Protocol filter fills ‘missing security layer’ for Modbus/TCP devices

February 10, 2016 // By Graham Prophet
Icon Labs has released the first embedded protection for Internet of Things devices that connect via the Modbus protocol; the Floodgate Modbus Packet Filter provides advanced security for industrial IoT and RTOS-based devices.

Floodgate Modbus Protocol Filtering is an extension to Icon Labs’ Floodgate Security Framework to add critical protection capabilities for Industrial IoT and RTOS-based devices. It provides what Icon terms the critical missing layer of security for Modbus/TCP devices. Integrated into a device, Floodgate Modbus Protocol filtering employs deep packet inspection to enforce virtual network segmentation and to control packets processed based upon source network address, function code, and packet data contents.

“The Modbus/TCP protocol currently lacks any real security, making these devices sitting ducks for even moderately skilled hackers,” said Alan Grau, President of Icon Labs. “Several attempts to add security to Modbus/TCP have been proposed, but none provide a cost-effective solution for legacy devices while maintaining interoperability with the protocol standard. Modbus packet filtering addresses this problem by enforcing policies and inserting a layer of control without changing the underlying protocol.”

Floodgate Modbus Protocol filtering is an extension of the Floodgate Firewall, an endpoint firewall solution designed for embedded and RTOS-based systems. The solution integrates with the native TCP/IP stack on the device and provides control over the packets processed by the device. The Modbus Protocol filtering extension provides control over the Modbus packets processed by the device based upon Modbus function code, originating IP address, or Modbus packet content. Integration with the Floodgate Agent enables detection and reporting of malicious traffic.

Icon Labs’ Floodgate Security Framework is a comprehensive security solution for embedded devices providing security management, secure boot, intrusion detection, secure firmware updates, and an embedded firewall. These capabilities provide the building blocks for achieving EDSA certification, ISA/IEC 62443 compliance, and/or compliance with the NIST cybersecurity framework.

Icon Laboratories;