Common ICS Protocols and Risks
Modbus, DNP3 and their weaknesses.
Why Protocols Matter
Industrial protocols are the language controllers, SCADA, and field devices use to exchange data and commands. Most were designed for isolated, trusted networks and therefore lack the authentication and encryption we expect in IT.
Understanding their weaknesses tells you exactly what an attacker on the OT network could do, and what compensating controls are needed.
Modbus
Modbus is one of the oldest and most widespread industrial protocols, simple and easy to implement. Modbus/TCP carries it over Ethernet.
- A master reads and writes registers/coils on slave devices
- No authentication: any device that can reach a slave can command it
- No encryption: traffic is plaintext and easy to read or forge
- No integrity checks against a malicious sender
An attacker on the segment can simply write a coil to actuate equipment.
# a Modbus function code 5 writes a single coil (e.g. open/close a relay)
# request fields are minimal: address, function, data, CRC
# nothing in the protocol proves WHO sent itAll lessons in this course
- Industrial Control Systems Basics
- OT vs IT Security Differences
- Common ICS Protocols and Risks
- Securing Critical Infrastructure