Why Control System Integrators Should Care about Serial Communications Monitoring: Cutting Costs and Reducing Risk

By Robert Fairfax | June 9th, 2021

Historically, Industrial Control Systems (ICS) could exist as a closed-loop, with an air-gapped network and a solid physical security program insulating them from the outside world. An operator could trust the integrity of their operations based on process outputs, and when processes broke down maintenance was brought in to locate and fix the issue.

Not to say it was a simple time (it wasn’t), but the Internet and the Digital Transformation that has accompanied it has changed the game at an ever-accelerating pace. Connecting corporate and industrial systems has enabled the adoption of modern technologies, introducing efficiency gains through remote access, modern data solutions, and greater automated coordination of business & industrial processes. However, the convergence of Information Technology (IT) and Operational Technology (OT) systems has blurred the border of two worlds, led to a host of security and governance problems, and brought new uncertainty to what the scope of responsibilities of a Control System Integrator are or should be.

Many Control System Integrators thrive in this new era, in all the noise seeing the opportunity to innovate, build a competitive advantage, and deliver more value to their customers. This article is primarily for those Control System Integrators, who can simultaneously enhance their customer’s operational visibility as well as cybersecurity posture by delivering a single capability: serial communications monitoring.

Enabling Efficiencies through Operational Health Monitoring

Within the Purdue Model[1], Serial Communications exist primarily at Levels 0 and 1 between logic controllers and legacy field devices –the most critical portions of the control system where physical processes occur. Calling these devices “legacy” becomes a misnomer as serial networks continue to be installed today[2]. Serial-connected devices have been a substantial part of control system communications for 40+ years and will be for the foreseeable future due to their prevalence, reliability, as well as the tremendous capital expenditure and operations effort that would have to be mobilized to replace these systems at scale.

While the Digital Transformation has led to increased networking and data collection across the enterprise, serial communications have been a particularly acute blind spot in control system data collection. While the status quo is to analyze device behavior at higher-levels after conversion to ethernet-based protocols, it lacks crucial context such as timing and direction data. Even when these communications are directly monitored, it is often performed with unsophisticated Serial-to-Ethernet Converters or active capture methods that could derail operations via device malfunction or malicious compromise by a cyber adversary.

With the power of serial communications data and a scalable way to process and analyze it, firms can optimize operational inefficiencies and locate malfunctions prior to failure conditions. While monitoring serial communications seems like a difficult tradeoff between operational efficiency and resiliency, operators can get the best of both worlds with passive and fail-safe capture methods such as Cynalytica’s SerialGuard. The visibility brought by proper serial communications monitoring lets control system operators cut costs through robust operational health monitoring.

Cybersecurity Presents an Increasing Threat to Critical Infrastructure

The largest downside to the Digital Transformation is that is has come with a cybersecurity tradeoff, as cyber adversaries have become increasingly aggressive in pursuing cyber-physical effects such as critical infrastructure downtime, asset damage, and process manipulation. The increased target on the back of critical infrastructure has put business continuity and human safety at risk, from IT-based attacks such as Colonial Pipeline to advanced OT attacks such as Industroyer that shut off power to ~200,000 people in Kiev in 2016.  

Serial communications are unencrypted and unauthenticated, which pre-Digital Transformation was mostly a non-issue. However without serial communication monitoring capabilities, an ICS is now susceptible to False Feedback attacks similar to Stuxnet, where a logic controller or other intermediary device is compromised. With this position established, a cyber adversary can send normal data to operators while having free reign to alter field device behavior to the tune of process disruption and asset destruction. The reality of this attack capability further ensures that adopting zero-trust visibility at every level of the Industrial Control System (ICS) is critical to an organization’s cybersecurity posture.

Cynalytica OT OptICS: Cutting Operational Costs and Reducing Cyber Risk

Due to the pace of Digital Transformation, OT security teams are often under-resourced to meet the growing threat and are forced to play catch-up, exacerbating the need for automated and scalable solutions that amplify a team’s impact. OT OptICS is Cynalytica’s Managed Service Platform (MSP) offering for asset operators and system integrators, featuring the industry’s first Machine Learning-powered anomaly detection platform for serial communications.

As a managed service, organizations can pursue OT visibility and cyber awareness at all levels of the ICS without requiring the resources and expertise that go into building out an internal Level 0/1 security team. To enable operational health and cyber monitoring, a dynamic baseline of operations is established and anomalies in serial communications are automatically detected. OT OptICS allows organizations to validate the operational state of legacy serial-connected assets at Level 0/1 with passive and fail-safe data collection as well as seamless 3rd party integrations that fold into pre-existing operational and security workflows.  

With the OT OptICS managed service, ICS operators can streamline serial communications monitoring, reducing time-to-discovery of cyber-physical and operational incidents at the deepest layers of critical infrastructure ICS with less operator time, effort, and sophistication required. OT OptICS can be a powerful Level 0/1 complement to the offerings of Control System Integrators– bringing operational awareness and visibility to the most critical layer of the end users’ control system.

Do your customers utilize serial-connected control systems? Do they also like cutting costs and reducing risk?

If these answers are a yes, then they need to have a conversation about OT OptICS and so do you. Request a demo today.


[1] Theodore Williams, Institute for Interdisciplinary Engineering Studies – Purdue University – https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.194.6112&rep=rep1&type=pdf

[2] Jonathan Baeckel, SANS.edu Graduate Research, 2021 – https://www.sans.org/reading-room/whitepapers/ICS/paper/40125


Subscribe to Newsletter