OPC (includes RPC and DCOM)
| Description | Formerly known as OLE for Process Control, OPC Classic was developed in 1996 in response to a demand for standard methods to allow different control systems to interface with each other. Today it has grown to be the world’s leading technology for integrating different automation products. No single industrial communications standard has achieved the widespread acceptance across so many different verticals,industries and equipment manufacturers as OPC Classic. It is used to interconnect an amazing variety of industrial and business systems, ranging from Human Machine Interface (HMI) workstations, Safety Instrumented Systems (SIS) and Distributed Control Systems (DCS) on the plant floor, to enterprise databases, ERP systems and other business-oriented software in the corporate world. |
| Protocols Standards Group | OPC Foundation |
| Approvals for Tofino Products |
|
OPC Security Summary
OPC Classic, based on Microsoft COM/DCOM technology and the RPC (Remote Procedure Call) protocol, is widely used in control systems as an interoperability solution, interfacing control applications from multiple vendors. But the DCOM technologies underlying OPC Classic were designed before network security issues were widely understood. As a result, OPC Classic is almost impossible to secure using a conventional IT firewall and requires specific techniques and processes to secure effectively.
Known Security Issues and Vulnerabilities
Open Sourced Vulnerability Database (OSVDB)
National Vulnerability Database (NVD)
Tofino Security Products for Improving Security
| Tofino OPC Enforcer LSM | A Loadable Security Module that inspects, tracks and secures every connection that is created by an OPC application. It dynamically opens only the TCP ports that are required for each connection, and only between the specific OPC client and server that created the connection. It’s simple to use – no configuration changes are required on the OPC clients and servers. |  |
| Triconex Tofino Firewall | A pre-configured Safety Instrumented System Firewall that protects the Tricon controllers from potential disruption by abnormal or excessive network traffic. |  |
Application Notes
Articles
Blog Posts
- New Technologies Inside the Triconex Tofino Firewall
- Industrial Network Security – is the Process Control World getting Serious about it?
- Securing SCADA systems from APTs like Flame and Stuxnet – Part 2
- Getting Started on ICS and SCADA Security (Part 1 of 2)
- The Secret to Easy and Effective SCADA Security (plus White Paper)
- SCADA Security and Deep Packet Inspection – Part 2 of 2
- OPC Security: More than the Sum of the Parts (plus White Paper)
- Protecting your ICONICS GENESIS SCADA HMI System from Security Vulnerabilities (plus White Paper)
- The Italian Job – Multiple SCADA / ICS Vulnerabilities Go Public
- Using Tofino Security to Control Stuxnet - New Application Note
- Why OPC Security Matters
Press Releases
- Tofino Undergoes Advanced Cyber Security Testing Performed By Digital Bond
- Security breakthrough for OPC-based industrial automation
- Breakthrough solution from Invensys advances industrial cyber security
- Triconex / Tofino OPC Firewall Honored with Breakthrough Product Award from Processing Magazine
- Belden releases new Plug-n-Protect OPC firewall to provide robust cyber security for automation facilities
Videos and Presentations
White Papers
- Using ANSI/ISA-99 standards to improve control system security
- Securing Your OPC Classic Control System
- Effective OPC Security for Control Systems
- Understanding Deep Packet Inspection for SCADA Security
- OPC Security White Paper #3 - Hardening Guidelines for OPC Hosts
- High Security Integration Using OPC
- OPC Security White Paper #2 - OPC Exposed
- OPC Security White Paper #1 - Understanding OPC and How it is Deployed