How to realize secure data exchange and communication in industry? The OPC Foundation Security User Group answers this question by publishing its first whitepaper “Practical Security Recommendations”

The OPC Foundation published a set of practical guidelines for the secure configuration and use of OPC UA in industry.  Written for busy professionals, this concise, easy to read brochure helps readers quickly understand what OPC UA security has to offer and how to best use it. 

Rapid growth in the networking and digitization of industrial systems has introduced a host of new security challenges that must be addressed systematically to be effectively mitigated. In particular, beyond the need for implementing secure network infrastructures, it is essential to protect product and production data moving throughout the systems.  Device vendors, engineers, and system integrators need to ensure they use these technologies in a secure way. While industry acknowledges the need for data security and that the OPC UA standard offers the means to do so – OT and IT professionals alike are often unsure on how to best get started.  

“Currently, users and developers are overwhelmed with making security decisions during their daily job. Incorrect use of security features causes many security vulnerabilities, due to difficulties to use software and a lack of security knowledge. Documentation, tutorials, and good examples are often missing”, says Prof. Dr. Eric Bodden, professor of Software Engineering at Paderborn University and director of Software Engineering at Fraunhofer IEM.

To help address this challenge, the OPC Foundation established a security user group which is led by Uwe Pohlmann, Fraunhofer IEM and Prof. Dr.-Ing. Axel Sikora, Hochschule Offenburg. The aim of this group is to develop best practices and guidelines for typical OPC UA security use cases. 

The document is available on the OPC Foundation website (located at: https://opcfoundation.org/security/ )

The German government sanctioned Intelligent Technical Systems OstWestfalenLippe (it’s OWL) organization supplied the group with key use cases and requirements to help ensure output from the group best addresses users’ real-world orientation and practical knowledge needs.  

 “OPC UA is secure by design, but you actually have to use the security features it provides to reap the benefits”, says Erich Barnstedt, Principal Software Engineering Lead, Azure Industrial IoT at Microsoft. “The Security configuration task can be simplified dramatically when an OPC UA server is secure by default, i.e. all security features are already turned on when the customer takes the server out of the box for the first time. It is also important for the device vendors to make the security configuration as simple as possible, for example by providing wizards and easy to understand guidelines. We can’t expect OPC UA server users to be security experts.”

Members of the Security User Group are: Ascolab, Beckhoff Automation, DS Interoperability, exceet Secure Solutions, Fraunhofer IEM, Hochschule Offenburg, Microsoft Corporation, Software AG, Sparhawk Software Inc, and TE Connectivity.

A second whitepaper presenting best practices and selected use cases for a secure implementation and operation of OPC UA is expected to be released in 2018.

About OPC UA

OPC Unified Architecture (OPC UA) is a platform and vendor independent communication technology for a secure and reliable data exchange over the different levels of the automation pyramid. In addition, the information models of the OPC UA standard provide the foundation for a semantic interoperability.

Find more information here: www.opcfoundation.org

Über OPC Foundation

The OPC Foundation is a nonprofit international standards organization dedicated to developing and maintaining the best specifications, technology and certification to achieve multivendor, multiplatform, secure, reliable information from embedded devices to the cloud. OPC Foundation started in 1995, and the OPC community is grown to over 4200 different companies building OPC products with over 47,000,000 installations. OPC specifications are available without membership and OPC reference implementations are open sourced on GitHub. The foundation has an open certification program enabling members and nonmembers to certify their products.

Firmenkontakt und Herausgeber der Meldung:

OPC Foundation
Huelshorstweg 30
33415 Verl
Telefon: +49 (5246) 9634533
Telefax: +49 (5246) 9639276
http://

Ansprechpartner:
Stefan Hoppe
Telefon: +49 (5246) 963-4533
Fax: +49 (5246) 963-9276
E-Mail: stefan.hoppe@opcfoundation.org
Prof. Dr. Ing. Axel Sikora
Embedded Systems und Kommunikationselektronik, Hochschule Offenburg
E-Mail: axel.sikora@hs-offenburg.de
Uwe Pohlmann
Fraunhofer Research Institution for Mechatronic Systems Design IEM
E-Mail: uwe.pohlmann@iem.fraunhofer.de
Für die oben stehende Pressemitteilung ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.