Cybersecurity software solution
20 January 2019
Mocana, a provider of device security solutions for IoT and industrial control systems (ICS), has announced the integration of Mocana TrustPoint, its embedded cybersecurity software, with Unified Automation’s High Performance OPC Unified Architecture (UA) Software Development Kit (SDK).
This integration enables manufacturers and operators to easily replace OpenSSL, an open source crypto library, with Mocana’s cybersecurity software solution that is FIPS 140-2 validated and compliant with leading industrial cybersecurity standards.
“Mocana’s embedded cybersecurity solutions are used by the largest industrial companies for mission critical systems,” said Uwe Steinkrauss, executive director at Unified Automation. “We’re committed to partnering with Mocana to provide the OPC UA community with solutions that are secure and compliant with industry standards.”
OPC UA is an open machine-to-machine communication platform for industrial automation developed by the OPC Foundation. The OPC UA standard enables ICS devices across multiple platforms to communicate using a services-oriented architecture (SOA), including enhanced publish / subscribe capabilities. The standard is broadly used across many industries including pharmaceutical, oil and gas, building automation, industrial robotics, security, manufacturing, process control, and transportation.
Unified Automation develops several OPC UA software development kits for C++, .NET, and ANSI C. Its High Performance (HP) OPC UA Server SDK was designed to support OPC UA in the smallest, most resource-constrained devices, such as IoT devices. The HP SDK is said to improve the performance, scalability, and security of OPC UA and enables servers to handle thousands of connections in parallel.
Many OPC UA SDKs have been designed to use OpenSSL, open source security software, to handle security functions such as authentication and encryption. Mocana says that, in addition to a large footprint that hinders implementation on the smallest embedded devices, OpenSSL has been shown to have a hard to maintain complex code base, and slow vulnerability remediation times. Additionally, Mocana says the latest NIST 140-2 standards cannot be met by the current version of OpenSSL.
Mocana’s integration with Unified Automation’s OPC UA SDKs makes it easy to replace OpenSSL with Mocana’s FIPS 140-2 validated cryptographic engine and comprehensive device security lifecycle management platform. Mocana provides an OpenSSL Connector, a shim that transparently intercepts the device application’s OpenSSL API calls, changes the arguments, and passes them onto Mocana’s cryptographic engine without requiring any application code changes.
“Unified Automation has deep expertise with OPC UA and was instrumental in developing the OPC UA stacks, in particular the ANSI C stack,” said Srinivas Kumar, vice president of engineering at Mocana (pictured). “We are committed to making it easy to enable the highest level of security and device integrity for OPC UA-enabled industrial devices.”
Mocana’s device security solution facilitates compliance with cybersecurity standards, such as the NIST FIPS 140-2, IEC 62443, NIST 800-63, and CIP-007. Mocana and Unified Automation are members of the OPC Foundation.