Rohde & Schwarz Cybersecurity secures Modbus in the IIoT
SCADA, CIS, ICS and similar Modbus protocol communication based industrial systems are, R&S observes, becoming more vulnerable wih increasing connection to the Internet. The protocol lacks built-in security measures, which allows cybercriminals to exploit industrial systems and networks and take full control of critical infrastructure. Rohde & Schwarz Cybersecurity (Leipzig, Germany) is offering a critical IT security solution for secure Modbus protocol communication that protects the Industrial Internet of Things (IIoT) against cyberattacks and espionage.
Modbus protocol detection and extraction capabilities are provided by the “R&S PACE 2” deep packet inspection (DPI) engine. The DPI engine delivers Modbus content and metadata extraction and enables IT security equipment vendors to gain full visibility of Modbus protocol communication in order to detect vulnerabilities and provide protection for the IIoT.
Modbus is an application layer protocol that provides a client/server communication between devices connected on different types of buses or networks. For instance, supervisory control and data acquisition (SCADA) systems or industrial control systems (ICS) measure temperature and humidity and communicate the results to a computer with the help of Modbus protocol.
Because Modbus-based industrial systems were designed for isolated environments, their development centres on reliability, availability, and speed, rather than on security. The Modbus protocol is lacking common security mechanisms such as authentication, confidentiality and integrity. This makes it inherently insecure and vulnerable to attacks.
With the new Modbus content and metadata extraction functionality, vendors of security products, such as firewalls or gateways, gain granular visibility and control of the Modbus protocol communication. This enables them to detect threats in the SCADA or ICS environment and enhance their IT security solutions by adding a further layer of security in their products.
“Firewall vendors can embed the deep packet inspection engine in their protection products to inspect the content contained in the industrial protocol communication,” says Dirk Czepluch, VP of the business units Network Analytics and Network Protection at Rohde & Schwarz Cybersecurity. “The Modbus content and metadata extraction functionality enables them to apply more detailed rules, filters on individual fields and values that matter to IT administrators using such firewalls,” adds Czepluch. “They can now control who can communicate with the device, what communication is allowed and provide protection against malicious commands.”
Rohde & Schwarz; https://ipoque.com/solutions/ and www.rohde-schwarz.com
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
