White Papers

Securing Your OPC Classic Control System

by Eric Byres, security expert and CTO of Byres Security and Thomas J. Burke, President, OPC Foundation.

OPC Classic is a software interface technology used to facilitate the transfer of data between different industrial control systems. It is widely used to interconnect Human Machine Interface (HMI) workstations, data historians and other hosts on the control network with enterprise databases, Enterprise Resource Planning (ERP) systems and other business-oriented software. Unfortunately, securely deploying OPC Classic has proven to be a challenge until recently.

High Security Integration Using OPC

Invensys Operations Management LogoByres Security Inc Logo

 

 

OPC Classic, the popular industrial integration standard based on DCOM, has made the interfacing of different industrial control products significantly easy. Unfortunately, it also brought with it a number of serious security concerns for the designers of control, SCADA and safety systems.

OPC Security White Paper #1 - Understanding OPC and How it is Deployed

OPC_Paper__1.GIFAbstract: This White Paper is the first in a series on the security of OPC (OLE for Process Control) and focuses on providing an overview of the widely-used industrial communication standard and how it is actually used in industry. Based on the results of end-user surveys and interviews, it shows that the way OPC is being used may be putting the operations of major industries at risk.

OPC Security White Paper #2 - OPC Exposed

Abstract: In this second White Paper of the OPC  Security Series, we describe the vulnerabilities typically found in OPC hosts, based on OPC’s current architecture and the typical underlying operating system. We also investigate common misconfiguration vulnerabilities found in OPC server or client computers both at the operating system and OPC application level. Finally, using these vulnerabilities we propose four possible risk scenarios for OPC-based attacks.

OPC Security White Paper #3 - Hardening Guidelines for OPC Hosts

Abstract: In this third White Paper of the OPC Security Series, we outline how a server or workstation running OPC can be secured in a simple and effective manner.

Comparing Electronic Battlefields: Using Mean Time-to-Compromise as a Comparative Security Metric

D. Leversage and E.J. Byres, “Comparing Electronic Battlefields: Using Mean Time-to-Compromise as a Comparative Security Metric,Communications in Computer and Information Science - Computer Network Security, Proceedings of the Fourth International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, St. Petersburg, Russia, Springer, 2007, pp. 213-227.

On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols

E.J. Byres, D. Hoffman and N. Kube; “On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols”, 5th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, NM, November 2006

Finding the Security Holes before the Hackers Do

E.J. Byres and M. Franz; “Finding the Security Holes before the Hackers Do”, ISA Technical Conference, Instrumentation Systems and Automation Society, Chicago, October 2005
 

The Special Needs of SCADA/PCN Firewalls: Architectures and Test Results

E.J. Byres, B. Chauvin, D. Hoffman, J. Karsch and N. Kube; “The Special Needs of SCADA/PCN Firewalls: Architectures and Test Results”, The 11th IEEE International Conference on Emerging Technologies and Factory Automation, Institute of Electrical and Electronics Engineers, Catania Italy, September 2005

Industrial Cybersecurity For Power System And SCADA Networks

E.J. Byres and A. Creery; “Industrial Cybersecurity For Power System And SCADA Networks”, Proceedings of the IEEE Petroleum and Chemical Industries Conference, Institute of Electrical and Electronics Engineers, Denver, September 200

Pages