Industrial communication protocols are a foundational element of modern process and factory automation, enabling interoperability, real-time control and efficient device integration. However, many widely deployed protocols were not originally designed with cybersecurity as a primary objective. Although standards development organizations have been steadily adding security functionality to these protocols, there are still many deployments that lack built-in security mechanisms such as authentication, authorization, integrity and confidentiality.
To address this challenge, FieldComm Group, ODVA, OPC Foundation and PROFIBUS & PROFINET International have collaborated to establish a shared operational environment and architecture overview for industrial communication protocols in alignment with EN 40000-1-2. Based on the EN 40000-1-2, in this technical paper, a structured risk-based methodology is applied to assess cybersecurity risks associated with commonly used industrial communication protocols and to define appropriate mitigation strategies. The assessment confirms, that in many cases, the use of industrial protocols relies heavily on additional compensating controls provided by the operational environment. Even as Ethernetbased protocols such as EtherNet/IP, HART-IP, OPC UA and PROFINET offer enhanced security profiles, their usage depends on the risk assessment and operational environment of the end user.
