SBN

Industrial Ethernet

Introduction

Industrial Control Systems (ICS) are different from conventional IT systems. ICS typically source data from remote sensors and transmit commands to machines for the relevant action to take. As such, conventional IT protocols cannot be applied to ICS. Every instrument, interface and system in the ICS landscape now support and run on TCP/IP protocols over the industrial Ethernet.

What is industrial Ethernet?

Industrial Ethernet comprises the IP-enabled versions of commonly serial industrial protocols — basically serial comms compressed in TCP/IP packets. The non-proprietary array of different communication protocols used by several manufacturers for SCADA/ICS tend to change over the industrial Ethernet. Below are a few examples:

  • Modbus turns into Modbus TCP
  • HART changes to HART-IP
  • DNP3 becomes DNP3 over TCP/IP

Structure of serial comms in TCP/IP packets

Modbus TCP

Just like the serial versions, Modbus TCP has a client/server architecture, including a master & slave. It also removes the “Checksum” requirement in Modbus. For Modbus over TCP, the Checksum is present in the payload (just like it is for Modbus RTU). Dual master/slave configurations are also available, and the default TCP port is 502. 

A Modbus TCP packet is encapsulated in TCP/IP. The start code is 0×0000. It uses the same request and response path, the same function codes and the same data limit of 253 bytes as its serial counterpart.

Modbus Application Protocol or MBAP, on the other hand, consists of 7 bytes. 2 bytes for the transaction header or message ID, 2 bytes contain the protocol identifier (whereas 0 is Modbus), and 2 bytes of length plus 1 byte of address. 

It’s worth mentioning that Modbus TCP or Modbus over TCP/IP has no native security capabilities as part of the feature set. 

HART-IP 

HART-IP is managed by the FieldComm Group. It’s essentially a standardized (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/q_o5PiJxKss/