OPC firewall secures safety system interoperability

Friday, April 30, 2010 @ 09:04 AM gHale


With the intensity of cyber attacks on the rise and with the proliferation of OPC running in plants across the world, Invensys teamed with Byres Security to develop a firewall that protects applications based on OPC Classic.

There is no doubt manufacturers use OPC in their effort to ensure interoperability, but one of the issues with the classic form of the protocol was its security. Now Invensys and Byres Security created the Triconex/Tofino OPC firewall that should protect industrial safety systems against network accidents and attacks.

“We mutually sensed a need from (users) to provide a solution to make OPC more secure,” said Joe Scalia, portfolio architect, Invensys Operations Management. “They said ‘we use the OPC communication protocol, and you need to make it more secure.’ ”

“I have been beating up on OPC or quite a while, and DCOM is not going away, so we put our heads together to find a security solution,” said Eric Byres, security expert and technical officer at Byres Security. “It is a great protocol as far as interoperability goes; add in more security and it is much stronger.”

One of the highlights is the product will be ready to go out of the box with no real configuration needed. In addition, it is not just for OPC, but it is also ISA99 compliant. “The level of security out of the box is phenomenally high,” Byres said.

For related white paper go to:  white paper.

In these times of heightened awareness, Scalia and Byres said more companies are becoming alarmed about the potential for a cyber incident and they have to be prepared and not just react.

“They are looking into their risks,” Byres said. “One oil company executive stood up during a meeting and said he looked at the impact of a cyber attack on an oil platform and a fire on an oil platform and said they spend millions of dollars to protect against a fire, but not very much related to a cyber incident. But both incidents could cost us millions.”

Companies just want to ensure the system stays up and running, while remaining secure.

“It is not about waiting for a disastrous attack, it is about reliability of your system and understanding the traffic,” Byres said. “This is a way to nail down the traffic going between the safety system and the control system.”

This move came about when Invensys’ Triconex safety systems embedded OPC servers to enable greater interoperability. To protect against malicious attacks and other threats to network operations, users deploy the firewall in front of the Triconex OPC server, which can then hold off attacks and traffic storms before they reach the safety and critical control system. It automatically mitigates risks related to previously published DCOM vulnerabilities, while providing packet management and rate limiting to prevent network traffic problems that could have an adverse effect on the stability of the safety system.

This product line focuses on OPC Classic as the next generation called OPC Unified Architecture, incorporates similar cyber security protection.

The Triconex/Tofino OPC firewall is available now.

‑ Gregory Hale



Leave a Reply

You must be logged in to post a comment.