Securing critical manufacturing systems against published vulnerabilities

26 March 2013

Belden has announced an update to the EAGLE Tofino Industrial Security Solution to include ‘Security Profiles’. Part of the EAGLE Tofino version 1.7 product release, this new feature addresses the post-Stuxnet trend of a dramatic escalation in the number of public disclosures of industrial control system vulnerabilities.

Tofino Security Profiles provide a way for automation system vendors to create and securely distribute rule and protocol definitions to address newly disclosed vulnerabilities. Control system customers benefit from a single, easy to deploy package of tailored rules that can be installed without impacting operations. The result is that manufacturing facilities can defend themselves against new threats quickly and effectively.

The discovery of the Stuxnet malware in 2010 alerted ‘the security researcher’ community to how easy it is to cause damage to industrial systems. Designed with a focus on reliability and safety, rather than security, devices such as PLCs and DCS are often easy to exploit.

In 2011 more Industrial Control System vulnerabilities were made public than in the entire previous decade. Even more troubling, the publicly disclosed vulnerabilities are only a fraction of the conservatively estimated 100,000 or more vulnerabilities that exist in the field today.
Recently Schneider Electric utilised the EAGLE Tofino Security Profile feature to defend against publicly announced vulnerabilities in its Modicon PLC product line. By utilising the EAGLE Tofino’s capabilities, they provided a method of defence for their customers that was immediately effective and that did not require any changes to automation equipment or network configurations.

Contact Details and Archive...

Print this page | E-mail this page