Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Action of genua on the subject of secure communication
IT Security Talks Technology I

Attention, CRITIS! Highly secure OPC UA communication

In principle, OPC UA considers IT security concepts. How secure is the open standard, and is it also suitable for sensitive systems?

calendar_today Tue, 15.06.2021, 13:15 - 13:30

event_available Digital

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Industry 4.0 / IoT / Edge Computing

Organizer

Event

This action is part of the event IT Security Talks

Action Video

grafischer Background
close

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

Standardized and secure communication from the machine or field device to the enterprise server or into the cloud is no longer a vision. OPC UA makes it possible. The Open Platform Communications Unified Architecture (OPC UA) is considered the class leader among communication standards for Industrie 4.0, at least for the German and European markets. Instead of converting proprietary manufacturer-specific protocols across network boundaries and dealing with data exchange issues in networks or on application layers, automation and plant operators can use a uniform protocol from the sensor to the cloud with OPC UA. However, the networking of devices, machines, and plants always involves security risks. So how should OPC UA be evaluated from the perspective of IT security?

In principle, IT security is part of the OPC UA standard and specifies a security layer. OPC UA takes seven security objectives into account: Confidentiality, integrity, authentication at the application and the user level, authorization, auditing, and availability. For client-server-based communication, OPC UA's security architecture is based on sessions between a client app and a server app over an encrypted, secure communication channel. The standard defines several security mechanisms: transport security of the transmission layer, user and app authentication, role-based user authorization, and auditing to ensure traceability of user and app actions and data consistency. The standard's security profiles describe client and server capabilities, i.e., which security functions are supported. The security policies define which of the supported security mechanisms a server allows.

The OPC UA specification thus offers good security features. The problem: In practice, the user is dependent on the quality of the implementation of the respective stack manufacturer. For example, a machine stack or the OPC UA security layer on the machine stack can be compromised because the software implementation contains vulnerabilities. Such security risks are difficult to assess. Given the ever-increasing danger of cyberattacks, operators should consider implementing additional security concepts for sensitive and critical systems and network segments in the sense of a staggered defense-in-depth, which rule out the possibility of being compromised from the outset. The big challenge is: How can we effectively secure network segments and at the same time profit from the opportunities of Industry 4.0, such as flexible production or intelligent control, monitoring and optimization of all processes in terms of quality, energy efficiency, material consumption, and costs?

In response, two complementary approaches, in particular, move into the focus. One is Zero Trust, which means checking user authorizations and the client system's status in the application. Secondly, network segmentation and separation by stateful firewalls (transport layer), application-level firewalls, application gateways, and data diodes serve as essential defense lines. The decision on which security solutions to use in a specific case depends on the security objectives, the security level, and the use case.

... read more

Language: German

Questions and Answers: Yes

Speaker

show more
close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.