Posts

OPC Attack Surface Exposed

Industrial systems, once of little interest to hackers, are now targeted on a regular basis, making security an ever-growing concern.  At the same time, as more companies update and add to their control systems, the OPC industrial protocol continues to grow in popularity. So it would make sense to ask the question, how vulnerable to attack is an industrial system that uses OPC?

A recent white paper by Claroty, Exploring the OPC Attack Surface, discusses a number of security vulnerabilities in the products of three well-known suppliers of OPC software.  These issues, reported to the Industrial Control System Cyber Emergency Response Team (ICS-CERT), could “expose organizations to remote code execution, denial-of-service conditions on ICS devices, and information leaks,” according to the report.

The companies involved have isolated the bugs, fixed them, and issued upgrades to their software, but the underlying problem remains.  All software has bugs, and OPC software is no exception.  Every connection to the Internet risks exposing an attack surface that could be exploited.

Unforeseen requirements

Like most industrial protocols, OPC was conceived and developed before the advent of Industrie 4.0 and the Industrial IoT.  Back then, nobody seriously considered connecting their process control systems to the Internet.  All production equipment and networks were entirely disconnected (“air-gapped”) from the outside world, or at least secured behind closed firewalls.

Connecting a factory or industrial process to an IT department or cloud service introduces risk.  The design of OPC requires an open firewall port to make a connection.  Most companies are currently using workarounds to overcome this Achilles heel, but none of them are adequate.  Using a VPN simply expands the security perimeter of a control network to the outside world of phishing emails and ransomware attacks. Using an IoT gateway to connect an OPC server to a cloud service still requires connecting the plant network to the Internet in some way.

The most secure approach

Instead, the most secure way to get data from OPC servers running on a plant network is by using one or more DMZs.  According to a recent NIST report, “The most secure, manageable, and scalable control network and corporate network segregation architectures are typically based on a system with at least three zones, incorporating one or more DMZs.”

Using a DMZ makes it possible to isolate the plant from the Internet. Although OPC alone cannot connect through multiple hops across a DMZ, adding Skkynet’s DataHub technology makes it possible.  A DataHub tunnel for OPC can establish secure, real-time data flow across the connection, without opening any inbound firewall ports.  This effectively cuts the attack surface to zero.  Even if there is an undiscovered bug lurking somewhere in an OPC server, there is much less risk.  After all, hackers cannot attack what they can’t see.

Getting More from OPC A&E

Easily access OPC A&E from multiple network sources, or convert it to OPC DA, UA and other protocols using the DataHub.

Skkynet’s Cogent DataHub Excels in OPC Compatibility Testing in Tokyo

Hands-on testing at the Asian OPC Interoperability Workshop 2017 found the Cogent DataHub fully compatible with all other leading OPC UA products.

Mississauga, Ontario, June 21, 2017Skkynet Cloud Systems, Inc. (“Skkynet” or “the Company”) (OTCQB: SKKY), a global leader in real-time cloud information systems, is pleased to announce that the Cogent DataHub has successfully passed OPC interoperability testing with leading brands of OPC UA servers and clients at the Asian OPC Interoperability Workshop 2017 held in Tokyo, Japan from June 14-16.  Multi-national companies participating in the event included Azbil, Emerson, Kepware, OMRON, Schneider Electric, Takebishi, Toshiba, and Yokogawa.

“OPC UA is a sophisticated and complex data communications protocol,” said Paul Thomas, President of Skkynet. “Adhering to the spec is one thing, but the real proof of compatibility is to test the clients and servers from different manufacturers against each other. The fact that the Cogent DataHub communicates seamlessly with all of the other leading products means that it can be used in virtually any OPC UA system.”

OPC UA (Unified Architecture) from the OPC Foundation provides a single, extensible framework for securely networking industrial data. Approved as the data communications protocol for Industrie 4.0, the OPC UA specifications allow for implementation across a wide range of hardware platforms and operating systems. The various OPC UA implementations that are possible within this extensible and flexible framework all share a common core OPC UA functionality and interoperability.

