OT protocol security¶

Most OT protocols were designed in an era when the network carrying them was assumed to be physically isolated and operationally controlled. Authentication was unnecessary because strangers could not reach the wire. Encryption was unnecessary because the data was process telemetry, not state secrets. That assumption has eroded, and the protocols have not changed as fast as the networks they run on.

The pages here cover the security properties each protocol was built with, the gaps that follow from those design choices, and the compensating controls available when the protocol itself offers nothing.

The protocol was designed for reliability. Security was someone else's problem.

Modbus
DNP3
OPC UA
IEC 61850
EtherNet/IP
Profinet
BACnet
MQTT
IEC 60870-5-104
OPC DA
ICCP / TASE.2
HART-IP
IEC 62351