a) How does Modbus/DNP3 protocol work?

b) What are the possible attacks to Modbus/DNP3 protocol?

c) What are the possible security solutions (prevent/detect/mitigate) against those attacks in the
literature?
d) What are the challenges to address those security issues in legacy CPS?
e) What are the relevant commercial products that can be deployed to defend against those attacks?
f) What have you learnt from this study (a summary)?
Modbus and DNP are both byte-oriented protocols.
Modbus is an application layer protocol
DNP3 contains Application and Data Link Layers, with a pseudo-transport layer.

Both protocols are widely used over a variety of physical layers, including RS-232, RS- 422, RS-
485, and TCP/IP. Modbus has a separate specification for use over TCP/IP (Modbus-TCP).

With DNP, the protocol is simply encapsulated within TCP/IP.

The primary advantage of Modbus is its simplicity for small devices and the very large range of
devices that have some sort of Modbus interface. It is widely used in process control and SCADA
systems.
DNP3 is specifically designed for use in SCADA applications. It is highly standardized, with
relatively high compatibility and inter-operability between devices from different manufacturers.
Both DNP3 and Modbus have independent Technical committees that are working to ensure
interoperability and create standards for new functionality.
Modbus is a serial communication protocol developed by Gould-Modicon systems (now Schneider
Electric) in 1979 for integrating and using it with PLCs (Programmable Logic Controller). Modbus has
become an industry standard for connecting various industrial devices.
Modbus is a master-slave communication protocol and can support up to 247 slaves for connecting and
communications with supervisory computers with a remote terminal unit (RTU) in SCADA systems. The
device supplying the information is the Modbus slave, while the Modbus master is the device requesting
the information.
Why Modbus? A few of the reasons for widespread use of Modbus are:
1.Developed specifically for industrial purpose
2.Open source protocol
3.Easy to develop, deploy and maintain.
Modbus variants
Modbus has many variants available for serial communication. They are:
4.Modbus RTU
5.Modbus over TCP/IP
6.Modbus over UDP
7.Modbus ASCII
8.Modbus Plus (MB+)
9.Pemex Modbus
10.Enron Modbus
The most widely and commonly used Modbus variant is Modbus RTU. Modbus RTU uses RS-485 or RS-
232, and all communication in Modbus RTU happens over UART (Universal Asynchronous Receiver
Transmitter). One bit is transferred at a time and it uses a baud rate from 1200–115200 bits per second.