One of the hottest topics in the automation and control space over the past decade has been security. Once widely considered an issue of low-level priority, security jumped to the forefront after 9/11 as concerns increased about potential terrorist threats to the nation’s industrial infrastructure. Interest in the topic spiked across industry as automation and control system audits in the wake of 9/11 showed gaping holes in these networks. If these audits showed the industry anything, it was that these networks long thought to be closed were anything but closed.
Like all states of heightened alert, the concern about industrial systems security waned from its highs in the years following 9/11. Thankfully, it has never disappeared from the radar screen. Underscoring its significance has been the move to make security part of a system’s design rather than an afterthought to be installed at some later date.
A major area of focus for those looking to secure automation systems is OPC – the communication protocol most widely used across industries. OPC attracts a great deal of security-related interest largely for two reasons: 1) Its wide scope of use to connect industrial and business systems, ranging from HMIs and device level safety instrumented systems all the way to distributed control systems and enterprise databases; and 2) OPC’s use of COM, DCOM and RPC–technologies that have a long history of security issues.
To address these specific OPC issues, Byres Security recently released its Tofino OPC Enforcer. According to the company, this product is the first industrial firewall for managing OPC traffic. The Tofino OPC Enforcer reportedly inspects, tracks and secures every connection made by an OPC application, opening only the TCP port required for a connection between an OPC client and server.
From an initial system security design or security retrofit standpoint, Byres claims this product is simple to implement because it requires no changes to the control system. It can be installed into the live network and configured using a drag-and-drop editor to select permitted clients and servers.
For more information, visit: http://www.tofinosecurity.com/article/security-breakthrough-opc-based-industrial-automation.