The Digital Bond blog is posting a couple of videos from their S4 SCADA Security Scientific Symposium 2007 for a week.  Included is the presentation of  OPC Exposed: Denial of Service Attacks, by Ralph Langner, Langner Communications AG.

For those that missed the presentations, it’s a good chance to have a look at some of the good work folks are doing on raising awareness of security and OPC.  The presentation gives an overview of some DoS attacks and Man-In-The-Middle type scenarios, and some Conclusions:

…for end users
• Think about using OPC Tunnelling products
• Do configure DCOM access rights properly
• Update your operating system, if possible
• Handle OPC access to SCADA systems with extra care

And for the SCADA and OPC vendors to be conscious of proper DCOM settings, and designing products with these types of problems in mind.  If nothing else, it gives vendors some things to consider when developing and implementing OPC servers, and types of testing to perform.  Langner also offers the testing tool used to any vendors who wants it.  I’m sure many OPC vendors have similar test platforms already.   I know our OPC Q&A folk have applications the developers affectionately call ‘The Wringer’ and ‘The 1000 Monkeys’

As the focus on security in OPC and SCADA continues, expect to hear more presentations like these.  I’d also expect to see a renewed focus on OPC architectures and products that increase OPC security and monitoring of OPC assets.