The Global Discovery Server (GDS) is a special OPC UA Server that provides Discovery services for a plant or entire system. In addition, it can provide certificate management functionality (see Part 12)

There are multiple methods of accessing a GDS:

  1. Servers can register with the Discovery Server
  2. Clients can query the GDS for available Servers
  3. Clients can pull certificates from the GDS
  4. Servers can pull certificates from the GDS
  5. The GDS can push certificates to a Server
  6. The GDS can access other discovery Servers to build a list of available Servers.

Several types of threats need to be discussed with regard to the available access methods:

Threats where a rogue GDS is in a system.

Threats against the GDS, including the presence of rogue Clients or Servers

Threats against the certificate management functionality provided by a GDS.