·
Module 15Integration & Real Systems9 min.md

Security & Safety

Overview

What you'll learn

What classic Modbus does not protect, write safety practice, and TLS / Modbus Security.

Sections
11
Labs
1
Quiz
8 Qs
What you'll be able to do
  • List what classic Modbus does not protect (authentication, encryption, integrity beyond CRC).
  • Apply defensive write practices (allowlists, rate limits, write-readback).
  • Describe Modbus/TCP Security at a high level.
Why you'll need this
  • "Your auditor asks how you prevent unauthorized writes on a flat OT network. What do you point at?"
Three things people get wrong
  1. 1.
    Relying on 'Modbus is internal'
    Fix Flat OT networks are common. Assume the wire is reachable and design accordingly.
  2. 2.
    Writing without read-back verification
    Fix A successful FC 06/16 response says the bytes arrived, not that the device accepted them. Always read back a critical write.
  3. 3.
    Ignoring Modbus Security because 'no one uses it yet'
    Fix Adoption is rising. Even if not deploying it today, design with a migration path in mind.
From the field

The pump that ran on weekend nights

An overnight pump cycle no one had scheduled turned out to be a misconfigured maintenance script writing to the wrong Unit ID. There was no authentication, no audit log, and no read-back — just a script running on a laptop someone forgot in a panel.

Cited sources

Primary sources come from protocol and standards publishers. Secondary sources provide supporting tool, vendor, or reference context.

This module is paginated — step through the sections, run the labs, then take the quiz. Progress is saved locally.

Print one-pager →