Many industrial facilities still rely on Modbus systems that no longer meet today’s security and data requirements. A Modbus retrofit from Perinet enables companies to modernize existing plants step by step without replacing the entire infrastructure. This transforms legacy systems into secure, IoT enabled and compliant solutions.
The challenge: legacy technology as a risk for compliance and security
Many industrial plants have been operating reliably for many years, sometimes even decades. They are based on Modbus or comparable fieldbus protocols and perform their tasks without disruptions. However, Modbus was never designed for internet connectivity or modern IT security requirements. Devices communicate over serial interfaces such as RS-485, without encryption and without direct connection to IT systems. This technical foundation is becoming a problem for some companies and forces them to implement a Modbus retrofit. Without it they cannot meet the requirements of the European Data Act (EDA) and the Cyber Resilience Act (CRA).
- The European Data Act obliges companies to ensure that users of connected products and digital services can access the data generated by those products. To achieve this, the data must be routed into the IT environment so it becomes available for further tasks.
- The Cyber Resilience Act requires manufacturers and providers of connected devices to comply with essential security standards during development. This includes access protection, encryption and the ability to apply updates and patches after deployment.
- These two regulations are complemented by the NIS2 Directive which requires cybersecurity measures from companies in every industry, including the introduction of early warning and detection systems.
Technical and economic limitations of traditional systems
Many existing Modbus-based systems cannot provide data and do not meet modern IT security standards. Many companies assume that physically isolated Modbus networks are inherently secure. In practice, however, cabling often runs openly across the shopfloor and is therefore physically accessible which represents a fundamental security risk.
There are also economic and practical limitations. Some companies cannot finance a comprehensive digitalization project all at once. Replacing all machines and controllers with a completely new system is usually too large an investment. Therefore solutions are needed for a Modbus retrofit that can be implemented with manageable effort. Above all these systems must be easy to install so that technicians who previously laid Modbus cables can now also configure secure networks. Many existing IT OT integration solutions do not meet this requirement because they often demand additional expertise and significant IT resources.
The challenges at a glance
- Outdated Modbus technology without encryption
- Missing IT security standards and access to data
- Limited budgets for complete modernization
- High training requirements for previous solutions
The solution: Modbus retrofit for gradual digitalization
Perinet GmbH in Berlin offers a comprehensive concept for a digital retrofit of Modbus environments. It is a step by step approach that makes existing systems IoT-enabled. Two potential configurations are available:
- In the first configuration, the Modbus installation is retained. A Modbus sniffer reads out the data and forwards it to an IT system. This Modbus retrofit is cost effective, quick to implement and suitable for smaller companies.
- The second configuration replaces the communication path, secures it and enables full integration into IT systems. This version is compliant with the key requirements of the Data Act and the Cyber Resilience Act.
Both Modbus retrofit variants can be installed and operated by field technicians or installers without the need to involve an IT specialist every time.
Secure connectivity with encryption and SPE networks
The second configuration starts with security. Since RS-485 operates without encryption, the connection is secured via Modbus RTU to TCP bridges. These components encrypt the communication using TLS and other methods. At the other end, an edge device decrypts the data and forwards it to the control system. This protects the communication path so that attacks through physical cables are prevented. The legacy system continues to operate exactly as before.
By introducing Single Pair Ethernet, data and power can be transmitted over a single twisted-pair. This technology enables energy efficient and secure networks. In some cases it also allows existing cabling to be reused. Legacy controllers receive decrypted data and nothing changes on the devices themselves.
The next step combines security with IoT functionality. Perinet offers the periNODE smart adapter which turns existing Modbus devices into active network participants. It connects to the Modbus RTU device on one side and to a Single Pair Ethernet interface on the other. This allows the data to be transmitted directly over Ethernet. The adapter is primarily designed for M8 screw connections, with terminal versions planned as well.
The core element of the Modbus retrofit is the Modbus IoTizer, a software solution running on the periMICA edge computer. It forms the interface between the industrial Modbus environment and the IT world. periMICA receives, decrypts and converts the data into standardized formats such as JSON over MQTT. The data becomes both machine-readable and human-readable which simplifies analytics and avoids misunderstandings. Values like temperature or energy consumption are clearly displayed instead of being hidden in hexadecimal codes.
Legally compliant Modbus retrofit with easy handling
This Modbus retrofit architecture meets the requirements of the European Data Act and the Cyber Resilience Act. Communication is encrypted and secure data export is possible. Operators can continue using their existing devices while gaining compliant access to their information. Manufacturers can adapt their products to new requirements without a complete redesign.
Another advantage is ease of use. The systems are designed to be installed by technical staff even without prior experience in IT security concepts. The software handles encryption and authentication automatically and integrates into existing network environments.
A key benefit lies in the gradual approach. Companies can start the Modbus retrofit with small projects, gain experience and expand as needed. Additional features can later be added, for example full IoT integration. This modernization strategy reduces risks and enables continuous improvement of facilities.
The result: IoT integration without a full system overhaul
Perinet stands out in Modbus retrofit projects through its phased approach. The manufacturer’s IoT system focuses on practical implementation without complex system replacements and enables operators to economically and compliantly integrate existing installations into modern networks.
Encryption significantly increases security. Manipulation or attempts at wiretapping are prevented. If a cable is damaged, the system detects and locates the breakage. This simplifies troubleshooting and improves operational reliability.
Implementing the Modbus retrofit delivers measurable improvements. Existing systems become secure and compliant within IoT environments. Operators continue to use their previous investments while meeting legal requirements. The data is available in structured form which simplifies maintenance, energy optimization and analysis.
A real world example shows that a cooling system operator was able to compare operating times and energy consumption thanks to the retrofit solution. This made it possible to identify and reduce excessive consumption in individual units. Such transparency would not have been achievable without modernization.
Summary of results
- Gradual Modbus retrofit with minimal effort
- Secured communication using TLS and SPE
- Compliance with the Data Act and the Cyber Resilience Act
- Continued use of existing equipment and data
