Slashdot Mirror

← Back to Stories (view on slashdot.org)

Electric Cybersecurity Regulations Have a Serial Problem

Posted by Soulskill on from the locking-the-door-before-you-finish-building-the-wall dept.

msm1267 writes "A class of SCADA vulnerabilities discussed at a recent conference is getting attention not only for the risks they pose to master control systems at electric utilities, but also for illuminating a dangerous gap in important critical infrastructure regulations. The flaws, many of which have been patched, demonstrate how an attacker could target a non-critical, serial-based piece of field equipment at an electrical substation and knock out visibility over all of a utility’s substations. 'Where serial lines come into a master station, for instance, they won’t have the same level of protection that a TCP/IP-based connection would have,' said Michael Toecker, an ICS security consultant and engineer at Digital Bond. 'There’s a complete regulatory blind spot there in the current version of the NERC standards.' Some of the non-critical devices Crain and Sistrunk talked about at S4 rely largely on physical security to keep them safe, and are not covered by NERC regulations. Initiatives such as the Smart Grid are all about pushing intelligence away from substations and into areas where it may not be practical to have adequate physical security. 'No camera. No fence. Just a lock pick away from somebody getting at that cabinet and then affecting visibility for a huge subset of the distribution system,' Crain said."

1 of 40 comments (clear)

  1. Re:Seems that the solution is simple enough by LoRdTAW · · Score: 3, Informative

    "Serial runs aren't that long.."

    The link you gave is for RS-232. RS485/422, CAN and Profibus(a protocol running on variant of RS485) can run for hundreds or thousands of meters (using repeaters and/or optical links). They are also the most common form of fieldbus. Allen Bradley uses DeviceNet over CAN, Siemens uses Profibus and various other controller manufactures use RS422/485 and most likely run Modbus or a proprietary protocol over it.

    http://en.wikipedia.org/wiki/RS-485": It offers data transmission speeds of 35 Mbit/s up to 10 m and 100 kbit/s at 1200 m."

    http://en.wikipedia.org/wiki/Rs422: "The maximum cable length is 1500 m. Maximum data rates are 10 Mbit/s at 12 m or 100 kbit/s at 1200 m."

    http://digital.ni.com/public.nsf/allkb/D5DD09186EBBFA128625795A000FC025: CAN Bus - 50 kbits/Sec @ 1000 meters.

    http://en.wikipedia.org/wiki/Profibus: "The cable length between two repeaters is limited from 100 to 1200 m, depending on the bit rate used."