In current years, SCADA (Supervisory Control and Data Acquisition), process control and industrial manufacturing systems have relied increasingly on commercial information technologies such as Ethernet, Windows and TCP/IP for both critical communications. The use of these operating systems and common protocols has made the interfacing of industrial control equipment much easier, but now there is significantly less isolation from the outside world. Unless the control engineer takes specific steps to secure the control system, network security problems from the EN (Enterprise Network) and the world at large will be passed onto the Process Control Network (PCN) and SCADA, putting industrial production and human safety at risk.
The wide spread adoption of OPC (OLE for Process Control) standards for interfacing systems on both the plant floor and the business network is a classic example of both the benefits and risks of adopting IT technologies in the control world. OPC is an industrial standard based on the DCOM (Microsoft Distributed Component Object Model) interface of the RPC (Remote Procedure Call) service. Due to its vendor neutral position in the industrial controls market, OPS is being used increasingly to interconnect HMI (Human Machine Interface) workstations, data historians and other servers on the control network with enterprise databases, ERP systems and other business oriented software. Furthermore, since most vendors support OPC, it is often though of as one of the few universal protocols in the industrial controls world, adding to its widespread appeal.
Many users will be aware that the OPC Foundation is developing a new version of OPC (called OPC Unified Architecture or OPC-UA) that is based on protocols other than DCOM. This is in conjunction with Microsoft’s aim of retiring DCOM in favor of the more secure .NET and service oriented architectures. Once most applications of OPC make this migration from the DCOM based architecture to a .NET base architecture, industry will have the opportunity for much better security when it comes to OPC, but also a new set of risks.
The wide spread adoption of OPC (OLE for Process Control) standards for interfacing systems on both the plant floor and the business network is a classic example of both the benefits and risks of adopting IT technologies in the control world. OPC is an industrial standard based on the DCOM (Microsoft Distributed Component Object Model) interface of the RPC (Remote Procedure Call) service. Due to its vendor neutral position in the industrial controls market, OPS is being used increasingly to interconnect HMI (Human Machine Interface) workstations, data historians and other servers on the control network with enterprise databases, ERP systems and other business oriented software. Furthermore, since most vendors support OPC, it is often though of as one of the few universal protocols in the industrial controls world, adding to its widespread appeal.
Many users will be aware that the OPC Foundation is developing a new version of OPC (called OPC Unified Architecture or OPC-UA) that is based on protocols other than DCOM. This is in conjunction with Microsoft’s aim of retiring DCOM in favor of the more secure .NET and service oriented architectures. Once most applications of OPC make this migration from the DCOM based architecture to a .NET base architecture, industry will have the opportunity for much better security when it comes to OPC, but also a new set of risks.