Aperture Podcast: Claroty and Kaspersky on OPC Security Research
By Michael Mimoso | April 5, 2021
Open Platform Communications (OPC) is a critical communication protocol for operational technology (OT) networks, providing interoperability between proprietary vendor devices and industrial control systems (ICS). OPC is embedded inside many vendor products as a third-party component, and as a result, there’s an expansive attack surface available to threat actors.
In this episode of the Aperture Podcast, the head of Kaspersky’s ICS security team Evgeny Goncharov joins Claroty researchers Sharon Brizinov and Uri Katz to discuss their respective research into OPC security, vulnerabilities each team has disclosed, and how vendors and protocol maintainers can improve the OPC protocol’s security going forward.
published an extensive report into OPC security—largely into OPC UA—one of the first deep dives into the inner workings of the protocol and its many flavors. At the time, the research team also disclosed 17 new vulnerabilities and how UPC UA “not only fails to protect developers from trivial errors but also tends to provoke errors,” its report said at the time.