Attention, CRITIS! Highly secure OPC UA communication

Standardized and secure communication from the machine or field device to the enterprise server or into the cloud is no longer a vision. OPC UA makes it possible. The Open Platform Communications Unified Architecture (OPC UA) is considered the class leader among communication standards for Industrie 4.0, at least for the German and European markets. Instead of converting proprietary manufacturer-specific protocols across network boundaries and dealing with data exchange issues in networks or on application layers, automation and plant operators can use a uniform protocol from the sensor to the cloud with OPC UA. However, the networking of devices, machines, and plants always involves security risks. So how should OPC UA be evaluated from the perspective of IT security?

In principle, IT security is part of the OPC UA standard and specifies a security layer. OPC UA takes seven security objectives into account: Confidentiality, integrity, authentication at the application and the user level, authorization, auditing, and availability. For client-server-based communication, OPC UA's security architecture is based on sessions between a client app and a server app over an encrypted, secure communication channel. The standard defines several security mechanisms: transport security of the transmission layer, user and app authentication, role-based user authorization, and auditing to ensure traceability of user and app actions and data consistency. The standard's security profiles describe client and server capabilities, i.e., which security functions are supported. The security policies define which of the supported security mechanisms a server allows.

The OPC UA specification thus offers good security features. The problem: In practice, the user is dependent on the quality of the implementation of the respective stack manufacturer. For example, a machine stack or the OPC UA security layer on the machine stack can be compromised because the software implementation contains vulnerabilities. Such security risks are difficult to assess. Given the ever-increasing danger of cyberattacks, operators should consider implementing additional security concepts for sensitive and critical systems and network segments in the sense of a staggered defense-in-depth, which rule out the possibility of being compromised from the outset. The big challenge is: How can we effectively secure network segments and at the same time profit from the opportunities of Industry 4.0, such as flexible production or intelligent control, monitoring and optimization of all processes in terms of quality, energy efficiency, material consumption, and costs?

In response, two complementary approaches, in particular, move into the focus. One is Zero Trust, which means checking user authorizations and the client system's status in the application. Secondly, network segmentation and separation by stateful firewalls (transport layer), application-level firewalls, application gateways, and data diodes serve as essential defense lines. The decision on which security solutions to use in a specific case depends on the security objectives, the security level, and the use case.