With nearly every device getting connected through the Internet of Things and with constant reports of hacking and cybertheft, the idea of a toolkit to tap down the cyber covers is timely. Belden Inc. has produced a cyber security toolkit -- the Tofino Enforcer Software Development Kit (SDK) -- to protect critical industrial infrastructure. The goal is to bring next-generation security to SCADA Networks.
The toolkit was designed to allow third parties to create cyber security solutions using Belden’s Deep Packet Inspection (DPI) technology. The Tofino Enforcer SDK offers Belden's DPI technology to automation vendors and system integrators. The toolkit was created to help developers design custom loadable security modules (LSMs) for the wide variety of SCADA and ICS protocols currently in use. System integrators can create custom DPI modules to secure unusual SCADA protocols or devices. Instead of starting from scratch, they can take advantage of the Tofino DPI firewall technology in any scenario or application.
For major automation vendors, the Tofino Enforcer SDK secures proprietary protocols with DPI technology without having to disclose sensitive internal information. Companies can create a custom solution, controlling their own development cycles and the management of future updates.
Gotta love Linux
The Tofino Enforcer is based on Linux, so some familiarity with Linux will help integrators, vendors, or plant engineers deploy the toolkit.
“The SDK is not a product; it’s a tool that uses Linux BM. It includes examples of using the SDK and documentation for the components. Those who understand Linux are the targeted audience for this kit,” Frank Williams, senior product manager for security at Belden, told Design News. “The kit allows you to create a loadable security module particular to your protocol. The SDK can address Ethernet IP, Modbus, and many closed protocols at a fast pace.”
According to Belden, the combination of in-depth content inspection with lightning-fast packet processing allows owners of control and SCADA systems to regulate network traffic to a level of detail that has not yet been possible. By using the Enforcer module for a particular SCADA protocol, engineers can block all attempts to write to a PLC or SCADA device, while still allowing data values to be rapidly accessed over the network. The result is improved network reliability, availability, and security for any SCADA, process control, or safety system.
It’s more than just perimeter protection
Part of the goal of the toolkit is to protect from the inside, not just create a bulletproof exterior. Stuxnet, after all, attacked the Iran nuclear program from the inside.
“Everyone is trying to protect their perimeter through a firewall that is not necessarily ruggedized. But there are other ways their security can get compromised,” Williams told us. “A vendor could come in with a laptop that has a virus. Or someone comes in with a UPC stick and the stick is infected already with malware. So you need to guard against the accidental or unintentional.”
He said customers are beginning to understand the need to protect from the inside out. “There are more entry points now. Networks need to be locked down in a meaningful approach. You need to create safe areas that only certain things can enter. It’s not just the perimeter you need to protect, but also the core or crown jewels. More and more people are asking, ‘Can you do this?’ Yes, but you need Deep Packet Inspection, and that’s what Tofino provides.”
The Tofino Enforcer SDK provides the pre-configured toolkit with documentation that guides third-party developers through the process of quickly creating the security functionality needed. All stages of the development process are managed internally, with Belden's Tofino Security group providing support and final testing.