A range of industrial security appliances from MTL, a division of Cooper Crouse-Hinds, are enabling Ciba’s production facility in Switzerland to operate securely following the installation of wireless technology. Roger Highton from MTL Instruments explains

Located approximately six kilometres from Basel, close to the Rhine, the Ciba plant is key for the manufacture of products associated with its Coating Effects division as well as for the development of processes for the Coating Effects and Plastic Additives divisions.

The facility is primarily used for new product development and is where the associated new product processes are scaled up from laboratory to production level. The manufacturing plants are on-site and are distributed over several floors. In many areas, Explorer Panel PCs from Gecma are installed which offer local process supervision. The whole production environment is classified as Zone 2 hazardous area.

MTL was asked to supply industrial Ethernet interfaces and mobile HMI stations to transform some of the production areas so that mobile process visualisation could be implemented. This obviously required wireless transmission media and mobile HMI machines.

An element of risk

Using wireless technology can present a risk of unauthorised access to the process control system (GE Fanuc) from unauthorised devices. This threat was negated by installing Tofino industrial security appliances which provide maximum protection at critical hardware points. To obtain the required coverage, six 9469-ET Ex i WiFi Access Points were distributed across the production area.

The access hub that passes data to the process automation network consists of:

  • A 9211-ET Tofino Security Appliance to provide maximum protection against unauthorised access to the network and for protocol filtering.
  • A 9468-ET Ex i Isolator to enable connection of the access hub to the non-IS process automation network.
  • Two interconnected 9466-ET Ex i Ethernet switches used to connect to the six distributed 9469-ET Ex i Wireless Access Points.
  • Eight 9491-PS Ex i power supplies. These units provide intrinsically safe power to all six of the 9469-ET Ex i Wireless Access Points using IS Power Over Ethernet (PoEx) technology. This allows the Cat 5 cables that connect the WAP’s to the access hub to also power the units remotely.

The mobile data acquisition is performed using a CF19 laptop computer with Ex Zone 2 approvals and a built-in WiFi module. The laptop is capable of displaying the central HMI screen via remote desktop access and the process can be controlled using touch screen, mouse or touch pad interfaces.

Demanding process applications

MTL’s new range of Intrinsically Safe Ethernet units are well suited for applications that require access to Zone 1 and Zone 0 hazardous areas, including wireless access. The 9460-ET Series delivers intrinsically safe PoEx with a single Cat 5e or Cat 6 cable, enabling live connection and disconnection of the end device in Zone 0 or Zone 1.

Furthermore, to safeguard a network’s critical devices, MTL and Byres Security offer a new solution to combat modern cyber security threats. By deploying Tofino security appliances directly in front of each control device (or group of control devices), these appliances provide SCADA and process control networks with a layered security solution.

The conventional approach is to employ a standard, but highly complex, IT style firewall. However, such methods are complicated and require highly trained staff to install and manage them. Tofino was designed with its environment, the level of staffing and the needs of industry in mind. As a result, a field technician can attach power to a Tofino appliance, connect two network cables and then simply walk away.

From there, the company security staff can sit at a central management platform (CMP) and configure and monitor any system with ease, reacting to threats in a coordinated and company wide manner. The system also has the flexibility to adapt to a small plant with a single PLC, or meet the needs of a multi-national organisation with thousands of critical devices scattered around the world.

By deploying Tofino security appliances directly in front of each control device (or group of devices) that needs protection, they provide SCADA and process control companies with a layered security solution for their systems. This in turn allows a ‘defence in depth’ strategy to be used, so if a hacker or virus penetrates or bypasses a main corporate firewall, they will still be faced with an array of SCADA focused security devices that need to be breached before any damage can be done.