White Papers
Securing Your OPC Classic Control System
August 2010
by Eric Byres, security expert and CTO of Byres Security and Thomas J. Burke, President, OPC Foundation.
Siemens PCS7 WinCC Malware
July 2010
This white paper summarizes the information currently known about the Stuxnet malware and outlines the limited mitigation options open to SCADA and control systems operators.
Stuxnet is a computer worm designed to take advantage of a previously unknown vulnerability present in all supported versions of the Windows operating system. It is spread via infected USB drives and may also be propagated via network shares from other infected computers.
High Security Integration Using OPC
April 2010
OPC Classic, the popular industrial integration standard based on DCOM, has made the interfacing of different industrial control products significantly easy. Unfortunately, it also brought with it a number of serious security concerns for the designers of control, SCADA and safety systems.
This White Paper looks at these issues and reviews the solutions proposed over the past decade from researchers and academics. It looks at new technologies in advanced firewall port management and embedded OPC servers that offer true defense-in-depth and read-only security for better reliability and security of all control systems, but especially for safety integrated systems.
OPC Security White Paper #1 - Understanding OPC and How it is Deployed
December 2007
Abstract: This White Paper is the first in a series on the security of OPC (OLE for Process Control) and focuses on providing an overview of the widely-used industrial communication standard and how it is actually used in industry.
OPC Security White Paper #2 - OPC Exposed
November 2007
Abstract: In this second White Paper of the OPC Security Series, we describe the vulnerabilities typically found in OPC hosts, based on OPC’s current architecture and the typical underlying operating system. We also investigate common misconfiguration vulnerabilities found in OPC server or client computers both at the operating system and OPC application level.
OPC Security White Paper #3 - Hardening Guidelines for OPC Hosts
November 2007
Abstract: In this third White Paper of the OPC Security Series, we outline how a server or workstation running OPC can be secured in a simple and effective manner.
Comparing Electronic Battlefields: Using Mean Time-to-Compromise as a Comparative Security Metric
November 2007
D. Leversage and E.J. Byres, “Comparing Electronic Battlefields: Using Mean Time-to-Compromise as a Comparative Security Metric,” Communications in Computer and Information Science - Computer Network Security, Proceedings of the Fourth International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, St. Petersburg, Russia, Springer, 2007, pp. 213-227.
On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols
November 2006
E.J. Byres, D. Hoffman and N. Kube; “On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols”, 5th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, NM, November 2006
Finding the Security Holes before the Hackers Do
October 2005
The Special Needs of SCADA/PCN Firewalls: Architectures and Test Results
September 2005
E.J. Byres, B. Chauvin, D. Hoffman, J. Karsch and N. Kube; “The Special Needs of SCADA/PCN Firewalls: Architectures and Test Results”, The 11th IEEE International Conference on Emerging Technologies and Factory Automation, Institute of Electrical and Electronics Engineers, Catania Italy, September 2005
