[foxboro] Open vs. proprietary technologies, was: Foxboro I/A OPC

• From: "Sieling, Marcel" <Marcel.Sieling@xxxxxxxxxxxxxxxx>
• To: "'foxboro@xxxxxxxxxxxxx'" <foxboro@xxxxxxxxxxxxx>
• Date: Fri, 10 Mar 2006 05:23:59 -0500

Hi list,

Andreas wrote:
> the DCS systems including AW51C with solaris 2.5.1 are 
> already open for hackers!

EVERY System is open for attacks, if it has at least one connection to some
other system. The question is, how easy a software and hardware provider
like Invensys it makes for users to make things wrong and with that to
increase a potential risk. All connectivity has always pro's and con's which
need to be carefully weighted against each other. Proprietary technologies
may have some disadvantages to customers like e.g. single source for supply,
but it's by the nature of the thing more unlikely that there exploits for
bugs existing and the risk of being compromised by an attack is much lower,
if not near zero.

On each strategic decision for introducing new technologies this is an
important thing to consider. Example OPC: Imagine what security door you
open if you just set up a plain OPC server on a standard AW machine! to set
this up safely you need a seperate box and two firewalls between this new
OPC server and the system and between the OPC server and the outer world
with all the associated configuration and maintenance work. If you just use
FoxAPI and some proprietary software that uses the Foxboro libraries and
connects directly to that you use a proprietary technology where exploits
are unlikely. 

Another example: With the FDSI FBM232/233 you can set up OPC connections on
the Fieldbus. If the OPC FBM gets compromised (which is easily possible for
someon who has access to the network link) this attack stops in the FDSI, as
the Fieldbus behind is proprietary and not open and not supporting open
protocols with e.g. remote execute, the attack can not proceed to the CP or
into the system. Proprietary protocols protect systems using these.

(And please don't let us discuss the advantages of OPC against FoxAPI, we
all know them ;-). This was just an example for the usage of open against
proprietary technology.)

Best regards -

Marcel Sieling
Senior Application Consultant

Invensys Systems GmbH
Emanuel-Leutze-Str. 11
40547 Duesseldorf
Germany
T: +49-211-5966-302
F: +49-163-99-5966302 
M: +49-163-5966302
Skype:  marcel.sieling
mailto:marcel.sieling@xxxxxxxxxxxxxxxx
http://www.foxboro-deutschland.de


> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx 
> [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Weiss, Andreas
> Sent: Friday, March 10, 2006 9:36 AM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Foxboro I/A OPC
> 
> 
> Hi Marcel,
> 
> > Is everybody wanting this well aware that this opens the DCS=20 
> > systems to an uncontrolled and unsecure platform which is subject 
> > for=20 hacker attacks?
> 
> the DCS systems including AW51C with solaris 2.5.1 are 
> already open for hackers!
> 
> 
> > Noone from wonderware or Invensys or Foxboro can support 
> any kind of 
> > problems on the browser side that may arise from this=20 approach.
> 
> It depends on the way of thinking how Invensys is interested 
> to sale support and products.
> 
> 
> > this approach would be chosen, all DCS data would have to be=20  
> >exposed to the  browsers on a webserver. How can this made really 
> >secure and=20  stable? Do we
> > want to rely on this technology for business-critical applications?
> >=20
> 
> Amazon for example has his business-critical application (a 
> book shop) already working in the INTERNET. Working for a lot 
> of years. Ok, you are right it is not an easy job but it is a 
> task for EVERY company in the future.
> 
> 
> Andreas
>  
>  
> ______________________________________________________________
> _________
> This mailing list is neither sponsored nor endorsed by 
> Invensys Process Systems (formerly The Foxboro Company). Use 
> the info you obtain here at your own risks. Read 
> http://www.thecassandraproject.org/disclaimer.html
>  
> foxboro 
> mailing list:             //www.freelists.org/list/foxboro
> to subscribe:         
> mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to 
> unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>  
> 

 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
 

Other related posts:

• » [foxboro] Open vs. proprietary technologies, was: Foxboro I/A OPC

1. Home
2. foxboro
3. Archive
4. 03-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---