Critical infrastructure

Open vs proprietary protocols

Nitesh Malviya
May 27, 2020 by
Nitesh Malviya

To understand ICS protocols and how various components communicate with each other, we need to understand the underlying protocols that are being used by these systems. “Protocol” means how two or more than two systems will talk/communicate with each other.

Every protocol has been designed specifically for a particular need and serves its own purpose. Some protocols have been designed for efficiency, reliability and for operational and economic requirements, while others have been designed for real-time operations for precision and accuracy. To further complicate this, many of these protocols have been designed and modified to run over IP/Ethernet to support modern systems and bridge the gap for establishing communication between legacy and modern systems.

Learn ICS/SCADA Security

Learn ICS/SCADA Security

Explore realistic critical infrastructure scenarios and build your security skills with hands-on labs, on-demand courses and live boot camps.

 

Open vs. proprietary protocols

 

Depending on the need and usage, protocols are usually designed by companies/organizations for serving a particular purpose. Some of the protocols are open-source and can be used by anyone for integrating into their own product, while some protocols are restricted and cannot be used. Protocols which cannot be used by anyone are the ones usually designed by manufacturers for usage with their own products only.

This means we have two categories of protocols. They are:

  • Proprietary protocols: Proprietary protocols are the ones designed and made by a single organization. They are not open-source or free to use for anyone. Thus, proprietary protocol gives the owner to change the protocol design and implementation and enforce restrictions on the usage. Owners usually enforce restrictions through patents rights and trade secrets and do not disclose the technical information behind the protocol.
  • Open-source/standard protocols: Open-source protocols are free to use by anyone. They are usually designed and developed by organizations like IEEE/IETF or as a joint effort by many organizations. Open-source protocols offer following advantage over proprietary protocols:
    • Free to use by anyone
    • Can be modified and deployed as needed
    • Scalability and reduced cost of implementation
    • Freedom to select any protocol that matches their technical and financial needs
    • Freedom to integrate multiple vendor products in their system
    • No annual fees and hidden costs
    • Ease of migration

 

Lists of industrial systems protocols

 

Following are the lists of commonly used protocols used for power system automation, building automation, process automation, industrial control system and power system automation.

  • Process automation protocols

 

 

 

CIP ControlNet DNP3 Ethernet/IP HART

 

Foundation Fieldbus Modbus (all variants) Profibus PROFINET Honeywell SDS

 

  • Industrial control system protocols

 

 

 

MTConnect OPC UA OPC OMG DDS

 

  • Building automation protocols

 

 

 

BACnet Z-Wave ZigBee LonTalk DALI Dynet Modbus

 

  • Power system automation protocols

 

 

 

DNP3 IEC 60870-5 IEC 61850 IEC 62351

 

  • Meter reading protocols

 

 

 

OMS Zigbee Smart Energy M-bus ANSI C12.18

 

  • Automation/vehicle protocol

 

 

 

CAN (Controller Area Network) VAN (Vehicle Area Network) FlexRay UAVCAN IEBus

 

Though the above lists are not comprehensive lists of protocols used, the above mentioned protocols are majorly used in industrial network and ICS systems.

 

Security state of open and proprietary protocols

 

As the nature and ownership of open-source and proprietary protocols are different, so is the security state. Open-source protocols are typically considered more secure and safer than proprietary protocols.

This is due to certain factors like:

  1. Contribution: Large numbers of people/organizations contribute in open-source protocol design and development, as compared to proprietary-based ones. Thus, a large number of people contribute in secure design and implementation in open-source protocols as compared to proprietary-based ones, making open-source protocols more safe and secure.
  2. Technology: Open-source protocols make use of open-source software for implementation. Proprietary protocols make use of their own ones. Thus, open-source protocols are safer, due to the contributions by a large number of people.
  3. Provision for research: It is possible for anyone to do research on open-source protocol and test it for various security parameters, since the code is openly available to do so. This is not the case with proprietary protocols.

 

Conclusion

 

For ICS/SCADA networks, both open and proprietary protocols have their own place in the market. For businesses having financial constraints and looking to cut costs, open-source protocols is the way. For companies looking to design their own product and want to be whole and sole owner, proprietary protocols are the ones for them. Thus, depending on the need and usage, both are needed and companies have options to choose either of them.

Learn ICS/SCADA Security

Learn ICS/SCADA Security

Explore realistic critical infrastructure scenarios and build your security skills with hands-on labs, on-demand courses and live boot camps.

 

Sources

 

Nitesh Malviya
Nitesh Malviya

Nitesh Malviya is a Security Consultant. He has prior experience in Web Appsec, Mobile Appsec and VAPT. At present he works on IoT, Radio and Cloud Security and open to explore various domains of CyberSecurity. He can be reached on his personal blog - https://nitmalviya03.wordpress.com/ and Linkedin - https://www.linkedin.com/in/nitmalviya03/.