The Cogent DataHub fully integrates OPC UA as one of its standard protocols, along with OPC DA and other industrial protocols to support OPC networking, OPC server-server bridging, aggregation, data logging, redundancy, and web-based HMI. Capable of handling over 50,000 data changes per second, the DataHub is also seamlessly integrated with Skkynet’s SkkyHub and ETK for secure, end-to-end Industrial IoT and Industry 4.0 connectivity.

The Cogent DataHub connects to Skkynet’s SkkyHub service to securely network live data in real time from any location. It enables bidirectional IoT-based supervisory control, integration and sharing of data with multiple users. Secure by design, the service requires no VPN, no open firewall ports, no special programming, and no additional hardware. It also connects to the Skkynet Embedded Toolkit (ETK), to provide real-time, bidirectional data exchange with embedded devices.

About Skkynet

Skkynet Cloud Systems, Inc. (OTCQB: SKKY) is a global leader in real-time cloud information systems. The Skkynet Connected Systems platform includes the award-winning SkkyHub™ service, DataHub®, WebView™, and Embedded Toolkit (ETK) software. The platform enables real-time data connectivity for industrial, embedded, and financial systems, with no programming required. Skkynet’s platform is uniquely positioned for the “Internet of Things” and “Industry 4.0” because unlike the traditional approach for networked systems, SkkyHub is secure-by-design. For more information, see http://skkynet.com.

Safe Harbor

This news release contains “forward-looking statements” as that term is defined in the United States Securities Act of 1933, as amended and the Securities Exchange Act of 1934, as amended. Statements in this press release that are not purely historical are forward-looking statements, including beliefs, plans, expectations or intentions regarding the future, and results of new business opportunities. Actual results could differ from those projected in any forward-looking statements due to numerous factors, such as the inherent uncertainties associated with new business opportunities and development stage companies. Skkynet assumes no obligation to update the forward-looking statements. Although Skkynet believes that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that they will prove to be accurate. Investors should refer to the risk factors disclosure outlined in Skkynet’s annual report on Form 10-K for the most recent fiscal year, quarterly reports on Form 10-Q and other periodic reports filed from time-to-time with the U.S. Securities and Exchange Commission.

New Release of Cogent DataHub Features OPC UA and Video Camera Support

Major new release of Cogent DataHub v8.0 enables Industrial IoT and secure in-plant data connectivity.

Mississauga, Ontario, March 1, 2017 – Skkynet Cloud Systems, Inc. (“Skkynet”) (OTCQB: SKKY), a global leader in real-time cloud information systems, announces that Cogent Real-Time Systems, a Skkynet subsidiary, has issued a major new release of its Cogent DataHub® software to include support for OPC UA and streaming video.  Version 8.0 of the Cogent DataHub can connect and integrate data for virtually any industrial system, ranging from legacy equipment to state-of-the-art Industry 4.0 and Industrial IoT systems.

“With OPC UA and in-band video streaming capabilities the Cogent DataHub is poised at the forefront of the IIoT wave,” said Andrew Thomas, Skkynet CEO. “The DataHub is uniquely positioned to extend OPC UA by seamlessly connecting it to the previous generation of OPC (OPC Classic), while providing full integration with video streams, SQL databases, Excel spreadsheets, a web-based HMI, and the SkkyHub™ service for cloud connectivity.”

OPC is a series of standards for connecting industrial hardware and devices with HMIs and other software.  OPC Classic has millions of installations established over twenty years.  OPC UA (Unified Architecture) was introduced to expand the domain of OPC beyond traditional industrial applications, and to provide improved networking and security.  “The DataHub effectively provides a fast, easy and non-disruptive upgrade path to existing industrial control infrastructure built around the OPC standards” said Mr. Thomas.

