2016 was a turning point with secure ICS protocols. For a while it was limited primarily to OPC UA and DNP3 SA, but 2016 brought us a secure version of CIP / Ethernet/IP, Secure Modbus and a couple of others that will soon be unveiled. This should be enough critical mass to force the other protocol bodies to do the same in 2017 – 2018.
We have two secure ICS protocol sessions at S4x17:
Secure Modbus with Role Based Authorization with Daniel Clarke
Schneider Electric has developed a Secure Modbus protocol that they are proposing to the Modbus organization. It will support authentication and encryption of course, and Daniel will explain how. What I found most interesting is the use of certificates to enforce roles at the PLC/RTU itself. This delves into a PKI which can be a morass. So I’m looking forward to hearing how this will be implemented and managed.
Secure SCADA Protocol for the 21st Century (SSP21) with Adam Crain and Rich Corrigan
After beating on DNP3 and other protocol applications as part of Project Robus, Adam decided to work with Rich to come up with a more secure protocol. SSP21 is intended to fill a technology gap where existing technologies like TLS are not applicable, namely for serial communication channels and endpoints with limited bandwidth and/or processing capabilities