I received a comment from Ralph Langner on my blog on Friday – “The Emperor wears no clothes - the NERC CIP process”. This comment is so important I wanted it to stand by itself because it reflects the lack of understanding by the IT community of controls systems and the intransigence of NERC
I wrote: “Could you use serial as means to inject Stuxnet – YES!!!” Ralph responded ”To underline that point... our forensic evidence supports that Stuxnet DID inject rogue ladder logic via a serial link -- the vendor's proprietary MPI protocol that runs on RS-485. Blaming networks in general and the Internet in particular for all security problems is a widespread delusion.” As I mentioned, I will have Dr. Tommy Morris from Mississippi State University demonstrating the vulnerability of Modbus serial communications at the September ACS Conference.
Not only has NERC refused to address serial in every version of the NERC CIP process, even the NERC CIP Cyber Attack Task Force refuses to address this threat. If NERC and the utilities continue to reject addressing serial, the grid is at great risk for LONG TERM (many months) outages.
Joe Weiss
