Create a free Manufacturing.net account to continue

GE Is First To Implement New OPC UA Standards: Q&A With Matt Wells

Matt Wells provided insight into why GE decided to embrace the new OPC UA standards.

Mnet 45751 Matt Wells 1

In May, GE announced that it is the first to implement a Global Discovery Server (GDS) based on the OPC UA standards. The GDS enhances the Industrial Internet technology employed across several GE businesses and enables better connectivity across devices and equipment. I had the chance to speak with Matt Wells, General Manager of Automation Software, GE Intelligent Platforms Software about GE’s feat. He provided insight into why GE decided to embrace the new OPC UA standards.

Bridget Bergin (BB): Tell me a bit about the OPC UA standards.

Matt Wells (MW): Standards like OPC UA come into play because there are a bunch of different vendors for various types of controllers, and each of these vendors has created their own protocol for how to talk to their controller. A bunch of people realized the challenge this presents and formed the Open Process Control Foundation to create a standard protocol for how machines and software systems could talk to each other in the same language.

The first version of the OPC protocol was just about transmitting data and alarms, and it evolved from there. OPC UA carried forth the previous work and added in the idea that you could apply a structure of the data you were bringing up, and it enhanced the security of the protocol by adding in certificate-level encryption of the communications between an OPC server and an OPC client.

At GE, we embrace OPC UA as a core protocol for all of our automation systems. We’ve made a decision to replace our own custom protocols with OPC UA. We started the journey, and now when we ship controllers, they come with an on-board OPC UA server that can be the protocol. We can use the standard protocol to talk to our own controllers and other controllers that might exist from other vendors.

The OPC Foundation recognized there were challenges in managing these systems, so they added a new part to the OPC specification called the Global Discovery Server. It acts as a local mainspace so the clients and servers can register themselves with the GDS. It also acts as the certificate store so that when clients and servers come onto the network, they can request who they talk to and receive a relevant certificate for a secure communication.

GE is really proud that we’re the first company to do a software implementation of this new part. We’ve also created a piece of software called the GDS agent, which is a small proxy that you can install beside the existing UA servers and clients that can facilitate action with the GDS.

BB: What about security?

MW: When you think about how a typical manufacturing plant network is designed, you often have a control network that is segmented from the plant-level network that is segmented from the enterprise network, which is segmented off the Internet itself. Many of the protocols used at the control network layer aren’t secure by design.  

The importance of security has continued to evolve. What we see out there today is that a lot more hackers are interested in the lower-level systems that exist within utilities or manufacturing, whereas 10 years ago, they were interested in consumer applications. A lot of the protocols put in place today don’t have the right level of security inherent in the design.

As we look to the future, we need to look more to enhancing the security of these systems from top to bottom. The key part of that is to use protocols that are secure-by-design. Using asymmetric certificates and encrypting communication makes it much harder for people to be able to get on the network.

We’re looking for more and more people to plug in. Many people in the industrial space view their control network as safe because they literally unplug them from everything else. That isn’t the level of protection that people thought it was, and they can’t see the full value of their system. We need to ensure that the solutions we’re offering them have the right level of security.

BB: GE is the first. Do you think this will catch on?

MW: We’re working tightly with the OPC Foundation, and this is an initiative at the corporate level for GE. I think that OPC UA is very popular in Europe, and there isn’t much question in Europe about the value of OPC UA. In North America, most if not all vendors support the old OPC UA technologies, and so it is really only a matter of time before the work we’ve done becomes widely adopted.

We’re excited to be leading the charge because we recognize the value of the technology and we want to be at the forefront of making sure that it’s widely adopted.

More in Operations