Posted by: Harold Ennulat | March 7, 2011

OPC Classic Security

Eric Byres notes that Stuxnet (a virus that has attacked automation hardware) uses the same underlying protocols as OPC (a standard automation communications protocol) namely RPC and its P2P network.  He posts links on “Securing Your OPC Classic Control Systems”.  See below for the links in the context of a recent post in the LinkedIn “Automation & Control” discussion group.  OPC has emerged as the standard “device driver” for communicating between automation devices such as PLCs and HMIs over a variety of media including ethernet.

________________________________________________________

Eric Byres

Eric Byres • As a person who has studied both OPC and Stuxnet in some depth, OPC Classic is a potential security issue IF handled poorly.

Unfortunately many companies do just that, leaving large numbers of ports open in order to make OPC work out of the box. This is easily addressed with modern OPC security technologies – for example, see “Securing Your OPC Classic Control Systems” on the OPC Foundation White Paper Downloads Area (http://www.opcfoundation.org/DownloadFile.aspx?CM=3&RI=781&CU=10).

Stuxnet complicates the problem by making extensive use of the same underlying protocols as OPC, namely RPC, for its infection exploits and its P2P network. To make matters worse, the Siemens PCS 7 system also replies heavily on RPC to function. You can’t just take an IT firewall and say block all RPC and expect your plant to run.

I could go on for pages on the RPC problem, but more details are available in the white paper “How Stuxnet Spreads” (available at http://www.tofinosecurity.com/how-stuxnet-spreads).

(FD: I was a co-author in both papers)

________________________________________________________

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: