Federal Office for Information Security, (BSI) announces completion of in-depth security analysis of OPC UA

May 4, 2017
One of the most important things required for the Industrial Internet of Things (IIoT) is to ensure that the data and information exchange between devices and services are secure.

One of the most important things required for the Industrial Internet of Things (IIoT) is to ensure that the data and information exchange between devices and services are secure. The OPC Foundation has worked with many security validation companies and organizations to provide the highest level of security. One of the most significant of those organizations is the BSI. Due to the relevance of OPC UA to Industrie 4.0 and Germany Industry, the BSI performed an in-depth security analysis of the OPC UA specifications and a selected reference implementation. A video describing their recommendation and analysis is available on the OPC YouTube Channel https://youtu.be/OSfqXZ0AKzo.

The BSI has published the results of the OPC UA security analysis on their BSI web site and the OPC Foundation also published a commented version on the OPC web site, in both German and English: BSI web site https://www.bsi.bund.de/DE/Publikationen/Studien/OPCUA/OPCUA_node.html

and OPC web site https://opcfoundation.org/security/.

An extensive analysis of the security functions in the specification of OPC UA confirmed that OPC UA was designed with a focus on security and does not contain systematic security vulnerabilities.

Arne Schönbohm, President of the BSI explains "OPC UA is one of the most important modern standards for secure, cross-industry networking for industrial equipment. Industrie 4.0 offers tremendous opportunities for Germany as an industrial location, but for being successful it is necessary to consider security for digitalization and interconnection of industrial processes right from the beginning. Our study is an important contribution”.

The OPC Foundation is truly committed to developing the best specifications, technology and certification that provide a high degree of security for the connected world. OPC UA has been deliberately architected to incorporate security into the base architecture, with the architecture being extensible to future security enhancements providing seamless backward compatibility and true plug-and-play interoperability” says Thomas J. Burke, OPC Foundation President & Executive Director.

In a connected world connectivity and interoperability have no value without security. The significance of BSI performing an in-depth security analysis and recommending OPC UA as the only known communication platform to address the complex security needs of Industrie4.0 cannot be underestimated”, says Stefan Hoppe, OPC Foundation Global VP.

Microsoft’s Matt Vasey, Director IoT said, “Enterprises are realizing the value of connecting the shop floor to the cloud with the application of Machine Learning and other advanced analytics tools. OPC-UA with its built-in security and open information models shorten the time from concept to delivered value”.
 

Siemens’ Thomas Hahn said: “Protecting Industrie4.0 requires a Security-by-Design approach right from the beginning. OPC-UA is an important element and its security measures are an essential building block for future Industrie4.0 scenarios and security architectures.”

SAP’s Veronika Schmid-Lutz said: “There is a benefit in connecting the business world - the top floor - with the automation layer - the shop floor. What is very important for this connection is a reliable and strong security concept. OPC UA, with its built-in-security mechanism, is a valuable element that helps connect the shop floor with the top floor securely.”

>>For more information, click here

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...

AVEVA™ System Platform: Smarter, Faster Operations for Enhanced Industrial Performance

AVEVA System Platform (formerly Wonderware) delivers a responsive, modern operations visualization framework designed to enhance performance across all devices with context-aware...