{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:27:19Z","timestamp":1760059639997,"version":"build-2065373602"},"reference-count":31,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2025,6,26]],"date-time":"2025-06-26T00:00:00Z","timestamp":1750896000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"University of Nebraska-Lincoln\u2019s Nebraska Center for Energy Sciences Research (NCESR)","award":["20-706"],"award-info":[{"award-number":["20-706"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>The convergence of Operational Technology (OT) and Information Technology (IT) networks has become increasingly prevalent with the growth of Industrial Internet of Things (IIoT) applications. This shift, while enabling enhanced automation, remote monitoring, and data sharing, also introduces new challenges related to communication latency and cybersecurity. Oftentimes, legacy OT protocols were adapted to the TCP\/IP stack without an extensive review of the ramifications to their robustness, performance, or safety objectives. To further accommodate the IT\/OT convergence, protocol gateways were introduced to facilitate the migration from serial protocols to TCP\/IP protocol stacks within modern IT\/OT infrastructure. However, they often introduce additional vulnerabilities by exposing traditionally isolated protocols to external threats. This study investigates the security and reliability implications of migrating serial protocols to TCP\/IP stacks and the impact of protocol gateways, utilizing two widely used OT protocols: Modbus TCP and DNP3. Our protocol analysis finds a significant safety-critical vulnerability resulting from this migration, and our subsequent tests clearly demonstrate its presence and impact. A multi-tiered testbed, consisting of both physical and emulated components, is used to evaluate protocol performance and the effects of device-specific implementation flaws. Through this analysis of specifications and behaviors during communication interruptions, we identify critical differences in fault handling and the impact on time-sensitive data delivery. The findings highlight how reliance on lower-level IT protocols can undermine OT system resilience, and they inform the development of mitigation strategies to enhance the robustness of industrial communication networks.<\/jats:p>","DOI":"10.3390\/fi17070286","type":"journal-article","created":{"date-parts":[[2025,6,26]],"date-time":"2025-06-26T11:15:23Z","timestamp":1750936523000},"page":"286","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Exponential Backoff and Its Security Implications for Safety-Critical OT Protocols over TCP\/IP Networks"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4510-8280","authenticated-orcid":false,"given":"Matthew","family":"Boeding","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Nebraska-Lincoln, Lincoln, NE 68588, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-4145-7318","authenticated-orcid":false,"given":"Paul","family":"Scalise","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Nebraska-Lincoln, Lincoln, NE 68588, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7091-8349","authenticated-orcid":false,"given":"Michael","family":"Hempel","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Nebraska-Lincoln, Lincoln, NE 68588, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6229-2043","authenticated-orcid":false,"given":"Hamid","family":"Sharif","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Nebraska-Lincoln, Lincoln, NE 68588, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5083-8627","authenticated-orcid":false,"suffix":"Jr.","given":"Juan","family":"Lopez","sequence":"additional","affiliation":[{"name":"Oak Ridge National Laboratory, Oak Ridge, TN 37831, USA"}]}],"member":"1968","published-online":{"date-parts":[[2025,6,26]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Boeding, M., Boswell, K., Hempel, M., Sharif, H., Lopez, J., and Perumalla, K. (2022). Survey of cybersecurity governance, threats, and countermeasures for the power grid. Energies, 15.","DOI":"10.3390\/en15228692"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"161329","DOI":"10.1109\/ACCESS.2024.3477714","article-title":"Trends in Smart Grid Cyber-Physical Security: Components, Threats and Solutions","volume":"12","author":"Manias","year":"2024","journal-title":"IEEE Access"},{"key":"ref_3","unstructured":"Modbus Organization Inc. (2012). MODBUS Application Protocol Specification v1.1b3, Modbus. Modicon Inc. Industrial Automation Systems Technology Reports."