Industrial control system protocols are mainly used for interconnecting devices and systems in different vendors, such as using a generic HMI solution to connect to a Siemens or Rockwell Automation PLC:

The main protocol in this category is OLE for Process Control or OPC. OPC is a series of standards and applications for industrial communications based on OLE, COM, and DCOM technologies developed by Microsoft.

From a security perspective, OPC is a nightmare. The protocol is easy to implement, flexible, and forgiving and provides the programmer with direct access to data registers from a large array of devices from all major vendors, all without any regard for authentication, data confidentiality, or integrity. Even more, the areas where OPC services are implemented ensure that this unprotected data needs to traverse from level 1 all the way to level 4. Someone once told me this joke: only two things can survive a nuclear bomb, cockroaches and OPC servers. The joke refers to the fact that OPC servers can be found anywhere and even though you can kill a bunch in a sweep, you can't kill them all.

The OPC foundation has made great efforts in addressing many security concerns and has developed a more security-oriented architecture, OPC Unified Architecture (OPC UA). The highlights of the OPC Unified Architecture are as follows:

• Functional equivalence, all COM OPC classic specifications are mapped to UA
• Platform independence, from an embedded micro-controller to a cloud-based infrastructure
• Secure encryption, authentication, and auditing
• Extensible, the ability to add new features without affecting existing applications
• Comprehensive information modeling for defining complex information