Skip to content

Secure Configuration and Operation of OPC UA

    The OPC Foundation published a set of practical guidelines for the secure configuration and use of OPC UA in industry.  Written for busy professionals, this concise, easy to read brochure helps readers quickly understand what OPC UA security has to offer and how to best use it. 

    Rapid growth in the networking and digitization of industrial systems has introduced a host of new security challenges that must be addressed systematically to be effectively mitigated. In particular, beyond the need for implementing secure network infrastructures, it is essential to protect product and production data moving throughout the systems.  Device vendors, engineers, and system integrators need to ensure they use these technologies in a secure way. While industry acknowledges the need for data security and that the OPC UA standard offers the means to do so – OT and IT professionals alike are often unsure on how to best get started.

    “Currently, users and developers are overwhelmed with making security decisions during their daily job. Incorrect use of security features causes many security vulnerabilities, due to difficulties to use software and a lack of security knowledge. Documentation, tutorials, and good examples are often missing”, says Prof. Dr. Eric Bodden, professor of Software Engineering at Paderborn University and director of Software Engineering at Fraunhofer IEM.

    To help address this challenge, the OPC Foundation established a security user group which is led by Uwe Pohlmann, Fraunhofer IEM and Prof. Dr.-Ing. Axel Sikora, Hochschule Offenburg. The aim of this group is to develop best practices and guidelines for typical OPC UA security use cases.

    The document is available on the OPC Foundation website (located at: https://opcfoundation.org/security/ )

    The German government sanctioned Intelligent Technical Systems OstWestfalenLippe (it’s OWL) organization supplied the group with key use cases and requirements to help ensure output from the group best addresses users’ real-world orientation and practical knowledge needs.

    “OPC UA is secure by design, but you actually have to use the security features it provides to reap the benefits”, says Erich Barnstedt, Principal Software Engineering Lead, Azure Industrial IoT at Microsoft. “The Security configuration task can be simplified dramatically when an OPC UA server is secure by default, i.e. all security features are already turned on when the customer takes the server out of the box for the first time. It is also important for the device vendors to make the security configuration as simple as possible, for example by providing wizards and easy to understand guidelines. We can’t expect OPC UA server users to be security experts.”

    Members of the Security User Group are: Ascolab, Beckhoff Automation, DS Interoperability, exceet Secure Solutions, Fraunhofer IEM, Hochschule Offenburg, Microsoft Corporation, Software AG, Sparhawk Software Inc, and TE Connectivity.

    A second whitepaper presenting best practices and selected use cases for a secure implementation and operation of OPC UA is expected to be released in 2018.