Fundamentally, information system security reduces the risk of damage from attacks. It does this by identifying the threats to the system, identifying the system’s vulnerabilities to these threats, and providing countermeasures. The countermeasures reduce vulnerabilities directly, counteract threats, or recover from successful attacks.
Industrial automation system security is achieved by meeting a set of objectives. These objectives have been refined through many years of experience in providing security for information systems in general and they remain quite constant despite the ever-changing set of threats to systems. They are described in the sub clause 5.1and sub clause 5.2reconciles these objectives against the OPC UA functions. Clause 6 offers additional best practice guidelines to Clientand Serverdevelopers or those that deploy OPC UA Applications.
The access to read, write, or execute resources should be authorized for only those entities that have a need for that access within the requirements of the system. Authorizationcan be as coarse-grained as allowing or disallowing a Clientto access a Serveror it could be much finer grained such as allowing specific actions on specific information items by specific users. The granularity of a system depends in part on the functionality supported by the Server, but in general Authorizationshould be given based on the need-to-know principle i.e. a user should be granted access only to information they require for the function they are performing.
Data is protected from passive attacks such as eavesdropping, whether the data is being transmitted, in memory, or being stored. To provide Confidentiality,data encryption algorithms using special secrets for securing data are used along with Authenticationand Authorizationmechanisms for accessing that secret.
Receivers receive the same information that the original sender sent, without the data being changed during transmission.
Repudiationis the rejection or denial of something as valid or true. Non-Repudiationis assuring that something that actually occurred cannot be claimed as having not occurred. A security service that provides this protection can be one of two types:
- One in which the recipient of the data gets and stores information proving that the data came from the originator. This blocks the originator from claiming they never sent the data.
- One in which the sender of the data gets confirmation that the data was received by the recipient as intended.
Actions taken by a system must be recorded in order to provide evidence to stakeholders:
- that this system works as intended (successful actions are tracked).
- that identify the initiator of certain actions (user activity is tracked).
- that attempts to compromise the system were denied (unsuccessful actions are tracked).
Availabilityis impaired when the execution of software that needs to run is turned off or when the software or communication system is overwhelmed by processing input. Impaired Availabilityin OPC UA can appear as slowing down of Subscriptionperformance or the inability to add Sessions for example.