Anyone following the usual Industrial Automation blogs and news will have heard about the cybersecurity threats against Siemens WinCC and PCS7 platform. Among others, Control Global has an article, and Gary Mintchell has been following it closely on his blog. While this doesn’t specifically apply to OPC, it definitely affects the overall industrial automation space. From the reports coming in, it appears to be an ‘industrial espionage’ attack targeting Siemens, but makes use of a Windows vulnerability that is present on systems from XP to Windows 7. This particular variation uses a default password to access the WinCC database. Since all major control system vendors have systems that run on Microsoft platforms, it would not be surprising to see different variations of this crop up. The good news is that work arounds are available and patches will be forthcoming.
This should serve as a warning and reminder that users MUST consider security as an essential part of their control system planning. This includes OPC data communications. There are many options available to ensure your OPC products work well within your overall security architecture: OPC Security 1.0 Specification aware products, OPC Security Gateways, OPC Tunneller, etc.