Modbus, in its traditional form, lacks inherent security features. According to ISA/IEC 62443, one of the most practical ways to secure Modbus traffic is by placing it behind a firewall, which restricts access to only trusted sources and destinations. While VPNs and user access controls can add security, firewalls provide critical segmentation, which is explicitly recommended for legacy and insecure protocols like Modbus.
[Reference: ISA/IEC 62443-3-3:2013, Section 4.2.3.4 (“Use of firewalls for insecure protocols”); ISA/IEC 62443-1-1:2007, Section 3.2.1.]
Submit