Creating cyber defense-in-depth often involves adding small firewall devices at internal levels of a control system. Now those devices can be smart enough to create their own firewall rules based on observation of traffic patterns.

MTL Instruments and Byres Security Inc. have released a new loadable security module (LSM) for their Tofino industrial security device that reportedly discovers and identifies network devices and creates firewall rules to control the traffic flowing to them, all without risk to the industrial process. Known as the Tofino secure asset management module, it locates devices and generates rules by analyzing the traffic on the network.

The company says the new module provides a safe and secure means of locating what is on control system networks. Designed specifically for industrial control operations in critical industries such as oil and gas, manufacturing, utilities and power generation, the Tofino never probes the control devices. Instead, it listens for traffic and then uses special characterization techniques to determine the types of control devices on the network.

The module also guides the user while creating appropriate firewall rules to allow or block messages, based on what it has learned about the network traffic. Technical complexities such as IP addressing and TCP/UDP port numbers are managed behind the scenes, making firewall configuration easier for a controls professional.

In related news, Yokogawa Electric Corp. has chosen the Tofino as its first industrial firewall, using it on the Centum CS 3000 production control system and Stardom network-based control system.