OSIsoft’s PI may be the most widely deployed application in the energy sector. Depending how you segment the market, PI is in somewhere between 60% and 85% of all medium to large energy control systems. So the team at Digital Bond investigated how we could leverage this installed base to increase security, and fortunately OSIsoft […]

A few friends have pointed out we need to come up with a project name or acronym for our DoE research contract project. Suggestions would be welcome. There are three parts to this project, and all are described in more detail in the Project Narrative.
Part 1 - Compliance Auditing with Nessus
The Nessus Vulnerability Scanner […]

Back in the late 80’s I worked on ANSI banking key management standards as a NSA representative. I was particularly active in writing and editing the retail key management standard which dealt with one-to-many banking transactions such as ATM machines and point of sale units. This standard was very different than wholesale key management that […]

EnerNex announced the formation of an Advanced Metering Infrastructure Security Task Force (AMI-SEC). Grant Gilchrist will be giving a paper on security protocols for the challenging AMI environment at S4.
The Congressional testimony and CNN/Aurora press still is creating a frenzy in the electric sector and more Congressional investigations into the issue are in the […]

As mentioned last week, we were fortunate to be selected for one of the Department of Energy research projects. Next week I’ll provide an overview of each of the three areas of our project and start a section on the website so you can track the project progress and deliverables. As always, we will share […]

In 2003 Hirschmann hardware and manufacturing and Innominate software security expertise combined to offer the EAGLE field firewall module. This month Hirschmann announced they will be replacing the Innominate software with their own. (Press release in German and roughly translated English version) (Hat tip: Stephan Beirer who always keeps an eye on activities in Europe)
This […]

Over the next few weeks I’ll highlight some of the papers that will be presented at the SCADA Security Scientific Symposium (S4), January 23 - 24 in Miami Beach, registration link. Let’s start with a paper that has so much of what we try to accomplish at S4.
Here is a paper with some great theoretical […]

Catching up on some magazines on airplane rides I ran across a feature in the September issue of Automation World, Vista and Office 2007 Target Manufacturing. Sounds interesting. To my great surprise it read like a PR piece and most of the benefits listed had nothing to do with control systems.
Let me give you […]

Of course the big news this week is the Congressional testimony and the more mainstream articles around this. There really isn’t any new information for readers of this site, but remember it is not aimed at the control system security community.

Here is the link to the witness list, transcripts and video of the testimony to […]

We are thrilled to announce that Digital Bond was one of five companies selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically advanced controls and cyber-security devices into our electric grid and energy infrastructure.  Our project is titled Cyber Security Audit and Attack Detection Toolkit and […]