What is HTTPS?
HTTPS stands for HyperText Transfer Protocol Secure and is the encrypted version of HTTP, the standard protocol for communication between a web browser and a web server. HTTPS uses TLS (Transport Layer Security) to send data confidentially, with integrity and securely.
In OT environments, HTTPS is used for secure access to device web interfaces, such as Switches, PLCs, HMIs or Historian servers.
🧠 How does HTTPS work?
- TLS handshake
- Client and server exchange certificates
- A secure session is established
- Encryption
- All data between client and server is encrypted
- Server authentication
- Via a valid X.509 certificate
- Integrity verification
- Prevents tampering during transit
HTTPS protects against eavesdropping (sniffing), spoofing and man-in-the-middle attacks.
🏭 HTTPS in industrial networks
-
Secure web access to:
-
SCADA portals
-
Industrial Ethernet switches
-
Remote IO configurations
-
Firewall management interfaces
-
HMI via web client
-
Firmware and configuration updates via secured web portals
-
External access via VPN in combination with HTTPS
Many OT devices only support outdated TLS versions or self-signed certificates – be aware of this when implementing.
🔍 HTTPS vs. HTTP
| Feature | HTTP | HTTPS |
|---|---|---|
| Encrypted? | No | Yes, via TLS |
| Port number | 80 | 443 |
| Secure? | Not safe for sensitive data | Suitable for secure communication |
| Use in OT | Not recommended | Standard for web interfaces and APIs |
🔐 Security aspects
- The TLS version must be up-to-date (e.g. TLS 1.2 or 1.3)
- Use valid certificates from an internal or external CA
- Apply certificate pinning and strict Access Control for sensitive web interfaces
- Mandatory in many compliance frameworks: IEC 62443, ISO 27001, NIS2
- Combine with MFA for additional security on remote logins
Secure HTTPS access is essential for the management of modern OT equipment, particularly for remote or cloud integrations.
📌 In summary
HTTPS encrypts communication with industrial devices and systems, and protects against eavesdropping and manipulation. It is the standard for secure web-based access in OT networks and must be configured and maintained correctly.