Biblio

Modbus is a popular industrial communication protocol supported by most automation devices. Despite its popularity, it is not a secure protocol because when it was developed, security was not a concern due to closed environments of industrial control systems. With the convergence of information technology and operational technology in recent years, the security of industrial control systems has become a serious concern. Due to the high availability requirements, it is not practical or feasible to do security experimentation of production systems. We present an implementation of cyber-physical systems with Modbus/TCP communication for real-time security testing. The proposed architecture consists of a process simulator, an IEC 61131-3 compliant programmable logic controller, and a human-machine interface, all communicating via Modbus/TCP protocol. We use Simulink as the process simulator. It does not have built-in support for the Modbus protocol. A contribution of the proposed work is to extend the functionality of Simulink with a custom block to enable Modbus communication. We use two case studies to demonstrate the utility of the cyber-physical system architecture. We can model complex industrial processes with this architecture, can launch cyber-attacks, and develop protection mechanisms.

This article is focused on industrial networks and their security. An industrial network typically works with older devices that do not provide security at the level of today's requirements. Even protocols often do not support security at a sufficient level. It is necessary to deal with these security issues due to digitization. It is therefore required to provide other techniques that will help with security. For this reason, it is possible to deploy additional elements that will provide additional security and ensure the monitoring of the network, such as the Intrusion Detection System. These systems recognize identified signatures and anomalies. Methods of detecting security incidents by detecting anomalies in network traffic are described. The proposed methods are focused on detecting DoS attacks in the industrial Modbus protocol and operations performed outside the standard interval in the Distributed Network Protocol 3. The functionality of the performed methods is tested in the IDS system Zeek.

Industrial Control Systems (ICSs) are widely used in critical infrastructure around the world to provide services that sustain peoples' livelihoods and economic operations. However, compared with the critical infrastructure, the security of the ICS itself is still insufficient, and there will be a degree of damage, if it is attacked or invaded. In the past, an ICS was designed to operate in a traditional closed network, so the industrial equipment and transmission protocol lacked security verification. In addition, an ICS has high availability requirements, so that its equipment is rarely replaced and upgraded. Although many scholars have proposed the defense mechanism that is applicable to ICS in the past, there is still a lack of tested means to verify these defense technologies. The purpose of this study is to analyze the security of a system using the Modbus transmission protocol in an ICS, to establish a modular security test system based on four types of attacks that have been identified in the past literature, namely, a detection attack, a command injection attack, a response injection attack and a denial of service, to implement the attack results and to display the process in the virtual environment of Conpot and Rapid SCADA, and finally, to adopt the ICS security standards mentioned by previous scholars, namely, confidentiality, integrity and availability, as the performance evaluation criteria of this study.