SerialTap: Enabling Complete Situational Awareness in Control Systems

Battelle Number: 16333-B | N/A

Technology Overview

The term “cybersecurity” brings up visions of complex computing systems vigilantly protected from attackers around the world. Engineers have developed sophisticated software that erects firewalls and monitors such systems. Cyber analysts have created methods to parse the billions of bits of data from these systems to spot any possible anomaly that could indicate an attack in progress. However, older technologies are forgotten. These include technologies that are critical for the operation of transportation systems, such as trains and ships; delivery of water and electricity; manufacturing of key goods, such as steel and chemicals; and production of oil and gas. These legacy technologies use industrial control systems to remotely monitor and manage physical processes, such as assembly lines and the turning of centrifuges, sometimes from widely spread field locations.

Millions of these devices are still in use worldwide, unable to be replaced because of electrical, environmental, or operational requirements. These legacy technologies lack the ability to interface with today’s cybersecurity tools, depriving those charged with protecting infrastructure of the ability to effectively monitor industrial control system status.

SerialTap, created by PNNL, is designed to protect these legacy systems. The palm-sized device is an inexpensive, nonintrusive add-on that can monitor and verify the activity in older serial communication systems. Without interrupting system operations, SerialTap “translates” the data from the control system so the network cybersecurity software can analyze it, allowing the detection of cyberattacks and network anomalies, speeding their resolution, and potentially saving millions of dollars in downtime.


Connects legacy technologies to cybersecurity

  • The only technology of its kind.
  • An inexpensive, compact, and elegant way to connect legacy technologies to a computer network and cybersecurity software to monitor older systems and gain situational awareness.
  • No interruption to system operations, as SerialTap passively “translates” the data from the control system so the network cybersecurity software can analyze it.
  • Early detection of cyberattacks and network anomalies, and it also helps speed their resolution, potentially saving millions of dollars in downtime.
  • Can provide data from a variety of industrial control systems, such as sensors, switches, valves, relays, workstations, servers, and control computers, all in various field locations.
  • Able to adapt automatically, allowing ability to be implemented across different networks without the need for customization.
  • Designed to act in the background (passively), making it failsafe; any failure of the tap would not interrupt system operation.

State of Development

SerialTap is a sensing device only. It passively monitors serial communications and transmits information to more advanced tools to analyze. In itself, it has no ability to actually prevent or hinder a cyberattack. However, without a device like SerialTap, those charged with preventing or mitigating cyberattacks won’t know an attack has happened until it has caused catastrophic or potentially irreparable harm. By using SerialTap, infrastructure owners can monitor the status of their legacy industrial control systems and act as soon as an anomaly arises.

Government and industry are taking notice. The Department of Homeland Security included SerialTap in its Transition to Practice Program, which connects promising cybersecurity tools with industry. It is available for licensing in all fields of use.


Available for licensing in all fields


Serial communication, cybersecurity, passive, infrastructure, operational technology



Market Sectors