Episode 13 — Work with Serial OT Communications: RS-232, RS-485, and Practical Limitations

In this episode, we’re going to step away from the newer Ethernet-centered picture of networking and spend time with a style of communication that is still common in OT because it is simple, durable, and often deeply embedded in older equipment. Serial communication is one of those topics that sounds outdated until you realize how much critical infrastructure still depends on it, especially in places where equipment lasts a long time and reliability matters more than modern features. Serial links show up between controllers and field devices, between meters and data collectors, and inside systems that were designed before modern networking became the default. Beginners often feel uneasy here because serial does not behave like Wi-Fi or office Ethernet, and the vocabulary is different, but the goal is not to make you an electrical engineer. The goal is to help you understand what serial communication is, why RS-232 and RS-485 show up so often, and what practical limitations come with them in real OT environments. Once you understand those limitations, you can make sense of security and reliability decisions that would otherwise feel confusing, like why a device cannot be easily monitored, why segmentation looks different, or why troubleshooting sometimes involves physical checks rather than network scans. This topic also sets up later protocol discussions, because many classic OT protocols ride on top of serial links.

Before we continue, a quick note: this audio course is a companion to our course companion books. The first book is about the exam and provides detailed information on how to pass it best. The second book is a Kindle-only eBook that contains 1,000 flashcards that can be used on your mobile device or Kindle. Check them both out at Cyber Author dot me, in the Bare Metal Study Guides Series.

Serial communication is, at its core, a way to send information one bit at a time over a communication line, rather than sending many bits in parallel over many lines. That sounds slow, but it is often sufficient for OT devices that send small amounts of data like status codes, measurements, and simple commands. Serial is attractive because it can be implemented with relatively simple hardware, and it can be robust in environments where noise, vibration, and long cable runs make other approaches harder. A beginner should think of serial links as direct conversations between devices, often over dedicated cabling, where timing and electrical characteristics matter. Unlike modern networks where many devices share a complex switching infrastructure, serial connections can be point-to-point or arranged in simple multi-device arrangements depending on the standard. This simplicity can be a strength because there are fewer moving parts, but it can also be a weakness because troubleshooting and monitoring are less flexible. Serial links often rely on parameters like speed, parity, and stop bits, and mismatched settings can prevent communication even when the devices are otherwise healthy. That is why serial communication is sometimes described as finicky, not because it is fragile by design, but because it demands agreement on the details.

RS-232 is one of the most well-known serial standards, and it is often associated with short-range, point-to-point communication between two devices. In practical OT terms, RS-232 might show up when a technician connects to a device for configuration, when a controller talks to a nearby component, or when a legacy interface is still in use because the equipment was designed with that connection in mind. The important beginner point is that RS-232 is not meant for long distances or for connecting many devices on one line. It was designed for reliable communication over relatively short cable runs, and in many cases it uses a dedicated set of signal lines that support the two-way conversation. That point-to-point nature makes it conceptually simple, because there is usually one talker and one listener, and the link is not shared across multiple field devices. However, it also means scaling is limited, because each additional device may need its own connection. Another practical detail is that RS-232 has historically been connected through familiar-looking ports and connectors, which makes it easy for people to find and use, sometimes without fully appreciating the security implications. If physical access exists, RS-232 can become an easy path into a device because it was built for local management. Understanding RS-232 helps you recognize why physical access controls matter so much in serial-dependent environments.

RS-485 is different from RS-232 in a way that matters a lot for OT, because it supports longer distances and multi-device arrangements that are common in industrial settings. A beginner-friendly way to think about RS-485 is that it is designed to allow a group of devices to share a communication line, often arranged in a bus-like structure where devices are connected along a path. This makes it useful for connecting multiple sensors, meters, or remote devices without needing a separate cable for each one. RS-485 is often chosen because it can tolerate electrical noise better than RS-232 and because it can support longer cable runs, which matters in factories, plants, and outdoor sites. In practice, RS-485 is commonly used with protocols where one device acts as a master that polls others, and other devices respond when asked, which helps avoid multiple devices talking at the same time. That shared-line behavior introduces new considerations, like addressing, collision avoidance, and proper wiring practices, because a poorly arranged bus can cause signal reflection and communication errors. You do not need to wire anything to understand the concept, but you should appreciate that the physical arrangement and electrical behavior affect reliability. In OT, reliability is a security-related concern because unreliable communication can create blind spots and stress the process, and these issues often show up in serial-based systems.

One of the practical limitations of serial communication is speed, because serial links often operate at much lower data rates than modern Ethernet networks. Lower speed does not automatically mean “bad,” because many OT devices send small packets infrequently, but it does mean you cannot assume you have bandwidth to spare. This matters for monitoring because collecting data too aggressively can consume the link and interfere with normal operations, especially on shared lines like RS-485. It also matters for troubleshooting because moving large logs or firmware updates over serial can be slow, and organizations may avoid doing it frequently. Another limitation is that serial communication often does not include built-in security features, like authentication and encryption, because many serial protocols were designed for trusted environments. That design assumption can be risky in modern contexts where physical access is not perfectly controlled. A beginner should also understand that serial links can be sensitive to electrical noise and grounding issues, meaning problems can look like “cyber” issues even when the cause is physical interference. This is one reason OT troubleshooting often involves checking both the physical layer and the logical layer. If you understand these limitations, you will be less surprised by operational decisions that prioritize stability and minimal change in serial environments.

