Belden, a global player in signal transmission solutions for mission-critical applications, has released the Tofino Enforcer Software Development Kit (SDK), a toolkit that allows third parties to create next generation cyber security solutions using the company’s patented Deep Packet Inspection (DPI) technology. Tofino Enforcer modules developed with the SDK protect difficult-to-secure supervisory control and data acquisition (SCADA) and industrial control system (ICS) protocols and improve the overall reliability and safety of industrial systems.

The Tofino Enforcer SDK offers Belden’s time-saving, industry-proven DPI technology to automation vendors and system integrators with software development expertise. Using the toolkit, developers can design custom loadable security modules (LSMs) for the wide variety of SCADA and ICS protocols currently in use. For major automation vendors, the Tofino Enforcer SDK enables them to secure their proprietary protocols with DPI technology, without having to disclose sensitive internal information. Companies can create a custom solution, controlling their own development cycle and the management of future updates.

To add value for their customers, system integrators can create custom DPI modules to secure unusual SCADA protocols or devices. Instead of starting from scratch, they can take advantage of proven Tofino DPI firewall technology in any scenario or application.

“Most major companies have proprietary network architectures, and for competitive reasons, they do not want to share things, like source code, publically. It’s been a concern of theirs for years,” said Frank Williams, senior product manager for security at Belden. “Now, with our SDK tool, they can address specific needs on their own timeframe – creating exactly what they need to protect their internal protocols, while still taking advantage of Belden’s technology.”

The Tofino Enforcer technology provides superior security over what can be achieved with conventional firewall solutions by performing multi-level analysis and filtering of all SCADA messages. And unlike intrusion protection or detection (IPS/IDS) technologies, it offers fast message forwarding for the time sensitive applications, like power distribution or manufacturing.

The combination of in-depth content inspection with fast packet processing allows owners of control and SCADA systems to regulate network traffic to a level of detail that has never before been possible. For example, by using the Enforcer module for a particular SCADA protocol, engineers can block all attempts to write to a PLC or SCADA device, while still allowing data values to be accessed over the network. The result is improved network reliability, availability, and security for any SCADA, process control or safety system.

The Tofino Enforcer SDK provides a pre-configured toolkit with documentation that guides third-party developers through the process of quickly creating the security functionality needed. All stages of the development process are managed internally, with Belden’s Tofino Security group providing support and final testing.

Key features and benefits of the Tofino Enforcer SDK include:

· A common virtual machine (VM) development platform, with pre-configured layer 3 and layer 4 firewalls and logging systems.

· The ability to utilise patented Tofino Enforcer DPI technology that provides the fine-grained inspection of SCADA protocols necessary to secure industrial systems.

· Example source code—illustrating a Tofino Enforcer Module for a well-known protocol.

· Easy creation of additional LSMs.

· Easy-to-use debugging tools.

“The Tofino Enforcer SDK allows us to offer case-by-case solutions for industrial manufacturers who are concerned about security challenges,” commented Williams. “Now, we can put custom protection measures in place at a faster rate, while keeping proprietary information safe.”

An early innovator in industrial Ethernet, Belden knows Industrial IT and is delivering the next generation of industrial networking solutions. Its global brands – Hirschmann, GarrettCom and Tofino Security – are leading the way in the adoption of industrial Ethernet. With a purpose-built portfolio, Belden’s wired, wireless and embedded products deliver the highest confidence of reliability, availability and security. In addition, excellent warranties and dedicated customer support minimize downtime, protect critical infrastructure and provide peace of mind.