Serial vulnerabilities and NERC intransigence- Can this lead to the downfall of the US electric grid

July 11, 2011
I received a comment from Ralph Langner on my blog on Friday – “The Emperor wears no clothes - the NERC CIP process”.  This comment is so important I wanted it to stand by itself because it reflects the lack of understanding by the IT community of controls systems and the intransigence of NERC
I wrote: “Could you use serial as means to inject Stuxnet – YES!!!”  Ralph responded ”To underline that point... our forensic evidence supports that Stuxnet DID inject rogue ladder logic via a serial link -- the vendor's proprietary MPI protocol that runs on RS-485.
I received a comment from Ralph Langner on my blog on Friday – “The Emperor wears no clothes - the NERC CIP process”.  This comment is so important I wanted it to stand by itself because it reflects the lack of understanding by the IT community of controls systems and the intransigence of NERC
I wrote: “Could you use serial as means to inject Stuxnet – YES!!!”  Ralph responded ”To underline that point... our forensic evidence supports that Stuxnet DID inject rogue ladder logic via a serial link -- the vendor's proprietary MPI protocol that runs on RS-485. Blaming networks in general and the Internet in particular for all security problems is a widespread delusion.”  As I mentioned, I will have Dr. Tommy Morris from Mississippi State University demonstrating the vulnerability of Modbus serial communications at the September ACS Conference.
Not only has NERC refused to address serial in every version of the NERC CIP process, even the NERC CIP Cyber Attack Task Force refuses to address this threat. If NERC and the utilities continue to reject addressing serial, the grid is at great risk for LONG TERM (many months) outages.  
Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.