Bedrock Issues OPC UA SCADA Security Spec

Monday, February 5, 2018 @ 03:02 PM gHale

San Jose, CA-based Bedrock Automation published an interface specification to leverage security capabilities of OPC UA.

By following the procedures outlined in the Bedrock SCADA Security Platform Specification, developers can upgrade any OPC UA compliant client into a secure OPC UA channel, across which users can exchange data between plant floor operations and SCADA applications, Bedrock officials said.

Bedrock Adds Anomaly Detection
S4: Safety System Attack Details
S4: Network Monitoring Champion
S4: Lean OT Security

Three SCADA software developers, Inductive Automation, ICONICS and TATSOFT, are releasing support to the Bedrock interface specification.

“OPC UA provides unique cyber security advantages enabling open communications across numerous industrial devices and applications and providing the end-users options for integrating authentication keys protecting those communications. The most secure OPC level is to authenticate those keys against a known root of trust, which Bedrock supplies via a certificate authority (CA), validated against cryptographic keys built into its controller,” said Thomas J. Burke, OPC Foundation president and executive director.

Bedrock designs and sources its own secure semiconductor components with encryption and authentication technologies embedded at the “birth” of their modules, assembled and tested by Bedrock. The design then draws on the public key infrastructure (PKI) and Transport Layer Security (TLS) standards similar to those used to secure ecommerce transactions and military and aerospace electronics. Bedrock Automation then uses those securely embedded keys as the basis for digital certificates that manage access and communication between SCADA applications and control systems. Bedrock Cybershield 3.0 firmware in the control system offers an embedded PKI for SCADA applications.

A software developer building an open communications environment with OPC UA might deploy a Bedrock OSA system as a PLC to control a process based on input from field devices. To secure communications between their SCADA applications and the control system the developer can utilize the Bedrock Cloud SaaS to generate a SCADA certificate. After verifying the identity of the requester, the Bedrock CA issues that certificate which authorizes the SCADA to access encrypted data on the PLC.

“Such a simple specification demonstrates that Open and Secure SCADA can be deployed today, and that an applications interface does not have to be thousands or even hundreds of pages. We are pleased to be working with innovative SCADA software providers such as Inductive Automation, ICONICS and TATSOFT, to help them and their customers take advantage of the secure communications capabilities of OPC UA and the intrinsic security of the Bedrock platform,” said Albert Rooyakkers, founder and chief executive of Bedrock Automation.

Inductive Automation, based in, Folsom, CA, has already implemented several installations around Bedrock controllers.

“Using Bedrock Automation as our Certificate Authority means we can now deliver our customers yet another layer of assurance that they can achieve the business and productivity benefits of our open SCADA solutions, with minimal risk of cyber intrusion,” said Don Pearson, chief strategy officer at Inductive Automation.

ICONICS, based in Foxboro, MA, is also taking advantage of the Bedrock CA.

“Security is a top priority for most automation customers today,” said Russ Agrusa, president and chief executive of ICONICS. “ICONICS has partnered with Bedrock Automation to provide an end-to-end connected solution for IoT and Industry 4.0 that ensures safe, secure information exchange between PLCs and a variety of enterprise information systems.”

TATSOFT, based in Houston, TX, the first application development platform built entirely for the Microsoft .NET framework, is planning to offer Bedrock secured SCADA solutions.

“We are constantly looking for innovative ways to add value for our clients and customers, and by giving users a cyber secure option to interact with PLC functionality, we are definitely doing that. We could not do this with any other control platform, because none has authentication certificates embedded in their firmware as Bedrock does,” said TATSOFT senior vice president of sales and marketing, Dave Hellyer.

Leave a Reply

You must be logged in to post a comment.