Bedrock releases SCADA security platform specification for OPC UA
Bedrock Automation has published a concise, easy-to-deploy interface specification that enables users and application developers to take advantage of the security capabilities of OPC UA communications software. By following the simple procedures outlined in the Bedrock SCADA Security Platform Specification, developers can upgrade any OPC UA compliant client into a highly secure OPC UA channel, across which users can exchange data between plant floor operations and SCADA applications.
Three leading SCADA software developers, Inductive Automation, ICONICS and TATSOFT, are committing and releasing support to the Bedrock interface specification.
"OPC UA provides unique cyber security advantages enabling open communications across numerous industrial devices and applications and providing the end-users options for integrating authentication keys protecting those communications. The most secure OPC level is to authenticate those keys against a known root of trust, which Bedrock supplies via a certificate authority (CA), validated against cryptographic keys built into its controller," said Thomas J. Burke, OPC Foundation President and Executive Director, adding "Bedrock Automation is a clear leader in supporting the OPC UA standards, and provides information integration and communication that the end users have been demanding."
Bedrock designs and sources its own secure semiconductor components with encryption and authentication technologies embedded at the "birth" of their modules, assembled and tested by Bedrock in their cyber secure supply chain. The unique design then draws on the power and flexibility of public key infrastructure (PKI) and Transport Layer Security (TLS) standards similar to those used to secure ecommerce transactions and military and aerospace electronics. Bedrock Automation then uses those securely embedded keys as the basis for digital certificates that manage access and communication between SCADA applications and control systems. Bedrock Cybershield 3.0 firmware is the first control system to offer an embedded PKI for SCADA applications.
A software developer building an open communications environment with OPC UA might deploy a Bedrock OSA system as a PLC to control a process based on input from field devices. To secure communications between their SCADA applications and the control system the developer will utilize the Bedrock Cloud SaaS to generate a SCADA certificate. After verifying the identity of the requester, the Bedrock CA issues that certificate which authorizes the SCADA to access encrypted data on the PLC. The Bedrock interface specification - only 30 pages - provides everything a developer needs to secure the communications.
"Such a simple specification demonstrates that Open and Secure SCADA can be deployed today, and that an applications interface does not have to be thousands or even hundreds of pages. We are pleased to be working with innovative SCADA software providers such as Inductive Automation, ICONICS and TATSOFT, to help them and their customers take advantage of the secure communications capabilities of OPC UA and the intrinsic security of the Bedrock platform," said Albert Rooyakkers, founder and CEO of Bedrock Automation.
Inductive Automation, based in Folsom, Calif., has already implemented several installations around Bedrock controllers. "Using Bedrock Automation as our Certificate Authority means we can now deliver our customers yet another layer of assurance that they can achieve the business and productivity benefits of our open SCADA solutions, with minimal risk of cyber intrusion," said Don Pearson, Chief Strategy Officer at Inductive Automation.
ICONICS, based in Foxboro, Mass., is also taking advantage of the Bedrock CA. "Security is a top priority for most automation customers today," said Russ Agrusa, President and CEO of ICONICS. "ICONICS has partnered with Bedrock Automation to provide an end-to-end connected solution for IoT and Industry 4.0 that ensures safe, secure information exchange between PLCs and a variety of enterprise information systems."
TATSOFT, based in Houston, Tex., the first application development platform built entirely for the Microsoft .NET framework, is planning to offer Bedrock secured SCADA solutions to its customers. "We are constantly looking for innovative ways to add value for our clients and customers, and by giving users a cyber secure option to interact with PLC functionality, we are definitely doing that. We could not do this with any other control platform, because none has authentication certificates embedded in their firmware as Bedrock does," said TATSOFT Sr. VP Sales and Marketing, Dave Hellyer.
Enhanced capability to implement Bedrock and secure OPC UA for SCADA applications is available with the Bedrock Cybershield 3.0 upgrade, which will be announced at the ARC Forum on February 12, 2018. Cybershield 3.0 will be standard in all Bedrock systems and available to Cybershield 2.0 users as a free upgrade in Q2 2018. Developers wishing to review the OPC UA Interface specification should contact Bedrock Automation.