Secure and Interoperable Automation Systems: Exploring the O-PAS? Standard's Security Approach

This article is the excerpt from the whitepaper published by The Open Group Open Process Automation? Forum

Boundaryless Information Flow achieved through global interoperability in a secure, reliable, and timely manner.

Despite the fact that numerous automation providers have embraced industry security standards and best practices, a significant number of automation systems currently lack the ability to provide robust security for operations, equipment assets, and other capital investments.

This document outlines the Open Process Automation? Forum's strategy for security within the O-PAS? Standard, encompassing the roles of suppliers, system integrators, and end users in the security architecture of the components.

Compliance with the O-PAS Standard, created by the Open Process Automation? Forum (OPAF), guarantees that upcoming automation systems will attain interoperability and simultaneously offer a secure-by-design approach for innovation and system migrations.

Security Vision

Security serves as a fundamental quality attribute, and the Forum envisions automation to be secure-by-design and grounded in standards.

Addressing current known cybersecurity threats is crucial, but given the open, interconnected, and multi-vendor nature of future control systems, security features must be integrated from the outset (secure-by-design).

A dependable, trustworthy, and lifecycle-oriented product certification for components is essential for demonstrating adherence to secure-by-design principles. System owners expect that a control system constructed using O-PAS compliant components should be designed from the beginning with the consideration of ever-changing security threats.

How Does the Forum Address Security?

There is a worry that open systems can make your system less secure. However, understanding what the Forum means by "open architecture" can help ease this concern. Open architecture doesn't mean open source; it is about standardizing how different parts connect and share data to improve compatibility and working together over time. Standardizing doesn't mean less security. In fact, the O-PAS Standard actually lowers the initial risk by using secure-by-design components with better security requirements than what is common today.

Aligning with a Trusted Standard – ANSI/ISA 62443 Series

The Forum has chosen to use the ANSI/ISA 62443 series of standards not only because of its comprehensive OT-specific requirements, but also because of its wide user adoption.

The O-PAS Standard defines the functional interfaces that components must demonstrate to build an open and heterogeneous multi-vendor control system; thus, the parts of the ANSI/ISA 62443 series intended for product suppliers are most relevant for O-PAS products. IEC 62443-4-2 correlates to the technical security requirements for IACS components.

Security is More than a Product: Users have Responsibilities

Good security requires more than purchasing secure products. Proper system level security planning involves a full system risk assessment and design with the appropriate security controls.

While O-PAS components must conform at a minimum to the IEC 62443-4-2 SL2 requirements, end users are responsible for determining the risk level and security controls for their system.

The security controls should be based on evaluating the attack surface and determining which supporting security technologies, such as centralized access management and certificate management, should be used with O-PAS components.

System security is only as strong as the weakest link and is built with layers of defense. This requires appropriate technologies, processes, and trained people. The end user is responsible for establishing security expectations for the integrators and product suppliers based on the end user’s risk posture.

Products that conform to the O-PAS Standard must conform to the requirements specified in the O-PAS Standard. This includes conformance to security requirements defined in O-PAS Part 2, which in turn align with IEC 62443-4-2 SL2.

The Forum chose SL2 as the baseline security level for the O-PAS Standard because it addresses security threats beyond casual violations, and because if certain requirements are not specified as they are within SL2, interoperability may be lost with only SL1 baseline capabilities.

What is the Future Security Vision for the O-PAS Standard?

With industrial control systems, the work to secure the systems must evolve and adapt to the changing nature of threats as newer technological innovations such as cloud and containerization become common. The security requirements must be re-evaluated as the standard evolves and matures. With the standards-based architecture of the O-PAS Standard and the security standards of the ANSI/ISA 62443 series, owners, system integrators, and vendors can have a common understanding of the framework and language around security and realize the full benefits of standards-based secure-by-design principles.

Security is not a destination, but a journey.

Aligning with a standard allows us to incorporate improvements and innovations to serve the customer needs.