OPC

How can I reliably and easily secure my control system?

A lot of people are re-examining this question and giving it higher priority after learning about Stuxnet and the recent publishing of SCADA system vulnerabilities on the Internet.  It is no longer possible to believe that ‘air gaps’ between your systems and the rest of the world, or that ‘security by obscurity’ are effective security strategies.

When you hear the words “defense–in-depth” do you immediately think of layers of firewalls?

If so, you are not alone – most of us immediately think of security concepts in traditional physical security terms.  For example, we imagine “more defense” as being more moats and castle walls around the crown jewels.  But that is not the only way (or even the best way) to create secure ICS or SCADA systems.

One of the three pathways Stuxnet uses to infect other computers is via the Local Area Network communications inside the control system (the other two are via infected USB drives and via infected Siemens project files).

This blog post addresses how to restrict network-driven infections using the Tofino Industrial Security Solution as the example product for mitigation. Tofino is our own product, so you know where my bias is.  However, no matter what technology is deployed, the concepts I will talk about are the same.

Just about everyone who has ever commissioned an OPC Classic-based system has at least one horror story about how product X did the really strange and unexpected. And if you are in the security business like me, often the story is about how the particular product violated every reasonable security requirement known to man.