The Industrial Internet of Things (IIoT) has generated tons of interest across industry with regard to its potential for delivering new and more insightful analytics and intelligence. But for this to be possible in the real world—and not just in concept—two key aspects are necessary: interoperability and security.
Interoperability is critical because it’s not enough to just send data into the cloud for analysis. The IIoT requires devices to share and send data between systems as well as into the cloud and back—meaning that data interoperability is required.
Following close on the heels of data interoperability is security. After all, it’s not advisable to share data between systems and the cloud if those data are not secure at every step along the way.
These critical IIoT junctures are key focus areas of OPC UA— an independent service-oriented architecture for handling data on any platform, from microcontrollers to cloud-based infrastructures. If you’ve spent much time in industry, you’ve likely heard numerous references to OPC and OPC UA before, but may not have been sure what it’s all about. Helping people across industries better understand what OPC UA is and how can be applied in their operations is what Tom Burke, president of the OPC Foundation, looks to accomplish with the organization’s multiple annual events.
Underscoring OPC UA’s role in the IIoT at a recent OPC Foundation event in Atlanta, Burke said that, for any IIoT initiative to be successful, it's not enough to just have “two devices talking to each other. Those devices need to be able to understand the syntax and semantics of the data. OPC UA defines the syntax and semantics” so that devices and systems can communicate regardless of who manufactured the equipment.
The nuances of providing data with syntax and semantics via OPC UA underscore Burke’s use of the term “interoperability.” As Burke explained it during the Atlanta OPC event, interoperability is all about exchanging data between applications and the importance of understanding the complete context of the data. In an analogy he gave to help clarify this, he said to think about when we exchange names and telephone numbers in a data file. “There must be an exchange of information that helps the sender and receiver of the data know the format to be able to consume the name and telephone number data and synchronize it. The problem is that some systems expect it to be last name/first name others expected to be first name/last name.”
Explaining further, Burke said that the IIoT, in and of itself, “does not provide for interoperability, but for the IIoT to happen you have to have device-to-device and cloud-to-cloud sharing of all the data necessary. That’s what UA does; it adds interoperability by definition. From an information modeling perspective, we’re talking about the ability to plug something in, automatically discover it on the network, and talk to it intelligently.”
At the Atlanta OPC event, Thomas Hahn, a member of the OPC Foundation board of directors and chief software expert for Siemens corporate technology, pointed out that OPC UA’s role in providing data syntax and semantics is so critical to device and system interoperability that the document used to outline recommendations for implementing Industrie 4.0 (RAMI 4.0) cites OPC UA as the data communication standard for implementation of the M2M (machine to machine) layer of Industrie 4.0.
Part of the attraction to OPC UA for the German government as it applies to Industrie 4.0 is its ability to secure data at multiple levels. OPC UA security extends down to the object level and the metadata in it, said Burke, who added that the OPC Foundation is also currently working ISA 99 and NIST to clarify OPC UA’s security capabilities within those groups’ standards.
As for the German government and its Industrie 4.0 specifications around OPC UA, those specifications are expected to complete by the end of this year.
OPC UA is considered a central building block on the way towards Industrie 4.0,” said Holger Junker, of the German Federal Office for Information Security. “It [OPC] is the first time a unified, worldwide recognized industrial protocol can be employed that allocates necessary cryptographic mechanisms for a secure smart factory.”
Describing OPC UA’s security capabilities at the Atlanta OPC UA event, Nathan Pocock, the OPC Foundation’s director of compliance, explained how OPC UA addresses security at the transport and application layers.
At the data transport layer, OPC UA provides:
- Data Confidentiality via encryption. Pocock says the Foundation uses standard algorithms to implement encryption and noted that the OPC UA framework is extensible to allow for changes as encryption technologies evolve.
- Data Integrity via notification of any changes to data values. “If what left a device is not what is received, a notification is sent,” he said.
- Application Authentication and Authorization via certificates in the OPC UA server.
At the application layer, OPC UA provides:
- User Authentication and Authorization. “Users have to be authenticated with a username, passwords, and certificates before getting access, and access can be limited based on rights,” said Pocock.
- Auditability. All interactions are tracked and any interaction can be audited—from connection attempts and configuration changes to session rejections and user interactions.
- Availability. This addresses how resilient an application is to threats to help keep a system online even during an attack. Pocock says OPC UA handles this by restricting message size to avoid fragmentation so that those fragments cannot be manipulated.