Staying Secure with the Latest OPC UA Encryption

In the industrial automation industry, it’s very common to still have multiple versions of Windows of varying levels of age and systems that may not always be setup consistently. However, it’s not an option to just change everything so we must make it all work anyway.

One of the greatest concerns with such systems is always security.  In a world where cyber threats are omnipresent, IT and OT professionals alike understandably have real concerns about keeping their sensitive data and systems secure from outside attacks and manipulation.

Connecting OPC clients and servers when the Windows computers are not on the same version, not in an Active Directory or domain, and having everything work well takes skill, and keeping it secure involves a lot of details. OPC UA makes such situations infinitely more workable by taking the limitations, pitfalls and inconsistencies of DCOM out of the equation.

An important feature of the OPC UA standard with respect to cybersecurity is the ability to encrypt the communications between the client and server. Encryption is achieved using digital certificates that are issued on the client and server side of the UA connection.

Given the level of sophistication of those cyberterrorists orchestrating cyberattacks, it’s more necessary than ever that the encryption algorithms commonly used to protect data and systems continue to evolve and become increasingly harder to “crack”. The security of an OPC UA client/server connection is no different – it’s only as good as the encryption algorithm being used to encrypt it. Using older versions of OPC UA solutions that only support older encryption algorithms that may or may not still be secure can be risky.

To that end, the OPC UA solutions provided and supported by Software Toolbox are continuously being improved especially with respect to security. That commitment to continuous improvement includes supporting the latest and most secure OPC UA encryption algorithms including Basic 256 SHA256, AES128 SHA256 RSA-OAEP and AES256 SHA256 RSA-PSS algorithms. The past year has seen many of our OPC UA solutions enhanced to support the latest encryption, including OPC Data Logger,  OmniServer, Cogent DataHub, and other data connectivity solutions, as well as, OPC rapid development toolkits such as the OPC Data Clientand SLIK-DA.

As always, make sure you’re running the most current versions of your OPC UA solutions, whenever possible, to ensure you’re able to take advantage of the latest security features and enhancements.

For further information on using secure OPC UA solutions and more, click here.