Even if a hacker or virus manages to get through a company’s corporate firewall, they will still have to overcome an array of SCADA-focused security devices before they can affect the control system itself.

Byres and MTL claim that Tofino is the only product of its type designed by control engineers, for control engineers. They add that it is so simple to use that electricians and instrumentation technicians can install it without specific training.

Tofino is more than a firewall, because it uses dynamically loadable security modules that can also provide encryption, intrusion detection and control protocol-aware security tailored to plant-floor devices. Security specialists can monitor an installation confidentially from anywhere in the world.

"For years the IT world has known that a big corporate firewall on its own is just not enough when it comes to security," says Eric Byres, chief technology officer at Byres Security, who developed the technology. "If it was, we wouldn`t be loading all of this firewall and anti-virus software into our PCs. Tofino brings the strategy of critical-edge protection to control systems, giving the most important devices in our plants - PLCs, DCSs, HMIs and so on - the same in-depth security that the IT department gives to the receptionist`s desktop."

Following extensive internal testing, Tofino was installed at several field sites in the hydrocarbon, food, and other industries. According to MTL, the results confirm that, unlike traditional IT firewall or encryption systems, the Tofino system provides effective security for Industrial Ethernet installations.

The plant systems manager at a major US food company that was involved in the trials, reports that the system "exceeded our expectations during our pilot testing. We threw our best hacking and denial-of-service ammunition at the protected PLC, and Tofino blocked every attempt, while still allowing authorised controls communication to flow unimpeded. Our operators never saw a difference."