Interested in linking to "Safe and Secure with OPC Technologies"?
You may use the Headline, Deck, Byline and URL of this article on your Web site. To link to this article, select and copy the HTML code below and paste it on your own Web site.
By Eric Murphy, columnist
With the prevalence of information technology and the drive towards having information readily available from any location, many previously isolated control systems are more accessible.The drive to reduce operational costs and improve performance has led control system vendors and critical infrastructure owners to move towards standardized technologies, operating systems, and protocols such as Ethernet, Microsoft Windows and OPC. However, the more widely accepted a technology, the larger the risk of attracting cyber vulnerabilities, exploitation tools and other threats. Fortunately, the OPC portfolio offers several security options to help reduce the risk to control system integrity.
Control systems are integral components of the critical infrastructure that monitors and controls sensitive processes. This includes all the computers, process control equipment, process interface systems and associated applications which work in concert to manage the process. Industries are under increasing pressure to provide information access throughout the enterprise. The enormous growth of process interconnectivity has given automation systems new means to share and distribute information - but with added functionality comes added risk. Maintaining the security and system integrity of data communications is extremely important, particularly for crucial systems.
The use of data connectivity and IT in industrial applications has significantly increased over the years.As Microsoft operating systems and Ethernet based communications became more reliable and accepted, major control system vendors introduced operator stations, engineering consoles and application platforms running on PC hardware. These factors, coupled with the rise of OPC as the preferred communication standard, have led to an accelerating penetration of IT based data connectivity into industrial architectures. OPC is now a cornerstone component of many mission-critical or near safety applications such as turbine-compressor monitoring, burner management systems, rail system management, radiation detection and reporting, and many more. This significantly increases the need for secure industrial connectivity.
Even though OPC is an open standard, it is possible to increase the security of OPC architectures. As with any good IT security plan, the OPC communications would be one of several layers of protection. In the event one part of the system is compromised, the rest remains secure. These layers might include: physical systems, firewalls, intrusion detection systems, and business to process layer controls. OPC specific security measures include OPC architecture security, DCOM configuration and security aware OPC products. For OPC UA and OPC Xi architectures, the specification's inherent application and transport security measures would build on existing OPC security implementations.
While the base classic OPC specifications themselves do not mandate any security beyond that supplied by the Microsoft operation system, end users do have some choices when it comes to installing products with higher security features. Any Classic OPC Server vendor has the option to implement one of three levels of security: Disabled, DCOM or OPC Security. Each level offers more security and control over who has access to data within the OPC architecture.
The OPC Security specification focuses on client identification by using trusted credentials to determine access authorization decisions to the OPC Server. It enables OPC products to provide specific security controls on adding, browsing, reading and/or writing individual OPC items.
An OPC UA Server or application is commonly referred to as an Application Instance. Each Application Instance has its own Certificate which it uses to uniquely identify itself when connecting to other applications. These certificates come with private keys that allow applications to create secure communication channels that cannot be viewed by 3rd parties or modified while in transit. OPC UA also offers several layers or tiers of security.
OPC UA security also provides several choices for private keys, certificate stores and encryption to ensure a wide range of interoperability and security for different platform and systems. As with Classic OPC Security, OPC UA provides the framework for OPC products to provide specific security controls on adding, browsing, reading and/or writing individual OPC items. It is up to the OPC vendor to implement this level of security granularity.
Providing a secure means of data communication was one of the primary goals in the development of OPC Xi. OPC Xi also provides a layered security model designed to meet different user options and uses a number of different data security mechanisms.
Security is an ongoing process. For every computer technology developed to provide solutions, there will be those who seek to circumvent these security measures. While it's a continual learning process to discover potential vulnerabilities and address them, users should make use of the options they have available to reduce security risks to their data communication systems.
Best of breed universal connectivity OPC products will have "security by design." OPC provides a range of communication technologies and associated security options to fit every user situation. By choosing product and service vendors who have proven their commitment to quality and security, end users have assurances that they will have the secure OPC connectivity they need.