Open vs proprietary protocols
To understand ICS/SCADA networks and how various components communicate with each other, we need to understand the underlying protocols that are being used by these systems. “Protocol” means how two or more than two systems will talk/communicate with each other.
Every protocol has been designed specifically for a particular need and serves its own purpose. Some protocols have been designed for efficiency, reliability and for operational and economic requirements, while others have been designed for real-time operations for precision and accuracy. To further complicate this, many of these protocols have been designed and modified to run over IP/Ethernet to support modern systems and bridge the gap for establishing communication between legacy and modern systems.
Open vs. proprietary protocols
Depending on the need and usage, protocols are usually designed by companies/organizations for serving a particular purpose. Some of the protocols are open-source and can be used by anyone for integrating into their own product, while some protocols are restricted and cannot be used. Protocols which cannot be used by anyone are the ones usually designed by manufacturers for usage with their own products only.
This means we have two categories of protocols. They are:
- Proprietary protocols: Proprietary protocols are the ones designed and made by a single organization. They are not open-source or free to use for anyone. Thus, proprietary protocol gives the owner to change the protocol design and implementation and enforce restrictions on the usage. Owners usually enforce restrictions through patents rights and trade secrets and do not disclose the technical information behind the protocol.
- Open-source/standard protocols: Open-source protocols are free to use by anyone. They are usually designed and developed by organizations like IEEE/IETF or as a joint effort by many organizations. Open-source protocols offer following advantage over proprietary protocols:
- Free to use by anyone
- Can be modified and deployed as needed
- Scalability and reduced cost of implementation
- Freedom to select any protocol that matches their technical and financial needs
- Freedom to integrate multiple vendor products in their system
- No annual fees and hidden costs
- Ease of migration
Lists of industrial systems protocols
Following are the lists of commonly used protocols used for power system automation, building automation, process automation, industrial control system and power system automation.
- Process automation protocols
|Foundation Fieldbus||Modbus (all variants)||Profibus||PROFINET||Honeywell SDS|
- Industrial control system protocols
|MTConnect||OPC UA||OPC||OMG DDS|
- Building automation protocols
- Power system automation protocols
|DNP3||IEC 60870-5||IEC 61850||IEC 62351|
- Meter reading protocols
|OMS||Zigbee Smart Energy||M-bus||ANSI C12.18|
- Automation/vehicle protocol
|CAN (Controller Area Network)||VAN (Vehicle Area Network)||FlexRay||UAVCAN||IEBus|
Though the above lists are not comprehensive lists of protocols used, the above mentioned protocols are majorly used in industrial network and ICS systems.
Security state of open and proprietary protocols
As the nature and ownership of open-source and proprietary protocols are different, so is the security state. Open-source protocols are typically considered more secure and safer than proprietary protocols.
This is due to certain factors like:
- Contribution: Large numbers of people/organizations contribute in open-source protocol design and development, as compared to proprietary-based ones. Thus, a large number of people contribute in secure design and implementation in open-source protocols as compared to proprietary-based ones, making open-source protocols more safe and secure.
- Technology: Open-source protocols make use of open-source software for implementation. Proprietary protocols make use of their own ones. Thus, open-source protocols are safer, due to the contributions by a large number of people.
- Provision for research: It is possible for anyone to do research on open-source protocol and test it for various security parameters, since the code is openly available to do so. This is not the case with proprietary protocols.
Both open and proprietary protocols have their own place in the market. For businesses having financial constraints and looking to cut costs, open-source protocols is the way. For companies looking to design their own product and want to be whole and sole owner, proprietary protocols are the ones for them. Thus, depending on the need and usage, both are needed and companies have options to choose either of them.
- Open or proprietary protocols?, Resource Data Management
- Open vs. Proprietary Systems: Open Software Standards, Startel
- Difference between Proprietary and Standard Protocols, OmniSecu
- Industrial Control System, Trend Micro