Distance and topology are also practical limitations that shape how serial is deployed. RS-232 is generally used for shorter distances, while RS-485 can be used for longer runs, but both still depend on proper design choices. A serial line can behave well in a lab and behave poorly in an industrial environment if the cabling is routed near high-power equipment or if the installation creates interference. Shared-line arrangements can also create challenges if devices are added or removed without careful planning, because the network is more like a physical circuit than an abstract set of routes. In modern networks, you can often add a new device by connecting it to a switch and configuring an address, but in serial bus arrangements, adding a device can change the electrical behavior of the line. This can lead to intermittent errors that are hard for beginners to interpret because they can come and go with environmental conditions. Another practical consideration is that serial often relies on specific connectors and port availability, and modern computers may not include those ports, leading to adapters and workarounds that can introduce compatibility issues. The deeper lesson is that serial communication is tightly tied to the physical environment, and that physical reality shapes both reliability and security. When you see exam scenarios mentioning long field runs or multi-drop serial lines, think about these physical limitations and the need for careful control.

A major operational difference between serial and Ethernet is that serial is often not routed or switched in the same way, which changes how you think about visibility and segmentation. In an Ethernet environment, you can often monitor traffic at switches, mirror ports, and collect logs centrally, but in serial environments, the communication might be a direct wire or a shared bus with limited observation points. This can make monitoring and intrusion detection more challenging, not because monitoring is impossible, but because it requires different approaches and sometimes physical access to the line. Beginners sometimes assume that if a system is connected, it is automatically visible to network tools, but serial links can be effectively invisible to many standard IT monitoring systems. Another implication is that containment actions look different, because you cannot always isolate one device logically without affecting the shared bus. If you disconnect the bus, you may disrupt communications for multiple devices, which can have operational consequences. This is why OT security strategies often emphasize controlling physical access, maintaining accurate documentation of connections, and carefully managing changes. Serial environments tend to reward stability and disciplined maintenance, because ad hoc changes can create both operational and security problems. Recognizing this difference helps you answer questions that ask why certain controls are chosen in OT.

Another practical limitation is configuration sensitivity, because serial communication depends on both devices agreeing on communication settings. If the baud rate, parity, or other parameters do not match, the devices may appear dead to each other even though they are powered and otherwise healthy. For beginners, this can be confusing because the failure does not look like an error message; it often looks like silence. In OT operations, this means changes to settings must be controlled, documented, and tested, because a small mismatch can cause loss of visibility or control. It also means that troubleshooting may involve checking settings and looking for evidence of misconfiguration rather than assuming hardware failure immediately. On shared serial lines, addressing and polling behavior adds another layer, because devices must respond at the right time and with the right identifiers. If two devices share an address or if a device responds incorrectly, communication can become unreliable, leading to intermittent problems. These issues are not unique to serial, but serial makes them more visible because there are fewer layers to absorb errors. From a security perspective, configuration sensitivity can be exploited if an attacker can change settings to create denial of service, and it can also create accidental outages if well-meaning changes are made without understanding dependencies. The exam often tests whether you recognize that “small” configuration changes can have large impacts in OT.

A useful way to connect serial limitations to security is to think about trust boundaries and access pathways. Serial links often assume that anyone who can physically connect to the line is trusted, which was a reasonable assumption in closed environments but becomes risky when physical access is shared among contractors, visitors, or remote sites. If a device has an exposed serial port, a person with access can potentially interact with the device directly, bypassing network-based controls. On an RS-485 bus, a person who taps into the line could potentially observe traffic or inject messages if the protocol allows it, depending on the design and how well the environment is controlled. Even without sophisticated attacks, simply connecting the wrong device or miswiring can disrupt communication, which can be a security-relevant availability issue. This is why physical security, port control, and procedural discipline matter so much in serial-heavy environments. It is also why organizations sometimes place critical serial networks in controlled cabinets or use strict rules about who can connect and when. Beginners should learn that “offline” or “not internet-connected” does not mean “not reachable,” because physical reach is still reach. Serial is a reminder that security is about controlling access pathways, not just filtering packets.

Another beginner misunderstanding is assuming that serial equals legacy and therefore unimportant, but many serial-based systems support essential functions that are still running today. A water treatment plant might use serial links to communicate with meters and remote devices, and a factory might use serial connections inside machine control systems that produce critical products. These systems can be stable and well understood, which is why they persist, but stability should not be confused with invulnerability. Serial protocols often lack modern protections, and the systems they connect can be difficult to patch or replace quickly, which increases the importance of compensating controls like physical security and strict change management. Another misunderstanding is assuming that because serial is slower, it is safer, but slower links can still carry commands that have major impact. An actuator command does not need high bandwidth to be dangerous; it needs correct timing and authority. Serial environments also often have limited logging, which can make investigations harder if something goes wrong. This is where process observation and operational knowledge become important, because you may need to infer what happened based on behavior rather than based on detailed network logs. The exam may test whether you understand that limitations in monitoring do not remove the need for security, they simply change how security is achieved.

To close, working with serial OT communications means understanding what RS-232 and RS-485 are used for, and recognizing the practical limitations that shape reliability, visibility, and security. RS-232 tends to be short-range and point-to-point, often used for direct device connections and local management, while RS-485 supports longer runs and multi-device shared lines that are common in industrial settings. Serial links are often lower speed and more sensitive to physical and configuration details, which makes them both robust in some ways and finicky in others. Their limited visibility and lack of built-in security features mean that physical access control, disciplined procedures, and careful change management become even more important. When you recognize serial in an OT scenario, you should immediately consider the constraints it introduces, such as limited monitoring options, shared bus behavior, and the impact of small configuration mismatches. This understanding will help you reason through later protocol topics, because many OT protocols rely on serial transport, and their behavior makes more sense once you appreciate the realities of the underlying link. If you can explain why serial persists and what it makes difficult, you will be prepared to make safe judgments about OT communications without getting lost in modern-network assumptions.

Episode 13 — Work with Serial OT Communications: RS-232, RS-485, and Practical Limitations
Broadcast by