Application Notes

Securing Critical Industrial Processes in Real Time

A major aerospace manufacturer needed to secure access to large mobile crawlers with PLCs for aircraft assembly.

To ensure that both IT access policies were enforced and that SCADA engineers maintained full control over their network systems and devices, an integrated solution was needed.

It was provided with the use of a SCADAnet architecture, IF-MAP standards and Tofino Endboxes, as discussed in this application note.

Tofino™ Pre-defined Protocols, Controllers and Applications

The Tofino Security Appliance can support virtually any controller, network device or communication protocol that uses Ethernet. This application note is a partial listing of the controllers, servers, application programs, and communication protocols that have pre-defined profiles in the Tofino CMP software version 1.7.0 and later. If you do not see your application or control system listed, please feel free to contact us.

Stuxnet - Siemens S7 Clear Memory

One of the issues with Stuxnet is that in certain cases it will directly modify the PLC firmware and not just user logic. Erasing the CPU memory, including the MMC card, would completely clear out the memory on the S7 controllers and remove the worm.

In case you are not certain how to do this, we have provided the relevant section from the Siemens CPU 31xC and CPU 31x: Installation Manual.

Please remember that you must be certain that the STEP7 project file used to download the program after the memory reset is uninfected, otherwise you start all over again.  Stuxnet hid in STEP7 project files it to re-infect the ES when the project file was opened (Special thanks to Joel Langill for help confirming this).

Using Tofino to Control Stuxnet

Stuxnet is a computer worm designed to target one or more industrial systems that use Siemens PLCs. However, it is aggressive on all networks and can negatively affect any control system.

Stuxnet spreads rapidly using Local Area Network communications and one of the most effective ways to prevent this type of distribution is to make use of zone-based defenses.

Stuxnet Mitigation Matrix

Stuxnet is a computer worm designed to take advantage of a number of previously unknown vulnerabilities present in the Windows operating system and Siemens SIMATIC WinCC, PCS7 and S7 PLS systems.

It takes advantage of numerous vulnerabilities in the Windows operating system and the Siemens product line.  As a result, full mitigation requires multiple actions.

The Stuxnet Mitigation Matrix shows mitigation measures by Windows operating system and it includes dynamic links to detailed information on each of the patches and mitigations.

Securing OPC Communications to Triconex Safety Systems October 2010

Secure and reliable OPC Classic communications between Safety Integrated Systems (SIS) and primary control systems can now be realized using a defense-in-depth strategy that combines the Triconex® Tofino™ Firewall and the TriStation™ access control system.

Use of Tofino SA with HIMA Products

The bigger networks are the more vulnerable they get. To use the advantages of Ethernet infrastructures it is important to limit the traffic to the required protocols and to the required communication relations. A lot of customers use, or plan to use, firewalls. One available industrial solution is the Tofino SA (security appliance) from Byres Security. This is a software solution integrated into products from MTL, Hirschmann and Honeywell. This document describes how to best use the firewall with HIMA products.

Securing Redundant Links to Safety Shutdown Systems

This application note describes how a petroleum refinery used the Tofino Industrial Security Solution to provide secure communications between a Triconex™ Emergency Shutdown (ESD) system and a Honeywell Experion™ process control system. It also explains the use of the Tofino system in redundant networks, techniques for grouping large numbers of identical devices in “networks” and the management of nuisance alarms generated by unwanted multicast traffic.

Pre-Staging Tofino™ for Enhanced Security

Pre-staging or pre-deploying Tofino Security Appliances offers a unique solution offering enhanced security and easy deployment for remote or operational installations. This application note contains information on configuring and using this method of deployment.


Configuring Firewalls to Allow Tofino™ CMP Traffic

The Tofino Central Management Platform (CMP) is a software application program that allows all Tofino Security Appliances (SAs) in a control network to be managed from a single workstation in the plant.

The Tofino CMP may be located anywhere in the network, as long as it is able to communicate with the Tofino SAs that it manages. If any routers or firewalls are located between the Tofino CMP and a Tofino SA in the network, then each router/firewall device must be configured to allow the Tofino CMP traffic to pass through these devices.