Security Implications of OPC, OLE, DCOM, and RPC in Control Systems

doi:10.2172/911825

Title: Security Implications of OPC, OLE, DCOM, and RPC in Control Systems

Technical Report · Sun Jan 01 00:00:00 EST 2006

DOI:https://doi.org/10.2172/911825· OSTI ID:911825

OPC is a collection of software programming standards and interfaces used in the process control industry. It is intended to provide open connectivity and vendor equipment interoperability. The use of OPC technology simplifies the development of control systems that integrate components from multiple vendors and support multiple control protocols. OPC-compliant products are available from most control system vendors, and are widely used in the process control industry. OPC was originally known as OLE for Process Control; the first standards for OPC were based on underlying services in the Microsoft Windows computing environment. These underlying services (OLE [Object Linking and Embedding], DCOM [Distributed Component Object Model], and RPC [Remote Procedure Call]) have been the source of many severe security vulnerabilities. It is not feasible to automatically apply vendor patches and service packs to mitigate these vulnerabilities in a control systems environment. Control systems using the original OPC data access technology can thus inherit the vulnerabilities associated with these services. Current OPC standardization efforts are moving away from the original focus on Microsoft protocols, with a distinct trend toward web-based protocols that are independent of any particular operating system. However, the installed base of OPC equipment consists mainly of legacy implementations of the OLE for Process Control protocols.

View Technical Report

Cite

Export

Save

Research Organization:: Idaho National Lab. (INL), Idaho Falls, ID (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: DE-AC07-99ID-13727

OSTI ID:: 911825

Report Number(s):: INL/EXT-05-01005; TRN: US200801%%269

Country of Publication:: United States

Language:: English

Similar Records

Attack Surface Analysis of the Digital Twins interface with Advanced Sensor and Instrumentation Interfaces: Cyber Threat Assessment and Attack Demonstration for Digital Twins in Advanced Reactor Architectures - M3CT-23IN1105033

Technical Report · Sun Oct 01 00:00:00 EDT 2023 · OSTI ID:911825

Spirito, Christopher M; Ly, Jeff; Veretennikov, Michael

GRIDCHAIN: AN AUDITABLE BLOCKCHAIN FOR SMART GRID DATA INTEGRITY AND IMMUTABILITY

Technical Report · Tue Mar 31 00:00:00 EDT 2020 · OSTI ID:911825

Xie, Bin

Final Report for Phase I Topic: DE-FOA-0001941 5a) Project Advanced Grid Operational Technologies – Blockchain Technologies for the Electric Grid

Technical Report · Wed May 27 00:00:00 EDT 2020 · OSTI ID:911825

Sugiarto, Andy; Stuber, Michael Garrison; Gering, Kip

Related Subjects

99 - GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
CONTROL SYSTEMS
PROCESS CONTROL
PROGRAMMING
SECURITY
STANDARDIZATION

Title: Security Implications of OPC, OLE, DCOM, and RPC in Control Systems

Citation Formats

Similar Records

Related Subjects