OptoBlog

Opto 22 responds to inquiries regarding URGENT/11

Posted by Benson Hougland on Aug 7, 2019 1:18:01 PM

The recent announcement of security vulnerabilities discovered in the Wind River® VxWorks® IPnet TCP/IP stack has prompted questions from Opto 22 customers about what impact this discovery may have on TCP/IP-based products developed and manufactured by Opto 22.

Opto 22 would like to reassure our customers that, after careful and thorough review, we can state that none of our hardware or software products contain the VxWorks IPnet TCP/IP stack or variants of that software and are, therefore, not directly exposed to any attacks that might target these vulnerabilities. This statement applies to the recent Opto 22 product family groov EPIC® (edge programmable industrial controller), the groov® Edge Appliance (groov Box), the SNAP PAC® System, and SNAP Ethernet I/O® products.

These security vulnerabilities, dubbed URGENT/11 by Armis, an enterprise IoT security firm that made the discoveries, have far-reaching implications and affect an extremely large array of industrial, medical, and enterprise environments. These include mission-critical systems such as SCADA, industrial controllers, PLCs, PACs, and more. Other systems outside traditional industrial devices like patient monitors and MRI machines, as well as firewalls, routers, modems, VOIP phones, and printers are also affected.

Read More

Topics: PACs, Security, EPIC, groov EPIC, cybersecurity

A discussion of open-source software and SCADA

Posted by Janice Colmer on Jul 25, 2019 8:30:00 AM

An Automation World podcast poses the question, "Is open-source software a good choice for SCADA?"

A new podcast series, Automation World Gets Your Questions Answered, addresses questions submitted exclusively by its readers and subscribers. Opto 22's Benson Hougland and Terry Orchard recently sat down with Automation World's Editor-in-Chief, David Greenfield, to provide some insight on this open source and SCADA discussion.

Read More

Topics: IIoT, MQTT, groov EPIC, cybersecurity, Linux, open source software

groov EPIC Security Series, Part 5: Encryption and Certificates

Posted by Ben Orchard on May 22, 2019 11:05:13 AM

Go on, admit it. At some point in your life you've written down a password on a piece of paper in clear text. Anybody walking by can simply glance at your note, and they'll know what your password is.

No, you have never done that? Excellent. 

But if you've ever used your web browser to log into a website over the web, and entered sensitive information like your password without encryption, you've effectively transmitted that information through the internet for all to see, almost like writing it on paper and showing it around.

Whoa.

Read More

Topics: Security, IIoT, groov EPIC, cybersecurity, EPIC Security, encryption

groov EPIC Security Series, Part 4: User Accounts

Posted by Ben Orchard on May 10, 2019 3:12:44 PM

In this blog post, let’s take a closer look at user accounts on the groov EPIC system, and how you can improve your system security by giving users and services fine-grained access to applications running on EPIC. In other words, make sure each person or service has only the access they really need and nothing more.

But before we get deep into user accounts, let’s first discuss user account credentials. Take a moment and ask yourself the following questions:

  • Do you use the same password for multiple accounts?
  • Do you use a mix of punctuation and capital letters in your passwords?
  • Do you use long phrases as your passwords?
Read More

Topics: Security, groov View, groov EPIC, groov Manage, cybersecurity, EPIC Security, User Accounts

groov EPIC Security Series Part 3: Device originating communications, or how and why MQTT rocks

Posted by Ben Orchard on Apr 29, 2019 9:15:28 AM

The story goes that a valve manufacturer wanted to have their networked smart valves certified for use in a nuclear reactor plant. The smart valve could report all sorts of critical data points to a database system and also be controlled by that SCADA system in the plant. But to get it certified for use, the smart valve had to undergo a rigorous security audit by the information technology (IT) department at the plant.

Read More

Topics: Security, MQTT, groov EPIC, cybersecurity, firewall, EPIC Security

groov EPIC Security Series, Part 2: What's a Firewall?

Posted by Ben Orchard on Apr 17, 2019 2:41:07 PM

Ever notice how emergency exits in a building open outward? Then, to keep the building secure, they are usually locked from the outside. You can get out easily enough, but you can’t get in that way.

However, on a building’s main front entrance, the door often swings in so you can enter. Typically, there is a security guard or perhaps a receptionist there to check your ID and keep an eye on the comings and goings.

Read More

Topics: Security, groov View, groov EPIC, groov Manage, cybersecurity, firewall, EPIC Security

groov EPIC Security Series, Part 1: Dual Network Interfaces

Posted by Ben Orchard on Apr 9, 2019 8:45:46 AM

Trusted and untrusted: when it comes to people, it can be hard to know someone at first pass. You need some time to build a picture of the person.

When it comes to networking, it’s a little more cut and dried. You either know who’s on a network or you don’t.

Can it really be that simple? Is there really a way on a groov EPIC to keep those you don’t trust away from those you do?

Read More

Topics: Security, EPIC, groov View, groov EPIC, cybersecurity, EPIC Security

A discussion of digital transformation - ARC Advisory Group interviews Opto 22's Arun Sinha

Posted by Janice Colmer on Mar 22, 2019 11:21:52 AM

Opto 22 recently returned to the annual ARC Industry Forum in Orlando, Florida with more EPIC news to share.

This year's ARC Forum event focused on "Driving Digital Transformation in Industries and Cities". Attendees had the opportunity to learn about new technologies, practices and standards to help with their business's digital transformation.

Read More

Topics: Node-RED, MQTT, Ignition Edge, IEC 61131-3, groov EPIC, software, ARC Forum, cybersecurity

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all