Security for Industrie 4.0
Seamless, secure data exchange for the integration of production and management levels
Data exchange in Industrie 4.0 applications
Data exchange is an important issue to look at when integrating the production (operational technology, OT) and management (information technology, IT) levels. This is due to the large number of variables and non-standardized interfaces, as well as the need to support access privileges and specific security requirements. Although OPC UA has now established itself as a standard technology for achieving these goals, the devil is in the details when it comes to implementing successful Industrie 4.0 applications.
Interface abstraction, data aggregation and security
The dataFEED Secure Integration Server product from Softing Industrial works as an abstract interface between the worlds of OT and IT, offering users a set of key functionalities for efficient data exchange in a single component. In its role as an aggregating server, this middleware makes use of OPC UA’s address space modeling, especially for interface abstraction and data aggregation. In the process, this interface abstraction handles changes or extensions within one domain (OT/IT) without any modifications then being needed in the other. Advantages here include the ease with which new IT applications can be integrated into the overall solution, to exploit short innovation cycles in IT or make targeted changes to the production environment. With data aggregation, data from multiple sources can be consolidated on a single OPC UA server, so the IT application now only needs to access this one server. This simplification to the communications infrastructure cuts configuration effort for users.
Another key feature of the dataFEED Secure Integration Server is its in-built security model, with filters available to restrict the address space for individual OPC UA client applications plus definable access types. Apart from full implementation of OPC UA security functions, whitelists and blacklists can also be defined to control data access from specific IP addresses, and detection of Denial of Service (DoS) attacks targeting OPC UA authentication is also included.
Direct benefits for customers
Whether customers are retaining existing setups or are planning a new plant installation, deciding to deploy the dataFEED Secure Integration Server offers a significant set of advantages when running Industrie 4.0 applications. In one recent example, integrating 1.5 million variables into an overall system was the challenge faced by a leading provider of power station process control systems. However, accessing such a large number of variables is a major stumbling-block for many OPC UA clients. Because of this, the power station application instead chose to use the variable filtering option to achieve targeted variable access restrictions for individual OPC UA clients. In addition, only read access is granted to the individually configured variables. This prevents the unauthorized overwriting of assigned data values.
A major automotive parts supplier likewise chose dataFEED Secure Integration Server specifically to handle variable aggregation and filtering from multiple, heterogeneous OPC UA servers, giving the OPC UA clients a standard, harmonized interface for accessing all variables. In this case, the customer’s need to implement a state-of-the-art security standard was another key reason for choosing this solution.