},{"key":"ref_4","unstructured":"(2012). IEEE Standard for Electric Power Systems Communications-Distributed Network Protocol (DNP3) (Standard No. IEEE 1815-2012)."},{"key":"ref_5","unstructured":"V-Labs (2025, January 13). OT-Icefall: The Legacy of \u201cInsecure by Design\u201d and Its Implications for Certifications and Risk Management. Available online: https:\/\/www.forescout.com\/resources\/ot-icefall-report\/."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Porcu, D., Castro, S., Otura, B., Encinar, P., Chochliouros, I., Ciornei, I., Hadjidemetriou, L., Ellinas, G., Santiago, R., and Grigoriou, E. (2022). Demonstration of 5G solutions for smart energy grids of the future: A perspective of the Smart5Grid project. Energies, 15.","DOI":"10.3390\/en15030839"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Jafary, P., Supponen, A., and Repo, S. (2022). Network Architecture for IEC61850-90-5 Communication: Case Study of Evaluating R-GOOSE over 5G for Communication-Based Protection. Energies, 15.","DOI":"10.3390\/en15113915"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Boeding, M., Hempel, M., and Sharif, H. (2025). End-to-End Framework for Identifying Vulnerabilities of Operational Technology Protocols and Their Implementations in Industrial IoT. Future Internet, 17.","DOI":"10.3390\/fi17010034"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Banik, S., Manicavasagam, R., Banik, T., and Banik, S. (2024, January 26\u201327). Simulation and analysis of cyber-attack on modbus protocol for smart grids in virtual environment. Proceedings of the Science and Information Conference, London, UK.","DOI":"10.20944\/preprints202309.0984.v2"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"de Brito, I.B., and de Sousa, R.T. (2022). Development of an open-source testbed based on the modbus protocol for cybersecurity analysis of nuclear power plants. Appl. Sci., 12.","DOI":"10.3390\/app12157942"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"3983","DOI":"10.3390\/smartcities7060154","article-title":"SoK: A Reality Check for DNP3 Attacks 15 Years Later","volume":"7","author":"Rodriguez","year":"2024","journal-title":"Smart Cities"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Ozdogan, E. (2024). Structured Defense Model Against DNP3-Based Critical Infrastructure Attacks. Arab. J. Sci. Eng., 1\u201319.","DOI":"10.1007\/s13369-024-09577-3"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Kelli, V., Radoglou-Grammatikis, P., Sesis, A., Lagkas, T., Fountoukidis, E., Kafetzakis, E., Giannoulakis, I., and Sarigiannidis, P. (June, January 30). Attacking and defending DNP3 ICS\/SCADA systems. Proceedings of the 2022 18th International Conference on Distributed Computing in Sensor Systems (DCOSS), Marina del Rey, Los Angeles, CA, USA.","DOI":"10.1109\/DCOSS54816.2022.00041"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"109828","DOI":"10.1016\/j.compeleceng.2024.109828","article-title":"An effective intrusion detection scheme for Distributed Network Protocol 3 (DNP3) applied in SCADA-enabled IoT applications","volume":"120","author":"Dangwal","year":"2024","journal-title":"Comput. Electr. Eng."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1016\/j.dcan.2022.09.013","article-title":"Interworking between Modbus and internet of things platform for industrial services","volume":"10","author":"Elamanov","year":"2024","journal-title":"Digit. Commun. Netw."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"103656","DOI":"10.1016\/j.rineng.2024.103656","article-title":"Performance evaluation of modbus and DNP3 protocols in the communication network of a university campus microgrid","volume":"24","author":"Bastidas","year":"2024","journal-title":"Results Eng."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"47007","DOI":"10.1109\/ACCESS.2023.3275443","article-title":"Protecting modbus\/TCP-based industrial automation and control systems using message authentication codes","volume":"11","author":"Sumina","year":"2023","journal-title":"IEEE Access"},{"key":"ref_18","unstructured":"(2019). Information Technology\u2014Lightweight Cryptography Part 6: Message Authentication Codes (MACs) (Standard No. ISO\/IEC 29192-6:2019)."