bug

I have heard rumors from several people now that others are drawing conclusions about the relative robustness of their favorite protocol.  This post is a response to the viewpoint that your favorite ICS protocol is more robust and secure than DNP3 because you haven’t seen any vulnerability disclosures from the Project Robus team.  Unfortunately, the exact opposite is true.

The lack of IEC vulnerabilities that you are uncovering are inadvertently tipping the scales in an ongoing debate about which protocols are better.

No, IEC 61850, 60870-103/104, ICCP, OPC-UA, EthernetIP, Profinet have defects too

Any other large protocol will have lots of defects in implementation.  We haven’t tested any of these protocols yet because writing a good generational smart fuzzer is a lot of work and has to be done on a per protocol basis. We’ll get to it eventually.

The defects we have found in DNP3 (and now starting to find in Modbus and Telegyr 8979) are a by-product of bad coding and testing practices, not inherent flaws in the specification.  Based on attack surface area alone, I suspect IEC 61850 will have the most defects, but that’s just a guess. For a explanation of defect rates in protocols, see my related post:

The Wisdom of Mordac

Yes, there are areas where DNP3 is difficult to implement correctly, but this will not be a characteristic intrinsic to only DNP3.  We design large protocols in this space without open reference implementations to guide their evolution.

Patched DNP3 systems are likely more robust than your favorite protocol.

DNP3 has been through the wringer now and vendors are doing more testing and have a tool for validation.  Patched DNP3 systems that are starting to become available now are more resistant to vulnerability discovery than the protocols I mentioned above.