IT in Manufacturing

Tofino Enforcer

September 2009 IT in Manufacturing

New Modbus-IDA certified security solution addresses US government security concerns.

Byres Security and MTL Instruments have introduced the Tofino Modbus TCP Enforcer loadable security module (LSM), which performs detailed analysis and filtering of all Modbus TCP messages, and is certified by Modbus-IDA. It allows owners of control and scada systems to regulate Modbus network traffic to a level of detail that was previously not possible, thereby increasing network security, reliability and performance of critical systems.

‘Deep packet’ or ‘content’ inspection for web e-mail or traffic has been offered in IT firewalls for several years, but nothing has been available for the process control and scada environment. Modbus traffic could either be allowed or blocked by a standard firewall, but fine-grained control was impossible. And since the smooth flow of Modbus TCP traffic is critical to the average industrial facility, engineers usually opted to let everything pass and take their chances with security. Industry experts have been urgently calling for better control of scada protocols.

Recently, a major US government agency warned: “Vulnerability has been identified within the firmware upgrade processes used in control systems deployed in critical infrastructure and key resources (CIKR). Development of a mitigation plan is required to protect the nation’s CIKR through vulnerability mitigation steps that include blocking network firmware upgrades with appropriate firewall rules.”

Two major energy companies and a transportation company have tried the Tofino ModbusTCP Enforcer LSM and are excited by how it allows them to follow government guidelines and enhance both system security and stability. Modbus functions can now be restricted in numerous ways:

* Blocking all firmware upgrades while allowing normal HMI traffic.

* Tailoring appropriate Modbus access permissions to PLCs for different stations.

* Restricting Modbus access permissions to specific memory locations in a controller.

* Enforcing read-only access to safety instrumented systems.

The complete Tofino industrial security solution consists of three core components:

* Tofino Security Appliance – an industrially hardened and certified appliance that is installed in front of individual and/or zones of HMI, DCS, PLC or RTU control devices that require protection.

* Tofino LSM – a variety of software plug-ins providing security services such as firewall, secure asset management and VPN encryption. Each LSM is downloaded into the security appliances to allow them to offer customisable security functions, depending on the requirements of the control system.

* Tofino Central Management Platform – a centralised management system and database for monitoring, supervision and configuration of each security appliance. One CMP can manage one or more LSMs.

For more information contact Gary Friend, Extech Safety Systems, +27 (0)11 791 6000,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Industrial Ethernet switches reflect ongoing evolution at the IIoT ‘thin edge’
January 2020 , IT in Manufacturing
Today’s digital transformation strategies require data connectivity throughout the architecture to fulfil the quest for improved operations.

RS Components introduces 4ZeroBox IIoT development system
January 2020, RS Components SA , IT in Manufacturing
RS Components has introduced the 4ZeroBox IIoT unit from Italian manufacturer TOI. 4ZeroBox is the hardware component of TOI’s 4ZeroPlatform, a plug-and-play data gathering, processing and reporting system ...

IFS study reveals AI investments looming on the business horizon
January 2020 , IT in Manufacturing
Global enterprise applications company, IFS, has announced the findings of a research study into the attitudes and strategies towards artificial intelligence (AI) among business leaders. The study polled ...

New Mindsphere app from Siemens
January 2020, Siemens Digital Industries , IT in Manufacturing
With Predictive Services for Drive Systems, Siemens presents a standardised extension to local service agreements. Based on the new Mindsphere Predictive Service Assistance app, it makes maintenance more ...

Schneider Electric brings digital competence to mining applications
January 2020, Schneider Electric South Africa , IT in Manufacturing
Schneider Electric is dedicated to the deployment of digital technologies in mining to address the rising pressures on business sustainability and reduced energy consumption. “The organisation has invested ...

Micromine assists mining operations in the Industry 4.0 era
January 2020 , IT in Manufacturing
Global trends such as Industry 4.0 are transforming the traditional methods deployed to extract ore from rock. Mining operations are instead looking at innovations such as automated drilling in high risk ...

11th annual MESA Africa conference
January 2020 , IT in Manufacturing
I recently attended the MESA conference held at the Zulu Inyala Country Manor.

Digital twin allows process simulations
December 2019, Siemens Digital Industries , IT in Manufacturing
The high-tech company Grenzebach’s portfolio includes the simulation of material flow in complex plants in the glass industry, which it achieves using Siemens simulation solutions. Together, the two companies ...

Game-changing digital solutions for mines
December 2019, SKF South Africa , IT in Manufacturing
With digitalisation creeping into the mining industry and transforming day-to-day operations, this sector is enhancing its Industry 4.0 operation and process compliancy. As a preferred supplier of premium ...

Protect critical infrastructure and manufacturing plants
December 2019 , IT in Manufacturing
As manufacturers around the world analyse and embrace the importance of being more connected to the IIoT, cybersecurity experts caution that the benefits of being interconnected come with a warning, and ...