As ICS moves into TCP/IP, its security becomes a vital issue. Many protocols designed to control and monitor critical processes do not employ encryption or authentication system. This makes it easy for an attacker to hijack sessions, modify data and inject malicious packets. Security related solutions for protocols are entering the market. Are they really effective? And if not, is it possible to perform all the necessary functions using standard network equipment? The speaker will examine attack scenarios at the application level and their impact, taking Modbus (Modbus TCP) as an example. He will demonstrate how to develop and test the signatures employed by most of the current intrusion prevention systems. In conclusion, the speaker will compare the final set of signatures for Modbus TCP security with the set from the leading information security vendors. Dmitry Dudov has been engaged in information security since 2008. He has taken part in several projects related to the security of information systems, including creation of a complex protection system for the IT infrastructure of an international oil transport company, as well as a protection system for the technological networks of a large electric power holding company in Russia. Now he is a leading SCADA security engineer at AMT Group.Dmitry Dudov Dmitry Dudov