•
There is an explicit “secure” version of DNP3, but there also remain many insecure
implementations of DNP3 as well.
•
DNP3 has placed great emphasis on the reliable delivery of messages.
•
That emphasis, while normally highly desirable, has a specific weakness from a security
perspective.
•
In the case of DNP3, participants allow for unsolicited (unrequested) responses, which
could trigger an undesired response.
•
The missing security element here is the ability to establish trust in the system’s state and
thus the ability to trust the veracity (accuracy) of the information being presented.
6) ICCP (Inter-Control Center Communications Protocol)
•
ICCP is a common control protocol in utilities across North America that is frequently
used to communicate between utilities.
•
Given that it must traverse the boundaries between different networks, it holds an extra
level of exposure and risk that could expose a utility to cyber attack.
•
Unlike other control protocols, ICCP was designed from inception to work across a
WAN.
•
Despite this role, initial versions of ICCP had several significant gaps in the area of
security.
•
One key vulnerability is that the system did not require authentication for communication.
•
Second, encryption across the protocol was not enabled as a default condition, thus
exposing connections to man-in-the-middle (MITM) and replay attacks.
7) OPC (OLE for Process Control)
•
OPC is based on the Microsoft interoperability methodology Object Linking and
Embedding (OLE).
Nithin Kurup U G
INTERNET OF THINGS TECHNOLOGY
Page 49
•
This is an example where an IT standard used within the IT domain and personal
computers has been leveraged for use as a control protocol across an industrial network.
•
Many of the Windows devices in the operational space are old, not fully patched, and at
risk due to a plethora of well-known vulnerabilities.
•
The dependence on OPC may reinforce (strengthen
)
that dependence. While newer
versions of OPC have enhanced security capabilities, they have also opened up new
communications modes, which have both positive and negative security potential.
•
Of particular concern with OPC is the dependence on the Remote Procedure Call (RPC)
protocol, which creates two classes of exposure.
•
The first requires you to clearly understand the many vulnerabilities associated with RPC,
and the second requires you to identify the level of risk these vulnerabilities bring to a
specific network.
8) International Electrotechnical Commission (IEC) Protocols
•
The IEC 61850 standard was created to allow vendor-agnostic engineering of power
utility systems, which would, in turn, allow interoperability between vendors and
standardized communication protocols.
•
Three
message
types
were
initially
defined:
MMS
(Manufacturing
Message
Specification), GOOSE (Generic Object Oriented Substation Event), and SV (Sampled
Values).
