In-factory industrial control networks based on the Modbus comms protocols become much more vulnerable due to their increasing connection to the Internet.
The protocol lacks built-in security measures, which makes it easy for cybercriminals to exploit industrial systems and networks and take full control of critical infrastructure.
Rohde & Schwarz Cybersecurity says it can offer Modbus protocol detection and extraction capabilities provided by what the firm calls a deep packet inspection (DPI) engine.
Called PACE 2, the DPI engine provides content and metadata extraction and gives IT security equipment users visibility of Modbus protocol communication in order to detect vulnerabilities and provide protection for the IIoT.
The Modbus content and metadata extraction tool can be used by vendors of security products, such as firewalls or gateways, gain granular visibility and control of the Modbus protocol communication. This enables them to detect threats in the SCADA or ICS environment.
Modbus is an application layer protocol that provides a client/server communication between devices connected on different types of buses or networks.
For instance, supervisory control and data acquisition (SCADA) systems or industrial control systems (ICS) measure temperature and humidity and communicate the results to a computer with the help of Modbus protocol.
Because Modbus-based industrial systems were designed for isolated environments, they can lack security features now common to IT protocols. This means it can lack security mechanisms such as authentication, confidentiality and integrity. This makes it inherently insecure and vulnerable to attacks.
Industrial networks using Modbus protocols can include electricity power grid, transportation and water systems.
“Firewall vendors can embed the deep packet inspection engine in their protection products to inspect the content contained in the industrial protocol communication,” said Dirk Czepluch, a vice-president at Rohde & Schwarz Cybersecurity.
Czepluch says this means they can now control who can communicate with the device, what communication is allowed and provide protection against malicious commands.