OPC UA
What is OPC UA?
OPC UAOPC Unified Architecture, a service-oriented industrial protocol with built-in authentication and encryption used to exchange semantic data across OT and IT systems.
OPC UA (Unified Architecture, IEC 62541) is the modern successor of classic OPC and the dominant secure interoperability standard in industrial automation. It exposes a semantic, object-oriented information model and supports both client-server and pub-sub interactions over TCP, HTTPS, or MQTT, making it suitable for everything from field-level devices to cloud analytics. Unlike Modbus or DNP3, OPC UA includes X.509 certificate-based authentication, role-based authorization, message signing, and AES encryption by default. Misconfigurations remain a risk: anonymous endpoints, weak certificate validation, exposed discovery services, and outdated stacks have been exploited in penetration tests and real attacks, so secure deployment requires a strong PKI and explicit security policies.
● Examples
- 01
An MES querying tag values from PLCs through an OPC UA server using signed and encrypted sessions.
- 02
A cloud analytics platform receiving production data over OPC UA pub-sub via MQTT.
● Frequently asked questions
What is OPC UA?
OPC Unified Architecture, a service-oriented industrial protocol with built-in authentication and encryption used to exchange semantic data across OT and IT systems. It belongs to the OT / ICS / IoT category of cybersecurity.
What does OPC UA mean?
OPC Unified Architecture, a service-oriented industrial protocol with built-in authentication and encryption used to exchange semantic data across OT and IT systems.
How does OPC UA work?
OPC UA (Unified Architecture, IEC 62541) is the modern successor of classic OPC and the dominant secure interoperability standard in industrial automation. It exposes a semantic, object-oriented information model and supports both client-server and pub-sub interactions over TCP, HTTPS, or MQTT, making it suitable for everything from field-level devices to cloud analytics. Unlike Modbus or DNP3, OPC UA includes X.509 certificate-based authentication, role-based authorization, message signing, and AES encryption by default. Misconfigurations remain a risk: anonymous endpoints, weak certificate validation, exposed discovery services, and outdated stacks have been exploited in penetration tests and real attacks, so secure deployment requires a strong PKI and explicit security policies.
How do you defend against OPC UA?
Defences for OPC UA typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for OPC UA?
Common alternative names include: OPC Unified Architecture, IEC 62541.
● Related terms
- ot-iot№ 702
Modbus
A simple, openly documented industrial protocol for polling registers and coils on PLCs, RTUs, and field devices, available over serial (RTU/ASCII) and TCP.
- ot-iot№ 334
DNP3
Distributed Network Protocol 3, an event-driven ICS protocol used in electric utilities, water, and oil & gas to communicate between SCADA masters and remote outstations.
- ot-iot№ 863
PROFINET
An industrial Ethernet protocol standardized by PROFIBUS & PROFINET International for real-time communication between PLCs, drives, and field devices.
- ot-iot№ 529
Industrial Control System (ICS)
An umbrella term for systems that automate and supervise industrial processes, including SCADA, DCS, PLCs, RTUs, and safety controllers.
- ot-iot№ 513
IEC 62443
The IEC family of standards for the cybersecurity of industrial automation and control systems, addressing asset owners, integrators, and product suppliers.
- ot-iot№ 762
Operational Technology (OT)
Hardware and software that monitor and control physical processes, devices, and infrastructure such as factories, power plants, and utilities.