The latest version of the Cogent DataHub fully integrates OPC UA as one of its standard protocols, along with OPC DA and other industrial protocols to support OPC networking, OPC server-server bridging, aggregation, data logging, redundancy, and web-based HMI. Capable of handling over 50,000 data changes per second, the DataHub is also seamlessly integrated with Skkynet’s SkkyHub and ETK for secure, end-to-end Industrial IoT and Industry 4.0 connectivity.

The Cogent DataHub connects to Skkynet’s SkkyHub service to securely network live data in real time from any location. It enables bidirectional IoT-based supervisory control, integration and sharing of data with multiple users. Secure by design, the service requires no VPN, no open firewall ports, no special programming, and no additional hardware. It also connects to the Skkynet Embedded Toolkit (ETK), to provide real-time, bidirectional data exchange with embedded devices.

About Skkynet

Skkynet Cloud Systems, Inc. (OTCQB: SKKY) is a global leader in real-time cloud information systems. The Skkynet Connected Systems platform includes the award-winning SkkyHub™ service, DataHub®, WebView™, and Embedded Toolkit (ETK) software. The platform enables real-time data connectivity for industrial, embedded, and financial systems, with no programming required. Skkynet’s platform is uniquely positioned for the “Internet of Things” and “Industry 4.0” because unlike the traditional approach for networked systems, SkkyHub is secure-by-design. For more information, see http://skkynet.com.

Safe Harbor

This news release contains “forward-looking statements” as that term is defined in the United States Securities Act of 1933, as amended and the Securities Exchange Act of 1934, as amended. Statements in this press release that are not purely historical are forward-looking statements, including beliefs, plans, expectations or intentions regarding the future, and results of new business opportunities. Actual results could differ from those projected in any forward-looking statements due to numerous factors, such as the inherent uncertainties associated with new business opportunities and development stage companies. Skkynet assumes no obligation to update the forward-looking statements. Although Skkynet believes that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that they will prove to be accurate. Investors should refer to the risk factors disclosure outlined in Skkynet’s annual report on Form 10-K for the most recent fiscal year, quarterly reports on Form 10-Q and other periodic reports filed from time-to-time with the U.S. Securities and Exchange Commission.

Cogent Introduces OPC UA-Enabled DataHub at SPS IPC Drives

At SPS IPC Drives 2016 Skkynet subsidiary Cogent Real-Time Systems will demo a release candidate of Cogent DataHub with OPC UA support.

Mississauga, Ontario, November 15, 2016 – Skkynet Cloud Systems, Inc. (“Skkynet”) (OTCQB: SKKY), a global leader in real-time cloud information systems, announces that Cogent Real-Time Systems, a Skkynet subsidiary, will demonstrate the latest release candidate of the Cogent DataHub® with OPC UA support at the OPC Foundation booth at SPS IPC Drives 2016 in Nuremburg, Germany, November 22-24.  With OPC UA support, this version of the Cogent DataHub will be able to connect to virtually any industrial system, ranging from legacy equipment to state-of-the-art Industry 4.0 and Industrial IoT projects.

“OPC UA is where the world is headed,” said Andrew Thomas, Cogent CEO, “and we help our clients get there.  The DataHub is uniquely positioned to extend OPC UA by seamlessly connecting it to the previous generation of OPC (OPC Classic), while providing full integration with SQL databases, Excel spreadsheets, a web-based HMI, and the SkkyHub service.”

OPC is a series of standards for connecting industrial hardware and devices with HMIs and other software.  OPC Classic has a twenty-year established user base of millions of installations.  OPC UA (Unified Architecture) was introduced to expand the domain of OPC beyond traditional industrial applications, and to provide improved networking and security.

The latest version of the Cogent DataHub being demonstrated at SPS IPC Drives fully integrates OPC UA as one of its standard protocols, along with OPC DA and other industrial protocols to support OPC networking, OPC server-server bridging, aggregation, data logging, redundancy, and web-based HMI. Capable of handling over 50,000 data changes per second, the DataHub is also seamlessly integrated with Skkynet’s SkkyHub and ETK for secure, end-to-end Industrial IoT and Industry 4.0 connectivity.

