New OSA® Advancements from Bedrock Automation Protect Legacy Systems, Support MQTT, and Enable Role Based Access Control (RBAC)

Canton, Massachusetts, UNITED STATES

SAN JOSE, Calif., Feb. 04, 2019 (GLOBE NEWSWIRE) -- Bedrock Automation, the world leader in Open Secure Automation (OSA®), has announced new offerings that extend intrinsic security to legacy automation, support secure MQTT messaging, and enable Role Based Access Control (RBAC) across the Bedrock OSA platform. At the 2019 ARC Industry Forum, Bedrock Automation is demonstrating the following new OSA offerings:

  • Bedrock OSA® Proxy, a unique solution that brings advanced cyber security, protocol conversion, and data concentration to the edge, all in one industrial appliance.
  • Integrated Cirrus Link Sparkplug B protocol support, which empowers companies to easily build a secure MQTT infrastructure.
  • Availability of Cybershield 4.0 firmware, which enables RBAC and multi-factor authentication.

“Last year we extended cyber security protection from the OT layer — where it must begin — to the SCADA network by authenticating and encrypting OPC UA. Today, we are announcing a secure gateway that uniquely blends OT & IT technologies to protect legacy automation system networks. We are also announcing Cybershield 4.0 firmware, which Includes RBAC and multi-factor authentication,” said Bedrock founder and CEO Albert Rooyakkers.

All Bedrock solutions are built on Public Key Infrastructure (PKI) functionality designed into its computing core using sealed all-metal anti-tamper construction. The crypto keys in the Bedrock root of trust are authenticated by Bedrock’s certificate authority (CA) and use advanced signing and encryption technologies like those used by secure military, aerospace and online financial transaction systems.  

Advanced security solution that understands industrial protocols

The Bedrock OSA Proxy is an automation-savvy firewall-type system. This unique approach to cyber defense allows customers to secure legacy devices behind the Bedrock root of trust. Unlike conventional firewalls, in addition to the embedded Bedrock PKI, the OSA Proxy also connects to industrial protocols such as Modbus, Ethernet IP, and Common Industrial Protocol (CIP), then translates the legacy protocols in real time to open and secure communications standards including OPC UA and MQTT. Built-in anomaly detection monitors all traffic across the control network. A 64-bit, quad core processor provides a modern computing platform for advanced cyber analytics and end user applications. These features enable the OSA Proxy to provide cyber defense for a legacy control network at minimal cost and complexity and avoids rip and replace.

More security at the edge through MQTT

Bedrock Automation is releasing a secure implementation of the Cirrus Link Sparkplug B protocol. The Sparkplug specification defines how Edge of Network (EoN) gateways or native MQTT-enabled end devices, and MQTT Applications communicate bi-directionally within an MQTT Infrastructure, including support for complex data types, datasets, lower bandwidth requirements, and access to historical data. The Bedrock Sparkplug B implementation is the only MQTT authentication and encryption agent providing a secure root of trust built on an intrinsically secure control platform.

Managing user access with RBAC

Bedrock Automation is also announcing Cybershield 4.0, with RBAC and multi-factor authentication. Bedrock’s RBAC enables unlimited granularity and specificity within a Bedrock system, allowing restrictions by function, command, or controller. Bedrock users can choose between pre-defined role definitions or create custom roles and privileges. This significantly improves the security posture of an industrial control system.

Multi-factor authentication allows user access only after successfully presenting divergent identity information, such as a password or pin, and a physical component such as a smart card or fingerprint. This reduces risk of stolen credentials through common threat vectors like phishing/spoofing. The Bedrock OSA platform works with commercially available multi-factor authentication technologies that empower users to choose the security solution that is right for them.


The OSA Proxy solution is targeted for summer 2019, and while Bedrock already offers advanced connectivity solutions to legacy devices, the release of the OSA Proxy solution will provide even greater defense in depth at all levels of the network. MQTT Sparkplug B support is available in all new projects beginning in March 2019.

Cybershield 4.0 will be standard on all Bedrock OSA control systems starting in Q2 of 2019 and will be made available to current Bedrock users as a free upgrade.

About Bedrock Automation
Bedrock Automation, based in San Jose, California, has developed the world’s most powerful and cyber secure automation platform. This Silicon Valley company has assembled the latest technologies and talents from the automation, cyber security and semiconductor industries to build unprecedented automation solutions for industrial control and power based on three prime directives: simplicity, scalability and security. The result is an award winning new platform of automation called Open Secure Automation, OSA®, with a revolutionary architecture and deeply embedded ICS cyber security to deliver the highest levels of system performance, cyber security and reliability at the lowest lifecycle cost.  Build on Bedrock®!

For more information, contact Bedrock Automation at +1-781-821-0280, send an email to, or visit

Media Contacts:
John Nero - Tiziani Whitmyre,; 781-793-9380. 
Robert Bergman - Bedrock Automation,; 626-824-0404.

A photo accompanying this announcement is available at

Bedrock OSA Proxy connects to industrial protocols such as Modbus and Ethernet IP and converts them to communication standards like OPC UA and MQTT