Many of the most popular ICS protocols are addressing their lack of encryption and authentication, including Modbus TCP, EtherNet/IP and a version of OPC UA, by wrapping the protocol in TLS. There are pro’s and con’s to this approach, and they will be debated on the stage.
– Does adding security to legacy protocols make sense or should we start over?
– If we are adding security to legacy protocols is TLS the right choice in terms of proven and vetted security, bandwidth, mono-culture, …?
– What are the key management ramifications for both approaches?
– Is encryption a good thing for ICS protocols?