Why OPC Security Matters

Just about everyone who has ever commissioned an OPC Classic-based system has at least one horror story about how product X did the really strange and unexpected. And if you are in the security business like me, often the story is about how the particular product violated every reasonable security requirement known to man.

Despite these short comings, OPC is the world’s most successful control system integration solution. No single industrial communications standard has achieved the widespread acceptance across so many different verticals, industries and equipment manufacturers as OPC. It is used to interconnect an amazing variety of industrial and business systems, ranging from Human Machine Interface (HMI) workstations, Safety Instrumented Systems (SIS) and Distributed Control Systems (DCS) on the plant floor to enterprise databases, ERP systems and other business-oriented software in the corporate world. The reason for OPC’s popularity is simple – it is the only truly universal interface for communicating with diverse industrial devices and applications, regardless of manufacturer, software or protocols used in the control system.

As Microsoft (and Siemens) has learned, being successful brings its own set of problems. In the case of OPC, the issues are twofold. Being successful means OPC is starting to get attention from the hacking community that it doesn’t really need. It is very likely that the next Stuxnet-like malware released against the SCADA world will be directed against OPC technologies. After all, OPC Classic is both very widespread (just like the Siemens product) and has some pretty serious underlying vulnerabilities that can be exploited (just like the Siemens product). In particular, OPC Classic’s dependency on Microsoft’s DCOM, COM and RPC technologies is a security house of cards that has been described in numerous whitepapers over the years (for example see www.tofinosecurity.com/opc-exposed).

The other issue is that OPC has been used in ways that I am sure the original designers never expected when they created the OPC specifications back in 1996. Four years ago, my team at BCIT (in partnership with ISA and Digital Bond) conducted a survey on where and how OPC is actually used. The first question we asked was "How does your company use OPC in its operations?" Most users responded that they used OPC for data transfer to historians, data aggregation in HMIs and supervisory control. What was surprising was that 30% of the end users reported employing OPC for data sharing to third parties, such as their business partners and suppliers. Since most third parties are likely located remotely from users' production facilities, this meant that many companies were using OPC for data transfer far beyond the plant floor.

The next question, asked respondents to indicate what impact the loss of OPC would have on their operations and what percent of the OPC systems deployed would have this impact. Over one quarter of the sites reported that losing OPC would result in a loss of production. While some users said they deliberately structured their systems to minimize safety and operational effects on loss of OPC-based information, others stated the opposite: "We control the motor drives by OPC with the DCS. If we lose the OPC we stop the production!"

The bottom line is that today OPC is not just being used for data management purposes, but is a critical component of many production systems. It also strays far from the plant floor, travelling over external networks such as the Internet. Both can result in serious consequences if OPC is not secured well. I think the industry needs to address this immediately.

So over the next few weeks I will be publishing a joint white paper on OPC Security with Thomas Burke of the OPC Foundation. I will also be tackling various OPC concerns and solutions in this blog. But I also need your help – I am asking everyone (end-users, integrators and vendors) to think about how they use OPC and what impact losing OPC would have on operations. Let me know (anonymously if you wish), or just think about it carefully. The sooner we all understand the consequences of OPC security failings, the sooner we can start to address them seriously.

Add new comment