OPC Foundation publishes security suggestions

Dec 13, 2017

The OPC Foundation reported Nov. 28 that it's published a set of practical guidelines for securely configuring and using its OPC UA communication strategy in industrial application. This concise, 16-page brochure, "Practical Security Recommendations for Building OPC UA applications," helps readers quickly understand what OPC UA security has to offer and how to best use it.

The document was drafted by the foundation's security user group, led by Uwe Pohlmann of Fraunhofer IEM and Prof. Dr.-Ing. Axel Sikora of Hochschule Offenburg, which is developing best guidelines for typical OPC UA security use cases. The German government sanctioned the Intelligent Technical Systems OstWestfalenLippe (OWL) organization to supply the group with real-world use cases and practical knowledge.

Download: Béla Lipták on safety: Cybersecurity and nuclear power

“OPC UA is secure by design, but you actually have to use the security features it provides to reap the benefits,” says Erich Barnstedt, principal software engineering lead, Azure Industrial IoT at Microsoft. “The security configuration task can be simplified dramatically when an OPC UA server is secure by default, meaning all security features are already turned on when the customer takes the server out of the box for the first time.”

The document is freely downloadable. A second whitepaper presenting best practices and selected use cases for a secure implementation and operation of OPC UA is scheduled for release in 2018.