid having issues in one area migrate to another area. Distinct areas of security are recommended, with control networks divided into Zones based on control function, and communication between the Zones controlled by Conduits. Multiple separated zones help to provide “defense in depth”.

Tofino Security Appliances (TSAs) act as Conduits to separate control systems into Zones. They have a zero configuration field deployment model and they are completely transparent to the control network on set-up. Once in place, TSAs are easily configured to control communication and traffic between Zones.

For example, TSAs can restrict Modbus communications to a list of ‘allowed’ commands defined by your control engineers. Any command that is not on the ‘allowed’ list, or any attempt to access a register or coil that is outside the allowed range, will be blocked and reported. 

Intrinsically Secure Control and Safety Systems Article (1MB)