Skkynet’s SkkyHub service connects to the Cogent DataHub to securely network live data in real time from any location. It enables bidirectional IoT-based supervisory control, integration and sharing of data with multiple users. Secure by design, the service requires no VPN, no open firewall ports, no special programming, and no additional hardware. The Skkynet Embedded Toolkit (ETK) allows embedded devices to make a secure connection to the Cogent DataHub or SkkyHub, enabling real-time, bidirectional IoT data flow.

About Skkynet

Skkynet Cloud Systems, Inc. (OTCQB: SKKY) is a global leader in real-time cloud information systems. The Skkynet Connected Systems platform includes the award-winning SkkyHub™ service, DataHub®, WebView™, and Embedded Toolkit (ETK) software. The platform enables real-time data connectivity for industrial, embedded, and financial systems, with no programming required. Skkynet’s platform is uniquely positioned for the “Internet of Things” and “Industry 4.0” because unlike the traditional approach for networked systems, SkkyHub is secure-by-design.  For more information, see http://skkynet.com.

Safe Harbor

This news release contains “forward-looking statements” as that term is defined in the United States Securities Act of 1933, as amended and the Securities Exchange Act of 1934, as amended. Statements in this press release that are not purely historical are forward-looking statements, including beliefs, plans, expectations or intentions regarding the future, and results of new business opportunities. Actual results could differ from those projected in any forward-looking statements due to numerous factors, such as the inherent uncertainties associated with new business opportunities and development stage companies. Skkynet assumes no obligation to update the forward-looking statements. Although Skkynet believes that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that they will prove to be accurate. Investors should refer to the risk factors disclosure outlined in Skkynet’s annual report on Form 10-K for the most recent fiscal year, quarterly reports on Form 10-Q and other periodic reports filed from time-to-time with the U.S. Securities and Exchange Commission.

 

Case Study: BP Pipelines, USA

Integrating legacy and new systems

BP Pipelines operates one of the largest networks of pipelines in the United States, transporting over 450 million barrel-miles of petrochemicals per day. Their control center in Tulsa, Oklahoma is responsible for the transport of oil and natural gas from South-Central and Midwest oil fields to locations nationwide.

Recently the management at the Tulsa control center decided to add leak detection to their SCADA system to monitor pipeline leakage. The SCADA system, by Telvent, gathers data from production systems and stores it in a Sybase database that has been modified for real-time applications. The challenge was to feed process data from Sybase database to the leak detection system, which had available an OPC server.

“We tried for months to find an OPC server that would communicate via ODBC to the real-time Sybase product,” said Chuck Amsler, Team Leader for SCADA Applications at BP Pipelines. “It was an old version of ODBC, and we just couldn’t get at the data. None of the applications we tried could do it.”

Finally Chuck called Cogent to see if there was some way the Cogent DataHub® could be used to make the connection. After a few hours of consulting with Cogent’s technical staff, he had a DataHub script that supports a connection to the Telvent system and queries the Sybase database. With his process data reaching the OPC DataHub, it was just a matter of bridging the data to the leak detection system’s OPC server. Now the data flows from Telvent to the leak detection system reliably and consistently.

“Once we saw how easy it was for the DataHub to make the connection,” said Chuck, “we decided to use it to log the results.” With Cogent’s help he wrote another script to transfer the leak detection calculations back to an Oracle database for eventual re-use by the SCADA system.

The DataHub scripts give a large degree of flexibility for customization. On the Sybase side, there are actually two servers running, one hot, and the other for backup. The system can switch from hot to backup at any time. For every query, the script tests for which server is hot, and always reads from the correct server.

On the Oracle side, dynamic scripting allows members of Chuck’s team to modify the logging process even while the system is running. They can add, delete, or change data points that qualify the basic pipeline data, without breaking the connection or interfering with the logging.

“We are very impressed with the overall quality of the DataHub” said Chuck, “and with the level of support from Cogent. We look forward to working with them as we move from data gathering to the next stages of the project.”