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Rodr\u00edguez-P\u00e9rez, N., Domingo, J.M., L\u00f3pez, G.L., and Stojanovic, V. (2022, January 10\u201312). Scalability evaluation of a Modbus TCP control and monitoring system for Distributed Energy Resources. Proceedings of the 2022 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), Novi Sad, Serbia.","DOI":"10.1109\/ISGT-Europe54678.2022.9960319"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Huang, H., Davis, C.M., and Davis, K.R. (2021, January 2\u20135). Real-time power system simulation with hardware devices through dnp3 in cyber-physical testbed. Proceedings of the 2021 IEEE Texas Power and Energy Conference (TPEC), College Station, TX, USA.","DOI":"10.1109\/TPEC51183.2021.9384947"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Moldovan, D., and Ayyanar, R. (2024, January 25\u201326). DNP3 Implementation in a High DER Penetration Distribution System. Proceedings of the 2024 IEEE Kansas Power and Energy Conference (KPEC), Manhattan, KS, USA.","DOI":"10.1109\/KPEC61529.2024.10676137"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Tsalis, N., Stergiopoulos, G., Bitsikas, E., Gritzalis, D., and Apostolopoulos, T.K. (2018, January 26\u201328). Side Channel Attacks over Encrypted TCP\/IP Modbus Reveal Functionality Leaks. Proceedings of the 15th International Joint Conference on e-Business and Telecommunications (ICETE 2018), Porto, Portugal.","DOI":"10.5220\/0006832700530063"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"409","DOI":"10.1109\/TNET.2021.3115517","article-title":"Off-path TCP hijacking attacks via the side channel of downgraded IPID","volume":"30","author":"Feng","year":"2021","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Cao, Y., Wang, Z., Qian, Z., Song, C., Krishnamurthy, S.V., and Yu, P. (2019, January 11\u201315). Principled unearthing of TCP side channel vulnerabilities. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3354250"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"64140","DOI":"10.1109\/ACCESS.2024.3395991","article-title":"Industrial Control System-Anomaly Detection Dataset (ICS-ADD) for Cyber-Physical Security Monitoring in Smart Industry Environments","volume":"12","author":"Gaggero","year":"2024","journal-title":"IEEE Access"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Butts, J., and Shenoi, S. (2014, January 17\u201319). Industrial Control System Traffic Data Sets for Intrusion Detection Research. Proceedings of the Critical Infrastructure Protection VIII, Arlington, VA, USA.","DOI":"10.1007\/978-3-662-45355-1"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Boeding, M., Hempel, M., and Sharif, H. (2023, January 6\u20138). Vulnerability Identification of Operational Technology Protocol Specifications Through Formal Modeling. Proceedings of the 2023 16th International Conference on Signal Processing and Communication System (ICSPCS), Bydgoszcz, Poland.","DOI":"10.1109\/ICSPCS58109.2023.10261127"},{"key":"ref_28","unstructured":"(2025). Series Communication Networks and Systems for Power Utility Automation (Standard No. IEC 61850)."},{"key":"ref_29","unstructured":"Modbus Organization Inc. (2012). MODBUS Messaging on TCP\/IP Implementation Guide V1.0b, Modbus Organization. Modicon Inc. Industrial Automation Systems Technology Reports."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Ionescu, D., Filipescu, A., Simion, G., Minc\u0103, E., Cernega, D., \u0218olea, R., and Filipescu, A. (2022). Communication and Control of an Assembly, Disassembly and Repair Flexible Manufacturing Technology on a Mechatronics Line Assisted by an Autonomous Robotic System. Inventions, 7.","DOI":"10.3390\/inventions7020043"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Berardi, D., Callegati, F., Giovine, A., Melis, A., Prandini, M., and Rinieri, L. (2023). When Operation Technology Meets Information Technology: Challenges and Opportunities. Future Internet, 15.","DOI":"10.3390\/fi15030095"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/7\/286\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:59:17Z","timestamp":1760032757000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/7\/286"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,26]]},"references-count":31,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2025,7]]}},"alternative-id":["fi17070286"],"URL":"https:\/\/doi.org\/10.3390\/fi17070286","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2025,6,26]]}}}