Assessing the impact of attacks on OPC-UA applications in the Industry 4.0 era

Abstract

The advent of the Internet of Things (IoT) is leading to create “System-of-Systems”, where disparate information systems, sensors, devices, people and software solutions are used altogether. Industrial companies tend to apply the same concept for gaining in productivity. Several consortia, such as the German initiative Industrie 4.0, recommend to use the OPCUA framework to manage interoperability issues. Associate to the convergence of the Operational Technology (OT) and the Information Technology (IT) domains, it may lead to create a new attack surface, that needs to be apprehended. The contribution is therefore to identify, based on the specifications, the threats and countermeasures that may occur/be applied when using OPC-UA in an Industry 4.0 environment and to highlight the impact of the eavesdropping and message flooding attacks on an OPC-UA application implemented on a real testbed.