Why ModBus firewall is important in cyber security?

Modbus is the most widely used communication protocol in automation.

Started as a serial protocol (RS-232,Rs-485) and migrated to ethernet (Modbus TCP,Modbus UDP).

Modbus slaves present a set of coil (binary on/off values) and registers (numeric values) that may be read and changed over network.

Modbus commands are called ‘function codes’

Function Code 1 - read coil Function code 3 - read multiple registers Function code 16 - write multiple registers

Many controller use proprietary modbus function codes for maintenance and diagnostic.

Why Modbus Firewall is required?

Modbus has no authentication.Any computer that can ping a PLC can issue any modbus command to it.

Reading certain modbus register may divulge sensitive process information.

Writing the wrong register or coil coil have catastrophic impact on the process.

Issuing a maintenance or diagnostic command could reset or re-program PLC.

Malformed or invalid modbus commands can cause some controller to crash

The Modbus port (generally 502) should remain on the local network. If open to public be sure of what you are doing and that there is at least an IP filtering in the configuration. The future is IO board with XML over HTTP(S) and some producent are making decent model (for example Eko, Advantech, ControlByWeb). Some PLC have internal webserver which can be configured to provide XMP over HTTP.