Securing Modbus Communications: Modbus TLS and Beyond

February 12, 2021

Modbus is a communications protocol developed in 1979 by Modicon to transmit messages between industrial control and monitoring devices. Modbus is a freely available open protocol that has become an industry standard. Modbus is commonly used in factory automation and also has applications in infrastructure, transportation, security and energy.

How Does Modbus Work?

Modbus works on a client/server protocol. The control system (client) manages all communication on the bus, and any field or measuring devices (server) only transmit data when requested by the client. There are different modes of Modbus that dictate how data is sent, in what format and how many devices the client can control.

Modbus Variants

There are two Modbus modes. Modbus ASCII (American Standard Code for Information Interchange) sends data in a code that is easily read by human operators. Modbus RTU (Remote Terminal Unit) sends data in binary code and has a better throughput than ASCII because messages are more compact.

Modbus TCP/IP (Transmission Control Protocol / Internet Protocol) was created for sending RTU messages over Ethernet. With TCP/IP, the Modbus client requests information from the server. The TCP collects the data and sends it to the IP which packages the data and transmits it.

Modbus TLS (Transport Layer Security)

Modbus TLS is an additional protocol layer that adds security to communications facilitated over the internet. It is often referred to as Modbus TCP Security or Modbus TCP TLS as it is used with the TCP/IP layer.

Traditionally, Modbus protocols send messages without any security implementations. Over the Internet, this lack of security leaves these messages vulnerable to hackers. With TLS, messages between the client and server devices are verified using cryptographic codes keys. Devices on the server also send codes and keys between themselves for verification.

These keys help prevent man-in-the-middle attacks where hackers send false messages from clients or devices. Denial of Service (DoS) attacks where attackers send messages to overload a system are prevented, too. It’s also difficult for a hacker to perform probing attacks since faulty messages or devices won’t be verified and allowed to operate.

Further Modbus Security

Modbus TLS isn’t a perfect system, however. There are no measures built into the protocol to secure messages sent by the IP. Companies using the Modbus protocol must rely on their own network security best practices to ensure these messages are safe from threats. Use of a firewall, multifactor authentication and deep packet inspection are a few recommended security measures.