One of the most important things required for the Industrial Internet of Things (IIoT) is to ensure that the data and information exchange between devices and services are secure. The OPC Foundation has worked with many security validation companies and organizations to provide the highest level of security. One of the most significant of those organizations is the Federal Office for Information Security (BSI). Due to the relevance of OPC UA to Industrie 4.0 and German Industry, the BSI performed an in-depth security analysis of the OPC UA specifications and a selected reference implementation. A video describing their recommendation and analysis is available on the OPC YouTube Channel.
The BSI has published the results of the OPC UA security analysis on their BSI web site and the OPC Foundation also published a commented version on the OPC web site, in both German and English.
- BSI link: https://www.bsi.bund.de/DE/Publikationen/Studien/OPCUA/OPCUA_node.html
- OPC Foundation link: https://opcfoundation.org/security/.
An extensive analysis of the security functions in the specification of OPC UA confirmed that OPC UA was designed with a focus on security and does not contain systematic security vulnerabilities.
Arne Schönbohm, President of the BSI explains:
“OPC UA is one of the most important modern standards for secure, cross-industry networking for industrial equipment. Industrie 4.0 offers tremendous opportunities for Germany as an industrial location, but for being successful it is necessary to consider security for digitalization and interconnection of industrial processes right from the beginning”.