OPC Classic, the popular industrial integration standard based on DCOM, has made the interfacing of different industrial control products significantly easy. Unfortunately, it also brought with it a number of serious security concerns for the designers of control, SCADA and safety systems.
This White Paper looks at these issues and reviews the solutions proposed over the past decade from researchers and academics. It looks at new technologies in advanced firewall port management and embedded OPC servers that offer true defense-in-depth and read-only security for better reliability and security of all control systems, but especially for safety integrated systems.
Abstract: This White Paper is the first in a series on the security of OPC (OLE for Process Control) and focuses on providing an overview of the widely-used industrial communication standard and how it is actually used in industry.
Abstract: In this second White Paper of the OPC Security Series, we describe the vulnerabilities typically found in OPC hosts, based on OPC’s current architecture and the typical underlying operating system. We also investigate common misconfiguration vulnerabilities found in OPC server or client computers both at the operating system and OPC application level.
Abstract: In this third White Paper of the OPC Security Series, we outline how a server or workstation running OPC can be secured in a simple and effective manner.
D. Leversage and E.J. Byres, “Comparing Electronic Battlefields: Using Mean Time-to-Compromise as a Comparative Security Metric,” Communications in Computer and Information Science - Computer Network Security, Proceedings of the Fourth International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, St. Petersburg, Russia, Springer, 2007, pp. 213-227.
E.J. Byres, D. Hoffman and N. Kube; “On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols”, 5th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, NM, November 2006
E.J. Byres, B. Chauvin, D. Hoffman, J. Karsch and N. Kube; “The Special Needs of SCADA/PCN Firewalls: Architectures and Test Results”, The 11th IEEE International Conference on Emerging Technologies and Factory Automation, Institute of Electrical and Electronics Engineers, Catania Italy, September 2005
E.J. Byres and A. Creery; “Industrial Cybersecurity For Power System And SCADA Networks”, Proceedings of the IEEE Petroleum and Chemical Industries Conference, Institute of Electrical and Electronics Engineers, Denver, September 2005
BCIT Group for Advanced Information Technology, “Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks - Policy and Best Practice ID. 00157”, National Infrastructure Coordination Centre, UK , 23 February 2005