oSIST prEN IEC 62541-2:2024

SLOVENSKI STANDARD
01-marec-2024
Enotna arhitektura OPC - 2. del: Varnostni model
OPC unified architecture - Part 2: Security model
Ta slovenski standard je istoveten z: prEN IEC 62541-2:2024
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

65E/1040/CDV
COMMITTEE DRAFT FOR VOTE (CDV)
PROJECT NUMBER:
IEC 62541-2 ED1
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2024-01-26 2024-04-19
SUPERSEDES DOCUMENTS:
65E/950/NP, 65E/1010/RVN
IEC SC 65E : DEVICES AND INTEGRATION IN ENTERPRISE SYSTEMS
SECRETARIAT: SECRETARY:
United States of America Mr Donald (Bob) Lattimer
OF INTEREST TO THE FOLLOWING COMMITTEES: PROPOSED HORIZONTAL STANDARD:

Other TC/SCs are requested to indicate their interest, if any,
in this CDV to the secretary.
FUNCTIONS CONCERNED:
EMC ENVIRONMENT QUALITY ASSURANCE SAFETY
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of
CENELEC, is drawn to the fact that this Committee Draft for
Vote (CDV) is submitted for parallel voting.
The CENELEC members are invited to vote through the
CENELEC online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which
they are aware and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some Countries”
clauses to be included should this proposal proceed. Recipients are reminded that the CDV stage is the final stage for
submitting ISC clauses. (SEE AC/22/2007 OR NEW GUIDANCE DOC).

TITLE:
OPC Unified Architecture – Part 2: Security Model

PROPOSED STABILITY DATE: 2026
NOTE FROM TC/SC OFFICERS:
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.

1 CONTENTS
2 Page
4 1 Scope . 1
5 2 Normative References . 1
6 3 Terms, definitions, and abbreviations . 2
7 3.1 Terms and definitions . 2
8 3.2 Abbreviations . 7
9 3.3 Conventions for security model figures. 7
10 4 OPC UA security architecture . 7
11 4.1 OPC UA security environment . 7
12 4.2 Security objectives . 8
13 4.2.1 Overview . 8
14 4.2.2 Authentication . 8
15 4.2.3 Authorization . 9
16 4.2.4 Confidentiality . 9
17 4.2.5 Integrity . 9
18 4.2.6 Non- Repudiation . 9
19 4.2.7 Auditability . 9
20 4.2.8 Availability . 9
21 4.3 Security threats to OPC UA systems . 9
22 4.3.1 Overview . 9
23 4.3.2 Denial of Service . 9
24 4.3.3 Eavesdropping . 10
25 4.3.4 Message spoofing . 11
26 4.3.5 Message alteration . 11
27 4.3.6 Message replay . 11
28 4.3.7 Malformed Messages . 11
29 4.3.8 Server profiling . 11
30 4.3.9 Session hijacking . 12
31 4.3.10 Rogue Server . 12
32 4.3.11 Rogue Publisher . 12
33 4.3.12 Compromising user credentials . 12
34 4.3.13 Repudiation . 12
35 4.4 OPC UA relationship to site security . 12
36 4.5 OPC UA security architecture . 13
37 4.5.1 Overview . 13
38 4.5.2 Client / Server . 14
39 4.5.3 Publish-Subscribe . 15
40 4.6 SecurityPolicies . 16
41 4.7 Security Profiles . 16
42 4.8 Security Mode Settings . 17
43 4.9 User Authentication . 17
44 4.10 Application Authentication . 17
45 4.11 User Authorization . 17
46 4.12 Roles . 18
47 4.13 OPC UA security related Services . 18
48 4.14 Auditing . 19
49 4.14.1 General . 19
50 4.14.2 Single Client and Server . 20

IEC CDV 62541-2 © IEC 2023 ii
51 4.14.3 Aggregating Server . 20
52 4.14.4 Aggregation through a non-auditing Server . 21
53 4.14.5 Aggregating Server with service distribution . 22
54 5 Security reconciliation . 23
55 5.1 Reconciliation of threats with OPC UA security mechanisms . 23
56 5.1.1 Overview . 23
57 5.1.2 Denial of Service . 23
58 5.1.3 Eavesdropping . 24
59 5.1.4 Message spoofing . 24
60 5.1.5 Message alteration . 25
61 5.1.6 Message replay . 25
62 5.1.7 Malformed Messages . 25
63 5.1.8 Server profiling . 25
64 5.1.9 Session hijacking . 25
65 5.1.10 Rogue Server or Publisher . 25
66 5.1.11 Compromising user credentials . 26
67 5.1.12 Repudiation . 26
68 5.2 Reconciliation of objectives with OPC UA security mechanisms . 26
69 5.2.1 Overview . 26
70 5.2.2 Application Authentication . 26
71 5.2.3 User Authentication . 26
72 5.2.4 Authorization . 26
73 5.2.5 Confidentiality . 27
74 5.2.6 Integrity . 27
75 5.2.7 Auditability . 27
76 5.2.8 Availability . 27
77 6 Implementation and deployment considerations . 28
78 6.1 Overview. 28
79 6.2 Appropriate timeouts: . 28
80 6.3 Strict Message processing . 28
81 6.4 Random number generation . 28
82 6.5 Special and reserved packets . 29
83 6.6 Rate limiting and flow control . 29
84 6.7 Administrative access . 29
85 6.8 Cryptographic Keys . 29
86 6.9 Alarm related guidance . 29
87 6.10 Program access . 30
88 6.11 Audit event management . 30
89 6.12 OAuth2, JWT and User roles . 30
90 6.13 HTTPs, TLS & Websockets . 30
91 6.14 Reverse Connect . 31
92 6.15 Passwords . 31
93 6.16 Additional Security considerations . 31
94 7 Unsecured Services . 31
95 7.1 Overview. 31
96 7.2 Multi Cast Discovery . 31
97 7.3 Global Discovery Server Security . 32
98 7.3.1 Overview . 32
99 7.3.2 Rogue GDS . 32

iii IEC CDV 62541-2 © IEC 2023

100 7.3.3 Threats against a GDS . 32
101 7.3.4 Certificate management threats.
...