This demo has been making the rounds of the trade shows over the last couple of years. It is both simple and a powerful demonstration for those without an IT background. Basically, the Modbus protocol has virtually no security. It is easy to recover passwords using a sniffer, and in many cases the default passwords are not even changed. When Modbus is sent over an IP network it opens up attacks to anyone with a laptop, the ability to use Google, and connectivity to the network.

The demo shows how passwords are recovered. How the PLC can be reprogrammed. How false data can be sent. In hacker speak, how the PLC can be ‘owned’. Equally important, but not demonstrated, is how false data could be sent to the central server and operator consoles. There really are no sophisticated attacks required because the protocol does not have security. The troubling issue is a solution is not forthcoming and with the long lifecycle of these systems it could be decades before the systems are secured. It is hard to determine what organization could issue a security protocol that all vendors would support, let alone get agreement on this protocol.

Our focus is to find compensating controls to address this risk.