Pwnd (owned) – derived from the word “own” that implies domination or humiliation of a rival.  In hacker jargon, to “pwn” means “to compromise” or “to control,” specifically another ,server, PC, gateway device, or application

Anyway… the thing that got me thinking down this track was an article I came across this week on BlackHat.  The Wonderware DOS vulnerability of recent months has the dubious honor of being nominated for a ‘Pwnie Award’ in the category of ‘Lamest Vendor Response’.  The whole politics of disclosure and vendor response time has been rehashed enough.  What piqued my interest is that SCADA security is once again crossing into the  ‘popular’ security spotlight.  Another example of crossover would be the DNS vulnerability reports hitting mainstream media.  These days, any story on cyber security seems to sell.  Yet is it translating into more secure systems?  I wonder if the fact that a major vulnerability has been revealed in such a key part of the Net’s infrastructure will make a difference. Many companies, particularly in the Industrial Automation world, still seem content with one or two layers of IT security.  “We got a firewall, and a password policy.  We’re good.”

Next week MatrikonOPC is releasing the OPC Security Gateway.  This aggregating server makes full use of the OPC Security specification, and provides authentication between OPC client and server connections.  That means in addition to DCOM security, users can now fully control which OPC clients can browse, read and/or write on a per tag basis in any OPC server.  A powerful security feature not seen in the vast majority of OPC products on the market today.  The OPC Security Gateway would become the secure front-end and provide this added security even if the OPC Clients do not support the OPC Security specification.

It will be very interesting to see how many companies choose to make use of this increased security layer.  Are mainstream stories like the Wonderware and DNS vulnerabilities enough incentive?  Or will some major refinery or utility need to get good and truly ‘pwned’ first?  Time will tell.

What about your company? Is cyber security and/or OPC security really a concern, or does the PR machine just pay lip service? Are there special considerations for security with your OPC installations? Would a product like the OPC Security Gateway which adds security at the Automation layer be a no-brainer for your IT folk?  If not, just tell them that the really L33T companies are using it. J

I’m back from my short camping trip and am slowly whittling down the accumulation piled up in the Inbox.  (It was only a week so I haven’t had to plead E-mail bankruptcy).   Usually when I’m off on vacation, I try to check in with my mail occasionally, but this trip the closest thing to wireless infrastructure would have been carrier pigeons.  Actually after watching the eagles hunting over the lake even carrier pigeons wouldn’t be all that reliable J  

The e-mail thing got me thinking about Maximum Uptime verses Guaranteed Data Delivery.  Anyone who uses e-mail and leaves the office uses these data concepts without even thinking about it.  Yet when people are designing their OPC communication infrastructure these concepts are often neglected or misunderstood.

Maximum Uptime is exactly as it sounds.  Your setup is designed to maximize access to the data as much as possible.  For e-mail users that means taking a laptop, cell phone or Blackberry along.  You data availability depends on your setup.  Ad-hoc wireless hotspots, plain text to cell phone, full e-mail access on a hand-held or even satellite connections.  Savvy e-mail users choose the right equipment or phone plan to meet their traveling needs.  For OPC users maximum uptime typically means redundant communication channels, and the data availability also depends on the setup.  The system might use Device level redundancy so each OPC server supports multiple redundant communication channels to underlying devices.  It might have Server level redundancy so each OPC client can failover to redundant servers, or it may have redundant OPC client capability.  Or any combination of the three.  System designers also have to think about how fast failover transfers need to occur and what trade offs in system performance or loading is acceptable to achieve these times.

Guaranteed Data Delivery is a slightly different design.  Here the goal is to ensure all the data is captured, but it is acceptable to have delays in accessing the information.  Guaranteed Data Delivery is pretty much inherent in any e-mail system.  The e-mail server buffers the incoming e-mails until the client downloads them.  All the data is there, even days after they hit the server.  (Even if you get 183 Unread Inbox Items in a week).   For OPC users Guaranteed Data Delivery designs usually incorporate OPC data buffers to store the data, and OPC HDA applications to ensure the data makes it to the final destination.

In practice many mission critical systems the design would incorporate both aspects of redundancy and data buffering.

What about the masses out there?  Do you maximize uptime and stay connected on vacation or more rely on guaranteed data delivery and just sort the pile when you get back?  What about your OPC systems?  Redundancy? Data Buffering?  Neither?  Both?

Summer is here, and often the ‘go-to guy or gal’ for a given question is on vacation or otherwise not available (Like Canada Day or Fourth of July extended long weekends).  The folks in MatrikonOPC Support and Site Services seem to be putting extra effort this week into adding to the OPC Knowledge Base.  Of course that might just be routine maintenance and have nothing to do with rotating summer vacations.  (Speaking of not being around, I’m off for a few days of quiet camping beside a remote mountain lake. No Wi-Fi.  No cell phone.  No posts for next week.)  

It’s inevitable in any company that the person who’s been around the longest, seen the most or is just good at solving problems becomes the go-to person for a particular skill.  Since OPC has been around for over 10 years now and is used some much, across so many industries, are companies developing their own in-house OPC problem solvers, or do they rely on OPC vendors for help?  Now that OPC UA is becoming a reality how does that affect the in-house guru’s?  Are they getting up to speed on OPC UA with training courses and webinars, or will the experience just come with time?

I suppose part of the answer depends on what sort of issues people are facing, and how severely it impacts their business.  So, what are the most common OPC problems you experience?  Is it DCOM? OPC Enum or remote connection problems?  Vendor interoperability? Windows domains or cross platform problems? Security concerns?  Let me know, so I can ponder the answers as I watch the sunset dip into that mountain lake next week J