Hello to all,
What will be the implications of European Cybersecurity resilience act in the Modbus RTU protocol?

 

Most Modbus devices doesn't have any encryption by default since its a simple DATA exchange between 2 devices.
The slave doesn't know who the master is, if a hacker has access to your Modbus network, he can behave like master and gain full control of any of your Modbus slave devices. (Remember STUXNET ??)

If you need more compliant one then switching to OPC UA is the most preferred way in the industry.

 

Modbus RTU is a serial protocol developed before external data security regimens existed. It does not have a structure that would support attainment of CRA compliance. Since the core data mechanisms are similar, Modbus/TCP on Ethernet faces similar compatibility issues to cybersecurity requirements. The briliance and success of these protocols relates to early origination in the market, simplicity, openness, and near ubiquitous support across vendors. The market would need solutions to encapsulate or emulate them within a secure shell to continue future viability.