Fear Departmental Silos
Security, auditing, regulatory affairs and privacy impact the entire organization and should not be kept in departmental silos. People, process and technology must be integrated. This means data and information needs to be shared, securely across departmental boundaries and throughout the enterprise. There are many reasons departmental silos get created, and often security fears make this problem even worse. The truth is that companies who share information, implement common policies and processes, and work together are create more effect and secure information systems.
Being open does not mean being exposed. Just as there are solutions for connecting to external systems, there are OPC architectures and products designed to securely connect internal networks. Security aware and encrypted OPC tunneling solutions safely bridge firewalled systems. One-way push architectures allow information to be shared to selected systems, without exposing the source system. OPC UA secure channel implementation and certificate handling give users control over who can and cannot access key OPC data. OPC provides the ability to easily share information across the enterprise and the OPC Security and OPC UA specifications ensure this is done securely.
Fear the Silver Bullet
It is important that technical managers do not get so involved in a particular technology that they forget the overarching goal of system security. There is no single technology or silver bullet that will solve security problems or provide regulatory compliance. Information security and risk management is a process that requires continuous monitoring, auditing and adjustment of how information is used.
The industrial security landscape has changed over the years and will continue to shift and evolve. Security is more that an initial security assessment and product purchase. OPC security is yet another part of the overall information management system and must be part of the ongoing policy and process that are crucial to secure systems. Companies need to choose an OPC partner that understands their security needs of existing legacy systems and can roadmap the migration path to implementing next generation of secure OPC solutions.
Fear. It will happen.
Of all the things security information managers fear, the healthiest one is to acknowledging the fear that something will happen. The costs of ignoring OPC security can be very high. Often the root cause behind many publicized security failures was simply short-sighted leadership decisions to save money on IT security implementations. Security incidents dont just happen to other people. Companies need to expect the unexpected by evaluating their OPC security before a privacy breach occurs.
End users who are security aware use a combination of IT network security practices, proper OPC architecture and OPC products that incorporate security features to successfully create robust systems. An experienced vendor, working closely with the end user, incorporating network assessments and security evaluations, can produce a secure OPC architecture that puts even the most fearful manager at ease.
Next Seven Years?
Over the last few years not enough installations have been following rigorous security processes, and for those associated with critical infrastructure that is a scary thing. What will the next seven years bring for industrial network security? Seventh Heaven or more like the Seven Years War? That really depends on how diligent end users are in understanding their OPC security requirements and demanding compliance from their vendors. OPC architectures are implemented all over the world, across all major industries and utilities and connect many layers of the enterprise. If the right consideration is given to securing these OPC installations, then there should be nothing to fear.