Farewell from Tofino Security Founders Eric and Joann Byres

This blog is the last one from me as a member of the company that manufactures and sells Tofino Security products. Joann Byres (Tofino co-founder and Belden Vice President) and I are retiring from the Tofino Security group at Belden effective January 30, 2015.

As we reflect back on almost a decade and half in the industrial security business, we remember the wild ride it has been to create and grow both a SCADA security business and the industry as a whole. From our early days of critical infrastructure security research, to Stuxnet, to last year’s release of the Tofino 2.0 product line, we have seen a lot of changes.

When we think about what we aimed to achieve, we’re glad that some of our core beliefs have gained widespread acceptance. This includes the principle of “security simplicity” and the necessity of Deep Packet Inspection (DPI) for industrial protocols. We also tried to contribute to the ICS security industry overall and our work on standards, particularly with ISA, was rewarding.

Stepping away from industrial security, Tofino firewalls and endless airport security checks is going to be a big change. We’re ready for the change, but first let’s take a look back …

Joann and Eric Byres holding the innovative Tofino Security Appliances

Joann and Eric Byres holding the innovative Tofino Security Appliances.

SCADA Security 2002-2009

The idea of industrial firewalls all started back in 2002 at an ISA Conference in Chicago when I attended a training session for Foundation Fieldbus (FF). I had been conducting a research project on firewalls for SCADA on behalf of the U.K. government. Throughout the project, I had been frustrated with how easy it was to make mistakes when configuring IT traditional firewalls.

Errors in the lab only resulted in wasted time as we reran experiments, but mistakes in an operating plant could be fatal. The way the FF tools made configurations easier for the controls engineer and errors less likely got us wondering if security didn’t need better tools as well.

The result was a series of research projects at the BCIT Critical Infrastructure Security lab that culminated in the Tofino Project in 2005. In 2006, we bought the rights to the Tofino technology from BCIT and launched Byres Security, which soon became Tofino Security. Major companies, like MTL (now part of Eaton), Invensys and Honeywell, soon partnered with us and we were certain that we were going to be millionaires in a year or two.

Unfortunately, we hadn’t counted on how slow industry moves (or a major financial recession ). By 2009, the cupboard was getting bare. Sales were growing, but so was our payroll as we added top-quality talent. There were some very lean and scary days.

Stuxnet – The Game Changer

Then, in 2010 Stuxnet was discovered and the whole SCADA/ICS security landscape changed. The worm immediately helped upper management understand the need for security on the plant floor. It even inspired our first blog (Why Another Security Blog? Stuxnet Shows Why).

Within a year we were part of the Belden family, working with its high-quality manufacturing and international sales teams to help grow the business. Tofino sales began to grow, the product line was expanded and refined, and we made new strategic partnerships with companies, like Schneider Electric and Caterpillar.


Eric Byres – Stuxnet Terminator

Eric Byres – Stuxnet Terminator!

Tofino and DPI: A Real-World Solution for SCADA and ICS Security

Joann and I still believe that true DPI (i.e., inspection and filtering of the protocol fields at all layers) is critical if industry is going to take control of its ICS and SCADA networks. There is just too much unnecessary and uncontrolled traffic flowing in our systems today.

Malware, like Dragonfly’s Havex, gets a free ride once it’s on the control system network. Only when we truly “white list the network” will we start to get our current security mess under control.

We also believe that security has to be simple if it is going to be effective. Too many ICS and SCADA security solutions available today have great technology, but then require the plant operators and engineers to be security experts. That will never happen. The plant staff already have too much to understand and do.

I think the fact that Tofino was simple to use was one of the reasons for its popularity. In fact, some of the best-selling Tofino products have been the Fixed Function Firewalls created for our partners, like Honeywell and Invensys. All that plant staff need to do is attach power and plug them into network. There is zero configuration to be done.

Making security that simple is one of our proudest achievements at Tofino. Now, Joann and I hope that others will find success by creating more easy-to-use solutions for ICS security. In the words of Bruce Schneier, “Complexity is the worst enemy of security.” Let’s not be our own enemy.

What's Next for Tofino Security?

Does our departure spell the end of Tofino Security and the DPI Firewall? Absolutely not – Tofino remains one of Belden’s core technologies. Tofino sales experienced double-digit growth in 2014, and many new developments are scheduled for 2015.

One of the most exciting new developments is the Tofino IEC 104 Enforcer. This new Enforcer offers DPI for the IEC 60870-5-104 protocol used by power utilities in the EU. It was released as a beta product to several major European utilities in December.   (If you are an IEC 104 end-user and want to join the beta program, contact our vertical marketing manager responsible for the power industry, German Fernandez, german (dot) Fernandez (at) belden (dot) com)

Another exciting plan for Tofino includes new multi-port rack mount hardware. Plus, expect to see many new modules for DPI of SCADA protocols now that the Tofino Software Development Kit is available for Belden partners. 2015 should be a good year for Tofino and Belden, and a great year for improving SCADA security in general.

Now three and a half years later, the Tofino operations have been transferred from Canada to Belden’s main facility in Fremont, California, and we are moving onto a new phase in our lives.

What's Next for Joann and Eric?

Currently, we don’t have any “work" plans for 2015, but we do have lots “fun” plans. Top of the list is more time with our three granddaughters. We will of course be getting the sous-vide out to cook up some amazing meals (see this blog if you don’t know what I am talking about).

Bicycling will also be big – in early May, we will be doing a multi-week biking trip in southern Italy. And I have a new techie “experience” that I plan to blog about this summer. For now, it’s top secret.

Powered by Chocolate – the fuel of choice for the Byres while cycling in Vietnam

Powered by Chocolate – the fuel of choice for the Byres while cycling in Vietnam.
More cycling trips are in store for the Byres in 2015.

As for ICS and SCADA security, we probably can’t stay away too long. Our firm belief in the need for better security for our critical systems is just too strong. Add the emerging “Internet of Things” and there is just too much to do. But a break to figure out our next steps is definitely the plan for now. 

A Big Thank You to the Tofino Security Family

In closing, we want to thank everyone who helped make Tofino a success – all our partners, our suppliers, our friends in the media, the people at Belden and Hirschmann, and our fantastic development, support and sales team at Tofino Security.

But most of all, we want to thank all our dedicated customers who believed in the idea of secure industrial control systems and helped make Tofino a better product.

If you want to contact Eric and Joann after January 30, 2015, they can be reached by email at:

eric (dot) byres (at) byressecurity (dot) com
joann (dot) byres (at) byressecurity (dot) com

Related Content to Download

Comments from Eric Byres:
“If you read one security white paper this year, read this paper describing Joel Langill’s analysis of the Dragonfly attacks against the pharmaceutical industry.

You don’t even need to read it all – go straight to part D and learn how the attackers used the very security policies and defenses designed to keep them out of the plant to launch their attacks.”


Related Links

Eric and Joann Byres’ Blogs


Deep Packet Inspection

Tofino Security Products

ICS Security Resources

Add new comment