What is HTTP?
HTTP stands for HyperText Transfer Protocol and is an application protocol used for data exchange between clients and servers, typically within web browsers. It is the foundation of the web, but is also widely used in industrial environments.
In OT networks, HTTP is often used for access to device web interfaces of PLCs, Switches, Drives and HMIs for configuration, diagnostics and Logging.
🧠 How does HTTP work?
- A client (e.g. browser) sends a request to a web server via port 80
- The server returns a response containing HTML, JSON, XML or other data
- HTTP uses TCP as the transport-layer protocol (typically over IP)
- The protocol supports methods such as:
GET– retrieve dataPOST– submit dataPUT,DELETE– update/delete (less common in OT)
- Modern applications often use REST APIs over HTTP for communication with industrial systems
HTTP is a stateless protocol, meaning every request is independent of previous requests.
🏭 Application of HTTP in industrial networks
- Web-based configuration of network components such as Routers, Firewalls and Switches
- Web interfaces on PLCs and IO modules for diagnostics or firmware updates
- REST API integrations between SCADA, MES, Historian and data sources
- Embedded web servers on devices for real-time status and visualisation
- Collection of process data via HTTP client connections to external systems
HTTP is often used on engineering stations and maintenance laptops within a secured OT zone.
🔍 HTTP vs. HTTPS
| Aspect | HTTP | HTTPS (HTTP Secure) |
|---|---|---|
| Port | 80 | 443 |
| Encryption | None – traffic is readable | Yes – via TLS |
| Security | Vulnerable to sniffing and spoofing | Protects against eavesdropping and manipulation |
| Use in OT | Still common on older devices | Strongly recommended for new systems |
🔐 Security aspects
- HTTP is unencrypted → risk of eavesdropping and manipulation
- Where possible, use HTTPS with TLS certificates
- Restrict HTTP access to trusted zones via Firewall, ACL and Jump Server
- Disable HTTP web interfaces by default if not required
- Log all access attempts via SIEM or Syslog
- Apply RBAC to devices with web interfaces
In OT environments, it is crucial to minimise unprotected HTTP access.
📌 In summary
HTTP is a widely used communication protocol for web interfaces and APIs in OT environments. Because it lacks security, it is essential to use HTTP only within protected Zones or to replace it with HTTPS.