Attention critis(ch)! Secure IT/OT convergence with OPC UA

Download Handout - PDF

Standardised and secure communication from the machine or field device to the enterprise server or into the cloud is no longer a vision. OPC UA makes it possible. The Open Platform Communications Unified Architecture (OPC UA for short) is considered the class leader among communication standards for Industry 4.0, at least for the German and European market. Instead of converting proprietary manufacturer-specific protocols across network boundaries and having to deal with how data is exchanged in networks or application layers, automation and plant operators can use a uniform protocol from the sensor to the cloud with OPC UA. However, the networking of devices, machines and plants always involves security risks. So how should OPC UA be evaluated from the perspective of IT security?
Basically, IT security was considered as part of the OPC UA standard and a security layer was specified. In total, OPC UA takes seven security objectives into account: Confidentiality, integrity, authentication at application level and at user level, authorisation, auditing and availability. For client-server-based communication, the security architecture of OPC UA is based on sessions between a client app and a server app via an encrypted, secure communication channel. The standard defines several security mechanisms: transport security of the transmission layer, user and app authentication, role-based user authorisation, and auditing to ensure traceability of user and app actions and data consistency. The security profiles of the standard describe the capabilities of clients and servers, i.e. which security functions are supported. The security policies define which of the supported security mechanisms a server allows.
The OPC UA specification thus offers exemplary security features. The problem: In practice, the user is dependent on the quality of the implementation of the respective stack manufacturer. For example, a machine's stack or the OPC-UA security layer on the machine's stack can be compromised because the software implementation contains vulnerabilities. Such security risks are difficult to assess. In view of the constantly increasing danger of cyber attacks, supplementary security concepts should be considered for sensitive systems and network segments in the sense of a defence in depth, which exclude the compromise of systems from the outset. The question arises as to how domain and segment transitions can be effectively secured and at the same time the opportunities of Industry 4.0 can be exploited, such as flexible production and the intelligent control, monitoring and optimisation of all processes in terms of quality, energy efficiency, material consumption and costs.
Two complementary approaches in particular offer an answer. One is Zero Trust, which means that user authorisations and the status of the client system are checked in the application. On the other hand, network segmentation and separation through stateful firewalls (transport layer), application level firewalls, application gateways and data diodes serve as an essential line of defence. The decision which security solutions to use in a specific case depends on the security objectives, the security level and the use case.