Kaspersky Lab, Claroty on OPC Security Research

Nexus: A Claroty Podcast

English - March 30, 2021 19:00 - 43 minutes - 30.2 MB - ★★★★★ - 4 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Josh Grunzweig on Exchange Zero Days

Next Episode: Katie Moussouris on Dan Kaminsky, Pay Equity, Vulnerability Disclosure Progress

On this episode of Claroty's Aperture Podcast, researchers from Claroty and Kaspersky Lab join to discuss security research into the OPC protocol. OPC is a protocol stack that is used for interoperability between disparate vendor communication protocols in the ICS domain.

Kaspersky Lab's Evgeny Goncharov and Claroty's Sharon Brizinov and Uri Katz bring their respective experience researching OPC and discuss why it's a critical protocol for OT networks. In 2018, Kaspersky Lab published some of the earliest research into OPC security and disclosed 17 new vulnerabilities in the stack. This year, Claroty followed with its own research and nine vulnerabilities found in three vendor implementations of OPC.

The researchers discuss the current state of OPC security, how it can improve, and what vendors should be doing to ensure they're securely implementing OPC.